Severity scale:  
  (85/100)

RadMin. How to remove? (Uninstall guide)

removal by Jake Doevan - - | Type: Trojans

Radmin – a dangerous trojan horse that allows bad actors to remotely control your device

Radmin virus
Radmin is a remote administration tool that can be abused by cybercriminals

Radmin virus is a remote administration tool (RAT) that comes into systems as a trojan horse[1] via spam emails or malicious websites. The malware gains root access to the computer and allows hackers to remotely control it, like making screenshots or installing another malware. Unfortunately, the main executable deletes itself as soon as the malicious payload is executed, making detection and removal much more complicated.

SUMMARY
Name Radmin
Type Trojan Horse
Distribution Spam emails, malicious websites
Symptoms Rarely any, although users may notice occasional freezes or/and crashes
Main dangers Stolen personal information and malware infiltration
Detection and elimination Use Reimage

Initially, this software is an official tool used by IT specialists as administration software. However, the remote access component can be abused by hackers to control victims' computers, which gets injected via a trojan. We are going to talk about the malicious version of the program, namely, Radmin virus or Win32.RAdmin.Zenworks.

Remote administration tools are hazardous when abused by cybercriminals, because users may completely lose the control of their machine. As soon as the malware is injected into the PC, it creates the following  files:

  • C:\Windows\System32\config\admdll.dll
  • C:\Windows\System32\config\raddrv.dll
  • C:\Windows\System32\config\svchost.exe
  • C:\Windows\System32\config\svcset.bat
  • C:\Windows\System32\config\svcset.reg
  • C:\:services.exe

System services, used by Windows OS are replaced by malicious executable which runs in the Task Manager. Malware also modifies other settings in order to gain persistence. There is no doubt that users should immediately remove Radmin trojan from their computers, and it should not be done manually, as trojan horses are viruses that are written in a sophisticated code. Therefore, we suggest using security software, such as Reimage.

The RAT tool allows hackers to perform various malicious tasks on the targeted computer, including:

  • Multiply itself via the network;
  • Download and upload malicious files;
  • Change various system parameters;
  • Start or shut down applications;
  • Record victim's activity.

Although some files might be deleted or software corrupted, it is not the main danger of Radmin trojan. Information tracking can lead to severe consequences, such as identity theft[2] or stolen money directly from your bank account. 

Unfortunately, the malware rarely exposes any symptoms, as its goal is to remain undetected while the malicious activity is taking place. However, users may experience occasion system or software crashes or freezes, increased CPU usage, an increased amount of advertisement on their browsers, and an overall sluggish PC performance.

Therefore, we advise you take care of Radmin removal. For that, you will have to scan your machine with reputable security software.

Malware can strike unexpectedly, so be ready

Trojan horses are the sneaky type of infections which also opens doors to other malware, such as ransomware or digital currency miners. These cyber threats are perilous as they can lead to file destruction or hardware wear and tear over time. Of course, there is no way to protect yourself from malware 100%, but there is something you can do to decrease the possibility of infection.

Security experts[3] note that the most effective trojan horse distribution method is via malicious spam email attachments. With the help of bots, hackers send out thousands of emails to various users. These phishing emails may look dodgy, or closely resemble/look identical to messages one would get from the legitimate company, like Amazon or FedEx.

Therefore, it is essential to recognize these threats. Never open attachments within these emails, especially if they ask for the macro function to be enabled. Additionally, pay attention to hyperlinks that are fake – merely place a cursor on it and you will see the address it will lead you to. Finally, check the “From” address – it is the biggest giveaway that it is a scam.

If your computer is infected with RadMin virus, proceed with the following elimination steps

To remove Radmin virus, you will have to download and install security software, if you do not possess one yet. We recommend using Reimage or Plumbytes Anti-MalwareMalwarebytes Malwarebytes, as these products are leaders in cybersecurity market and can take care of even the toughest virus.

Beware that the trojan deletes its executable and can make detection much more complicated. To ensure complete Radmin removal, we suggest you enter Safe Mode with Networking on your device, as explained below.

Offer
do it now!
Download
Reimage (remover) Happiness
Guarantee
Download
Reimage (remover) Happiness
Guarantee
Compatible with Microsoft Windows Supported versions Compatible with OS X Supported versions
What to do if failed?
If you failed to remove virus damage using Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to remove virus damage. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.
Alternative Software
Different security software includes different virus database. If you didn’t succeed in finding malware with Reimage, try running alternative scan with Malwarebytes.
Alternative Software
Different security software includes different virus database. If you didn’t succeed in finding malware with Reimage, try running alternative scan with Combo Cleaner.

To remove RadMin, follow these steps:

Remove RadMin using Safe Mode with Networking

In case security software cannot start properly, enter Safe Mode with Networking:

  • Step 1: Reboot your computer to Safe Mode with Networking

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Safe Mode with Networking from the list Select 'Safe Mode with Networking'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Networking in Startup Settings window. Select 'Enable Safe Mode with Networking'
  • Step 2: Remove RadMin

    Log in to your infected account and start the browser. Download Reimage or other legitimate anti-spyware program. Update it before a full system scan and remove malicious files that belong to your ransomware and complete RadMin removal.

If your ransomware is blocking Safe Mode with Networking, try further method.

Remove RadMin using System Restore

You can also eliminate Radmin by using System Restore:

  • Step 1: Reboot your computer to Safe Mode with Command Prompt

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Command Prompt from the list Select 'Safe Mode with Command Prompt'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window. Select 'Enable Safe Mode with Command Prompt'
  • Step 2: Restore your system files and settings
    1. Once the Command Prompt window shows up, enter cd restore and click Enter. Enter 'cd restore' without quotes and press 'Enter'
    2. Now type rstrui.exe and press Enter again.. Enter 'rstrui.exe' without quotes and press 'Enter'
    3. When a new window shows up, click Next and select your restore point that is prior the infiltration of RadMin. After doing that, click Next. When 'System Restore' window shows up, select 'Next' Select your restore point and click 'Next'
    4. Now click Yes to start system restore. Click 'Yes' and start system restore
    Once you restore your system to a previous date, download and scan your computer with Reimage and make sure that RadMin removal is performed successfully.

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from RadMin and other ransomwares, use a reputable anti-spyware, such as Reimage, Malwarebytes MalwarebytesCombo Cleaner or Plumbytes Anti-MalwareMalwarebytes Malwarebytes

About the author

Jake Doevan
Jake Doevan - Computer technology expert

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Jake Doevan
About the company Esolutions

References