(adsbygoogle = window.adsbygoogle || []).push({}); I see a lot of People getting RAT'ed and their computers mined without their consent. Does not matter what AV you have unless you exactly know where it is you will not be able to effectively protect yourself.

This is just a advice to all those who think AV's are enough to protect their computers. No! It is not. AV's can be easily bypassed and their heuristics easily confused. It does not matter which AV you have all AV's won't protect your computer at the best levels.

Why?
A thing called Crypters are present in this digital world where they can encrypt the virus making them unreadable, but not undetectable. These crypters encrypt the virus with a special hash and makes the AV unable to find a match in their virus definition database.

What is this virus definition database?
It is a database which has the list of all viruses (their names), and a special hash or a part of the virus (harmless) which is used to match with the files.

Ok back to the point. These viruses are the most dangerous things to enter your computer, sadly the toughest to delete. RAT's and Stealth Miners are currently the things on loose right now.

What are RAT's?
RAT's are Remote Administration Tools. These tools allow your computer to be remotely accessed and controlled. Although they might be useful to Developers and Server Managers they can also be used for harmful purposes.

What are Stealth Miners?
These are special applications which allows the hacker or the one who infected your computer to mine bitcoins for them without your consent.


Sadly the so called Windows is filled with several loopholes in it allowing easy infiltration of viruses.

Microsoft has been poorly coding Windows and Bill Gates is poorly managing the coders. Unlike Linux, an application can gain full access to your computer without your consent. The UAC which was introduced in Vista is poorly coded and can be easily bypassed. DEP - Data Execution Prevention which was a powerful tool thanks to Windows is now is useless feature. I was able to access the System Memory by bypassing DEP Protection.

Ok. Now how to protect against such things.

Detecting those files.
Install Sandboxie and run all untrusted applications in Sandboxie.
It is a secure interface which allows applications to run on your computer and cannot cause any harm to your computer because they aren't actually changing anything in your computer

Now, the scary truth. Sandboxie can be bypassed by a loophole present in its driver which makes Sandboxie actually work.

How to protect yourself then? Keep running Task Manager at all times.
You will be asking how can Task Manager help you protect your computer? Well for the obvious reason I am making this tutorial. So listen up.

Task Manager is designed to show all processes (Applications) running on your computer.

Now go to Task Manager as see if there are any processes using the following Image Name

svchost.exe
conhost.exe
cmd.exe
miner.exe
bitcoin.exe
rat.exe
winlogon.exe
host.exe
boot.exe
module.exe
protect.exe
iexplorer.exe (Check if you have Internet Explorer running)
Or any strange name like 48f983f.exe

Now if you found any of them see if your username is being shown next to it under the User Name Tab.

If yes right click and select Open File Location.

Now see if they are in any of the following locations.

Libraries\Documents
CUsers\(Your Username)\AppData\Roaming
CUsers\(Your Username)\AppData\Roaming\(Some Random Folder)
CUsers\(Your Username)\AppData\Local\Temp
CProgram Files (x86)\(Some Random Folder)\ (x64 bit users only)
CProgram Files\(Some Random Folder)\

If you found the file in the last 2 folders

Open Control Panel. Select Uninstall a Program.

Check if the program is installed to the list of applications displayed.
If No, then give yourself a Pat on your back. We got some cleaning to do.

For those who found the file in the first 3 detection locations then continue reading this article.

How to Clean Malicious Files
Things you will need.

1. IObit Unlocker.
2. A Brain
3. CCleaner

The Method (Normal Mode)
1. Install IOBit Unlocker
2. Click on the file the one you found out. (Right Click and Click on IOBit Unlocker)
3. Check Force Mode and Click Unlock and Delete option under the DropDown Button (Unlock)
4. Now if the file is created again the file must be having a shadow copy. You will need to boot into Safe Mode.
5. If the file is deleted just delete the remaining files in that folder.
6. Hold the Start Button (Windows Button) and Click R.
7. The run prompt will open. Type "Msconfig". Under Startup uncheck the file name you just now deleted.
8. Now run CCleaner and clean up your computer. The registry errors at the most will be fixed. If you have a good antivirus it should silently fix your registry. (BitDefender,Kaspersky,Norton are some of those which have such feature)


The Method (In Safe Mode With Networking)
If you can't delete the file and are in safe mode with Networking then you will need to download the following files.

1. Malware Bytes.
2. CCleaner
3. A Brain

1. Install Malware Bytes and cleanup your computer.
2. Run CCleaner and cleanup your computer.
3. Hold the Start Button (Windows Button) and Click R.
4. The run prompt will open. Type "Msconfig". Under Startup uncheck the file name you just now deleted.
5. Restart the computer and run a AV scan.

If this guide helped you then . Change your AV and try to be more cautious in life when downloading any file.

Read more at You must login or register to view this content.

Nice tutorial, just thought i'd point out some things.

1. UAC cannot be 'easily bypassed'.
2. Not all crypters provide a DEP bypass.
3. Bill gates does not oversee Microsoft's programmers any longer since he stepped down from the company a few years ago.
4. RATS and other malware ARE available for Linux and OSX.
5. While in sandboxie, RATS and other Malware are still able to keylog you, steal your passwords, view your webcam/desktop, etc.
6. Task Manager can be disabled.
7. Userkits/Rootkits are able to hide processes from the Task Manager.
8. Startup entries can be hidden from MSConfig
9. If the RAT or malware is crypted and FUD then malwarebyes is not going to do you much good as with other AV'ss, it will be unable to detect the file as a virus.

Other than that great tutorial

Simply this go to msconfig and remove from startup done

If it is persistent, it will re-add it self after you delete it. Also like I said in my first post, start up entries can be hidden from msconfig.