Ist "rasmontr.exe" ein Virus?

  • Thread starter Thread starter modern_millie
  • Start date Start date
M

modern_millie

Mein Anti-Virenprogramm hat eine Datei mit dem Namen "rasmontr.exe" in
Quarantäne gepackt.
Als Herkunftsverzeichnis für diese in Quarantäne befindliche Datei
ist:
C:\WINNT\system32\ angegeben.

Ich hab bei google mal gesucht nach dem Dateinamen, aber da kommen nur
Einträge zu 'rasmontr.dll'.

Und da ich mich mit diesem ganzen Kram nicht auskenne,weiß ich nicht,
ob diese 'rasmontr.exe' eine wichtige Systemdatei ist, oder ein Virus,
das ich löschen kann.
Die Datei sitzt seit ca einer Woche in Quarantäne, und mein Computer
arbeitet aber bis jetzt weiterhin normal.


Wenn mir da jemand weiterhelfen könnte?

Alex
 
Mein Anti-Virenprogramm hat eine Datei mit dem Namen "rasmontr.exe" in
Quarantäne gepackt.
Als Herkunftsverzeichnis für diese in Quarantäne befindliche Datei
ist:
Click to expand...

Translation via lyco's (I'm amazed, it's actually quite readable!)...
As you have found, having just the file name does not provide enough
information. What name did your anti-virus program give for the virus?
Which anti-virus program are you using? You could try restoring the
file and then scanning it at
http://www.kaspersky.com/de/scanforvirus
to get more information.
Translation via lycos (I hope it is also readable!)...

Wie Sie gefunden haben, liefert Haben gerade des Dateinamens nicht
genügende Informationen. Welchen Namen gab Ihr Anti-Virus Programm
für das Virus? Welches Anti-Virus Programm verwenden Sie? Sie konnten
die, Akte wieder herzustellen und sie an
http://www.kaspersky.com/de/scanforvirus dann abzulichten versuchen,
um mehr Informationen zu erhalten. Übersetzung über lycos (I
Hoffnung ist es auch lesbare!)...

Regards, Dave Hodgins
 
Mein Anti-Virenprogramm hat eine Datei mit dem Namen "rasmontr.exe" in
Quarantäne gepackt.
Als Herkunftsverzeichnis für diese in Quarantäne befindliche Datei
ist:
C:\WINNT\system32\ angegeben.

Ich hab bei google mal gesucht nach dem Dateinamen, aber da kommen nur
Einträge zu 'rasmontr.dll'.

Und da ich mich mit diesem ganzen Kram nicht auskenne,weiß ich nicht,
ob diese 'rasmontr.exe' eine wichtige Systemdatei ist, oder ein Virus,
das ich löschen kann.
Die Datei sitzt seit ca einer Woche in Quarantäne, und mein Computer
arbeitet aber bis jetzt weiterhin normal.


Wenn mir da jemand weiterhelfen könnte?

Alex
Click to expand...


Versuchen Sie mal en hoax list
www.wildlist.org
www.vmyths.com

oder sehen Sie in www.pandasoftware.com

Weitere Infirmationen auf maine website
www.nondisputandum.com (Englishe Sprache)

Grusse
 
Sorry for posting in German. I had been browsing the forum a bit
before composing my post and had *forgotten* which language I had just
been reading..and ended up just composing my post in my native tongue.
(it was quite late too....)
I realised my mistake two seconds later and posted it in English as
well. (see other post)

I have done scans with various av-programmes now (including
pandasoftware, bitdefender, symantec, macafee, trendmicro's
housecall), neither of which found any viruses on my machine. The
av-programme I have installed is trendmicro's pc cillin.
The funny thing is, that pc cillin does have protocols about all other
malware found on my machine, giving information about the name of the
virus, the place where it was found, and which action was taken - but
for the day rasmontr.exe was put in quarantine, there is no protocol.
I did not delete any protocols either.

I took a look at the lists on wildlist.org & vmyths.com but didn't
find any info on "rasmontr.exe".

And my machine is still running fine - at least I did not notice
anything strange so far.

Can a virus change it's name to some random file name, once it's
landed on my hard drive? And my av software would be able to notice it
as bad code,but wouldn't be able to identify exactly which virus it
is?

That would however still not explain why there isn't a protocol for
the day the file was put into quarantine.

I am not encountering any problems with my computer at the moment, so
I am not in hysterics....I just would feel a great deal happier if I
could delete that strange thing from quarantine.

Alex
 
modern_millie said:
Can a virus change it's name to some random file name, once it's
landed on my hard drive? And my av software would be able to notice it
as bad code,but wouldn't be able to identify exactly which virus it
is?
Click to expand...

Trojans sometimes use file names similar to real system files.

Have you tried uploading it to Kaspersky?
http://www.kaspersky.com/scanforvirus

I had a suspicious spyware file that passed TDS, AVG, Spybot, and
Adaware, but their online scan detected it.

michael
 
Have you tried uploading it to Kaspersky?
http://www.kaspersky.com/scanforvirus

I had a suspicious spyware file that passed TDS, AVG, Spybot, and
Adaware, but their online scan detected it.

michael
Click to expand...


No, I haven't. I went to the website and then realised that I would
have to release the file from quarantine before being able to upload
it there. I was too scared it would cause severe damage if released
from quarantine :-(
And what if pc cillin fails to catch the file again after it's been
restored for upload to kaspersky?

I ran spybot in the meantime, and it found a changed registry key:

GoldenPalace.Casino
autorun settings (rasmontr)
(then follows a long registry key number)

So 'rasmontr.exe' is likely to be some form of spy- or adware!? Does
that mean I can delete it now? Please someone say yes!

Alex
 
On that special day, modern_millie, ([email protected]) said...
I took a look at the lists on wildlist.org & vmyths.com but didn't
find any info on "rasmontr.exe".
Click to expand...

It might help to send the obscure file to an online scanning service, eg

http://www.kaspersky.com/de/remoteviruschk.html

Which will check the file and give a result. There are lots of trojan
variants which are hard to detect each time the program has been
compilated anew, but Kaspersky should be capable to detect anything
suspicious, they are quite good at that.


Gabriele "well, I *could* write in German, but how about the others"
Neukam

(e-mail address removed)
 
modern_millie said:
Can a virus change it's name to some random file name, once it's
landed on my hard drive? And my av software would be able to notice it
as bad code,but wouldn't be able to identify exactly which virus it
is?
Click to expand...

A "trojan downloader" malware often will delete the downloader trojan after the downloader
downloads and runs the other malware it is designed to download and the detector should be able to
detect the bad code no matter what name it has. Of course it will not detect bad code in files with
filename extentions that it has been told not to scan or not been told to scan.
That would however still not explain why there isn't a protocol for
the day the file was put into quarantine.
Click to expand...

No log file for the AV programs quarantine action? That IS strange happening. You would always want
logging.
I am not encountering any problems with my computer at the moment, so
I am not in hysterics....I just would feel a great deal happier if I
could delete that strange thing from quarantine.
Click to expand...

Me - - I would restore the file from quarantine or sent it from quarantine to AV vendors to find
the malware name and investigate more. It might be a new thing and you would be helping others
by sending it for eval.
 
yes I know I should have done so..but coward that I am, I was too
scared to restore the file. I have deleted it now. Hopefully no
trouble will result from that file missing on my computer.

Again, thanks a lot to everyone for answering my questions.

Alex x
 
Back
Top