Windows 7: RPC Virus Virus

akshaybz · 07 Apr 2011

In my pc's device manager under "network Adapters" i see "PC Tools Driver #6"...ok I remember I installed PC Tools Firewall Plus months ago..and It might have been installed then....it also has a tiny yellow exclamation mark over...useless stuff...so i decide to uninstall it..
So, I click uninstall and the device manager page refreshes but OMG! it's still there

I tried many times but that ugly thing is still there...

Can anyone help?

akshaybz · 07 Apr 2011

The action center keeps on saying "Remove the RPC Virus Virus"..
Anyone knows how to remove it??
I'm using MSE and Malwarebytes Anti Malware and both found nothing!

Borg 386 · 07 Apr 2011

Quote:

The RPC Virus (aka Remote Procedure Call Virus) is also known as MSBlast or the Blaster Virus, is a malicious worm that spreads by infecting vulnerable computers. If your computer has been infected, you may experience frequent system crashes or be completely unable to access any website. Remove the virus using an updated spyware removal tool immediately.

Quote:

What is RPC Virus – Fake Alert?

RPC Virus is a fake alert message coming from a rogue security program that will mislead its victim from buying the licensed version of the software. The fake alert messages will be shown as:
Remove the RPC Virus virus
Windows has detected RPC Virus, a known computer virus on your computer. RPC Virus has caused your computer to stop working properly.
Remove the RPC Virus virus from your computer
This problem was caused by RPC Virus, a known computer virus.
To prevent this problem from occurring again, install and run an up-to-date antivirus and antispyware program on your computer.

RPC Virus or MSBlast Removal Instructions

Suggest you run these tools, do a full system scan after following the removal instructions. If you cannot do this in regular mode, then run in safe mode:

http://www.microsoft.com/security/pc...e-removal.aspx

http://security.symantec.com/nbrt/npe.asp?lcid=1033

akshaybz · 07 Apr 2011

Actually neither the process nor the registry key was found in my PC...any gusses??

Carolyn · 07 Apr 2011

Malwarebytes' Anti-Malware should pick that baddie up. Try updating MBAM then do a Full Scan. Post the resulting log here, please.

Borg 386 · 07 Apr 2011

Quote: Originally Posted by akshaybz

Actually neither the process nor the registry key was found in my PC...any gusses??

After you do the full malwarebytes scan as suggested by Carolyn, if nothing shows, run the Malicious software removal tool and then the Norton Power Eraser (full system scan)

Quote:

These RPC Virus files can be in the form of EXE, DLL, LSP, TOOLBAR, BROWSER HIJACK, and/or BROWSER PLUGIN. For example, RPC Virus might create a file like
%PROGRAM_FILES%\RPC Virus\RPC Virus.exe. Locate and remove these files.

You may wish to consider running the Malwarebytes & Malicious software removal tool while disconnected from the net.

The Power Eraser will need a net connection to function properly

akshaybz · 07 Apr 2011

MBAM cleaned this:

Code:

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\TJHTHX1O7X (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Also here is screenshot of my task manager which are suspicious:

Borg 386 · 07 Apr 2011

Good, glad it's apparently sorted.

Now it's a good idea to run a full system scan with MSE, Malwarebytes and the Malicious Software tool just to be sure it's out of the system & there are no leftovers. Run these scans disconnected from the net so that it can't "call for help".

That's just to be sure it's gone, I know this can take a little bit, but why take chances on it coming back?

Carolyn · 07 Apr 2011

Those are legit processes in the screenshot

for example, see HERE

Borg 386 · 07 Apr 2011

Yeah, don't delete anything that "looks suspicious", let the scanners decided that. If you remove the wrong thing, you could end up crippling your PC.

After Mbam cleaned the file out, did the warnings disappear?

Windows 7: RPC Virus Virus

RPC Virus Virus problems?