[TUT]Remove Rat Servers/Trojans/Connections

[M_a_X]

Definition of a rat:
Remote admin tool usually just to fudge with people or to steal Personall info like key logs and other info.
They are very noobish actually because anyone can remove them without anti virus software.
Also this may not even be a rat you could be part of a Hostboter army. THis means your connection will get laggy every time that 9 year old wants to haxxor that kid of xbox.
Now how to remove them
------------------------------------------------------------------------
Open Cmd By going to STart > RUn type Cmd
(or just search for cmd in Search bar)
Run as admin

Then Type this in
{Netstat -b -n -o}
Then look for all COnnection and weird program names
Like Windows Defender having a connection = no no
Taskmgr connection = no no
Cmd connection = no no
Well
just about anything but skype ICq aim etc
is probably a rat server
Now to remove them
go to run this time and type Msconfig

Go to startup

Scroll down till you see the weird crap
then Uncheck and hit apply
Then exit restart and no more rat servers unlesss they have persistance
Then you Task kill them before hand

[bling111]

There are a few flaws in this tutorial. With only the name you cannot judge if something is a RAT. A RAT can be called Iexplorer.exe. Also if you delete it from startup the actual file is still there so you are still infected. The tutorial itself is well written only the method contains a few flaws. Thanks for the effort!

[Resistance]

No offense OP but this is a terrible way to remove any kind of RAT. All your doing here is removing a start up item and disabling your internet connection. I highly advise nobody follow this tutorial for the safety of your computer. Sorry OP.

You must use an Anti-Virus of some sort, or COMODO Firewall to track down properly the connection being made outbound or inbound. Use MalwareBytes to remove the RAT completely.

[Carbon Nox]

Since DarkComet provides MSConfig disable and other annoying features. If you are infected you would be unable to preform these tasks. The best way to remove a infection is prevention; for example moving to a new OS like Ubuntu. Or not visiting untrusted site and running downloads from strangers. If you do find yourself infected, disconnect from the internet boot into safe mode and run some scans. Then on a clean PC report to the HJT + Change your passwords. With a virtual keyboard if possible. Also remember to set recovery questions.

[Resistance]

Since DarkComet provides MSConfig disable and other annoying features. If you are infected you would be unable to preform these tasks. The best way to remove a infection is prevention; for example moving to a new OS like Ubuntu. Or not visiting untrusted site and running downloads from strangers. If you do find yourself infected, disconnect from the internet boot into safe mode and run some scans. Then on a clean PC report to the HJT + Change your passwords. With a virtual keyboard if possible. Also remember to set recovery questions.

Well really thats why we have got safe mode, and yes, RATs can get detected by AVs and Anti-Spyware progs as well. This is one of these worst tutorials on how to fully remove a RAT

[Carbon Nox]

Well really thats why we have got safe mode, and yes, RATs can get detected by AVs and Anti-Spyware progs as well. This is one of these worst tutorials on how to fully remove a RAT

Hmm, thats one of my points.

You shouldn't need safe mode. Just like you shouldn't need all the things you do, but we have them for security. Why do we need to security? To protect ourselves. From what though? Who else? Us.

Just like with anything else we will destroy ourselves however humans don't have safe-boot.

Anyway most AVs are corporate bullshit. Norton for example makes your PC worse...

[INC3PT!0N™]

yea you cant always detect a RAT, you can just change the description, name, licence etc. But on the whole its a decent tut, thanks

[epic]

Nice tutorial, this will come in handy.

[+Moon]

Good job dude. Don't listen to these ones.