ra32.exe - Useless


Manual removal instructions:

BackDoor-CAY - password stealer trojan. Also known as Backdoor.Carufax (AVP), Troj/Volver (Sophos), Win32.Reign (CA).

This trojan uses a stealth technique to circumvent certain scanning technology.
The trojan attempts to capture typed keystrokes and steal web site passwords.
Trojan do not self-replicate. It is spread manually, often under the premise that the executable is something beneficial.
Distribution channels include IRC, peer-to-peer networks, newsgroup postings, email, etc.

When run, the trojan creates a hidden directory named f~a within the WINDOWS SYSTEM directory.
Adds the value: "f~a" = C:\WINNT\System32\f~a\ra32.exe
to the registry keys:

Within this directory, several files are created:
usr_ext.dll (captures keystrokes and steals password)
usrvcrt.dll (captures web site username/password)

Use RegRun Startup Optimizer to remove this trojan.

Remove ra32.exe now!

Dmitry Sokolov:

I created UnHackMe in 2006 to fix the problem that antivioruses did not fix: detecting rootkits.

Since that time I work every day to fix the issues that antiviruses cannot.

If your antivirus have not helped you solve the problem, you should try UnHackMe.

We are a small company and you can ask me directly, if you have any questions.


You can read UnHackMe testimonials here.