How to remove RAT's and other simple malware 03-21-2013, 12:22 AM
#1
Introduction
In this tutorial I will show you how to remove a simple malware off your computer. A good example of simple malware is a Remote Administrator Tool. Most of you guys are probably like: " Wut? How iz a program that can control your whole computer simple?"
A RAT is actually very simple compared to most viruses/malware.
How RATs Work
RAT are made of two parts: The Client, the Server.
The client is what sends the commands, and the server is what reads them and executes them.
The server is the virus on your computer. The server connects to the clients open port and ip. It wait's for a command to be sent to that port, then once it is sent, the server reads it all, and executes the command sent.
The client is the person who ratted you. He sends commands to his open port that will be read by the server and executed on the infected computer.
How to get Stop RATs and remove permanently remove from your computer
Download and Install Comodo Firewall: http://www.comodo.com/home/internet-secu...rewall.php
Once installed, put all of the settings to High Security mode. What this will do is block all applications(Besides Web Browsers) from accessing your connection without you permission. This will stop a RAT from connecting to the client's port, so it will not receive any commands. Now that you've stopped it, it's time to remove it.
How to remove
Go to start> and search 'MSCONFIG' (Without the '')
Then a window should pop -up. Click the startup tab.
![[Image: 2l6x4]](http://puu.sh/2l6x4)
Uncheck everything that is checked on that tab and then click apply, then click OK
Now go back to MSCONFIG and go back to the start up tab and see if anything is checked again. Whatever that is checked again, that is the RAT. For me the name is:
![[Image: 2l6BY]](http://puu.sh/2l6BY)
Now go to the command area of the list box and see where the program is at and the name of the process. After you've done that, open the task manager as administrator, and look for the process name of the RAT. For me it is msdcs.exe
Once you find it, kill the process. If it reappears that means there is a backup file for the RAT, if that is the case, then look for a process that shouldn't be running, for me it is notepad*32.exe, then kill it, once killed, kill the other process as well.
Now go back to msconfig and uncheck the RAT file name and click apply then OK. Restart your computer.
Your Computer is clean<3
I hope I helped, if there are any errors please let me know.
In this tutorial I will show you how to remove a simple malware off your computer. A good example of simple malware is a Remote Administrator Tool. Most of you guys are probably like: " Wut? How iz a program that can control your whole computer simple?"
A RAT is actually very simple compared to most viruses/malware.
How RATs Work
RAT are made of two parts: The Client, the Server.
The client is what sends the commands, and the server is what reads them and executes them.
The server is the virus on your computer. The server connects to the clients open port and ip. It wait's for a command to be sent to that port, then once it is sent, the server reads it all, and executes the command sent.
The client is the person who ratted you. He sends commands to his open port that will be read by the server and executed on the infected computer.
How to get Stop RATs and remove permanently remove from your computer
Download and Install Comodo Firewall: http://www.comodo.com/home/internet-secu...rewall.php
Once installed, put all of the settings to High Security mode. What this will do is block all applications(Besides Web Browsers) from accessing your connection without you permission. This will stop a RAT from connecting to the client's port, so it will not receive any commands. Now that you've stopped it, it's time to remove it.
How to remove
Go to start> and search 'MSCONFIG' (Without the '')
Then a window should pop -up. Click the startup tab.
Uncheck everything that is checked on that tab and then click apply, then click OK
Now go back to MSCONFIG and go back to the start up tab and see if anything is checked again. Whatever that is checked again, that is the RAT. For me the name is:
Now go to the command area of the list box and see where the program is at and the name of the process. After you've done that, open the task manager as administrator, and look for the process name of the RAT. For me it is msdcs.exe
Once you find it, kill the process. If it reappears that means there is a backup file for the RAT, if that is the case, then look for a process that shouldn't be running, for me it is notepad*32.exe, then kill it, once killed, kill the other process as well.
Now go back to msconfig and uncheck the RAT file name and click apply then OK. Restart your computer.
Your Computer is clean<3
I hope I helped, if there are any errors please let me know.
![[+]](https://sinister.ly/images/modern/collapse_collapsed.png)
![[Image: dHJ4Beo.gif]](http://i.imgur.com/dHJ4Beo.gif)
![[Image: OgJCzLe.png]](http://i.imgur.com/OgJCzLe.png)
