| T O P I C R E V I E W |
| dan p. |
Posted - 03/20/2005 : 10:37:13 PM
i have this goddamned thing on my computer "rpcss_pl.exe" i can't fucking get rid of it and it's making my computer do things that i don't really care for. can anyone help me? |
| 17 L A T E S T R E P L I E S (Newest First) |
| dan p. |
Posted - 03/22/2005 : 10:34:16 AM
yeah, i could. but i would lose around 1,200 mp3s, my music notation software and all my scores i made with it, and all these programs i downloaded. |
| tericee |
Posted - 03/22/2005 : 03:35:43 AM
If all else fails, you can re-format your hard drive... |
| dan p. |
Posted - 03/21/2005 : 10:27:21 PM
eh, that's alright. i'll get around to it. |
| zakkwyle234 |
Posted - 03/21/2005 : 10:15:05 PM
right on. yeah, it's more of a pest than anything. obviously a persistent one.....sorry my stuff didn't work. |
| dan p. |
Posted - 03/21/2005 : 10:13:12 PM
i've been to that link. no help there. i think i'll wait til i can get on that site. it doesn't seem to be urgent. i don't use internet explorer, which seems to be what it effects, and i got rid of the other files. |
| zakkwyle234 |
Posted - 03/21/2005 : 9:53:50 PM
okay....the bottom 1/2 doesn't matter, those are the things that depend on rpc. it looked like it was some that rpc was depending on was messin it up. someone gave me this link and said it has helped them with this problem. i, however can't see it because surf control is a cunt, so i have no idea what's on this page. it's especially nice tryin to help customers and not being aloud. here it is.
www.bleepingcomputer.com/forums/index.php?showtopic=4210&st=0#entry75767
if this doesn't do it for you, i'll find you the number for our virus and malware specialist team, it's free for the 1st calls and they have many more recources on it since i don't deal with it much.
let me know if you want that number and i'll dig it out. |
| dan p. |
Posted - 03/21/2005 : 9:27:16 PM
there's a whole fucking list of shit on the bottom half. nothing on the top half. |
| zakkwyle234 |
Posted - 03/21/2005 : 9:23:31 PM
hmmm...check this.....click start, run, type "services.msc". click ok, in the box that comes up, there will be 2 remote procedure calls, one alone and one that says remote procedure call locator. right click on the one that stands alone (usually the one closest to the top) and hit properties. then click the dependencies tab.....anything in there, or does it say "no dependencies"? |
| dan p. |
Posted - 03/21/2005 : 9:17:12 PM
the july 3 resolution didn't work because the view source part didn't do anything.
the first one did't work because i can find the rpcss+ folder, but not anything named rpcss_pl.
i could find HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\RpcSs but i couldn't find the dependencies part.
i can't get on the site in the aug 23 solution.
|
| zakkwyle234 |
Posted - 03/21/2005 : 6:42:59 PM
hey dan, found some things at work. quite a bit of reading for you but it should help. these are actual call logs from ppl that called in with that filthy animal you have on your system. hope it helps.
TRY THIS ONE FIRST
I was able to remove rpcss_pl but it was very long and difficult!!!
I used wininternals utility to boot, i deleted the file rpcss_pl and all the references in the regedit.
When i reboot in normal mode it was like hell!! many system services cannot start because the trojan (yes it is a trojan called troj_small.aga) put itself in the dependencies of the services, anyway u have to start regedit and then search for RPCSS+ and delete all the entries, the same again for rpcss_pl. then reboot.... in addiction i had a problem after removing this trojan: i couldn't anymore navigate internet (something get wrong with dns, i was able to ping an ip address but i cannot resolve any name) and i was able to fix it with lsp fix http://www.cexx.org/lspfix.htm
-------------------------------------------
go into the registry and delete what ever is in this dependency key. "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\RpcSs\Dependencies"
How to remove the about:blank browser hijacker (SOX040703700010)
TITLE: How to remove the about:blank browser hijacker
*** Problem Description ***
Customer had the about:blank browser hijacker infection.
Running Ad-aware, Spybot or any other spyware checker did not help
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
*** Resolution *** Jul 3 2004 9:34AM v_micle
RESOLUTION:
1. Click on View (Internet Explorer menu)
2. Click Source
3. Search for a string beginning with res://
4. Copy the whole string (Control+C)
5. Open Internet Explorer
6. Goto http://www.simplelogic.com/Developer/URLDecode.asp
7. Paste the link in the box provided
8. Click on "Clean Data"
9. Name of a DLL file appears along with the path to it (eg - \windows\system32)
10. Open Mycomputer
12. Change Folder option to Show Hidden Files
13. Goto the path to find the DLL file (eg - \windows\system32)
14. Close all open applications and browser windows
15. Rename this file.
16. Open Internet Explorer
17. Change home page to desired home page URL
18. Restart the computer
After restarting, check Internet Explorer. the problem should be resolved
Also sometimes, the about:blank returns after a while
Check the registry for this key:
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS
NT\CURRENTVERSION\WINDOWS\APPINIT_DLLS
This is what prompts to windows to load the trojan everytime any application is
run. the value of the key, is hidden
Try removing it. BE SURE TO BACK UP THE REGISTRY BEFORE DOING IT !!!!
Reboot the computer.
Go back into the registry and search for the key. If it comes back, try the
following:
Rename the entire HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS
NT\CURRENTVERSION\WINDOWS
to HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS2
Delete the APPINIT_DLLS key under the WINDOWS2 folder.
Rename HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOW2
to HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS
Reboot the computer
Check the registry again. The key should be gone for good.
BEST OF LUCK !!!
Anand Basu
v-2anbas
-------------------------------------------------------------
Create a system restore point and then
Make a notpad file on the desktop by any name say -> change
copy the following content to that
REGEDIT5
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Use_DlgBox_Colors"=-
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Use_DlgBox_Colors"="yes"
and then save it as change.reg
then doubleclick on it
so that it can make the registry entries
then restart and see if it effect the problem
-----------------------------------------------------------
*** Problem Description ***
The internet explorer is hijacked by "about:blank"
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
*** Resolution *** Aug 23 2004 12:08PM v_2dpodd
THE UNINSTALL.EXE can be downloaded from http://tinyurl.com/6mdng and save it on
the desktop .
Just the run the program..it sets the homepage as about:blank ..but that is good
..we can now set our homepage .
Restart the computer in the normal mode
open the Internet explorer
We have the homepage we set before we restarted the computer .
It is fixed now!!
--------------------------------------------------------------
*** Problem Description ***
Home page was being forced to about:blank, actively, after changeing the address in
internet options, reopening internet options would display about:blank again.
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
*** Resolution *** Jun 28 2004 5:24PM v_2anaht
Program called "SpyBlocs v2.0" was installed on system, this program was
recommended by an adware popup, when downloaded, the first program required that a
second program, "SpyBlocs", be downloaded and installed to find and remove spyware
or adware from the system.
After install of "SpyBlocs" the home page was actively force to about:blank
Removed program "SpyBlocs" resolved issue
|
| dan p. |
Posted - 03/21/2005 : 11:17:58 AM
one of the two .exe files that seem to come with it were there. i got those out, but i didn't feel like restarting, so that'll just happen when i turn the computer off and on again.
i think this thing only effects internet explorer. starts me on about:blank, but it takes me to a site i assume i don't want to be on. i don't use iexplore though, because now i have foxfire. my brother used that apparently instead of mozilla like i told him to. i'd still prefer not having it on here, though. |
| dan p. |
Posted - 03/21/2005 : 11:03:06 AM
it tells me it can't find the specified file, and that 0 files were copied. i think the program is dependent on another one. i can't delete it or stop it because something else is using it. |
| Jiyra |
Posted - 03/21/2005 : 10:51:45 AM
microsoft's new antispyware beta is frigging amazing, probably oen of their best programs to date, and it'll get rid of everything, it's pure genius and I highly recommend it to everyone who runs a PC! |
| Hopeful Rolling Waves |
Posted - 03/21/2005 : 08:48:18 AM
I find SpyWare Doctor, a freeware prog from download.com is very effective at getting that shit off your PC.
Stay off the porn sites, Dan P.
You could also just run your "msconfig" file, see if it's booting @ Startup. |
| zakkwyle234 |
Posted - 03/20/2005 : 11:57:52 PM
boot into safe mode with command prompt (reboot and as soon as it turns on, keep tapping f8.
back up the rpc file by typing:
copy c:\windows\system32\rpcss_pl.exe c:\del then hit enter
then blow the bastard away:
del c:\windows\system32\rpcss_pl.exe
if that doesn't do it i'll be able to help you better tomorrow when i'm at work and have my tools... good luck |
| dan p. |
Posted - 03/20/2005 : 11:46:59 PM
i can't end the process through regedit. ad-aware and hijack this can't get rid of it. i can't get rid of it through the file manager, either. it refuses to be deleted. "access denied" |
| zakkwyle234 |
Posted - 03/20/2005 : 11:14:18 PM
Thats' malware man. easiest way to get rid of that is running ad-aware and/or spybot. if they don't take care of it, do this:
click start, run, type "regedit" without quotes, hit enter and when the reg editor comes up, click edit and then find. when the find box comes up type "rpcss_pl.exe" and hit find. it will land on that file or one of it's bretheren. delete it. hit f3 so that it searches again. and delete all that it lands on. back up the registry b4 you fuck with it though. file, export and save. hope this helps.
when you go through that, go into the system32 folder and make sure that it didn't leave the core file, it'll be a normal lookin folder. make sure that goes too. |
