| Once infected, Impossible to detect 3 years ago on my behalf of being a moron i downloaded a game cheat. I clicked the .exe and nothing happened. So i just deleted it
2 months later i go into my rs premium account and realize someone else logged in and uploaded files of the game i used to play and a brute forcer, now no one brute forced my account because the ip originated from canada and they were using my account from the same ip and didn't even change the password and uploaded files of the game i used to play.
But anyway i scanned my pc with all anti malwares and found NOTHING, i scanned with anti rootkits and i found nothing. No matter how hard i tried i found nothing on my win xp pro. so i decide to format and reinstall
After a little hovering around the forum i heard it was poison ivy rat, And with a little research i found out people actually pay for undetected rats...What the heck?
So if you're infected by an undetected rat which is of course done by your fault, You have no way of finding it
I even went as far as to find common registry entries of the rat and found none thus leading me to believe it was undetected and paid for.
Luckily i had an rs premium account and caught on to that. |
|
|
|
 Dude111An Awesome DudePremium
join:2003-08-04
USA
kudos:10 | Makes ya wonder if the people who put out these cracks ARE REALLY PEOPLE WORKING WITH THESE COMPANIES WHO TRY TO SCREW SOMEONE OVER FOR TRYING TO ME$$ WITH THEM!
Makes sense i guess...... |
|
 DownTheShoreTag, you're itPremium
join:2003-12-02
Beautiful NJ
kudos:11 | reply to nv753
For those like me, who had never heard the phrase "poison ivy rat" before:
From Wiki:
A Remote Administration Tool (known more commonly on the Internet as a RAT) is used to remotely connect and manage a single or multiple computers with a variety of tools, such as:
Screen/camera capture or control
File management (download/upload/execute/etc.)
Shell control (usually piped from command prompt)
Computer control (power off/on/log off)
Registry management (query/add/delete/modify)
Other product-specific function
...
Many trojans and backdoors now have remote administration capabilities allowing an individual to control the victim's computer. Many times, a file called the server must be opened on the victim's computer before the trojan can have access to it. These are generally sent through email, P2P file sharing software, and in internet downloads. They are usually disguised as a legitimate program or file. Many server files will display a fake error message when opened, to make it seem like it didn't open. Some will also kill antivirus and firewall software. RAT trojans can generally do the following:
Download, upload, delete, and rename files
Format drives
Open CD-ROM tray
Drop viruses and worms
Log keystrokes, keystroke capture software
Hack passwords, credit card numbers
Hijack homepage
View screen
View, kill, and start tasks in task manager
Hide desktop icons, taskbar and files
Print text
Play sounds
Randomly move and click mouse
Record sound with a connected microphone
Record video with a connected webcam
Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack. They usually do disruptive things like flip the screen upside-down, open the CD-ROM tray, and swap mouse buttons. However, they can be quite hard to remove.
--
Patriotism is not waving a flag, it is living the ideals
I want to retire to the Isle of Sodor and ride the trains. |
|
DownTheShoreTag, you're itPremium
join:2003-12-02
Beautiful NJ
kudos:11 | reply to nv753
A question: If you have Remote Assistance disabled on your computer, can they still gain access? |
|
 rawwhidePremium
join:2000-09-03
The Sticks
 ·AT&T DSL Service
| said by DownTheShore:A question: If you have Remote Assistance disabled on your computer, can they still gain access? If the infection enables remote assistance when its disable, yes.
--
To talk much and arrive nowhere is the same as climbing a tree to catch a fish. |
|
| So if I completely disable the service by say...nlite...removing all components associated with "remote" anything, one should be safe...correct. |
|
 Doctor FourMy other vehicle is a TARDISPremium
join:2000-09-05
Dallas, TX | reply to nv753
The Zeus/zBot banking trojan is a lot like that. Once it gets onto a PC, the infection is not very well detected, and is difficult to remove. Or at least the detection rates for it were quite low a few weeks ago - they averaged only about 24% of the 40 major AV softwares.
--
"The trouble with computers, of course, is that they are very sophisticated idiots." - Doctor Who (from Robot)
|
|
Bink
join:2006-05-14
Denver, CO
kudos:4 | reply to nv753
This is well known in the realm of computer security. Once a bad guy has control over your computer, it is really not your computer anymore. |
|
| reply to nv753
If you have lights that flash on your router, signaling traffic, you would know right away if it looks like your making a download while your computer is idle.
 |
|
| reply to nv753
This is simply NOT TRUE.
There is very simple and effective method of scanning & deleting rootkits, trojans and other malware...nomatter how well they are "hidden" in your OS. Its very simple: Dont boot the infected hdd:s OS, but some other OS and use that to scan the infected/suspected OS hdd.
Like, for instance, use Avira Antivir Rescue System, its a bootable cdrom with latest virus definition files etc. Just boot from it and scan the computer and remove all the crap you can find.
»www.avira.com/en/support/support···ads.html
Its really not harder than that.
Any computerwize person would occasionally do a full scan with that kind of program anyway, even there isnt anything suspicious going on in the computer. Just to make sure, that there really isnt any rootkit or trojan running in your computer. |
|
Bink
join:2006-05-14
Denver, CO
kudos:4 | reply to nv753
This is completely true—and all root kit, Trojan and other malware detection software is flawed/prone to omissions. If you’re going to bother going through this flawed process, you might as well restore the entire system from a known good backup and be absolutely certain. |
|
| reply to justanon
said by justanon :This is simply NOT TRUE. There is very simple and effective method of scanning & deleting rootkits, trojans and other malware...nomatter how well they are "hidden" in your OS. Its very simple: Dont boot the infected hdd:s OS, but some other OS and use that to scan the infected/suspected OS hdd. Like, for instance, use Avira Antivir Rescue System, its a bootable cdrom with latest virus definition files etc. Just boot from it and scan the computer and remove all the crap you can find. » www.avira.com/en/support/support···ads.htmlIts really not harder than that. Any computerwize person would occasionally do a full scan with that kind of program anyway, even there isnt anything suspicious going on in the computer. Just to make sure, that there really isnt any rootkit or trojan running in your computer. I used the rescue scan and it couldn't scan encryped files.
Suppose the trojan is encrypted, then what?
It couldn't scan the Spybot S&D back ups of all things. |
|
| Something would have to unencrypt it. Another, unencrypted executable. |
|
rawwhidePremium
join:2000-09-03
The Sticks Reviews:
·AT&T DSL Service
| reply to justanon
said by justanon :Like, for instance, use Avira Antivir Rescue System, its a bootable cdrom with latest virus definition files etc. Just boot from it and scan the computer and remove all the crap you can find. » www.avira.com/en/support/support···ads.htmlIts really not harder than that. Any computerwize person would occasionally do a full scan with that kind of program anyway, even there isnt anything suspicious going on in the computer. Just to make sure, that there really isnt any rootkit or trojan running in your computer. In addition you could use any of these or something similar. Bart PE with a virus scanner of your choice, UBCD4Win with your choice of scanners, or a live Linux distro.
BartPE -- »www.nu2.nu/pebuilder/
UBCD4Win -- »www.ubcd4win.com/
Linux distro -- »distrowatch.com/
--
To talk much and arrive nowhere is the same as climbing a tree to catch a fish. |
|
 joakoPremium
join:2000-09-07
/dev/null
kudos:5
 ·Comcast
| reply to DownTheShore
said by DownTheShore:A question: If you have Remote Assistance disabled on your computer, can they still gain access? Yes. Even if you have removed remote assistance and removed all the terminal services components e.g with nNlite/vLite/XPlite, etc. Let me ask you: If you remove Outlook Express can you still send email through thunderbird.
Now, I can see a sloppy programmer assuming that the windows terminal services are installed and relying on them but there is no reason they could write their own code or use existing code e.g. VNC engine.
--
PRescott7-2097 |
|
core22
join:2006-06-19
King Of Prussia, PA | It is possible to inject malicious code into RAM, have it execute and capture your credentials, then remove itself from RAM, effectively leaving no trace of what was done. |
|
 Woody79_00I run Linux am I still a PC?Premium
join:2004-07-08
united state | reply to nv753
RATS have been around for a very long time. In fact, it was common to get a RAT from the AOL network via AOL IM and other means back in the early 90's as a way for a user to get access to your AOL account.
Some of the earliest malware for windows 9x were in fact RAT trojans. They have never really gone away, just been renamed to more sexy names
most banker trojans and the like today are infact RAT's. I guess the rule of thumb is to just becareful what you execute. Its unreasonable to think a security software can detect all rats.
As for rookits, some can be detected by normal means, and others can not...If I am looking for a rootkit, I watch for unusal port activity..that is the only way to detect one 100% of the time..rootkits are installed to havest data from the machine they are foisted on...malware that doesn't dial out somewhere is useless
deleting your whole hard drive is so 90's....its very rare to see a malware be designed just to delete your pictures, its a business today, data harvesting is the paramount reason. if it be credit cards, login credentials, or the like..it has to dial home...watch your ports...
--
My Blog |
|
