what is = rasmvc.exe process ? is it anything to do with avast ???

[subaru swift]

i found this proess running but i can not find any info or little abouot it & in a folder called windows/repair.

does any one know about this .

Service: Remote Access Alert (RASCC) - Unknown owner - C:\WINDOWS\repair\rasmvc.exe

that is the hijack log info for it.

cheers

[DavidR]

It has nothing to do with avast, a google search only reveals three hits which I would think is strange.

They show it in a different location.

O23 - Service: Remote Access Storage (RASMB) - Unknown owner - C:\WINDOWS\system32\rasmvc.exe (file missing)

See http://forums.techguy.org/security/553699-vundo.html#post4553817

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner I feel virustotal is the better option as it uses the windows version of avast (more packers supported) and there are currently 32 different scanners.
Or Jotti - Multi engine on-line virus scanner if any other scanners here detect them it is less likely to be a false positive. Whichever scanner you use, you can't do this with the file in the chest, you will need to move it out.

[subaru swift]

sorry david can you delete my other post please ;-) ??.

i saw 4 returns for it so i thought hold on i better disable it in windows\repair folder & removed it in hijackthis. i also did a full scan by avast but nothing came up so fingers crossed...... .

it is not running any more.

[DavidR]

Posts can only be deleted by the Moderators.

If avast isn't detecting anything all the more reason to confirm using VT or Jotti scanners and follow the info in the other link I gave it may reveal other things.

So if it is detected as malicious by one of the multi engine scanners you can submit it to avast for inclusion, more on that if it is required. In the meantime check out the other link I gave.

[Lisandro]

fingers crossed

It will be good if you download, install, update and run AVG Antispyware. Some users recommend SUPERantispyware, Spyware Terminator and/or a-squared (take care about false positives).

You can use the immunization of SpywareBlaster or, which is better, the Windows Advanced Care features of spyware/adware cleaning and removal.

[CharleyO]

***

Hello Tech -

Spyware Terminator has the ability to use WinClamAV within the program. Do you know if this will conflict with avast? 


***

[Gene J]

Do you now have, or have you ever had (AOL) Viewpoint player on your comp? That link to techguy forum seems to connect it with rasmvc.

[subaru swift]

i am using x64 bit pro sp2,  what AVG will not install on & some others too.

i have ran avast & ad-ware though, they picked nothing up but on VirusTotal - Multi engine on-line virus scanner & http://virusscan.jotti.org they did pick it up as a trojan on 2 of the scanners so i used there software to remove it.

http://www.superantispyware.com & bitdefender_free_v8 to find & romove it.

i also renamed & deleted the reg info on the file's.

Spyware Terminator just picked up trackers/ internet cookies so fingers crossed that is that ;-).

i have never used any aol stuff or viewpoint player what i can think of.


thank you all for your help...... .

 

[DavidR]

No problem, glad we could help.

Can you recall what the other detections called it ?
me I'm a student of the school of don't delete unless absolutely and even then probably rename rasmvc-exe.old as an example, just in case, and only delete as a last resort. You could even add the file to the User Files (File, Add) section of the avast chest where it can do no harm and leave it thee for a few weeks at least to ensure it isn't required. From here the file could be sent to avast for analysis as possibly undetected malware (if you confirmed that)
Note adding it to the User Files section doesn't remove it from the original location.

Welcome to the forums.

[subaru swift]

http://www.bitdefender.com/VIRUS-1000117-en--Trojan.Peed.Gen.html

Trojan.Peed.Gen & TR/Crypt.ULPM.Gen

http://www.avira.com/en/threats/section/fulldetails/id_vir/3489/tr_crypt.ulpm.gen.html


i did rename it first to .old as in case like you said i might need it, but i loaded up many programs & all worked ok & none came up with any errors.


i thought i was safe but it goes to show you how things can get though..... .

also i am a pc workshop/ field engineer so i thought i was covered.... but i was wrong.

well time to learn more about these things me thinks.

thank you

all

[DavidR]

Thanks for the further feed back.

Send the sample to virus@avast.com zipped and password protected with password in email body and false positive/undetected malware in the subject.

If you are not getting a virus warning that you believe may be an undetected virus then if you can zip and password protect ('virus', will do) the suspect file and send it to virus @ avast.com (no spaces).

Give a brief outline of the problem (possibly a link to this thread), the fact that you believe it may be an undetected virus and include the password in the body of the email. Some info on the avast version and VPS number (see about avast {right click avast icon}) will also help.

Or you can send it from the User Files (File, Add) section of the avast chest (select the file, right click, email to Alwil Software) with the same information as above. No need to zip and PW protect when the sample is sent from chest.

[subaru swift]

cheers david, i have all ready emailed the file in a zip just 10 mins ago ;-).

i have got it saved in avast too just in case.

i dont a up date on avast every time i go on my pc just in case = both the iavs update & program update.

i have done 4 scans today using the software above & they only found some trackers/ cookies so fingers crossed. but it as put the wind up me so i will check every week or when i think there is something up.

you lot on here are good back up so thank you for your time & effort.......... .

job well done   

[DavidR]

Your welcome.

Now you have a little quiet time

You might also consider proactive protection, in order to place files in the system folders and create registry entries you need permission. Prevention is much better and theoretically easier than cure.

Whilst browsing or collecting email, etc. if you get infected then the malware by default inherits the same permissions that you have for your user account. So if the user account has administrator rights, the malware has administrator rights and can reap havoc. With limited rights the malware can't put files in the system folders, create registry entries, etc. This greatly reduces the potential harm that can be done by an undetected or first day virus, etc.

Check out the link to DropMyRights (in my signature below) - Browsing the Web and Reading E-mail Safely as an Administrator. This obviously applies to those NT based OSes that have administrator settings, winNT, win2k, winXP.

[subaru swift]

good idea that, i have been playing what that idea of a non amin account on this xp 64 bit & vista.

i only really use this pc to do lite internet use on forums & play games on but some how it got on, maybe though a email ? i dont know YET ha-ha.

i have another pc what i use to find things & test software on and yes some web sites with cr@ap on them all for work use ;-).

i will be getting ad-ware 07 in june when it comes out but i will have to try a non admin account for my emails & do some more checks/ tests weekly instead of the 3 weeks what i used to do..... .

this as worried me a bit as i have my paypal info & that on this pc so i thought i was 99% safe but i was wrong...... .

oh well you live & learn by this !.

[DavidR]

You might want to check out the microsoft link in that dropmyrights page just to confirm it will run on XP 64 before trying anything.