The program RPCCLIENT.DLL is used for hidden penetration into PC and its remote administration.
UnHackMe is recommended as a reliable program for solving the problem with RPCCLIENT.DLL.
Download for free: http://www.unhackme.com
Malware Analysis of RPCCLIENT.DLL
Full path on a computer: %SysDir%\rpcclient.dll
Detected by UnHackMe:
RPCCLIENT.DLL
Default location: %SysDir%\rpcclient.dll
Removal Results: Success
Number of reboot: 1
RPCCLIENT.DLL is known as:
Backdoor.Agent.80384.AM, Win32.Agent.TZY
RPCCLIENT.DLL hash:
- MD5: 67ce4cfd1d92a5d67a830aa576b313a2
The file tries to connect to the dangerous web site.
How to quickly detect RPCCLIENT.DLL presence?
![]( "Registry")
Registry:
![]( "Files")
Files:
Registry:- HKLM\System\CurrentControlSet\Services\windows update\Parameters\ServiceDll: “%SysDir%\rpcclient.dll”
- HKLM\System\CurrentControlSet\Services\windows update\Parameters\ServiceMain: “ExitProcedure”
- HKLM\System\CurrentControlSet\Services\windows update\Type: 0×00000010
- HKLM\System\CurrentControlSet\Services\windows update\Start: 0×00000002
- HKLM\System\CurrentControlSet\Services\windows update\ErrorControl: 0×00000001
- HKLM\System\CurrentControlSet\Services\windows update\ImagePath: “%SystemRoot%\system32\svchost.exe -k netsvcs”
- HKLM\System\CurrentControlSet\Services\windows update\DisplayName: “windows update”
- HKLM\System\CurrentControlSet\Services\windows update\ObjectName: “LocalSystem”
- HKLM\System\CurrentControlSet\Services\windows update\Description: “windows update”
Files:- %Temp%\kb21.tmp
- %SysDir%\rpcclient.dll