Hi, How does one detect a RAT ? SysInternal's Autoruns may reveal it if one knows one's run key contents. How else can one detect a RAT ? Netstat may reveal it if it is not protected by a rootkit.
With tools like HIPS, firewalls and system monitors? Most trojans/RATS will try to inject code, make outbound connections, and try to get access to files.
RATs are delivered usually via a multi-stage attack; often times with user assistance through phishing and the like. RATs often install a rootkit as part of their attack making their detection extremely difficult. On x64 OSes, kernel patch protection protects against kernel mode rootkits.
"Hi Rasheed187, What system monitors are you thinking of?" I think he was referring to using ones nose? the old saying, I smell a rat. or maybe Gmer
The usual suspects, like Process Explorer, Process Hacker and System Explorer. But you could also use tools like GlassWire and TinyResMeter. http://www.pcworld.com/article/2686...ool-tells-all-about-your-network-traffic.html http://www.pesoft.fr/newstyle/