RemoteAccess.GhostRadmin is a remote administration tool that allows for the full control of the infiltrated machine.
This type of program is typically installed by the computer owner or the computer administrator and should only be removed if it has been installed onto a computer system without the knowledge or permission of the computer user or computer administrator.
When executed, RemoteAccess.GhostRadmin will download the following files \'r_server.exe\' and \'AdmDll.dll\' from its affiliated Web servers.
RemoteAccess.GhostRadmin is also referred to as RemoteAccess:Win32/GhostRadmin, RemoteAccessGhostRadmin, Remote Access Ghost Radmin, Remote Access.GhostRadmin, or by its aliases:
The following system change may indicate the presence of RemoteAccess.GhostRadmin:
* When the program is in use, RemoteAccess.GhostRadmin may open and await connections on TCP port 5899
TYo ensure a computer system does not fall vulnerable to these type intrusions, it is advised to adhere to the following practices:
* Enable a firewall on your computer.
RemoteAccess.GhostRadmin is associated with the following malware groups:
Accordingly, RemoteAccess.GhostRadmin has been reported to display the following properties:
* The Process is polymorphic and can change its structure
RemoteAccess.GhostRadmin may insert an uninstaller entry in \"Add or Remove Programs\" in the computer systems’ Control Panel.
If an uninstaller is not available or if the user does not want to use the uninstaller that is provided, it would be best to employ the services of a fully functional and up to date antispyware application to detect and remove RemoteAccess.GhostRadmin and other potentially unwanted software from the computer system in question.
How to manually remove RemoteAccess.GhostRadmin
Files associated with RemoteAccess.GhostRadmin infection:
RemoteAccess.GhostRadmin processes to kill:
Remove RemoteAccess.GhostRadmin registry entries:
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesRemote Administrator Service
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Remote Administrator Service