ra32.exe - Useless
ra32.exe
Manual removal instructions:
This trojan uses a stealth technique to circumvent certain scanning technology.
The trojan attempts to capture typed keystrokes and steal web site passwords.
Trojan do not self-replicate. It is spread manually, often under the premise that the executable is something beneficial.
Distribution channels include IRC, peer-to-peer networks, newsgroup postings, email, etc.
When run, the trojan creates a hidden directory named f~a within the WINDOWS SYSTEM directory.
Adds the value: "f~a" = C:\WINNT\System32\f~a\ra32.exe
to the registry keys:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Within this directory, several files are created:
~key.log
~pass.log
~post.log
ra32.exe
usr_ext.dll (captures keystrokes and steals password)
usrvcrt.dll (captures web site username/password)
Use RegRun Startup Optimizer to remove this trojan.
Reviewed by:
by
NightWatcher
Jeff's Story:
My PC had gotten a bad rootkit that my ISP antivirus software (powered by McAfee) could not detect, nor could fix.
I sought a solution on the Internet and discovered your product and tried out the trial of UnHackMe.
You quickly found the rootkit and SAVED my PC!
I haven't had any problems since, and I'm extremely grateful.