home

rutserv.exe

Remote Manipulator System

Usoris Systems LLC

The application rutserv.exe by Usoris Systems has been detected as a potentially unwanted program by 10 anti-malware scanners. It runs as a windows Service named “TektonIT - R-Server”. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.
Publisher:
TektonIT  (signed by Usoris Systems LLC)

Product:
Remote Manipulator System

Description:
RMS

Version:
5.1.1.0

MD5:
1b0cd8439c9cac63dd77bd269b7f1acc

SHA-1:
b7eadaa5004578f147b12055396fdfcf61eca4a4

Scanner detections:
10 / 68

Status:
Potentially unwanted

Explanation:
Injects advertising in the web browser in various formats.

Analysis date:
1/5/2026 2:38:26 AM UTC  (today)

Scan engine
Detection
Engine version

AegisLab AV Signature
RemoteAdmin.W32.RMS.l!c
2.1.4+

ESET NOD32
Win32/RemoteAdmin.RemoteUtilities.D potentially unsafe (variant)
10.13734

Fortinet FortiGate
Riskware/RMS
10/16/2016

IKARUS anti.virus
not-a-virus:RemoteAdmin.Win32.RMS
t3scan.2.1.6.0

K7 AntiVirus
Unwanted-Program
13.231.20098

Kaspersky
not-a-virus:RemoteAdmin.Win32.RMS
14.0.0.-565

McAfee
Artemis!1B0CD8439C9C
5600.6244

Qihoo 360 Security
Win32/Virus.RemoteAdmin.4c1
1.0.0.1120

Sophos
Generic PUA LH (PUA)
4.98

Zillya! Antivirus
Adware.BrowseFox.Win32.143304
2.0.0.2937

File size:
4.6 MB (4,771,160 bytes)

Product version:
5.1.1.0

Copyright:
Copyright © 2011 TektonIT. All rights reserved.

Trademarks:
Remote Manipulator System, TektonIT

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\remote manipulator system - server\rutserv.exe

Digital Signature
Signed by:
Usoris Systems LLC

Authority:
DigiCert Inc

Valid from:
11/24/2011 1:00:00 AM

Valid to:
11/28/2012 1:00:00 PM

Subject:
CN=Usoris Systems LLC, O=Usoris Systems LLC, L=Victoria, S=Mahe, C=SC

Issuer:
CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
03EE40D56B7E363E2EECC7050C4C0A7E

File PE Metadata
Compilation timestamp:
1/14/2012 12:43:11 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:xS2MCo9rddGSPEReVgBDHMiieL/ENn5VZeUZW+E+A24YYJ18TXmgncFjMFTYTnrt:xJCFS1E5deUZM+ADYrTXmgncFjByX54R

Entry address:
0x3B4D80

Entry point:
55, 8B, EC, 83, C4, F0, B8, CC, ED, 79, 00, E8, 88, 72, C5, FF, E8, 3B, 99, FE, FF, E8, B2, 28, C5, FF, 8B, C0, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
3.7 MB (3,881,472 bytes)

Service
Display name:
TektonIT - R-Server

Service name:
RManService

Description:
Allows Remote Manipulator System users to connect to this machine.

Type:
Win32OwnProcess, InteractiveProcess


Remove rutserv.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.