Jump to content


Photo

Possible RAT (Remote Access Trojan) problem


  • This topic is locked This topic is locked
1 reply to this topic

#1 Rathater13

Rathater13

    Member

  • Full Member
  • Pip
  • 17 posts

Posted 13 May 2013 - 05:41 AM

Dear Forum:
 
I suspect I've had a RAT in my computer for a couple of months that even thorough low-level formatting seems unable to remove. I'm posting this in this forum because I'm not sure if "Requests for help with removing a virus or trojan should be posted in the 'Malware Removal' forum" refers to this or another forum.
 
The RAT apparently does two things:
a) Before I installed Malwarebytes it frequently (and rather suddenly) kept all the webpages I tried to open from loading. My Net Meter app, though, always showed the DSL line to be OK (usally around 2mbps) and torrent downloads weren't affected, either.
b) Malwarebytes fairly often displays a pop-up note that shows an IP address it says it successfully blocked (some unnamed application) from connecting to (i.e a website with 'potentially malicious code')Actually, it's not just one but many IP addresses this RAT has tried to connect to. Since then the problem with webpages that won't load has disappeared or at least been greatly reduced (I'm not exactly sure, which).
 
Neither Malwarebytes nor SUPERAntiSpyware, Spybot Search & Destroy or Avast! Intenet Security have found anything :(.
 
The Danger: Remote Access Trojans article from 2002 which I found after some googling lists a couple of steps one can take to find the culprit or culprits including several software programs: Fport, Netstat, TCP View or Winternals TCP View Professional Edition. But there's probably no way around checking and keeping tabs on unexpected open IP ports and the like?!
 
Is there perhaps a more recent list of 'Common Remote Access Trojan IP Port Numbers' (Quickly googling for such an updated list didn't get me any results)? Does the above info (a and b) perhaps give an indication about what kind of RAT I might have on my machine? Which of the above listed software would you suggest I install?
 
I'd really appreciate any helpful tips in this regards! :)
 
Many thanks.
 
Rathater13 ;)


#2 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,317 posts

Posted 13 May 2013 - 09:16 AM

Welcome, Rathater13.
 
It shouldn't be necessary to keep checking for open ports.  A free antivirus like Avast, with its eight real-time shields, plus a good firewall such as the one in Windows 7, will protect your PC from most new infections.  Generally you can't be accessed unless you somehow permit it either by file sharing or by having malware already on your machine.

Please read the Instructions and post the requested logs (MBAM, DDS, Security Check) in the Malware Removal forum.  We need the information in order to help you as each PC is different.


Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE




Member of ASAP and UNITE
Support SpywareInfo Forum - click the button