Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rpcc.exe - Bad File?


  • Please log in to reply
3 replies to this topic

#1 ktwsolo

ktwsolo

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:48 PM

Posted 17 July 2006 - 10:10 AM

Hi,

I've been getting the blue screen when trying to install the Windows automatic update on the malicious software removal tool, which first made me suspicious when the other automatic updates installed fine. Running Sophos, Ad-Aware, and the Windows Malicious Software Removal Tool (after downloading it directly from Microsoft) don't pick up any virus. Using my newly-downloaded Security Task Manager, a process named rpcc.exe comes up with 100% security warning. Doing a quick search for it online, it sounds like it's a trojan but there also appear to be sites that mention it as a legitimate process. I'm especially wary of deleting it if none of the scans picked it up. Any suggestions? I'm running XP Home Edition, Sophos 5.2.3.

Thanks

BC AdBot (Login to Remove)

 


#2 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:07:48 PM

Posted 17 July 2006 - 10:20 AM

According to the Bleeping Computer Start-Up Database, this is an undesirable file to have. More information concerning this file can be found here.
There is also a guide to follow in order to try to get rid of this nasty trojan, please follow this. However, if this is not successful, please do the following for me..

Please download Ewido anti-spyware 4; it is a 30 day trial version of the program.
  • Install ewido security suite
  • Ewido will automatically run at the end.
  • The program will now open to the main screen.
  • When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  • You will need to update ewido to the latest definition files.
    • On the top row of the main screen click update.
    • Then click on "Start Update".
  • The update will start and a progress bar will show the updates being installed.
    (the status bar at the top will display ("Update successful")
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates
Don't run it yet.

Reboot into SAFE MODE
By pressing the F8 key right when Windows starts, usually right after you hear your computer
beep when you reboot it (some versions of windows will display 'Starting Windows' with a grey progress bar)
you will be brought to a menu where you can choose to boot into safe mode.

Open Ewido anti-malware
Click on the scanner button in the top row.
  • Click Complete System Scan and the scan will begin.
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen.
  • Save the report to your desktop.
  • Close Ewido
Please reboot back to normal mode and the ewido log you previously save to your desktop.
Once you have done this, follow the Preparation Guide Before Posting A HijackThis Log, before posting your log, along with the Ewido log in new topic in our HijackThis Logs and Analysis Forum.

Thanks, and I hope this helps you to get rid of this trojan,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#3 ktwsolo

ktwsolo
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:48 PM

Posted 17 July 2006 - 11:02 AM

thank you, will do

#4 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:07:48 PM

Posted 17 July 2006 - 11:03 AM

Sure thing, let us know how you get on.. :thumbsup:

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users