• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
j_holmes

slave.exe

2 posts in this topic

I've been having problems with popups, winlogon.exe keeps accessing the Internet, with ads following right after. I just updated to Norton 2004, and it pics up this slave.exe. It states its a risk. But doesnt delete it. I've done a search on it (through windows search).

In the properties of it , it says:

Description :RA Server

Location :C:\WINDOWS

Comments :http://www.twd-industries.com

Company :TWD Industries SAS

Legal TradeMarks :Remote-Anything, RA

File Version :4.3.3

 

Does this thing belong to Windows?

Would this thing cause popups?

Any feed back would be much appreciated.

Thanks all..

Edited by j_holmes

Share this post


Link to post
Share on other sites

Hi

 

Filename: Slave.exe

Program Title: RA Server

Rating: 1 ( Not Recommended - Resource Hog, Spyware )

Comments: Added as a result of the RA VIRUS!

 

 

Backdoor.RA

 

This is a typical client-server remote administration utility that allows to connect to remote computer(s) and manage its (their) system resources in real time (similar to "pcAnywhere" by Symantec). This utility is known by the name "Remote-Anything", and is developed and distributed by the company TWD Industries (http://www.twd-industries.com).

This program is detected and classified as Backdoor trojan because it absolutely meets a Backdoor-program's behavior:

 

hidden installation to the system

completely hides itself in the system when active

allows to administrate affected system from remote host

The server component of this program hides itself in the system and is not visible to an average user, unlike other remote administration tools that:

have standard installation and deinstallation procedures

have any visible interface (an icon in tray-bar, for instance)

 

 

Removing the Server

To remove the server component from the system you need to run AVP with latest updates and let it delete the server. You also need to delete the registry key manually.

You may also manually delete the registry key, reboot the computer and delete the server file SLAVE.EXE in the Windows directory.

 

You may also use a special removing utility that is distributed by TWD Industries on their Web site.

 

http://www.avp.ch/avpve/trojan/backdoor/ra.stm

 

HTH

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0