Disturbing MSN Messenger on the loose

Hi, I'm experiencing some anomalities with my MSN Messenger. (On Windows XP) When I start the program there is immediately massive activity on my line. The stream of data goes both out and in. After a little while the Messenger window comes up and all is seemingly normal, but the unwanted stream of data continues. I blocked Messenger in the firewall and did several scans of the computer using updated Norton System Works, AVG Anti-Spyware/virus 7.5, Registry Mechanic and Lavasoft ad-aware. Still no remedy. Then uninstalled Messenger and downloaded latest version and did a reinnstall. Again, the problem persists. Anyone know what it can be? Your help is much appreciated.

 

MSN Live messanger likes to connect on a lot of ports. Can you tell us on what port the massive stremas are happening?
Ports used by MSN are: 80, 443,1863, 7001, 9000-9999(video), 5004-65535 (video/Audio UDP), 7620-65535 (File sharing), 3389 (remote Assistent), 1503 (white board)

 

Do you get any Messenger"spam" like the one discussed here:
http://www.f-secure.com/v-descs/licat_c.shtml ?

 

Thanks Tommy Indeed a lot of ports. I am no expert so find it difficult to identify exactly which ports let the data out. In the firewall program Messenger comes up 7 times. When I allow it to go through the wall, one of these instances diappears and comes back. This last entry is on for about two seconds, then goes away and comes back. Each time the port number is different..

In the log file all these ports came up as being used by Messenger:

1048, 1049,1051,1053,1151,1163,1286,1318,1428,1449,1463-1472, 1474, 1486 (x5), 1487,1490, 1491, 1492,1605,1611,2098,2315,2522,2572,2596,2600, 2890,2939,3288,3315,3315,3520,3525,3736,4026,4173,4290,4337,4356,4435,5134,5169,5307,5317,5530,5664,5671,6179,6194,6194,6306,6343,6362,6431,
6451,6464,6523(x4),6562,6597,6843,7004,7237,7631,8097,8229,8263,8266,9250,9850,9877,10058,10436,10463,10938,10949,11017,11045,11254,11528,
11560,11749,11860,12643,12918,13133,13318,13574,13699,13796,13971,14007,14383,14522,14773,15133,15242,15339,15428,15891,16273,16495,16547,
16578,16601,16701,17281,17291,17330,17370,17384,17410,17586,17802,17872,17915,18257,18411,18858,18970,19151,19362,19447,19505,19584,19614,
19836,19906,20097,20120,20190,20770,20833,20853,21026, 21572,21628,21694,21942,21952,22007,22244,22802,22832,22847,23198,23320,23442,23722,
23903, 23976, 24127, 24570, 24570, 24719, 24792, 24921, 25047, 25491, 25691, 25810, 25814,25969,26020,26052,26132,26363,26391,26391,26391,26503,
26647,26810,26870,26930,26938,26973,27016,27197,27231,27490, 27639,27833,27833,28226,28248,28501,28754,29084,29843,29843,29935,30045,30249,
30285,30478,30493,30614,30714,30715,30760,30814,30969,31083,31102,31130,31370,31524,31544,31746,31749,31913,31979,32861,32861,32873,32883,
32959,33132,33299,33300,33444,33506,33541,34001,34143,34526,34673,34777,34895,34895,34996,35172,35173,35407,35673,36434,36530,36999,37259,
37369,37402,37406,37524,37646,37713,37761,37798,37913,37923,37937,38580,38728,38932,39325,39325,39373,39446,39452,39489,39531,39660,39713,
40190,40190,40228,40256,40815,40992,41149,41249,41258,41353,41628,41635,41843,42216,42313,42507,42552,42741,43536,43558,43625,44265,44660,
44876,44943,45060,45180,45209,45243,45392,45458,45675,46007,46192,46225,46288,46302,46366,46574,46674,46694,46781,46853,47223,47477,47580,
47803,47841,48201,48234,48474,48499,48521,48603,49078,49091,49141,49294,49933,49949,50083,50152,50442,50562,50598,50706,51295,51304,51614,
51699,52136,52154,52412,52561,52651,52679,52950,52985,52985,52985,53343,53433,53803,53967,53971,54239,54598,54732,54936,55096,55241,55297,
55331,55443,55507,55577,55718,55735,56262,56434,56565,56735,56807,57053,57155,57463,57510,57651,57805,57860,58070,58169,58227,58233,58395,
58478,58677,58798,58980,59021,59225,59343,60325,60686,60827,60961,60972,61176,61229,61311,61311,61345,61370,61539,61544,61742,61839,61977,
61984,62096,62219,62582,62603,62714,63224,63388,63448,63534,63941,64192,64622,64785,65002,65002,65002,65111,65116,65257,65314,65344,65389,
65517,65524

 

No, actually I wish it was some messenger spam/funny links like that.. then at least I would have a solution.

 

Ok, for normal MSN Messanger communication with out Cam/Voice you only need following:

Port 80 outbound for HTTP Dispatch Server
Port 443 outbound Net Password
Port 1863 outbound MSN Notification Server
Port 7001 receive/send Datagramm (UDP) MSN Echo Server

Block the rest!
If you need other MSN Stuff open the regarding remote ports i mentioned above. They are all for outbound connection exept port 5004 - 65535 which needs UDP (send datagramm)

 

Thanks Tommy! You saved my day, and week. And probably the coming months too.

 

You are welcome.