Jump to content

virus has killed RPC... and more


Recommended Posts

This looks to be similar to some posts in December 2009 but I can't find a solution posted on the forum. Major virus hit. Appeared to be caught by xyz software, quarantined and deleted. I don't remember name of trojan/worm. But computer still acting really, really flaky. Time to turn to the professionals :(

Fired up malwarebytes. Nope. Died complaining about vbalgrid. Possibly making a mistake, I uninstalled my malware bytes and loaded again from CD. Same problem (except I now don't have the latest updates). Tried going to the directory and adding vbalsgrid6.ocx using regserv32 directly. No complaint from the registry. Same error.

Hunted around more and realized half (or more) of my services are stopped. Wireless router wont work (cant find "notification.dll"), search dont work, properties dont show up in services, extended services seem to have been enabled but show up in a blue box, and then now I find rpc server wont start (services.msc says it starts automatically). Dies with Error 2: The system cannot find the file specified.

Any suggestions?

Thanks, john

p.s. I dont have hijackthis loaded on this machine, unfortunately. I do have procmon.

p.p.s. This is Windows XP SP2.

Link to post
Share on other sites

Registry shows ServiceDLL is %SystemRoot%\system32\rpcss.dll

there is a file rpcss.dll in my C:\Windows\System32\ folder

and it has some date back from a few years back (e.g. it is not todays date.) It is 401,408 bytes and file version 5.1.2600.5755.

I have read&execute and read permissions.

Link to post
Share on other sites

Hi Tunneller -

First please try this to get a fresh new copy of the program -

To Fully Remove and Reinstall a Fresh New Copy of Malwarebytes - Read Carefully

Windows XP:

  • Click on Start and select Control Panel
  • Open Add/Remove Programs
  • Uninstall Malwarebytes' Anti-Malware
  • Restart your computer very important !
  • Download and run mbam-clean.exe from here

It will ask to restart your computer, please allow it to do so, very important

After the computer restarts, temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from here

Note: You will need to reactivate the program using the license you were sent via email if using the Pro version only -

Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates.

Restart the computer again and verify that MBAM is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications. You may use the guides posted in the FAQ's here or ask me and I'll explain how to do it.

Then try a Quick Scan -

Thank You - :(

EDIT - What Anti virus are you using -??

Link to post
Share on other sites

I downloaded mbam-clean to a USB drive, but when I put the USB drive into the pc, then it asks first if I want to check with windows update (I say no), then says needs to install new driver (with some trepidation I say ok) then it says that the driver hasnt passed Windows Security something or other and continuing is a bad idea. I do not continue. When I look on "My Computer" the USB drive is not there. So that means I have no way of adding a file to the machine.

I dont know if the above problems are because RPC is stopped, or if the virus is just being really sneaky...

Link to post
Share on other sites

False positive

Hm... well, that answers that.

I've been running "sfc /scannow" but most likely it is not going to be able to find a svchost.exe in any cache. Luckily (?) an absence of svchosts doesnt stop the CD reader from working so I "just" need to download a copy of svchost.exe onto (this Mac) burn a CD and from there back to the Windows machine. What a pain!!

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.