How to prevent RATs?

DarkFlare69

Well-Known Member
OP
Member
Joined
Dec 8, 2014
Messages
5,147
Trophies
2
Location
Chicago
XP
4,736
Country
United States
This is the 4th time I've had a RAT. 3 different PCs.

Here's how it happened, someone sent me this info: http://prntscr.com/abe0v6

In my AppData, I had this: http://prntscr.com/abe05b

I can remove it. That's not a problem. The problem is how do I prevent future ones? My PC has been taking a long time to log on lately...

If someone can help I'll pay you $10.
 

DarkFlare69

Well-Known Member
OP
Member
Joined
Dec 8, 2014
Messages
5,147
Trophies
2
Location
Chicago
XP
4,736
Country
United States

Kioku

猫。子猫です!
Member
Joined
Jun 24, 2007
Messages
11,987
Trophies
2
Location
In the Murderbox!
Website
www.twitch.tv
XP
16,079
Country
United States
I'm not here for your input.


I never downloaded shit. I'll read that.

--------------------- MERGED ---------------------------


Then grow up and get a better past time.
I sincerely hate posts like these. Rats and the like don't just happen. You, or someone who may have used your computer, downloaded something that causes this. The whole "I did nothing" shtick is pure bullshit when it comes to these problems.

I always run Windows Defender and MBAM, and have never had these issues. Maybe it'll help you. Also CCleaner to delete your cookies and what have you.
 
  • Like
Reactions: Deleted User

DarkFlare69

Well-Known Member
OP
Member
Joined
Dec 8, 2014
Messages
5,147
Trophies
2
Location
Chicago
XP
4,736
Country
United States
I sincerely hate posts like these. Rats and the like don't just happen. You, or someone who may have used your computer, downloaded something that causes this. The whole "I did nothing" shtick is pure bullshit when it comes to these problems.

I always run Windows Defender and MBAM, and have never had these issues. Maybe it'll help you. Also CCleaner to delete your cookies and what have you.
I legit didn't do shit. I have all his skype accounts blocked. And he said he sent it through my wifi or something.
 
  • Like
Reactions: Kioku

Kioku

猫。子猫です!
Member
Joined
Jun 24, 2007
Messages
11,987
Trophies
2
Location
In the Murderbox!
Website
www.twitch.tv
XP
16,079
Country
United States
I legit didn't do shit. I have all his skype accounts blocked. And he said he sent it through my wifi or something.
Call your ISP and request an IP change. Only after you do a clean wipe/install. I know it can be deleted, but better safe than sorry. Personally I'd just replace the hard drives.

Wait, is it this kid in the thread?
 

DarkFlare69

Well-Known Member
OP
Member
Joined
Dec 8, 2014
Messages
5,147
Trophies
2
Location
Chicago
XP
4,736
Country
United States
Call your ISP and request an IP change. Only after you do a clean wipe/install. I know it can be deleted, but better safe than sorry. Personally I'd just replace the hard drives.

Wait, is it this kid in the thread?
He can just go to my skype and resolve it again.

--------------------- MERGED ---------------------------

Call your ISP and request an IP change. Only after you do a clean wipe/install. I know it can be deleted, but better safe than sorry. Personally I'd just replace the hard drives.

Wait, is it this kid in the thread?
Yes, this is him. probably is reading this as i type.
 
  • Like
Reactions: Kioku

Sono

cripple piss
Developer
Joined
Oct 16, 2015
Messages
2,800
Trophies
2
Location
home
XP
9,222
Country
Hungary
First of all, I don't recommend you to use the fully desktop version of Skype at this point. Using Firefox with Skype plugin is a gajillion times more safe.
If you don't want to switch to web.skype.com, then run into Skype settings, and change some stuff:
privacy-> privacy settings:
- only allow calls from your partnerlist
- disable automatic videocall acceptance
- set only allow messages from partnerlist
- disable all 3 checkboxes
- optionally delete skype cookies
call-> call settings:
expand settings with "detailed settings" button
- uncheck all checkboxes
- set call acceptance to from partnerlist only
text messages (the one below "call")-> message-exchange options:
click on "detailed settings" button
- set file save location to "always ask"
- only allow messages from partnerlist
special-> advanced settings:
- disable that M$ tracking thingy checkbox
special-> connection:
- disable all checkboxes

Save, and restart Skype.


After that (sadly) you'll need to open (*gulp*) Internet Explorer at ESET's Online Scanner, or just download the installer exe, both does the same, and perform a scan with the following settings:
- Enable detection of unwanted apps
- Enable detection of potentially unsafe apps
- Enable detection of suspicious apps
- Scan archives
- Enable Anti-Stealth
- Disable auto-clean threats
And do a scan.
Note: I'm not advertising, I'm trying to help.

While the scanning is going, acquire yourself a Process Explorer, a taskmanager on steroids. It's much more easier to spot the infected process in that, because it can categorize the processes, so you can spot any out-of-place process names.
If you -for some reason- can't kill the process with it (like the system BSoDs, or access violation), then report that, because I have solutions for those too :evil:


I hope I didn't miss some obvious stuff :wacko:
 
Last edited by Sono, , Reason: I CAN'T TYPE ON PHONE WITHOUT A TYPO!

DarkFlare69

Well-Known Member
OP
Member
Joined
Dec 8, 2014
Messages
5,147
Trophies
2
Location
Chicago
XP
4,736
Country
United States
First of all, I don't recommend you to use the fully desktop version of Skype at this point. Using Firefox with Skype plugin is a gajillion times more safe.
If you don't want to switch to web.skype.com, then run into Skype settings, and change some stuff:
privacy-> privacy settings:
- only allow calls from your partnerlist
- disable automatic videocall acceptance
- set only allow messages from partnerlist
- disable all 3 checkboxes
- optionally delete skype cookies
call-> call settings:
expand settings with "detailed settings" button
- uncheck all checkboxes
- set call acceptance to from partnerlist only
text messages (the one below "call")-> message-exchange options:
click on "detailed settings" button
- set file save location to "always ask"
- only allow messages from partnerlist
special-> advanced settings:
- disable that M$ tracking thingy checkbox
special-> connection:
- disable all checkboxes

Save, and restart Skype.


After that (sadly) you'll need to open (*gulp*) Internet Explorer at ESET's Online Scanner, or just download the installer exe, both does the same, and perform a scan with the following settings:
- Enable detection of unwanted apps
- Enable detection of potentially unsafe apps
- Enable detection of suspicious apps
- Scan archives
- Enable Anti-Stealth
- Disable auto-clean threats
And do a scan.
Note: I'm not advertising, I'm trying to help.

While the scanning is going, acquire yourself a Process Explorer, a taskmanager on steroids. It's much more easier to spot the infected process in that, because it can categorize the processes, so you can spot any out-of-place process names.
If you -for some reason- can't kill the process with it (like the system BSoDs, or access violation), then report that, because I have solutions for those too :evil:


I hope I didn't miss some obvious stuff :wacko:
I appreciate the long message and help. Im going to try all that. Is web.skype still safer even after doing all that stuff to normal skype?

And, he has a RAT in one of my PCs upstairs which I can't format. Is there a way to block local communication between the two? Mine is on 5G and the other is on 2.4G, if that matters.
 

Sono

cripple piss
Developer
Joined
Oct 16, 2015
Messages
2,800
Trophies
2
Location
home
XP
9,222
Country
Hungary
Yes.

I assume you're using Win8:
- Click on the network icon on the taskbar
- On the right sidebar richt-click your connection, enable/disable sharing, No, I don't turn it on (for public places)
 

Site & Scene News

Popular threads in this forum

General chit-chat
Help Users
  • No one is chatting at the moment.
    SylverReZ @ SylverReZ: @salazarcosplay, Morning