Microsoft Messenger acting weird
Results 1 to 7 of 7

Thread: Microsoft Messenger acting weird

  1. #1
    Member
    Join Date
    Nov 2003
    Posts
    64

    Microsoft Messenger acting weird

    Ok the issue is with Microsoft messenger(msmsngs.exe) not MSN.
    Ok I have a friend and I was tunning up her system. I cleaned it with Adaware and Spybot. She has norton running and i made sure it was updated. I i used the cleaner to scan for trojans i know TDS -3 is better but its easier for her to use the cleaner later. The cleaner found three "Mysearchbar" entries and cleaned it. Know i was checking netstat -aon to see what services and ports are listenning and found two really high ports so i checked the process and it was msmsngs.exe. I ended the msmsngs process and 5 seconds later it starts again. I used msconfig to stop it from starting and i checked the registery "run" and i removed it from there. the TCActive or is it the TCmonitor kept givin me an alarn since it added itself each time back to the registery in the "run". And each time it restarts it picks high ports.

    What im asking, is this normal behavior. I mean i was always able to kill the process and it doesnt usually come back not msmsngs.

    This is a behavior of a trojan

    Thanks for the help

  2. #2
    AO French Antique News Whore
    Join Date
    Aug 2001
    Posts
    2,126
    Did you run a AV and a Trojan remover?
    -Simon \"SDK\"

  3. #3
    the beign of authority kurt_der_koenig's Avatar
    Join Date
    Jan 2004
    Location
    Pa
    Posts
    567
    What is your Operating system&lt;Win 9x, xp,etc&gt;?Did you spell this right? If you did then it is not Msn messenger! msmsgs.exe<http://www.neuber.com/taskmanager/pr...smsgs.exe.html> is the real messenger. This is what Symantec says:
    Details about the fake MSN Messenger
    When the Trojan runs, it copies itself as %system%\Msmsngs.exe.

    It adds value

    Sysmsn "msmsngs.exe"

    to the registry key

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

    so that it runs each time that you start Windows.

    Both Trojans display an error message and send your IP address, host name, messenger name, and password to the hacker.
    Here is the link for more info and on how to remove it::: http://securityresponse.symantec.com...al.bstroj.html

    Did you run a AV and a Trojan remover?
    Although I agree with you SDK that he said nothing of the like, he did say he updated it. So hopefully he is competant enough to scan the box.
    Also it might be be wise to have swat it, its free so no problem! http://swatit.org/download.html. Run it in safe mode though. Hold down F8 when you start up and pick your options...

    If you spelled it wrong and using XP than you need to shut it down in the Service area. Run&gt;services.msc , scroll down and look for it right click properties and then disable it in the start up type! Good luck and hopefully this helped you...

    kurt

  4. #4
    IT Specialist Ghost_25inf's Avatar
    Join Date
    Sep 2001
    Location
    Michigan
    Posts
    648
    In MSN messenger are there any dependancies like outlook enabled? If outlook is enabled in msn messenger it will return every time in the processes. I've also found this to be very annoying, but it shouldn't cause a threat if you block this program from connecting thru your firewall.
    S25vd2xlZGdlIGlzIHBvd2VyIQ

  5. #5
    Senior Member
    Join Date
    Mar 2002
    Posts
    153
    Know i was checking netstat -aon to see what services and ports are listenning and found two really high ports so i checked the process and it was msmsngs.exe
    Sorry for interrupt the discussion. But what does it mean by high ports.

  6. #6
    Junior Member
    Join Date
    Nov 2003
    Posts
    6

    MSN messenger or not?

    Sorry probably a stupid question but why is everyone talking about MSN Messenger? Didn't coderecycle say it was Not MSN


    Ok the issue is with Microsoft messenger(msmsngs.exe) not MSN.

  7. #7
    Member
    Join Date
    Nov 2003
    Posts
    64
    Reason i havent posted up an update to what happened is cause i dont have access to the laptop till the weekend.

    Will let you know what happens.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •