rasser

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I have a program named rasser in my startup folder. The command is listed as C:\Windows\System32\rasser.exe. The location is listed as HLCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run. I have not been able to find any information about this program. Sysinfo.org does not list it
Any ideas what it is and if it is OK to uncheck it as a start up item?
 
tas said:
I have a program named rasser in my startup folder. The command is listed
Click to expand...
as C:\Windows\System32\rasser.exe. The location is listed as
HLCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run. I have not been able to
find any information about this program. Sysinfo.org does not list it.
Any ideas what it is and if it is OK to uncheck it as a start up item?
Click to expand...

You have the sasser virus. Do a search of this news group or google and read
any of the thousands of post.
 
Hi

Did you mean Sasser - if so, try the following two links:

What You Should Know About the Sasser Worm and Its Variants"
http://www.microsoft.com/security/incident/sasser.asp

Link to direct download:
http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx

--

Will Denny
MS-MVP Windows - Shell/User


| I have a program named rasser in my startup folder. The command is listed
as C:\Windows\System32\rasser.exe. The location is listed as
HLCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run. I have not been able to
find any information about this program. Sysinfo.org does not list it.
| Any ideas what it is and if it is OK to uncheck it as a start up item?
 
Yeah, rasser not sasser. When I first found it I thought it was sasser also. Just to be sure I checked out what to look for in a sasser infection and I do not have one. I have found another file called rasser.dll that has something to do with remote addressing (I think that's what the search said on Microsoft).

The rasser.exe file, ironically, is infected with a trojan called adwaheck. That's why I want to know if it's OK to get rid of the thing. The trojan has been quarentened (sp?).

It's frustrating. I posted a similar question on the PC mag site, asking about rasser and ctfmon, both of which show up in Startup and in Processes. The ctfmon was taken care of. After I assured everyone that I did mean rasser, not sasser, nobody had heard of it.

I did a google on rasser.exe and it came up with no hits. When I did rasser, the only computor stuff that came up was with the rasser.dll and had something to do with Windows NT
 
Hi

Have a look at the following page and search for name of file - it seems to
be connected with 'Remote Access Media'

http://support.microsoft.com/default.aspx?scid=/servicedesks/fileversion/dllinfo.asp&SD=MSDN

--

Will Denny
MS-MVP Windows - Shell/User


| Yeah, rasser not sasser. When I first found it I thought it was sasser
also. Just to be sure I checked out what to look for in a sasser infection
and I do not have one. I have found another file called rasser.dll that has
something to do with remote addressing (I think that's what the search said
on Microsoft).
|
| The rasser.exe file, ironically, is infected with a trojan called
adwaheck. That's why I want to know if it's OK to get rid of the thing. The
trojan has been quarentened (sp?).
|
| It's frustrating. I posted a similar question on the PC mag site, asking
about rasser and ctfmon, both of which show up in Startup and in Processes.
The ctfmon was taken care of. After I assured everyone that I did mean
rasser, not sasser, nobody had heard of it.
|
| I did a google on rasser.exe and it came up with no hits. When I did
rasser, the only computor stuff that came up was with the rasser.dll and had
something to do with Windows NT
 
Back
Top