You are viewing our Forum Archives. To view or take place in current topics click here.
can anyone help me out
Posted:

can anyone help me outPosted:

ConvictionLobbysTTG
  • Challenger
Status: Offline
Joined: Sep 21, 201410Year Member
Posts: 129
Reputation Power: 14
Status: Offline
Joined: Sep 21, 201410Year Member
Posts: 129
Reputation Power: 14
okay so i have been ratted as i just come home and someome f*** my ttg post up and put in there im a scmaer and all that can anyone get this kid off my laptop +rep
#2. Posted:
GulpModding
  • TTG Master
Status: Offline
Joined: Apr 15, 201212Year Member
Posts: 898
Reputation Power: 97
Status: Offline
Joined: Apr 15, 201212Year Member
Posts: 898
Reputation Power: 97
turn of your computer. Turn your internet of.

Go to a different computer and download the following. Save them to a USB flash drive. Try to download the standalone install versions. You don't really want the online installer version which is usually smaller. You may be able to do this from safe mode with networking if you have to.

AVG free version or any free anti-virus if you don't have one. ( [ Register or Signin to view external links. ] )
Zonealarm free version. ( [ Register or Signin to view external links. ] )
HijackThis Ver. 2.0.4 ( [ Register or Signin to view external links. ] )
Puppy Linux Ver. 5.2 iso ( [ Register or Signin to view external links. ] )

Malware can have any name and any extension. Sometimes this works against it hiding as it sticks out as being odd when they are random letters. Other favorites are trying to hide as though it is a Windows program. Sometimes L is substituted for i and they often look the same as legitimate programs or folders.

Start with Zonelalarm, install it and select the manual method for allowing programs through the firewall. If we get this going, it will stop the RAT from accessing the internet. Be very careful which programs you allow to access the internet. Double check using Google to search file names if you have any doubt that it might be malware before allowing it. If you do make a mistake, you can change the setting in the control center. Right click the icon to lock down internet activity if needed. At this point, you may be safe hooking up the internet again.

Your RAT may be trying to access the internet at this point so you might know what program is causing the problem. You can hit CTRL/ALT/DEL and kill the RAT process from the processes tab. It might make things easier.

Install AVG. Allow it to update and allow it access to the internet. Most of the AVG files start with AVG so they are fairly easy to tell them from malware to allow them through the firewall. Run a full system scan once it is updated. Switch to safe mode if it finds anything and has trouble removing it. Continue on if AVG didn't find it.

HijackThis is a very dangerous program if you don't have a lot of computer experience. It can cause as much harm as good if you don't know what you are doing. It can directly affect registry entries and even prevent your computer from booting if you remove the wrong entries. If you figured out what files are the problem, run HJT as an administrator and remove the entries that refer to the RAT program. There may be more than one program involved so there can be multiple entries. If you are not comfortable with this part, Save the log file and post it to any number of help forums that will help with manual removal. Be sure and follow the HJT instructions for the forum as most want you to start a new topic in a specific place.

If you got this far, the tools are not deleting things and the RAT is still there. Puppy Linux is a small live CD version of Linux that is easy to use and can even be used to download stuff if you don't have access to another computer. Burn the iso file using any number of CD burners using the burn iso option or burn image option. The iso file is actually an image of the CD and not a file that can be executed. It only runs from the CD so it won't make any changes to your hard drive unless you do something to make changes. Saving the environment file is one of those things though you can also save to a USB flash drive. A big caution is needed. When using this, you are in what might be considered super administrator mode. You can rename or delete any file on your computer which means you can destroy things just as easy as fix them. The operating system won't stop you from doing harm like Windows. With that in mind, you can use it to find and rename the RAT program file(s) even if the other methods above fail. With the files renamed, they won't start and you can then safely delete them if they don't cause any problems when renamed. I usually add an XX to the beginning of the name to make them easy to find later.

Reboot the computer and run HJT to see if the RAT came back. Reboot and check a few more times.

If you got this far, you either manually removed the RAT program or you need to do a system wipe and restore. The Puppy Linux CD can help you save important files if you need to do that. Be sure to do a format to wipe everything if you restore Windows.

Once you master manual removal, even malware that isn't detected and removed can be manually removed in a reasonable time. Depending on the infection, removal can take as little as a few minutes or over an hour with multiple reboots. Be patient and take your time.
Jump to:
You are viewing our Forum Archives. To view or take place in current topics click here.