How to remove Ammyy Admin (Malware Removal Guide)
What is Ammyy Admin?
Ammyy Admin is a RAT (Remote Administration Tool) or backdoor Trojan that is often used to drop payloads of malware such as ransomware onto a computer. The Ammyy Admin RAT is typically distributed by spam email campaigns inside malicious Microsoft Office document attachments that incorporate the malware.
Oftentimes, alongside the Remcos RAT, a malicious document macro that is developed to bypass Microsoft Windows’ UAC security and execute malware with high privilege is utilized. The documents contain a macro that executes a shell command that is used to essentially download and run malware.
A UAC-bypass technique under Microsoft’s Event Viewer (eventvwr.exe) is ued to hijack the HKCU\Software\Classes\mscfile\shell\open\command registry. Because of this, the macro’s shell command replaces the value from the registry entry to the malware’s location This allows the the malware to be executed opposed to Microsoft’s mmc.exe.
Since Ammyy Admin is a remote desktop tool, it allows several different things to happen to a victim’s machine once installed by a cyber criminal. It allows remote access by establishing a connection to the client IP and ports where the server connects. Remote access opens a lot of windows and security threats to the machine. It can drop malware onto the infected machine such as ransomware. It also has a basic keylogger function to obstruct stored passwords in hopes that the user will re-type their passwords in order to capture them.
A sign that Ammyy Admin is running on your machine is if you notice a fake Chrome.exe process (also shown as Chrome.exe *32) running in Windows Task Manager. The description for the process will say “Ammyy Admin.”
Ammyy Admin removal steps
The Ammyy Admin removal steps on this page explain how to remove Ammyy Admin malware and other threats from your computer.
Step 1: Remove malware with Malwarebytes Anti-malware
Step 2: Check your computer for malicious trace files with HitmanPro
Step 3: Clean up and fix system issues with CCleaner
1. Remove malware with Malwarebytes Anti-Malware
- Open your browser window and download Malwarebytes 3.0 Premium or Malwarebytes Anti-Malware Free.
- Open the executable file (mb3-setup.exe or other) to begin installing Malwarebytes.
- Select your language, click Next, then select “I accept the agreement,” click the Next button several times, and then click the Install button to install Malwarebytes. Click Finish once the install process is complete.
- Open Malwarebytes and click the Scan Now button on the Dashboard to begin scanning your computer.
Click the Quarantine Selected button once the scan is finished.
- If Malwarebytes says “All selected items have been removed successfully. A log file has been saved to the logs folder. Your computer needs to be restarted to complete the removal process. Would you like to restart now?” click the Yes button to restart your computer.
2. Check your computer for malicious trace files with HitmanPro
- Open your browser window and download HitmanPro.
- Open the executable file (hitmanpro_x64.exe or hitmanpro_x32.exe) to begin installing HitmanPro.
- Click the Next button, check “I accept the terms of the license agreement,” and click the Next button again.
- On the Setup page select “Yes, create a copy of HitmanPro so I can regularly scan this computer (recommended)” and add your email address to the registration fields to begin the free trial.
- Click Next to begin scanning your computer.
- Once the Scan results are displayed click the Next button and click the Next button again on the Removal results page.
3. Clean up and fix system issues with CCleaner
- Open your browser window and download CCleaner Professional or CCleaner Free.
- Open the executable file (ccsetup.exe or other) to begin installing CCleaner.
- Click the Install button to begin stalling the program.
- Click Run CCleaner to open the program when installation is complete.
- Select the Cleaner tab and click the Analyze button.
- When the Analyze process is complete click the Run Cleaner button to clean all files.
- Next, select the Registry tab and click the Scan for Issues button to scan for issues in your registry.
- When the scan is complete click the Fix selected Issues button and Fix All Selected Issues button to fix the issues.
- Next, select the Tools tab and click Startup. Examine each area, search for suspicious entries, and delete any suspicious startup entries by selecting the entry and clicking the Delete button.
- Next, click Browser Plugins and search each internet browser for unwanted browser add-ons and extensions. Click the extension you want to delete and click the Delete button to remove it.