Secureit-net International Pte Ltd
27 Foch Road #02-09
Hoa Nam Building
Singapore 209264
Tel: (65) 3151 4913

RPCSS+ Terminating a malware process / Disabling a spyware process

The recent variants of spywares or malwares make a system service dependent on it and makes it impossible to be terminated using End Process function in your Task Manager.

In order to remove such malwares, you will to identify the process that they hook on to upon startup, e.g. there is this malware RPCSS+ that hooks onto RPCSS system process.

To disable it, you will need to start your PC in Safe Mode with command prompt and type sc config rpcss depend= "" to disable the dependencies.

Then restart your PC in recovery mode using your XP CD and disable the RPCSS+ service by typing disable RPCSS+ in the recovery console command prompt.

Restart your system again into Safe Mode and run regedit (Start, Run, type regedit) and then locate the RPCSS+ key in HKLMSystemCurrentControlSetServices and delete the key.

Also remove suspicious programs found in
HKLMSoftwareMicrosoftWindowsCurrentVersionRun
HKCUSoftwareMicrosoftWindowsCurrentVersionRun


Do a search for rpcss_pl.exe and delete any entries found. Delete any files found in %userprofile% emp. Run regedit.exe & check for applications with weird sounding name (eg. xuwkjvppa) in HKLMSystemCurrentControlSetServices that you're denied access to, take control of the keys, back it up & remove it.

If the above steps are too complicating or too troublesome to follow, you may also try using free malware removal tools like Combofix which will run a thorough scan through your system for malicious programs. This is however not without risks & on a small percentage of seriously infected system, it may cause the system to crash.

For a constant up-to-date protection against future spywares and trojan, you may consider purchasing commercial antivirus program to keep your system protected.

As antivirus programs also protect your system from Trojans, it will also prevent your system from infections via email borne Trojans and keystroke loggers which are getting more and more common.

This same process can be used for cleaning autoloading malwares like TBPS, WinTools, WinToolsSVC, msccn32.exe and their variants that starts as a system service.



Click here for information on disabling malicious DLL programs.

Active Scan 2.0 : USA