ra32.exe - Useless

ra32.exe

Manual removal instructions:

ra32.exe
BackDoor-CAY - password stealer trojan. Also known as Backdoor.Carufax (AVP), Troj/Volver (Sophos), Win32.Reign (CA).

This trojan uses a stealth technique to circumvent certain scanning technology.
The trojan attempts to capture typed keystrokes and steal web site passwords.
Trojan do not self-replicate. It is spread manually, often under the premise that the executable is something beneficial.
Distribution channels include IRC, peer-to-peer networks, newsgroup postings, email, etc.

When run, the trojan creates a hidden directory named f~a within the WINDOWS SYSTEM directory.
Adds the value: "f~a" = C:\WINNT\System32\f~a\ra32.exe
to the registry keys:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

Within this directory, several files are created:
~key.log
~pass.log
~post.log
ra32.exe
usr_ext.dll (captures keystrokes and steals password)
usrvcrt.dll (captures web site username/password)

Use RegRun Startup Optimizer to remove this trojan.

Remove ra32.exe now!

Reviewed by:

by

ra32.exe Dangerous Rating: 5 out of 5

Jeff's Story:

My PC had gotten a bad rootkit that my ISP antivirus software (powered by McAfee) could not detect, nor could fix.

I sought a solution on the Internet and discovered your product and tried out the trial of UnHackMe.

You quickly found the rootkit and SAVED my PC!

I haven't had any problems since, and I'm extremely grateful.