WHAT IS A REMOTE ADMINISTRATION TOOL?

A remote administration tool (or RAT) is a program that allows certain persons to connect to and manage remote computers in the Internet or across a local network. A remote administration tool is based on the server and client technology. The server part runs on a controlled computer and receives commands from the client, which is installed on other remote host. A remote administration tool works in background and hides from the user. The person who controls it can monitor user’s activity, manage files, install additional software, control the entire system including any present application or hardware device, modify essential system settings, turn off or restart a computer.

Remote administration tools are divided into malicious and legitimate applications. Parasitical RATs, also known as remote administration trojans, are analogous to backdoors and have very similar functionality. However, they aren’t viral, do not propagate by themselves and usually do not have additional destructive functions or other dangerous payload. These parasites do not work on their own and must be controlled by the client.

Legitimate remote administration tools are commercial products targeted mostly to system administrators. Their main purpose is to allow the authorized personnel to remotely control and fix user computers. Nevertheless,  legitimate RATs have practically the same functionality as parasitical programs and therefore can be used for obvious malicious purposes. Navigate to RAT parasites

Newest Remote Administration Tools

Getting rid of CamKing

May 19th, 2014. CamKing is a malicious program, which can initiate various problems for you and your computer. In most of the cases, this virus seeks to steal personally identifiable information and send it to third parties. However, it may also be used for infecting computers with stronger... More...

Getting rid of Beast

September 24th, 2013. Beast is just another virus from a huge family of Remote Administration Tools that are actively spread at the moment. These threats allow certain persons to connect to the remote computers and manage them across a local network. The RATs are based on the server and client technology that gives... More...

How to remove Project1.Exe

October 15th, 2012. Project1.Exe is a Remote Administration Tool that is used by hackers to control victim's machine remotely. Just like many other RATs, this one can record your keystroke inputs, disable firewall, install malicious files on computer and do other unwanted activities. Basically, the possibilities of... More...

DATABASE OF Remote Administration Tools PARASITES

Total Remote Administration Tools parasites in our DB: 1079


# | A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z

    10
    1
  • .96mm 1.03 March 10th, 2005 | No Comments
    This remote administration tool originated in January 2004. The author is someone, hiding behind a nickname...

  • .96mm 2.1 March 10th, 2005 | No Comments
    Such simple but effective spyware is used by hackers for getting remote access to user's computer. The prin...

  • .97mm 3.22 March 10th, 2005 | No Comments
    This is a newer version of .97mm RAT program. It includes some new abilities and several bugs were fixed. ...

  • 4u March 10th, 2005 | No Comments
    This RAT has a "backdoor" function included. It means it installs a security breach in your computer, allowing...

  • 666 de Troie 1.0 March 10th, 2005 | No Comments
    Such simple but effective spyware is used by hackers for getting remote access to user's computer. The prin...

  • 666 deTroie March 10th, 2005 | No Comments
    Such simple but effective spyware is used by hackers for getting remote access to user's computer. The princip...

  • 711 beta 1 March 10th, 2005 | No Comments
    From the publisher: "Can turn off firewalls and AntiVirus. -Phone Spy -Keylogger -Screenshot -Get Passwords -...

  • 96mm March 10th, 2005 | No Comments
    One of a big similar RAP programs family, created by .c0m. Such simple but effective spyware is used by hacker...

  • .96mm 1.03 March 10th, 2005 | No Comments
    This remote administration tool originated in January 2004. The author is someone, hiding behind a nickname...

  • A-311 Death March 10th, 2005 | No Comments
    This RAT was created in Russia, in August 2003. The programming language is MASM. The author is Corpse. Thi...

  • A-311 Death 1.02 December 20th, 2007 | No Comments
    This is a newer version of the a-311 Death RAT program. It is written in MASM language. The author is a Russia...

  • A-311 Death 1.03 March 10th, 2005 | No Comments
    This is a newer version of the a-311 Death 1.02 RAT program. This version has the "backdoor" function inclu...

  • A-Trojan March 10th, 2005 | No Comments
    The main purpose of this program is providing a remote attacker the control of your computer. Most attacks ...

  • A-Trojan 2.0 March 10th, 2005 | No Comments
    This program was created using Delphi programming language. It was created in July 2000. The author is a Br...

  • A4Zeta Beta 1 March 29th, 2005 | No Comments
    Created in August 2002, this Brazillian RAT is used for remote controlling the victim's computer. It was creat...

  • ActiveXExamble March 10th, 2005 | No Comments
    Originated in December 1980. Such simple but effective spyware is used by hackers for getting remote access to...

  • Activity Monitor October 24th, 2011 | No Comments
    Activity Monitor is a powerful commercial remote administration and computer surveillance tool based on the se...

  • AdminTool 2.0 March 10th, 2005 | No Comments
    This RAT infects only windows 95/98/ME. The program was designed to send cached passwords and dial ups via ...

  • Adrem Free Remote Console March 10th, 2005 | No Comments
    This shareware program is presented as an administrational tool, which prime function is to help the user moni...

  • Advanced Remote Info March 10th, 2005 | No Comments
    Originated in February 2004. This RAT program has a lot of nasty abilities. It is shareware and can be downloa...

1 | | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | NEXT

WAYS OF INFECTION

Remote administration tools aren’t similar to regular computer viruses. Their server parts must be installed to the affected system as any other software with or without user content. There are two major ways unsolicited RATs can get into the system.

1. A legitimate remote administration tool can be manually installed by system administrator or any other user who has sufficient privileges for the software installation. A hacker can break into the system and setup own RAT. In both cases a privacy threat gets installed without the affected user’s knowledge and consent.
2. Malicious remote administration tools are installed by other parasites like viruses, backdoors or worms. Often they are dropped by specific trojans, which get into the system using Internet Explorer ActiveX controls or exploiting certain web browser vulnerabilities. Their authors run insecure web sites filled with malicious code or distribute unsafe advertising pop-ups. Whenever the user visits such a site or clicks on such a pop-up, harmful scripts instantly install a trojan. The user cannot notice anything suspicious, as a threat does not display any setup wizards, dialogs or warnings.

Widely spread malicious remote administration tools affect mostly computers running Microsoft Windows operating system. However, lots of less prevalent parasites are designed to work under different environments.

WHAT A REMOTE ADMINISTRATION TOOL DOES?

- Allows the intruder to create, delete, rename, copy, edit any file, execute various commands, change any system settings, alter the Windows registry, run, control and terminate applications, install arbitrary software or parasites.
- Allows the attacker to control computer hardware devices, modify related settings, shutdown or restart a computer without asking for user permission.
- Allows the malicious person to monitor user activity, steal his passwords, login names, personal documents, identity details and other sensitive information.
- Captures screenshots of user activity and transfers them to the intruder.
- Degrades Internet connection speed and overall system performance, decreases system security and causes software instability. Some parasitical RATs are badly programmed, they waste too much computer resources and conflict with installed applications.
- Provides no uninstall feature, hides processes, files and other objects in order to complicate its removal as much as possible.

EXAMPLES OF REMOTE ADMINISTRATION TOOLS

There are thousands of different remote administration tools. The following examples illustrate how powerful and extremely dangerous these threats can be.

RemoteStorm is a dangerous RAT parasite that gives the remote attacker full unauthorized access to user’s computer. The threat can wipe out all data from hard disks, manage files, record user keystrokes, restart or turn off a computer, take screenshots, display messages and modify critical system settings. It also is able to download and run software, steal system information. RemoteStorm consists of client and server. The latter runs in the infected system and receives commands from the attacker.

Remote Config is a legitimate remote administration tool used by system administrators to modify essential networking settings of remote systems. Remote Config can change IP address, DNS address, computer name, default gateway, etc. It also can shutdown or restart a computer.

Back Orifice is an infamous malicious remote administration tool that allows the intruder to do with a compromised computer everything he wants and even more. This tool has a massive amount of dangerous functions and leaves the victim completely unprotected and disorientated. Back Orifice can be used to manage files, run and install applications, terminate defined processes, modify essential system and networking settings, control the operating system, installed software and hardware devices, log keystrokes, take screenshots, capture video or audio, steal passwords, etc. This remote administration tool supports plugins and therefore can have different additional functionality.

CONSEQUENCES OF A RAT INFECTION

A remote administration tool allows the attacker to work with an infected computer in the same way as with its own PC and use it for various malicious purposes or even criminal offences. The responsibility for such activity is usually assumed by guiltless users on which systems malicious RATs were installed, as in most cases it is really hard to find out who was controlling a parasite.

Practically all remote administration tools are very difficult to detect. They can violate user privacy for months and even years until the user will notice them. The malicious person can use a RAT to find out everything about the user, obtain and disclose priceless information like user’s passwords, login names, credit card numbers, exact bank account details, valuable personal documents, contacts, interests, web browsing habits and much more.

Any remote administration tool can be used for destructive purposes. If the hacker was unable to obtain any valuable and useful information from an infected computer or have already stole it, he eventually may destroy the entire system in order to wipe out his tracks. This means that all hard disks would be formatted and all the files on them would be unrecoverably erased.

HOW TO REMOVE A REMOTE ADMINISTRATION TOOL?

Parasitical remote administration tools can be detected and removed with the help of effective antivirus products like Symantec Norton AntiVirus, Kaspersky Anti-Virus, McAfee VirusScan, eTrust EZ Antivirus, Panda Titanium Antivirus, AVG Anti-Virus. Some advanced spyware removers, which are able to scan the system in a similar way antivirus software does and have extensive parasite signature databases can also detect and remove certain remote administration tool and related components. Powerful anti-spyware solutions such as Microsoft AntiSpyware Beta, Spyware Doctor, Ad-Aware SE, SpyHunter or eTrust PestPatrol are known for quite fair RAT detection and removal capabilities.

In some cases even an antivirus or spyware remover can fail to get rid of a particular remote administration tool, especially of a legitimate one, which used for malicious purposes. That is why there are Internet resources such as 2-Spyware.com, which provide manual malware removal instructions. These instructions allow the user to manually delete all the files, directories, registry entries and other objects that belong to a parasite. However, manual removal requires fair system knowledge and therefore can be a quite difficult and tedious task for novices.

Additional resources related to Remote Administration Tools:

Attention: If you know or you have a website or page about Remote Administration Tools removal, feel free to add a link to this list: add url


more resources
Like us on Facebook
News
Subscribe
Ask us
Parasites
Tags
Files
What's your antispyware?
Compare
add text box
rss feed
help other
Spreading the knowledge: It is very hard to fight against computer parasites on the Internet alone. If you have a website, we would be more than happy if you would like to cooperate and help us spread the information about latest threats. Remember, knowledge is the most powerful weapon. Help your visitors protect their computers!