Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible RAT, some questions


  • Please log in to reply
6 replies to this topic

#1 marsspeaks

marsspeaks

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:04:48 PM

Posted 05 December 2015 - 09:02 PM

Hello, I have a reason to believe I could possibly be infected by a RAT or some other virus by someone I play an online game with. I think it may have been a java drive by or trough skype as an image file. 

 

1. Could working youtube links as in they sent me links to watch a few videos off youtube that actually went to the site and worked give me a RAT from them? Maybe infected my browser? I know this sounds a bit silly so maybe not? 

 

2. They sent me an image file they was downloaded to my computer. It wasn't an .exe file but an actual image could they have hidden a RAT in it somehow?

 

3 Or could they possibly have done something as we connected during the call? IP address?

 

4. I would like to just do a system restore on my computer. Can a RAT attach itself to the files i would like to save. Family photos, videos, game saves, music ont my ext. hd. I just don't want to infect another computer or my computer after I do a system restore.

 

These probably seem like very ignorant questions but I am concerned.



BC AdBot (Login to Remove)

 


#2 Jaycan

Jaycan

  • Members
  • 442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:48 AM

Posted 05 December 2015 - 10:40 PM

Hi and some good advice for a RAT Remote Access Trojan (infected computer )........

 

I don't believe you fully understand the scope of having a RAT:
A backdoor severely compromises system integrity.
A compromised system may allow illicit network connections, disabling of security software, modifying critical system files and collection and transmiission of personal identifiable information without your consent.

 

I recommend that you disconnect this PC from the Internet immediately, and only reconnect to download any tools that are required.

NOTE : If you do any banking or other financial transactions on the PC or it if it contains any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

 

I recommend that you disconnect this PC from the Internet immediately, and only reconnect to download any tools that are required. If you do any banking or other financial transactions on the PC or it if it contains any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the Trojan can be identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. If it were on my PC I would not hesitate for a moment to do so.

 

Please read these for more information :
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

Should you decide not to follow that advice, we will of course do our best to clean the computer of any infections that we can see but, as I already stated, we can in no way guarantee it to be trustworthy.
Should you have any questions, please feel free to ask.
External hard drives, or even large flash drives are very cheap, and you would be able to back up your important data onto there.

 

Let me know what you decide.

 

Personally, I would prefer that you take this to the Experts in the Malware and Virus Removal area.
Read Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help starting from Step 6

 

Post back.once you decide or add a new topic to the Malware and virus forum area ..then we can lock this one to prevent more bad advice being added.

 

Thank you.

 

If you do not choose to treat it like a RAT, then only general infection removal programs can be used in this area...



#3 Jaycan

Jaycan

  • Members
  • 442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:48 AM

Posted 05 December 2015 - 10:59 PM

The following are some problems that you may see ...........

What is a RAT (remote access Trojan)?

A remote access Trojan (RAT) is a malware program that includes a back door for administrative control over the target computer. RATs are usually downloaded invisibly with a user-requested program -- such as a game -- or sent as an email attachment. Once the host system is compromised, the intruder may use it to distribute RATs to other vulnerable computers and establish a botnet.
Because a RAT enables administrative control, it makes it possible for the intruder to do just about anything on the targeted computer, including:

  • Monitoring user behavior through keyloggers or other spyware.
  • Accessing confidential information, such as credit card and social security numbers.
  • Activating a system's webcam and recording video.
  • Taking screenshots.
  • Distributing viruses and other malware.
  • Formatting drives.
  • Deleting, downloading or altering files and file systems.

RATs can be difficult to detect because they usually don't show up in lists of running programs or tasks. The actions they perform can be similar to those of legitimate programs. Furthermore, an intruder will often manage the level of resource use so that a drop in performance doesn't alert the user that something's amiss.

To protect your system from RATs, follow the same procedures you use to prevent other malware infections: Keep antivirus software up to date and refrain from downloading programs or opening attachments that aren't from a trusted source. At the administrative level, it's always a good idea to block unused ports, turn off unused services and monitor outgoing traffic.



#4 marsspeaks

marsspeaks
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:04:48 PM

Posted 06 December 2015 - 12:54 AM

I'm mostly aware of what a RAT can do. I am not 100% on the fact that I have one. The incident that made me think so happened 6 months ago on a laptop that I really have not used much since but would like to get things off of there do a system reformat and use it again. I was thinking that restoring to factory image would get my computer clean so I think I rather go that route. Will saving my files onto my external harddrive infect my external harddrve/computer again if i do have one. I've never been able to find out if a RAT can attach itsself to files I already had computer.

 

 

I have NEVER opened up weird attachments to people I didn't know. But I was never sure if an actual picture file could be used to hide a RAT. As in it I opened it up and there was a picture shown? I guess maybe it doesn't matter how I got infected if I was just as long as I get it clean?



#5 Jaycan

Jaycan

  • Members
  • 442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:48 AM

Posted 06 December 2015 - 02:07 AM

Hi -

What you ask is subject to many possibilities, so I would ask you to follow the details below, as more information is required, and the required logs can not be posted outside that forum.

 

Read Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help starting from Step 6

 

Post back.once you decide, or if you do add a new topic to the Malware and Virus removal forum area.

 

An expert may be able to salvage most (or all) files currently installed.

 

Thank You..



#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,938 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:48 PM

Posted 06 December 2015 - 09:43 AM

...I was never sure if an actual picture file could be used to hide a RAT. As in it I opened it up and there was a picture shown? I guess maybe it doesn't matter how I got infected if I was just as long as I get it clean?

.

There are some cases where pictures can in fact carry viruses, but once again even that is extremely rare. Typically, a virus-carrying picture must be created by someone with malicious intent, so they're not going to infect existing photos. When they first appeared they were placed on websites so that visitors would be infected...The other picture-related vector for virus propagation is a picture that's not a picture...there's nothing that says a ".jpg" file needs to actually contain a picture...Depending on how it's done, and how up to date your system is, it's possible for a virus to masquerade as a picture. If you attempt to view the picture, you get a virus instead.

Can a virus be transmitted in a picture?

 

...digital steganography...Malware authors can employ this technique to conceal malicious code in otherwise normal looking media files like images, without arousing any suspicion...digital steganography means that even everyday images encountered on the web are not above suspicion...

How Digital Steganography Hides Malware

Attackers are resourceful individuals but they typically look for methods that offer a stealthy way to distribute malware to a wide range of Internet users. Image files are not really an effective way to accomplish that goal because in an image format malicious code cannot be easily executed and distributed. While there have been proof-of-concept virus reports of such infections, they are rare and certainly [b]not widespread[b].

What we more commonly see is a disguised malicious executable containing viral code which has been created and renamed .jpg so that it masquerades as a picture. Techniques include hiding the file extension, using fake file extensions or adding double file extensions and/or space(s) in the file's name to hide the real extension as shown here (click Figure 1 to enlarge). The real extension is hidden because the column width is too narrow to reveal the complete name and the tiny dots in between are nearly invisible.


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 marsspeaks

marsspeaks
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:04:48 PM

Posted 06 December 2015 - 05:46 PM

Hi -

What you ask is subject to many possibilities, so I would ask you to follow the details below, as more information is required, and the required logs can not be posted outside that forum.

 

Read Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help starting from Step 6

 

Post back.once you decide, or if you do add a new topic to the Malware and Virus removal forum area.

 

An expert may be able to salvage most (or all) files currently installed.

 

Thank You..

 

Hm..I think to be safe I'd like to see if I even have a RAT. I just don't want to waste someones time because of my paranoia/suspicion. 

 

 

...I was never sure if an actual picture file could be used to hide a RAT. As in it I opened it up and there was a picture shown? I guess maybe it doesn't matter how I got infected if I was just as long as I get it clean?

.

There are some cases where pictures can in fact carry viruses, but once again even that is extremely rare. Typically, a virus-carrying picture must be created by someone with malicious intent, so they're not going to infect existing photos. When they first appeared they were placed on websites so that visitors would be infected...The other picture-related vector for virus propagation is a picture that's not a picture...there's nothing that says a ".jpg" file needs to actually contain a picture...Depending on how it's done, and how up to date your system is, it's possible for a virus to masquerade as a picture. If you attempt to view the picture, you get a virus instead.

Can a virus be transmitted in a picture?

 

...digital steganography...Malware authors can employ this technique to conceal malicious code in otherwise normal looking media files like images, without arousing any suspicion...digital steganography means that even everyday images encountered on the web are not above suspicion...

How Digital Steganography Hides Malware

Attackers are resourceful individuals but they typically look for methods that offer a stealthy way to distribute malware to a wide range of Internet users. Image files are not really an effective way to accomplish that goal because in an image format malicious code cannot be easily executed and distributed. While there have been proof-of-concept virus reports of such infections, they are rare and certainly [b]not widespread[b].

What we more commonly see is a disguised malicious executable containing viral code which has been created and renamed .jpg so that it masquerades as a picture. Techniques include hiding the file extension, using fake file extensions or adding double file extensions and/or space(s) in the file's name to hide the real extension as shown here (click Figure 1 to enlarge). The real extension is hidden because the column width is too narrow to reveal the complete name and the tiny dots in between are nearly invisible.

 

 

So correct me if I'm wrong basically if they hadn't sent me an executable file I should be fine? The image file they sent was an actual image and the chances of them actually doing that could be small? So that means my current files should be safe if it can't attach themselves to existing photos. 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users