Tim Reynolds - Message Board
Tim Reynolds - Message Board
Home | Profile | Register | Active Topics | Members | Search | FAQ
Username:
Password:
Save Password
Forgot your Password?

 All Forums
 Tim Reynolds Message Board
 Friends Aboard the Space Pod
 brutalized
 New Topic  Reply to Topic
 Printer Friendly
Author Previous Topic Topic Next Topic  

dan p.
Alien Abductee

Uganda
3776 Posts

Posted - 03/20/2005 :  10:37:13 PM  Show Profile  Send dan p. an AOL message  Reply with Quote
i have this goddamned thing on my computer "rpcss_pl.exe" i can't fucking get rid of it and it's making my computer do things that i don't really care for. can anyone help me?

death to false metal.

zakkwyle234
Try A Little Harder

Canada
71 Posts

Posted - 03/20/2005 :  11:14:18 PM  Show Profile  Reply with Quote
Thats' malware man. easiest way to get rid of that is running ad-aware and/or spybot. if they don't take care of it, do this:

click start, run, type "regedit" without quotes, hit enter and when the reg editor comes up, click edit and then find. when the find box comes up type "rpcss_pl.exe" and hit find. it will land on that file or one of it's bretheren. delete it. hit f3 so that it searches again. and delete all that it lands on. back up the registry b4 you fuck with it though. file, export and save. hope this helps.

when you go through that, go into the system32 folder and make sure that it didn't leave the core file, it'll be a normal lookin folder. make sure that goes too.

"of all the things i've lost in life, i miss my mind the most"
Go to Top of Page

dan p.
Alien Abductee

Uganda
3776 Posts

Posted - 03/20/2005 :  11:46:59 PM  Show Profile  Send dan p. an AOL message  Reply with Quote
i can't end the process through regedit. ad-aware and hijack this can't get rid of it. i can't get rid of it through the file manager, either. it refuses to be deleted. "access denied"

death to false metal.
Go to Top of Page

zakkwyle234
Try A Little Harder

Canada
71 Posts

Posted - 03/20/2005 :  11:57:52 PM  Show Profile  Reply with Quote
boot into safe mode with command prompt (reboot and as soon as it turns on, keep tapping f8.

back up the rpc file by typing:

copy c:\windows\system32\rpcss_pl.exe c:\del then hit enter

then blow the bastard away:

del c:\windows\system32\rpcss_pl.exe

if that doesn't do it i'll be able to help you better tomorrow when i'm at work and have my tools... good luck

"of all the things i've lost in life, i miss my mind the most"
Go to Top of Page

Hopeful Rolling Waves
Alien Abductee

South Sandwich Islands
2154 Posts

Posted - 03/21/2005 :  08:48:18 AM  Show Profile  Send Hopeful Rolling Waves an AOL message  Reply with Quote
I find SpyWare Doctor, a freeware prog from download.com is very effective at getting that shit off your PC.

Stay off the porn sites, Dan P.

You could also just run your "msconfig" file, see if it's booting @ Startup.

http://db.etree.org/hopefulrollingwaves/ < My Trading List
Go to Top of Page

Jiyra
Chatterbox

124 Posts

Posted - 03/21/2005 :  10:51:45 AM  Show Profile  Send Jiyra an AOL message  Reply with Quote
microsoft's new antispyware beta is frigging amazing, probably oen of their best programs to date, and it'll get rid of everything, it's pure genius and I highly recommend it to everyone who runs a PC!

silly girl, sanity is for boys
Go to Top of Page

dan p.
Alien Abductee

Uganda
3776 Posts

Posted - 03/21/2005 :  11:03:06 AM  Show Profile  Send dan p. an AOL message  Reply with Quote
it tells me it can't find the specified file, and that 0 files were copied. i think the program is dependent on another one. i can't delete it or stop it because something else is using it.

death to false metal.
Go to Top of Page

dan p.
Alien Abductee

Uganda
3776 Posts

Posted - 03/21/2005 :  11:17:58 AM  Show Profile  Send dan p. an AOL message  Reply with Quote
one of the two .exe files that seem to come with it were there. i got those out, but i didn't feel like restarting, so that'll just happen when i turn the computer off and on again.

i think this thing only effects internet explorer. starts me on about:blank, but it takes me to a site i assume i don't want to be on. i don't use iexplore though, because now i have foxfire. my brother used that apparently instead of mozilla like i told him to. i'd still prefer not having it on here, though.

death to false metal.
Go to Top of Page

zakkwyle234
Try A Little Harder

Canada
71 Posts

Posted - 03/21/2005 :  6:42:59 PM  Show Profile  Reply with Quote
hey dan, found some things at work. quite a bit of reading for you but it should help. these are actual call logs from ppl that called in with that filthy animal you have on your system. hope it helps.

TRY THIS ONE FIRST

I was able to remove rpcss_pl but it was very long and difficult!!!
I used wininternals utility to boot, i deleted the file rpcss_pl and all the references in the regedit.
When i reboot in normal mode it was like hell!! many system services cannot start because the trojan (yes it is a trojan called troj_small.aga) put itself in the dependencies of the services, anyway u have to start regedit and then search for RPCSS+ and delete all the entries, the same again for rpcss_pl. then reboot.... in addiction i had a problem after removing this trojan: i couldn't anymore navigate internet (something get wrong with dns, i was able to ping an ip address but i cannot resolve any name) and i was able to fix it with lsp fix http://www.cexx.org/lspfix.htm
-------------------------------------------

go into the registry and delete what ever is in this dependency key. "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\RpcSs\Dependencies"

How to remove the about:blank browser hijacker (SOX040703700010)
TITLE: How to remove the about:blank browser hijacker
*** Problem Description ***
Customer had the about:blank browser hijacker infection.

Running Ad-aware, Spybot or any other spyware checker did not help


<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
*** Resolution *** Jul 3 2004 9:34AM v_micle

RESOLUTION:

1. Click on View (Internet Explorer menu)
2. Click Source
3. Search for a string beginning with res://
4. Copy the whole string (Control+C)
5. Open Internet Explorer
6. Goto http://www.simplelogic.com/Developer/URLDecode.asp
7. Paste the link in the box provided
8. Click on "Clean Data"
9. Name of a DLL file appears along with the path to it (eg - \windows\system32)
10. Open Mycomputer
12. Change Folder option to Show Hidden Files
13. Goto the path to find the DLL file (eg - \windows\system32)
14. Close all open applications and browser windows
15. Rename this file.
16. Open Internet Explorer
17. Change home page to desired home page URL
18. Restart the computer

After restarting, check Internet Explorer. the problem should be resolved

Also sometimes, the about:blank returns after a while

Check the registry for this key:
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS
NT\CURRENTVERSION\WINDOWS\APPINIT_DLLS

This is what prompts to windows to load the trojan everytime any application is
run. the value of the key, is hidden

Try removing it. BE SURE TO BACK UP THE REGISTRY BEFORE DOING IT !!!!

Reboot the computer.

Go back into the registry and search for the key. If it comes back, try the
following:

Rename the entire HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS
NT\CURRENTVERSION\WINDOWS
to HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS2

Delete the APPINIT_DLLS key under the WINDOWS2 folder.

Rename HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOW2
to HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS

Reboot the computer

Check the registry again. The key should be gone for good.

BEST OF LUCK !!!

Anand Basu
v-2anbas


-------------------------------------------------------------
Create a system restore point and then
Make a notpad file on the desktop by any name say -> change
copy the following content to that
REGEDIT5
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Use_DlgBox_Colors"=-
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Use_DlgBox_Colors"="yes"
and then save it as change.reg
then doubleclick on it
so that it can make the registry entries
then restart and see if it effect the problem
-----------------------------------------------------------


*** Problem Description ***
The internet explorer is hijacked by "about:blank"

<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
*** Resolution *** Aug 23 2004 12:08PM v_2dpodd

THE UNINSTALL.EXE can be downloaded from http://tinyurl.com/6mdng and save it on
the desktop .
Just the run the program..it sets the homepage as about:blank ..but that is good
..we can now set our homepage .

Restart the computer in the normal mode
open the Internet explorer

We have the homepage we set before we restarted the computer .


It is fixed now!!
--------------------------------------------------------------

*** Problem Description ***
Home page was being forced to about:blank, actively, after changeing the address in
internet options, reopening internet options would display about:blank again.

<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
*** Resolution *** Jun 28 2004 5:24PM v_2anaht

Program called "SpyBlocs v2.0" was installed on system, this program was
recommended by an adware popup, when downloaded, the first program required that a
second program, "SpyBlocs", be downloaded and installed to find and remove spyware
or adware from the system.

After install of "SpyBlocs" the home page was actively force to about:blank

Removed program "SpyBlocs" resolved issue


"of all the things i've lost in life, i miss my mind the most"
Go to Top of Page

dan p.
Alien Abductee

Uganda
3776 Posts

Posted - 03/21/2005 :  9:17:12 PM  Show Profile  Send dan p. an AOL message  Reply with Quote
the july 3 resolution didn't work because the view source part didn't do anything.

the first one did't work because i can find the rpcss+ folder, but not anything named rpcss_pl.

i could find HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\RpcSs but i couldn't find the dependencies part.

i can't get on the site in the aug 23 solution.

death to false metal.
Go to Top of Page

zakkwyle234
Try A Little Harder

Canada
71 Posts

Posted - 03/21/2005 :  9:23:31 PM  Show Profile  Reply with Quote
hmmm...check this.....click start, run, type "services.msc". click ok, in the box that comes up, there will be 2 remote procedure calls, one alone and one that says remote procedure call locator. right click on the one that stands alone (usually the one closest to the top) and hit properties. then click the dependencies tab.....anything in there, or does it say "no dependencies"?

"of all the things i've lost in life, i miss my mind the most"
Go to Top of Page

dan p.
Alien Abductee

Uganda
3776 Posts

Posted - 03/21/2005 :  9:27:16 PM  Show Profile  Send dan p. an AOL message  Reply with Quote
there's a whole fucking list of shit on the bottom half. nothing on the top half.

death to false metal.
Go to Top of Page

zakkwyle234
Try A Little Harder

Canada
71 Posts

Posted - 03/21/2005 :  9:53:50 PM  Show Profile  Reply with Quote
okay....the bottom 1/2 doesn't matter, those are the things that depend on rpc. it looked like it was some that rpc was depending on was messin it up. someone gave me this link and said it has helped them with this problem. i, however can't see it because surf control is a cunt, so i have no idea what's on this page. it's especially nice tryin to help customers and not being aloud. here it is.

www.bleepingcomputer.com/forums/index.php?showtopic=4210&st=0#entry75767

if this doesn't do it for you, i'll find you the number for our virus and malware specialist team, it's free for the 1st calls and they have many more recources on it since i don't deal with it much.
let me know if you want that number and i'll dig it out.

"of all the things i've lost in life, i miss my mind the most"
Go to Top of Page

dan p.
Alien Abductee

Uganda
3776 Posts

Posted - 03/21/2005 :  10:13:12 PM  Show Profile  Send dan p. an AOL message  Reply with Quote
i've been to that link. no help there. i think i'll wait til i can get on that site. it doesn't seem to be urgent. i don't use internet explorer, which seems to be what it effects, and i got rid of the other files.

death to false metal.
Go to Top of Page

zakkwyle234
Try A Little Harder

Canada
71 Posts

Posted - 03/21/2005 :  10:15:05 PM  Show Profile  Reply with Quote
right on. yeah, it's more of a pest than anything. obviously a persistent one.....sorry my stuff didn't work.

"of all the things i've lost in life, i miss my mind the most"
Go to Top of Page

dan p.
Alien Abductee

Uganda
3776 Posts

Posted - 03/21/2005 :  10:27:21 PM  Show Profile  Send dan p. an AOL message  Reply with Quote
eh, that's alright. i'll get around to it.

death to false metal.
Go to Top of Page

tericee
Alien Abductee

USA
2579 Posts

Posted - 03/22/2005 :  03:35:43 AM  Show Profile  Visit tericee's Homepage  Send tericee an AOL message  Reply with Quote
If all else fails, you can re-format your hard drive...
Go to Top of Page

dan p.
Alien Abductee

Uganda
3776 Posts

Posted - 03/22/2005 :  10:34:16 AM  Show Profile  Send dan p. an AOL message  Reply with Quote
yeah, i could. but i would lose around 1,200 mp3s, my music notation software and all my scores i made with it, and all these programs i downloaded.

death to false metal.
Go to Top of Page
  Previous Topic Topic Next Topic  
 New Topic  Reply to Topic
 Printer Friendly
Jump To:
Tim Reynolds - Message Board © Back to the top Go To Top Of Page
Snitz Forums 2000