Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Think I have a RAT on my comp
#1
Well, I accidently clicked on this website link that had like vpms.HTML instead of .com. I don know if it is possible to get a virus just by clicking a link. But I then checked my command prompt and I used the APPDATA thingy and it was running "cglogs.dat" and the website days that anything with .dat is an infection. Can someone please help me remove it or even tell me if it's a keylogger?
HJT Team. Deltron <3 RDCA <3 Quintus <3
#2
Well you should just wait till a expert posts on this thread,and do what he says.Personnaly I dont think it's something infected but I could be wrong.

Good luck.
#3
I also see svchost.exe ? I opened up task manage and I see it.
[Image: dsfsd.jpg]

Uploaded with ImageShack.us
HJT Team. Deltron <3 RDCA <3 Quintus <3
#4
Better to scan your PC with Malware Bytes. I think that will help you..
[Image: 9fca555503.png]
I got some swag, do you have it too?
#5
Wait for an official HJT member to help you. However, I don't think you are infected, from my own personal experience.
#6
(04-01-2011, 06:25 AM)r0yaL Wrote: Wait for an official HJT member to help you. However, I don't think you are infected, from my own personal experience.

yes, but scanning with Malware Bytes will be helpful also. I'm always doing that when im infected. Oui
[Image: 9fca555503.png]
I got some swag, do you have it too?
#7
Please read and follow this.
#8
Can you please delete this thread so I can post a new thread with my files/logs?

1.My issues are:
Well, I accidently clicked on this website link that had like vpms.HTML instead of .com. I don't know if it is possible to get a virus just by clicking a link. But I then checked my command prompt and I used the APPDATA thingy and it was running "cglogs.dat" and the website says that anything with .dat is an infection.

I also opened my task manager to see a lot of svchost.exe running. I know they are split up, but I think there might be a virus/malware spreaded among them.

Can someone please help me remove it or even tell me if it's a keylogger?

2.My MBAM log:
Quick Scan: http://pastebin.com/BUctiiay
Full Scan: http://pastebin.com/uYUxttS0

3.My HJT log:
http://pastebin.com/zQF21qkn

4.My DDS log:
DDS: http://pastebin.com/TrysJbZD
Attach: http://pastebin.com/W42uU0WP

Issues encountered:
Nothing so far. No passwords changed, no suspicious activity.
HJT Team. Deltron <3 RDCA <3 Quintus <3
#9
Are you using hacking tools? Please answer me through PMs.
  • Step 1

    System Restore maintains a backup of your programs however it may also backup infections therefore constant flushing is required to create a clean Restore Point.

    1. On the Desktop, right-click My Computer > Properties > System Restore tab.
    2. Check Turn off System Restore.
    3. Click Apply > Yes.
    4. Please wait a few moments to let it clear.
    5. After doing so, remove the check from Turn off System Restore.
    6. Click Apply > OK.
    7. System Restore will be working again and will have a new Restore Point.
  • Step 2
    • Please download Malwarebytes' Anti-Malware 'here'.
    • Double-click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to 'Malwarebytes' Anti-Malware' and 'Launch Malwarebytes' Anti-Malware', then click 'Finish'.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select 'Perform Full Scan', then click 'Scan'. The scan may take some time to finish, so please be patient.
    • When the scan is complete, click 'OK', then 'Show Results' to view the results.
    • Make sure that everything is checked, and click 'Remove Selected'.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to restart. Restart if it tells you to.
    • The log is automatically saved by Malwarebytes' Anti-Malware and can be viewed by clicking the 'Logs' tab in the interface.
    • Copy and paste the entire report in your next reply.
  • Step 3

    Please run a free online scan with ESET Online Scanner by downloading ESET Smart Installer 'here'. Save it to your Desktop.
    • Double-click esetsmartinstaller_enu.exe to execute the program.
    • Tick 'YES, I accept the Terms of Use'.
    • Click 'Start'.
    • If this is your first time installing the scanner, allow the 'ActiveX Control' to install.
    • Database download may take some time.
    • When done, make sure that the option 'Remove found threats' is ticked. Under the and 'Advanced Settings', please put a check on the following options:
      • Scan for potentially unwanted applications
      • Enable Anti-Stealth Technology
    • Click 'Start'.
    • Wait for the scan to finish.
    • Once it is finished, use Notepad to open the logfile located at C:\Program Files\ESET\ESET Online Scanner\log.txt.
    • Copy and paste that log as a reply to this topic.
  • Step 4

    Please run HijackThis as Administrator. Click 'Do a system scan only' and place a check next to the following line(s) if present:

    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"


    Then, close all other open windows and click 'Fix Checked'. You are to reboot your system afterwards.
  • In your next post, please provide the following:
    • A Fresh HijackThis (HJT) Log
    • Deckard's System Scanner (DDS) Logs
      • DDS.txt
      • Attach.txt
    • ESET Scan Log
    • Malwarebytes' Anti-Malware Scan Log
  • Format of Response

    Code:
    [color=#00BFFF][b]Step #[/b][/color]
    [color=#FFD700][b]Problems Encountered:[/b][/color]

    [color=#00BFFF][b]Step #[/b][/color]
    [color=#FFD700][b]Problems Encountered:[/b][/color]

    [color=#00BFFF][b]Step #[/b][/color]
    [color=#FFD700][b]Problems Encountered:[/b][/color]

    [color=#00BFFF][b]Link To Requested Logs:[/b][/color]
  • Comments:
    • You may choose to do a full scan with your ESET Anti-Virus instead.
#10
I need 10 posts to PM you but I currently have 4 (including this). Is there anyway I can contact you via MSN or AIM? For now, I type in my passwords and username using the on-screen keyboard since I don't think keyloggers record the mouse clicks.

And question. If I system restore, wouldn't that bring back all the malware that I already cleaned off earlier?

And, I already did a MBAM scan and gave you the log in my last post, so do a scan again?
HJT Team. Deltron <3 RDCA <3 Quintus <3


Possibly Related Threads…
Thread Author Replies Views Last Post
  Suspected RAT. TheGeniusism 6 2,152 08-05-2011, 04:39 AM
Last Post: Vexna
  im being told im rat'd? ๖ۣۜDunsparth 20 9,731 07-17-2011, 07:02 PM
Last Post: Pedo bear

Forum Jump:


Users browsing this thread: 3 Guest(s)