A Remote Administration Tool is a special kind of hacker spyware, used for remote access and control of other people’s computers. The attacker infects the PC via the e-mail or File and Print Sharing. A “server” allows him to connect via a “client” on his own machine. The functions of a RAT may vary, depending on the needs of the hacker. Some RATs can’t really harm your PC and the only purpose they were made for is hooliganism. But some versions can steal vital information, delete files and even crash your system. The author of this RAT is a hacker called .:T.U.R:. He wrote this pest in Visual Basic programming language. Several versions (Remote Access (a), Remote Access (b), Remote Access 1.0, Remote Access Advanced) appeared from August 2002 to February 2003.
From the publisher:
“ResetPW. Invalid password. Please try again. I’ve loaded Remote Access on your PC. Your pc is doomed.”
“/away = set status of victim to away, /busy = set status of victim to busy, /invisible = set status of victim offline, /phone = set status of victim on the phone, /lunch = set status of victim to out to lunch, /name = set nickname to remote access is controlling now, /logoff = logs the victim off, /whatareyou = let the victim says something, /about = about the program, /exit = let the program exit on the victims pc, /msg = Shows a message on the victims screen with the text remote access is controling now, /keyboard = disables victims keyboard (only with win95/98/NT/ME), /mouse = disables victims mouse (only with win95/98/NT/ME), /brb = set status of victim be right back, /scroll = scrolls the victims name 4 times, /opencd = opens victims cd, /closecd = closes victims cd, /shutdown = shuts victims pc down (only with win95/98/NT/ME), /restart = restart victims pc (only with win95/98/NT/ME), /disconnect = disconnects the victim (only with modem), /print = prints the text you’ve opened remote access. your pc is doomed.’ /logform = logs the victim of and shows a fake login wizard where he must type his password then you can type /pass if he is back online and you gets his pass. The other commands are /logformNL and /passNL and then all works the same but the login wizard is dutch. /profile = changes the victims profile with things about remote access, /clearmail = delete all msgs in the inbox of the victim, /nick = change nick of victim customly (example /nick i am stupid), /kill = kills a file of the victim customly (example /kill c:\windows\regedit.exe), /add = adds a mail to the victims contactlist (example /add firstname.lastname@example.org), /block = blocks a mail on the victims contactlist (example /block email@example.com), /check = checks if remote access is running, /disable = disables victims ctrl+alt+del (if the victim has win2k it doesn’t work), /enable = enables victims keyboard (if the victim has win2k it doesn’t work), /war = kills whole victims pc, /say = let the victim says something (example /say hello), /exitforce = exits the program and doesn’t anymore run at startup, /msgbox = shows a message on the victims desktop (example /msgbox remote access is controlling you now), /crashwin98 = let the victims pc crash (only with win95/98/NT/ME), /crashwin98 = let the victims pc uncrash (only with win95/98/NT/ME), /swap = swap mouse buttons of victims mouse (only with win95/98/NT/ME), /open = opens a file on the victims pc (example /open c:\windows\regedit.exe), -Advance Commands- /port = sets a new port open from the victim (example /port 6667) /IP = let the victim gives his IP to you /host = let the victim gives his hostname to you You can use the client too if you don’t want to use commands.”
Remote Access manual removal: