Hi All
Over at Malware removal we have determined that LoJack for Laptops may cause a false positive for Virtumonde.sdn in the rpcnet.exe and rpcnet.dll files in C:\WINDOWS\System32\
Malware removal thread is:
Aw Nutz Virtumonde.sdn Please Help
I have read the Sticky: How to report False Positives
So System is a Dell Laptop XPS M1730
OS Windows XP Pro Service pack 3
Browser Firefox 3.10
Spybot Version 1.6.2.46 Last Run Today (06/19/2009)
TeaTimer is Off (per instructions)
Scan Result From Checks.txt
--- Report generated: 2009-06-19 07:45 ---
Virtumonde.sdn: [SBI $75457FE7] Library (File, nothing done)
C:\WINDOWS\system32\rpcnet.dll
Properties.size=51200
Properties.md5=D04983957CC85EA60E5B2D8A23B54D8B
Properties.filedate=1245421898
Properties.filedatetext=2009-06-19 07:31:38
Please Note that C:\WINDOWS\System32\rpcnet.exe is also included in this problem.
I have opened a ticket with LoJack inquiring about this and they confirm that both these files are theirs and can safely set as not dangerous. They did not give me an MD5 hash to confirm, However they also stated that they have opened tickets with various companies. Have they done so with you? The files cannot be moved or modified (I believe BIOS Generated). So how can I "whitelist" this until a fix in Spybot is in place? I live on serious pain meds, so if I type something unclear or goofy, or don't respond for a while, please bear with me...
Please advise as to what to do next.
Thanks
Ken Corvino