I keep having my firewall notify me that RPCSS.EXE is trying to phone home...I say no (of course)...but I'm intriged as to what it is...before I instruct the firewall to fully block it.
On Google there are several sites that claim that it is spyware from Microsoft. Some sites say you can delete it or rename it...others say it will hurt your machine if you alter or delete it.
Anyone here know the straight story on this little creature?? :upside

yeah ...Janett...thanks ...I've already read this site. But ..as I said above...much contradictory info out there regarding whether its ok to delete or rename RPCSS.EXE.
I thought one of my ZP brethern might be able to better define that for me.

are you saying janette cant help mikehunt =) I would take it as an insult and as a sexual deviate =)

shawners ..yer too funny..

ok janett..for about a month now.. my Sygate firewall began to alert me ..that a remote machine was trying to connect....blah...blah...or ..that my machine was attempting to phone home.
I ruled them from connecting ...but left it set ,to prompt me everytime ...so I could try and determine a pattern, or whether it caused any problems blocked...or if it was needed for something.
Only now have I decided to research it further so that I can stop having the prompts bug me.
I noticed incomplete and contradictory info about it on cexx...and other sites. The usual M$ FUD
So here I am askin; LOL
Running 89SE on this machine.
*...one site suggested that it is part of a DRM scheme.... tracking download info...was downloaded as part of a M$ patch. hmmmm ??

my opinion most probably means sh*t all to you but now im having the same firewall notification about RPCSS.exe. I've just installed Diskeeper 8.0 and restarted my computer and now i get these messages. i also use 98SE like mikehunt and but i have Mcafee firewall. should i be worried?

artsonic


http://www.artsonic.co.uk

rpcss

Remote Procedure Call Services is used for networking, by applications which use a client - server system.

its not spy/ad-ware, trojan, or anything its merely a service to help maintain order of communication from a client - server point.

artsonic, diskeeper is used for local as well as remote disk maintenance, if it was installed as if it were to run on a server then yes RPCSS will be invoked to search for remote nodes for which to operate on from a network.

its not a virus or malicious executable, its just a service which a program needs to function properly.

oops...Janett ..wait a minute...according to a couple of sites ...deleting it ....if you have certain operating systems ...2000 ..and NT...might make your computer unusable.
From further research... it seems that some people with some operating systems can delete it...and others can't...
Maybe renaming the file is safer to do...instead of a deletion right away....hmmm

Ea$y...I'm with you...but...please go to the cexx link janett posted about..therein lies my concern

i cant go to that page for some reason, comes up blank with a 403 error, if you can copy some of the text thats an issue for you i would like to see what it says.

thanks janett, with the concerns about exploits and what not, i would like to remind the people about the MSblast virus which was a direct exploit of the rpc service, that has been "fixed" by an MS patch.

like that says, rpc itself isnt a virus or malware, but exploiting how it works with 1 is bad news, but it leaves too many noticeable signs with its bandwidth consumption. i dont see where the confusion is as thats pretty much straight forward.

blaster 2 is probably being worked on right now, probably waiting for xp sp2 just to test how secure MS really is makin the OS.

We will name janette compugen JR. =) The only thing i like phoning home is E.T. I had sygate blocking and alerting. Most times windows messenger, outlook express, clock sync, and various norton would do it. I went to bed one night with NO APPS RUNNING and internet explorer closed.. AND PEERGUARDIAN blocked 28 accesss.. Never blocked in daytime or running around. Just did it for that one night.. it said BAY TSP, and KAZAA hash.

janett = compugen jr.
LOL...yup..thanks.

So I gather it's harmless and can be deleted with no problem??...or I should keep it???
I'm still not sure....hmmmmm

Thanks ...btw...for moving this to a better forum :gj

do NOT remove it, doing so can cause many complications, just leave it as is its harmless.

just block it if you so have to, but for the OS stability sake dont get rid of it

mike hunt...i was worried about this same thing a long time ago..when i had win98 First Edition i deleted it with no problems...but it seems that windows updates such as internet explorer 5.5 with service pack 2 and newer versions of windows media player rely on it for some reason..and you will have program crashes if it can't be found on your system.

if you have windows media player 6.4 and an interbrowser 5.01 of microsoft and were running 98 i'd say it'd be okay to delete it.

here's a safe test for you.

find out where the rpcss.exe resides on your system in windows 98se it will most likely be in C:\Windows\System folder.

Boot into dos mode..by clicking start>retart computer

Then press and HOLD down the ALT + F5 buttons to boot you into pure msdos mode.

From the command prompt type this exactly step by step:

cd C:\Windows\System
attrib -h -r -s -a rpcss.exe
copy rpcss.exe rpcss.bak
del rpcss.exe

Then hit CTRL+ALT+DEL to reboot your computer normally.

If your computer starts up with no errors about a 'missing program file rpcss.exe'

Then you don't need it.

IF windows fails to load with an error message like 'blah-blah-blah is linked to missing export in rpcss.exe"

Then simply reboot into pure dos mode..by following the same procedure and do this:

cd C:\Windows\System
ren rpcss.bak rpcss.exe
attrib +h +r +s +a rpcss.exe

Then reboot.

P.S.

MAke Sure You Print These Instructions Out First Before Trying This Tip.

-DM

PLEASE NOTE: if you have WinME, Windows2000 Pro or Home, or WinXP...don't do this as rpcss.exe is a valid system process required by these particuliar versions of windows to run.

Thank You ...darkmessenger ...for the instructions.. I will let you know the outcome.
Thanks to Ea$y and janett as well for their help and imput.


* update...darkmessenger...tried removing it...no go ...just as you said...I'm stuck with it.
Thanks again for the detailed instructions.

I want for you all to go to Administrative Tools > Services and right click the Remote Procedure Call (RPC), (rpcss)

Now go to the Dependencies Tab. You see the Services there that depend on the RPC in order to communicate with other Services?

"WHAT . . . awwww that's just bullshit man, I turned half of that crap off cuz ZP told me to go to BlackViper.com, and turn off unused Services!"

Ok, right . . . jolly good. Can you turn off ALL of them? Go ahead, make my day.

RPC is the switchboard for the low level background Services, all behind the scenes stuff, but not NSA or FBI stuff. Just turn off anything that you dont need, and, trust me, if you are a standalone XP box, connected to broadband, you hardly need any of it.

To the extent that you do what you SHOULD be doing anyway, keeping it lean and clean, this really isnt an issue.

cheers




and btw . . . I want to use janett999 as an example, she is not an authoritative computing source, she DOES HER HOMEWORK and RESEARCHES, so you lazy bastards dont have to. She deserves an award for this, . . youre all not worthy. bow! bow!


.

Janet is an example of someone that BOTHERS to do her own research, which is why she comes up with these articles. Shes smart, overly helpful, and a techie to that extent. Fortunately, so is MikeHunt, which is why he already knew about that article.


Ea$y_E gets the prize for really sharing pertinent fact on this (which btw . . folks . . we already covered this base once this year!)


Dont listen to those chicken little "the sky is falling" alarmist bullshit articles, theyre usually by people like scorchie who just have way too much to say about a simple thing.

Leave it, patch it., and JUST SAY NO, you'll be fine.



.