I keep getting this pop up from Ad Watch live, telling me that they have blocked rpcnet.exe from running, because it has identified it as a windows32.trojan. I did some google research, and from what I have seen, rpcnet.exe seems to be connected to LoJack for Laptops. I've had LoJack for years, but it just recently expired. Could this be related to my LoJack expiring? How can I tell if it really is a Trojan, or just part of lojack?
Thanks
Full Version: rpcnet.exe?
Lavasoft Support Forums > Archived Topics > Archives: Resolved/Inactive Topics > Resolved/Inactive False Postive Issues
If you're not going to renew your LoJack, you could uninstall so the questionable file is deleted. But if you're going to keep it, read these pinned threads for instructions:
Files detected as suspicious
Guide for posting false positives
Files detected as suspicious
Guide for posting false positives
QUOTE(JennaLynne @ May 31 2009, 05:26 AM) 
I keep getting this pop up from Ad Watch live, telling me that they have blocked rpcnet.exe from running, because it has identified it as a windows32.trojan. I did some google research, and from what I have seen, rpcnet.exe seems to be connected to LoJack for Laptops. I've had LoJack for years, but it just recently expired. Could this be related to my LoJack expiring? How can I tell if it really is a Trojan, or just part of lojack?
Thanks
Thanks
Hi JennaLynne!
Would it be possible for you to post the file that is blocked from running by Ad-Watch so that we could investigate the issue further?
Regards,
LS Pekka
Lavasoft Malware Labs
I am getting the same error message, which just started yesterday and have found the same info. The log looks like this.
MSG [2108] 2009/05/30 09:27:45: C:\windows\system32\rpcnet.exe (diagnosis: Malware family: Win32.TrojanDownloader.Agent) => Block
MSG [4616] 2009/05/30 09:42:20: C:\windows\system32\rpcnet.exe (diagnosis: Malware family: Win32.TrojanDownloader.Agent) => Block
MSG [4976] 2009/05/30 09:57:19: C:\windows\system32\rpcnet.exe (diagnosis: Malware family: Win32.TrojanDownloader.Agent) => Block
MSG [3188] 2009/06/01 08:23:32: C:\windows\system32\rpcnet.exe (diagnosis: Malware family: Win32.TrojanDownloader.Agent) => Block
MSG [4744] 2009/06/01 08:37:57: C:\windows\system32\rpcnet.exe (diagnosis: Malware family: Win32.TrojanDownloader.Agent) => Block
I just went into my Process settings and set it to allow this process so I stop getting the messages. Not sure if that was right, but it was interfering with my work.
Thanks for the help
MSG [2108] 2009/05/30 09:27:45: C:\windows\system32\rpcnet.exe (diagnosis: Malware family: Win32.TrojanDownloader.Agent) => Block
MSG [4616] 2009/05/30 09:42:20: C:\windows\system32\rpcnet.exe (diagnosis: Malware family: Win32.TrojanDownloader.Agent) => Block
MSG [4976] 2009/05/30 09:57:19: C:\windows\system32\rpcnet.exe (diagnosis: Malware family: Win32.TrojanDownloader.Agent) => Block
MSG [3188] 2009/06/01 08:23:32: C:\windows\system32\rpcnet.exe (diagnosis: Malware family: Win32.TrojanDownloader.Agent) => Block
MSG [4744] 2009/06/01 08:37:57: C:\windows\system32\rpcnet.exe (diagnosis: Malware family: Win32.TrojanDownloader.Agent) => Block
I just went into my Process settings and set it to allow this process so I stop getting the messages. Not sure if that was right, but it was interfering with my work.
Thanks for the help
Hi Drewbian!
It would be really helpful if you could attach the detected file in this thread.
You can find the instructions here:
http://www.lavasoftsupport.com/index.php?showtopic=18033
Thanks
Albin
Lavasoft Malware Labs
It would be really helpful if you could attach the detected file in this thread.
You can find the instructions here:
http://www.lavasoftsupport.com/index.php?showtopic=18033
Thanks
Albin
Lavasoft Malware Labs
QUOTE(LS Albin @ Jun 1 2009, 09:27 AM)
Hi Drewbian!
It would be really helpful if you could attach the detected file in this thread.
You can find the instructions here:
http://www.lavasoftsupport.com/index.php?showtopic=18033
Thanks
Albin
Lavasoft Malware Labs
It would be really helpful if you could attach the detected file in this thread.
You can find the instructions here:
http://www.lavasoftsupport.com/index.php?showtopic=18033
Thanks
Albin
Lavasoft Malware Labs
I am running Ad-Aware Plus Anniversary Edition on Windows Vista 32 bit. I cannot find the specified log files anywhere, per the referenced instructions, or through a search by file name looking for the log names specified. I doubt this is what you want, but I did export the scan log from a scan today (after I had changed that process to "Allow") so not sure it will help at all.
Let me know what else I can provide, or change to get you what you need...
EDIT : I changed back to "inform", rebooted, and got new scan results attached as scanlog2.txt
I'm running Ad-Aware Pro Anniversary Addition on Windows XP Pro, and I'm seeing the same thing. Ad Watch is blocking rpcnet.exe, and states that "the process has been identified as Win32.TrojanDownloader.Agent." I have uploaded the file that is being blocked, and also a log file from the most recent scan, although I'm not sure that the log file actually references Ad-Watch blocking the file.
Hi all !
The file has now been removed from detection. Download the latest definition file (0148.0042) and run a scan again.
Thanks for your help !!
Albin
Lavasoft Malware Labs
The file has now been removed from detection. Download the latest definition file (0148.0042) and run a scan again.
Thanks for your help !!
Albin
Lavasoft Malware Labs
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.