Remacc.Radmin - Removal

The following instructions pertain to all Symantec antivirus products that support Security Risk detection.

1. Update the definitions.
2. Remove all the entries that the risk added to the hosts file.
3. Restart tne computer in Safe mode.
4. Run a full system scan and delete all the files detected as Remacc.Radmin.
5. Delete any values added to the registry.
   

For specific details on each of these steps, read the following instructions.

1. Updating the definitions
To obtain the most recent definitions, start your Symantec program and run LiveUpdate.

2. To remove all the entries that the risk added to the hosts file

1. Navigate to the following location:
   
   
   • Windows 95/98/Me:
     %Windir%
   • Windows NT/2000/XP:
     %Windir%\System32\drivers\etc
     
     Notes:
   • The location of the hosts file may vary and some computers may not have this file. There may also be multiple copies of this file in different locations. If the file is not located in these folders, search your disk drives for the hosts file, and then complete the following steps for each instance found.
   • %Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows (Windows 95/98/Me/XP) or C:\Winnt (Windows NT/2000).
     
     
2. Double-click the hosts file.
3. If necessary, deselect the "Always use this program to open this program" check box.
4. Scroll through the list of programs and double-click Notepad.
5. When the file opens, delete all the entries added by the risk. (See the Technical Details section for a complete list of entries.)
6. Close Notepad and save your changes when prompted.

3. To restart the computer in Safe mode
Shut down the computer and turn off the power. Wait for at least 30 seconds, and then restart the computer in Safe mode or VGA mode. For instructions, read the document: How to start the computer in Safe Mode.

4. Scanning for and deleting the files
Start Norton AntiVirus and make sure that it is configured to scan all the files. For more information, read the document, "How to configure Norton AntiVirus to scan all files."
Run a full system scan.
If any files are detected as Remacc.Radmin, click Delete.

5. To delete the value from the registry

Note: This procedure is optional. It is not likely that the keys, which currently known versions of this adware has added, will do any harm if they are not removed from the registry. Removal can be somewhat complex due to the randomly named files.

Important: Symantec strongly recommends that you back up the registry before making any changes to it. Incorrect changes to the registry can result in permanent data loss or corrupted files. Modify the specified subkeys only. Read the document: How to make a backup of the Windows registry.

1. Click Start, and then click Run.
2. Type regedit
   
   Then click OK.
   
3. Navigate to and delete the registry keys:
   
   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Remote Administrator v2.2
   HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\r_server
   HKEY_LOCAL_MACHINE\System\RAdmin
   
   
4. Exit the Registry Editor.

Technical Details