rasautou.exe keeps dialing

Computing.Net > Forums > Security and Virus > rasautou.exe keeps dialing

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

rasautou.exe keeps dialing

Name: helios246
Date: December 23, 2003 at 09:43:29 Pacific
OS: Win XP Pro
CPU/Ram: Athlon XP 1900/512MB

Comment:

Whenever i am not connected to the internet rasautou.exe tries to get me connected about every 10secs. I'm sure this is connected to the sobig worm as this is a legitimate windows programme just exploited by the worm. However Norton 2002 with latest updates finds no virus and rasautou cannot be deleted or moved with reappearance. The Hack This log appears to reveal nothing suspicion to me but hopefully it will revela an answer to you guys. Here it is and thanks.
Logfile of HijackThis v1.97.7
Scan saved at 17:36:35, on 23/12/2003
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\System32\GEARSEC.exe
D:\Program Files\Norton AntiVirus 2002\navapsvc.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\MsPMSPSv.exe
D:\WINDOWS\Explorer.exe
D:\WINDOWS\wnad.exe
D:\Program Files\Caere\OmniPagePro80\opware32.exe
D:\Program Files\Logitech\iTouch\iTouch.exe
D:\WINDOWS\system32\ntvdm.exe
D:\WINDOWS\SYSTEM32\3cmlink.exe
D:\WINDOWS\SYSTEM32\3cshtdwn.exe
D:\WINDOWS\SYSTEM32\3cmlink.exe
D:\PROGRA~1\NORTON~1\navapw32.exe
D:\WINDOWS\System32\RUNDLL32.exe
D:\Program Files\TechniSat DVB\bin\Server4PC.exe
D:\Program Files\SkyBooster\recv.exe
D:\WINDOWS\System32\devldr32.exe
D:\Program Files\SkyBooster\recv.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Documents and Settings\Foz1\My Documents\Foz's Files\Downloaded Items\Drivers+Utils\hijackthis\HijackThis.exe
D:\WINDOWS\system32\rundll32.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:9202;socks=localhost:9203
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus 2002\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus 2002\NavShExt.dll
O4 - HKLM\..\Run: [b3dUpdate] D:\WINDOWS\BDE\Update\Zupdate.exe -silent -p "D:\WINDOWS\BDE\Update" -s setup.cab
O4 - HKLM\..\Run: [WNAD] D:\WINDOWS\wnad.exe
O4 - HKLM\..\Run: [OmniPage] D:\Program Files\Caere\OmniPagePro80\opware32.exe
O4 - HKLM\..\Run: [Lwinst Run Profiler] D:\PROGRA~1\Logitech\WINGMA~1\Lwinst.exe -d -l "D:\PROGRA~1\Logitech\WINGMA~1\Lwpevntm.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] D:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [3c1807pd] D:\WINDOWS\SYSTEM32\3cmlink.exe RunServices \Device\3cpipe-3c1807pd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NAV Agent] D:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [MSConfig] D:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.exe D:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Global Startup: Logitech Desktop Messenger.lnk = D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Server4PC.lnk = D:\Program Files\TechniSat DVB\bin\Server4PC.exe
O4 - Global Startup: SkyBooster.lnk = D:\Program Files\SkyBooster\recv.exe
O8 - Extra context menu item: Download with GetRight - D:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Download with Go!Zilla - file://D:\PROGRA~1\Go!Zilla\download-with-gozilla.html
O8 - Extra context menu item: Open with GetRight Browser - D:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX 5.5 Advanced) - http://www.justis.com/j-net/smsx.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/abarth/us/win/QuickTimeInstaller.exe
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/en/deleon/1.1.48-deleon/GoogleNav.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37957.3816319444
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{52E32DCF-1089-4794-B790-A7F3FE35DFB9}: NameServer = 213.130.128.32 213.130.128.33

Sponsored Link

Ads by Google

Response Number 1

Name: Valerie (by Garibaldi)
Date: December 23, 2003 at 19:24:03 Pacific

Reply:

Now read this
http://www.computing.net/security/wwwboard/forum/6433.html
Good luck
V...

licenseservice 213 pchealth sysvxd.exe	rasautou.exe netsh.exe nvcpl
See More

Was this a virus?

I've tried everything!

Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.

Go to Security and Virus Forum Home

Sponsored links

Ads by Google

Results for: rasautou.exe keeps dialing

keeps dial-up

Summary

www.computing.net/answers/security/keeps-dialup/9523.html

explorer.exe keeps reloading

Summary

www.computing.net/answers/security/explorerexe-keeps-reloading/24303.html

rasautou.exe problems

Summary

www.computing.net/answers/security/rasautouexe-problems/26697.html

From the Geek Dictionary
nub - Someone who is worse than a noob. The term came from someone say...

Ask a Question!

Weekly Poll
What do you think of the new preview of Chrome OS?

Poll Finishes In 6 Days.
Discuss in The Lounge
Poll History

Recent Posts
Vbs talking to batch

locate and isolate bad sectors on vista

spybot or windows defender

unable to open jpg files which are recovered

PSPad don't open last document

All Awaiting Reply

Tom's News
Woman Tracks Down Club Attacker on Facebook

Geolocation Functions Come to Twitter

New Craigslist Trend: Trade Sex for Rent?

Law Firm Investigates MS Over Xbox Live Bans

Amazon Charges $25 for Palm Pixi and $80 for Pre

More Tom's Guide News

Data Recovery

Manufacturer List | About Us | Advertising Info | Contact Us
The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE