1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

RAT Infestation

Discussion in 'BlackHat Lounge' started by Wise Crow, Dec 18, 2013.

  1. Wise Crow

    Wise Crow Newbie

    Joined:
    Dec 3, 2013
    Messages:
    0
    Likes Received:
    1
    Hi folks, I was just wondering if anyone had any tried and tested methods of checking your computers for RATs? My machine's been doing some weird stuff recently and I can't help but be a bit paranoid.

    Ta very much!
     
  2. Conor

    Conor Jr. VIP Jr. VIP

    Joined:
    Nov 7, 2012
    Messages:
    3,356
    Likes Received:
    5,418
    Gender:
    Male
    Location:
    South Africa
    Home Page:
  3. KELLOGGS

    KELLOGGS Supreme Member

    Joined:
    Aug 3, 2012
    Messages:
    1,413
    Likes Received:
    1,393
    Location:
    London (more or less)
    From now on, open anything remotely suspicious in a Virtual Machine and/or Sanboxie. I'll PM you my Skype ID and see if I can do anything to help you.
     
    • Thanks Thanks x 1
    Last edited: Dec 18, 2013
  4. kazhkaz

    kazhkaz Jr. VIP Jr. VIP Premium Member

    Joined:
    Aug 19, 2010
    Messages:
    1,238
    Likes Received:
    369
    Format C :)
    Fresh installation of OS
     
    • Thanks Thanks x 1
  5. Wise Crow

    Wise Crow Newbie

    Joined:
    Dec 3, 2013
    Messages:
    0
    Likes Received:
    1
    The mouse ate the cheese (he he)

    Cheers KELLOGGS, I'll look out for that. ;)

    kazhkaz, thanks, I was hoping I run something diagnostic before going down that road!
     
    • Thanks Thanks x 1
  6. bartosimpsonio

    bartosimpsonio Jr. VIP Jr. VIP Premium Member

    Joined:
    Mar 21, 2013
    Messages:
    8,835
    Likes Received:
    7,450
    Occupation:
    ZLinky2Buy SEO Services
    Location:
    ⇩⇩⇩⇩⇩⇩⇩⇩⇩⇩⇩⇩
    Home Page:
    Download the free MS antispyware...
     
  7. KELLOGGS

    KELLOGGS Supreme Member

    Joined:
    Aug 3, 2012
    Messages:
    1,413
    Likes Received:
    1,393
    Location:
    London (more or less)
    I'm pretty sure you can receive PMs, it's just that you can't send them.

    If you don't get my PM then I'll post my ID here but I'd rather not get bombed with people trying to sell me "uneek ritin 4 ur websit".
     
    • Thanks Thanks x 1
  8. akacash

    akacash Jr. VIP Jr. VIP

    Joined:
    Jan 16, 2010
    Messages:
    805
    Likes Received:
    575
    Location:
    The Beach, USA
    Dood, mi riteing skillz are amazing tho nd i do u job 4 cheap monies. lol
     
    • Thanks Thanks x 2
  9. bertbaby

    bertbaby Elite Member

    Joined:
    Apr 15, 2009
    Messages:
    2,019
    Likes Received:
    1,496
    Occupation:
    Product marketing
    Location:
    USA
    Home Page:
    Run Malwarebytes to check for an infestation! If you have to visit some rough neighborhoods on the web use a Linux box such as Ubuntu for that task.
     
  10. Theodore

    Theodore Power Member

    Joined:
    Oct 13, 2009
    Messages:
    679
    Likes Received:
    266
    Windows Defender? No offence but I dont think its that great when it comes to scanning and checking your pc for virus'/malware, It doesnt do a bad job as a real time scanner though.

    I would personally recommend Malware bytes and spybot search and destroy for checking if you have anything, with malware bytes get the 30day free premium trial.
     
  11. Numbuh362

    Numbuh362 Elite Member

    Joined:
    Aug 22, 2012
    Messages:
    1,569
    Likes Received:
    462
    Get webroot, you can find keys on ebay for under $5 for a one year subscription. Do a full hd scan.
     
  12. Wise Crow

    Wise Crow Newbie

    Joined:
    Dec 3, 2013
    Messages:
    0
    Likes Received:
    1
    Got it Kelloggs, cheers man. (or woman)

    Great suggestions these guys, thank you for your help. :)
     
  13. virtualpurity

    virtualpurity Jr. VIP Jr. VIP

    Joined:
    Nov 12, 2012
    Messages:
    457
    Likes Received:
    251
    Occupation:
    SEO, Hosting
    Location:
    /root
    Home Page:
    I agree, MalwereBytes is the best solution when it comes to RAT`s/Trojans but sometimes the files are encrypted with a very good crypter and they can stay FUD for a long time until MB or any other AV detects it.

    I suggest going through your Task Manager and search for any suspicious processes. Than find the Folder those processes are in and try to remove them. They maybe have a Ring3 Rootkits and Persistence so if you encounter those and cant remove them ( process still comes back ) than submit the file to the AV Company you are currently using and they`ll include it in the next update.

    Hope it helps. Cheers
     
    • Thanks Thanks x 2
  14. valsay

    valsay Newbie

    Joined:
    Jan 5, 2013
    Messages:
    0
    Likes Received:
    0
    Personally I wouldn't run any AV within the current OS as any good RAT / Trojan is going to have some level of protection against detection AV software is more designed to stop an infection occurring rather than cure them.

    It can also take a couple of weeks for new/released RAT's to get picked up and definitions created for them so it might be worth taking the machine offline for a while before scanning.

    As far as scanning goes I would do one of two things (personally I would do both number 1 first then number 2 so you can use a wider range of software which increases the chances of finding the rouge software);

    1. Use a Hiren's Boot Disk or similar this allows you to scan the HDD without the infection loading with the OS and trying to bypass scans
    Malware Bytes
    SpyBot
    ClamAV (Doesn't remove problems but will let you know what files are infected)

    2. Remove the HDD from the machine and connect it using a USB caddy to a clean machine **DO NOT OPEN ANY FILES** once connected you can use a range of installed programs to scan the HDD (take your pick of AV and AntiMalware software)

     
    Last edited: Dec 18, 2013
  15. Wise Crow

    Wise Crow Newbie

    Joined:
    Dec 3, 2013
    Messages:
    0
    Likes Received:
    1
    Wow, loads of things to try there. i'd be keen to find out if there is anything and if so what it is before removing it, call me curious!