After Trying many fixes to get rid of rpcnet.exe, I used every scanner, maleware remover, spyware remover I could think of, and a lot of help from my AV forum (BitDefender). I ran a HJT log to see if it was in there, as it was, I also looked over about 26 different HJT logs with the same problem. And I didn't find one that was able to eliminate RPCNET.EXE. So I went back to where I started Absolute Software Corp. (Computrace). Now Realizing it was not maleware or a virus, I had to confirm it was Absolute Software (Lojack tracking Software mostly used in Laptops, in case they are stolen). When you go to "services" via Control Panel> Administrative Tools> and open the services icon, Their are two valid services for Remote Procedure Call. They are Remote Procedure Call (RPC) - Status = Started, Startup type = Automatic and Remote Procedure Call (RPC) Locator - Status = Stopped, Startup type = Manual, You do not want to Remove or Disable these. If you have a third one right click go to Properties and open, if the Path is C:\WINDOWS\system32\rpcnet.exe, you probably have Absolute Software. To confirm go to Start> Run and type msconfig, and OK, in the System Configuration Utility open the Services Tab and put a check in the "Hide All Microsoft Services" scroll down to see if it shows Absolute Software Corp.
Work Around: If you have found that Absolute Software is on your PC, as far as I can tell there is no way to delete it or disable it, as I believe it is on the MBR (Master Boot Record). You are probably fine as far as RPCNET.EXE is concerned, although it may show up in your scans. The only way to keep the Anti-Virus/Firewall from having the pop-up is by configuring your AV and Firewall by using a exception or exclusion for the Path. Here are all the Paths for Absolute> (C:\WINDOWS\system32\rpcnet.exe) (C:\WINDOWS\system32\rpcnet.dll) (C:\WINDOWS\system32\rpcnetp.exe) (C:\WINDOWS\system32\rpcnetp.dll). By creating a exception or exclusion, in the AV and FW it will by pass what it thinks is a virus.
After talking to Absolute support, they only have 3 Anti-virus/Firewall companies that they are working with, that acknowledged RPCNET.EXE as safe. Which is amazing after being in business for so many years. Of all the HJT logs I looked at, Gateway seemed to have the most problems with RPCNET.EXE, which happens to be my PC manufacture ~ which is also a Desktop. Help your Anti-virus/Firewall Co. by letting them know about Absolute Software Corp.
Chris
Work Around: If you have found that Absolute Software is on your PC, as far as I can tell there is no way to delete it or disable it, as I believe it is on the MBR (Master Boot Record). You are probably fine as far as RPCNET.EXE is concerned, although it may show up in your scans. The only way to keep the Anti-Virus/Firewall from having the pop-up is by configuring your AV and Firewall by using a exception or exclusion for the Path. Here are all the Paths for Absolute> (C:\WINDOWS\system32\rpcnet.exe) (C:\WINDOWS\system32\rpcnet.dll) (C:\WINDOWS\system32\rpcnetp.exe) (C:\WINDOWS\system32\rpcnetp.dll). By creating a exception or exclusion, in the AV and FW it will by pass what it thinks is a virus.
After talking to Absolute support, they only have 3 Anti-virus/Firewall companies that they are working with, that acknowledged RPCNET.EXE as safe. Which is amazing after being in business for so many years. Of all the HJT logs I looked at, Gateway seemed to have the most problems with RPCNET.EXE, which happens to be my PC manufacture ~ which is also a Desktop. Help your Anti-virus/Firewall Co. by letting them know about Absolute Software Corp.
Chris