> Spyware Encyclopedia Page 68 > HTTP RAT

HTTP RAT removal

Spyware HTTP RAT Information
Name: HTTP RAT Category: RAT Author: Zombie Coded in: C Dangerous: Yes

HTTP RAT is RAT - spyware.
You should remove it from your system as soon as possible.

HTTP RAT description by Zombie:

Vendor: [HTTP_RAT 0.31] coded in C. works on win9x/2000/xp [What is it] HTTP_RAT is a "web-server" that allows you to browse victim´s computer with any explorer on any OS(!). It forwards victim´s ip adress to your email adress, so u have just to open his_ip[:port] in your explorer. [How to use] Run httprat.exe, fill in your email addresss and smtp server(s) & click [Create]. It´ll make a file called httpserver.exe. Send that file to victim. When victim opens it u´ll get mail with instructions. [Features] server size: 30kb view/kill processes browse/download/execute/delete any file near firewalls b4 running hmm.. that is all 4 now ;] these will be added in next version: file uploading screen capture registry editing(maybe) better hiding/startup methods automatically find smtp server [smth useful that u can suggest] zombie

This RAT is also known as:

•Backdoor.Zombam.a.
• Backdoor.Zombam.d.
• Backdoor.Zombam.g.
• Backdoor.Zombam.gen.
• Backdoor.Zombam.h.
• Backdoor.Zombam.i.
• Backdoor.Zombam.k.
• Backdoor.Zombam.l.
• Backdoor.Zombam.m.
• Backdoor.Zombam.n.
• HTTP_RAT.

>> Delete HTTP RAT automatically - Download Spyware Doctor

HTTP RAT Removal Instructions
Kill the following processes httprat.exe, httprat01a.exe, httpserver.exe, ck16.exe, ck412.exe, ckmgr.exe, sys412.exe
Delete these registry entries HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\ntmgr HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\win16
Remove the following files httprat.exe, httprat01a.exe, httpserver.exe, readme.ru.txt, readme.txt. ck16.exe, ck412.exe, ckmgr.exe, sys412.exe in Windows\cookies\

Bookmark HTTP RAT page

Previous Spyware: Remove HTTP Cracker 1.1.3b

Next Spyware: Remove HTTP RAT 0.1a