1. /
  2. Security Response/
  3. Remacc.RCPro

Remacc.RCPro

Updated:
February 13, 2007 11:48:51 AM
Type:
RemoteAccess
Risk Impact:
Low
File Names:
%UserProfile%\Start Menu\Programs\Remote Control Pro\*.* %UserProfile%\All Users\Start Menu\Progr
Systems Affected:
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

When Remacc.RCPro is installed, it performs the following actions:
  1. Creates the following files:

    • %UserProfile%\Desktop\Remote Control Pro Administrator.lnk
    • %UserProfile%\Start Menu\Programs\Remote Control Pro\*.*
    • %UserProfile%\All Users\Start Menu\Programs\Remote Control Pro\*.*
    • %ProgramFiles%\Remote Control Pro\*.*
    • %System%\drivers\rcpmini.sys
    • %System%\rcphook.dll

      Note:
    • %UserProfile% is a variable that refers to the current user's profile folder. By default, this is C:\Documents and Settings\[CURRENT USER] (Windows NT/2000/XP).
    • %ProgramFiles% is a variable that refers to the program files folder. By default, this is C:\Program Files.
    • %System% is a variable that refers to the System folder. By default this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).

  2. Creates the following registry subkeys:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Remote Control Pro
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Rcphook
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Rcphook
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Rcphook
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Rcphook
    HKEY_CURRENT_USER\Software\Alchemy Lab\Remote Control Pro

  3. Installs a video hardware device driver on the client that it uses to display screenshots to the controlling administrator.

  4. Creates computer specific registry subkeys in the following locations when installing the video hardware device driver:

    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\DISPLAY
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\DISPLAY
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{5b45201d-f2f2-4f3b-85bb-30ff1f953599}
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceClasses\{5b45201d-f2f2-4f3b-85bb-30ff1f953599}
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Video
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video

  5. Configures the client to listen on TCP port 4000 by default, but this port is configurable.

  6. Displays an icon in the system tray as the default option for the client, however this can be turned off by the administrator.


Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report
Symantec DeepSight Screensaver