Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

RAT


  • Please log in to reply
7 replies to this topic

#1 Knight_Rider

Knight_Rider

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:05 PM

Posted 29 December 2015 - 08:22 AM

How to know that you're ratted or not?



BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,485 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:08:35 AM

Posted 29 December 2015 - 08:28 AM

Hi Knight_Rider :)

Usually you would monitor your network and/or connections using programs like Wireshark, TCPView, netstat, etc. to see if there's any odd connections established by either a process you don't know, or a process that shouldn't be connecting anywhere. What makes you think that you are RAT'd?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 Knight_Rider

Knight_Rider
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:05 PM

Posted 29 December 2015 - 11:46 AM

My account on one site was compromised and the log shows i logged in at some time ( though i didn't ) with my IP , Well no one have access to my laptop but me



#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,485 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:08:35 AM

Posted 29 December 2015 - 12:45 PM

Which website? Is it a website that had a leak or database breach not a long time ago?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 Knight_Rider

Knight_Rider
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:05 PM

Posted 29 December 2015 - 12:55 PM

I'm not really sure that i can write the name of website or not as it would be considered as advertisement ,  No there was no breach of database of any kind.



#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,485 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:08:35 AM

Posted 29 December 2015 - 12:58 PM

You can PM me the website name if you wish. Also, maybe that website opened automatically when you restored a web browser session after a crash or else, which logged the connection?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#7 Knight_Rider

Knight_Rider
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:05 PM

Posted 30 December 2015 - 03:27 AM

Might be possible . but it shows login on different times 



#8 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,485 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:08:35 AM

Posted 30 December 2015 - 08:01 AM

Alright, we'll check what we can here, but if we don't find anything and you want a more in-depth check-up, you'll have to go in the MRL area, is that good with you?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users