Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Trojan Madness. SVCHOST.EXE? Windows will not update.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Trojan Madness. SVCHOST.EXE? Windows will not update.

Unread postby sturdman » June 29th, 2014, 6:41 pm

Ok so just after I submitted that last post, the computer restarted all on its own with no warning. The screen would go black and then turn back on and then go black again and then it just restarted. I figured I would let you know about all that is going on.
sturdman
Regular Member
 
Posts: 25
Joined: June 25th, 2014, 3:12 am
Advertisement
Register to Remove

Re: Trojan Madness. SVCHOST.EXE? Windows will not update.

Unread postby sturdman » June 29th, 2014, 6:59 pm

I followed the instructions in Step 2 but I simply can't find "rpcss.dll" when I select browse from either website.

I looked up the file without using the browse from the websites and it is there. For some reason when I choose browse from either website, rpcss.dll, isn't there at all. So I looked up the file and tried to drag it into Jotti's file to scan box and hit submit but it just says "File is empty (0 bytes)!" Virus Total doesn't even recognize it.
sturdman
Regular Member
 
Posts: 25
Joined: June 25th, 2014, 3:12 am

Re: Trojan Madness. SVCHOST.EXE? Windows will not update.

Unread postby wannabeageek » June 29th, 2014, 7:40 pm

Hi sturdman,

That is a new one on me. Copy the file C:\Windows\System32\rpcss.dll to your desktop and then repeat step 2. Then it will work. This is what I had to do to get mine to work.

wbg
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Trojan Madness. SVCHOST.EXE? Windows will not update.

Unread postby sturdman » June 30th, 2014, 12:07 am

sturdman
Regular Member
 
Posts: 25
Joined: June 25th, 2014, 3:12 am

Re: Trojan Madness. SVCHOST.EXE? Windows will not update.

Unread postby wannabeageek » June 30th, 2014, 12:24 am

Hi sturdman,

Your file has no valid signature from Microsoft so we will work on getting it replaced. But first we must find a good one. I will be asking you to check some others that we find.

Please run the following:

SystemLook

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Right-click SystemLook.exe and select " Run as administrator " to run it.
  • Copy the content of the following codebox into the main textfield: Do not include the word Code or Select all:
    Code: Select all
    :filefind
    *rpcss.dll*
    



  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Trojan Madness. SVCHOST.EXE? Windows will not update.

Unread postby wannabeageek » July 2nd, 2014, 8:45 am

Hi sturdman.

It has been two days since my last post.

  • Do you still need help?
  • Do you need more time?
  • Are you having problems following my instructions?
  • According to Malware Removal's latest policy, topics can be closed after 3 days without a response.
  • If you do not reply within the next 24 hours, this topic will be closed.
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Trojan Madness. SVCHOST.EXE? Windows will not update.

Unread postby sturdman » July 2nd, 2014, 11:14 am

I apologize, for some reason I didn't get any email notifications this time around that you had posted. Will post the results as soon as the scan finishes.
sturdman
Regular Member
 
Posts: 25
Joined: June 25th, 2014, 3:12 am

Re: Trojan Madness. SVCHOST.EXE? Windows will not update.

Unread postby sturdman » July 2nd, 2014, 11:18 am

SystemLook 30.07.11 by jpshortstuff
Log created at 08:08 on 02/07/2014 by bamf
Administrator - Elevation successful

========== filefind ==========

Searching for "*rpcss.dll*"
C:\Users\bamf\Desktop\rpcss.dll --a---- 528384 bytes [04:02 30/06/2014] [13:27 20/11/2010] D042E5FE276874195047E9872DE6A14D
C:\Windows\System32\rpcss.dll --a---- 528384 bytes [16:26 25/06/2011] [13:27 20/11/2010] D042E5FE276874195047E9872DE6A14D
C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll --a---- 509440 bytes [00:00 14/07/2009] [01:41 14/07/2009] 7266972E86890E2B30C0C322E906B027
C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll --a---- 512000 bytes [16:26 25/06/2011] [13:27 20/11/2010] (Unable to calculate MD5)
C:\Windows\winsxs\Backup\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d_rpcss.dll_fd3e269b --a---- 512000 bytes [06:16 25/02/2012] [05:47 25/02/2012] 5C627D1B1138676C0A7AB2C2C190D123

-= EOF =-
sturdman
Regular Member
 
Posts: 25
Joined: June 25th, 2014, 3:12 am

Re: Trojan Madness. SVCHOST.EXE? Windows will not update.

Unread postby wannabeageek » July 5th, 2014, 12:00 pm

Hi sturdman,

I need you to create a batch file, save it to your desk top and then run it.
Then I need you to identify the C:\ drive letter in the Recovery Environment on your PC. It will be different.
This is needed in order to replace the bad rpcss.dll file in the System32 folder.

Step 1.
Create a batch file
  1. Open Notepad.
  2. Copy/paste the following text into the empty Notepad window.
    @echo off
    copy C:\Windows\winsxs\Backup\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d_rpcss.dll_fd3e269b C:\rpcss.dll
  3. Save the file as MoveDriver.bat on your desktop. Save it with the file type... all types *.*.
  4. Right click the file MoveDriver.bat select "Run As Administrator" to run it. If prompted by UAC, please allow it.

Verify that the file rpcss.dll has copied to the root folder C:\


Step 2.
Boot into Recovery Environment

  • Restart the computer and press F8 repeatedly until the Advanced Options Menu appears.
  • Select Repair your computer. (Should be the top entry already Highlighted)
  • Select Language and click Next
  • Enter password (if necessary) and click OK, you should now see the screen below ...
Image

  • Take note of what drive Recovery Environment sees the Operating System on. RE sometimes sees drive allocations differently to how they are in Normal Mode, so it's important that you know so you can post appropriate instructions. It can be found at the top of the System Recovery Options window.
Image
  • Hit Restart button to boot back into Normal Mode.
  • Post details of the Drive letter you've just noted down.
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Trojan Madness. SVCHOST.EXE? Windows will not update.

Unread postby sturdman » July 5th, 2014, 2:44 pm

Okay I'm not sure how to "Verify that the file rpcss.dll has copied to the root folder C:\"

but went through with everything else it says "Microsoft Windows 7 on (C:) OS"
sturdman
Regular Member
 
Posts: 25
Joined: June 25th, 2014, 3:12 am

Re: Trojan Madness. SVCHOST.EXE? Windows will not update.

Unread postby wannabeageek » July 5th, 2014, 3:31 pm

Hi sturdman,

Please re-run SystemLook.

SystemLook

SystemLook should still be on your Desktop.
  • Right-click SystemLook.exe and select " Run as administrator " to run it.
  • Copy the content of the following codebox into the main textfield: Do not include the word Code or Select all:
    Code: Select all
    :filefind
    *rpcss.dll*
    

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Trojan Madness. SVCHOST.EXE? Windows will not update.

Unread postby sturdman » July 5th, 2014, 3:55 pm

SystemLook 30.07.11 by jpshortstuff
Log created at 13:46 on 05/07/2014 by bamf
Administrator - Elevation successful

========== filefind ==========

Searching for "*rpcss.dll*"
C:\rpcss.dll --a---- 512000 bytes [18:38 05/07/2014] [05:47 25/02/2012] 5C627D1B1138676C0A7AB2C2C190D123
C:\Users\bamf\Desktop\rpcss.dll --a---- 528384 bytes [04:02 30/06/2014] [13:27 20/11/2010] D042E5FE276874195047E9872DE6A14D
C:\Windows\System32\rpcss.dll --a---- 528384 bytes [16:26 25/06/2011] [13:27 20/11/2010] D042E5FE276874195047E9872DE6A14D
C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll --a---- 509440 bytes [00:00 14/07/2009] [01:41 14/07/2009] 7266972E86890E2B30C0C322E906B027
C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll --a---- 512000 bytes [16:26 25/06/2011] [13:27 20/11/2010] (Unable to calculate MD5)
C:\Windows\winsxs\Backup\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d_rpcss.dll_fd3e269b --a---- 512000 bytes [06:16 25/02/2012] [05:47 25/02/2012] 5C627D1B1138676C0A7AB2C2C190D123

-= EOF =-
sturdman
Regular Member
 
Posts: 25
Joined: June 25th, 2014, 3:12 am

Re: Trojan Madness. SVCHOST.EXE? Windows will not update.

Unread postby wannabeageek » July 5th, 2014, 10:15 pm

Hi sturdman,

According to the Systemlook results the file we want has copied to the root folder C:\
Now I need you to create a batch file, save it to the root folder C:\ and then run it in Recovery Environment.

Step 1.
Create a batch file
  1. Open Notepad.
  2. Copy/paste the following text into the empty Notepad window.
    @echo off
    ren C:\Windows\System32\rpcss.dll rpcss.dll.vir
    copy C:\rpcss.dll C:\Windows\System32\rpcss.dll

    • Note: Step 3 is a 3 stage process prior to actually saving the file.
  3. Save the file as ReplaceDriver.bat . Change location to Local Disk (C:). Save it with the file type... all types *.*.


Step 2.
Boot into Recovery Environment again

  • At the System Recovery Options window select Command Prompt
    • A Command Window will open with the cursor flashing next to X:\Windows\System32>
    • Type C: and hit Enter
    • The cursor should now be flashing beside C:\>
    • Type ReplaceDriver.bat into the Command Window
    • You should get a 1 file copied reply in the Command Window.
    • Type Exit into the Command Window then hit Enter to re-boot into Normal Mode.


Step 3.
SystemLook
SystemLook should still be on your Desktop.
  • Right-click SystemLook.exe and select " Run as administrator " to run it.
  • Copy the content of the following codebox into the main textfield: Do not include the word Code or Select all:
    Code: Select all
    :filefind
    *rpcss.dll*
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Trojan Madness. SVCHOST.EXE? Windows will not update.

Unread postby sturdman » July 6th, 2014, 12:28 pm

Okay, everything went smoothly. Here's the SystemLook log:

SystemLook 30.07.11 by jpshortstuff
Log created at 11:14 on 06/07/2014 by bamf
Administrator - Elevation successful

========== filefind ==========

Searching for "*rpcss.dll*"
C:\rpcss.dll --a---- 512000 bytes [18:38 05/07/2014] [05:47 25/02/2012] 5C627D1B1138676C0A7AB2C2C190D123
C:\Users\bamf\Desktop\rpcss.dll --a---- 528384 bytes [04:02 30/06/2014] [13:27 20/11/2010] D042E5FE276874195047E9872DE6A14D
C:\Windows\System32\rpcss.dll --a---- 512000 bytes [16:26 25/06/2011] [05:47 25/02/2012] 5C627D1B1138676C0A7AB2C2C190D123
C:\Windows\System32\rpcss.dll.vir --a---- 528384 bytes [16:26 25/06/2011] [13:27 20/11/2010] D042E5FE276874195047E9872DE6A14D
C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll --a---- 509440 bytes [00:00 14/07/2009] [01:41 14/07/2009] 7266972E86890E2B30C0C322E906B027
C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll --a---- 512000 bytes [16:26 25/06/2011] [13:27 20/11/2010] (Unable to calculate MD5)
C:\Windows\winsxs\Backup\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d_rpcss.dll_fd3e269b --a---- 512000 bytes [06:16 25/02/2012] [05:47 25/02/2012] 5C627D1B1138676C0A7AB2C2C190D123

-= EOF =-
sturdman
Regular Member
 
Posts: 25
Joined: June 25th, 2014, 3:12 am

Re: Trojan Madness. SVCHOST.EXE? Windows will not update.

Unread postby wannabeageek » July 6th, 2014, 12:31 pm

Hi,

How is the computer responding/performing?

wbg
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 47 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware