Windows Messenger 'Trojan update'

Discussion in 'malware problems & news' started by spy1, Apr 2, 2002.

Thread Status:
Not open for further replies.
  1. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    By Thomas C Greene in Washington
    Posted: 02/04/2002 at 13:50 GMT


    This is too cute. You can wipe Windows Messenger from XP with a simple hack, and yet MS will defy you with a 'Critical Update'. That's how desperate they are to force this little Trojan on you.

    Following a tip from a Messenger-averse reader whose uninstall got thwarted, I looked into it, starting with a clean install of Win-XP. Messenger was, of course, lurking in the background and consuming RAM though I have no use for it. And of course MS doesn't allow you to uninstall it.

    But that doesn't make it impossible. NTcompatible.com has a very simple hack which will allow you to use the Windows add/remove feature in Control Panel to get rid of the offending progie.

    Use a text editor to open C:\WINDOWS\inf\sysoc.inf, and change
    msmsgs=msgrocm.dll,OcEntry,msmsgs.inf,hide,7 to
    msmsgs=msgrocm.dll,OcEntry,msmsgs.inf,7

    That's it. Messenger will now appear in the add/remove application under Windows Components where you can uninstall it.

    Enjoy the fact that this irritating memory-resident progie is no longer consuming RAM and haranguing you to obtain an MS Passport every time you reboot.

    But that's not the end of it.

    No, there's a 'Critical' item which MS foists on you during Windows Update. It's called the 'Windows Messenger 4.6 Connectivity Update', and MS "strongly recommends that you download the update even if you don't use Windows Messenger."

    It's that last bit, acknowledging the fact that you might not use Messenger, which makes it seem benign. Surely, this fix has more to do with some idiosyncrasy in 'Windows connectivity' than Messenger itself. Right?

    And when we consult the related MS 'knowledge base' article, we're told that "to improve connectivity and system performance, even if you do not use Windows Messenger, Microsoft recommends that you install this update."

    Man, they desperately want you to install this fix.

    And the result? Do you get 'better connectivity and system performance?' Of course not. The only result is that Messenger is now back on your machine, consuming RAM even when you have no use for it, and haranguing you to obtain an MS Passport.

    The only thing this Critical Update does is integrate Messenger into Outlook Express. And by default it runs on startup, and runs in the background. So now you have to go to Outlook Express/Tools/Windows Messenger/Options/Preferences, and turn it off.

    Assuming, of course, that you already uninstalled it according to the instructions above. Otherwise it will run no matter what you do. ®
     
  2. FanJ

    FanJ Guest

    Quote from the Helpfile of IEClean ( www.nsclean.com ):

    Microsoft is now including their own incompatible version of AOL Instant Messenger called "MSN Messenger" with Internet Explorer and it is designed to start every time you run Windows whether you want it to or not. MSN Messenger is a resource hog and can bring many systems to their knees as it drains resources. While you are online, MSN Messenger is in contact with MSN and presents a potential for system attacks.

     Selecting this option causes MSN Messenger to fail to load at startup and prevents its icon from appearing on the traybar. It does NOT interfere with use of MSN Messenger if you want to run it from Internet Explorer and frees a considerable amount of resources by not allowing it to run unless you ask it to.

    IEClean is Copyright 1996-2001 by Privacy Software Corporation
     
  3. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,347
    Location:
    The Netherlands
    There's also this reg hack, which works:

    Remove MSN Messenger from Outlook Express


    When the situation really gets desperate, do this:

    Copy the Bold to Notepad. Name it Mess.reg
    Click twice to enter into the registry.

    REGEDIT4

    [HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Messenger\Client]
    "PreventRun"=dword:00000001
    "PreventAutoRun"=dword:00000001


    This will restrict Messenger altogether.

    Cheers,  
     
  4. FarCry

    FarCry Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    82
    Location:
    Boston, MA
    XP-AntiSpy will take care of Windows messenger in a snap.
    http://www.xp-antispy.org/

    You can either disable the autostart feature or uninstall it completely.
    I use XP-AntiSpy and it works. I uninstall it and it’s gone.
    I ignore all the prompting from MS to install it again.
     
Loading...
Thread Status:
Not open for further replies.