What is MediaPass.exe?

March 2, 2005 at 17:23:50
Specs: Windows XP, Pentium 4

My computer is somewhat slow and I noticed a process called MediaPass.exe running at 80-95%. What is it and how do I get rid of it?

See More: What is MediaPass.exe?

Report •

March 2, 2005 at 17:49:20

are you trying to break us?

thats not even in google guys

so dont even try

good luck i duunno what it is

waiting for answers too


Report •

March 3, 2005 at 12:46:13

One instance of MediaPass is associated with Esquire magazine to buy reprints of recent articles.

Did you subscribe to this service?


Report •

March 3, 2005 at 21:51:53

I found it after reinstalling windows on my computer, it somehow installed itself in the 10 minutes it took me to get the virus/fire walls updated, here's how I got rid of it.

do a search for the file to find what directory it is in, delte all instances it finds, it won't let you delete the .exe file

once you know where it is, drop to the c: prompt (you know the old dos way)

go to the directory it is in.

rename the mediapass.exe to another name

rename mediapass.exe mediapass.txt


del mediapass.txt

do a dir/w it should be gone now, once that is gone you should be able to delete the remainder of the files.

Hopefully this will work for you, it did for me tonight.

Report •

Related Solutions

March 4, 2005 at 03:46:15

According to the readme file in the mediapass folder, it downloads when you subscribe to an information service. I don't know which oen, 'cos one of my kids did it to me and no-one's owning up.

It overides your pop-up stopper, and delivers "information" pop-ups when you're on the web.

I couldn't remove it via control panel > remove programs 'cos it kept looping me back, so I removed all references to it in the registry, and then I was able to delete the relevant files. That worked, but I'm not sure that I've remembered all the steps 'cos I was very cross and it was late at night - post a few glasses of wine!

The DOS approach above sounds good, though!

I googled for "MediaPass.exe" (without the " "s and found the computing.net site here. Thanks!

Report •

March 4, 2005 at 13:08:07

I've had to deal with this restarting itself. If this is happening to you there has been one fix that has been successful for me. Restart in safe mode (F8 during startup). Find the file and delete it (in safe mode you don't have to rename it) and remove it from your recylce bin.
At this point you will want to launch MSCONFIG (if you don't have it download it before you start this process). Uncheck the Mediapass.exe and any other executable that look suspicious, remember MS, Norton, Symantec all use something logical if it looks funny stop it. You can restart from here and should be OK.
During the reboot you will be warned that the startup config has changed. Check the box and hit OK, you don't have to go back in except to verify the changes.
If you want to stop these from coming up use a program like Webroot or Spybot. I think that both have a shield.
Hope this helps

Report •

March 6, 2005 at 19:06:47

i am the only person using my computer...absolutely 100% certain of that. therefore i didn't have an issue of which kid did or didn't "allow" this varmant on my system. i read the readme also and i can tell you in no uncertain terms that i did not "opt-in" to anything. i was not asked if it could be installed and i certainly would not have said YES in the event it had asked me. all i know is one second it wasn't there and the next it was. i, like a previous poster reported, was experiencing a large drain on my system and went looking into the matter and found this critter. it installed under C:/Program Files/MediaPass...but there is another little side-kick that you should be aware of...the file is "salm.exe" and it installed from my C:/Temp directory. that file wasn't a major pain to get rid of...but MediaPass et.al. was an extreme bear!! in my case there were two "exe's" and one "dll" in the program files/mediapass folder. this was about 3 days ago and i didn't take notes so i'm relying on my piss-poor memory...so i apologize for any inconsistencies. i remember the two exe's were...MediaPass.exe and MediaPassX.exe. i do not remember the name of the dll file. i must say they got it down as far as insuring they are not eradicated easily. makes me wonder if they are part of "gator corp"...or "gain.corp" whatever they're calling themselves these days...they are absolutely the hardest core "nasty" i've come upon in all my years of computing. i worked for a good hour before i was able to purge my system of this MediaPass Pest. i went into MSConfig and unchecked the MediaPass startup entry...and then i'd close out and reopen...and everything would be exactly as i had made it except that the "selective startup" box would be checked and the MediaPass startup entry would also be checked. i tried this untold number of times. in task manager the two exe's showed and i would "kill" one and it would pop right back up...kill the other and it would pop right back up. i have relied on Spybot Search & Destroy since it first came on the scene but recently i had uninstalled the older version so as to update to the 1.3v...therefore i didn't have my handy dandy saviour program available to help. i use a program called "RegSeeker" which just keeps getting better and better and better. so at this point, using RegSeeker, i went in and did a search of the registry for "mediapass" and also "salm". i deleted all references it found. i then did a "clean" of the registry. i used the "file" search option and found the media pass program files folder...regseeker's file search is much faster and less system draining than the built-in search in windows. but it doesn't allow for search by "day". so i used crappy windows xp search in explorer for that date for "created" and "modified" files and then sorted the results in date order to see what all files were created or modified around the time that the MediaPass files installed (were created). i use a tabbed browser and had umpteen gajillion tabs open so i couldn't pin-point exactly which site the nasty came from. basically, at the time, i was frantic to rid myself of the menance once i realized it was not going to go away easily...so i didn't get as much documentation as i would've liked so that i could spread the word about this MediaPass bugger. once i cleaned my registry of all references to MediaPass...i was able to FINALLY "shred" the exes & dll files. i cleaned everything about 5 times or so before rebooting...didn't want the bugger to entrench itself even further so i tried to be very thorough. once i rebooted...it was gone...thank you computer gods! have been watching my system like a hawk since (i believe it happened on the 4th of March) and haven't had anything else untoward occur. don't know if these ramblings of mine are of any value but i truly hope they help someone. if anyone is planning on dealing with these guys of MediaPass somehow...give me a shout. i'd be more than happy to aide in any way that i can to see that these guys get their "due". Good Luck to all those trying to make this nasty "be gone". most sincerely...tst

Report •

March 6, 2005 at 22:45:23

MediaPass is Spyware. Symantec found it but could not delete. I got rid of it by deleting the Media Pass folder in safe mode and do a search in regedit and remove all instances of Media Pass

Report •

March 7, 2005 at 00:07:16

I have heard of the "DOS approach" to deleting files before. Trouble is, I've never understood how it is executed, besides opening up Command Prompt. Can someone maybe drop me a few notes on how it's done?

Report •

March 7, 2005 at 01:50:54

I found mediapress.exe yesterday and couldn't get rid of it by means of anti-virus software, but I went to the control panel and just removed it :-] Never before have I just deinstalled a virus;-) However, pay attention to the question that ends deinstallation, I don't remembar exactly what it was.
Then, I ran Ad-Aware SE and removed the registry entries and the rest of this crap. It seems to be ok now, but what interests me the most is how it got to my PC. I don't visit any "strange" websites, so I really don't have any idea.

Report •

March 7, 2005 at 10:12:23

I found this bugger on my laptop too. That is, a quite anoying pop-up just came back over and over again "Mediapass.exe wasn't installed properly".

I managed to get rid of it "the easy way" (through the control panel): as mentioned before DO take care to read all the pop-ups properly. There's a trick question in one of them (somethng like "you are deleting blabla, do you wish to keep them on your computer?)

I take care while surfing the net not to install this crap, so I also was quite surprised to find it on my computer. Lately I have been searching through quite a bit of eBay-like sites: maybe something popped up there?

Q: do I have to check other places on my computer for left-over files? I ran Ad-aware SE and got rid of all dodgy files. Thnx!

Report •

March 7, 2005 at 13:36:59

I removed mediapass like "tst" did, but also found the following files with the same time stamp:

and one file in c:\temp with same time stamp, but a more legitimate name than salm.exe

Report •

March 7, 2005 at 23:24:44

I'm just wondering if I could have a little assistance with my question in my previous post to the forum.

Report •

March 8, 2005 at 00:56:19

simply go to add/remove program and uninstal mediapass

Report •

March 8, 2005 at 03:43:05

First off, Chris, say out of DOS if u don't know what you are doing. There are safer and better ways to disable Mediapss. I first saw Mediapass appear on my system Mar 5th during a window's media player 10 upgrade download. I don't know if this nasty bug slipped through the auto-download process or it was just a coincidence. At the time, symantec/norton recognized that this was a web bug, but it could not remove it from my system. I simply put my system in safe mode, and used regedit scan to delete 'mediapass' and 'loaderX' files. Next I used the search tool to remove the same files from the rest of my system. I found several other .dll's and .exe's that seemed suspicous and possibly associated with Mediapass, but I did not remove them at that time. When I restarted my computer in normal mode, I did the same regedit searches and system searches, and did not find any more traces of mediapass. I then looked in the msconfig and my norton software, and did not find mediapass anywhere. However, when I run Norton scan tools, I am still having error messages come up saying that it can not fix the errors on my disk because the disk is in use. I select to repair on start up, but it fails to work. Anyone with any suggestions on fixing this problem? Symantec still has not responded to my question. I am afraid that the Mediapass bug is still lerking around in my system.

Butterfly Dancer

Report •

March 8, 2005 at 15:19:24

Followed removal instructions posted in ReadMe.txt. 1. Start menu/Control Panel, 2. Add/Remove programs select Media Pass and remove, when promted to remove additional items select yes. Then, be very careful with this info if never having used RegEdit from the Run menu. In Run, from the Start menu, type REGEDIT and enter, in the Registery select EDIT and then FIND, type MEDIA PASS and select next. When entry is found, select and right click the delete, at prompt select yes. Then go to EDIT and select FIND NEXT or hit F3 key, repeat previous and keep doing these two steps until all entries are gone, should be no more than 5 hits total. Close Registry, go to C:\Windows, delete Media Pass folder and viola, all gone, no SAFE MODE no more annoying resourse hog. The final and last step, RESTART computer it is not enough to log off and log on again.

Report •

March 9, 2005 at 11:20:48

Hiya Everyone, I'm glad you are all here as there isnt anything on this MediaPass. I could kiss and cuddle you all as this was doing my head in.

I couldn't remember how to do DOS as its been a while so I tried the easier one first.

1. regedit search and delete all
2. Control Panel, Add & Remove
3. Restart PC
4. regedit again; found two more plus loaderX and deleted
5. restart & check regedit and all clear

Seems a bit much but it seems to work so far.

Have a few other items in msconfig will check this site on them also.

Cheers again LUV U ALL.....lol

Report •

March 9, 2005 at 21:07:27

Hey Chris.
Did you get your DOS question answered? I've had luck in 2 instances using a command prompt to delete files:
1. When very strange (read: long) URL titles show in some temporary internet files folder, using commands like deltree and ren in a cmd.exe window from within windows can sometimes rename/delete files that windows explorer cannot. This approach has varying results depending on the target file(s) to rename.
2. When booting to removable media, like a floppy or CD, it bypasses the OS on the hard disk, including all the garbage that windows would load, either in regular or safe mode. So if the boot disk can access the hard disk (Win98 boot disk for a FAT32 drive, NTFSDOS from www.winternals.com($) for an NTFS drive), then deleting and/or renaming can help from there.

Hope this helps.

Report •

March 10, 2005 at 00:36:02

I was infected yesterday. I run both Microsoft Anti Spyware in Beta and Ad Aware and Ad Watch, and they did not catch it. When it started, the small coloured screen of MS Anti Spyware, which pops up on the right hand side, below, showed up, but moved quickly upwards and disappeared out of sight. Since then , every time I restart my computer, the program changes about 2500-3500 registry entries, according to Ad Watch.

I will run the scan from Ad Aware now.
Good to find a place where there is up to date information!

Report •

March 10, 2005 at 05:53:09

The response above worked for me also. I have Home XP installed and the Remove Files
via the Control Panel as outlined in Response # 13 to this thread was what did the job.

Report •

March 10, 2005 at 18:55:35

Ya im the sole user on my comp and I too have mediapass.exe I've tried uninstalling {and paying attention to the windows that pop up after} as well as locate where the file is. However in my task manager, 100's of processies are still running. I have no clue how to use reg{istry}edit or the ms dos prompt {?} if anyone reads this, preferablymarch 10th 05 and believes they can help me, my email address is canadian_party_boi_16@hotmail.com i will be on messenger if anyone would like to help me out. My RAM is maxed out because of this nasty bugger and I would MUCH appreciate anyone who would like to help.

Report •

March 10, 2005 at 20:26:58

I too have seen this particular file and folder on several computer systems where I work. It totally walks around and all over antivirus protection. Seems that there are a few things that happen with this. First, on client systems we noticed system slowdowns, IE wouldn't perform right, sometimes users would log on only to get dumped to an "iconless" empty desktop (meaning the Explorer shell got corrupted I believe), then network traffic would cease, and you would also lose your ability to run Task Manager (but you could still run tasklist or taskkill if need be from the DOS cmd line on XP machines). We also got alerts about our firewall showing HIGH activity (I mean ABUSE) of port 445 and 6101 traffic. 445 being AD Dir Svc and 6101 is known for Veritas BackupExec (from what I hear). Seems this MediaPass garbage comes in paired with something else...you have MediaPass.exe and MediaPassK.exe sitting in C:\Program Files\Media Pass as well as a registry entry in HKLM\Software...and then you have a partner in crime as we've labelled it in the form of a fake iTunes file called "itunes.exe" that puts itself right into the C:\windows\system32 directory. Another piece of spyware/adware that seems to come with this is "salm.exe". All of these appear in HKLM\Software\Microsoft\Windows\CurrentVersion\Run and the iTunes and Media Pass have also appeared in the HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices. The ONLY thing we have found effective is to do one of two things...on XP use System Restore and go back a couple of weeks if possible (far back as reasonable for you) or the other method we have used to rid ourselves of this stuff is to reboot into SAFE MODE (without networking). Once in SAFE MODE go to Add/Remove Programs. If you have the REAL iTunes software, then you do NOT need to uninstall it. The bogus itunes is just one file with a few registry entries sprinkled in the reg, NOT the real deal not even a b---tardized version of it so don't worry. In Add/Remove Programs...uninstall Media Pass and also look for anything else that looks "off" and remove anything that you know isn't supposed to be there...especially if you KNOW or think you KNOW that you did NOT install it. (We have found out that MediaPass.exe is a malware/adware/spyware conduit through which bad software can be pulled down and installed to a computer system (XP/2003 mainly) totally WITHOUT user intervention!!). After Add/Remove cleanup, check the registry, specifically the keys mentioned above. Looks for ANY mention of itunes.exe, salm.exe, Media Pass, MediaPass.exe, MediaPassK.exe, Ctxlsp (or something like that), and anything else that looks amiss...and KILL IT. BUT BEWARE...if you are NOT comfortable mucking around in the Windows registry - stay out or seek help in doing so! One false key press or delete...and blam! Windows is dead, maybe for good. With the registry hacks out of the way, move on to your hard drive...look for itunes.exe sitting in your \system32 directory - kill it. Also, look for C:\Program Files\Media Pass - kill the contents of the folder, then kill the entire Media Pass folder. Look for ANYTHING else in C:\Program Files that looks "off" and eliminate it...even if you already did Add/Remove and the reg hacks. Now after having done that, you should get a copy of both AdAware 1.05SE and Microsoft AntiSpyware beta. IN SAFE MODE...Install AdAware, run a FULL SCAN, doing a reboot scan if you are asked, again reboot into SAFE MODE ONLY! After that, yes, reboot into SAFE MODE again. This time install MSFT Antispyware beta, run it, let it clean what it finds, configure it to do automatic updates. The last part is VERY important...you need to update your Windows XP/2003 machine with ALL available critical updates AND you need to turn on your firewall! If you have a 3rd party firewall, good for you. TURN IT ON! It will save you from this thing attacking you again through port 6101 or 445 (if you are in an AD environment). As I said above, this thing comes in attacking from dynamic ports to specific dest ports TCP 445 and 6101...if you have a complex sw or hw firewall, I suggest writing a rull to KILL 445 and 6101 from doing business externally from your computer...besides why would you need your computer to share port 445 (AD Directory Services) and port 6101 (known for Veritas BE use) to share traffic with the Internet world???
Hope this helps! And I hope SOMEBODY out there at one of the antivirus companies finds out just WHAT THE #@%#$%#%#$%$#%$# this thing is and comes up with a better, faster, cleaner way to kill this thing off!! In the meantime, shields up, red alert! And I'm not kidding unless you want to get reinfected by this crap! And for God's sake, stay aware from anything Esquire magazine offers in the way of a download *if* it is really true that they are offering Media Pass bundled with any downloads they offer!

Ryan Webb

Report •

March 11, 2005 at 06:11:43

I to got mediapass.exe or mediapassK.exe, I also had bullseye network. I did not have any of these problems until I upgraded to Windows Media Player 10! I noticed someone else had the same experience.

Did anybody else notice this? Upgrade to Media Player 10 and get this junk to???

Report •

March 11, 2005 at 09:36:09

We actually have a mixture of XP clients with Media Player 9 and 10, both having problems with itunes.exe and Media Pass.exe. There are a WIDE variety of pieces of malware that possibly accompany these two programs. For now though, we know at my workplace that itunes.exe and MediaPass.exe will prevent your system from working properly as I described above and as of this morning we are also finding out that it interferes with installation of Windows XP SP2 and firewall enabling (which you MUST do to prevent spread of this...especially if you are on an Active Directory WAN/LAN because this thing abuses port 445 AD DS).
I'll let everyone know if I see any Media Player relationship though going forward...


Report •

March 12, 2005 at 10:50:30

I got infected with this media pass bug while downloading a film from P2P Shareaza. My upload became five times that of download and the slowing was remarkable. But, thanks to Jerry Waugh's easy-to-follow instructions i got rid of it (hopefully for good). Thanks

Report •

March 18, 2005 at 15:09:10

I'm in the process of removing this little sod from my computer.
It only seems to have appeared on my system since i recently downloaded Windows updates, it's the same on my Mum's computer.

Report •

March 19, 2005 at 16:57:54

Chris - I used to know DOS but in the ten years since left windows 3.1 I've forgotten most of it. However it is quite easy to find on google basic commands, and this is how I removed mediapass:

'cd..' takes you up a level. If you don't start in the root of C, use this until you get there.

'dir' will tell you everything in your current directory.

'cd program files', where cd stands for 'change directory' will take you into Program Files, likewise for 'cd media pass'.

'rename mediapass.exe mediapass.txt' will do exactly what it looks like. Do the same for any other exe files in the folder, then use windows explorer to delete all the files, because it's easier than using command prompt.

Hope that helps.

Report •

Ask Question