I have two problems:
1.) The info listed for the Welchia Worm says that it "makes a copy of
%sustem%\Dllcache\Tftpd.exe as %System%\Wins\svchost.exe". I followed the
instructions, removed the virus and installed the patch from Microsoft and
still have "svchost.exe" in the computer in two locations:C:\1386 and
C:\Windows\System 32. There are several references to svchost.ext in the
registry as well.
a.) What does this file do?
b.) Should it be removed?

2.) The computer is recent and since I got it I keep getting a popup window
at odd times labeled "Message Service". The latest one says its a "message
alert from Alert Service to you on 8/25/2003" at the current time telling me
to go to WWW.ByeByeads.com to get rid of these annoying popup. The popups
are not always from the same source.
a.) Is this Message Service" part of the xp system?
b.) How to identify the source and eliminate it?

Thank you

Bob

"Bob" > wrote in message
...
> I have two problems:
> 1.) The info listed for the Welchia Worm says that it "makes a copy of
> %sustem%\Dllcache\Tftpd.exe as %System%\Wins\svchost.exe". I followed the
> instructions, removed the virus and installed the patch from Microsoft and
> still have "svchost.exe" in the computer in two locations:C:\1386 and
> C:\Windows\System 32. There are several references to svchost.ext in the
> registry as well.
> a.) What does this file do?
> b.) Should it be removed?

svchost.exe is a critical operating system file and xp will not work without
it. The i386 folder is your installation source files. The one in
c:\windows\system32 is the one used by xp.


> 2.) The computer is recent and since I got it I keep getting a popup
window
> at odd times labeled "Message Service". The latest one says its a "message
> alert from Alert Service to you on 8/25/2003" at the current time telling
me
> to go to WWW.ByeByeads.com to get rid of these annoying popup. The popups
> are not always from the same source.
> a.) Is this Message Service" part of the xp system?
> b.) How to identify the source and eliminate it?

These are spam via the 'messenger service'. A properly configured firewall
will stop them.

Thanks to "The Stare".

Should I delete the file from C:\1386?

Is the "Messenger Service" a program in XP? If so where is it located?

Bob


"The Stare" > wrote in message
...
>
> "Bob" > wrote in message
> ...
> > I have two problems:
> > 1.) The info listed for the Welchia Worm says that it "makes a copy of
> > %sustem%\Dllcache\Tftpd.exe as %System%\Wins\svchost.exe". I followed
the
> > instructions, removed the virus and installed the patch from Microsoft
and
> > still have "svchost.exe" in the computer in two locations:C:\1386 and
> > C:\Windows\System 32. There are several references to svchost.ext in the
> > registry as well.
> > a.) What does this file do?
> > b.) Should it be removed?
>
> svchost.exe is a critical operating system file and xp will not work
without
> it. The i386 folder is your installation source files. The one in
> c:\windows\system32 is the one used by xp.
>
>
> > 2.) The computer is recent and since I got it I keep getting a popup
> window
> > at odd times labeled "Message Service". The latest one says its a
"message
> > alert from Alert Service to you on 8/25/2003" at the current time
telling
> me
> > to go to WWW.ByeByeads.com to get rid of these annoying popup. The
popups
> > are not always from the same source.
> > a.) Is this Message Service" part of the xp system?
> > b.) How to identify the source and eliminate it?
>
> These are spam via the 'messenger service'. A properly configured firewall
> will stop them.
>
>

NO!!! do not delete the i386 folder. You need these files to
reinstall/repair/add windows components. Just remember what it is and where
it is.

The messenger service is a 'service' (a windows component). The fact that
you are getting the popups shows that your system is not protected properly
and is open to attacks from virii/worms/etc. Turn on the internet connection
firewall immediately and then install a proper firewall. Go offline and see
the Help subject for ICF.


"Bob" > wrote in message
...
> Thanks to "The Stare".
>
> Should I delete the file from C:\1386?
>
> Is the "Messenger Service" a program in XP? If so where is it located?
>
> Bob
>
>
> "The Stare" > wrote in message
> ...
> >
> > "Bob" > wrote in message
> > ...
> > > I have two problems:
> > > 1.) The info listed for the Welchia Worm says that it "makes a copy of
> > > %sustem%\Dllcache\Tftpd.exe as %System%\Wins\svchost.exe". I followed
> the
> > > instructions, removed the virus and installed the patch from Microsoft
> and
> > > still have "svchost.exe" in the computer in two locations:C:\1386 and
> > > C:\Windows\System 32. There are several references to svchost.ext in
the
> > > registry as well.
> > > a.) What does this file do?
> > > b.) Should it be removed?
> >
> > svchost.exe is a critical operating system file and xp will not work
> without
> > it. The i386 folder is your installation source files. The one in
> > c:\windows\system32 is the one used by xp.
> >
> >
> > > 2.) The computer is recent and since I got it I keep getting a popup
> > window
> > > at odd times labeled "Message Service". The latest one says its a
> "message
> > > alert from Alert Service to you on 8/25/2003" at the current time
> telling
> > me
> > > to go to WWW.ByeByeads.com to get rid of these annoying popup. The
> popups
> > > are not always from the same source.
> > > a.) Is this Message Service" part of the xp system?
> > > b.) How to identify the source and eliminate it?
> >
> > These are spam via the 'messenger service'. A properly configured
firewall
> > will stop them.
> >
> >
>
>

To "The Stare"

I understand the firewall issue. However If the messenger service is a
windows "component" I would think it should be able to be turned off. There
also should be a program file that is running it that the outside source is
using to activate it on the computer. Do you know what files it uses?

Thanks,

Bob
"The Stare" > wrote in message
...
> NO!!! do not delete the i386 folder. You need these files to
> reinstall/repair/add windows components. Just remember what it is and
where
> it is.
>
> The messenger service is a 'service' (a windows component). The fact that
> you are getting the popups shows that your system is not protected
properly
> and is open to attacks from virii/worms/etc. Turn on the internet
connection
> firewall immediately and then install a proper firewall. Go offline and
see
> the Help subject for ICF.
>
>
> "Bob" > wrote in message
> ...
> > Thanks to "The Stare".
> >
> > Should I delete the file from C:\1386?
> >
> > Is the "Messenger Service" a program in XP? If so where is it located?
> >
> > Bob
> >
> >
> > "The Stare" > wrote in message
> > ...
> > >
> > > "Bob" > wrote in message
> > > ...
> > > > I have two problems:
> > > > 1.) The info listed for the Welchia Worm says that it "makes a copy
of
> > > > %sustem%\Dllcache\Tftpd.exe as %System%\Wins\svchost.exe". I
followed
> > the
> > > > instructions, removed the virus and installed the patch from
Microsoft
> > and
> > > > still have "svchost.exe" in the computer in two locations:C:\1386
and
> > > > C:\Windows\System 32. There are several references to svchost.ext in
> the
> > > > registry as well.
> > > > a.) What does this file do?
> > > > b.) Should it be removed?
> > >
> > > svchost.exe is a critical operating system file and xp will not work
> > without
> > > it. The i386 folder is your installation source files. The one in
> > > c:\windows\system32 is the one used by xp.
> > >
> > >
> > > > 2.) The computer is recent and since I got it I keep getting a popup
> > > window
> > > > at odd times labeled "Message Service". The latest one says its a
> > "message
> > > > alert from Alert Service to you on 8/25/2003" at the current time
> > telling
> > > me
> > > > to go to WWW.ByeByeads.com to get rid of these annoying popup. The
> > popups
> > > > are not always from the same source.
> > > > a.) Is this Message Service" part of the xp system?
> > > > b.) How to identify the source and eliminate it?
> > >
> > > These are spam via the 'messenger service'. A properly configured
> firewall
> > > will stop them.
> > >
> > >
> >
> >
>
>

You can turn off the Messenger service by :
Start - Control Panel - Administrative Tools - Services
Messenger service is listed in these services and if you
double-click on it, it will open up the properties. You
can choose Disable instead of Automatic, and it will
never turn on again. This does not fix the fact that you
are over-exposed to the internet.
>-----Original Message-----
>To "The Stare"
>
>I understand the firewall issue. However If the
messenger service is a
>windows "component" I would think it should be able to
be turned off. There
>also should be a program file that is running it that
the outside source is
>using to activate it on the computer. Do you know what
files it uses?
>
>Thanks,
>
>Bob
>"The Stare" > wrote in
message
...
>> NO!!! do not delete the i386 folder. You need these
files to
>> reinstall/repair/add windows components. Just remember
what it is and
>where
>> it is.
>>
>> The messenger service is a 'service' (a windows
component). The fact that
>> you are getting the popups shows that your system is
not protected
>properly
>> and is open to attacks from virii/worms/etc. Turn on
the internet
>connection
>> firewall immediately and then install a proper
firewall. Go offline and
>see
>> the Help subject for ICF.
>>
>>
>> "Bob" > wrote in message
>> ...
>> > Thanks to "The Stare".
>> >
>> > Should I delete the file from C:\1386?
>> >
>> > Is the "Messenger Service" a program in XP? If so
where is it located?
>> >
>> > Bob
>> >
>> >
>> > "The Stare" > wrote
in message
>> > ...
>> > >
>> > > "Bob" > wrote in message
>> > > ...
>> > > > I have two problems:
>> > > > 1.) The info listed for the Welchia Worm says
that it "makes a copy
>of
>> > > > %sustem%\Dllcache\Tftpd.exe as %System%
\Wins\svchost.exe". I
>followed
>> > the
>> > > > instructions, removed the virus and installed
the patch from
>Microsoft
>> > and
>> > > > still have "svchost.exe" in the computer in two
locations:C:\1386
>and
>> > > > C:\Windows\System 32. There are several
references to svchost.ext in
>> the
>> > > > registry as well.
>> > > > a.) What does this file do?
>> > > > b.) Should it be removed?
>> > >
>> > > svchost.exe is a critical operating system file
and xp will not work
>> > without
>> > > it. The i386 folder is your installation source
files. The one in
>> > > c:\windows\system32 is the one used by xp.
>> > >
>> > >
>> > > > 2.) The computer is recent and since I got it I
keep getting a popup
>> > > window
>> > > > at odd times labeled "Message Service". The
latest one says its a
>> > "message
>> > > > alert from Alert Service to you on 8/25/2003" at
the current time
>> > telling
>> > > me
>> > > > to go to WWW.ByeByeads.com to get rid of these
annoying popup. The
>> > popups
>> > > > are not always from the same source.
>> > > > a.) Is this Message Service" part of the xp
system?
>> > > > b.) How to identify the source and eliminate it?
>> > >
>> > > These are spam via the 'messenger service'. A
properly configured
>> firewall
>> > > will stop them.
>> > >
>> > >
>> >
>> >
>>
>>
>
>
>.
>

Computer management >> Services and applications >> services >> messenger

right click >> properties >> stop the service and then set for disable at
startup

None of which does you any good if a proper firewall is not installed since
a virus will get you.


"Bob" > wrote in message
...
> To "The Stare"
>
> I understand the firewall issue. However If the messenger service is a
> windows "component" I would think it should be able to be turned off.
There
> also should be a program file that is running it that the outside source
is
> using to activate it on the computer. Do you know what files it uses?
>
> Thanks,
>
> Bob
> "The Stare" > wrote in message
> ...
> > NO!!! do not delete the i386 folder. You need these files to
> > reinstall/repair/add windows components. Just remember what it is and
> where
> > it is.
> >
> > The messenger service is a 'service' (a windows component). The fact
that
> > you are getting the popups shows that your system is not protected
> properly
> > and is open to attacks from virii/worms/etc. Turn on the internet
> connection
> > firewall immediately and then install a proper firewall. Go offline and
> see
> > the Help subject for ICF.
> >
> >
> > "Bob" > wrote in message
> > ...
> > > Thanks to "The Stare".
> > >
> > > Should I delete the file from C:\1386?
> > >
> > > Is the "Messenger Service" a program in XP? If so where is it located?
> > >
> > > Bob
> > >
> > >
> > > "The Stare" > wrote in message
> > > ...
> > > >
> > > > "Bob" > wrote in message
> > > > ...
> > > > > I have two problems:
> > > > > 1.) The info listed for the Welchia Worm says that it "makes a
copy
> of
> > > > > %sustem%\Dllcache\Tftpd.exe as %System%\Wins\svchost.exe". I
> followed
> > > the
> > > > > instructions, removed the virus and installed the patch from
> Microsoft
> > > and
> > > > > still have "svchost.exe" in the computer in two locations:C:\1386
> and
> > > > > C:\Windows\System 32. There are several references to svchost.ext
in
> > the
> > > > > registry as well.
> > > > > a.) What does this file do?
> > > > > b.) Should it be removed?
> > > >
> > > > svchost.exe is a critical operating system file and xp will not work
> > > without
> > > > it. The i386 folder is your installation source files. The one in
> > > > c:\windows\system32 is the one used by xp.
> > > >
> > > >
> > > > > 2.) The computer is recent and since I got it I keep getting a
popup
> > > > window
> > > > > at odd times labeled "Message Service". The latest one says its a
> > > "message
> > > > > alert from Alert Service to you on 8/25/2003" at the current time
> > > telling
> > > > me
> > > > > to go to WWW.ByeByeads.com to get rid of these annoying popup. The
> > > popups
> > > > > are not always from the same source.
> > > > > a.) Is this Message Service" part of the xp system?
> > > > > b.) How to identify the source and eliminate it?
> > > >
> > > > These are spam via the 'messenger service'. A properly configured
> > firewall
> > > > will stop them.
> > > >
> > > >
> > >
> > >
> >
> >
>
>

But disabling "messenger services" will stop the pop
ups ... and that has nothing to do with viruses....