Spyware, Viruses, & Security forum

General discussion

rpc.exe, HackingTools_RARPasswordCracker = Win32.TrojanSpy.B

by curious2009 / October 20, 2009 10:52 PM PDT

Sorry for the length!

About a month ago I downloaded a RAR password cracker which Trendmicro Sysclean detected as malware. I was able to remove it and related registry files. According to the Trendmicro threat encyclopedia, HackingTools_RARPasswordCracker is also known as Win32.TrojanSpy.Bancos (Link here- http://threatinfo.trendmicro.com/vinfo/grayware/ve_graywareDetails.asp?GNAME=HACKINGTOOLS_RARPASSWORDCRACKER). I googled Win32.TrojanSpy.Bancos and one of the results (http://www.spywareguide.com/spydet_1963_trojan_banker_q.html) states that it if I had this on my computer, the people responsible now have my e-mail and bank log in information, since my bank and e-mail provider's web addresses are both listed. Is HackingTools_RARPasswordCracker always Win32.TrojanSpy.Bancos, or is HackingTools_RARPasswordCracker always branded as such even if it doesn't have Win32.TrojanSpy.Bancos? Also, I have Windows XP and not Windows NT, so would my information failed to have reached the author's server as it says on the second site?

Prior to using Sysclean I also used Trendmico Housecall which detected rpc.exe (which is what prompted me to run Sysclean). Is rpc.exe the same as HackingTools_RARPasswordCracker / Win32.TrojanSpy.Bancos, or completely different malware?

Discussion is locked
You are posting a reply to: rpc.exe, HackingTools_RARPasswordCracker = Win32.TrojanSpy.B
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: rpc.exe, HackingTools_RARPasswordCracker = Win32.TrojanSpy.B
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Re: Hacking Tools_RARPasswordCracker
by Carol~ Moderator / October 21, 2009 4:05 AM PDT


Keep in mind, as noted here, Win32.TrojanSpy.Bancos is only an alias for the "hacking tool" you installed. There was a thread at CNET some years back, where a password tool was discussed. I used the utility (at the time) to check some passwords on my own system. A good deal of scanners detected it. For example, A

Collapse -
(Apologies for the length again)
by curious2009 / October 21, 2009 9:14 PM PDT

I should clarify that by saying 'the people responsible' I am referring to the people responsible for writing the malware (i.e. its authors), and not claming that they are responsible for RARPasswordCracker being on my computer. I downloaded RARPasswordCracker on CNET which labeled the program as safe, as did the McAfee scanner that comes with Firefox, as did Avast, Malwarebytes, AdAware, and recently the Kaspersky online scanner and AVG. I should also clarify that I downloaded this program to open files on my computer, not to crack passwords on anyone else's system. The reason I started this thread was because Trendmicro detected the program as being malicious so I was wondering just how malicious it was. Apparently it doesn't destroy your files but intercepts sensitive data through the internet (if HackingTools_RARPasswordCracker really is Win32.TrojanSpy.B or a variant), which to me is worse. My goal here is to determine just how much I should be worried about this having been on my computer for as long as it was.

I know I'm being hopeful or naive, but does anyone know if there's any truth to the second link when it states "Sends the stolen information to remote server, but it requires Windows NT Server"? Of course, rpc could be another banking trojan variant that doesn't require an NT server...

Collapse -
No Need for Apologies
by Carol~ Moderator / October 22, 2009 3:47 AM PDT


I understand your concerns, however I think you missed the point. YOU installed the program. As I alluded to previously, it's "harmful without the knowledge of the user". It's not like you "found" it on your system, and it was being used for malicious intent by someone else. It's not the tool itself, which is dangerous, but who's using it, and how it's used.

You wrote in your previous post, "The reason I started this thread was because Trendmicro detected the program as being malicious so I was wondering just how malicious it was". Since it's considered a hacking tool, it's normal Trend Micro would detect it. You would need to be concerned, if the tool was in the wrong hands. In this case, they were "your hands". If it was found installed on your system (by a hacker) to "intercept sensitive data", you would have cause for concern. It's not the case. I don't know how else to explain it.

Hope this helps..

Collapse -
So it may have been a false alarm?
by curious2009 / October 22, 2009 5:50 PM PDT
In reply to: No Need for Apologies

Okay, I think I understand now. Happy

Collapse -
(NT) Yes! You were alarmed falsely.
by Carol~ Moderator / October 23, 2009 12:47 AM PDT

Popular Forums

Computer Newbies 10,686 discussions
Computer Help 54,365 discussions
Laptops 21,181 discussions
Networking & Wireless 16,313 discussions
Phones 17,137 discussions
Security 31,287 discussions
TVs & Home Theaters 22,101 discussions
Windows 7 8,164 discussions
Windows 10 2,657 discussions


Your favorite shows are back!

Don’t miss your dramas, sitcoms and reality shows. Find out when and where they’re airing!