Manage Learn to apply best practices and optimize your operations.

Do I have a Remote Administration Trojan (RAT) on my system?

I have something called AdvancedRemoteInfo listed as a program file on my Exchange server. I'm afraid it is a RAT (Remote Administration Trojan) and I think I should delete it in Add/Remove programs. What do you think?
I suspect that you are correct. There is no such file having anything to do with the base Windows Server 2003 or Exchange Server 2003 installation. While I could not confirm the existence of "AdvancedRemoteInfo" as a Trojan executable, there are a number of variants for RATs. Because I can not confirm it, before removing it, you might want to make sure that it is not part of any third-party software you have installed on your system.

If it is a Trojan, using Add/Remove programs might not be enough. If you do not already have an antispyware solution for you enterprise servers, you should look into obtaining one. Most spyware solutions will allow you to perform a free scan of your system assuming it has Internet access. This will detect if this is in fact a Trojan.

However, in order to remove it, you will need to purchase the full version of the software or trust yourself to be able to remove it. Even if you successfully remove it manually, it might just re-install itself again. Antispyware software will hopefully be able to find all locations where the malware is hidden in your system and remove it.

Do you have comments on this Ask the Expert Q&A? Let us know.

Dig Deeper on Exchange Server setup and troubleshooting

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.