Archived from groups: microsoft.public.windowsxp.basics (
More info?)
Hi Mick.
Rasautou.exe is the dialer, something is causing the system to try and make
a connection, likely a virus or spyware. This article discusses it:
Modem Automatically Attempts a Dial-Up Connection [Q316530]
http://support.microsoft.com/?kbid=316530
It's also protected by SFP (System File Protection), so it would be
reinstalled from a backup if you tried to delete it. Lucky for you the
system is smart enough to know this. As to the others:
Wvsvc.exe is a worm:
http://fr.trendmicro-europe.com/enterprise/security_info/ve_detail.php?id=59309&VName=WORM_AGOBOT.YM
Cgqajhg.exe is a trojan, more on removal below. Resolving this will probably
also resolve the dialer issue with rasauto.exe.
Module.exe is part of another worm:
http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_FLOPYCHI.A
As is esplorer.exe:
http://securityresponse.symantec.com/avcenter/venc/data/w32.bolgi.worm.html
I suspect you misspelled the last one (wauaclt.exe) and actually meant
wuauclt.exe, which is the autoupdate client. This should be expected to run.
Trojan removal steps:
Restart in Safe mode by hitting F8 as Windows first begins to load on boot.
Logon as administrator.
Start/search/files and folders, look for <filename> and delete it wherever
it is found.
Start/run regedit, expand the + signs to look under these keys:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg
Look in the right hand pane for the string or strings that load that file.
Delete just those strings that contain the reference. Do not delete other
strings or the keys from the left pane. Close the registry editor when
completed, make sure you check all strings.
Go to the Control Panel/System/System Restore tab. Check the box to "Turn
off system restore on all drives". Click apply/ok. This will remove all
restore points, however you don't want them back as some or all of them will
contain the virus depending upon how recently you got infected.
Restart the system normally. Go back to the Control Panel/System and restart
System Restore.
Update your antivirus software, run a full system scan.
--
Best of Luck,
Rick Rogers, aka "Nutcase" - Microsoft MVP
http://mvp.support.microsoft.com/
Associate Expert - WindowsXP Expert Zone
www.microsoft.com/windowsxp/expertzone
Windows help - www.rickrogers.org
"mick" <anonymous@discussions.microsoft.com> wrote in message
news:222001c4aeb2$b0c61600$a301280a@phx.gbl...
> Everytime I start up my computer the folowing programs
> start up even though I have previously deleted them. Can
> anyone tell me how to stop them opening? Please help.
> WVSVC.EXE, CGQAJHG.EXE, MODULE.EXE, ESPLORER.EXE,
> WAUACLT.EXE and also RASAUTOU.EXE (which tries to connect
> to the internet every ten seconds when not connected.
Facebook
Twitter
Instagram