- 13 February 2007
- Risk Impact:
- File Names:
- Systems Affected:
Remacc.Rics allows remote users to access an infected computer.
Your Symantec program detects this threat as Remacc.Rics.
An intruder often installs Remacc.Rics as a backdoor to a compromised system; however, it can also be used as a legitimate remote administration tool.
Antivirus Protection Dates
- Initial Rapid Release version 02 October 2014 revision 022
- Latest Rapid Release version 01 February 2015 revision 020
- Initial Daily Certified version 20 February 2004
- Latest Daily Certified version 28 September 2010 revision 036
- Initial Weekly Certified release date 25 February 2004
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
When Remacc.Rics is executed, it performs the following actions:
- Searches for the file, rics.ini, in the same folder in which it is executed. This file contains the configuration information for the utility, such as user authentication, logging, and the port to use.
- Opens a command shell on a TCP port and listens for connections. By default, this is TCP port 1001.
- Displays the following icon in the system tray:
The following instructions pertain to all Symantec antivirus products that support Security Risk detection.
- Update the definitions.
- Run a full system scan and delete all the files detected as Remacc.Rics.
1. Updating the definitions
To obtain the most recent definitions, start your Symantec program and run LiveUpdate.
2. Scanning for and deleting the files
- Start Norton AntiVirus and make sure that it is configured to scan all the files. For more information, read the document, "How to configure Norton AntiVirus to scan all files."
- Run a full system scan.
- If any files are detected as Remacc.Rics, click Delete.