Sign in with
Sign up | Sign in
Your question
Solved

help getting rid of r.a.t.

Tags:
  • Command Prompt
  • Windows 7
Last response: in Windows 7
Share
June 29, 2014 10:52:24 PM

So I downloaded a bogus file earlier and was suspicious it might be a rat. About an hour later a command prompt popped up asking something like "do you want to allow this program to make changes" and the program was Microsoft Windows. I clicked no and immediately shut the pc down. I think I was quick enough to stop the hacker from succeeding. I booted back up in safe mode and did a system restore from a week ago. Do you think that was enough to fix the problem? I really don't want to start from scratch.

More about : rid

Best solution

a b $ Windows 7
June 29, 2014 10:58:27 PM

Hi LoganP2
i would suggest doing a virus scan
and also downloading and running malwarebytes
https://www.malwarebytes.org/lp/lp4/01/?gclid=COvFp8H1o...
EDIT: system restore will not always work , some virus's embed themselves within system restore and with a restore you can still have a virus
Share
June 29, 2014 11:06:02 PM

Thanks Micky. Is the free version sufficient enough?
m
0
l
Related resources
a b $ Windows 7
June 29, 2014 11:09:51 PM

yes m8 , run it and let me know how you get on
m
1
l
June 29, 2014 11:25:07 PM

mickypheonix said:
yes m8 , run it and let me know how you get on


might take a while but so far found pup.optional.delta.a
m
0
l
June 29, 2014 11:34:44 PM

mickypheonix said:
yes m8 , run it and let me know how you get on


Scan done here is the results:

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 248503
Time Elapsed: 11 min, 22 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 3
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, , [1039a25d106a082e36cd8fe57b878b75],
PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, , [1039a25d106a082e36cd8fe57b878b75],
PUP.Optional.Babylon.A, HKU\S-1-5-21-2973394227-3445379842-2605856872-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BABSOLUTION\Updater, , [26236798aad080b66d45b2f9dd268878],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 9
PUP.Optional.Delta.A, C:\ProgramData\DSearchLink\DSearchLink.exe, , [ca7f09f6ec8e9a9cdfe46da6e321d52b],
PUP.Optional.Conduit.A, C:\Users\Jon\AppData\Local\Temp\SPSetup.exe, , [93b65ea19bdf68ce56ea27397b86946c],
PUP.Optional.SearchProtect.A, C:\Users\Jon\AppData\Local\Temp\nss5272.exe, , [bf8a6897b3c7d75fa9abe883d92801ff],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nshA595.exe, , [95b43cc3a7d3dc5ae470df8c7c85ce32],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsmE16D.exe, , [6edbf00f601ad85e084c0c5f22dfa65a],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsoFFDC.exe, , [5aef12ed0f6b181e4c087fec7e83e719],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsr9DE7.exe, , [6adf48b71e5c191d87cd02691ee314ec],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nssF4BF.exe, , [96b34cb37ffbb97d2f25402b7f82d12f],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nstF86.exe, , [d47553ac2b4fdd593f158cdf659ced13],

Physical Sectors: 0
(No malicious items detected)
m
0
l
June 29, 2014 11:34:45 PM

mickypheonix said:
yes m8 , run it and let me know how you get on


Scan done here is the results:

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 248503
Time Elapsed: 11 min, 22 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 3
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, , [1039a25d106a082e36cd8fe57b878b75],
PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, , [1039a25d106a082e36cd8fe57b878b75],
PUP.Optional.Babylon.A, HKU\S-1-5-21-2973394227-3445379842-2605856872-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BABSOLUTION\Updater, , [26236798aad080b66d45b2f9dd268878],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 9
PUP.Optional.Delta.A, C:\ProgramData\DSearchLink\DSearchLink.exe, , [ca7f09f6ec8e9a9cdfe46da6e321d52b],
PUP.Optional.Conduit.A, C:\Users\Jon\AppData\Local\Temp\SPSetup.exe, , [93b65ea19bdf68ce56ea27397b86946c],
PUP.Optional.SearchProtect.A, C:\Users\Jon\AppData\Local\Temp\nss5272.exe, , [bf8a6897b3c7d75fa9abe883d92801ff],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nshA595.exe, , [95b43cc3a7d3dc5ae470df8c7c85ce32],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsmE16D.exe, , [6edbf00f601ad85e084c0c5f22dfa65a],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsoFFDC.exe, , [5aef12ed0f6b181e4c087fec7e83e719],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsr9DE7.exe, , [6adf48b71e5c191d87cd02691ee314ec],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nssF4BF.exe, , [96b34cb37ffbb97d2f25402b7f82d12f],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nstF86.exe, , [d47553ac2b4fdd593f158cdf659ced13],

Physical Sectors: 0
(No malicious items detected)
m
0
l
a b $ Windows 7
June 29, 2014 11:38:32 PM

looks good , remove the 9 files
m
1
l
June 29, 2014 11:41:26 PM

mickypheonix said:
yes m8 , run it and let me know how you get on


Scan done here is the results:

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 248503
Time Elapsed: 11 min, 22 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 3
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, , [1039a25d106a082e36cd8fe57b878b75],
PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, , [1039a25d106a082e36cd8fe57b878b75],
PUP.Optional.Babylon.A, HKU\S-1-5-21-2973394227-3445379842-2605856872-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BABSOLUTION\Updater, , [26236798aad080b66d45b2f9dd268878],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 9
PUP.Optional.Delta.A, C:\ProgramData\DSearchLink\DSearchLink.exe, , [ca7f09f6ec8e9a9cdfe46da6e321d52b],
PUP.Optional.Conduit.A, C:\Users\Jon\AppData\Local\Temp\SPSetup.exe, , [93b65ea19bdf68ce56ea27397b86946c],
PUP.Optional.SearchProtect.A, C:\Users\Jon\AppData\Local\Temp\nss5272.exe, , [bf8a6897b3c7d75fa9abe883d92801ff],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nshA595.exe, , [95b43cc3a7d3dc5ae470df8c7c85ce32],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsmE16D.exe, , [6edbf00f601ad85e084c0c5f22dfa65a],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsoFFDC.exe, , [5aef12ed0f6b181e4c087fec7e83e719],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsr9DE7.exe, , [6adf48b71e5c191d87cd02691ee314ec],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nssF4BF.exe, , [96b34cb37ffbb97d2f25402b7f82d12f],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nstF86.exe, , [d47553ac2b4fdd593f158cdf659ced13],

Physical Sectors: 0
(No malicious items detected)
m
0
l
June 29, 2014 11:45:44 PM

do any of those look like a rat?
m
0
l
a b $ Windows 7
June 29, 2014 11:48:09 PM

babylon is a massive pain and should be removed and delta a browser hijacker
m
1
l
June 29, 2014 11:48:52 PM

Done. Just hoping that got rid of them.
m
0
l
a b $ Windows 7
June 29, 2014 11:50:11 PM

you should be ok , run it again at another time
what antivirus are you running ?
m
1
l
June 29, 2014 11:51:06 PM

AVG free failed to detect
m
0
l
a b $ Windows 7
June 29, 2014 11:54:57 PM

avg free is fine , i use it and highly recommend it , it does not always detect malware though so use malwarebytes now and again and you should be fine , another thing i use is zone alarms free firewall , everytime something wants to access the net or come in it throws up a window asking permission , it is one of the best free firewalls i have used
http://www.zonealarm.com/security/en-us/free-firewall-a...
m
1
l
June 29, 2014 11:57:14 PM

great thanks for the help
m
0
l
a b $ Windows 7
June 29, 2014 11:58:00 PM

you are most welcome , i hope it all goes well for you , all the best
m
0
l
November 6, 2014 4:05:52 AM

LoganP2 said:
So I downloaded a bogus file earlier and was suspicious it might be a rat. About an hour later a command prompt popped up asking something like "do you want to allow this program to make changes" and the program was Microsoft Windows. I clicked no and immediately shut the pc down. I think I was quick enough to stop the hacker from succeeding. I booted back up in safe mode and did a system restore from a week ago. Do you think that was enough to fix the problem? I really don't want to start from scratch.


I was also facing same kind of issue (
21 Ways To Save Deals and Specials) few days back. I have tried my best to remove threat from PC but i got failed, then after several searches on the internet i have found this help:-
http://www.removepcadware.com/uninstall-21-ways-to-save...
you can also try this. Good Luck!!!
m
0
l
!