Announcement

Collapse
No announcement yet.

Serious problem..need assistance

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Serious problem..need assistance

    We've got a process running on a few computers that recently appeared. Jan 10th 2006 to be exact. I can find very little information about it. All it's done so far, is tie up network resources for the entire network while listening on every port it can find. It's easy to kill and it seems to stay gone until you reboot but how it got here and where it came from is a mystery. Have any of you ever heard of it? If so, any info would be appreciated.

    The process that is running is called msprexe.exe. It is running on Windows 2000 machines that are fully updated including antivirus. There is not much info on this file at all. Symantec, McAfee, Microsoft.com, and searches in Google, MSN, Yahoo,etc have brought up next to nothing and absolutley no help. Any ideas, suggestions appreciated. Thank you in advance for any effort put into this thread.

  • #2
    Re: Serious problem..need assistance

    Are you running any antivirus software? If a search on google returned nothing then i would be worried - it maybe a new virus in which case submit it to an AV company...
    Server 2000 MCP
    Development: ASP, ASP.Net, PHP, VB, VB.Net, MySQL, MSSQL - Check out my blog http://tonyyeb.blogspot.com

    ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

    Comment


    • #3
      Re: Serious problem..need assistance

      Yes....we are running antivirus and it is up to date and we have all Windows updates.

      Comment


      • #4
        Re: Serious problem..need assistance

        doen't you mean MPREXE.EXE

        http://vil.nai.com/vil/content/v_99959.htm

        edit:
        next time use a correct title for any thread.
        Marcel
        Technical Consultant
        Netherlands
        http://www.phetios.com
        http://blog.nessus.nl

        MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
        "No matter how secure, there is always the human factor."

        "Enjoy life today, tomorrow may never come."
        "If you're going through hell, keep going. ~Winston Churchill"

        Comment


        • #5
          Re: Serious problem..need assistance

          No I do not mean MPREXE.exe....I meant what I typed. Your edit in your comment says to use a correct title....whats that supposed to mean? I used a title that would get some attention....sorry if it bothered you...show me where the "Correct Title 101" class is and I will be happy to attend.....Im asking for a little help here...didnt know I would be criticized for a title in a forum....my apologies.

          Comment


          • #6
            Re: Serious problem..need assistance

            msprexe.exe Or Microsoft Multi-Protocol Router

            i found this page if its any assistance

            https://secure.experts-exchange.com/...y%3D10&rsid=10
            Life's a breeze, so spread your wings and fly baby

            Comment


            • #7
              Re: Serious problem..need assistance

              Welcome students to "Correct Title 101" class. http://forums.petri.com/showthread.php?t=2866 I would like to bring your attention to the FIRST rule on the list.
              1 1 was a racehorse.
              2 2 was 1 2.
              1 1 1 1 race 1 day,
              2 2 1 1 2

              Comment


              • #8
                Re: Serious problem..need assistance

                Originally posted by biggles77
                Welcome students to "Correct Title 101" class. http://forums.petri.com/showthread.php?t=2866 I would like to bring your attention to the FIRST rule on the list.
                I remember reading that I just forgot due to a serious problem on the network....no need to be a "TA" about it though.....we are only human....


                To all of those who actually offered help and didnt worry themsleves so much with the title, I really appreciate it....We figured out what the problem was and everything is back to normal.....It was actually an easy fix to old problem.

                Comment


                • #9
                  Re: Serious problem..need assistance

                  Might I suggest LESS attitude when comments are made to your posts. You came here for help with YOUR problem. The members give up their FREE time to answer posts. From the title of your post it might have meant you had a flat tyre and wanted help in changing it. I personally wasted time looking at the post because the title told me NOTHING about the problem.

                  I am glad you have it fixed but a simple courtesy to those who did reply and to present and future memeber would have been to post what the fix was.

                  Remember you get more flies with honey than with vinegar.
                  1 1 was a racehorse.
                  2 2 was 1 2.
                  1 1 1 1 race 1 day,
                  2 2 1 1 2

                  Comment


                  • #10
                    Re: Serious problem..need assistance

                    congrats Whip-IT for resolving the problem. It would be better if u just spare some time sharing the resolution of the problem as it helps the other members.

                    Comment


                    • #11
                      Re: Serious problem..need assistance

                      Originally posted by biggles77
                      Might I suggest LESS attitude when comments are made to your posts. You came here for help with YOUR problem. The members give up their FREE time to answer posts. From the title of your post it might have meant you had a flat tyre and wanted help in changing it. I personally wasted time looking at the post because the title told me NOTHING about the problem.

                      I am glad you have it fixed but a simple courtesy to those who did reply and to present and future memeber would have been to post what the fix was.

                      Remember you get more flies with honey than with vinegar.
                      There was no attitude, it was just plain fact what I said, and I thanked those who HELPED and I gave back to those what was coming to them just like it was dished out to me. Im not here to cause problems, but the attitude was actually started by the moderators. I had several people reply who did not care about the title, they just wanted to help. This forum is about computer issues from what all I have read, not flat tires. From now on I will be more careful with my titles and make sure they have some sort of subject to them. Furthermore I am also one of the members who look at this forum and help people in my free time. I look here daily and if there is something I see that I have worked with I offer advice. I am still a new member so I havent answered many but I have answered some.



                      Now for the solution, as I said it was actually an easy fix to an old problem. The MSPREXE.EXE file was actually infected with W32.Spybot. The reason none of the AV sites had any info was because this was a new variant. MSPREXE.EXE is not a normal system/or executable file that Windows installs. So we stopped the MSPREXE.EXE service from running, located and deleted the file and removed any registry entries that had to do with this file. Once that was done network activity improved. We also rebooted each infected computer and one server it was on and it did not return. Problem was solved. Today we checked the machines again and it still has not come back.

                      Once again thank you to those who helped and offered advice. It was and is very much appreciated.
                      Last edited by Whip-IT; 19th January 2006, 16:15.

                      Comment


                      • #12
                        Re: Serious problem..need assistance

                        Originally posted by Whip-IT
                        Now for the solution, as I said it was actually an easy fix to an old problem. The MSPREXE.EXE file was actually infected with W32.Spybot. The reason none of the AV sites had any info was because this was a new variant. MSPREXE.EXE is not a normal system/or executable file that Windows installs. So we stopped the MSPREXE.EXE service from running, located and deleted the file and removed any registry entries that had to do with this file. Once that was done network activity improved. We also rebooted each infected computer and one server it was on and it did not return. Problem was solved. Today we checked the machines again and it still has not come back.

                        Once again thank you to those who helped and offered advice. It was and is very much appreciated.

                        Congrats on fixing it m8.

                        Just goes to show that your AV is only as good as the last update from the vendor.

                        Comment


                        • #13
                          Re: Serious problem..need assistance

                          Originally posted by Whip-IT
                          There was no attitude, it was just plain fact what I said, and I thanked those who HELPED and I gave back to those what was coming to them just like it was dished out to me. Im not here to cause problems, but the attitude was actually started by the moderators. I had several people reply who did not care about the title, they just wanted to help. This forum is about computer issues from what all I have read, not flat tires. From now on I will be more careful with my titles and make sure they have some sort of subject to them. Furthermore I am also one of the members who look at this forum and help people in my free time. I look here daily and if there is something I see that I have worked with I offer advice. I am still a new member so I havent answered many but I have answered some.

                          First, congratulations with you're solution and thank you for posting back.

                          Futher more, I ASKED if you could use a correct title for the next time. If you had read the rules you would know about it. We do appreachiate that you reply on other topics, of course, like we all try to do so. Ik still have questions about you're attitude and in my oppinion it was not us (the moderators) who started with this.

                          Before we start any useless discussion.... let's go futher with the daily bussiness.
                          Marcel
                          Technical Consultant
                          Netherlands
                          http://www.phetios.com
                          http://blog.nessus.nl

                          MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                          "No matter how secure, there is always the human factor."

                          "Enjoy life today, tomorrow may never come."
                          "If you're going through hell, keep going. ~Winston Churchill"

                          Comment


                          • #14
                            Re: Serious problem..need assistance

                            Originally posted by Dumber
                            First, congratulations with you're solution and thank you for posting back.

                            Futher more, I ASKED if you could use a correct title for the next time. If you had read the rules you would know about it. We do appreachiate that you reply on other topics, of course, like we all try to do so. Ik still have questions about you're attitude and in my oppinion it was not us (the moderators) who started with this.

                            Before we start any useless discussion.... let's go futher with the daily bussiness.

                            Noted..and I agree on getting on with daily business....

                            Comment


                            • #15
                              Re: Serious problem..need assistance

                              WHIP-IT Yes you do have a serious problem. There are over 1000 variations to the W32.Spybot virus and if not all a vast majority are Back doors. I suggest watching the network very closely over the next few days.

                              Good Luck!

                              Comment

                              Working...
                              X