RPC Virus message in Action Center, though the virus seems to be gone?


  1. Posts : 9
    Windows Home Premium 64bit
       #1

    RPC Virus message in Action Center, though the virus seems to be gone?


    So I was managing my Laptop (Compaq Presario CQ57 with Windows Home Premium SP1) after a long time away from it, I left it in the care of a friend of mine, I noticed a few strange things.

    1) I couldn't update Windows.
    2) I couldn't turn ON my firewall
    3) Windows Security Center was missing.
    4) Windows Defender is missing
    5) The Action Center flag wasn't in my notifications area (so I found it through the start menu)
    6) I seen a message in red that my computer was infected with the "RPC virus" and needed up to date software to remove it.

    From what I've read into about this so called virus, it's scareware, not to mention the fact that it's a blaster virus right? Like from the XP days? Like the kind that would make you BSOD, crash, unable to start any kind of internet application, and the like?

    Anyways I went through my antivirus vault, cleaned it all out (there was even an infection around the date that I was supposedly infected). Still had the message. My default antivirus is AVG Free. So I scanned again, nothing came up. Eset Online Scanner? Nothing. Malwarebytes? Nothing came up. Windows Malicious Removal Tool? Nothing came up. Norton Power Eraser? Nothing came up. I did some googling on the RPC virus and I seen Remote Procedure Call. I tried going into the recovery tab to stop them and they're all grayed out.

    Now I'm not freakin' out about it, I found SOME fixes for some of the mundane things that was missing (still working on trying to find fixes through the things described above). I found a file that has registries, and they seem to work, though some of the programs are still missing (Windows Defender). Is there any way to locate the virus (if it's still even on here) and kill it -without having to reformat-? I can't read all of the OEM keys, some of the characters are illegible, I don't have access to a Win 7 Home Premium edition disk, and money right now is tight.

    I have internet connection, I'm not experiencing any sluggish behavior (well, nothing out of the ordinary for 2 gigs of ram), no crazy programs running (though Remote Procedure Call won't stop in services), I even ran antiviral/anti-malware programs in safe mode (which still found nothing). The only things that are out of the ordinary are the things described above. Any help would be much appreciated!
      My Computer


  2. Posts : 9
    Windows Home Premium 64bit
    Thread Starter
       #2

    A side update, I've gotten Windows Firewall up again, things are relatively normal, however my action center system icon is grayed out. I'm thinking it's a registry thing. I tried a few of the fixes (after backing up my registry), and still no success. I am however very confident that the virus isn't present on my PC. I ran MSE last night on safe mode, full system scan, it picked up nothing. SpyBot S&D, picked up nothing.. I even installed and ran ZoneAlarm, nothing there too. So out of all those scans SURELY something would have picked it up by now.

    I'm thinking it's all dealing with registry errors because the firewall fix I found on here, worked like a charm. I can enable and disable my firewall, my security center is back, Windows Defender is back, I can update (which good gosh I had a lot of updating to do), and as I sip on my coffee, the only strange things are that my notification icon for Action Center isn't working (grayed out when trying to enable it through the tray) and it still has that archived message of the RPC virus (which even after a scan of RTKiller, nothing). Pretty sure it's not on the PC, rather registries have been changed before the virus was quarantined (only explanation because I rechecked my event logs and a virus was quarantined the day of the RPC infection). I mean I don't have to have it in there, I just don't like the fact that I can't turn it on when I want to.
      My Computer


  3. Posts : 9
    Windows Home Premium 64bit
    Thread Starter
       #3

    Another update (sorry if it seems like I'm bumping this post, but just in case others are having the same issue I'd just post if I fixed something). I have fixed my Action Center Notification tray! However the message about the virus is still there, however, it got me thinking, is there a way to delete archived messages? I'll do more searching, but for those wondering about possible fixes, which I did a lot of hunting on these forums.

    Brink's reset DIDN'T work, however I found this in the related threads: Unable to fix Action Center notifications after virus Win64/Sirefef.B

    In this thread this person explains how he edited a notepad file into a .reg and the fix worked. I'm thinking that this virus is the same I had were the same, but the fix was this:
    The virus had removed the following registry Key (amongst others):
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A}]
    "AutoStart"=""

    This starts the whole ball rolling for enabling the Action Center notifications.
    When Explorer.exe starts, it looks for this key, and that it what then tells it to load ActionCenter.dll, and monitor for whatever messages it chooses to give.

    Hope this is of use for someone else.
    Still haven't fully fixed everything yet. The last thing is to get rid of archived messages, I have a lot more than just that virus in there like when I installed Oblivion and my data files got corrupted due to me breaking the game through heavy modding, skype randomly dying 90 times due to unknown errors (which all of this was before the infection even happened), and things like that. I'll search later for that one in the meantime and post back if I find results. Thank you all for leaving paper trails on these fixes!
      My Computer


  4. Posts : 9
    Windows Home Premium 64bit
    Thread Starter
       #4

    And the message is gone! I used just the regular disk cleanup utility to wipe it all. For the registry fixes for BITS, WinDefend, BFE, mpssvc, wuauserv, and wscsvc I think it's dependent on what you're running (32 or 64bit systems). Mine happened to be 64bit and I found those through a google search and found them all on these forums. I plan on running more anti-rootkit scanners to make sure all of it is gone, but everything so far seems normal! I hope this can help others as well and if people have any more questions I'll be more than happy to answer. Sfc scans also showed that the integrity of sectors were fine btw, if people are wondering. I'm going to mark this thread as solved!
    Last edited by Shards; 15 Oct 2012 at 16:40. Reason: Typos! I hate making typos!
      My Computer


  5. Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       #5

    Did you also find that Win64/Sirefef.B is a Rootkit? Encyclopedia entry: Virus:Win64/Sirefef.B - Learn more about malware - Microsoft Malware Protection Center

    Please read about Rootkits ... you can never be sure that your infected computer will ever be stable again without a complete wipe and "clean install"
    What is a Rootkit?
    Rootkit - Wikipedia, the free encyclopedia
      My Computer


  6. Posts : 9
    Windows Home Premium 64bit
    Thread Starter
       #6

    Like I said above, I believe it was quarantined before it had time to start it's 'roots' so to speak. I'm 99.99% certain that I don't have it anymore and after reading about that specific virus, it wasn't the same as those things described in the symptoms never occurred. The fix in that post however worked. I'm sure if you go through my posts again, that would be more clear. No worries! :)

    As I said in first post, I cannot do any kind of clean installs, wipes, or any of that matter because 1) I don't have the OEM numbers due to the CoA sticker being damaged (it's a year old), 2) I don't have a Windows 7 Home Premium disk. Money is tight, so I can't go out and spend that kind of money on something I can do myself and did do myself through research on my own.

    As for rootkits, I've had numerous rootkit infections and have weeded them out on XP numerous times, but thank you for the information as I'm sure other people can use it. My system was fine after applying the fixes and triple checking my logs. You just have to know your PC. I wasn't aware until I got back that I had a virus and couldn't update my Windows. I checked the log, it was infected the 23rd of last month. I went to the vault. There was a virus vaulted the 23rd of last month. I didn't check until the day of the post when I found that lovely little message in my Action Center. I got back around the first of this month. Between 10/1/2012-10/15/2012, nothing was sluggish. I could surf the web normally, I could play Skyrim without a hitch (which people say that I can't, I do it just fine), and all that was messed up was the registries, which I fixed while posting in this thread. I'm not worried to be honest. It's running just like it did when I got it out of the box. Like a Compaq.

    In addendum, not to step on any toes or start an argument, I have to reiterate something here. From the article about the specific rootkit it says:
    Recovery
    To detect and remove this threat and other malicious software that may be installed on your computer, run a full-system scan with an appropriate, up-to-date, security solution. The following Microsoft products detect and remove this threat:

    Microsoft Security Essentials
    Microsoft Safety Scanner
    And this from your Wiki link:
    Even if the type and nature of a rootkit is known, manual repair may be impractical, while re-installing the operating system and applications is safer, simpler and quicker
    I just want to correct something here, it's impractical, not impossible. It also says in most cases the only defense is to reformat however 1) I've deleted rootkits in full in the past without having to reformat my XP rig once (I only had to reformat once and that was because I updated from 98 to XP). 2) The other part is is the mass hysteria of computer viruses and rootkits. Most people reinstall because they don't want to deal with the system. If you screw up your system, you can reinstall Windows after formatting the hard disk. What is there to lose if you have your information backed up? 3) Knowing how my PC works. From the day I bought it, it acted like a Compaq. Compaqs for me are troopers. Sure when you get them, they have a lot of startup programs, but once you weed those things out that you don't need to run your PC, it's a sweet thing. Fast boots. About 45 seconds. Still. Even after this fiasco. Internet speeds are quick. Gaming is just as practical, however as can be due to the limitations of my graphics card. My only complaint about this PC so far, is the annoying lights when it's plugged in when I'm trying to sleep. When it's fully charged a bright white light shines right in my face. =/ Seriously. It's a mood killer. D:

    It may sound like I'm saying this to affirm it in my head, but I'm pretty sure I'm fine now. Thank you for being concerned however and I'm sure others can use this information that you linked. :)
    Last edited by Shards; 17 Oct 2012 at 02:00. Reason: adding information, reiteration, and explanation as of why I'm sure I'm not infected anymore
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 00:19.
Find Us