unauthorized internet access by RpcSs

D

don2sail

In windows xp I recently noted internet traffic (from the computer icon
in the lower right hand corner) while I had the internet connection open
but no programs running.

using taskmanager I tracked the activity to a 6th running copy of
svchost.exe

using tasklist /svc I tracted the service to RpcSs pid 732 (although I
have no idea what the pid is)

I noted two other svchost.exe that looked questionable:
stivc pid 1260
wkspatch pid 1212

researching RpcSs increased my concern when I found that this prgm is
microsofts remote program proceedure call. I recall specifically
avoiding the installation of the windows remote features

currently I am using task manager to end the svchost.exe process as soon
as I boot up but would like a more permanent solution.

can anyone help me figuare out what is going on and how to permanently
correct the situation?
 
C

Carey Frisch [MVP]

You may have a virus "worm" that has entered your system.

1. Open a command prompt window: Click Start>Run, type CMD and then press the Enter key.
2. At the command prompt, type the following:
NET STOP "Network Connections Sharing"
3. Press the Enter key. A message should indicate that the service has been stopped successfully.
4. Again, at the command prompt, type the following:
NET STOP "Wkspatch"
5. Press the Enter key. A message should indicate that the service has been stopped successfully.
6. Close the command prompt window.
7. Open Registry Editor. To do this, click Start>Run, type REGEDIT, then press Enter.
8. In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>System>CurrentControlSetServices>
9. Still in the left panel, delete the subkey: WksPatch
10. Close Registry Editor.

Perform the following:

Symantec Security Check
http://security.symantec.com/sscv6/default.asp?langid=ie&venid=sym

Download and run this spyware removal tool:

Stop the Invasion of Adware and Intrusive Spybot Spyware - Restore Your Privacy
http://spybot-spyware.com/

A Description of Svchost.exe in Windows XP
http://support.microsoft.com/default.aspx?scid=kb;en-us;314056&Product=winxp

Services Guide for Windows XP
http://theeldergeek.com/services_guide.htm

Be Smart! Protect your PC!
http://www.microsoft.com/security/protect/

--
Carey Frisch
Microsoft MVP
Windows XP - Shell/User

Be Smart! Protect your PC!
http://www.microsoft.com/security/protect/

--------------------------------------------------------------------------------------


| In windows xp I recently noted internet traffic (from the computer icon
| in the lower right hand corner) while I had the internet connection open
| but no programs running.
|
| using taskmanager I tracked the activity to a 6th running copy of
| svchost.exe
|
| using tasklist /svc I tracted the service to RpcSs pid 732 (although I
| have no idea what the pid is)
|
| I noted two other svchost.exe that looked questionable:
| stivc pid 1260
| wkspatch pid 1212
|
| researching RpcSs increased my concern when I found that this prgm is
| microsofts remote program proceedure call. I recall specifically
| avoiding the installation of the windows remote features
|
| currently I am using task manager to end the svchost.exe process as soon
| as I boot up but would like a more permanent solution.
|
| can anyone help me figuare out what is going on and how to permanently
| correct the situation?
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Security log full, why? 3
a process with pid 0 accessing Internet without me initiating the connection;is something wrogh with 0
Svchost.exe Trojan Virus Spyware?? 5
svchost.exe Application Error 3
SCVHOST at 99%....laptop useless for at least 10 minutes 18
CPU @ 100% Usage when on INTERNET, Not sure Why ??? 3
System32 folder pops-up at every startup 6
[BUG] For Microsoft Support!! 0

Top