Thread Rating:
  • 2 Vote(s) - 1.5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
[TUT]Remove Rat Servers/Trojans/Connections
#1
Definition of a rat:
Remote admin tool usually just to fudge with people or to steal Personall info like key logs and other info.
They are very noobish actually because anyone can remove them without anti virus software.
Also this may not even be a rat you could be part of a Hostboter army. THis means your connection will get laggy every time that 9 year old wants to haxxor that kid of xbox.
Now how to remove them
------------------------------------------------------------------------
Open Cmd By going to STart > RUn type Cmd
(or just search for cmd in Search bar)
Run as admin
[Image: 3f3cc3b582e71cac699b979eaadc5d84.png]
Then Type this in[Image: 64f31352b58340c0c1b8a28c60988837.png]
{Netstat -b -n -o}
Then look for all COnnection and weird program names
Like Windows Defender having a connection = no no
Taskmgr connection = no no
Cmd connection = no no
Well
just about anything but skype ICq aim etc
is probably a rat server
Now to remove them
go to run this time and type Msconfig
[Image: a0c8e4f698d1d3b1ed9e143ce61504db.png]
Go to startup
[Image: 9c4f30e147be79ece79e11ba035a758d.png]
Scroll down till you see the weird crap
then Uncheck and hit apply
Then exit restart and no more rat servers unlesss they have persistance
Then you Task kill them before hand Smile[Image: 8f421b455b1eec6f52a545c4c92aafb4.png]





Reply
#2
There are a few flaws in this tutorial. With only the name you cannot judge if something is a RAT. A RAT can be called Iexplorer.exe. Also if you delete it from startup the actual file is still there so you are still infected. The tutorial itself is well written only the method contains a few flaws. Thanks for the effort!
Reply
#3
No offense OP but this is a terrible way to remove any kind of RAT. All your doing here is removing a start up item and disabling your internet connection. I highly advise nobody follow this tutorial for the safety of your computer. Sorry OP.

You must use an Anti-Virus of some sort, or COMODO Firewall to track down properly the connection being made outbound or inbound. Use MalwareBytes to remove the RAT completely.
[Image: t5BWm.png]
Reply
#4
Since DarkComet provides MSConfig disable and other annoying features. If you are infected you would be unable to preform these tasks. The best way to remove a infection is prevention; for example moving to a new OS like Ubuntu. Or not visiting untrusted site and running downloads from strangers. If you do find yourself infected, disconnect from the internet boot into safe mode and run some scans. Then on a clean PC report to the HJT + Change your passwords. With a virtual keyboard if possible. Also remember to set recovery questions.
Reply
#5
(05-08-2011, 02:51 PM)Carbon Nox Wrote: Since DarkComet provides MSConfig disable and other annoying features. If you are infected you would be unable to preform these tasks. The best way to remove a infection is prevention; for example moving to a new OS like Ubuntu. Or not visiting untrusted site and running downloads from strangers. If you do find yourself infected, disconnect from the internet boot into safe mode and run some scans. Then on a clean PC report to the HJT + Change your passwords. With a virtual keyboard if possible. Also remember to set recovery questions.

Well really thats why we have got safe mode, and yes, RATs can get detected by AVs and Anti-Spyware progs as well. This is one of these worst tutorials on how to fully remove a RAT Roflmao

[Image: t5BWm.png]
Reply
#6
(05-08-2011, 03:01 PM)The High Roller Wrote: Well really thats why we have got safe mode, and yes, RATs can get detected by AVs and Anti-Spyware progs as well. This is one of these worst tutorials on how to fully remove a RAT Roflmao

Hmm, thats one of my points.

You shouldn't need safe mode. Just like you shouldn't need all the things you do, but we have them for security. Why do we need to security? To protect ourselves. From what though? Who else? Us.

Just like with anything else we will destroy ourselves however humans don't have safe-boot.

Anyway most AVs are corporate bullshit. Norton for example makes your PC worse...
Reply
#7
yea you cant always detect a RAT, you can just change the description, name, licence etc. But on the whole its a decent tut, thanks
Reply
#8
Nice tutorial, this will come in handy.
Reply
#9
Good job dude. Don't listen to these ones.
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  [TUT]Removing Vista Security 2011[/TUT] Brandenx781 8 7,545 03-10-2012, 02:59 PM
Last Post: Alreiger
  how to remove diz ? please help prince76 19 5,935 01-18-2012, 06:49 AM
Last Post: AceInfinity
  [TuT] How to do a quick secondary scan for Spyware [TuT] Cyber-Security 1 1,174 07-20-2011, 07:45 AM
Last Post: Drakon
  List of Ports commonly used by Trojans Mem 6 1,484 04-12-2010, 10:46 AM
Last Post: Heli0s
  Do you have Conficker + How to remove it Kharnage 10 2,877 11-05-2009, 02:45 AM
Last Post: Extasey

Forum Jump:


Users browsing this thread: 1 Guest(s)