salve ragazzi non so se è un virus o meno ma a me puzza di virus a ogni avvio del mio computer il sudetto file rasautou.exe si conette automaticamente a internet usando la mia conessione predefinita perche dice lui sono state chieste informazioni da 66.139.77.145. io sto rasautou.exe lo cancello sempre ma all riavvio è di nuovo li com'e possibile???

c'e anche un file rasauto.dll ma quello non si puo cancellare!!
forse è un file di sistema boh!!!

insomma come faccio a eliminare sto fastidioso problema una volta per tutte!!!

a voi sto rasautou.exe è capitato??? a me ha preso nonostante avessi sempre la firewall attiva porca zozza!!!!

help please nessuno mi puo aiutare?????

http://www.groove.net/support/forums/messageview.cfm?catid=24&threadid=5096

Originariamente inviato da krumbalende
help please nessuno mi puo aiutare?????


ciao(http://www.ilsoftware.it/forum/topic.asp?TOPIC_ID=5267&whichpage=9) leggi il post di arnaldo e capirai sempre che abbia ragione:D

forse ho trovato la soluzione potrebbe essere sta cosa qui le cose che avete postato voi le avevo gia lette ma grazie comunque se beccate qualcosa di nuovo postatelo!!!!

questo è preso dal sito della trend micro!!!

QUICK LINKS Solution

--------------------------------------------------------------------------------

Virus type: Backdoor

Destructive: No

Pattern file needed: 643

Scan engine needed: 6.100

Overall risk rating: Low

--------------------------------------------------------------------------------

Reported infections: Low

Damage Potential: Medium

Distribution Potential: Low



--------------------------------------------------------------------------------

Description:



This backdoor listens to a random port on infected systems. It waits for remote commands to execute locally. This malicious routine allows remote users to access and manipulate infected systems.

This backdoor program is known to be dropped into visiting systems from malicious Web pages by the Visual Basic Script Malware detected as VBS_LARSLP.A. The malicious Web pages contain an exploit to the Object Data Remote Execution Vulnerability.

The vulnerability allows executable code to be executed automatically on visiting systems from Web pages. It affects systems running:

Internet Explorer 5.01
Internet Explorer 5.5
Internet Explorer 6.0
Internet Explorer 6.0 for Windows Server 2003
This backdoor program runs on Windows 95, 98, ME, NT, 2000, and XP.

Solution:



Terminating the Malware Program

This procedure terminates the running malware process from memory.

Open Windows Task Manager.
On Windows 9x/ME systems, press
CTRL+ALT+DELETE
On Windows NT/2000/XP systems, press
CTRL+SHIFT+ESC, and click the Processes tab.
In the list of running programs*, locate the process:
LLASS.EXE
Select the malware process, then press either the End Task or the End Process button, depending on the version of Windows on your system.
To check if the malware process has been terminated, close Task Manager, and then open it again.
Close Task Manager.
*NOTE: On systems running Windows 9x/ME, Windows Task Manager may not show certain processes. You may use a third party process viewer to terminate the malware process. Otherwise, continue with the next procedure, noting additional instructions.

Removing Autostart Entries from the Registry

Removing autostart entries from the registry prevents the malware from executing during startup.

Open Registry Editor. To do this, click Start>Run, type REGEDIT, then press Enter.
In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>Software>Microsoft>
Windows>CurrentVersion>Run
In the right panel, locate and delete the entry:
lar = “\llass.exe”
In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>Software>Microsoft>
Windows>CurrentVersion>RunServices
In the right panel, locate and delete the entry:
lar = “\llass.exe”
Close Registry Editor.
NOTE: If you were not able to terminate the malware process from memory, as described in the previous procedure, restart your system.
Removing Other Malware Entries from the Registry

Use this procedure to remove additional malware entries on systems running Windows NT, 2000, and XP.

Open Registry Editor. To do this, click Start>Run, type REGEDIT, then press Enter.
In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>System>CurrentControlSet>Control
In the right panel, locate and delete the entry:
SLP
Close Registry Editor.
Additional Windows ME/XP Cleaning Instructions

Running Trend Micro Antivirus

Scan your system with Trend Micro antivirus and delete all files detected as BKDR_LARSLP.A. To do this, Trend Micro customers must download the latest pattern file and scan their system. Other Internet users can use HouseCall, Trend Micro's free online virus scanner.

Applying Patches

This malware can arrive on systems vulnerable to the Object Data Remote Execution Vulnerability, which affects systems running:

Internet Explorer 5.01
Internet Explorer 5.5
Internet Explorer 6.0
Internet Explorer 6.0 for Windows Server 2003
A cumulative Internet Explorer patch in Microsoft Security Bulletin MS03-032 addresses this vulnerability.

Trend Micro offers best-of-breed antivirus and content-security solutions for your corporate network or home PC.



For additional information about this threat, see Technical Details.

spero possa risolvere!!!!!!!!

dopo vi dico.