Would start out by scanning your PC with ComboFix
Otherwise reformatting your PC would be the best option
I KNOW i have been ratted, MSConfig deleted/hid all the startup programs, processes in task manager got deleted instantly and got refreshed.
Ran in safe-mode and checked startup manager, and i removed all suspicious programs, not sure if its gone yet. I want to be 100% sure so if there is a way too clean your pc from RAT's? Please Help.
<3 From Frag.
---------- Post added at 02:54 PM ---------- Previous post was at 02:52 PM ----------
HEhe, just saw the anti-malware subforum xD
@Ravallo It's solved. Close please ? :3
Thanks all! <3 From Frag =)
Last edited by Fraggykidd; 12-27-2012 at 10:49 AM. Reason: Solved
RATs can't be removed by AV's (RARELY, you will get VERY lucky and remove it), so the only option you have is to install a clean new windows.
I also suggest you don't backup anything since it can contain parts of the RAT spread. If it's a text file, upload it to pastebin, etc.
Goodluck
First disconnect your PC from the internet so the attacker can not damage your computer further. Then proceed to scan with you A/V (I would recommend Malwarebytes). If nothing is found and you still think the RAT is present on your system, go seek professional assistance.
Nipples
okay do as i say.
- Go to taskmanager
- Go to the "view" tab
- Go to select columns
- Check PID (Process ID)
- Now close all programs that access the internet (chrome, itunes and what not)
- Go to CMD (Window key + r; type cmd; hit enter)
- type "netstat -ano"
- now look for all established connections and check the PID for the established ones and compare them to the PID's in taskmanager
- If you notice anything weird, open its file location and check it!
hope this helps
Tell me your skype if you need further help ^^