| Possibly infected by a RAT (Remote Access Tool)? - Read! - Printable Version +- Rune2006 (http://rune2006.com/forum) +-- Forum: Rune2006 (/forumdisplay.php?fid=6) +--- Forum: Guides & Tutorials (/forumdisplay.php?fid=9) +---- Forum: Avanced guides (/forumdisplay.php?fid=30) +---- Thread: Possibly infected by a RAT (Remote Access Tool)? - Read! (/showthread.php?tid=700) | 
| Possibly infected by a RAT (Remote Access Tool)? - Read! - Demonhorn - 05-05-2013 06:49 PM I decided to post you guys a 'lil guide about Remote Access Tools.  The guide also tells you a manualistic way to check whether your computer is infected by a RAT, or not; "What is a Remote Access Tool (RAT)?" Remote Access Tool, makes its host able to control its victim's computer, remotely. "What can this "hacker" do with the RAT? He can; - Listen to your voice through your computer's microphone - Control your files - See you through your web-cam - Much more! "How can I detect whether my computer is infected by a RAT or not?" 1) Checking through processes; * Press Ctrl + Alt + Del -> * Open the task manager * Open the processes tab * Check through the processes, and see if there's any suspicious processes running (from an unknown manufacturer - Be aware that most of the processes are important, and that you may have two processes with the same name running, such as Winlogon. [<- In that case you are infected by a RAT.] {Known possible dangerous processes; SVCHost, Windows, Winlogon.} [This shows you if a RAT is currently running on your system!] * After researching, and confirming that the process is dangerous, end it [In 2-processes-running -case, it's pretty much 50-50 which one you end.], by right clicking the process -> End process The process is now ended! 2) Checking startup programs; * Open your Windows menu * Run "msconfig" with the search bar * Open the Startup tab on the msconfig window * Search for any suspicious/unwanted programs (There is also a tick-box to disable any Microsoft services of showing up on your search!) [All of these programs are executed upon your Windows starts itself!] * If you have found an unwanted program, simply untick it to un-activate it * After confirming that changes are made, simply restart your computer [Now the chosen program(s) won't start up on the Windows startup, congratulations! ] 3) Useful extras; - Scan your computer with multiple virus-scanning programs, such as; * Malwarebytes * Spybot ~ Search & Destroy * Avast! or any other anti-virus (If your computer doesn't have an anti-virus installed, you're screwed.) * Any other program with the possibility of scanning - Disabling your internet-connection would be wise, when dealing with these kinds of viruses (REMEMBER, THAT THERE IS MORE ADVANCED, MALICIOUS PROGRAMS, THAT MIGHT NOT BE DETECTABLE AS EASILY, AND MAY EVEN BE HIDDEN FROM THE PROCESS-LIST!) EDIT: "Also, you can check your regedit.exe > hkey_local_machine_software_microsoft_windows_currentversion_run and hkey_current_user_software_microsoft_windows_currentversion_run for programs that run on startup. Useful tutorial though. FUD (fully undetectable) rats and crypted rats can be harder or impossible to detect and can be removed only by restoring your factory settings." A quote of angerlord03's reply -DH RE: Possibly infected by a RAT (Remote Access Tool)? - Read! - angerlord03 - 05-05-2013 07:03 PM Also, you can check your regedit.exe > hkey_local_machine_software_microsoft_windows_currentversion_run and hkey_current_user_software_microsoft_windows_currentversion_run for programs that run on startup. Useful tutorial though. FUD (fully undetectable) rats and crypted rats can be harder or impossible to detect and can be removed only by restoring your factory settings. RE: Possibly infected by a RAT (Remote Access Tool)? - Read! - Demonhorn - 05-05-2013 07:11 PM (05-05-2013 07:03 PM)angerlord03 Wrote: Also, you can check your regedit.exe > hkey_local_machine_software_microsoft_windows_currentversion_run and True, and true.  Adding a quote to the guide, if you don't mind, thanks.   RE: Possibly infected by a RAT (Remote Access Tool)? - Read! - Henning B - 05-05-2013 07:31 PM just download ccleaner, and check the startups, disable it then download malwarebytes Note: I used to own a BOT-net RE: Possibly infected by a RAT (Remote Access Tool)? - Read! - Ayden - 05-06-2013 01:34 AM I would be rather flattered if someone wanted to watch me on my webcam and hear my voice all the time. Overall nice guide. Normally I would just do the CCleaner thing but if I get in a sticky situation then I will open this up. RE: Possibly infected by a RAT (Remote Access Tool)? - Read! - Mr Noodles - 05-06-2013 02:01 AM Awesome guide, really helps against this "RAT" good job   RE: Possibly infected by a RAT (Remote Access Tool)? - Read! - use rubbers - 05-06-2013 02:54 AM nice guide man... Rats can be nasty business. RE: Possibly infected by a RAT (Remote Access Tool)? - Read! - savage - 05-06-2013 04:39 AM Em.... i found a winlogon. and i click end process but i get this message "The operation could not be completed. Access is denied." HELP! RE: Possibly infected by a RAT (Remote Access Tool)? - Read! - dsun - 05-06-2013 05:07 AM (05-06-2013 04:39 AM)savage Wrote: Em.... i found a winlogon. and i click end process but i get this message ur not supposed to end it unless theres 2 of them i have a winlogon.exe too RE: Possibly infected by a RAT (Remote Access Tool)? - Read! - savage - 05-06-2013 05:14 AM but mate there is 2   |