Rpcnet.exe explained and work around

Status
Not open for further replies.
After Trying many fixes to get rid of rpcnet.exe, I used every scanner, maleware remover, spyware remover I could think of, and a lot of help from my AV forum (BitDefender). I ran a HJT log to see if it was in there, as it was, I also looked over about 18 different HJT logs with the same problem. And I didn't find one that was able to eliminate RPCNET.EXE. So I went back to where I started Absolute Software Corp. So now Realizing it was not maleware or a virus, I had to confirm it was Absolute Software (Lojack tracking Software mostly used in Laptops in case they are stolen). When you go to "services" via Control Panel> Administrative Tools> and open the services icon, Their are two valid services for Remote Procedure Call. They are Remote Procedure Call (RPC) - Status = Started, Startup type = Automatic and Remote Procedure Call (RPC) Locator - Status = Stopped, Startup type = Manual, You do not want to Remove or Disable these. If you have a third one right click go to Properties and open, if the Path is C:\WINDOWS\system32\rpcnet.exe, you probably have Absolute Software. To confirm go to Start> Run and type msconfig, and OK, in the System Configuration Utility open the Services Tab and put a check in the "Hide All Microsoft Services" scroll down to see if it shows Absolute Software Corp. I will put a attachment of how this will look. View attachment Absolute Software Corp. Photo.doc

Work Around: After you have found that Absolute Software is on your PC, as far as I can tell there is no way to delete it or disable it, as I believe it is on the MBR (Master Boot Record). You are probably fine as far as RPCNET.EXE is concerned, although it may show up in your scans. The only way to keep the Anti-Virus/Firewall from having the pop-up is by configuring your AV and Firewall by using a exception or exclusion for the Path. Here are all the Paths for Absolute> (C:\WINDOWS\system32\rpcnet.exe) (C:\WINDOWS\system32\rpcnet.dll) (C:\WINDOWS\system32\rpcnetp.exe) (C:\WINDOWS\system32\rpcnetp.dll). By creating a exception or exclusion, in the AV and FW it will by pass what it thinks is a virus.

After talking to Absolute support, they only have 3 Anti-virus/Firewall companies that they are working with, that acknowledged RPCNET.EXE as safe. Which is amazing after being in business for so many years. Of all the HJT logs I looked at, Gateway seemed to have the most problems with RPCNET.EXE, which happens to be my PC manufacture ~ which is also a Desktop. Help your Anti-virus/Firewall Co. by letting them know about Absolute Software Corp.

Chris
 
As far as I can tell, rpcnet.exe is safe and does what it says on the tin. See HERE. Of course, it doesn`t hurt to check if the rpcnet.exe is actually the genuine article, as we all know that malware can be named as anything.

Regards Howard :)

BTW Tag1995. Hello and welcome to Techspot :wave: :wave:
 
To remove "rpcnet" (Absolute Software), in regedit, find all instances of "rpcnet" (not the LEGITIMATE "rpcss") & delete all those keys. If a key cannot be deleted, right-click & select the "permission" of "everyone" to "full control" & try again. REBOOT.

After the reboot, all "rpcnet*" files in the \windows\system32 folder can finally be either renamed or removed.

To make sure, use "TCPView" (www.sysinternals.com) to observe if an instance of "IExplorer" is connecting to "search.namequery.com" after the computer is turned on & connected to internet. If not, congrats !
 
RPCNET.EXE EXPLAINED and WORK AROUND

If its Absolute Software you put on your self, then of course you can Remove it from your PC in Add & Remove. But if most cases it was put on by the PC manufacturer, and I have not been able to delete it. Even using your method which I did before my Post " RPCNET.EXE EXPLAINED and WORK AROUND" I even went in to Enum/Root/LEGACY and Deleted all RPCNET and RPCNETP which is part of Absolute Software. My concluson is after deleting every rpcnet and rpcnetp with Disabling System Restore is that it will come back after reboot. If you have it on a Gateway PC, because there is a CHIP put on the MOTHERBOARD by Gateway> http://www.gateway.com/programs/gwshield/features.shtml. You may have better luck with a HP or Dell, but the majority of problems I came across were on Gateway PCs.
Good Luck everyone
Thanks for all replies, it takes many people to solve a problem.
 
Re: RPCNET.EXE EXPLAINED and WORK AROUND

I don't know if this will help you. After working with Gateway and Absolute Software (Computrace) for 6 months and realizing I had a chip on my motherboard that logged in to computrace every time I logged on to my PC. Because of the way the chip was configured, flashing (changing) the Bios would not work. Although on one of my phone call to COMPUTRACE I explained my problem and they were able to delete all the pathways but one. So basically they can get rid of RPCNET or Delete there software on your PC from there end, if there is no TPM chip on your motherboard. And I don't think Dell is putting a chip that communicates with computrace, it is all in there software. CALL ABSOLUTE SOFTWARE and ask for Tech and explain your problem, they can fix it if they are convinced it was put on by mistake.
Good Luck ~ Chris
 
RPCNET EXPLAINED and WORK AROUND

I read the post you listed above from Freaky Acres, and you can Flash the Bios. Just make sure you do everything in the right order, as to not mess up your PC. Personally I would get any Bios updates or settings from Dell rather than from biosmods.com. But my first action is as I mentioned in the prior post, is to call ABSOLUTE SOFTWARE, they can take there files (RPCNET and RPCNETP) off you PC in a matter of minutes, all they need is you PC serial number, and they can see the last time you called in (every time you reboot) you call in to Computrace. It seems easier to me to work with them ~ also they know this happening, because of the poor quality care with the PC Manufactures.
Chris
 
Nah, it doesnt bother me that much to call them. Besides the "call-in" is blocked by my firewall anyway. The point is that it is MY computer and I should have full control of it. I shouldnt have to call a third party to adjust the settings on my own computer.

But it is good to know that Absolute is conscious of the problem and also willing to help remove it, that says something good about them.

My beef is mostly with Dell.
But this is what most people want nowadays I guess - they want somebody to do everything for them, they want pre-installed software, they want little pop-ups that remind them to do this or do that. Whatever.

When I buy a computer, I just want some good quality, clean hardware, and the latest drivers, then let me take care of what else I want to put on it.
 
Just like to add to this:
I recently downloaded and installed Comodo Firewall Pro.
It is a free personal firewall program and in my opinion is excellent.
As part of the firewall, they have something called Defense+ which protects
your computer against damaging files, all settings are very adjustable, and you can create a customized protection system for your computer.

So after I installed, I used Defense+ to quarantine the rpcnetp.exe and .dll in system32 and the process hasnt started up since.

Heres a link:
http://www.comodo.com/products/free_products.html
 
Here's something else that works

If you deny Read & Execute permissions to both rpcnetp.exe and rpcnetp.dll and remove all of the registry entries for rpcnetp.*, the service no longer runs and the values no longer return to the registry.
 
Status
Not open for further replies.
Back