7 Replies Latest reply on May 8, 2017 7:33 PM by Hayton

    How to remove a RAT

    ongpm

      Hi,

       

      I suspect that a RAT has been installed on my laptop however after running mcafee scan and windows defender scans im not able to find anything. I have also check my windows processes and have found nothing suspicious. Can anyone tell me if there is a way to absolutely confirm that i have removed it without me having to format my laptop ?

       

      Thanks !

        • 1. Re: How to remove a RAT
          Peacekeeper

          https://blog.malwarebytes.com/threats/remote-access-trojan-rat/

           

          Mcafee can detect certain versions I feel but try the programs mentioned in the link.

          • 2. Re: How to remove a RAT
            Peacekeeper

            I have asked a lab tech for comment

            • 3. Re: How to remove a RAT
              varonica

              To remove RTA from your computer, perform the following steps:

              1. Remove RTA manually from your Windows installed programs

              2. Reset your browser infected with RTA

              3. Scan and remove infection remnants using an adware removal program

              4. Clean your Windows Registry

              • 4. Re: How to remove a RAT
                catdaddy

                successfully moved from Virus and Spyware Protection to Home User Assistance > Discussions

                • 5. Re: How to remove a RAT
                  selvan

                  Varonica Basu wrote:

                   

                  To remove RTA from your computer, perform the following steps:

                  1. Remove RTA manually from your Windows installed programs

                  2. Reset your browser infected with RTA

                  3. Scan and remove infection remnants using an adware removal program

                  4. Clean your Windows Registry

                  Hi Varonica,

                   

                  While we appreciate you volunteering to help fellow posters, it seems like your reply is generic and missing subject. Please provide as much information as possible so that it is easy to follow.

                  • 6. Re: How to remove a RAT
                    Hayton

                    If you suspect that you had a RAT on your system then

                    1) What made you think so?  What were the symptoms?

                    2) If McAfee and Windows Defender found nothing then what did you do that makes you think it, whatever it was, has been removed?

                     

                     

                    Microsoft have an article about removing Remote Access Trojans but it's an old one (2002)

                    Danger: Remote Access Trojans

                     

                    There are other articles and removal guides but they're all rather vague and not very helpful. A lot depends on where the RAT may have come from (Steam or other gaming-related sites; Hackforums or one of the other wannabe-blackhat watering holes) - there are many RATs, some newish but many of the older ones are still around (and should be detectable). Since the demise of the late and unlamented Blackshades the very worst and most dangerous RATs are being produced for state-level actors. If you encounter one of those then you're in trouble, for a host of reasons.

                     

                    A Trojan is just a program you wouldn't really allow to run if you knew what it was, so it tricks you into letting it through your defences. What matters is what it does after that. Some Trojans load up malware to monitor or control your system and then try to hide their traces. If you're worried you had one of those then all you can do is to run multiple scans from different vendors and see if any of them find something.

                     

                    As you're using McAfee you might want to start with GetSusp, which will look for unidentified files and flag them for investigation. If you want to dig deeper you're looking at searching for rootkits, examining the MBR, checking network traffic for abnormal patterns and unknown destinations ... how paranoid do you want to become?

                     

                    Start with GetSusp and take it from there. See McAfee GetSusp 3.0