Manual Spy Bot Removal > RapidBlaster
RapidBlaster is a task run on Windows startup. When an internet connection is present it periodically connects to its servers to fetch advertising.
Variants
RapidBlaster/v1 is the original version. RapidBlaster/lp is an update using a slightly different names. ('rb32 lptt01'.)
RapidBlaster/Rnd is an update which uses pseudo-random filenames which it fetches from its controlling server www.rapidblaster.com. If it fails to contact its server it will just use 'RapidBlaster\rb32.exe' as with older variants. If you remove it, it will reinstall itself using a new name. Filenames seen so far include:
| Adaware\adaware.exe |
Aimaol\aimaol.exe |
BelmontSoft\Bsoft.exe |
| DonkeySoft\dkware.exe |
efaxs\efaxs.exe |
Exe\exe.exe |
| explorer\explorer.exe |
foobin\foobin.exe |
general\general.exe |
| Icon\icon.exe |
Iexplorer\iexplorer.exe |
Kazaa\kazaa.exe |
| Mcf\mcf.exe |
Microfinder\mcf.exe |
Mslogon\mslogin.exe |
| msconfig\msconfig.exe |
mssurfer\surfer.exe |
Msyss\msys.exe |
| Newsgroup\newsgroup.exe |
Notepad\Notepad.exe |
NvidStar\nvd32.exe |
| RapidBlaster\rb32.exe |
RealPlay\realplay.exe |
32services\services.exe |
| spool\spool.exe |
Spybott\spybott.exe |
Spyguard\Spywareguard.exe |
| Surfer\surfer.exe |
Syscon\syscon.exe |
Syslog\syslog.exe |
| Taskmngr\taskmngr.exe |
win32_A\win32_a.exe |
win32_I\win32_i.exe |
| Winsyslog\winsyslog.exe |
Winwan\winwan.exe |
yahoo_toolbar\yahoo_toolbar.exe |
RapidBlaster/AInst is an ActiveX installer used to load v1 or lp.
Also known as
rb32 , after its original executable name.
Distribution
ActiveX drive-by download on affiliate pages, including misleading download links (eg. 'megamovieblaster') and pop-ups.
Also installed by the ISTBar parasite; the script at this site cannot detect RapidBlaster if installed this way.
Advertising
Yes, typically pop-ups for porn sites.
Privacy violation
Suspected: the privacy policy at the RapidBlaster site states cookies are used to profile the user's interests. I have observed no such behaviour from the software at the time of writing.
Security issues
Yes. Can download and execute arbitrary unsigned code pointed to by its controlling servers. Is known to install diallers such as DialerOffline .
RapidBlaster/AInst, if not removed, can also allow any web page to silently reinstall RapidBlaster.
Stability problems
None known.
Removal
Use the Control Panel's Add/Remove Programs entry for 'RapidBlaster' (v1 variant) or 'rb32 lptt01' (lp variant). For the Rnd variant, manual removal must be used.
To remove the AInst variant installer, go to the Downloaded Program Files folder inside the Windows folder, right-click the 'AInst' item and 'Remove' it.
After restarting, you can clear up by deleting the 'RapidBlaster' folder inside Program Files, and deleting the key 'HKEY_LOCAL_MACHINE\Software\RapidBlaster' from the registry (Start->Run->regedit).
JavaCool's RBKiller is a specific tool to completely remove RapidBlaster, including the Rnd variant. Ad-Aware should also be able to remove other RapidBlaster variants.
Manual removal
First, open the Task Manager (press Ctrl+Alt+Delete). Find the RapidBlaster program (rb32.exe, or, in the Rnd variant, any one of the above filenames — some are quite similar to normal Windows program names, so be careful). Click on this process name to select it then click 'End process' and confirm.
Now open the registry (click 'Start', choose 'Run' and enter 'regedit'). Find the key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run and delete the 'Something lptt01' entry on the right. 'Something' will be the same as the filename of the RapidBlaster program - you can now delete the folder containing this.
|
