Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

refbeepbolt.exe and mps.exe

Status
Not open for further replies.
MSGJack

MSGJack

IS-IT--Management
Jan 5, 2004
7
US
Ran Hijackthis, adware, spybot on my win 98 computer and it still takes an hour to load IE. Been going through every message looking for things to delete other than those i.d.'d by the above mentioned tools. I've got two that I can't find anywhere.

c:\windows\system\mps.exe
C:\program files\proxy axis\refbeepbolt.exe

04 - HKLM\..\run: [file bin] C:\program files\proxy axis\refbeepbolt.exe

I've also got 28 - 016 - DPF: {...} ....cab's

I saw where I can delete any 016's is that correct?
 
Sort by date Sort by votes
c:\windows\system\mps.exe is part of the PWSTEAL.TROJAN - not something you want around:
C:\program files\proxy axis\refbeepbolt.exe

04 - HKLM\..\run: [file bin] C:\program files\proxy axis\refbeepbolt.exe
...you got me. If in doubt, kick it out of its RUN designation and see what happens. Or, check in the folder where it lives in program files for more clues.

RE: 016's...yes, you can kill them without fear. If needed, you'll be prompted to download them sooner or later.







"'Tis an ill wind that blows no minds." - Malaclypse the Younger
 
Upvote 0 Downvote
Just tried to delete these two files and the system want let me delete them. I'm going to try and open up in DOS and see if I can do it there. I got the winactive parasite two days ago and I think based on what messages I've read this is a new variation with new files. It's really ugly.
 
Upvote 0 Downvote
Think you ought to follow carrr's suggestion and check proxy axis folder, there may be other stuff in there you should delete too.
 
Upvote 0 Downvote
You can likely knock them out in safe mode, as well. Something likeley "using" them once your processes are running (as refbeepbolt is clearly in your startups).

"'Tis an ill wind that blows no minds." - Malaclypse the Younger
 
Upvote 0 Downvote
winactive is targeted by Ad-aware, if it was not detected then you most likely are scanning with an outdated reference file, the current is 01R270 18.03.2004. on Ad-aware(build 181)
A tool what I have been working on is KillBox available at
which is a process killer/deletion utility, and may have some success in removing files, running or not, without the need for Safemode or Dos.
 
Upvote 0 Downvote
Killed it in Safe Mode. I still got problems though. IE is not wanting to load. I'll let you'all know. Thanx people you are the greatest!
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

2ffat
  • Locked
  • News
Police: Do as we say and not as we do! 1
Replies
4
Views
84
goombawaho
goombawaho
DrB0b
  • Locked
  • Question
Crytowall 3.0 and How I dealt with it 2
Replies
7
Views
140
DrB0b
DrB0b
kjv1611
  • Locked
  • Question
POS Malware Infections Detection and Protection
Replies
0
Views
75
kjv1611
kjv1611
Kjonnnn
  • Locked
  • Question
Virus and Code 31 connection Has
Replies
4
Views
89
Kjonnnn
Kjonnnn
nconick
  • Locked
  • Question
SEP 12.5 and Avaya Aura Contact Center 6.2 exceptions, etc.
Replies
0
Views
55
nconick
nconick

Part and Inventory Search

Sponsor

Back
Top