Hi, I've recently been getting Zone Alarm Pro prompts to allow rpcapd.exe to act as a server. Possibly I've only just noticed this because I've recently reconfigured ZA after becoming somewhat more security conscious.
From the ubiquitous Google searches I've done, it appears that c:\program files\WinPcap does have legitimate uses, from what I can see - for monitoring remote network traffic?
However, I've no idea why I would need this on a single use home PC or where this application came from. It doesn't appear in add/remove programs by the way.
Is it safe to fix/remove this in HJT and to remove the directory folder? I'm guessing it is, as I've already got Zone Alarm to deny it access to everything and have killed it in process manager. Could you confirm?
I've recently done a full virus/malware sweep (incorporating the 8 steps from these forums):
MS update, purged sys restore, msconfig@normal, Java updated, purged quarantines/recycler, hidden files/OS files visible etc. All security software updated, restarted, Ccleaner'ed.
Scanned in normal mode and again in safe mode (physically unhooked from internet) where possible with: AVG antivirus, Spybot, Superantispyware, Malwarebytes, also for the hell of it with Zone Alarm antispyware and Windows Defender.
Then repeated Ccleaner and did a HJT log.
Everything came up clean apart from what I'm assuming (hoping!) was a false positive - Zone Alarm antispyware detected an old version of HJT as Win32.Trojan.Startpage.DAP. I deleted the .exe just to be on the safe side and downloaded Trend Micro's version.
I'm using a netgear router modem with Zone Alarm Pro, Windows XP Pro SP3.
Logs attached, in which I can already see in the HJT log there's lots of stuff that might be eligible for deletion. I'd appreciate any advice on that too, though I'm more concerned with WinPcap opening ports.
Might someone be able to offer some advice?
Thanks in advance.
From the ubiquitous Google searches I've done, it appears that c:\program files\WinPcap does have legitimate uses, from what I can see - for monitoring remote network traffic?
However, I've no idea why I would need this on a single use home PC or where this application came from. It doesn't appear in add/remove programs by the way.
Is it safe to fix/remove this in HJT and to remove the directory folder? I'm guessing it is, as I've already got Zone Alarm to deny it access to everything and have killed it in process manager. Could you confirm?
I've recently done a full virus/malware sweep (incorporating the 8 steps from these forums):
MS update, purged sys restore, msconfig@normal, Java updated, purged quarantines/recycler, hidden files/OS files visible etc. All security software updated, restarted, Ccleaner'ed.
Scanned in normal mode and again in safe mode (physically unhooked from internet) where possible with: AVG antivirus, Spybot, Superantispyware, Malwarebytes, also for the hell of it with Zone Alarm antispyware and Windows Defender.
Then repeated Ccleaner and did a HJT log.
Everything came up clean apart from what I'm assuming (hoping!) was a false positive - Zone Alarm antispyware detected an old version of HJT as Win32.Trojan.Startpage.DAP. I deleted the .exe just to be on the safe side and downloaded Trend Micro's version.
I'm using a netgear router modem with Zone Alarm Pro, Windows XP Pro SP3.
Logs attached, in which I can already see in the HJT log there's lots of stuff that might be eligible for deletion. I'd appreciate any advice on that too, though I'm more concerned with WinPcap opening ports.
Might someone be able to offer some advice?
Thanks in advance.
