RAT RACE

Discussion in 'malware problems & news' started by masterwriter, Feb 7, 2005.

Thread Status:
Not open for further replies.
  1. masterwriter

    masterwriter Guest

    I have had NetSlayer on my PC. How can I find out who put it there, when and if any info was transmitted. How come it got by Firewall and how do RATS get out thru Firewalls.

    Many thanks
     
  2. Sweetie(*)(*)

    Sweetie(*)(*) Registered Member

    Joined:
    Aug 10, 2004
    Posts:
    419
    Location:
    Venus
    Hi,

    What Firewall do you use? , the Windows firewall only protects from incomming threats.

    Trojans like this use various methods for connecting to their hosts, IRC is probably the most popular, also accessing websites to download further Malware.

    It is unlightly that you were targeted directly, it probably came from E-Mail, IRC chat, or P2P program/s.

    The information sent back to the host could have been nothing or everything, there is no easy way to tell.

    To protect yourself in future keep Windows uptodate, Have good Anti Virus and Anti Spyware programs and Firewall, If you visit crack sites or use P2P you place yourself at much greater risk, a registry and process gaurd program would be worth getting.
     
  3. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    If the .exe is present checking the properties may indicate when it showed up on your PC. As for what was transmitted, as was mentioned there is no way of telling, so act accordingly and change all passwords and whatever other steps may be necessary depending on the information stored on your PC. Using a packet sniffer while it was active would be the only way to see what was being sent and to where.

    The purpose of firewalls is to provide control over what network traffic is permitted and for ones with application control, which applications can access the network. The RAT was likely downloaded (e-mail attachment) and executed by a user of your PC. A firewall is not going to prevent this, nor is that it's purpose. It may, however, alert the user when the RAT attempts to establish a network connection if it has application control, but at that point you are already compromised. Practicing safe hex, using an AV/AT to scan all downloads will go a long way to preventing this type of infection.

    Regards,

    CrazyM
     
  4. kareldjag

    kareldjag Registered Member

    Joined:
    Nov 13, 2004
    Posts:
    622
    Location:
    PARIS AND ITS SUBURBS
    Hi,

    You don't give a lot of exactnesses, so it's difficult to give the right answer.
    But the latest answers are already full of informations.

    ***to find how and when: analyze all your possible logs (Windows events, connections...),

    ***Make a little audit of your system locally and online in order to find any vulnerability or security hole.

    ***to find how a RAT could be placed behind a firewall:

    . *take a look at this Windowsecurity link about hidden malwares:

    https://www.wilderssecurity.com/showthread.php?p=350301#post350301

    . *There's also a famous article by Van Hauser which explains How a backdoor could be placed behind a firewall.

    For too much respect for the policy of this forum, i don't give the direct link.
    Therefore, with Mister Google, search"placing backdoors through firewalls on windowssecurity.com".

    Regards
     
  5. masterwriter

    masterwriter Guest

    I have win xp home and ZoneAlarm and an array of anti spy progs. The infection is now gone as MS Anti spyware found and deleted it. No one else uses my PC. I do not open attachments unless they are from a trusted source. I don't use IRC chat or P2P. i don't vist crack sites -crack sites? -Neither do i download progs with malware to my knowledge,. I always check progs before downloading and am always up to date with AV and Anti Spy defs
    Thanks for all replies and links. If there is any further info I would appreciate it
    Sorry if iposted this twice forgot username and not sure if it will post without
     
  6. masterwriter

    masterwriter Guest

    One more thing the PC is very slow when i connect to internet first now would that be an ET phoning home or could it be just lack of RAM I have 128 MB XP HOME 1.6 gigahertz celeron . It seem to speed up when the outlook email is downloaded and I think RAM might be catching up. Netslayer is gone but iam worried in case there is somethins else, but as i say it speeds up whwn email is downloaded Could it be too much strain on CPU at start. It is even slow offline sometimes when there is a lot of progs open
    Thanks
     
  7. Sweetie(*)(*)

    Sweetie(*)(*) Registered Member

    Joined:
    Aug 10, 2004
    Posts:
    419
    Location:
    Venus
    Hi, if you have the time follow the instructions HERE

    Or start from scratch, A complete format will give you A fresh platform to start with, increasing speed and reliability, if your PC is quite old and has never been reformated you'll defenitly benifit. I've written A basic guide HERE
     
  8. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    As Sweetie(*)(*) has pointed out, a simple way to pretty well confirm your system is clean is to run through the comprehensive steps found in General Cleaning.

    128MB of RAM is really not enough for XP, you will find it slow, 256 in reality is a starting point for XP, though I have seen in running (if you could call it that) on 64MB, it was like watching grass grow ;) :D

    Hope this helps...

    Cheers :D
     
  9. masterwriter

    masterwriter Guest

    OK folks, many thanks for all your replies and links. BlackSpear thanks for the tip re RAM
     
Loading...
Thread Status:
Not open for further replies.