Your generous donations help keep this site online! Click here to support
Other: RPCSS.EXE, mdm.exe

First off, check out "What is RPCSS.EXE?" (Guest) for the most comprehensive description of RPCSS I've seen. According to this information, RPC is no more than a glorified port mapper.

There is also this page explaining MDM in detail and how to remove it.

RjN sheds some light on the RPCSS process:

The RPCSS program ... is the Microsoft Remote Procedure Call Service.

It facilitates the development and debugging of distributed applications, apps that are resident on machines other than the local one.  While I’m unaware of any current exploits the software is designed to make it easier for “nonresident,” i.e. non-local applications to run on your machine, and vice versa.

The RPCSS program is installed by certain Microsoft products such as MS Visual Studio and Visual C++, Visual Basic, Interdev, and J++. I actually had this on my own system for some time--since its appearance seemed to coincide with my installation of the Microsoft "Evil Movie Player" (necessary for playing all those .ASF files college people on networks insist on passing around), I assumed it was some kind of multimedia handler a la MPREXE and MMTASK.

RPCSS opens ports on your machine (usually 135 as well as some "random" ports in the low 1000s) and proceeds to try and access the Internet, setting off programs such as Zone Alarm and firewalls with its suspicious activity. While the RPCSS program is probably supposed to serve some kind of legitimate purpose, it has nonetheless been cited for numerous stability problems as well as security concerns. (Not to mention the unverified, but fairly wide-spread, other allegations...)

The Microsoft Machine Debug Manager (mdm.exe), to my knowledge, does not connect to the Internet itself. However, it is still a rather ill-behaved program that leaves scads of temporary files on the hard drive that it never deletes, and fails to unload properly (on shared computers, when a user logs on a new instance of mdm.exe may start, but it won't necessarily exit when the user logs off. Depending on how many users have used the PC since the last reboot, dozens of copies of this program could be simultaneously running, eating up CPU and memory!).

While privacy implications of these programs have yet to be established, the RPCSS program is known to cause crashes and fatal errors on some PCs using Dial-Up Networking, as described here. The program doesn't seem to do anything useful for most people, and several users have reported deleting it without any ill effects. (Note: RPCSS appears to be critical to Windows NT operation--see warning below.) The Debug Manager may be useful to power users and software developers, but for the majority of users it is probably just wasting memory. My recommendation for Windows 95 users is to rename these files (rpcss.exe -> rpcss.ex_, mdm.exe -> mdm.ex_) if you are concerned about them, or if they cause problems on your system. The RPCSS file is normally located in C:\Windows\System and the MDM.EXE file may be located either there or C:\Windows -- but for best results, use Windows' Find to locate all copies. Renaming the files allows you to restore them later if you ever need to.
Note: Microsoft suggests that users can safely remove mdm.exe without ill effects. See for more information.

Warning: Do not tamper with RPCSS.EXE on Windows NT: I have received a report that removing RPCSS on a Windows NT system severely crippled it (to almost non-functional status); apparently many of the NT Services require it. See description below:

Woodrow writes:
"NT 4.0 Sp6

rpcss.exe  size 53kb

Results of rename:  Found many associated NT services required rpcss.exe to be present to load at start up.  NT OS crippled with out rpcss.exe to (almost) not functional status.

Work around to 'recover' NT OS:  My system would not allow 'vga mode' on start up, possible due to lack of rpcss.exe.  Opened task manager (Cntl-Alt-Del) to 'selectively' end all non essential tasks to get extremely slow functioning on OS.  Used 'file find' to rename rpcss.ex_ back to rpcss.exe.

I can't tell you what the results are on win95/98, but the results of renaming rpcss.exe on NT are *NOT* fun!"

Microsoft tech support suggests an alternate solution to RPCSS issues which does not involve removing the RPCSS.exe file:
When you start Windows 95, Windows 98 or applications (including Visual Basic 6.0, Visual C++ 6.0, and so forth), the Internet Connection dialog box appears.

If you have enabled remote connections in Windows 95 or Windows 98, your system might try to initiate an Internet connection at Windows 95 or Windows 98 startup or at the start of some applications. This behavior is often referred to as AutoDial or AutoConnect.

To turn off remote connections in Windows 95 or Windows 98, set the registry key EnableRemoteConnect to "N". You can do this by running DCOMCNFG, clicking the Default Security tab, and clearing the Enable remote connection check box. If DCOMCNFG fails to run, try the steps below, which describe creating REG files that modify the EnableRemoteConnect setting directly.

Your normal Internet activities should not be affected by changing this setting to disable remote connections. This setting is the default for most systems. However, enabling remote connections is necessary for some features of DCOM.

For additional information on this setting, please see the following article in the Microsoft Knowledge Base:
Q177394 Troubleshoot Run-Time Error '429' in DCOM Applications
Q175312 Modem Attempts to Dial When Windows Starts

Thanks M@X/B@R@K@ for alerting me to the RPCSS program and its Internet connection activities.

Privacy Power! DCOM and SOAP
Microsoft Knowledge Base: Mdm.exe leaving temporary files in \Windows directory
Parasites - Info re: Machine Debug Manager

Up (Adware)
HomeE-mailCopyrights and Disclaimers


"All trademarks are hereby acknowledged as the property of their respective owners." So don't even THINK about suing me :)