Remote Helpdesk

Description:	Spyware
Risk Level:	Low
Date of First Occurence:	Thursday, May 22, 2008
Software Developer:	(unknown)
Brief Info:	Spyware is computer software that is installed surreptitiously on a personal computer to intercept or take partial control over the user's interaction with the computer, without the user's informed consent.
Removal:	This threat can be removed using "Spyware Terminator"

SCAN & REMOVE NOW »

Geographical Distribution of Threat "Remote Helpdesk"

Threat Info

View All

Detected Items

Detected Files: %WINDIR%\Remote Helpdesk Uninstaller.exe MD5: AAC2EA3BE5F4F5F3EF805319CE154C2E Size:151031 MD5: BE1B83ABFAC17A0B4B150C9429FF6DE2 Size:149684 %SystemDiskRoot%\Remote Helpdesk\IT_Machine.exe MD5: 87BB5C5CBDE66CD963C96ED79AAC2EF1 Size:475451 %SystemDiskRoot%\Remote Helpdesk\Copy of remhelp.exe MD5: 8758F9A1694DFA2FF877E0D9C995576C Size:475492 %SystemDiskRoot%\Remote Helpdesk\Copy (3) of remhelp.exe MD5: EB8420123B13D4DF8FB084FEC7CF2CD2 Size:475320 %SystemDiskRoot%\Remote Helpdesk\Copy (2) of remhelp.exe MD5: 52B47E1BABBBAD9285AA7751A065B307 Size:475350 %SystemDiskRoot%\Remote Helpdesk\remhelp.exe MD5: A60338C82FE6D96A6A084413B1422147 Size:431233 %SystemDiskRoot%\Remote Helpdesk\rhdbman.exe MD5: E1E25BF840452C3B8054A02733856FEF Size:903680
Detected Files with variable Filenames: MD5: DADEEC646AF506EF3061C464747B58AF Size: 940032 %SystemDiskRoot%\Remote Helpdesk\remhelpc-old.exe %SystemDiskRoot%\Remote Helpdesk\remhelpc.exe

Detecting items list:

Files by Name %SystemDiskRoot%\Remote Helpdesk\remhelp.chm %SystemDiskRoot%\Remote Helpdesk\remhelp.exe %SystemDiskRoot%\Remote Helpdesk\remhelpc.exe %SystemDiskRoot%\Remote Helpdesk\RemhelpSetup.bat %SystemDiskRoot%\Remote Helpdesk\rhdbman.exe %SystemDiskRoot%\Remote Helpdesk\RHDirectIP.bmp %SystemDiskRoot%\Remote Helpdesk\RHDirectIP.cfg %SystemDiskRoot%\Remote Helpdesk\RHDirectIP_FULL.bmp %SystemDiskRoot%\Remote Helpdesk\RHEmail.bmp %SystemDiskRoot%\Remote Helpdesk\RHEmail_FULL.bmp %SystemDiskRoot%\Remote Helpdesk\RHEmail2.bmp %SystemDiskRoot%\Remote Helpdesk\RHEmail2_FULL.bmp %SystemDiskRoot%\Remote Helpdesk\RHMail.cfg %SystemDiskRoot%\Remote Helpdesk\RHReverseIP.bmp %SystemDiskRoot%\Remote Helpdesk\RHReverseIP.cfg %SystemDiskRoot%\Remote Helpdesk\RHReverseIP_FULL.bmp %SystemDiskRoot%\Remote Helpdesk\RHReverseIP_FULL_PASSWORD.bmp %SystemDiskRoot%\Remote Helpdesk\RHRunning.bmp %SystemDiskRoot%\Remote Helpdesk\RHRunning_FULL.bmp %SystemDiskRoot%\Remote Helpdesk\uninstalldata.exe %START_PROGRAMSALL%\Remote Helpdesk\DB Manager.lnk %START_PROGRAMSALL%\Remote Helpdesk\Remote Helpdesk Client.lnk %START_PROGRAMSALL%\Remote Helpdesk\Remote Helpdesk Help.lnk %START_PROGRAMSALL%\Remote Helpdesk\Remote Helpdesk Server Setup.lnk %START_PROGRAMSALL%\Remote Helpdesk\Remote Helpdesk Server.lnk %START_PROGRAMSALL%\Remote Helpdesk\Uninstall Remote Helpdesk.lnk %APPDATA%\RemoteHelpdesk\macro.dat %APPDATA%\RemoteHelpdesk\processes.dat %START_PROGRAMSALL%\Remote Helpdesk\Uninstall Remote Helpdesk.lnk %WINDIR%\Remote Helpdesk Uninstaller.exe
Files by Directories %SystemDiskRoot%\Remote Helpdesk %START_PROGRAMSALL%\Remote Helpdesk %START_PROGRAMSALL%\Remote Helpdesk
Registry Keys HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Remote Helpdesk HKCU\Software\GID Software\Remote Helpdesk HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Remote Helpdesk

« Go to Software Database

Search in Our Software Database

Browse Software Database

Latest Malware News

March 15, 2010

For the second time since the beginning of the year another critical error with “zero-day” vulnerability has appeared in Internet Explorer browser. An effort to misuse this error was reported by several security companies. The error is not able to be misused through opening an email in HTML format, but it is enough to allure users to a fraudulent website or to click on a link in the email. This error does not affect Internet Explorer 8 but users with Internet Explorer 6 or 7 are recommended to activate DEP protection and block scripting in their browser and in emails. Furthermore, we recommend that users activate or install our WSG application (Web Security Guard), which protects users from entering fraudulent websites.

Older malware news »