locked
Rpcnet.dll (Absolute Computrace/Lojack for laptops related) False Positive? RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote

    I'm suddenly seeing a lot of the following detections:

    Malware name: VirTool:Win32/BeeInject
    Process name: C:\Windows\SysWOW64\rpcnet.exe
    Path found: file:_C:\Windows\SysWOW64\rpcnet.dll

    Rpcnet is a component of Absolute Computrace (a.k.a. Lojack for laptops). It has been installed on my computers for a long time. I plan to submit a false positive report but I didn't see a thread about this yet and wanted to see if anyone else is experiencing this issue.

    Thanks

    Thursday, April 26, 2012 7:21 PM

Answers

  • Question
    Sign in to vote
    0
    Sign in to vote
    It appears definition update 1.125.929.0 fixed this for me.
    Tuesday, May 1, 2012 11:25 PM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi,
     
    Thank you for your question.

    Here is Win32/BeeInject thread details in MS Malware Encyclopedia.
    I suggest you run full scan via Microsoft Safety Scanner or submit the file as sample to Microsoft. 
     
    If there are more inquiries on this issue, please feel free to let us know.

    Regards

    Rick Tan

    TechNet Community Support

    Friday, April 27, 2012 9:21 AM
    Moderator
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi Rick,

    We have the same issue too!  I already submit the False Positive Report Form(http://www.microsoft.com/security/portal/Shared/VendorFP.aspx) and contact Absolute Software too.

    Hank

    Friday, April 27, 2012 1:30 PM
  • Question
    Sign in to vote
    0
    Sign in to vote
    Same issue here!  It has to be a false positive - it is occurring on all machines including ones just deployed.
    Friday, April 27, 2012 3:04 PM
  • Question
    Sign in to vote
    0
    Sign in to vote
    I submitted the file to MS and Computrace.  MS confirms it is not malware.  Computrace thinks it may be only their latest build triggering the false positive.  Still haven't heard if MS will be updating definitions.
    Friday, April 27, 2012 4:22 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    From Computrace:  I’m
    forwarding the information to our engineers to expedite the whiteflagging of
    rpcnet.dll with Microsoft. I’ll keep you updated as I learn more.

    It appears to only affect those running computrace agent version 910 (at least in our environment)

    Friday, April 27, 2012 4:36 PM
  • Question
    Sign in to vote
    0
    Sign in to vote
    Thanks for the new info Danny! Hopefully they can get this fixed soon.
    Friday, April 27, 2012 5:02 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    MSE is also flagging rpcnet.dll as a virus tool for me.

    Thanks for passing the false positive reports on to the companies guys.  I will wait for them to fix it.

    Friday, April 27, 2012 7:17 PM
  • Question
    Sign in to vote
    0
    Sign in to vote
    We are currently having a the same problem on Laptops that have computrace.  Just wondering if it has been corrected yet.
    Saturday, April 28, 2012 1:08 PM
  • Question
    Sign in to vote
    0
    Sign in to vote
    It appears definition update 1.125.929.0 fixed this for me.
    Tuesday, May 1, 2012 11:25 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    i am experiencing the same issue with my laptop showing trojan detected at this path

    Friday, December 29, 2017 3:27 PM