Help with Virus PLEASE?

This is the place to bitch, bash, and get help with all things Windows.
Post Reply
christopherieom
n00b
Posts: 1
Joined: Mon Feb 24, 2014 11:34 pm

Help with Virus PLEASE?

Post by christopherieom » Mon Feb 24, 2014 11:47 pm

I keep getting reports from Avg free saying that i got a threat that is named Win64/Patched and its object name is c:\windows\system32\rpcss
When i click to remove it, it wont let me.
please help

User avatar
Cool_Fire
Not a sandwich
Posts: 1912
Joined: Fri May 09, 2003 1:20 pm
Location: 41 6d 73 74 65 72 64 61 6d
Contact:

Re: Help with Virus PLEASE?

Post by Cool_Fire » Thu Feb 27, 2014 3:38 pm

This seems more like a question for a general computer help forum than a hacker forum but I digress.

The rpcss.dll file in question is a legitimate part of the windows OS and is needed to for it to function properly. The problem is that something has patched (modified) this file for whatever purpose.

If you have a full backup you can just restore the file from there, otherwise you may try looking on something like your windows install CD (if you have one) or far less ideally on a site like dlldump.com to get an uninfected copy of the file.

Since it is an integral part of windows it generally cannot be replaced when the system is running (though I've not tried it for this specific file myself) so you'll have to either boot another system like from a linux live cd or put the drive in another computer in order to replace the infected file.

Having said all that, it's entirely possible that the patched .dll file is just a symptom of another infection on your machine which may also still be active and patch the file again as soon as you've replaced it and start windows again. In that case you'll have to either find the root cause of the problem or just make a backup of your personal files and re-install windows.
If we're breaking the rules, then how come you can't catch us? You can't find us? I know why. Cause, it's ... MAGIC!
Hackerthreads chat, where the party is going 24/7.

Post Reply