NetSlayer(RAT)

Hello Everyone: I may not be at the right place here, but here goes. I have the NetSlayer(RAT) on my pc and I cannot get rid of it. Can anyone tell me how to find out what program is launching this and how to permanently get rid of it? I am Using windowsXP, with Spyware Blaster, Outpost firewall, and a pretty good antivirus (always updated) Now I do have FlashGet and I kow that has Cydoor (I got rid of that) and I do have VCatch (I know associated with some spyware which I deleted, and I dont think this NetSlayer is from them! any idea's on how to fined out what service is putting this on my pc? Thanks, Tom

 

Hi Tom

A Link to manual removal. You might want to try Ad-Aware and Spybot, both free.

Regards

 

As well as above, I would suggest following the instructions found in post number 2 here

Let us know how you go...

Cheers

 

Ok Guys, I ran spybot, hijack this, and my antivirus, and none of them are picking it up. The only thing picking this up is my Yahoo Companion AntiSpy toolbar. Every time I have the program remove it, it comes back again! I cannot even find it in the registry. What do you think?

 

Hi tomteeth,

You can also try TDS-3, which has a 30-day free trial.

Before you open and run the program you must bring it up-todate. Download the latest radius database file from here: Radius td3 update. Right-click on the link shown on the updates page, and choose "Save target as" and save it to your TDS install directory (say "yes" to overwriting the one that is there). Reboot your computer after installing.

Then open TDS and press the "Scan Control" and tick all the boxes in the bottom part of the window. Press "Save configuration" and then close the window by pressing the red x in the top right corner. Now select "System Testing" and choose the 'Full system Scan" and scan your local drives.

Once the scan is finished, TDS3 will display what it finds in the lower screen. It will show "Positive Identification" or "Suspicious File". Right-click on anything found as "Positive Identification" and choose Delete. For the "Suspicious" files, right-click on those and choose "Save to Text". Since most suspicious files are harmless, we would want to see the scandump.txt for them before deciding what to do with them. Go to the TDS-3 folder (usually C:\Program Files\TDS3) and find the scandump.txt file. Open it and copy & paste the contents here in your next reply.

Please disable your antivirus before running TDS3 so it will not interfere with the scan.

Regards,

snap

 

I will agree with snapdragin, A friend of mine had several (rat) pieces of malware on his comp and the trial version of TDS3 removed them all.

bigc

 

Ok, I tried Ewido, and it did not find it. So maybe I will try Snapdragin's way, but it looks complicated?

 

I was wrong, Ewido did find One spyware, I accidentally removed it by mistake before reading the whole app. it must have been the NetSlayer that it removed, because I just ran the Yahoo companion AntiSpy and it was gone. I will see if it comes back again by tomorrow when I turn on the pc again, thats the first thing I will check. If you dont hear from me, then Ewido, did it. Thank you all for your help, Tom

 

Hi tomteeth,

It may well be that Ewido caught it and removed it. I've not used Ewido myself as I use both TDS-3 and TrojanHunter (which also has a 30-day free trial.)

TDS-3 really is not complicated to use, I just like to put more information there on the first few steps so the person will be sure and use the most recent database.

Hope Ewido did catch the trojan for you. Please let us know what the results are when you turn your computer back on again.

Regards,

snap

 

Everyone Everyone calm down! their are many programs that can remove these.
but it's simple if you have a bad virus or some thing. first of all you guys are talking about this rat which is a (remote administation tool), you can get expesive programs to get rid of these things,but i say do it free, you guys are just finding nibbled off wood and putting out the posion for a rat that can just be shot in the head with a shot gun, re load your whole system,> regular guy:But I have all my pictures saved and word docs ill lose all of those.me>save them to a cd by burning them.regular guy>But i dont have a cd burner.me>Buy one if you really wunt to be perfectly virus, rat free,,, connect it to a USB port(the cd/rw drive) that you buy and get blank disk.regular guy>but im too lazy to go out and get a seperate drive and buy blank cd's.me>then live with the annoying virus or RAT your whole damn life;which will suck.regular guy>fine.
***********************************************************
once you do that and burn all your infromation>>>>>>>you must have or look for>>>>>>>>System recovery disk of some sort<any disk that came with iit> that came with your computer>>>>>now is the tricky [part]>
*turn of your computer>> turn it back on and hurry put in the disk(system recovery disk)
*follow the instructions on the screen.
dont worry if it comes to a dision that might delete stuff on your comp you got all your info on disk.

make wise choses>>>>>>>>>>READ CAREFULLY<<<<<<<<<<<<<<<<<<<<

%^&*if nothing happens when you put in the disk and you computer just normaly turns on>>>than turn it off again and on put in the disk quick and continuously press >ctrl+alt+delete until a screen comes up.
<follow instrucions on screen>

remember your doing all these instructions right when the comp turns on and is loading.

if you get it all done or when you get it done. you have a brand new computer like it came strait from the factory just like you bought it brand new virus trojon rat free><,,once you get here all your info that you burned on disk load on your comp and it's good as new.

there somthing i forgot to say hmmmmmm.
email if problems come up.

help or probelms email at: ~snip~ @yahoo.com - email removed to prevent it being harveted - snap

 

you guys are just finding nibbled off wood and putting out the posion for a rat that can just be shot in the head with a shot gun

A prime example of why guests shouldn't be allowed to post. (WOW)

Reformatting a PC everytime you get a trojan is like cutting off your head to cure a headache ... And any system restore disk only has drivers for the original hardware that came with that PC ... and takes away all Windows Updates and you lose all your files.

Using that mentality why run a firewall or AV at all? ... A virus that may destroy your computer is no worse than what your doing by constantly reformatting ... not too mention decreasing the life of your hard drive.

 

S!x: Your right, I did not have the heart to say it!

 

Midrosoft

http://www.microsoft.com/

download

http://www.microsoft.com/downloads/search.aspx?displaylang=en

Window Anti Spyware (Beta) free and free updates for 6 months.

http://www.microsoft.com/downloads/...a2-6a57-4c57-a8bd-dbf62eda9671&displaylang=en

Worked for me. ~snipped email to prevent it's being harvested - snap~

 

Explains the details of manual removal.

http://www.pestpatrol.com/PestInfo/n/netslayer.asp

 

None of this works, Microsoft antispyware picks it up everytime no matter what you do.

Somewhere there is a trigger reinstalling it.

 

Bullroarer, I agree with you, there is a trigger somewhere, but who knows where?

 

well gollie!!!!!!!!!

some of us don't have any important pictures or files on our computers. All we do in our free time is try help the world by comming to forums like this LOL
SO reformating was no problem till Feb 28th. Then is became just a tiny bit more
cumbersome.

Like the guy said, save your stuff to CD or another drive.
and um so what if you don't have all the updates when you reformat.
If you are like me you ordered the FREE SP2 CD.
The only other thing you need to make sure of is that you DO have all the drivers you need saved on a CD or floppy hehe is you have one.

I aggree that we shouldn't have to depend on a million different apps
trying to defend us against all the nasties these days but the fact is we do & program makers the fact.

I used to preach using imaging software such as drive image or ghost and that is fine too. Using a program such as deep freeze is another way.

Don't get me wrong, I am a software junkie just like the rest of you are.
We get bored easly. That is why i reformat mostly. AHHHH BETA'S

Anyway I just didn't like the fact someone would compare another to a moran for posting and preaching FORMAT !!!

I know for a fact that some od the people that have posted here and are even mods, never learned how to reformat their computers. It is almost like being affraid of the dark LOL
And so in closing, I commend anyone that knows how.

Bruce