Monday, 27 April 2009

Raka International On drive spy


Recently, I found this new thing infecting the systems coming mainly from browsing centres etc,. called Raka International On drive spy.

Now, I am not sure what this thing is. I wouldn't wanna jump to conclusions saying that it's a virus or a trojan. Even the latest updated antivirus / antispywares on my system didn't recognise the thing. Even the firewall didn't report anything suspicious.

But I have enough reasons to doubt the thing-
1)It comes in uninvited - In other words , Infects!
2)More importantly, it calls itself "SPY"
3)Processes spring up unwanted and unwarranted

The only problem I have faced so far by this thing is that it hogs system capacity when it starts.
God knows what other damage it has done to my system. Since I found out a way to remove this thing, or so I think, I will list out the simple steps here.

How to remove Raka International On drive spy?

NOTE:
The steps are listed out in detail for novices, experts and "experts" please bear with it.
If you can't see the whole picture - Click on it to view it properly!



Step 1 - Remove raka open from startup process -

1. Go to start menu
2. Run
3. Type "msconfig" and press enter
4. Under Startup tab uncheck the option that says __rakopen.exe or something like that
(Actually I forgot what the exact name was, but it should be pretty obvious ;)
5. Don't click on 'ok' or 'apply' yet. Go to next step.



Step 2 - Remove Raka open from startup menu
1. Again, I don't remove the exact name and again it should be obvious.
2. Go to Start>All programs>Startup
3. Right click on '__rakopen.exe' or anything which seems to be Raka
4. Select delete
5. Now click on Apply in the startup window in step 1
6. Restart the system.


They call it version 1.0.6
In case it is a virus/trojan and they do come back with another version, they will make it much harder to remove the virus. I expect the antiviruses to detect and delete them by then!

This method must work for you. If it does or even if it doesn't, please tell me about it here in the form of a comment! Also tell me if you figure out what the exact names were so that I can make this description a little more accurate. Hope it helps a few people at least!

19 comments:

nitin said...

found u thru a forum.thnx 4d article,it helped me clean up my system

u can safely call it a virus dude.....what else can it b.thnx again,keep up the good work

Iceman said...

Hey,
thnx. Which forum?

More importantly..could you please tell us what the exact names were of the startup process and the program in the startup menu?

Sam said...

brother, it didnt work for me at all. the drive still has the same raka icon. it starts up as soon as i enter that drive. so... and im worried that if i transfer the contents of that drive to another drive in order to format it, raka also will be transferred.plz help. i wud be grateful...

Iceman said...

Do you remember the process name and the program name in the start up menu?

Did you follow the steps in order?

In all probability, it has already entered your systems windows drive, if you search for it in the windows partition (most probably C:\) and if you had found it before, better transfer the content to C: itself before formatting it.

Then follow the steps again and check. Hopefully it will work. I would have done the same thing, if the procedure had not worked!

Anonymous said...

Hi I'm the programmer of this what you called "Virus".
Actually, a few months ago we had a virus, creating files "newfolder.exe". The antivirus then, din't detect it. My friends asked me to develop a solution for that.
This virus, creates files in all folders of your removable disk, disables taskmanager and msconfig.
I programmed this application to spread instead of "newfolder.exe", but does no harm to your comp.

And that's why my application does not have a "Virus Print"...!

Now that my application has served its purpose ("newfolder.exe" has been demolished!). You can safely remove it(it has no use.).

for that. open task manager.

goto processes. click on __rakopen.exe and kill the process.

goto >> start menu >> programs >> startup >> delete __rakopen.exe.

Im getting late. i'll soon telll you how to remove it from a pendrive.

bye.

Anonymous said...

if you encountered any problem,its due to some other virus,reciding in your system. I say again, this program does not harm your comp.

Mississippiguy said...

^^^
u xpct us to believe ur trash? Programmer huh? loada crap.....just another crap worm


@iceman thanx 4da info

Iceman said...

@ Above. If you hadn't said thnx I would have deleted your comment :D (I'm Iceman, I'm selfish ;)

Please mind your language here people!


@ Mr.anonymous "programmer"

1) If you please read the blog again, PROPERLY this time. I haven't called it a virus.

2)If its true what you said, its a pretty inefficient effort.

3) Raka spreads without peoples permission, so if its not a virus, you have created a worm atleast!

4) The world did not need your help with newfolder.exe , all antiviruses detect and delete the virus.

5) Raka hogs system capacity. So its not harmless.

If what you say is true, I guess your intentions were good. But can't help since the outcome wasn't


Thanks for letting us know the process names!
Take care.

niranjan said...

Hi,
thanks iceman and anonymous.
please advise how to remove raka from pendrive. do i need to format it.

SEELAM said...

hi please advise how to remove raka from pendrive

vanipriya said...

Hello All,
I also had this problem. I connected a new ext-HDD to my system and this thing came and sat on it. The good thing for me was, the HDD was brand new and had no data. Nevertheless, now that I've got rid of this, I can tell you how to go about this :

* This Raka creates a new hidden directory, whenever it detects a removable drive this way, (K is the drive I'd, so I would use it here as well) :
* K:\__RakOpen\open.exe
Its a double underscore. If you type this in the command prompt, it would open up that spy thingie which runs in the background.
* This is a hidden folder and its read only. So just uncheck the readonly thing, by right-clicking on the properties when the folder comes up.
*Now go to your command prompt (Start->run->cmd)and get to your root directory of the external drive.
something like K:\
* Open your task manager and kill
Open.exe or _RakOpen.exe if its running
* Get back to your command prompt and type
K:\RMDIR /S /Q __RakOpen
* This will remove the folder and Raka from your drive
* You can give a quick format, if you want to Get rid of the raka icon and the autoplay list of raka.

If you do not want to go through the above, you can try to ignore Raka on your hdd, by remembering these :
* Raka opens up only if you double click on the Raka icon that comes instead of your HDD's default icon or by selecting it during autoplay
* If you right click -> explore on your hdd, Raka doesn't interfere
So thats the work around for you !
Hope this works for all of you !

Anonymous said...

hi
i tried to remove raka but i couldnt i followed ur steps i couldnt remove it. when i tried to remove it is coming like this
"connot delete__Rakopen:Access is denied
make sure the disk is not full or write protected and that the file is not currently in use"
and it is affecting only mobiles when i connect any mobile to my system thru usb Plz do help me i m looking for ur reply

veenamadhuri said...

hi !..............Very Serious Problem Help me outtttttttttttttt
Recently in my system RAKA INTERNATIONAL Spy Drive ......got effected .......and also it effected into pen drive and external hard disk ...........i installed so many antivirus and i asked my system & pendrive and also not removing.........finally i searched in net i got one solution but when am trying to do its not happening some error is coming........... MAKE A SURE THE DISK IN NOT FULL OR WRITE-PROTECTED AND THAT THE FILE IS NOT CURRENTLY IN USE..................
like this plssssssssssssss send me any suggestions step by step and also send me the mail to g.veenamadhuri@gmail.com plssssssssssssssss its urgent

veenamadhuri said...

c sx

123 said...

Thank you very much guys... The solution works great...

Ranjith_asp said...

Hi there, thanks for all the solutions and descriptions..

This RAKA is sure not just a worm..

It got into my PC even when I was using it from a Login that do not have Admin rights..

Next wierdly, when I try to kill or delete or remove this ugly stuff, my PC restarts.. Damn the creator for his Anti-superman tactics for removing newfolder.exe.. I don think Raka was made for this..

I also suspect RAKA is getting its versions updated too..

khan said...

U can aramse remov raka from your pendrive or from other drive, first u need to install SYMENTEC ENDPOINT PROTECTION. open that software n go to VIEW QUARENTINE,from ther click ADD option n go to your drive which hv that raka folder and add it n delete it easilly

BiRaChi said...

i tried to remove this from my external but didnt work out. somebody please help

Anonymous said...

Pen drive infected with virus.. symentec thing dint work... is der ne other method 2 get rid off it!!!