Strange service....Rasa32iorkpf

Tim

Distinguished
Mar 31, 2004
1,833
0
19,780
0
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

HI,
I hope some one can Identify this for me.
a NEW Dell 8400 with Win XP pro. Gigabit adapter, ATI 850XT, dual SATA hdd,
dell Modem etc. Office 2003 installed
In the Services list there is "Rasa32iorkpf" - it is stopped and disabled
and the properties give NO clues. No dependencies etc.
It is not findable in Google.....
SOME "Rasa" prefixed files seem to be modem related - ? this?
Any thoughts appreciated
Tim
 

Malke

Distinguished
Apr 6, 2004
3,000
0
20,780
0
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Tim wrote:

> HI,
> I hope some one can Identify this for me.
> a NEW Dell 8400 with Win XP pro. Gigabit adapter, ATI 850XT, dual SATA
> hdd, dell Modem etc. Office 2003 installed
> In the Services list there is "Rasa32iorkpf" - it is stopped and
> disabled and the properties give NO clues. No dependencies etc.
> It is not findable in Google.....
> SOME "Rasa" prefixed files seem to be modem related - ? this?
> Any thoughts appreciated
> Tim

If you spelled the service name absolutely correctly, then you might
have malware. As you discovered, "Rasa32iorkpf" produced no hits on
Google at all, which is in itself suspicious. Run through the following
malware removal steps, doing everything with updated tools in Safe
Mode:

1) Scan in Safe Mode with current version (not earlier than 2003)
antivirus using updated definitions.

Before you remove malware, get LSPFix (or WinSockFix for XP which you
can get from MajorGeeks) - see links below.

2) Remove spyware with Spybot Search & Destroy and Ad-aware. These
programs are free, so use them both since they complement each other.
There is a new version of CWShredder from Intermute. I would not
install the other Intermute programs, however. Alternately, there are
CoolWebSearch malware removal steps at SilentRunners.

Be sure to update these programs before running, and it is a good idea
to do virus/spyware scans in Safe Mode. Make sure you are able to see
all hidden files and extensions (View tab in Folder Options).

If the malware remains even after you used Ad-aware and Spybot, you can
scan with HijackThis. HijackThis is an excellent tool to discover and
disable hijackers, but it requires expert skill. See below for
HijackThis links, including sites where you can post your HJT logs. A
combination of HijackThis and About:Buster works well in removing the
About:Blank homepage hijacker. Again, this is an expert tool and
novices should get help with it.

3) If you are running Windows ME or XP, you should disable/enable System
Restore because malware will be in the Restore Points. With ME, you
must disable System Restore completely. With XP, you can delete all but
the most recent (presumably clean) System Restore point from the More
Options section of Disk Cleanup (Run>cleanmgr).

4) Make sure you've visited Windows Update and applied all security
patches. Do not install driver updates from Windows Update.

5) Run a firewall.

Links to help with malware:

Software/Methods:
http://www.safer-networking.org - Spybot Search & Destroy
http://www.lavasoftusa.com - Ad-aware
http://www.majorgeeks.com - good download site
http://www.intermute.com/spysubtract/cwshredder_download.html
http://www.silentrunners.org/sr_cwsremoval.html. - SilentRunners
http://www.cexx.org/lspfix.htm - Repair Winsock 2 settings after
removing spyware

HijackThis:
http://www.aumha.org/a/hjttutor.htm - HijackThis tutorial by Jim
Eshelman
http://aumha.net - forums
http://spywarewarrior.com/viewforum.php?f=5 - Spyware Warrior HijackThis
forum
http://www.wilderssecurity.com/
http://forums.tomcoyote.org/

General:
http://aumha.net - look under "Security" for various forums
http://rgharper.mvps.org/cleanit.htm
http://mvps.org/winhelp2002/unwanted.htm
http://www.aumha.org/a/parasite.htm - The Parasite Fight
http://www.spywarewarrior.com/rogue_anti-spyware.htm

Malke
--
MS MVP - Windows Shell/User
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"
 

Similar threads