Tom's Guide | Tom's Hardware | Tom's Games

Computing.Net > Forums > Security and Virus > rpcxWindows.exe?what's this?

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

rpcxWindows.exe?what's this?

Reply to Message Icon

Name: indigian
Date: September 16, 2004 at 06:01:52 Pacific
OS: 98se&xp pro
CPU/Ram: Athlon xp2500-m/512mb pc3
Comment:

I found this while dissinfecting numerous sasser varients(and others) on a friends computer.It says it is

'Microsoft Windows Secure Server'

I've searched my own registry and it does not occur in mine.

Any idea what it is?


Tt Lanfire
nf7-s v2.0
XP-m 2500@210x11
SP 97
512mb pc3200
Jou Jye 550w psu
FX5600
WDCaviar 60gb
Seagate Barracuda 80gb

;~}



Sponsored Link
Ads by Google

Response Number 1
Name: JohnO
Date: September 16, 2004 at 07:49:12 Pacific
Reply:

Search Google. Got several hits showing a guys Hijack log. In German, but has translation button.


0

Response Number 2
Name: indigian
Date: September 16, 2004 at 08:36:54 Pacific
Reply:

Did not know about the translation button.

Bitdefender recognised it as a sdbot backdoor.Housecall and pandasoftware did not.

Tt Lanfire
nf7-s v2.0
XP-m 2500@210x11
SP 97
512mb pc3200
Jou Jye 550w psu
FX5600
WDCaviar 60gb
Seagate Barracuda 80gb

;~}


0

Response Number 3
Name: Joelie
Date: September 21, 2004 at 04:39:13 Pacific
Reply:

Yeh i have it too...i rebooted my computer (to get rid of all the spyware) and it came up straight away, and im really desperate to get it away.

I think it causes the internet connection to stop and slow down...it definatley does something to Internet Explorer, because when i connected through LAN on the laptop (internets on this computer then through to laptop) it works perfectly fine.

So when i deleted the "rpcxWindows.exe" out of the "Task Manager" the internet came back.

Its definatley something bad, but i cant find anything on it.

Aparently its part of the Windows Secure Server. I googled it and it didnt come up with any links from Microsoft.

So its DEFINATLEY something. i dont think none of the ANIT-VIRUS companies know about it.


0

Response Number 4
Name: HowardAS
Date: September 23, 2004 at 21:38:27 Pacific
Reply:

Its related to RBOT, Forbot, and SDBOT, probably infects the same way using the known LSASS vulnerabilities.

Most likely there are a dozen other files running at startup that are part of the infection.

LOOK IN YOUR REGISTRY AT: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

Look for any Microsoft Sounding Names in the Value, the files will be located in your windows\system32 directory - you will need to do some searching, since in the registry the files will be listed without directory path.

If the name looks legitimate but is 1 or 2 letters off, like scvhost.exe (rather than svchost, its a good bet its a worm.


0

Sponsored Link
Ads by Google
Reply to Message Icon

Related Posts

See More



Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.


Go to Security and Virus Forum Home


Sponsored links
Ads by Google


Results for: rpcxWindows.exe?what's this?
What's that mprexe32.exe ???? www.computing.net/answers/security/whats-that-mprexe32exe-/3377.html

What's this mean? Defaced by KmL! www.computing.net/answers/security/whats-this-mean-defaced-by-kml/15673.html

ctfmon.exe? What is this www.computing.net/answers/security/ctfmonexe-what-is-this/11479.html