Click on screenshot to zoom
Danger level 6
Type: Trojans
Common infection symptoms:
  • Annoying Pop-up's
  • Installs itself without permissions
  • Slow Computer

RemoteAccess:Win32/RemoteAnything

RemoteAccess:Win32/RemoteAnything, detected by Microsoft in August 2011, is a Trojan which sneaks into the system unnoticed. Due to its cunning components, the users cannot detect and remove it from the system easily.

One of the malicious files is slave.exe which is widely known as a component of RemoteAccess:Win32/RemoteAnything. This file creates the registry keys which allow the Trojan to start running when the user logs in to the system. In addition, the file might initiate security messages and warnings, gather information and send it to remote computers and also send mime emails.

In addition, the Trojan uses such valid file names as divxinstaller813.exe and avast!-5.exe to hide itself in the system. For example, divxinstaller813.exe is attributed to DivX Setup, which is a video player. After the installation of the program, divxinstaller813.exe is normally located in the folder “Program Files”. However, if you find this name somewhere outside the folder, you should get suspicious about this file and the reason of its presence. The malicious divxinstaller813.exe creates more files in the system so that the infection is not detected easily, and attempts to collect email addresses and personal information. Moreover, the name of the security tool Avast is also used to hide the Trojan. Scan your system for infections if you find avast!-5.exe, even though you do not have Avast installed.

In addition, RemoteAccess:Win32/RemoteAnything uses a Windows process name lssas.exe to trick PC’s users. The process LSASS supervises whether the user provides the system with the correct information to access the system and administrates the modifications of the passwords. This process can be found in the Task Manager. Interestingly, when the name of the file used to hide the infection, the name lsass.exe (lower L) is changed into a capitalised i, and the users might be easily mistaken by this modification.

As a result, RemoteAccess:Win32/RemoteAnything will not be removed from the system if the malicious components remain undetected. Thus, to delete this infection and protect your data, we recommend using a legitimate security tool which will detect and remove the Trojan automatically. Do not attempt to get rid of this infection manually, because you might delete legitimate system files and cause serious damage to the system.

Download Spyware Removal Tool to Remove* RemoteAccess:Win32/RemoteAnything
  • Quick & tested solution for RemoteAccess:Win32/RemoteAnything removal.
  • 100% Free Scan for Windows
disclaimer

How to manually remove RemoteAccess:Win32/RemoteAnything

Files associated with RemoteAccess:Win32/RemoteAnything infection:

Slave.exe
DivXInstaller813.exe
questbrwsearch.dll
efdfm600.exe
arsv.exe
BSSHelper.exe
questbrwsearch.dll
Avast!-5.exe
ra6zlc96.exe
efdfm600.exe
DivXInstaller813.exe
BSSHelper.exe
arsv.exe
.exe
Slave.exe
Avast!-5.exe
ra6zlc96.exe
.exe

RemoteAccess:Win32/RemoteAnything DLL's to remove:

questbrwsearch.dll
questbrwsearch.dll
questbrwsearch.dll

RemoteAccess:Win32/RemoteAnything processes to kill:

DivXInstaller813.exe
BSSHelper.exe
.exe
ra6zlc96.exe
arsv.exe
efdfm600.exe
Avast!-5.exe
Slave.exe
Avast!-5.exe
ra6zlc96.exe
efdfm600.exe
DivXInstaller813.exe
BSSHelper.exe
arsv.exe
.exe
Slave.exe
Disclaimer

Post comment — WE NEED YOUR OPINION!

Comment:
Name:
Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.