NEWS
PARASITES
SOFTWARE
FORUM
DIRECTORY

 
 
 
 
 
 
  

Remove Rahack. Description and removal instructions

 
Title: Rahack
Type: Worms
Severity scale:Rahack severity is 72  (72 / 100)
 
Rahack is a dangerous worm that scans the network for vulnerable computers running Radmin remote administration tool and infects them. The worm may give the remote attacker full unauthorized access to compromised systems. It also infects all found HTML files. Once executed, Rahack installs several files and modifies the registry, so that it runs on every Windows startup.

FORUM:
Discuss Rahack in
spyware removal forum

Rahack properties:
• Allows remote user connection
• Connects itself to the internet
• Hides from the user
• Stays resident in background

Automatic Rahack removal:

remover for Rahack

Rahack manual removal:

Kill processes:
svchsot.exe, mscolsrv.exe, syshid.exe, srvsxc.exe
HELP:
how to kill malicious processes

Delete registry values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysser
HKEY_LOCAL_MACHINE\SYSTEM\RAdmin
HKEY_LOCAL_MACHINE\SOFTWARE\RAdmin
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSCoolServ
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSCoolServ
HKEY_CLASSES_ROOT\exefile\shell\open\command\(Default)=syshid.exe %1 %*
HKEY_CLASSES_ROOT\CLSID\[random name]
HELP:
how to remove registry entries

Delete files:
svchsot.exe, mscolsrv.exe, syshid.exe, srvsxc.exe, server.dll, system.vbs
HELP:
how to remove harmful files

Misc:
Exact file location:
svchsot.exe, mscolsrv.exe, syshid.exe, server.dll - C:\Windows\System, C:\Windows\System32 or C:\Winnt\System32
srvsxc.exe - C:\Wutemp
system.vbs - C:\Documents and Settings\[Current User]\Start Menu\Programs\Startup

Other programs to remove Rahack:

• Malwarebytes Anti Malware - Review - Download
• Malwarebytes Anti Malware - Review - Download
• Windows Defender - Review - Download

Information added: 12/08/05
Information updated: 12/08/05

Additional resources related to Rahack:

Attention: If you know or you have a website or page about Rahack removal, feel free to add a link to this list: add url



more resources

Post Comment:

Attention: Use this form only if you have additional information about Rahack parasite, its removal instructions, additional resources or behavior. By clicking "post comment" button you agree not to post any copyrighted, unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, profane, hateful, racially, ethnically or otherwise objectionable material of any kind.



Enter security code:

Latest spyware news:
Similar parasites:
Latest Spyware Threats: VirusProtect Pro | VirusLocker | SpyCrush | ContraVirus | SpyLocked | SpyDawn | AntiVerminser | SpywareQuake | VirusBurst | AntiVermins | AntiVermeans | Zlob | PopCorn.net | MovieLand | TagASaurus | BraveSentry | VirusBurster | SystemDoctor | VirusRescue | MalwareWipe | SpySheriff | CmdService | Smitfraud | SpywareStrike | WinFixer | WinHound | PestTrap | UnSpyPC
Agreement of Use | Privacy policy | Webmasters | Contact us | RSS Feeds
© 2001-2008 2-spyware.com All Rights Reserved. Reproduction in part or whole without written permission is prohibited. Powered by: eSolutions.