Home » Blog » Cybersecurity » How to remove Ammyy Admin (Malware Removal Guide)
Ammyy Admin process

How to remove Ammyy Admin (Malware Removal Guide)

What is Ammyy Admin?

Ammyy Admin is a RAT (Remote Administration Tool) or backdoor Trojan that is often used to drop payloads of malware such as ransomware onto a computer. The Ammyy Admin RAT is typically distributed by spam email campaigns inside malicious Microsoft Office document attachments that incorporate the malware.

Ammyy Admin

Oftentimes, alongside the Remcos RAT, a malicious document macro that is developed to bypass Microsoft Windows’ UAC security and execute malware with high privilege is utilized. The documents contain a macro that executes a shell command that is used to essentially download and run malware.

A UAC-bypass technique under Microsoft’s Event Viewer (eventvwr.exe) is ued to hijack the HKCU\Software\Classes\mscfile\shell\open\command registry. Because of this, the macro’s shell command replaces the value from the registry entry to the malware’s location This allows the the malware to be executed opposed to Microsoft’s mmc.exe.

Since Ammyy Admin is a remote desktop tool, it allows several different things to happen to a victim’s machine once installed by a cyber criminal. It allows remote access by establishing a connection to the client IP and ports where the server connects. Remote access opens a lot of windows and security threats to the machine. It can drop malware onto the infected machine such as ransomware. It also has a basic keylogger function to obstruct stored passwords in hopes that the user will re-type their passwords in order to capture them.

Ammyy Admin process

A sign that Ammyy Admin is running on your machine is if you notice a fake Chrome.exe process (also shown as Chrome.exe *32) running in Windows Task Manager. The description for the process will say “Ammyy Admin.”

Ammyy Admin removal steps

The Ammyy Admin removal steps on this page explain how to remove Ammyy Admin malware and other threats from your computer.
Step 1: Remove malware with Malwarebytes Anti-malware
Step 2: Check your computer for malicious trace files with HitmanPro
Step 3: Clean up and fix system issues with CCleaner

1. Remove malware with Malwarebytes Anti-Malware

BUY NOW       FREE TRIAL       FREE DOWNLOAD

  1. Open your browser window and download Malwarebytes 3.0 Premium or Malwarebytes Anti-Malware Free.
  2. Open the executable file (mb3-setup.exe or other) to begin installing Malwarebytes.
  3. Select your language, click Next, then select “I accept the agreement,” click the Next button several times, and then click the Install button to install Malwarebytes. Click Finish once the install process is complete.
  4. Open Malwarebytes and click the Scan Now button on the Dashboard to begin scanning your computer.
  5. Ammyy Admin malwarebytes
    Click the Quarantine Selected button once the scan is finished.
  6. If Malwarebytes says “All selected items have been removed successfully. A log file has been saved to the logs folder. Your computer needs to be restarted to complete the removal process. Would you like to restart now?” click the Yes button to restart your computer.

2. Check your computer for malicious trace files with HitmanPro

BUY NOW       FREE TRIAL

  1. Open your browser window and download HitmanPro.
  2. Open the executable file (hitmanpro_x64.exe or hitmanpro_x32.exe) to begin installing HitmanPro.
  3. Click the Next button, check “I accept the terms of the license agreement,” and click the Next button again.
  4. On the Setup page select “Yes, create a copy of HitmanPro so I can regularly scan this computer (recommended)” and add your email address to the registration fields to begin the free trial.
  5. Click Next to begin scanning your computer.
  6. Once the Scan results are displayed click the Next button and click the Next button again on the Removal results page.

3. Clean up and fix system issues with CCleaner

BUY NOW       FREE TRIAL       FREE DOWNLOAD

  1. Open your browser window and download CCleaner Professional or CCleaner Free.
  2. Open the executable file (ccsetup.exe or other) to begin installing CCleaner.
  3. Click the Install button to begin stalling the program.
  4. Click Run CCleaner to open the program when installation is complete.
  5. Select the Cleaner tab and click the Analyze button.
  6. When the Analyze process is complete click the Run Cleaner button to clean all files.
  7. Next, select the Registry tab and click the Scan for Issues button to scan for issues in your registry.
  8. When the scan is complete click the Fix selected Issues button and Fix All Selected Issues button to fix the issues.
  9. Next, select the Tools tab and click Startup. Examine each area, search for suspicious entries, and delete any suspicious startup entries by selecting the entry and clicking the Delete button.
  10. Next, click Browser Plugins and search each internet browser for unwanted browser add-ons and extensions. Click the extension you want to delete and click the Delete button to remove it.
Written by

Jared Harrison

Jared Harrison is an accomplished tech author and entrepreneur, bringing forth over 20 years of extensive expertise in cybersecurity, privacy, malware, Google Analytics, online marketing, and various other tech domains. He has made significant contributions to the industry and has been featured in multiple esteemed publications. Jared is widely recognized for his keen intellect and innovative insights, earning him a reputation as a respected figure in the tech community.

More Reading

Post navigation

Leave a Comment

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Mac Apple FBI virus
Categories

How to remove FBI Cyber Department virus – Apple Mac OS Ransomware removal

Categories

What is .EVEREST and how do I remove it and recover files?

sad ransomware
Categories

How to Remove Sad Ransomware (Virus Removal)