Click on screenshot to zoom
Danger level 8
Type: Remote Administration


RemoteAccess.GhostRadmin is a remote administration tool that allows for the full control of the infiltrated machine.

This type of program is typically installed by the computer owner or the computer administrator and should only be removed if it has been installed onto a computer system without the knowledge or permission of the computer user or computer administrator.

When executed, RemoteAccess.GhostRadmin will download the following files \'r_server.exe\' and \'AdmDll.dll\' from its affiliated Web servers.

RemoteAccess.GhostRadmin is also referred to as RemoteAccess:Win32/GhostRadmin, RemoteAccessGhostRadmin, Remote Access Ghost Radmin, Remote Access.GhostRadmin, or by its aliases:
- FireDaemon.EXE
- r_server.exe
- smss.exe
- svchost.exe

The following system change may indicate the presence of RemoteAccess.GhostRadmin:

* When the program is in use, RemoteAccess.GhostRadmin may open and await connections on TCP port 5899

TYo ensure a computer system does not fall vulnerable to these type intrusions, it is advised to adhere to the following practices:

* Enable a firewall on your computer.
* Get the latest computer updates.
* Run an up-to-date scanning and removal tool.
* Use caution with attachments and file transfers.

RemoteAccess.GhostRadmin is associated with the following malware groups:
* Malicious Software
* Cloaked Malware

Accordingly, RemoteAccess.GhostRadmin has been reported to display the following properties:

* The Process is polymorphic and can change its structure
* Changes to the file command map within the registry
* Creates a TCP port which listens and is available for communication initiated by other computers
* Registers a Dynamic Link Library File
* Creates a new Background Service on the machine
* RemoteAccess.GhostRadmin creates other processes on disk
* Makes outbound connections to other computers using NETBIOSOUT protocols * Modifies the Windows Host File which could be used to stop the user from visiting specific web sites by redirecting the browser to alternative addresses without the user knowing.
* Can communicate with other computer systems using HTTP protocols
* Executes a Process
* Enables an In Process Object/Server - Common with DLL Injections
* RemoteAccess.GhostRadmin Deletes Other Processes From Disk
* Terminates Processes
* Can communicate with other computers using TCP protocols
* Reads the user’s outlook address book
* Adds products to the system registry
* This Process Contains User Mode Rootkit Functionality and can hide itself from the running process list
* Adds a Registry Key (RUN) to auto start Programs on system start up

RemoteAccess.GhostRadmin may insert an uninstaller entry in \"Add or Remove Programs\" in the computer systems’ Control Panel.

If an uninstaller is not available or if the user does not want to use the uninstaller that is provided, it would be best to employ the services of a fully functional and up to date antispyware application to detect and remove RemoteAccess.GhostRadmin and other potentially unwanted software from the computer system in question.

Download Spyware Removal Tool to Remove* RemoteAccess.GhostRadmin
  • Quick & tested solution for RemoteAccess.GhostRadmin removal.
  • 100% Free Scan for Windows

How to manually remove RemoteAccess.GhostRadmin

Files associated with RemoteAccess.GhostRadmin infection:


RemoteAccess.GhostRadmin processes to kill:


Remove RemoteAccess.GhostRadmin registry entries:

HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesRemote Administrator Service
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Remote Administrator Service

Post comment — WE NEED YOUR OPINION!

Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.