DameWare Mini Remote Control Server
DameWare Mini Remote Control Server has been known as a powerful tool for remote computer management. It enables full control over the computer and it is used by network administrator often. The module can be installed remotely and with certain settings surveillance can be done covertly. We believe that the users of private networks will be interested in this article.
You can find modules of DameWare Mini Remote Control Server in COVERT monitors. DamewareMini.sys and dwvkbd.sys are in driver monitor. DWRCS.EXE and DWRCST.EXE are in the monitor of system processes and service with the name of dwmrcs appears in the “System Services“.
“Network Monitor” indicates that there is a service with an active connection. It is DWRCS.EXE.
To see inactive connection (when there is no active connection, but the tracking module is installed and waiting for command) click the left mouse button on the title “App“. We will see additional processes waiting for connections, but are not active at the moment. It is an opportunity to identify currently inactive monitoring.
To disable monitoring of your computer, you have to add the name of DWRCS.EXE process to “Database threats.” After that, the access to the computer for this program will be denied. To add to the database, you should double click by the left mouse button on the process in network monitor or to open the context menu and select “add to base threats.” (You must confirm your action by clicking “Save” in the main window of the program).
The error message appears on the remote computer and the observer will not be able to connect to you and monitor your computer while you are working into the secure platform.
As soon as you come out of secure platform the control over your computer will be restored again. You can hide your actions using COVERT platform without removing modules of the monitoring program.
To completely turn off the tracking module you should open the window “System Services” and find the line with that service. Change the startup type via the context menu to Disabled (this step must be taken, otherwise the observer from a remote computer will be able to reactivate the stopped service) and stop the service.
After these steps, the remote computer will lose connection with your computer and will not be able to connect again. It will receive an error message about the impossibility to activate the tracking service for connection requests.
Thus, you can turn off monitoring of your computer and restrict access to it, when there will be a need for this. If you need to restore control, click the button “All services” in the “Service System” and choose from a list the tracking module (now it will be highlighted in yellow) and change the startup type to “Auto” in the context menu. Then select “Start” in the “Modify services tasks”.
The monitoring service will work, and control of your system will be restored completely after these steps.
To completely remove monitoring of your computer, click by right mouse on the DameWare Mini Remote Control Server in the “System Services” and left click on the items in the context menu: “Open the service folder,” “Stop the service” and “Delete” in “Modify services tasks”.
In the “Driver monitor” click “All drivers” and deleted via the context menu the drivers DamewareMini.sys and dwvkbd.sys. After removing these drivers, you have to restart the computer and check the path of the driver from the context menu. If the driver has been removed, Covert offers to remove the remaining information about it.
The monitoring modules of the DameWare Mini Remote Control Server is completely removed now. In order to avoid repeated remote installation, you must restrict access to folders and files through Windows network settings.
Download COVERT Pro and check FREE of charge your computer for spyware and rootkits, which were not detected by an antivirus.