OtherPenetration Testing

How to know if you are infected + How to manually remove Malware!

~ The ways of manually checking if you’re infected ~

Q: Is there any easy ways of detecting a RAT?
A: Yes, there is, here are 3 ways on how to do exactly that.

1. Process hacker.
You can spot most rats using the tool named Process Hacker (LINK)
Go to the networks tab, if you see any weird process connecting to an ip, it is most likely a RAT.





2. Startup (msconfig)
Windows has an inbuilt function to control what starts up when windows starts
Open msconfig by simply searching for “msconfig” in your search field, it should come up.
Now look through your programs and services, in services tick the “hide microsoft services, then browse through and untick all the unwanted nasty ones.



3. Tool (HijackThis)
HijackThis is an open source program that scans for malware AND creates a log file to look at later on.
Download HijackThis here
Click the “Do a system scan and save log file”
When the scan is done, copy paste the whole and paste it on the tool @ hijackthis.de
You can also get people like me to manually take a look at it, so we can inform if the auto scan missed something.



Q: How do i stop the rat process if i cant do it with task manager?
A: It depends, if there is no RunPE (Runtime Persistence, A seperate process that protects the rat from getting closed)
If there isnt then run process manager then follow this briefing of how to terminate processes
If the RAT is protected by a separate process (RunPE) you will have to find the seperate process using Process Hacker’s inbuilt function, which you can read more about on their page.


Related Articles

Back to top button