rpcmon.exe - Dangerous


Manual removal instructions:

Antivirus Report of rpcmon.exe:
rpcmon.exe Malware
rpcmon.exeHigh Risk
W32.Randex.ATX is a network-aware worm that may be remotely controlled using IRC.

Deletes the C$, D$, IPC$, and ADMIN$ shares.
Releases system information and CD keys from the compromised computer via IRC.
Installs an IRC backdoor on the computer.

Drops and executes the file, %Temp%\secure.bat, which deletes the C$, D$, IPC$ and ADMIN$ shares.
Starts a keylogger and logs keystrokes to the file, %System%\Ntfsvi.txt.
The worm will then connect to an IRC server, batwing.gotdns.com, and then listen for commands.

Some of the actions the worm can perform include:

Scanning for computers that have weak administrator passwords and copying itself to those computers.
Collecting the CD keys of many computer games and sending them back to the attacker, using the IRC channel.
Displaying information about the computer, such as the CPU speed and amount of memory.
Performing ping, SYN, and UDP flooding.
Downloading files, which may include updated versions of the worm, and then executing them.
Connecting to Trojan horses on other computers, based on a predetermined list of names. The names to which the Trojan attempts to connect are Kuang, NetDevil, MyDoom, Sub7, and Optix.
Acting as a proxy for SOCKS, HTTP, and TCP connections.

You may use RegRun Startup Optimizer to automatic remove it from startup.

Remove rpcmon.exe now!

Dmitry Sokolov:

I created UnHackMe in 2006 to fix the problem that antivioruses did not fix: detecting rootkits.

Since that time I work every day to fix the issues that antiviruses cannot.

If your antivirus have not helped you solve the problem, you should try UnHackMe.

We are a small company and you can ask me directly, if you have any questions.


You can read UnHackMe testimonials here.