Spyware, Viruses, & Security forum


rpcnetp.exe .dll?

by Gerardo_U / May 31, 2011 6:01 PM PDT

So I noticed I have this process that runs usualy when I turn on my laptop. It's not something I've had before (had laptop for several years). It's not flagged by Norton 360 nor Ad-Aware. After looking it up, I read that it can be malware or a laptop recovery process by Absolute, but I don't even have a 'trial' offer installed, nor any other of their security software and I'm usually very carefull about accidentally installing malware. Also, I just reformatted about a month ago so there are very few things I've installed so far. So my question is, how can I properly identify what this process is and get rid of it either way? Before I just reformat again, I'd like some feedback if possible since it seems that its installed in the BIOS and will just reinstall after the reformat.
Thank You.
Toshiba Satellite A135-S4467
Windows Vista 32 Home Premium

Discussion is locked
You are posting a reply to: rpcnetp.exe .dll?
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: rpcnetp.exe .dll?
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Clarification Request
by Kees_B Forum moderator / May 31, 2011 6:08 PM PDT
In reply to: rpcnetp.exe .dll?

Locate that file in Windows Explorer, right click>properties and tell us:
1. The folder where you found it.
2. What it tells you on the Version tab of the properties.


Collapse -
No version, disappearing files
by Gerardo_U / June 1, 2011 1:40 AM PDT
In reply to: ..

Located at C:\Windows\System32, the details tab has the version information blank, as is everything else, the file size, for both the exe and dll is 17kb. To clarify, the process runs for a few moments at startup that I've noticed, I've kept task manager open for extended periods of time but havent seen it run at other times. Also, when I started this thread, I found the file by going into the 'open file location' option of the task manager, but when I went into the directory to search for the version number, both files had disappeared. So I restarted, and sure enough the process ran again, and both files were there again, this time I actually saw the exe file just disappear from the directory just after I looked for the version number.

All Answers

Collapse -
rpcnetp.exe and rpcnetp.dll
by Carol~ Forum moderator / June 1, 2011 2:05 AM PDT
In reply to: rpcnetp.exe .dll?


According to a Toshiba Support Bulletin, the repcnetp.dll is part of your Toshiba models' Lojack application, which is manufactured by Absolute.

From Toshiba :

The files rpcnetp.exe and rpcnetp.dll may be incorrectly identified as indicating a 'Trojan' virus, by anti-virus software.

Several computer manufacturers, including Toshiba, have received reports that virus protection software may report these files to be a Trojan virus. Warnings about these files may be safely ignored. The files are not part of a virus, they are part of Absolute Software's Lojack application.

Hope this helps..

Collapse -
Activated or not Lojack invades privacy of all laptop owners
by bkimz / February 17, 2012 9:42 AM PST

According to Absolute Software, the developers of Computrace, aka Lojack for laptops, the application file rpcnetp.exe will only be downloaded from Computrace AFTER the owner has actually activated Lojack for Laptops protection. It is not supposed to be placed on your laptop normally. The dates of online user questions about finding the application ' rpcnetp.exe ' on Toshiba laptops all seem to commence around the middle of 2011. If you purchased a Toshiba laptop after the middle of 2011 it may be that Toshiba is mistakenly installing these applications.
My Toshiba laptop was made in 2009 but it was not until recently that I began using a program called WinUtilities Process Security 3.0. Process Security did not previously alert me to the presence of both Lojack applications rpcnetp.exe and rpcnet.exe, but it did today, February 17, 2012, and it identified both as having "unknown" security risks. this is what prompted me to read up on Lojack's claims that its spyware was only installed on computers where Lojack had been activated for that machine.
Neither RPCNETP.exe nor rpcnet.exe are totally benign programs. if you read some of the 'case histories' which Absolute Software provides about recovered laptops you will notice that Absolute inadvertently discloses that they are able to use rpcnetp.exe and rpcnet.exe to scan anything and everything on your computer.
While Lojack claims that this is only done for computers reported stolen they also say, incorrectly, that these two files will only appear on your computer AFTER the owner purchases Lojack. I also noted in examining "last accessed" and "last write time" that each indicated a date only 5 days ago! So the question is, what is Absolute doing to my computer that would require its two supposedly inactive files to be written to?
This is shady business by somebody. And if most or all laptops are being equpped like this, it is plainly an open door for Homeland Security to go to Absolute Software, either with or without a warrant under the Patriot Act, and be able to look at all the information inside of anyone's computer that they want to.
This is a very serious threat to the privacy of anyone who owns a laptop pre-equipped with a Lojack setup.

Collapse -
Changing BIOS password to turn off Lojack
by libraj112 / February 28, 2012 8:27 AM PST

If the password in the BIOS is changed can the laptop still be monitored? I got my laptop a few months ago & I just found out about this thing called "lojack". I don't think I approve of this possible invasion of privacy either. I'm very responsible when it comes to keeping an eye on it so I don't think I need their services. I did change the password but just not sure if that helps.

Collapse -
Besides Lojack, there is Prey.
by R. Proffitt Forum moderator / February 28, 2012 9:35 AM PST
Collapse -
re:Changing BIOS password to turn off Lojack
by User483 / October 13, 2012 6:52 AM PDT

libraj112, no, changing the BIOS password certainly won't help you. Contacting a lawyer instead would.
From a technical point of view, in order to use your laptop you need to get the BIOS source code, review, compile and flash it.

Collapse -
Activated or not Lojack invades privacy of all laptop owners
by User483 / October 13, 2012 6:44 AM PDT

This is the worst virus I've ever seen: OEM-installed(in my case it was Acer on an Aspire One 756 bought in 2012) BIOS-based spyware, backdoor. A file is written by the BIOS to c:\windows\system32\rpcnetp.exe, then it starts downloading and installing the actual spyware. My guess is the spyware was used to remotely access my computer. Note this is my laptop and I didn't buy any lojack subscription.
Where can I get some InsydeH2O BIOS source code in order to build the BIOS myself?

Popular Forums
Computer Help 51,912 discussions
Computer Newbies 10,498 discussions
Laptops 20,411 discussions
Security 30,882 discussions
TVs & Home Theaters 21,253 discussions
Windows 10 1,672 discussions
Phones 16,494 discussions
Windows 7 7,855 discussions
Networking & Wireless 15,504 discussions


Want to see the future of car technology?

Brian Cooley found it for you at CES 2017 in Las Vegas and the North American International Auto Show in Detroit.