Anti-Spyware Forums
Forums Articles Anti-Spyware Software Spyware Database Register Members Search
Member Login:


Remove Rahack


Rahack Description

Rahack is a dangerous worm that scans the network for vulnerable PCs running Radmin remote administration tool and infects them. The worm may give the remote attacker full unauthorized access to compromised computers. It also infects all found HTML files.

Remove Rahack

Stop the following Rahack processes:
svchsot.exe
mscolsrv.exe
syshid.exe
srvsxc.exe


Remove the following Rahack registry keys:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunsysser
HKEY_LOCAL_MACHINESYSTEMRAdmin
HKEY_LOCAL_MACHINESOFTWARERAdmin
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesMSCoolServ
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesMSCoolServ
HKEY_CLASSES_ROOTexefileshellopencommand(Default)=syshid.exe%1%*
HKEY_CLASSES_ROOTCLSID[randomname]


Unregister the following Rahack DLL files:
server.dll


Delete the following Rahack files:
svchsot.exe
mscolsrv.exe
syshid.exe
srvsxc.exe
server.dll
system.vbs


Other Spyware

0-9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

 


All times are GMT. The time now is 03:30 AM.
SpywarePoint.com Copyright 2003-2008, All Rights Reserved.
Powered by vBulletin®. Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Contact Us - Archive - Top