Every hour or two whenever I'm on line, my firewall stops MPREXE.exe from an
outbound communication..
What is this file and should I be concerned?
It doesn't turn up on any AV or spy scans..
Thanks,
RTS

Confirm the validity of your copy of the file, but the description of the
one included on the WinMe CD (WIN_17.CAB) is "WIN32 Network Interface
Service Process" -"Copyright (C) Microsoft Corp. 1993-2000" version
"4.90.0.3000".

If confirmed, then file looks good and should relieve your anxiety <g>

Mart




"Rocky_T_Squirrel, Esq." > wrote in message
...
> Every hour or two whenever I'm on line, my firewall stops MPREXE.exe from
an
> outbound communication..
> What is this file and should I be concerned?
> It doesn't turn up on any AV or spy scans..
> Thanks,
> RTS
>
>

Thanks Mart,
I'll check for that info in the file..
RTS


"Mart" > wrote in message
...
> Confirm the validity of your copy of the file, but the description of the
> one included on the WinMe CD (WIN_17.CAB) is "WIN32 Network Interface
> Service Process" -"Copyright (C) Microsoft Corp. 1993-2000" version
> "4.90.0.3000".
>
> If confirmed, then file looks good and should relieve your anxiety <g>
>
> Mart
>
>
>
>
> "Rocky_T_Squirrel, Esq." > wrote in message
> ...
> > Every hour or two whenever I'm on line, my firewall stops MPREXE.exe
from
> an
> > outbound communication..
> > What is this file and should I be concerned?
> > It doesn't turn up on any AV or spy scans..
> > Thanks,
> > RTS
> >
> >
>
>

Rocky_T_Squirrel, Esq. wrote:

> Every hour or two whenever I'm on line, my firewall stops MPREXE.exe from an
> outbound communication..
> What is this file and should I be concerned?
> It doesn't turn up on any AV or spy scans..
> Thanks,
> RTS
>
>
mprexe is a Windows file... something to do with network protocol
translation... what is it trying to connect to?


Rick

Not sure Rick, My firewall stops it before it can make a connection..
The same firewall has been blocking a pot load of tcp incoming atempts
by a trojan from 9 to 12 different IP's address...
I tried back tracking the IP's but none of them showed valid...
Think there related?

Thanks,
RTS


"Rick T" > wrote in message
...
> Rocky_T_Squirrel, Esq. wrote:
>
> > Every hour or two whenever I'm on line, my firewall stops MPREXE.exe
from an
> > outbound communication..
> > What is this file and should I be concerned?
> > It doesn't turn up on any AV or spy scans..
> > Thanks,
> > RTS
> >
> >
> mprexe is a Windows file... something to do with network protocol
> translation... what is it trying to connect to?
>
>
> Rick

Rocky_T_Squirrel, Esq. wrote:

> Not sure Rick, My firewall stops it before it can make a connection..
> The same firewall has been blocking a pot load of tcp incoming atempts
> by a trojan from 9 to 12 different IP's address...
> I tried back tracking the IP's but none of them showed valid...
> Think there related?

no clue... doesn't your firewall show the IP addy/port that a blocked
program is attempting to connect to ?

Re the inbound ones, why not post a couple of the addys here and see if
anybody recognizes them.


Rick



>
> Thanks,
> RTS
>
>
> "Rick T" > wrote in message
> ...
>
>>Rocky_T_Squirrel, Esq. wrote:
>>
>>
>>>Every hour or two whenever I'm on line, my firewall stops MPREXE.exe
>
> from an
>
>>>outbound communication..
>>>What is this file and should I be concerned?
>>>It doesn't turn up on any AV or spy scans..
>>>Thanks,
>>>RTS
>>>
>>>
>>
>>mprexe is a Windows file... something to do with network protocol
>>translation... what is it trying to connect to?
>>
>>
>>Rick
>
>
>

Rick, hope this helps
the outbound MPREXE.exe hasn't attempted in about 24 hours..
here's a few of the inbound tcp attempts..
newest to older.. only a sample, most came in in groups of 3 atttempts
over a 2 minute span..

192.110.64.230,http
219.112.120.96,http
221.125.7.100,9898
socket de trois v1 trojan 207.38.178.95,2142
207.162.166.226,dcom
207.162.166.140,dcom
207.162.166.165,dcom
207.162.170.251,445
207.162.171.111,dcom
207.162.166.202,445

thanks
RTS

"Rick T" > wrote in message
...
> Rocky_T_Squirrel, Esq. wrote:
>
> > Not sure Rick, My firewall stops it before it can make a connection..
> > The same firewall has been blocking a pot load of tcp incoming atempts
> > by a trojan from 9 to 12 different IP's address...
> > I tried back tracking the IP's but none of them showed valid...
> > Think there related?
>
> no clue... doesn't your firewall show the IP addy/port that a blocked
> program is attempting to connect to ?
>
> Re the inbound ones, why not post a couple of the addys here and see if
> anybody recognizes them.
>
>
> Rick
>
>
>
> >
> > Thanks,
> > RTS
> >
> >
> > "Rick T" > wrote in message
> > ...
> >
> >>Rocky_T_Squirrel, Esq. wrote:
> >>
> >>
> >>>Every hour or two whenever I'm on line, my firewall stops MPREXE.exe
> >
> > from an
> >
> >>>outbound communication..
> >>>What is this file and should I be concerned?
> >>>It doesn't turn up on any AV or spy scans..
> >>>Thanks,
> >>>RTS
> >>>
> >>>
> >>
> >>mprexe is a Windows file... something to do with network protocol
> >>translation... what is it trying to connect to?
> >>
> >>
> >>Rick
> >
> >
> >
>

Well, all the inbound ones are from valid IPs, most of the 207 series
for instance are "Vision Communications" in Kentucky (you can tell I
don't know too much about these things). Is your firewall set to ignore
pings ?


Rick

Rocky_T_Squirrel, Esq. wrote:

> Rick, hope this helps
> the outbound MPREXE.exe hasn't attempted in about 24 hours..
> here's a few of the inbound tcp attempts..
> newest to older.. only a sample, most came in in groups of 3 atttempts
> over a 2 minute span..
>
> 192.110.64.230,http
> 219.112.120.96,http
> 221.125.7.100,9898
> socket de trois v1 trojan 207.38.178.95,2142
> 207.162.166.226,dcom
> 207.162.166.140,dcom
> 207.162.166.165,dcom
> 207.162.170.251,445
> 207.162.171.111,dcom
> 207.162.166.202,445
>
> thanks
> RTS
>
> "Rick T" > wrote in message
> ...
>
>>Rocky_T_Squirrel, Esq. wrote:
>>
>>
>>>Not sure Rick, My firewall stops it before it can make a connection..
>>>The same firewall has been blocking a pot load of tcp incoming atempts
>>>by a trojan from 9 to 12 different IP's address...
>>>I tried back tracking the IP's but none of them showed valid...
>>>Think there related?
>>
>>no clue... doesn't your firewall show the IP addy/port that a blocked
>>program is attempting to connect to ?
>>
>>Re the inbound ones, why not post a couple of the addys here and see if
>>anybody recognizes them.
>>
>>
>>Rick
>>
>>
>>
>>
>>>Thanks,
>>>RTS
>>>
>>>
>>>"Rick T" > wrote in message
...
>>>
>>>
>>>>Rocky_T_Squirrel, Esq. wrote:
>>>>
>>>>
>>>>
>>>>>Every hour or two whenever I'm on line, my firewall stops MPREXE.exe
>>>
>>>from an
>>>
>>>
>>>>>outbound communication..
>>>>>What is this file and should I be concerned?
>>>>>It doesn't turn up on any AV or spy scans..
>>>>>Thanks,
>>>>>RTS
>>>>>
>>>>>
>>>>
>>>>mprexe is a Windows file... something to do with network protocol
>>>>translation... what is it trying to connect to?
>>>>
>>>>
>>>>Rick
>>>
>>>
>>>
>
>

Rick I had my isp (VCI) do a block on port 5000 (a worm attack point) and
all the inbound TCP's have stopped..
Their checking for a possible infected customer who was sending out
infections to member computers.. inside the system..
So far so good.. :o)

Still no attempts of outbound from MPREXE.exe, been nearly 48 hours..

Thanks
RTS


"Rick T" > wrote in message
...
> Well, all the inbound ones are from valid IPs, most of the 207 series
> for instance are "Vision Communications" in Kentucky (you can tell I
> don't know too much about these things). Is your firewall set to ignore
> pings ?
>
>
> Rick
>
> Rocky_T_Squirrel, Esq. wrote:
>
> > Rick, hope this helps
> > the outbound MPREXE.exe hasn't attempted in about 24 hours..
> > here's a few of the inbound tcp attempts..
> > newest to older.. only a sample, most came in in groups of 3 atttempts
> > over a 2 minute span..
> >
> > 192.110.64.230,http
> > 219.112.120.96,http
> > 221.125.7.100,9898
> > socket de trois v1 trojan 207.38.178.95,2142
> > 207.162.166.226,dcom
> > 207.162.166.140,dcom
> > 207.162.166.165,dcom
> > 207.162.170.251,445
> > 207.162.171.111,dcom
> > 207.162.166.202,445
> >
> > thanks
> > RTS
> >
> > "Rick T" > wrote in message
> > ...
> >
> >>Rocky_T_Squirrel, Esq. wrote:
> >>
> >>
> >>>Not sure Rick, My firewall stops it before it can make a connection..
> >>>The same firewall has been blocking a pot load of tcp incoming atempts
> >>>by a trojan from 9 to 12 different IP's address...
> >>>I tried back tracking the IP's but none of them showed valid...
> >>>Think there related?
> >>
> >>no clue... doesn't your firewall show the IP addy/port that a blocked
> >>program is attempting to connect to ?
> >>
> >>Re the inbound ones, why not post a couple of the addys here and see if
> >>anybody recognizes them.
> >>
> >>
> >>Rick
> >>
> >>
> >>
> >>
> >>>Thanks,
> >>>RTS
> >>>
> >>>
> >>>"Rick T" > wrote in message
> ...
> >>>
> >>>
> >>>>Rocky_T_Squirrel, Esq. wrote:
> >>>>
> >>>>
> >>>>
> >>>>>Every hour or two whenever I'm on line, my firewall stops MPREXE.exe
> >>>
> >>>from an
> >>>
> >>>
> >>>>>outbound communication..
> >>>>>What is this file and should I be concerned?
> >>>>>It doesn't turn up on any AV or spy scans..
> >>>>>Thanks,
> >>>>>RTS
> >>>>>
> >>>>>
> >>>>
> >>>>mprexe is a Windows file... something to do with network protocol
> >>>>translation... what is it trying to connect to?
> >>>>
> >>>>
> >>>>Rick
> >>>
> >>>
> >>>
> >
> >

Rocky_T_Squirrel, Esq. wrote:

> Rick I had my isp (VCI) do a block on port 5000 (a worm attack point) and
> all the inbound TCP's have stopped..
> Their checking for a possible infected customer who was sending out
> infections to member computers.. inside the system..
> So far so good.. :o)

well good luck; last time I yelled "aha!" at one of those things, turned
out to be something going out onto the net to find out what time it was
(basically).


Rick

Rick, the ole boys at vci are just country boys,
They goat rope and square dance like the rest of us.. :o)
Once they get the smell of a problem, they'll run it to ground and put it
in the sack... LOL

(aka,, they'll fix the problem..)

Thanks
RTS


"Rick T" > wrote in message
...
> Rocky_T_Squirrel, Esq. wrote:
>
> > Rick I had my isp (VCI) do a block on port 5000 (a worm attack point)
and
> > all the inbound TCP's have stopped..
> > Their checking for a possible infected customer who was sending out
> > infections to member computers.. inside the system..
> > So far so good.. :o)
>
> well good luck; last time I yelled "aha!" at one of those things, turned
> out to be something going out onto the net to find out what time it was
> (basically).
>
>
> Rick

Rocky_T_Squirrel, Esq. wrote:

> Rick, the ole boys at vci are just country boys,
> They goat rope and square dance like the rest of us.. :o)
> Once they get the smell of a problem, they'll run it to ground and put it
> in the sack... LOL
>
> (aka,, they'll fix the problem..)
>

heheh, I like your ISP's attitude.


Rick


> Thanks
> RTS
>
>
> "Rick T" > wrote in message
> ...
>
>>Rocky_T_Squirrel, Esq. wrote:
>>
>>
>>>Rick I had my isp (VCI) do a block on port 5000 (a worm attack point)
>
> and
>
>>>all the inbound TCP's have stopped..
>>>Their checking for a possible infected customer who was sending out
>>>infections to member computers.. inside the system..
>>>So far so good.. :o)
>>
>>well good luck; last time I yelled "aha!" at one of those things, turned
>>out to be something going out onto the net to find out what time it was
>>(basically).
>>
>>
>>Rick
>
>
>

Funny - after 'country boys', I read the next bit as they rape goat. Glad to
see it's not true!


Shane


"Rocky_T_Squirrel, Esq." > wrote in message
...
> Rick, the ole boys at vci are just country boys,
> They goat rope and square dance like the rest of us.. :o)
> Once they get the smell of a problem, they'll run it to ground and put it
> in the sack... LOL
>
> (aka,, they'll fix the problem..)
>
> Thanks
> RTS
>
>
> "Rick T" > wrote in message
> ...
> > Rocky_T_Squirrel, Esq. wrote:
> >
> > > Rick I had my isp (VCI) do a block on port 5000 (a worm attack point)
> and
> > > all the inbound TCP's have stopped..
> > > Their checking for a possible infected customer who was sending out
> > > infections to member computers.. inside the system..
> > > So far so good.. :o)
> >
> > well good luck; last time I yelled "aha!" at one of those things, turned
> > out to be something going out onto the net to find out what time it was
> > (basically).
> >
> >
> > Rick
>
>

ROFL
Trust you.
Joan

Shane wrote:
> Funny - after 'country boys', I read the next bit as they rape goat.
> Glad to see it's not true!
>
>
> Shane

Dyslexia is a sign of old age (as in Herr Loon) or a dissolute (or
debauched) lifestyle. (VBG)

Figgs (and I will write you tonight.....I promise!!)

"Shane" > wrote in message
...
> Funny - after 'country boys', I read the next bit as they rape goat. Glad
to
> see it's not true!
>
>
> Shane
>
>
> "Rocky_T_Squirrel, Esq." > wrote in message
> ...
> > Rick, the ole boys at vci are just country boys,
> > They goat rope and square dance like the rest of us.. :o)
> > Once they get the smell of a problem, they'll run it to ground and put
it
> > in the sack... LOL
> >
> > (aka,, they'll fix the problem..)
> >
> > Thanks
> > RTS
> >
> >
> > "Rick T" > wrote in message
> > ...
> > > Rocky_T_Squirrel, Esq. wrote:
> > >
> > > > Rick I had my isp (VCI) do a block on port 5000 (a worm attack
point)
> > and
> > > > all the inbound TCP's have stopped..
> > > > Their checking for a possible infected customer who was sending out
> > > > infections to member computers.. inside the system..
> > > > So far so good.. :o)
> > >
> > > well good luck; last time I yelled "aha!" at one of those things,
turned
> > > out to be something going out onto the net to find out what time it
was
> > > (basically).
> > >
> > >
> > > Rick
> >
> >
>
>

I was only kidding!

(That counts as a 'sheep joke'. doesn't it?...........Just when I thought
there was no more mileage in sheep!.....)

I'm just off to bed. I'll check my mail on the Vic, but I'm off to the land
of No-Computer shortly thereafter.

(Ah. Here's Rosie in out of the rain. There's nothing like a wet pussy, I
always think!)

Night night! ;-)


Shane


"Heather" > wrote in message
...
> Dyslexia is a sign of old age (as in Herr Loon) or a dissolute (or
> debauched) lifestyle. (VBG)
>
> Figgs (and I will write you tonight.....I promise!!)
>
> "Shane" > wrote in message
> ...
> > Funny - after 'country boys', I read the next bit as they rape goat.
Glad
> to
> > see it's not true!
> >
> >
> > Shane
> >
> >
> > "Rocky_T_Squirrel, Esq." > wrote in message
> > ...
> > > Rick, the ole boys at vci are just country boys,
> > > They goat rope and square dance like the rest of us.. :o)
> > > Once they get the smell of a problem, they'll run it to ground and
put
> it
> > > in the sack... LOL
> > >
> > > (aka,, they'll fix the problem..)
> > >
> > > Thanks
> > > RTS
> > >
> > >
> > > "Rick T" > wrote in message
> > > ...
> > > > Rocky_T_Squirrel, Esq. wrote:
> > > >
> > > > > Rick I had my isp (VCI) do a block on port 5000 (a worm attack
> point)
> > > and
> > > > > all the inbound TCP's have stopped..
> > > > > Their checking for a possible infected customer who was sending
out
> > > > > infections to member computers.. inside the system..
> > > > > So far so good.. :o)
> > > >
> > > > well good luck; last time I yelled "aha!" at one of those things,
> turned
> > > > out to be something going out onto the net to find out what time it
> was
> > > > (basically).
> > > >
> > > >
> > > > Rick
> > >
> > >
> >
> >
>
>