[TUT] How To Identify and Remove the Fully Undetectable Viruses or RATs by All Antiviruses [TUT]

Many people think that if they are using any antivirus program, they are safe. but it is not the case . there are several people creating various viruses which are fully undetectable by all antiviruses. such viruses take months to get caught by av companies.

So i am writhing this tut to Help you guys remove them !

I havent seen anything cover this before (at least not this way of using netstat) and sometimes people want to know if they are infected by a RAT or something. This mini tutorial should help you out a little bit

PART 1 – Preparing Task Manager

Open Task Manager (ctrl+alt+del). Go to the processes column and click View > Select Columns.

10078053.png

Check the top one (PID (Process Identifier))

95940603.png

Now, organize Task Manager by PID. This will make things easier to read for the next step.

25585407.png

PART 2 – Using Netstat to see Established Connections

Courtesy : StuffSneak.wordpress.com

Now you want to go into Start > Run > cmd > “netstat -ano”. It should look similar to the picture below:

81215086.png

Only look for ESTABLISHED connections (it would be established if its a RAT or malicious), read the PID and crosscheck into Task Manager. Notice in my example that the only established connections use the PID 424. Lets take a look at what that is:

As we can see, its Firefox. Now lets say you notice the PID reads something like “svchost.exe”. You should open the file location by right clicking it and pressing Open File Location and either scan it with Virustotal or check to see if in its legit location (if it was in Appdata or Program Files and it is svchost.exe, then you may have a problem).

Hope this helped some of you out and good luck 🙂

Courtesy : StuffSneak.wordpress.com

Advertisements
  1. No trackbacks yet.

You must be logged in to post a comment.
%d bloggers like this: