Remote access trojans have become a common problem in the recent years. They are hard to detect, they pose a real threat to users’ online privacy, and tend to mimic commercial remote desktop software that, in most cases, doesn’t serve to perform any kinds of criminal activities. Here’s a short overview of RAT’s nature and a quick guide to removing malware from an infected computer.
What’s a RAT?
Remote access trojan (or RAT) is a type of malicious software that allows attackers virtually penetrate into a computer or mobile device to remotely access and control it from anywhere in the world. RATs can be sent via links or attachments to emails, some of them intentionally ‘broken’.
The whole installation scheme is quite simple: as soon as the user clicks on the attachment, RAT is released and installed on their computer without the user being aware of this activity. After that the attacker is granted full access to the victim’s device, being able to do almost anything from watching the user’s screen or keystroke logs to stealing private data like credit card information, etc. In other words, everything that’s stored on the infected computer is exposed as soon as the criminal is in.
What are the most common RATs nowadays?
There are lots of remote access trojans being currently in use, but all of them have one characteristic in common – they’re truly hard to detected, and thus, to cure. Here’s a good read on some of the most widely used RATs as of late 2015.
What can be done to remove a RAT?
With no doubt, education and prevention work best against any kind of malware, and RATs are no exception. But what can you can do if your client or an employee within your organization reports that their machine has already been infected with RAT?
- Connect to the infected computer and reboot it into Windows Safe Mode to perform an in-depth virus cleanup. Running the remote machine in Safe Mode reduces the risk of harmful activities as most of the critical processes become disabled.
- If the attacker has removed any antivirus from the infected computer, take advantage of the file transfer feature available in FixMe.IT remote desktop application and install the anti-malware software remotely.
- If the infection is already too serious, or your antivirus software cannot detect the RAT on the machine, go to Recovery settings and reset the user’s system completely.
Stay tuned for an upcoming video tutorial where we’ll show you how to perform a complete virus cleanup of a remote client’s computer from Windows Safe Mode. Subscribe to our YouTube channel, join our community on LinkedIn, and follow us on Facebook and Twitter!