Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

rasacd.sys and Security Tool?


  • Please log in to reply
3 replies to this topic

#1 jmork

jmork

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:26 AM

Posted 18 August 2010 - 08:58 PM

Student in this lab is infected with something. Our protection is Symantec and it has identitified rasacd.sys as being bad but is unable to deal with it. I have disconnected his internet cable and the problem is trapped but not impotent. This is an AutoCAD lab running XP service pack 2. As far as I know, no software called Security Tool is in use here but it comes up without fail on restarts and warns of 20 infections. Seen that kind of thing before and don't trust em. Thinking maybe this is the source of virus.

What is happening to this machine and is there hope for its future?

Thank you
jmork

BC AdBot (Login to Remove)

 


#2 chromebuster

chromebuster

  • Members
  • 899 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:the crazy city of Boston, In the North East reaches of New England
  • Local time:08:26 AM

Posted 18 August 2010 - 10:47 PM

Is there hope, you ask, why of course there is. Security tool is a rogue antivirus tool, so the 20 reported infections, chances are 100 percent that they're not real. If you download, install, and run, MalwareBytes Anti-Malware. After installation, make sure that the following are checked, update and launch Malwarebytes anti-malware. Be asured that the program will make short work of it. Select the quick scan option, and when finished, a log will be opened in notepad. Please copy and paste that log into your next reply for review. The download link is as follows.
malwarebytes download link

The AccessCop Network is just me and my crew. 

Some call me The Queen of Cambridge


#3 jmork

jmork
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:26 AM

Posted 19 August 2010 - 11:04 AM

So this spyware knows all about Malware. It recognizes the exe downloaded and will not allow it to run claiming it is infected. Moments later it won't even let the browser browse, also claiming it is infected. Perhaps I could download and expand the exe on an adjacent machine and using the LAN slip the files onto the infected machine and try to install? -jm

#4 chromebuster

chromebuster

  • Members
  • 899 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:the crazy city of Boston, In the North East reaches of New England
  • Local time:08:26 AM

Posted 19 August 2010 - 03:33 PM

You could do that, but to avoid the spread of the rogue, you'll want to make sure to use a flash drive to transfer the stuff from the non-infected computer to the infected one. Make sure too that you rename the installer for MBAM to something like 123zf5la.exe to prevent the rogue from blocking it. Also see the pinned topic at the top of this forum entitled for those having trouble running Malwarebytes Anti-Malware. There are some good suggestions there and they help most folks. Good luck.

Regards,
Chromebuster

The AccessCop Network is just me and my crew. 

Some call me The Queen of Cambridge





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users