Post: How to prevent getting RATted/How to Remove one
Options
08-10-2014, 06:54 PM
#1
Dacoco
I void warranties.
What is a RAT?
Well RAT has many names, the most common being Remote Administrative Tool/Trojan. A RAT basically allows some ****** that is using DarkComet to control your PC without you even knowing. Some features of rats include them being able to turn your webcam on, see all your saved passwords, controlling your mouse and keyboard, opening random pages, they even have the ability to delete your system32 Files, the list goes on. I know it sounds scary, thats why i want people to try to be safe, I ratted a while back and now that im looking at it, it was a dick move.
How to Prevent getting RATted
Okay there are many things you can do to NOT get ratted, simply just dont download anything at all, dont click random links, there done you wont get ratted if you do that. But this is a modding community, we have to download stuff, so lets check a program to see if its a rat or not. For this part you will need Sandboxie (You must login or register to view this content.). I know, ironic how i told you just to not download things, but this helps, trust me. Once you install Sandboxie, you now have the option to open anything sandboxed, which basically means that when that program is open, it can only stay in the sandbox, it cant spread to your computer. If it is a rat though, it will still run, so they will have access to things that dont involve files, like being able to turn your webcam on, I usually put a piece of paper taped to the webcam so that way even if they turn it on, they cant see me.
Run the rat in a Virtual Machine, i dont have much knowledge on this topic, but from hearing people talk about it, I believe that all you need is to download a Virtual Machine (You must login or register to view this content.), and install an OS on it, then you can run all your programs on this machine, so that way even if one slips through, its still on a machine that only has an OS on it.
How to Remove Rats
Okay, i know that RATs can be harsh, they can disable task manager making it a pain to remove, but there is one thing that no rat can stay on your PC from, a system Restore, no rat can make it through this, unless you restore to a point when the rat was already on your PC, so if you dont have that much important data on your PC, go ahead and do a system restore so that all data is wiped, along with the RAT.
Okay i recently came across a program that is in my opinion way better than task manager, its called Process Hacker(You must login or register to view this content.). This allows you to see what your programs are doing where they came from etc. One reason i really like this program, is because when you cant end a task in task manager, it just says something along the lines of Process cannot be stopped. But if you try to end it in Process Hacker, it tells you the actual reason why it cant be stopped.
Two more things and then we are done, Okay, RATs need an internet connection, so if you arent connected to the internet, they cant do anything about it. Try to avoid connecting to the internet as much as possible. Now that we are not connected to the internet, hit the windows key and R at the same time or just open up run, and type 'regedit' no quotes, say yes to the admin stuff, then navigate to HKEY_Current_User>Software>Microsoft>Windows>Current Version>Run. This will show you the processes, and their file location, if there is something suspicious, check it out my googling the processes name, and going to that file location. When you go there, and there isnt a folder but iRegEdit says there is, you have to turn on Hidden Folders(You must login or register to view this content.).
Last thing
. Okay now open up Run again, and type 'msconfig' no quotes, then click the startup and open task manager through that, this will tell you all the apps that run on startup. If you dont know what it is, i suggest googling it, then if there isnt much on the topic, disable it. Now go to the services tab, and make sure Hide all Microsoft services is checked, then it will tell you all the services running that arent microsoft, again if you dont know what it is, i suggest googling it, then if there isnt much on the topic, disable it.
Thanks for reading my tutorial Check these often, for the love of god, please.
Useful Programs
IOBit Unlocker(Can Unlock files/folders making them easy to delete) - You must login or register to view this content.
How to Prevent getting RATted
Okay there are many things you can do to NOT get ratted, simply just dont download anything at all, dont click random links, there done you wont get ratted if you do that. But this is a modding community, we have to download stuff, so lets check a program to see if its a rat or not. For this part you will need Sandboxie (You must login or register to view this content.). I know, ironic how i told you just to not download things, but this helps, trust me. Once you install Sandboxie, you now have the option to open anything sandboxed, which basically means that when that program is open, it can only stay in the sandbox, it cant spread to your computer. If it is a rat though, it will still run, so they will have access to things that dont involve files, like being able to turn your webcam on, I usually put a piece of paper taped to the webcam so that way even if they turn it on, they cant see me.
Run the rat in a Virtual Machine, i dont have much knowledge on this topic, but from hearing people talk about it, I believe that all you need is to download a Virtual Machine (You must login or register to view this content.), and install an OS on it, then you can run all your programs on this machine, so that way even if one slips through, its still on a machine that only has an OS on it.
How to Remove Rats
Okay, i know that RATs can be harsh, they can disable task manager making it a pain to remove, but there is one thing that no rat can stay on your PC from, a system Restore, no rat can make it through this, unless you restore to a point when the rat was already on your PC, so if you dont have that much important data on your PC, go ahead and do a system restore so that all data is wiped, along with the RAT.
Okay i recently came across a program that is in my opinion way better than task manager, its called Process Hacker(You must login or register to view this content.). This allows you to see what your programs are doing where they came from etc. One reason i really like this program, is because when you cant end a task in task manager, it just says something along the lines of Process cannot be stopped. But if you try to end it in Process Hacker, it tells you the actual reason why it cant be stopped.
Two more things and then we are done, Okay, RATs need an internet connection, so if you arent connected to the internet, they cant do anything about it. Try to avoid connecting to the internet as much as possible. Now that we are not connected to the internet, hit the windows key and R at the same time or just open up run, and type 'regedit' no quotes, say yes to the admin stuff, then navigate to HKEY_Current_User>Software>Microsoft>Windows>Current Version>Run. This will show you the processes, and their file location, if there is something suspicious, check it out my googling the processes name, and going to that file location. When you go there, and there isnt a folder but iRegEdit says there is, you have to turn on Hidden Folders(You must login or register to view this content.).
Last thing
. Okay now open up Run again, and type 'msconfig' no quotes, then click the startup and open task manager through that, this will tell you all the apps that run on startup. If you dont know what it is, i suggest googling it, then if there isnt much on the topic, disable it. Now go to the services tab, and make sure Hide all Microsoft services is checked, then it will tell you all the services running that arent microsoft, again if you dont know what it is, i suggest googling it, then if there isnt much on the topic, disable it.Thanks for reading my tutorial
Check these often, for the love of god, please.Useful Programs
IOBit Unlocker(Can Unlock files/folders making them easy to delete) - You must login or register to view this content.
The following 21 users say thank you to Dacoco for this useful post:
08-28-2014, 02:49 PM
#11
RealzHax
Can’t trickshot me!
I dont download shit that i dont know is trusted like a post with bad spelling and shit.
Only trust a popular download/post that has many thanks and people said that its amazing and works. Or i only use the stuff in the sticky.
I have never got a virus and im not planning to get one.
I have been scammed once and after that im not trusting anything until im 100% sure its Safe.
Only trust a popular download/post that has many thanks and people said that its amazing and works. Or i only use the stuff in the sticky.
I have never got a virus and im not planning to get one.
I have been scammed once and after that im not trusting anything until im 100% sure its Safe.
08-29-2014, 01:30 AM
#12
sittinlower
Grunt
08-29-2014, 08:26 AM
#13
joshuam08
Tech Guru
Firstly, I just wanted to start out by saying I have experience with RAT's - I have played around with them as part of my IT security unit at uni. The instructions that you have given will work for some of the less well made RAT's/crypters, however a decent RAT will survive a system restore, along with many other viruses. A system restore can remove some viruses and malicious programs, however as a general rule it won't and shouldn't be relied on.
Secondly, while RAT's require an internet connection for someone to connect to it, even with your internet turned off, the RAT can continue to log your keystrokes and perform many other actions even without access to the web. This means that staying off the internet doesn't protect your passwords or other info because as soon as you connect to the internet for a split second, the logs from the offline period are immediately available to the person controlling the RAT. Also, well made RAT's will not show up in the registry, as well as the folders in which they are located will not display themselves in explorer, even with hidden folders enabled.
Lastly, well made RAT's won't show up in msconfig, just like they won't show up in the registry, and they also don't necessarily run as a service. In my experience (I've been dealing with RAT's for years), MalwareBytes is one of the best programs for removing/disabling the startup of RAT's. MB seems to be able to detect every startup method for RAT's that I've come across, even detecting RAT's which are running under the protection of rootkits which pretty much hides the RAT from the registry, startup, msconfig, task manager, explorer etc. So if you think you're infected, your best bet is to run a scan with a well known scanner such as MalwareBytes. I am yet to come across a RAT encryption method that can avoid MalwareBytes.
Are there any signs that you have been "Ratted"? I'm not talking running process but actually seeing something happening.
Generally, no. Unless the person controlling the RAT wants to be blatantly obvious and do something like move your mouse, turn on your webcam or repeatedly open your CD drive, you generally won't be able to tell. That's why its always a good idea to install something like MalwareBytes which will do a scan each day.
Secondly, while RAT's require an internet connection for someone to connect to it, even with your internet turned off, the RAT can continue to log your keystrokes and perform many other actions even without access to the web. This means that staying off the internet doesn't protect your passwords or other info because as soon as you connect to the internet for a split second, the logs from the offline period are immediately available to the person controlling the RAT. Also, well made RAT's will not show up in the registry, as well as the folders in which they are located will not display themselves in explorer, even with hidden folders enabled.
Lastly, well made RAT's won't show up in msconfig, just like they won't show up in the registry, and they also don't necessarily run as a service. In my experience (I've been dealing with RAT's for years), MalwareBytes is one of the best programs for removing/disabling the startup of RAT's. MB seems to be able to detect every startup method for RAT's that I've come across, even detecting RAT's which are running under the protection of rootkits which pretty much hides the RAT from the registry, startup, msconfig, task manager, explorer etc. So if you think you're infected, your best bet is to run a scan with a well known scanner such as MalwareBytes. I am yet to come across a RAT encryption method that can avoid MalwareBytes.
Originally posted by sittinlower
Are there any signs that you have been "Ratted"? I'm not talking running process but actually seeing something happening.
Generally, no. Unless the person controlling the RAT wants to be blatantly obvious and do something like move your mouse, turn on your webcam or repeatedly open your CD drive, you generally won't be able to tell. That's why its always a good idea to install something like MalwareBytes which will do a scan each day.
Last edited by
joshuam08 ; 08-29-2014 at 08:32 AM.
Reason: Adding info.
The following user thanked joshuam08 for this useful post:
08-29-2014, 02:04 PM
#14
Dacoco
I void warranties.
Originally posted by joshuam08
Firstly, I just wanted to start out by saying I have experience with RAT's - I have played around with them as part of my IT security unit at uni. The instructions that you have given will work for some of the less well made RAT's/crypters, however a decent RAT will survive a system restore, along with many other viruses. A system restore can remove some viruses and malicious programs, however as a general rule it won't and shouldn't be relied on.
Secondly, while RAT's require an internet connection for someone to connect to it, even with your internet turned off, the RAT can continue to log your keystrokes and perform many other actions even without access to the web. This means that staying off the internet doesn't protect your passwords or other info because as soon as you connect to the internet for a split second, the logs from the offline period are immediately available to the person controlling the RAT. Also, well made RAT's will not show up in the registry, as well as the folders in which they are located will not display themselves in explorer, even with hidden folders enabled.
Lastly, well made RAT's won't show up in msconfig, just like they won't show up in the registry, and they also don't necessarily run as a service. In my experience (I've been dealing with RAT's for years), MalwareBytes is one of the best programs for removing/disabling the startup of RAT's. MB seems to be able to detect every startup method for RAT's that I've come across, even detecting RAT's which are running under the protection of rootkits which pretty much hides the RAT from the registry, startup, msconfig, task manager, explorer etc. So if you think you're infected, your best bet is to run a scan with a well known scanner such as MalwareBytes. I am yet to come across a RAT encryption method that can avoid MalwareBytes.
Generally, no. Unless the person controlling the RAT wants to be blatantly obvious and do something like move your mouse, turn on your webcam or repeatedly open your CD drive, you generally won't be able to tell. That's why its always a good idea to install something like MalwareBytes which will do a scan each day.
Secondly, while RAT's require an internet connection for someone to connect to it, even with your internet turned off, the RAT can continue to log your keystrokes and perform many other actions even without access to the web. This means that staying off the internet doesn't protect your passwords or other info because as soon as you connect to the internet for a split second, the logs from the offline period are immediately available to the person controlling the RAT. Also, well made RAT's will not show up in the registry, as well as the folders in which they are located will not display themselves in explorer, even with hidden folders enabled.
Lastly, well made RAT's won't show up in msconfig, just like they won't show up in the registry, and they also don't necessarily run as a service. In my experience (I've been dealing with RAT's for years), MalwareBytes is one of the best programs for removing/disabling the startup of RAT's. MB seems to be able to detect every startup method for RAT's that I've come across, even detecting RAT's which are running under the protection of rootkits which pretty much hides the RAT from the registry, startup, msconfig, task manager, explorer etc. So if you think you're infected, your best bet is to run a scan with a well known scanner such as MalwareBytes. I am yet to come across a RAT encryption method that can avoid MalwareBytes.
Generally, no. Unless the person controlling the RAT wants to be blatantly obvious and do something like move your mouse, turn on your webcam or repeatedly open your CD drive, you generally won't be able to tell. That's why its always a good idea to install something like MalwareBytes which will do a scan each day.
Well im just taking a wild guess, that if someone is going to post a rat on NGU, its going to be some retarded kid that doesnt know what hes doing, not someone that has been ratting for years. But thanks for the info
08-30-2014, 04:04 PM
#15
joshuam08
Tech Guru
Originally posted by Dakota.
Well im just taking a wild guess, that if someone is going to post a rat on NGU, its going to be some retarded kid that doesnt know what hes doing, not someone that has been ratting for years. But thanks for the info
I understand haha - I just thought I'd add that in. Sorry if it seems like I hijacked your thread! I assure you that wasn't my intention.
MalwareBytes is something that I think everyone should have anyway cause these days even total noob lords can find a good crypter for their RAT's 
08-30-2014, 04:10 PM
#16
Dacoco
I void warranties.
Originally posted by joshuam08
I understand haha - I just thought I'd add that in. Sorry if it seems like I hijacked your thread! I assure you that wasn't my intention. MalwareBytes is something that I think everyone should have anyway cause these days even total noob lords can find a good crypter for their RAT's
MalwareBytes is something that I think everyone should have anyway cause these days even total noob lords can find a good crypter for their RAT's
Its cool, im just trying to help the community, i appreciate other people chiming in to help, at least you didnt keep it to yourself like some people :|
Copyright © 2024, NextGenUpdate.
All Rights Reserved.
