How to check for viruses and RAT on used computer

Toggle sidebar Toggle sidebar
DarkDubzs

DarkDubzs

Honorable
Jun 10, 2013
635
1
10,990
I bought a used computer for someone as a gift and before I do anything with it, I want to make sure there is absolutely no kind of trojans, keyloggers, spyware, a RAT, or anything malicious. It is running Windows 10. First ill install a couple trusted anti-virus programs and do full scans, but I know they miss some things and usually do not detect RAT's or rootkits. So what can I do, besides fresh installing Windows to check for any of this?

I still have my Windows 8 CD and I was wanting to format it's SSD and fresh install Windows from my disk to be 100% sure it's safe and make it easy, but I believe it only let's you install on one system and I do not know what would happen if it somehow realizes it is running on two systems at the same time.

What are my options and what specific things should I do or check to make sure every bit of data is ok to proceed with?
 
Sort by date Sort by votes
risaccess1

risaccess1

Honorable
Jul 29, 2012
159
0
10,710
The best and easiest way to clean a windows installation is to do a fresh install. Windows installation disks can be used an unlimited number of times on an unlimited number of computers. However, you will need to provide separate product keys for each installation on each machine. There will only be issues with the installation if the activation server sees that two machines are running the same product key. As long as you have two product keys, you are fine.
 
Upvote 0 Downvote
DarkDubzs

DarkDubzs

Honorable
Jun 10, 2013
635
1
10,990
AFAIK, the terms and conditions for a retail copy of Windows 8 was to only install it on one machine, or at least only have the same product key running on one system at any given time. So since I only have one installation disk with one key, this would not allow me from installing Windows on multiple machines with my one disk and single key, right?
 
Upvote 0 Downvote
risaccess1

risaccess1

Honorable
Jul 29, 2012
159
0
10,710



This is true, I guess I misunderstood your question. What I meant was, if you have multiple product keys, you can use the same installation disk to install the operating system on different computers, then activate them all with separate keys. If you only have one key, then it is true that you can only install on one system.

Not to question your judgement or to pry, but is there any particular reason why you are so concerned about viruses inside this system? For example, did the previous owner visit questionable websites, or download weird software, etc?

The only reason I ask is because in all the time I have been working with the windows operating system, I have only encountered really deeply integrated and devastating viruses once when I was repairing an elderly woman's PC, and that was pretty easily removed. It's not an extremely common occurrence to find hardcore malware that wouldn't be detected by several runs of different cleaning software.

Basically, my point would be that I dont think you need to worry too much after running a few antivirus scans. Another piece of software I might recommend you run is called CCleaner, and it can be found here: https://www.piriform.com/ccleaner
 
Upvote 0 Downvote
DarkDubzs

DarkDubzs

Honorable
Jun 10, 2013
635
1
10,990


I just am worried because I always assume the worst and am pretty paranoid haha. The last owner was more tech savvy than average computer illiterate joe, so I worry that he may have done something to benefit off the next owner, like install a keylogger to get their payment or multiple accounts information, or install a RAT to spy on the next owner.

I also wanted more than to rely on an antivirus scanner since rootkits and RATs are notorious for being well hidden and undetectable, at least good ones.
 
Upvote 0 Downvote
risaccess1

risaccess1

Honorable
Jul 29, 2012
159
0
10,710


This is all a fair concern.
Here are more ideas for things you can do:

1. Have a manual look around the file system, using cmd or powershell to look at all files in any directory you like, including hidden files. You obviously know what to look for more than I do.
2. Hook up the computer to another computer thats running Wireshark or similar program to sniff the outgoing packets and see if they're headed anywhere suspicious.

 
Upvote 0 Downvote
DarkDubzs

DarkDubzs

Honorable
Jun 10, 2013
635
1
10,990


Yeah, I enabled hidden folders and files to show and took a look around the directories, like AppData, and it was pretty much normal as far as I could tell after googling some thimgs I felt suspicious about. After that I downloaded Malwarebytes, Malwarebytes Anti-rootkit, Hitman Pro, Rogue Killer, and Wireshark to my main desktop, then copied them over to the computer to install them there and scan with them. Wireshark didn't show anything suspicious before and after connecting to the Internet. I did notice that it was making queries to my desktop PC somehow, I guess devices on the same LAN query each other for some reason, and it was making queries to the past owner, I don't know if it was because it was trying to communicate with a computer that was on the LAN of the previous owner or if it was trying to "phone home" via a virus or RAT or something, but I doubt it since there was no UDP being transmitted at the same time. I then opened up command prompt and ran "ipconfig" to take a look at the settings, then used the "netstat -ano" command to look at the ports and they were all only listening, rather than any having been established, which would be suspect of some activity that a RAT could lead to
 
Upvote 0 Downvote
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom