Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Help Me W32/Mytob-EW worm. This infection, connects to an IRC

  • This topic is locked This topic is locked
2 replies to this topic

#1 Momadice


  • Members
  • 156 posts
  • Gender:Not Telling
  • Location:Ontario, Canada
  • Local time:03:05 PM

Posted 26 April 2015 - 12:38 AM

According to Bleeping I have a worm.  Below is Bleepings epitaph. . .




Home > Startup Programs Database > remote.exe Information

   This is an undesirable program.

 This file has been identified as a program that is undesirable to have running on your computer. This consists of programs that are misleading, harmful, or undesirable.

If the description states that it is a piece of malware, you should immediately run an antivirus and antispyware program. If that does not help, feel free to ask us for assistance in the forums. 

Name: Remote Procedure Call (RPC) Remote
Filename: remote.exe
Command: %System%\remote.exe

Added by the W32/Mytob-EW worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.

File Location: %System%
Startup Type: This startup entry is installed as a Windows service.
Service Name: RpcRemotes
Service Display Name: Remote Procedure Call (RPC) Remote
HijackThis Category: O23 Entry 
Note: %System% is a variable that refers to the Windows System folder. By default this is C:\Windows\System for Windows 95/98/ME, C:\Winnt\System32 for Windows NT/2000, or C:\Windows\System32 for Windows XP/Vista/7.
Removal Instructions:  How to remove a Trojan, Virus, Worm, or other Malware 

BC AdBot (Login to Remove)


#2 buddy215


  • Moderator
  • 13,305 posts
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:05 PM

Posted 26 April 2015 - 06:32 AM

remote.exe is likely a legit file. If you suspect otherwise or want conformation of that, submit the file for scanning by numerous security programs.

Submit to VirusTotal - Free Online Virus and Malware Scan


One example of the legit file remote.exe usage: The Remote.exe Utility (Windows Debuggers)

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 51,743 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:05 PM

Posted 26 April 2015 - 06:40 AM

You already have an open topic here and are receiving assistance. Please do not start new threads or duplicate topics as this causes confusion and makes it more difficult to get the help you need to resolve your issues when asking for and receiving assistance elsewhere. Further, it necessitates staff spending time with housecleaning to remove or close those duplicate postings...time which could have been provided to others needing assistance.

To avoid confusion this thread is closed. If you have any questions, please PM me or another Moderator.

The BC Staff
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users