rpcnet.exe - lojack?

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by SyrupyDeathtrap, May 27, 2009.

  1. SyrupyDeathtrap

    SyrupyDeathtrap Private E-2

    I've been messing with this for days now, and I've basically determined - it is the name of the dialer Computrace's Lojack for Laptops uses.

    I am using a laptop computer purchased from Dell by an organization (my school), and thus think it may be possible it was installed on my system, but I would like to be certain.

    Seeing as how this program's nature is indiscreet, I would like to know if there was a way I could determine that it is Lojack and not malware. Can anyone help?

    Thank you for your time.
     
    SyrupyDeathtrap, May 27, 2009
    #1
  2. SyrupyDeathtrap

    SyrupyDeathtrap Private E-2

    My apologies for the double-post. I didn't realize some things until the edit-timeframe ended.

    I've discovered chaslang's reply on the subject in this thread [x] and would add that I did just get the HDD and MoBo replaced, and am somewhat sure the program was not running on my laptop before this.

    Seeing that the issue still seems to have everyone stumped, I would request my thread be closed, but I think that perhaps nobody who has had the issue has asked for a way to confirm the source of the program - if that is even possible.

    If I have wasted your time, I am sorry, and I hope what information I can provide regarding it* will make up for that. (*that it does seem to be hardware-caused, and that I'm sure I didn't pay for it myself, though it may have been purchased by my school who did overcharge for the machine, perhaps for this very reason)
     
    SyrupyDeathtrap, May 27, 2009
    #2
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    No one is stumped. You just need to wait for an answer. Yes this is in all likelyhood just the computer software/hardware that was put on your PC when you school purchased them. This is standard operating procedured. You may be able to right click on some of the files and get properties information on the files. There are typically at least 4 files seen:

    C:\WINDOWS\system32\rpcnet.exe
    C:\WINDOWS\system32\rpcnet.dll
    C:\WINDOWS\system32\rpcnetp.exe
    C:\WINDOWS\system32\rpcnetp.dll

    They may be reported as Absolute Software being the manufacturer. You will even see this under the MSconfig Services tab
     
    chaslang, May 29, 2009
    #3
  4. SyrupyDeathtrap

    SyrupyDeathtrap Private E-2

    Thanks for the welcome, certainly a good place to be.

    Sorry - I didn't mean that because of any delay in replying, only that from what I read in other threads, it seemed that way.

    As for your solution - simplicity itself, I feel foolish for not knowing it myself. They definitely show up as Absolute Software and the certificates seem to check out.

    I had been having hardware issues and I'm about to make an image of because I'm getting it replaced on Monday, and I really didn't want to to be loading a corrupted image onto my brand new one, so it's quite a relief to know it's only the Lojack thing.

    Though I'm still very curious about having that, but not having ever been told about it. That at least, can be solved by a call to my school and to Dell.

    Thanks again!
     
    SyrupyDeathtrap, May 30, 2009
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome. Surf safely!
     
    chaslang, May 31, 2009
    #5

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds