getting strange antivirus notifications from COMODO

Hi

I am new to the forums, and have a problem with CIS
the problem is that CIS is detecting rpcnet.exe rpcnet.dll rpcnetp.exe rpcnetp.dll all as a virus now I went to forums and such searching through comodo search and google all say that its part of an anti theft software from AbsoluteSoftware, and I tried everything to remove it but it keeps coming back then I read its embedded in the BIOS in some laptops and it can’t be removed…

I don’t know what to do about it but it’s rather annoying to have some software like this on my laptop…

thnx in advance for any info,

hero091

If you are sure this is a FP and not a virus, you can Exclude it from your AV. That will stop the alert popup for those files.

I don’t know about that, cause everytime I reinstall windows it comes back! and I loked at AbsoluteSoftware site, and it is said that the their monitoring agent resides there until you activate their software by purchasing a license from them which I didn’t and I want those files out of my computer cause for the first time I used my laptop none of these files were present??

sooo… is AbsoluteSoftware really a company on anti theft software or is my computer just infected?

It is tracking software should your laptop ever be stolen. To remove it you will need Regedit, and remove any occurance of those files.
then clean your registry and reboot.
From there you should be able to delete the files from your HDD.

Well that is the problem with AbsoluteSoftware their Agent that sends all your info of your laptop to their monitoring servers, it resides in the BIOS and it overrides autochk.exe at windows boot altering the boot so it can run its own code and it keeps coming back formatting won’t work guess it is designed just that way so hackers have no way to remove it but I want it removed. it’s annoying for COMODO two files are from Absolute rpcnet.exe and rpcnet.dll but after I add those to exclusions comodo pops up and gives me the standard rpcnetp.dll and exe as virus those are from Windows itself…

well I’ll might try cleaning the registry…

thnx

Is there an option in your BIOS to disable it before removing it from your registry?

No I checked that out already…
it has 4 options with I can’t change cause their are no other Values

I’ll try cleaning the registry and reboot it first…

thnx

well I cleaned the registry and deleted the files from my HDD

now I hope it won’t come back

but I am curious Why it suddenly got activated?? I did not purchase a license and the laptop is brand new…

but if it comes back what should I do???
and the instant malware scan online shows that its suspicious file and that it creates processes of iexplore.exe and svchost.exe

Hi Hero091,

There are 2 different things combined here.

1) Say, that is legitimate Software that you described here but you don’t want it on your PC.
You have to apply to the vendor and you have rights to know how to remove it (or at least disable) completely. But that is different story compare to detection itself.

2) You have flaggings by security Software (any).
It means only 2 things either that is a detection of the real bad thing or it is False Positive (FP)
With any security Software you have 2 choices: if you are absolutely sure that it’s FP either you Exclude that from scanning (place it into WhiteList) as John Buchanan suggested above or you should send files for analysis to the vendor which produced flaggings. If FP was confirmed that must be fixed with one of the subsequent updates.
The procedure is usually very similar for many security Software e.g.:

My regards

P.S. there could be cases when anyway you should use White List / Exclusion / Exception List, whatever it called.
For example:

  • file is flagged as Riskware, but we are using such Software for not malicious cause;
  • Traces in registry may be harmful and will reoccur any time after you use some legit Software. It does not make sense removing those.
  • Some Tools, which are used to fight malware, very often are flagged by many security Software(s). One of the reasons (amongst others) – those Utilities are using precisely the same code as malware is using… etc.

I will try that thank you siberlynx

Although this software is from Absolute Software Corp. some anti-theft company soo the files whereabouts I know of what I don’t understand is how the software got on my computer and they say the agent which collects all your laptop hardware info Ip serialnumber MAC address etcetera… resides in the BIOS until the software is activated and which I never did nor purchased a license from them…

Hi Hero091,

From my initial reading on this.

Some manufacturers include the Absolute Software on a chip.
So it is persistent.
Apparently if you get hold of their tech support they can remove it remotely.
Provided of course you give them the serial number of your lappy and they confirm it’s not stolen.

Later.

Tech Support from HP or Absolute Software???

Hi Hero091 ,

Thanks for reply.

Yes, that’s what I understood from your initial post and that’s why I said that it’ is possible to apply for “removal/disabling” or whatever…

And that’s what Bad Frogger said

Some manufacturers include the Absolute Software on a chip
so when you are asking about which Tech Support - it should be HP (your laptop manufacturer) as far as I understand rather than the Software vendor.

My regards

Actually I read Absolute could do it.
Try them first.

Later

welll I tried with them through email but have not gotten a reply yet :frowning: maybe I’ll try and contact HP
see if they can help me out…

and regarding the files they came back after cleaning out my registry from rpcnet keys and rebooted my laptop and deleted the files from my HDD it came back…

it’s rather annoying but it can’t be helped…

thnx