Go Back   The Scream! > COMPUTER RELATED > Spyware Removal

Reply
 
Thread Tools Display Modes
  #1  
Old 02-February-2007, 19:00
tag1995
Guest
 
Posts: n/a
Default RPCNET.EXE EXPLAINED and WORK AROUND

After Trying many fixes to get rid of rpcnet.exe, I used every scanner, maleware remover, spyware remover I could think of, and a lot of help from my AV forum (BitDefender). I ran a HJT log to see if it was in there, as it was, I also looked over about 24 different HJT logs with the same problem. And I didn't find one that was able to eliminate RPCNET.EXE. So I went back to where I started Absolute Software Corp. So now Realizing it was not maleware or a virus, I had to confirm it was Absolute Software (Lojack tracking Software mostly used in Laptops in case they are stolen). When you go to "services" via Control Panel> Administrative Tools> and open the services icon, Their are two valid services for Remote Procedure Call. They are Remote Procedure Call (RPC) - Status = Started, Startup type = Automatic and Remote Procedure Call (RPC) Locator - Status = Stopped, Startup type = Manual, You do not want to Remove or Disable these. If you have a third one right click go to Properties and open, if the Path is C:\WINDOWS\system32\rpcnet.exe, you probably have Absolute Software. To confirm go to Start> Run and type msconfig, and OK, in the System Configuration Utility open the Services Tab and put a check in the "Hide All Microsoft Services" scroll down to see if it shows Absolute Software Corp. I will put a attachment of how this will look. Attachment 13168

Work Around: If you have found that Absolute Software is on your PC, as far as I can tell there is no way to delete it or disable it, as I believe it is on the MBR (Master Boot Record). You are probably fine as far as RPCNET.EXE is concerned, although it may show up in your scans. The only way to keep the Anti-Virus/Firewall from having the pop-up is by configuring your AV and Firewall by using a exception or exclusion for the Path. Here are all the Paths for Absolute> (C:\WINDOWS\system32\rpcnet.exe) (C:\WINDOWS\system32\rpcnet.dll) (C:\WINDOWS\system32\rpcnetp.exe) (C:\WINDOWS\system32\rpcnetp.dll). By creating a exception or exclusion, in the AV and FW it will by pass what it thinks is a virus.

After talking to Absolute support, they only have 3 Anti-virus/Firewall companies that they are working with, that acknowledged RPCNET.EXE as safe. Which is amazing after being in business for so many years. Of all the HJT logs I looked at, Gateway seemed to have the most problems with RPCNET.EXE, which happens to be my PC manufacture ~ which is also a Desktop. Help your Anti-virus/Firewall Co. by letting them know about Absolute Software Corp.

Chris
Reply With Quote
  #2  
Old 03-February-2007, 00:33
Memfis Memfis is offline
Former TS! Team
 
Join Date: Feb 2002
Location: ex TS! Team Mansion squatter
Posts: 3,894
Default Re: RPCNET.EXE EXPLAINED and WORK AROUND

attachment's not there.
Reply With Quote
  #3  
Old 06-February-2007, 15:38
Olozzj
Guest
 
Posts: n/a
Default Re: RPCNET.EXE EXPLAINED and WORK AROUND

By the way, i've purposely downloaded this and installed into my PC (call me dumb or whatever), but everything (or almost) i've got spyware wise, i've always been able to get rid of it. I don't think this will be an exeption, either. I'm working on it now, so watch this space...
Reply With Quote
  #4  
Old 06-February-2007, 16:01
Olozzj
Guest
 
Posts: n/a
Default Re: RPCNET.EXE EXPLAINED and WORK AROUND

Cracked it!

Basically, all of the files mentioned earlier (C:\WINDOWS\system32\rpcnet.exe)
(C:\WINDOWS\system32\rpcnet.dll)
(C:\WINDOWS\system32\rpcnetp.exe)
(C:\WINDOWS\system32\rpcnetp.dll)

you need to use the tool in HJT! named 'Delete A File On Reboot' (located in the Misc tools section to select all of the above files, then BEFORE you restart, turn off System Restore, as that's where they also hide. If you're worried about turning off system restore incase of any system failure in the future, don't worry it doesn't work anyway!

Let me know how you get on.
Reply With Quote
  #5  
Old 13-February-2007, 10:50
darnit
Guest
 
Posts: n/a
Post Re: RPCNET.EXE EXPLAINED and WORK AROUND

To remove "rpcnet" (Absolute Software), in regedit, find all instances of "rpcnet" (not the LEGITIMATE "rpcss") & delete all those keys. If a key cannot be deleted, right-click & select the "permission" of "everyone" to "full control" & try again. REBOOT.

After the reboot, all "rpcnet*" files in the \windows\system32 folder can finally be either renamed or removed.

To make sure, use "TCPView" (www.sysinternals.com) to observe if an instance of "IExplorer" is connecting to "search.namequery.com" after the computer is turned on & connected to internet. If not, congrats !
Reply With Quote
  #6  
Old 13-February-2007, 22:59
tag1995
Guest
 
Posts: n/a
Lightbulb Re: RPCNET.EXE EXPLAINED and WORK AROUND

If its Absolute Software you put on your self, then of course you can Remove it from your PC in Add & Remove. But if most cases it was put on by the PC manufacturer, and I have not been able to delete it. Even using your method which I did before my Post " RPCNET.EXE EXPLAINED and WORK AROUND" I even went in to Enum/Root/LEGACY and Deleted all RPCNET and RPCNETP which is part of Absolute Software. My concluson is after deleting every rpcnet and rpcnetp with Disabling System Restore is that it will come back after reboot. If you have it on a Gateway PC, because there is a CHIP put on the MOTHERBOARD by Gateway> http://www.gateway.com/programs/gwshield/features.shtml. You may have better luck with a HP or Dell, but the majority of problems I came across were on Gateway PCs.
Good Luck everyone
Thanks for all replies, it takes many people to solve a problem.
Reply With Quote
  #7  
Old 18-December-2007, 12:27
frustrateduser
Guest
 
Posts: n/a
Default Re: RPCNET.EXE EXPLAINED and WORK AROUND

I got it after downloading some firmware from Dell and a BIOS upgrade. My advice is: don't touch ANYTHING from the Dell site, it will totally mess up your computer and that includes downloading drivers. Vista has all it takes to run on a Dell. OK, look what I found http://www.freakyacres.com/remove_computrace_lojack . I am not that computer savy to apply that solution but at least I understand what to look for. And by the way, when I bought my laptop I had the option of using that service or not, the choice being final. I chose NO. Now they are pushing it down my throat against my will and WITHOUT MY KNOWLEDGE, meaning one is not aware what is being installed on his computer and is not given any option. That's totally unethical from Dell.
Reply With Quote
  #8  
Old 18-December-2007, 19:41
tag1995
Guest
 
Posts: n/a
Default Re: RPCNET.EXE EXPLAINED and WORK AROUND

I don't know if this will help you. After working with Gateway and Absolute Software (Computrace) for 6 months and realizing I had a chip on my motherboard that logged in to computrace every time I logged on to my PC. Because of the way the chip was configured, flashing (changing) the Bios would not work. Although on one of my phone call to COMPUTRACE I explained my problem and they were able to delete all the pathways but one. So basically they can get rid of RPCNET or Delete there software on your PC from there end, if there is no TPM chip on your motherboard. And I don't think Dell is putting a chip that communicates with computrace, it is all in there software. CALL ABSOLUTE SOFTWARE and ask for Tech and explain your problem, they can fix it if they are convinced it was put on by mistake.
Good Luck ~ Chris
Reply With Quote
  #9  
Old 07-August-2009, 12:19
Just a thought
Guest
 
Posts: n/a
Default Re: RPCNET.EXE EXPLAINED and WORK AROUND

When installing a new system, my firewall notified me of rpcnet.exe. This was right after installing my avp software. So i redid the installation and when installing the avp, a program upgrd.exe was started from the installation folder. Just after also one from system32 (by Absolute Software Corp.). I did not trust this and blocked its requests. No rpcnet.exe found afterwards. There are rpcnetp.exe and rpcnetp.dll, but no requests seem to be made...
Reply With Quote
Reply

Tags
computer, failure, files, firmware, internet, laptop, make, phone, remover, software, tools, virus, windows

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are Off
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Amusing true stories from Screamers at work Worldlife General Chatty Stuff 0 25-July-2003 08:42
I can't get offline web pages to work properly squidgy General Internet Questions 2 28-December-2001 12:54


All times are GMT +1. The time now is 11:31.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2018, vBulletin Solutions, Inc.
Copyright 1999-2014 The Scream!