Ask the Expert

Do I have a Remote Administration Trojan (RAT) on my system?

I have something called AdvancedRemoteInfo listed as a program file on my Exchange server. I'm afraid it is a RAT (Remote Administration Trojan) and I think I should delete it in Add/Remove programs. What do you think?

    Requires Free Membership to View

I suspect that you are correct. There is no such file having anything to do with the base Windows Server 2003 or Exchange Server 2003 installation. While I could not confirm the existence of "AdvancedRemoteInfo" as a Trojan executable, there are a number of variants for RATs. Because I can not confirm it, before removing it, you might want to make sure that it is not part of any third-party software you have installed on your system.

If it is a Trojan, using Add/Remove programs might not be enough. If you do not already have an antispyware solution for you enterprise servers, you should look into obtaining one. Most spyware solutions will allow you to perform a free scan of your system assuming it has Internet access. This will detect if this is in fact a Trojan.

However, in order to remove it, you will need to purchase the full version of the software or trust yourself to be able to remove it. Even if you successfully remove it manually, it might just re-install itself again. Antispyware software will hopefully be able to find all locations where the malware is hidden in your system and remove it.


Do you have comments on this Ask the Expert Q&A? Let us know.

This was first published in July 2005

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: