RemoteAccess.RServer

RemoteAccess.RServer is a form of malicious software, also further categorized as a Worm infection.

RemoteAccess.RServer is a part of a remote administrator application that allows a user to work on one or more remote computers.

The application contains features such as File Transfer, NT security and Telnet. RemoteAccess.RServer is generally used when performing administration tasks, remotely.

If a user makes use of RAdmin, this process should be left running, however, if not, then it is recommended to terminate the affiliated r_server.exe process, as it may have been inserted into the system in question, covertly – without the users’ consent or knowledge thereof.

RemoteAccess.RServer has been seen to perform the following behavior:

* Creates a TCP port which listens and is available for communication initiated by other computers
* Registers a Dynamic Link Library File
* Creates a new Background Service on the machine
* This Process Deletes Other Processes From Disk
* Executes a Process
* Terminates Processes
* Makes outbound connections to other computers using NETBIOSOUT protocols * Uses DNS to retrieve the IP address for web sites
* This Process Contains User Mode Rootkit Functionality and can hide itself from the running process list
* Adds a Registry Key (RUN) to auto start Programs on system start up
* Adds products to the system registry
* Enables an In Process Object/Server - Common with DLL Injections
* This process creates other processes on disk

Should a computer system be infiltrated with this dubious malware application, RemoteAccess.RServer, is it highly recommended to employ the services of a fully functional and up to date antispyware application, in order to rid the system infected of RemoteAccess.RServer and all its affiliated components.