Urgent help
I might be ratted, i need help fast. Can anyone get in a discord call if possible
79 Replies
ok let's take a deep breath
first off, if it is a RAT, they can't remotely access you if you're not connected to the internet, so first disconnect your computer from wifi
let me know when you've done that
im not sure if its a rat
disconnect your computer from wifi first
ok
even if it's not a RAT it will prevent it from spreading
lemme get on my phone
please do
ok what can i do now
im not on my pc
great
ok let's take this one step at a time
even if you have malware on your computer, it will now be contained to only your computer
im trying to figure out if im even infected
thats y i said i might be
so first things first, what symptoms are you experiencing? what reason do you have to believe you have been infected?
apps closing, system restart because of some :memory issue" and unusual lag
mb i had to do something
no worries
all of those things can just be caused by acting using too much memory
mainly the memory issue but after my pc restarted it fixed
but there is one thing
ok try using it to do some normal offline activities and see if it still behaves normally
i downloaded a "rootkit scanner" from someone
if you can, run a stress test or a benchmark
while having python with admin
did you give it admin perms?
but i never ran the file
did you run it with admin perms?
no
ok then that shouldn't be a problem
delete that shit immediately obviously
and defender flaggedd it as suspicious so i obviously deleted it and this was 2 months ago
ok then that shouldn't be a problem
if you're still concerned, again you can still reinstall windows
but i would just run a windows defender full scan and move on with your life
:VicePray:
i ran it in a vm and scanned it with virustotal and it was flagged 50 times as a rat and info stealer
yea obviously
but if you didn't run it, it's not a problem
he told me "the viruses are packed as a reference"
lmao
again though, if you didn't run any of those files, there's no problem
also how can i use sysinternals
and ty for the help
ive never heard of it, though i assume google has
ty for the help
gave me peace of mind
ill search it up later in my free time
What specifically are you trying to use from sysinternals
really? 😭
Sysinternals - Sysinternals
Library, learning resources, downloads, support, and community. Evaluate and find out how to install, deploy, and maintain Windows with Sysinternals utilities.
im guessing you're just forgetting
you've prob used something from it atleast once
nope never heard of it
i probably have used something from it though! but ive never heard the term
process explorer, auto runs, and tcp view
pc sec channel has a video on this stuff prob
sec
PC Security Channel
YouTube
How to tell if your PC is Hacked? Process Forensics
Procmon is a powerful forensic tool and part of the sysinternals suite that can help you monitor almost any activity on your system. In this forensics tutorial we will look at an infected Windows 11 VM using Process Monitor. https://learn.microsoft.com/en-us/sysinternals/downloads/sysinternals-suite. Invest in blue-chip art with Masterworks (spo...
he prob has a few more videos
also, don't reconnect the machine to the internet, find another way to transfer the stuff over
there are def other videos that explain better, but I find his content to be more digestible for someone who may know less, you should def do your own research though
best bet is reinstalling windows if need be
Ty I just wanted to make sure my pc isn't hacked
Cause when my apps closed and my pc crashed it said it was because of some memory issue and i did have a lot of apps open
And i also only have 16 gigs of ram
Really does depend on what you were trying to do or run
I have a game open with discord, Spotify, medal, obs, and chrome
Like to other devices ?😭
Sysinternals?
Theres another good video
With techniques for registry key editing since usually some things mess with those for uac bypass
Or you can just use powershell to detect recent registry key editing*
Maybe link it…?
Britec09
YouTube
Remove Remote Access Tool (RAT)
Remove Remote Access Tool (RAT)
malicious software Backdoor:MSIL/Bladabindi.G is a remote access tool (RAT) that allows backdoor access and control of your computer. This tool is known as "NJ Rat" on the Internet.
Makes sure your using a good Antivirus, and I would suggest you get Malwarebytes Pro
http://www.malwarebytes.org/
http://www.bri...
tracking link
Only problem is that it's extremely old
Holduo
untracking link
I'll see if I can find a Pc security video regarding registry editing as they're a lot newer
One thing is i might have screenshared my regedit to that guy. It was when i first got hacked after downloading a Minecraft mod. I wiped my pc after though
He said he could help me find a rootkit
Even though it was prob just some trojan and that was a couple months ago
you are in with the wrong crowd aren't you
install this extension
for your own sake
I dont think you
can find rootkits manually?
i mean surely theres a way but its much better to use
tools
that are made to do that
Ik i was rlly not thinking there
I wiped my pc a couple months ago and everything seems to be fine
This was all a couple months ago
yea with this kinda crowd you'd know if something was actually wrong
so if you're not getting any symptoms, you're fine
What are some symptoms
really anything not working like it's supposed to
Ik i had the thing where my pc crashed cause of a ram issue but that's happened to me before
thats true
literally like
every single day
someone comes in here saying they have a RAT or a trojan or whateverwhatever
and then they cant tell us how they know they just end up saying “i downloaded something weird”
yea i think in all likelihood you're probably better off just opening the laptop up and upgrade your RAM or storage
like you're probably in you could just upgrade your laptop territory
:VentiShrug:
Everything in my pc is fine except the ram
send me your laptop model and how much RAM you have?
I have a desktop
like show me the windows task manager window
oh then you're fine yea
you can try using sysinternals tools as many of them are kind of made for this stuff
now's a really bad time to buy ram but if you want to!
Ik I've seen the prices
oh you're this goober
i got rid of python a while ago
@w3333333t.io
and y are there 2 of them
@guninvalid over coax alliance
whats the path i can find them in
@Cloudyy?
should i delete them
sorry dude python is unable to be removed
thats why we call it the pootkit
not the time dude
my bad
that's an #💬︱off-topic kinda shitpost, but saying that in this context is gonna make bro's anxiety worse
python and python3 are two different things
but as i said then, you really don't need to remove them
like there's not any risk you're taking by having them
I dealt with this problrm on windows ten and damn is it annoying lol vscode wouldnt go away
you could either
keep or use a command to remove them as thats likely easier
rmdir /s /q C:(path to python) should be the command