Avast WEBforum
Other => Viruses and worms => Topic started by: sanctuary24 on October 25, 2007, 09:13:31 PM
-
Is Rasautou.exe malware as it has suddenly started using 98% of my cpu and if not what is it?
also it keeps accessing explore.exe every 2 seconds
can someone do a dr web check of this website please chilledatthebottom.com it appears to have something to do with whats happening
-
It could be a malware.
Just Google and you'll find more info.
http://www.liutilities.com/products/wintaskspro/processlibrary/rasautou/
http://www.file.net/process/rasautou.exe.html
-
What can I do to get rid of it assuming its malware and not the genuine version?
what malware type is it?
-
can someone do a dr web check of this website please chilledatthebottom.com it appears to have something to do with whats happening
The site itself seems clean.
-
What can I do to get rid of it assuming its malware and not the genuine version?
what malware type is it?
Did you check the links I've posted before?
-
What was the site about as my dad mistyped a hyperlink and I dont know what it was?
Also what do you advise to check if its authentic, my Avast didnt detect it as malware but my firewall did say there was violations on some processes
Edit: yes but they dont detail on how to check if its genuine or not and they dont say how to remove it, I terminated the process and it hasnt loaded back but I paniced
-
http://www.liutilities.com/products/wintaskspro/processlibrary/rasautou/
http://www.file.net/process/rasautou.exe.html
Which is your firewall? What is the exactly error message from it?
-
they dont detail on how to check if its genuine or not
As usual, to know if a file is a false positive, please submit it to JOTTI (http://virusscan.jotti.org/) or VirusTotal (http://www.virustotal.com/xhtml/index_en.html) and let us know the result. If it is indeed a false positive, send it in a password protected zip to virus@avast.com
Please, mention in the body of the message why you think it is a false positive and the password used. Thanks.
VirusTotal and Jotti both have file size limits 10 and 15MB each.
As a workaround, you can add these files to the Standard Shield provider (on-access scanning) exclusion list.
Left click the 'a' blue icon, click on the provider icon at left and then Customize. Go to Advanced tab and click on Add button...
You can use wildcards like * and ?. But be carefull, you should 'exclude' that many files that let your system in danger.
After that, please, periodically check it - scan it into Chest, right clicking the file - there should still be a copy in the chest even though you restored it to the original location. When it is no longer detected as being infected then you can also remove it from the Exclusion list.
This link is a tutorial on how to help correct a virus detection that you believe to be false:
http://forum.avast.com/index.php?topic=25009.msg204838#msg204838
or http://forum.avast.com/index.php?topic=7779.msg62586#msg62586
-
Its comodo firewall and it says an iexplore violation to destination 0.0.0.0::1619
Virustotal has said that Rasautou.exe file I sent was clear
The file I checked was Remote dialer is this Windows official file and can someone link me to a page that tells me the signs to look for incase it is that paticular malware
ps where should this file exist on the computer? Does Avast detect this paticular malware with its current definitions if it does then it rules it out as malware
-
Hi sanctuary24,
The info on this port can be found here:
http://www.auditmypc.com/port/tcp-port-1619.asp
The executable info: rasautou.exe - rasautou - Process Information
Process File: rasautou.exe or rasautou
Process Name: Microsoft Remote Access Dialler
It is not a malware executable, if it is a genuine Microsoft file.
polonus
-
Polonus can you try and answer the questions from my other post please?
Thankyou for your help so far mate I'm worried I have been compromised
ps someone said it could be related to this virus "backdoor.win32" variant (also W32/Bbuild-B mentions the file I found) but if I can find if Avast is able to detect this malware then I know i cant have it, if I was to have it would my firewall block any outgoing information?
-
Hi sanctuary24,
Here you can find the info on haxdoor, backdoor.win32 with various variants. This is malware to compromise a computer through irc channels:
http://www.viruslist.com/en/viruses/encyclopedia?virusid=157009
From the technical description, you can more or less decide whether it is on your comp. If it is related, there you have the manual removal instructions, but go to my other anwer on this topic first, I posted there in the other thread you started,
polonus
-
Thanks mate I will let you know if anything changes
btw should explorer.exe be using cpu intermittently when I'm not doing anything or could this be related to my problem?
-
Hi sanctuary24,
Download the following small free program:
http://www.microsoft.com/technet/sysinternals/utilities/ProcessExplorer.mspx
In this way you can analyze this, and which processes are using your CPU,
also your firewall can give you information on what is happening there.
polonus
-
whats strange is it appears to be the only version of the file on my pc and its in the place its supposed to be, but its behaviour was very virus like, saying that though my firewall passes every test from GRC.com but it blocks lots of inbound violations (even before this) but no sign of any program trying to send out my data, I dont know whether this is a good sign or a worrying sign
-
Hi sanctuary24,
When you uploaded this particular file to virustotal, what were the results? That could be unpnp multicast, you can disable that with this: http://www.grc.com/files/unpnp.exe
pol
-
Hi sanctuary24,
When you uploaded this particular file to virustotal, what were the results? That could be unpnp multicast, you can disable that with this: http://www.grc.com/files/unpnp.exe
pol
the file that I sent (the only one I could find called Rasautou.exe) came back as clean and I have used that program unpnp.exe in the past so that should be disabled, what I find strange was the way it acted almost virus like thats whats bothering me now. Do you know any other ways to secure a computer against these malwares (apart from anti-virus and firewall software) such as disabling certain features if they are not needed
I'll check back tomorrow now got to go