I discovered that I have a program installed called msmsger.exe. I
don´t know where it came from and to what it might be associated. From
time to time my personal firewall tells me that the program msmsger.exe wants
to access the internet. I have blocked such request.
I did a Google-search but found only 4 forums (in languages I do not
understand) where it is mentioned. Neither my antispam software nor AV virus
software detects it as bad. I have no Microsoft Messenger software
Any idea what this piece of software does or is?
I believe this is a great example of something we see all the time:
malicious programs trying to “look like” other programs so you’ll be uncertain
about their maliciousness.
And, yes, even though your anti-malware programs don’t flag it, I believe it
is malware. Which brings up another very important point.
Become a Patron of Ask Leo! and go ad-free!
One of the ways that malicious software tries to hide itself, or at least
confuse people, is by taking a name that is very similar to a legitimate piece
The name “msmsger”.exe is very similar to msmsgs.exe (Windows Messenger) or
msnmsgr.exe (MSN Instant Messenger), but of course that actually means nothing.
Just because programs have similar names doesn’t mean that they’re related at
And yet, it’s easy to think so and easy to misread the imposter’s name as
one of the others if you’re not paying close attention.
And, of course, that’s exactly what malware authors have been relying on for
years. Consider that “lsass.exe” is a legitimate and important system process.
But “isass.exe”, and even “1sass.exe” look very similar. They are not.
They are viruses that have caused a lot of people a lot of grief.
So my first inclination when I see a program that has a name similar but not
quite the same as a legitimate windows program is to consider it suspect.
Choosing a name that is close to the name of a real, legitimate program is a
frequent sign of malware.
“But,” (I hear you saying), “my anti-virus program didn’t flag it!”
True enough. And, to be honest, that’s important data. But not enough to
call the file legitimate either. (As an aside, I’m assuming that your
anti-virus and anti-spyware packages are getting regular database updates to keep
track of new threats that are constantly emerging. Without those updates, best done
daily or at least weekly, they won’t catch new malware.)
The sad fact is that not all anti-malware programs catch all malware. Good
ones will catch a lot; even most of the malware that’s out there. But none of
them are 100% accurate.
I’ll say that again: none of the anti-malware programs give you 100%
Sucks, doesn’t it?
In the case of msmsger.exe, I did find at least one anti-spyware vendor that
and only recently explicitly lists is as a
threat but provides very little detail. It’s difficult to determine just
how much of a threat it really is.
My first recommendation is to run additional spyware and virus scans using
some of the free or trial versions of scanners that are currently
If they show nothing, my next recommendation is to delete the file
(following the steps in Is it
safe to delete this file?), and see what happens.
But the fact that it’s named similarly to a legitimate program and that it’s
trying to access the internet most definitely have me concerned, and almost
convinced, that it’s a virus or other malware of some sort.