Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Malware Identification

  • Please log in to reply
2 replies to this topic

#1 Phil G

Phil G

  • Members
  • 1 posts
  • Local time:07:36 AM

Posted 24 January 2007 - 07:27 AM

How do we discriminate between malware and genuine items e.g. RpcSs and Trkwks etc. grateful for your guidance. Having used your very helpful list,information and instructions on various tutorials within BC now having difficulty in identifying the rogue items for deletion. Are there any further instructions on the website to help also with registry amendments. Noticed RpcSs is related to numerous other tasks so assume their must be a genuine version and a rogue version but which is which?

BC AdBot (Login to Remove)


#2 Budapest


    Bleepin' Cynic

  • Moderator
  • 23,579 posts
  • Gender:Male
  • Local time:05:36 PM

Posted 24 January 2007 - 07:34 AM

Did you check out Bleeping Computer's File Database?

A clue to find out if a file is bad or not is to look closely at the directory where it lives on your HDD. Malware writers often give files the same name as common Windows files to try and fool people, but it will be located in a different directory than the legitimate file.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 51,769 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:36 AM

Posted 24 January 2007 - 09:13 AM

Anytime you come across a suspicious file for which you cannot find any information about, you can submit it to jotti's virusscan or virustotal.com. In the "File to upload & scan" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis.

You can also download and use Autoruns or Process Explorer to investigate all running processes and gather additional information to identify and resolve problems. This tool will show the process CPU usage, a description and its path.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users