Saturday, June 19, 2010

How to remove Remote Administrator Tool (RAT) and Keyloggers

Definition for RAT

What is a RAT?
Well to start off, The term RAT is short for Remote Administration Tool.A quick definition of a RAT (Remote Administration Tool): RAT'S are used to connect and manage a single or multiple computers with a variety of tools, such as:
  • Screen/camera capture or control
  • File management (download/upload/execute/etc.)
  • Shell control (usually piped from command prompt)
  • Computer control (power off/on/log off)
  • Registry management (query/add/delete/modify)
  • Other product-specific function
Direct Connection
A direct-connect RAT is a simple setup where the client connects to a single or multiple servers directly. Stable servers are multi-threaded, allowing for multiple clients to be connected, along with increased reliability.

Reverse Connection
RATs that utilize reverse connection have a few major advantages, such as the ones listed below:
  • Outgoing connections generally are less treating, and are less likely to be detected or blocked by a firewall, such as a router.
  • Since the remote's computer is connecting to the remote administrator, he or she will not need to know the remote's IP address in order to connect.
  • The remote administrator does not need to know to which or how many computers the RAT is being installed on, which allows for mass-distribution.
  • If mass-distributed, it is much easier to keep track of the computers the RAT is installed on, since they are all "calling home" by connecting to the remote administrator.

Are RATS Legal/Illegal?
Well, It is actually both. There are RATS that are Legal and that are actually Illegal. The difference between them both are the fact that, Legal RATS inform the connected remote that you are on the computer, And Illegal RATS do NOT inform the remote that you are on the computer.
So basically to break things down. Legal means the person has full control as well. They can kill the connection any time they please. No backdoor is left on their PC, and it is in your network.
Illegal means the person does NOT know you are connected and they have no knowledge you are till you take action, they have no control to kill the connection (unless they unplug the internet). But even then, a backdoor is left on the computer meaning anytime the computer is on and the internet is up, You can connect anytime you want. You can destroy files, download files, steal information, Basically make their life miserable.
Some legal RATS are
Team Viewer - TeamViewer establishes connections to any PC or server all around the world within just a few seconds.
Ammyy Admin
- Ammyy Admin is a highly reliable and very friendly tool for remote computer access.
Mikogo - Mikogo is an easy-to-use cross-platform desktop sharing tool, ideal for web conferencing, online meetings or remote support.
Ultra VNC
- Ultra VNC is a powerful, easy to use and free software that can display the screen of another computer (via internet or network) on your own screen.

Some illegal RATS are:

  • Spy-Net
  • Cerberus Rat
  • Cyber Gate Rat
  • Sub Seven
  • Turkojan
  • ProRat
Remote Administrator Tools Question & Answer

Q - Whats RAT?
- A RAT is also a shortcut called Remote Administrator Tool. It is mostly used for malicious purposes, such as controlling PC's, stealing victims data, deleting or editing some files. You can only infect someone by sendin
g him file called Server and they need to click it.
- How they work?

A - Some RATs can spread over P2P file sharing programs(uTorrent, Pirate Bay etc.), Messengers spams(MSN, Skype, AIM etc.).
- How do I control server?

- Once installed, RAT server can be controlled via RAT client. From IP list box you c
hoose PC and connect.
- How do I port forward?

- Port forwarding is easy and important for RAT. Well, you need open port because RAT connects through open port and bypass firewall. Open your web browser and write your IP and connect to your rooter(write Username: Admin & Password: Admin), open port forward page and write port you want and your IP. Well that's all you need to do and now you got open port

How to remove RAT's or Keylogger when you are infected:

A. Download Hijackthis - from trend micro anti virus
This is the link DOWNLOAD THIS

B. Follow this steps


First open hijackthis and click on " Do a system scan and save a log file "
( it will show you all the registry in your system ). Close the notepad that will pop-up in the screen.
It looks like this:

2. Rat and keylogger are mostly store in " HKCU " or " HKLM " so find in this registry so key logger must be name as server.exe or svchost.exe ( hacker name the server as some system file )
See the image below:

3. Put mark on it and click " fix checked " it will ask you " Fix 1 selected item ? This will permanently delete and/or repair what you selected " click yes. Then restart your PC.


You can also use Adramax Keylogger Remover for Adramax Keloggers

1. Run Adramax Keylogger Remover
2. Check all
3. Then Remove, restart your PC

This is the link: Download This

"Credits to HF site for some information"