One last, disturbing issue

sseeker · Apr 26, 2007

Ok, so i had a big problem and postet it in the Windows forum here, where route44 did a really great job and helped me. While i got everything up running i discovered just one problem.
There is one trojan, who got itself into the file

"C:\Windows\System32\RPCC.DLL".

Everytime i try to delete it (even in safe made) windows says, it can't delete it, because a process is using it. So how can i get rid of this little bastard? And could it be, that this is a file, used to run windows?

mfg
sseeker

kitty500cat · Apr 26, 2007

Download the Pocket Killbox program from here. Extract it but don't run it yet.

Boot into safe mode, under your normal user name (not the administrator account). See how HERE.

Run the killbox file. When it loads type the full path to the file you would like to delete in the field and check the delete file on reboot button. press the Delete File button (looks like a red circle with a white X). It will prompt you to reboot, select no until you have finished inputting the files you want to delete, only then allow it to reboot and hopefully your files will now be deleted.

This is the filepath you need to enter:

C:\WINDOWS\system32\rpcc.dll

Then go and read the Viruses/spyware/malware, preliminary removal instructions. Follow all the instructions exactly, then post fresh HJT, ComboFix, and AVG Antispyware logs as attachments into this thread. Also post here the results of the AVG Antirootkit scan.

Regards

TechSpot

One last, disturbing issue

kitty500cat TS Evangelist Posts: 2,154 +6

Similar Topics

Add New Comment