RPCNET.EXE EXPLAINED and WORK AROUND

tag

Joined
Jan 8, 2007
Messages
7
Reaction score
0
After Trying many fixes to get rid of rpcnet.exe, I used every scanner, maleware remover, spyware remover I could think of, and a lot of help from my AV forum (BitDefender). I ran a HJT log to see if it was in there, as it was, I also looked over about 26 different HJT logs with the same problem. And I didn't find one that was able to eliminate RPCNET.EXE. So I went back to where I started Absolute Software Corp. (Computrace). Now Realizing it was not maleware or a virus, I had to confirm it was Absolute Software (Lojack tracking Software mostly used in Laptops, in case they are stolen). When you go to "services" via Control Panel> Administrative Tools> and open the services icon, Their are two valid services for Remote Procedure Call. They are Remote Procedure Call (RPC) - Status = Started, Startup type = Automatic and Remote Procedure Call (RPC) Locator - Status = Stopped, Startup type = Manual, You do not want to Remove or Disable these. If you have a third one right click go to Properties and open, if the Path is C:\WINDOWS\system32\rpcnet.exe, you probably have Absolute Software. To confirm go to Start> Run and type msconfig, and OK, in the System Configuration Utility open the Services Tab and put a check in the "Hide All Microsoft Services" scroll down to see if it shows Absolute Software Corp.

Work Around: If you have found that Absolute Software is on your PC, as far as I can tell there is no way to delete it or disable it, as I believe it is on the MBR (Master Boot Record). You are probably fine as far as RPCNET.EXE is concerned, although it may show up in your scans. The only way to keep the Anti-Virus/Firewall from having the pop-up is by configuring your AV and Firewall by using a exception or exclusion for the Path. Here are all the Paths for Absolute> (C:\WINDOWS\system32\rpcnet.exe) (C:\WINDOWS\system32\rpcnet.dll) (C:\WINDOWS\system32\rpcnetp.exe) (C:\WINDOWS\system32\rpcnetp.dll). By creating a exception or exclusion, in the AV and FW it will by pass what it thinks is a virus.

After talking to Absolute support, they only have 3 Anti-virus/Firewall companies that they are working with, that acknowledged RPCNET.EXE as safe. Which is amazing after being in business for so many years. Of all the HJT logs I looked at, Gateway seemed to have the most problems with RPCNET.EXE, which happens to be my PC manufacture ~ which is also a Desktop. Help your Anti-virus/Firewall Co. by letting them know about Absolute Software Corp.

Chris
 
To remove "rpcnet", in regedit, find all instances of "rpcnet" (not the LEGITIMATE "rpcss") & delete all those keys. If a key cannot be deleted, right-click & select the "permission" of "everyone" to "full control" & try again. REBOOT.

After the reboot, all "rpcnet*" files in the \windows\system32 folder can finally be either renamed or removed.

To make sure, use "TCPView" (www.sysinternals.com) to see if an instance of "IExplorer" is connecting to "search.namequery.com" after the computer is turned on & connected to internet. If not, congrats !
 
Last edited:
Re: RPCNET.EXE EXPLAINED and WORK AROUND

If its Absolute Software you put on your self, then of course you can Remove it from your PC in Add & Remove. But if most cases it was put on by the PC manufacturer, and I have not been able to delete it. Even using your method which I did before my Post " RPCNET.EXE EXPLAINED and WORK AROUND" I even went in to Enum/Root/LEGACY and Deleted all RPCNET and RPCNETP which is part of Absolute Software. My concluson is after deleting every rpcnet and rpcnetp with Disabling System Restore is that it will come back after reboot. If you have it on a Gateway PC, because there is a CHIP put on the MOTHERBOARD by Gateway> http://www.gateway.com/programs/gwshield/features.shtml. You may have better luck with a HP or Dell, but the majority of problems I came across were on Gateway PCs.
Good Luck everyone
Thanks for all replies, it takes many people to solve a problem.
 
Back
Top