# Help with infec6tion - New



## JWmedia (Feb 12, 2007)

Hi.

I am afraid that the problem is still here. The Trojan or dialer has moved to rpcnet.exe, rpcnet.dll, rpcnetp.dll, rpcnetp.exe and rpchelp. It shows as having beien made by Absolute software. I am attaching a BitDefender Report that shows it. My readings indicate that you can not delete the rcpnet files or the computer will not boot and if you delete the rpcnetp files they return. McAfee was able to remove one of rpcnetp files, I am trying again for the other now. It didn't work, file now appears to be rpchelp. Please look at the last three posts of my previous thread.

Thanks again,

JWmedia

BitDefender Online Scanner



Scan report generated at: Sat, Mar 10, 2007 - 10:28:19





Scan path: C:\;D:\;


Statistics

Time
01:27:14

Files
771935

Folders
9440

Boot Sectors
3

Archives
8930

Packed Files
96281




Results

Identified Viruses 
2

Infected Files 
3

Suspect Files 
0

Warnings
0

Disinfected
0

Deleted Files
3




Engines Info

Virus Definitions
403960

Engine build
AVCORE v1.0 (build 2397) (i386) (Feb 8 2007 14:24:08)

Scan plugins
14

Archive plugins
38

Unpack plugins
6

E-mail plugins
6

System plugins
1




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\WINDOWS\system32\CloseAll.exe
Infected with: Generic.Malware.SYd!g.83CCE9BE

C:\WINDOWS\system32\CloseAll.exe
Disinfection failed

C:\WINDOWS\system32\CloseAll.exe
Deleted

C:\WINDOWS\system32\rpcnetp.dll
Infected with: BehavesLike:Win32.ExplorerHijack

C:\WINDOWS\system32\rpcnetp.dll
Disinfection failed

C:\WINDOWS\system32\rpcnetp.dll
Deleted

C:\WINDOWS\system32\rpcnetp.exe
Infected with: BehavesLike:Win32.ExplorerHijack

C:\WINDOWS\system32\rpcnetp.exe
Disinfection failed

C:\WINDOWS\system32\rpcnetp.exe
Deleted


----------



## Byteman (Jan 24, 2002)

Hi, This is not an infection at all....it's legitimate software that is detected as malware- please read the two pages of this thread

*http://www.help2go.com/component/option,com_forum/Itemid,32/page,viewtopic/t,23513/start,0/*

If you have Hijackthis please post this:

Open Hijack This and click on the "Open the Misc Tools section" button. Click on the "Open Uninstall Manager" button. Click the "Save List" button. After you click the "Save List" button, you will be asked where to save the file. Pick a place to save it then the list should open in notepad. Copy and paste that list here.


----------



## JWmedia (Feb 12, 2007)

Hi Byteman,

I am getting confused, MaCafee and BitDefender both identified rpcnetp.dll and rpcnetp.exe and malware, AVG identified rpcnet.dll as a highacker.

the following is the HighJackThis add/remove list.

ABBYY FineReader 6.0 Sprint
Ad-Aware SE Personal
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Creative Suite 2
Adobe Download Manager 2.2 (Remove Only)
Adobe Flash Player 9 ActiveX
Adobe Help Center 1.0
Adobe Reader 8
Adobe Shockwave Player
Adobe Stock Photos 1.0
Adobe SVG Viewer 3.0
Apple Software Update
ArcSoft PhotoStudio 5.5
AVG Anti-Rootkit Beta
AVG Anti-Spyware 7.5
Bejeweled 2 Deluxe
Bibble Pro
Blackhawk Striker 2
Blasterball 2 Revolution
Bluetooth Stack for Windows by Toshiba
Canon CanoScan Toolbox 4.9
CCleaner (remove only)
CD/DVD Drive Acoustic Silencer
Chuzzle Deluxe
Desktop Dialer
DVD-RAM Driver
Easy CD & DVD Creator 6
EasyCleaner
EPSON Attach To Email
EPSON CardMonitor
EPSON Copy Utility 3
EPSON Event Manager
EPSON File Manager
EPSON PhotoStarter3.0
EPSON Print CD
EPSON Printer Software
EPSON Scan
EPSON Scan Assistant
EPSON SPR300 Reference Guide
ESPNMotion
FATE
Film Factory
FTP Commander Pro
GemMaster Mystic
Google Desktop
Google Toolbar for Internet Explorer
Handy Backup 5.4.7
High Definition Audio Driver Package - KB888111
Hijackthis 1.99.1
HijackThis 1.99.1
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB893357)
Hotfix for Windows XP (KB894871)
Hotfix for Windows XP (KB895200)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB912024)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB928388)
Hotfix for Windows XP (KB929120)
InstallShield Tuner 7.0 for Adobe Acrobat
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet/Wireless Software
InterVideo WinDVD Creator 2
InterVideo WinDVD for TOSHIBA
J2SE Runtime Environment 5.0 Update 11
Lightroom
Mah Jong Quest
Manual CanoScan 9950F
McAfee SecurityCenter
McAfee Uninstall Wizard
mCore
mDrWiFi
mHelp
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office OneNote 2003
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Works
mIWA
mLogView
mMHouse
Mozilla Firefox (2.0.0.2)
mPfMgr
mPfWiz
mProSafe
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 6.0 Parser (KB927977)
mWlsSafe
mXML
mZConfig
OmniPage SE 2.0
Penguins!
Picasa 2
Polar Bowler
Polar Golfer
Presto! BizCard 4.1 Eng
Presto! PageManager 6.11
Quicken 2007
QuickTime
RealPlayer
Realtek High Definition Audio Driver
Recover My Files
Registry Cleaner Update 6.0.0.017
Registry Mechanic 6.0
SCRABBLE
SD Secure Module
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Sonic DLA
Sonic Encoders
Sonic RecordNow!
Sonic Update Manager
Sony ACID XPress 5.0a
Spy Sweeper
Spyder2express
Spyware Detector
Suite Specific
Symantec Technical Support Web Controls
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Controls
TOSHIBA Game Console
TOSHIBA Hotkey Utility
Toshiba Media Center Game Console
TOSHIBA PC Diagnostic Tool
TOSHIBA Power Saver
Toshiba Registration
TOSHIBA SD Memory Card Format
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA TouchPad ON/Off Utility
TOSHIBA TV Tuner 4.0.12.73
TOSHIBA Utilities
TOSHIBA Virtual Sound
TOSHIBA Zooming Utility
Unlocker 1.8.5
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB912945)
Update for Windows XP (KB916595)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB925876)
Update for Windows XP (KB931836)
Update Rollup 2 for Windows XP Media Center Edition 2005
WildTangent Web Driver
Windows Communication Foundation
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows Registry Repair Pro
Windows Registry Repair SE
Windows Rights Management Client Backwards Compatibility SP2
Windows Rights Management Client with Service Pack 2
Windows Workflow Foundation
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB884018
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB889673
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890546
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893056
Windows XP Media Center Edition 2005 KB888316
Windows XP Media Center Edition 2005 KB894553
Windows XP Media Center Edition 2005 KB895678
Windows XP Media Center Edition 2005 KB925766
Yahoo! Toolbar

Thanks, then what could be causing the hesitation that my computer has,

JWmedia


----------



## JWmedia (Feb 12, 2007)

Hi Byteman,

I just read the Help2Go item that you posted. It was correct I do have LoJac or a computer tracer in the computer. I am not sure why it found the files as a Hijaack.small, maybe that a part of the way to elininate the information from the laptop.

Thanks,

JWmedia


----------



## Byteman (Jan 24, 2002)

Hi, False positives come about due to scanners seeing files or programs....as what they DO (and they cannot tell otherwise unless things are added to what is known as a whitlelist.... an internal database that excludes items from detection.)

I guess new programs like you have come out so often, that they are hard to keep added to something like a whitelist, I just cannot tell you exactly why they have not considered the program you have as excludable.

It is found as a dialer, because that is what the program will do, in the event that the computer is stolen.

The scanning antispyware programs don't automatically decide WHAT dialers are good....unless, there is a specific exclusion made for that dialer. Maybe you could voice your opinion to the makers of all the programs that detected it as a malware, and also, to the makers of the security program your computer has.
That would get their attention, if enough people do inform them. 

So, are we all caught up with this now?


----------



## Flrman1 (Jul 26, 2002)

Please do not start a new thread for this. Reply here:

http://forums.techguy.org/showthread.php?p=4521323#post4521323


----------



## Byteman (Jan 24, 2002)

Flrman1- I did not realize this poster had a previous thread. But, would you look at what I posted about the "dialer" that is not one...it's a security program installed that phones a company if the notebook is stolen....

I just PM'd JWMedia to let you know about this thread, and, what was found.



JWmedia said:


> Hi Byteman,
> 
> I just read the Help2Go item that you posted. It was correct I do have LoJac or a computer tracer in the computer. I am not sure why it found the files as a Hijaack.small, maybe that a part of the way to elininate the information from the laptop.
> 
> ...


----------



## Flrman1 (Jul 26, 2002)

:up:


----------



## Byteman (Jan 24, 2002)

Hi Flrman1, JWMedia

JW you are lucky that your files were not automatically erased...

Must be some kind of fail safe...such as a logon that knows you are you (owner) 

I see tower computers also can have this installed, wait till I get one to work on and the owner doesn't let me know, and I get a visit by the cops, people will be laughing till next Easter...


----------

