Backdoor.Ratenjay

Backdoor.Ratenjay Description

Backdoor.Ratenjay (njRAT) is a dangerous RAT, or Remote Access Trojan, that is used to take over the victims' computers and control them from a remote location, track on information, or their activities. Backdoor.Ratenjay is especially prevalent in the Middle East. In most cases, RATs like Backdoor.Ratenjay may be associated with botnets, that is, vast networks of infected computers that can be controlled as a group to carry out combined attacks. A botnet is the kind of threat that may be used to accomplish DDoS attacks (Distributed Denial of Service) on specific targets to overwhelm them and make them inaccessible, to issue massive amounts of spam email messages, to launder money, conceal harmful online activities and a variety of other suspicious activities. RATs may be an effective weapon in conflicts and the Middle East is no exception. Backdoor.Ratenjay is the most widely used RAT in countries ranging from North Africa (for example Algeria or Tunisia) to Middle Eastern countries such as Kuwait and Iraq.

Shooing this RAT out of Your Computer


Backdoor.Ratenjay is very similar to the most widely used RATs. Backdoor.Ratenjay may execute malicious code on infected computers, modify the infected computer's settings, track on the victim's activities by taking screenshots or logging keystrokes, access the infected computer's Webcam and a variety of other potentially harmful activities. Malware researchers first detected Backdoor.Ratenjay in June of 2013 and, currently, there are three distinct versions of this threat that are active. In most cases, Backdoor.Ratenjay is distributed using infected USB drives or folders shared on a network.

Why Backdoor.Ratenjay is So Popular in the Middle East


The popularity of Backdoor.Ratenjay in this part of the world is due thanks to two factors. First of all, Backdoor.Ratenjay is developed by hackers in Kuwait, who update Backdoor.Ratenjay regularly and have adapted Backdoor.Ratenjay for use in this region. Secondly, this part of the world is currently undergoing numerous political and social upheavals where hacking and online activism is tremendously important. RATs like Backdoor.Ratenjay are tremendous weapons for both sides of the conflict.

Infected with Backdoor.Ratenjay? Scan Your PC for Free

Download SpyHunter’s Spyware Scanner
to Detect Backdoor.Ratenjay

Security Doesn't Let You Download SpyHunter or Access the Internet?


Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
  • Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
  • Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
  • Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in 'Safe Mode with Networking' and install SpyHunter in Safe Mode.
  • IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.

If you still can't install SpyHunter? View other possible causes of installation issues.

Technical Information

File System Details

Backdoor.Ratenjay creates the following file(s):
# File Name
1 %Temp%\[THREAT FILE NAME].exe
2 %ProgramFiles%\Startup\[RANDOM NAME].exe
3 [THREAT FILE NAME] may be one of the following strings:
4 driver
5 %SystemDrive%\! My Picutre.SCR
6 Trojan
7 %DriveLetter%\! My Picutre.SCR
8 WinRAR
9 adobe

Registry Details

Backdoor.Ratenjay creates the following registry entry or registry entries:
HKEY..\..\..\..{RegistryKeys}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\"%Temp%\[THR
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"[DIGITS AND NUMBERS]" = "\%Temp%\[THREAT FILE NAME]\"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\"CleanShutdown" = "0"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"[DIGITS AND NUMBERS]" = "\%Temp%\[THREAT FILE NAME]\"
EAT FILE NAME]" = "%Temp%\[THREAT FILE NAME]:*:Enabled:[THREAT FILE NAME]"

Leave a Reply

IMPORTANT! To be able to proceed, you need to solve the following simple math.
Please leave these two fields as-is:
What is 9 + 4 ?