05-05-2013, 06:49 PM
I decided to post you guys a 'lil guide about Remote Access Tools. 
The guide also tells you a manualistic way to check whether your computer is infected by a RAT, or not;
"What is a Remote Access Tool (RAT)?"
Remote Access Tool, makes its host able to control its victim's computer, remotely.
"What can this "hacker" do with the RAT?
He can;
- Listen to your voice through your computer's microphone
- Control your files
- See you through your web-cam
- Much more!
"How can I detect whether my computer is infected by a RAT or not?"
1) Checking through processes;
* Press Ctrl + Alt + Del ->
* Open the task manager
* Open the processes tab
* Check through the processes, and see if there's any suspicious processes running (from an unknown manufacturer - Be aware that most of the processes are important, and that you may have two processes with the same name running, such as Winlogon. [<- In that case you are infected by a RAT.]
{Known possible dangerous processes; SVCHost, Windows, Winlogon.}
[This shows you if a RAT is currently running on your system!]
* After researching, and confirming that the process is dangerous, end it [In 2-processes-running -case, it's pretty much 50-50 which one you end.], by right clicking the process -> End process
The process is now ended!
2) Checking startup programs;
* Open your Windows menu
* Run "msconfig" with the search bar
* Open the Startup tab on the msconfig window
* Search for any suspicious/unwanted programs
(There is also a tick-box to disable any Microsoft services of showing up on your search!)
[All of these programs are executed upon your Windows starts itself!]
* If you have found an unwanted program, simply untick it to un-activate it
* After confirming that changes are made, simply restart your computer
[Now the chosen program(s) won't start up on the Windows startup, congratulations! ]
3) Useful extras;
- Scan your computer with multiple virus-scanning programs, such as;
* Malwarebytes
* Spybot ~ Search & Destroy
* Avast! or any other anti-virus (If your computer doesn't have an anti-virus installed, you're screwed.)
* Any other program with the possibility of scanning
- Disabling your internet-connection would be wise, when dealing with these kinds of viruses
(REMEMBER, THAT THERE IS MORE ADVANCED, MALICIOUS PROGRAMS, THAT MIGHT NOT BE DETECTABLE AS EASILY, AND MAY EVEN BE HIDDEN FROM THE PROCESS-LIST!)
EDIT: "Also, you can check your regedit.exe > hkey_local_machine_software_microsoft_windows_currentversion_run and
hkey_current_user_software_microsoft_windows_currentversion_run for programs that run on startup.
Useful tutorial though.
FUD (fully undetectable) rats and crypted rats can be harder or impossible to detect and can be removed only by restoring your factory settings."
A quote of angerlord03's reply
-DH
The guide also tells you a manualistic way to check whether your computer is infected by a RAT, or not;
"What is a Remote Access Tool (RAT)?"
Remote Access Tool, makes its host able to control its victim's computer, remotely.
"What can this "hacker" do with the RAT?
He can;
- Listen to your voice through your computer's microphone
- Control your files
- See you through your web-cam
- Much more!
"How can I detect whether my computer is infected by a RAT or not?"
1) Checking through processes;
* Press Ctrl + Alt + Del ->
* Open the task manager
* Open the processes tab
* Check through the processes, and see if there's any suspicious processes running (from an unknown manufacturer - Be aware that most of the processes are important, and that you may have two processes with the same name running, such as Winlogon. [<- In that case you are infected by a RAT.]
{Known possible dangerous processes; SVCHost, Windows, Winlogon.}
[This shows you if a RAT is currently running on your system!]
* After researching, and confirming that the process is dangerous, end it [In 2-processes-running -case, it's pretty much 50-50 which one you end.], by right clicking the process -> End process
The process is now ended!
2) Checking startup programs;
* Open your Windows menu
* Run "msconfig" with the search bar
* Open the Startup tab on the msconfig window
* Search for any suspicious/unwanted programs
(There is also a tick-box to disable any Microsoft services of showing up on your search!)
[All of these programs are executed upon your Windows starts itself!]
* If you have found an unwanted program, simply untick it to un-activate it
* After confirming that changes are made, simply restart your computer
[Now the chosen program(s) won't start up on the Windows startup, congratulations! ]
3) Useful extras;
- Scan your computer with multiple virus-scanning programs, such as;
* Malwarebytes
* Spybot ~ Search & Destroy
* Avast! or any other anti-virus (If your computer doesn't have an anti-virus installed, you're screwed.)
* Any other program with the possibility of scanning
- Disabling your internet-connection would be wise, when dealing with these kinds of viruses
(REMEMBER, THAT THERE IS MORE ADVANCED, MALICIOUS PROGRAMS, THAT MIGHT NOT BE DETECTABLE AS EASILY, AND MAY EVEN BE HIDDEN FROM THE PROCESS-LIST!)
EDIT: "Also, you can check your regedit.exe > hkey_local_machine_software_microsoft_windows_currentversion_run and
hkey_current_user_software_microsoft_windows_currentversion_run for programs that run on startup.
Useful tutorial though.
FUD (fully undetectable) rats and crypted rats can be harder or impossible to detect and can be removed only by restoring your factory settings."
A quote of angerlord03's reply
-DH
