Rahack

Rahack Description


Rahack is a dangerous worm that scans the network for vulnerable PCs running Radmin remote administration tool and infects them. The worm may give the remote attacker full unauthorized access to compromised computers. It also infects all found HTML files.
Download SpyHunter Spyware Scanner

Rahack Automatic Detection Tool (Recommended)


Is your PC infected with Rahack? To safely & quickly detect Rahack, we highly recommend you run the malware scanner listed below.



File System Modifications

  • The following files were created in the system:
    # File Name
    1 mscolsrv.exe
    2 server.dll
    3 srvsxc.exe
    4 svchsot.exe
    5 syshid.exe
    6 system.vbs

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{RegistryKeys}HKEY_CLASSES_ROOTCLSID[randomname]HKEY_CLASSES_ROOTexefileshellopencommand(Default)=syshid.exe%1%*HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunsysserHKEY_LOCAL_MACHINESOFTWARERAdminHKEY_LOCAL_MACHINESYSTEMControlSet001ServicesMSCoolServHKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesMSCoolServHKEY_LOCAL_MACHINESYSTEMRAdmin
Posted: March 28, 2006 | By
Share:
Follow Me on Pinterest More More
Threat Level: 5/10
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading ... Loading ...
Rate this article:

Leave a Reply

What is 9 + 10 ?
Please leave these two fields as-is:
IMPORTANT! To be able to proceed, you need to solve the following simple math (so we know that you are a human) :-)