Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91679 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Rasautou.exe App Error


  • Please log in to reply
40 replies to this topic

#16 Deidre

Deidre

    Authentic Member

  • Authentic Member
  • PipPip
  • 24 posts

Posted 16 September 2004 - 08:47 PM

You're going to think I'm a real idiot, but how do I use my windows explorer?

    Advertisements

Register to Remove


#17 Deidre

Deidre

    Authentic Member

  • Authentic Member
  • PipPip
  • 24 posts

Posted 16 September 2004 - 08:51 PM

I'm gonna try something, I'll be back.....please don't go anywhere.

#18 Micah_6:8

Micah_6:8

    Evilware Emancipator

  • Authentic Member
  • PipPipPipPipPipPipPip
  • 10,060 posts
  • Interests:Web (Perl, PHP, JavaScript, HTML) programming, CNC programming, Squashing spyware!

Posted 16 September 2004 - 08:54 PM

Nope... No idiots here... We can get there another way :thumbup:

Go to:

Start > My Computer

<double click> on these things:

Local Disk (C:) > Windows (folder icon) > System32 (folder icon)

Then look for rasautou.exe in there. :)

BE CAREFUL NOT TO "DISTURB" ANYTHING ELSE IN THERE!

After renaming it, just close that window you are in.
Micah 6:8 He hath shewed thee, O man, what is good; and what doth the LORD require of thee, but to do justly, and to love mercy, and to walk humbly with thy God?

The help you receive here is free.
If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.

Download Hijack This! My Website: UnSpyMe!

#19 Deidre

Deidre

    Authentic Member

  • Authentic Member
  • PipPip
  • 24 posts

Posted 16 September 2004 - 09:13 PM

There is no rasautou.exe in there, only rasautou. So, I renamed it to rasautou.old and closed the window. Now there are 2 rasautou files. Rasautou and rasautou.old. I restarted the computer and signed on the internet and then signed off........about 5-6 seconds after I signed off, the "box" popped up. I want to thank you for spending so much time on this. You really are helping me out!! Please let me know if you can think of anything else to try. deidre

#20 Micah_6:8

Micah_6:8

    Evilware Emancipator

  • Authentic Member
  • PipPipPipPipPipPipPip
  • 10,060 posts
  • Interests:Web (Perl, PHP, JavaScript, HTML) programming, CNC programming, Squashing spyware!

Posted 16 September 2004 - 10:23 PM

Uninstall this program:

O4 - HKCU\..\Run: [Spyware Remover] C:\Program Files\PAL SPYREM\spyrem.exe

Reboot & let me know how things are going.

If that doesn't work, do this:

Go to: Start > Run > Type "services.msc<enter>" then scroll down to items that start with "Remote access".

Double-click them (one at a time if more than one entry starts with "Remote access" - I had two entries on my machine). Post back what is in the "Path to executable" box (for each one).

:)
Micah 6:8 He hath shewed thee, O man, what is good; and what doth the LORD require of thee, but to do justly, and to love mercy, and to walk humbly with thy God?

The help you receive here is free.
If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.

Download Hijack This! My Website: UnSpyMe!

#21 Deidre

Deidre

    Authentic Member

  • Authentic Member
  • PipPip
  • 24 posts

Posted 20 September 2004 - 08:03 PM

I deleted Spyware Remover (which I paid $30 for...) and I signed on and off of my computer twice and so far that box has not popped up!!! Yeah!!! Thank you so much!! You have been absolutely wonderful. Thank you for spending so much time on my issue. You really are awesome!!

I don't know what this means, but I tried to go to services.msc<enter> and a box popped up that said "Windows cannot find 'services.msc<enter>'. Make sure you typed the name correctly, and then try again. To search for a file, click the start button, and then click Search. -ok-

If it's not a big deal, then don't worry about it. If it's something that needs to be fixed, I'll gladly take any advice you give.

Thank you so, so, so much. Just for "grins and giggles", I'll post my last Hijack This log for you...thank you again.

Logfile of HijackThis v1.98.2
Scan saved at 8:47:48 PM, on 9/20/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\SBC Yahoo!\Connection Manager\ConnectionManager.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\cidaemon.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Yahoo!\Messenger\YPAGER.EXE
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 4 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dial
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dial
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dial
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.gateway.net
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SBC Yahoo! Connection Manager] C:\Program Files\SBC Yahoo!\Connection Manager\ConnectionManager.exe -Show
O4 - HKLM\..\Run: [C:\Program Files\SBC Yahoo!\Connection Manager\ConnectionManager.exe ] SBC Yahoo! Connection Manager
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitc...eInstallSBC.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{D97BB5EB-884B-463F-905A-410DA7ABD4CC}: NameServer = 151.164.1.8 206.13.28.12

Thank you again!! :D

#22 Micah_6:8

Micah_6:8

    Evilware Emancipator

  • Authentic Member
  • PipPipPipPipPipPipPip
  • 10,060 posts
  • Interests:Web (Perl, PHP, JavaScript, HTML) programming, CNC programming, Squashing spyware!

Posted 20 September 2004 - 08:13 PM

Don't worry about that command. The log looks good!!! :thumbup: If you have any more problems, post back. I won't have this topic closed for a while. GOD bless!! M68 :)
Micah 6:8 He hath shewed thee, O man, what is good; and what doth the LORD require of thee, but to do justly, and to love mercy, and to walk humbly with thy God?

The help you receive here is free.
If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.

Download Hijack This! My Website: UnSpyMe!

#23 Deidre

Deidre

    Authentic Member

  • Authentic Member
  • PipPip
  • 24 posts

Posted 20 September 2004 - 08:16 PM

Thank you so very much, you really don't know how wonderful I think you are!! I will tell all my friends about you and TomCoyote.com!!! Thank you and God bless you as well!!! deidre

#24 Deidre

Deidre

    Authentic Member

  • Authentic Member
  • PipPip
  • 24 posts

Posted 22 September 2004 - 05:43 PM

Well, it was good while it lasted....my beloved pop-up is back.

Here's my newest log. Also, when I got on tonight, it said there were updates available for my Norton Anti-Virus, so I updated. You don't think that had anything to do with it, do you?

Logfile of HijackThis v1.98.2
Scan saved at 6:38:03 PM, on 9/22/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\SBC Yahoo!\Connection Manager\ConnectionManager.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\cidaemon.exe
C:\Program Files\Yahoo!\Messenger\YPAGER.EXE
C:\PROGRA~1\Yahoo!\browser\YBrowser.exe
C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 4 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dial
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dial
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dial
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.gateway.net
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SBC Yahoo! Connection Manager] C:\Program Files\SBC Yahoo!\Connection Manager\ConnectionManager.exe -Show
O4 - HKLM\..\Run: [C:\Program Files\SBC Yahoo!\Connection Manager\ConnectionManager.exe ] SBC Yahoo! Connection Manager
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitc...eInstallSBC.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{D97BB5EB-884B-463F-905A-410DA7ABD4CC}: NameServer = 151.164.1.8 206.13.28.12

Please help if you can....thanks

deidre

#25 Micah_6:8

Micah_6:8

    Evilware Emancipator

  • Authentic Member
  • PipPipPipPipPipPipPip
  • 10,060 posts
  • Interests:Web (Perl, PHP, JavaScript, HTML) programming, CNC programming, Squashing spyware!

Posted 22 September 2004 - 06:01 PM

Go to: Start > Run > In the box, paste the next line:

services.msc

Then click "OK"

In the window that comes up on the screen, scroll down to items that start with "Remote access".

Double-click them (one at a time if more than one entry starts with "Remote access" - I had two entries on my machine). Post back what is in the "Path to executable" box (for each one).

:)
Micah 6:8 He hath shewed thee, O man, what is good; and what doth the LORD require of thee, but to do justly, and to love mercy, and to walk humbly with thy God?

The help you receive here is free.
If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.

Download Hijack This! My Website: UnSpyMe!

    Advertisements

Register to Remove


#26 Deidre

Deidre

    Authentic Member

  • Authentic Member
  • PipPip
  • 24 posts

Posted 22 September 2004 - 06:26 PM

Yes, I am a real dork when it comes to computers....I was just trying to do exactly what you said....haha... I went to services.msc and this was what it had: Remote Access Auto Connection Manager C:\WINDOWS\System32\svchost.exe -k netsvcs Remote Access Connection Manager C:\WINDOWS\System32\svchost.exe -k netsvcs I had two and they both said the same thing in the "path to executable" box. thanks deidre

#27 Micah_6:8

Micah_6:8

    Evilware Emancipator

  • Authentic Member
  • PipPipPipPipPipPipPip
  • 10,060 posts
  • Interests:Web (Perl, PHP, JavaScript, HTML) programming, CNC programming, Squashing spyware!

Posted 22 September 2004 - 07:30 PM

Well, the log looks good. We need to try to find out how they're sneaking in. Do you get the "Rasautou.exe App Error" anymore? When do the pop-ups happen? What do they have in them (or advertise)? Do they have a web link in them (www.whatever.com)? :unsure:
Micah 6:8 He hath shewed thee, O man, what is good; and what doth the LORD require of thee, but to do justly, and to love mercy, and to walk humbly with thy God?

The help you receive here is free.
If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.

Download Hijack This! My Website: UnSpyMe!

#28 Deidre

Deidre

    Authentic Member

  • Authentic Member
  • PipPip
  • 24 posts

Posted 23 September 2004 - 09:21 AM

I don't have pop-up advertisements anymore. I installed Norton, Spybot Search & Destroy, and Ad-Aware SE Personal and the pop-ups have stopped. The only pop-up I get is the Rasautou.exe App Error when I sign off the internet. After I sign off, my sign-on screen automatically appears. I click the "x" to close it and that's when the Rasautou.exe App Error box pops up. Monday night, it didn't pop up at all. Last night, it popped up twice and then stopped. So, atleast it is slowing down, it was a never ending clicking fest between the sign-on screen and the Rasautou.exe App Error boxes. thanks deidre

#29 Micah_6:8

Micah_6:8

    Evilware Emancipator

  • Authentic Member
  • PipPipPipPipPipPipPip
  • 10,060 posts
  • Interests:Web (Perl, PHP, JavaScript, HTML) programming, CNC programming, Squashing spyware!

Posted 23 September 2004 - 04:20 PM

Read about Rasautou.exe here:

Answers That Work - Rasautou.exe

I don't think it should even be running.

If that starts being a problem, do this:

1. When you get ready to sign-off the internet, see if that task is running with the task manager. To do that press these 3 keys at the same time:

<Ctrl><Alt><Del>

Then click on the "Processes" tab, then click on "Image Name". This sorts the running tasks alphabetically. See if "rasautou.exe" is in the list of running processes.

2. If you find it in there, first close all other programs except your browser. Then click on "rasautou.exe" (in the running processes list) to highlight it, then click "End task".

Wait a minute or two, then go ahead and sign-off the Internet.

If everything on your machine works without it running (and it should), we'll just find out how that task is getting started, and keep it from running. I have a few leads on how to do that.

:)
Micah 6:8 He hath shewed thee, O man, what is good; and what doth the LORD require of thee, but to do justly, and to love mercy, and to walk humbly with thy God?

The help you receive here is free.
If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.

Download Hijack This! My Website: UnSpyMe!

#30 hyperslug

hyperslug

    New Member

  • New Member
  • Pip
  • 1 posts

Posted 23 September 2004 - 08:46 PM

Deidre, I've been having problems with rasautou.exe as well. When I put my computer into hibernation and then try to sign back on to DSL I get the message box repeatedly. I just downloaded the new Ad Aware SE Personal. After running regular Ad Aware and then downloading and running this new version it found an additional 95 bugs. Then all my problems went away. After all you have been through I hope this works for you as well. You can download it at www. downlaod.com. Good luck! :D

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users