|
Possibly infected by a RAT (Remote Access Tool)? - Read!
|
|
05-05-2013 06:49 PM Possibly infected by a RAT (Remote Access Tool)? - Read!
Post: #1
I decided to post you guys a 'lil guide about Remote Access Tools.
 The guide also tells you a manualistic way to check whether your computer is infected by a RAT, or not; "What is a Remote Access Tool (RAT)?" Remote Access Tool, makes its host able to control its victim's computer, remotely. "What can this "hacker" do with the RAT? He can; - Listen to your voice through your computer's microphone - Control your files - See you through your web-cam - Much more! "How can I detect whether my computer is infected by a RAT or not?" 1) Checking through processes; * Press Ctrl + Alt + Del -> * Open the task manager * Open the processes tab * Check through the processes, and see if there's any suspicious processes running (from an unknown manufacturer - Be aware that most of the processes are important, and that you may have two processes with the same name running, such as Winlogon. [<- In that case you are infected by a RAT.] {Known possible dangerous processes; SVCHost, Windows, Winlogon.} [This shows you if a RAT is currently running on your system!] * After researching, and confirming that the process is dangerous, end it [In 2-processes-running -case, it's pretty much 50-50 which one you end.], by right clicking the process -> End process The process is now ended! 2) Checking startup programs; * Open your Windows menu * Run "msconfig" with the search bar * Open the Startup tab on the msconfig window * Search for any suspicious/unwanted programs (There is also a tick-box to disable any Microsoft services of showing up on your search!) [All of these programs are executed upon your Windows starts itself!] * If you have found an unwanted program, simply untick it to un-activate it * After confirming that changes are made, simply restart your computer [Now the chosen program(s) won't start up on the Windows startup, congratulations! ] 3) Useful extras; - Scan your computer with multiple virus-scanning programs, such as; * Malwarebytes * Spybot ~ Search & Destroy * Avast! or any other anti-virus (If your computer doesn't have an anti-virus installed, you're screwed.) * Any other program with the possibility of scanning - Disabling your internet-connection would be wise, when dealing with these kinds of viruses (REMEMBER, THAT THERE IS MORE ADVANCED, MALICIOUS PROGRAMS, THAT MIGHT NOT BE DETECTABLE AS EASILY, AND MAY EVEN BE HIDDEN FROM THE PROCESS-LIST!) EDIT: "Also, you can check your regedit.exe > hkey_local_machine_software_microsoft_windows_currentversion_run and hkey_current_user_software_microsoft_windows_currentversion_run for programs that run on startup. Useful tutorial though. FUD (fully undetectable) rats and crypted rats can be harder or impossible to detect and can be removed only by restoring your factory settings." A quote of angerlord03's reply -DH |
| top |
|
|
05-05-2013 07:03 PM RE: Possibly infected by a RAT (Remote Access Tool)? - Read!
Post: #2
Also, you can check your regedit.exe > hkey_local_machine_software_microsoft_windows_currentversion_run and
hkey_current_user_software_microsoft_windows_currentversion_run for programs that run on startup. Useful tutorial though. FUD (fully undetectable) rats and crypted rats can be harder or impossible to detect and can be removed only by restoring your factory settings. |
| top |
|
|
05-05-2013 07:11 PM RE: Possibly infected by a RAT (Remote Access Tool)? - Read!
Post: #3
(05-05-2013 07:03 PM)angerlord03 Wrote: Also, you can check your regedit.exe > hkey_local_machine_software_microsoft_windows_currentversion_run and True, and true. Adding a quote to the guide, if you don't mind, thanks.  |
| top |
|
05-05-2013 07:31 PM RE: Possibly infected by a RAT (Remote Access Tool)? - Read!
Post: #4
just download ccleaner, and check the startups, disable it then download malwarebytes
Note: I used to own a BOT-net |
| top |
![[Image: Resubmit.png]](https://dl.dropboxusercontent.com/u/52893966/Resubmit.png)
|
05-06-2013 01:34 AM RE: Possibly infected by a RAT (Remote Access Tool)? - Read!
Post: #5
I would be rather flattered if someone wanted to watch me on my webcam and hear my voice all the time. Overall nice guide. Normally I would just do the CCleaner thing but if I get in a sticky situation then I will open this up.
|
| top |
![[Image: signatureylk.png]](http://img88.imageshack.us/img88/7715/signatureylk.png)
|
|
05-06-2013 02:01 AM RE: Possibly infected by a RAT (Remote Access Tool)? - Read!
Post: #6
Awesome guide, really helps against this "RAT"
good job ![[Image: e0ce77ca729840089f565987b2c6ac19.gif]](http://img-s3-01.mytextgraphics.com/matrixtext/2013/07/22/e0ce77ca729840089f565987b2c6ac19.gif) ![[Image: w8qhpz.gif]](http://i39.tinypic.com/w8qhpz.gif)
|
| top |
|
05-06-2013 02:54 AM RE: Possibly infected by a RAT (Remote Access Tool)? - Read!
Post: #7
nice guide man... Rats can be nasty business.
![[Image: 2m5ikp1.jpg]](http://i42.tinypic.com/2m5ikp1.jpg) ![[Image: backgroundwork.png]](http://imageshack.us/a/img849/1701/backgroundwork.png)
|
| top |
|
05-06-2013 04:39 AM RE: Possibly infected by a RAT (Remote Access Tool)? - Read!
Post: #8
Em.... i found a winlogon. and i click end process but i get this message
"The operation could not be completed. Access is denied." HELP! ![[Image: rhulQRr.jpg]](http://i.imgur.com/rhulQRr.jpg) Put this kid on skates. While in sandals... |
| top |
|
05-06-2013 05:07 AM RE: Possibly infected by a RAT (Remote Access Tool)? - Read!
Post: #9
|
| top |
|
|
05-06-2013 05:14 AM RE: Possibly infected by a RAT (Remote Access Tool)? - Read!
Post: #10
but mate there is 2
 Put this kid on skates. While in sandals... |
| top |
|
« Next Oldest | Next Newest »
|
User(s) browsing this thread: 2 Guest(s)