rlid.exe - Dangerous
rlid.exe
Manual removal instructions:
Antivirus Report of rlid.exe:
rlid.exe
Added as a result of the LIXY virus.
Backdoor.Lixy is a Backdoor Trojan Horse that opens a proxy server on TCP port 1080.
Backdoor.Lixy consists of one .dll file and two .exe files.
The file names are usually the following:
- Rlid.exe: For setting up and running other Trojan files.
- Lid.exe: Contains the main routine of the backdoor.
- Lid.dll: A malicious Browser Helper Object that runs Lid.exe.
Backdoor.Lixy performs the following actions:
Adds the value:
"Key1"=""
to the registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
so that the Trojan starts when you start Windows.
Adds the following keys in the registry:
HKEY_CLASSES_ROOT\CLSID\{1E1B2879-88FF-11D2-8D96-D7ACAC95951A}
HKEY_CLASSES_ROOT\HTMLEdit.SSocks5
HKEY_CLASSES_ROOT\HTMLEdit.SSocks5.1
HKEY_LOCAL_MACHINE\Software\CLASSES\CLSID\{1E1B2879-88FF-11D2-8D96-D7ACAC95951A}HKEY_LOCAL_MACHINE\Software\CLASSES\HTMLEdit.SSocks5
HKEY_LOCAL_MACHINE\Software\CLASSES\HTMLEdit.SSocks5.1
HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{1E1B2879-88FF-11D2-8D96-D7ACAC95951A}
which adds Lid.dll as a Browser Helper Object.
Manual removal:
Delete the unneeded registry keys (see above).
Automatic removal:
Use RegRun Startup Optimizer to remove it from startup.
| rlid.exe | Malware |
| rlid.exe | Dangerous |
| rlid.exe | High Risk |
Backdoor.Lixy is a Backdoor Trojan Horse that opens a proxy server on TCP port 1080.
Backdoor.Lixy consists of one .dll file and two .exe files.
The file names are usually the following:
- Rlid.exe: For setting up and running other Trojan files.
- Lid.exe: Contains the main routine of the backdoor.
- Lid.dll: A malicious Browser Helper Object that runs Lid.exe.
Backdoor.Lixy performs the following actions:
Adds the value:
"Key1"="
to the registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
so that the Trojan starts when you start Windows.
Adds the following keys in the registry:
HKEY_CLASSES_ROOT\CLSID\{1E1B2879-88FF-11D2-8D96-D7ACAC95951A}
HKEY_CLASSES_ROOT\HTMLEdit.SSocks5
HKEY_CLASSES_ROOT\HTMLEdit.SSocks5.1
HKEY_LOCAL_MACHINE\Software\CLASSES\CLSID\{1E1B2879-88FF-11D2-8D96-D7ACAC95951A}HKEY_LOCAL_MACHINE\Software\CLASSES\HTMLEdit.SSocks5
HKEY_LOCAL_MACHINE\Software\CLASSES\HTMLEdit.SSocks5.1
HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{1E1B2879-88FF-11D2-8D96-D7ACAC95951A}
which adds Lid.dll as a Browser Helper Object.
Manual removal:
Delete the unneeded registry keys (see above).
Automatic removal:
Use RegRun Startup Optimizer to remove it from startup.
Dmitry Sokolov:
I created UnHackMe in 2006 to fix the problem that antivioruses did not fix: detecting rootkits.
Since that time I work every day to fix the issues that antiviruses cannot.
If your antivirus have not helped you solve the problem, you should try UnHackMe.
We are a small company and you can ask me directly, if you have any questions.