Solved

help getting rid of r.a.t.

So I downloaded a bogus file earlier and was suspicious it might be a rat. About an hour later a command prompt popped up asking something like "do you want to allow this program to make changes" and the program was Microsoft Windows. I clicked no and immediately shut the pc down. I think I was quick enough to stop the hacker from succeeding. I booted back up in safe mode and did a system restore from a week ago. Do you think that was enough to fix the problem? I really don't want to start from scratch.
17 answers Last reply Best Answer
More about rid
  1. Best answer
    Hi LoganP2
    i would suggest doing a virus scan
    and also downloading and running malwarebytes
    https://www.malwarebytes.org/lp/lp4/01/?gclid=COvFp8H1oL8CFdOCvQodhLMA6g
    EDIT: system restore will not always work , some virus's embed themselves within system restore and with a restore you can still have a virus
  2. Thanks Micky. Is the free version sufficient enough?
  3. yes m8 , run it and let me know how you get on
  4. mickypheonix said:
    yes m8 , run it and let me know how you get on


    might take a while but so far found pup.optional.delta.a
  5. mickypheonix said:
    yes m8 , run it and let me know how you get on


    Scan done here is the results:

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 248503
    Time Elapsed: 11 min, 22 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 3
    PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, , [1039a25d106a082e36cd8fe57b878b75],
    PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, , [1039a25d106a082e36cd8fe57b878b75],
    PUP.Optional.Babylon.A, HKU\S-1-5-21-2973394227-3445379842-2605856872-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BABSOLUTION\Updater, , [26236798aad080b66d45b2f9dd268878],

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 9
    PUP.Optional.Delta.A, C:\ProgramData\DSearchLink\DSearchLink.exe, , [ca7f09f6ec8e9a9cdfe46da6e321d52b],
    PUP.Optional.Conduit.A, C:\Users\Jon\AppData\Local\Temp\SPSetup.exe, , [93b65ea19bdf68ce56ea27397b86946c],
    PUP.Optional.SearchProtect.A, C:\Users\Jon\AppData\Local\Temp\nss5272.exe, , [bf8a6897b3c7d75fa9abe883d92801ff],
    PUP.Optional.SearchProtect.A, C:\Windows\Temp\nshA595.exe, , [95b43cc3a7d3dc5ae470df8c7c85ce32],
    PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsmE16D.exe, , [6edbf00f601ad85e084c0c5f22dfa65a],
    PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsoFFDC.exe, , [5aef12ed0f6b181e4c087fec7e83e719],
    PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsr9DE7.exe, , [6adf48b71e5c191d87cd02691ee314ec],
    PUP.Optional.SearchProtect.A, C:\Windows\Temp\nssF4BF.exe, , [96b34cb37ffbb97d2f25402b7f82d12f],
    PUP.Optional.SearchProtect.A, C:\Windows\Temp\nstF86.exe, , [d47553ac2b4fdd593f158cdf659ced13],

    Physical Sectors: 0
    (No malicious items detected)
  6. mickypheonix said:
    yes m8 , run it and let me know how you get on


    Scan done here is the results:

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 248503
    Time Elapsed: 11 min, 22 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 3
    PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, , [1039a25d106a082e36cd8fe57b878b75],
    PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, , [1039a25d106a082e36cd8fe57b878b75],
    PUP.Optional.Babylon.A, HKU\S-1-5-21-2973394227-3445379842-2605856872-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BABSOLUTION\Updater, , [26236798aad080b66d45b2f9dd268878],

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 9
    PUP.Optional.Delta.A, C:\ProgramData\DSearchLink\DSearchLink.exe, , [ca7f09f6ec8e9a9cdfe46da6e321d52b],
    PUP.Optional.Conduit.A, C:\Users\Jon\AppData\Local\Temp\SPSetup.exe, , [93b65ea19bdf68ce56ea27397b86946c],
    PUP.Optional.SearchProtect.A, C:\Users\Jon\AppData\Local\Temp\nss5272.exe, , [bf8a6897b3c7d75fa9abe883d92801ff],
    PUP.Optional.SearchProtect.A, C:\Windows\Temp\nshA595.exe, , [95b43cc3a7d3dc5ae470df8c7c85ce32],
    PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsmE16D.exe, , [6edbf00f601ad85e084c0c5f22dfa65a],
    PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsoFFDC.exe, , [5aef12ed0f6b181e4c087fec7e83e719],
    PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsr9DE7.exe, , [6adf48b71e5c191d87cd02691ee314ec],
    PUP.Optional.SearchProtect.A, C:\Windows\Temp\nssF4BF.exe, , [96b34cb37ffbb97d2f25402b7f82d12f],
    PUP.Optional.SearchProtect.A, C:\Windows\Temp\nstF86.exe, , [d47553ac2b4fdd593f158cdf659ced13],

    Physical Sectors: 0
    (No malicious items detected)
  7. looks good , remove the 9 files
  8. mickypheonix said:
    yes m8 , run it and let me know how you get on


    Scan done here is the results:

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 248503
    Time Elapsed: 11 min, 22 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 3
    PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, , [1039a25d106a082e36cd8fe57b878b75],
    PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, , [1039a25d106a082e36cd8fe57b878b75],
    PUP.Optional.Babylon.A, HKU\S-1-5-21-2973394227-3445379842-2605856872-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BABSOLUTION\Updater, , [26236798aad080b66d45b2f9dd268878],

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 9
    PUP.Optional.Delta.A, C:\ProgramData\DSearchLink\DSearchLink.exe, , [ca7f09f6ec8e9a9cdfe46da6e321d52b],
    PUP.Optional.Conduit.A, C:\Users\Jon\AppData\Local\Temp\SPSetup.exe, , [93b65ea19bdf68ce56ea27397b86946c],
    PUP.Optional.SearchProtect.A, C:\Users\Jon\AppData\Local\Temp\nss5272.exe, , [bf8a6897b3c7d75fa9abe883d92801ff],
    PUP.Optional.SearchProtect.A, C:\Windows\Temp\nshA595.exe, , [95b43cc3a7d3dc5ae470df8c7c85ce32],
    PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsmE16D.exe, , [6edbf00f601ad85e084c0c5f22dfa65a],
    PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsoFFDC.exe, , [5aef12ed0f6b181e4c087fec7e83e719],
    PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsr9DE7.exe, , [6adf48b71e5c191d87cd02691ee314ec],
    PUP.Optional.SearchProtect.A, C:\Windows\Temp\nssF4BF.exe, , [96b34cb37ffbb97d2f25402b7f82d12f],
    PUP.Optional.SearchProtect.A, C:\Windows\Temp\nstF86.exe, , [d47553ac2b4fdd593f158cdf659ced13],

    Physical Sectors: 0
    (No malicious items detected)
  9. do any of those look like a rat?
  10. babylon is a massive pain and should be removed and delta a browser hijacker
  11. Done. Just hoping that got rid of them.
  12. you should be ok , run it again at another time
    what antivirus are you running ?
  13. AVG free failed to detect
  14. avg free is fine , i use it and highly recommend it , it does not always detect malware though so use malwarebytes now and again and you should be fine , another thing i use is zone alarms free firewall , everytime something wants to access the net or come in it throws up a window asking permission , it is one of the best free firewalls i have used
    http://www.zonealarm.com/security/en-us/free-firewall-and-pro-antivirus.htm?oem=1520&cid=W200123&lid=en-au&source=G:AUS:B004:Firewall&medium=SEM-Upsell&content=G:AUS:B004:A002:Exact:U01:T033&term=zonealarm%20free%20firewall
  15. great thanks for the help
  16. you are most welcome , i hope it all goes well for you , all the best
Ask a new question

Read More

Command Prompt Windows 7