A question about RAT viruses

Learn about Computer Security Virus/Malware Removal Assistance
1

I may have been having possible troubles with a RAT virus. I decided to get Comodo Firewall and disable all incoming connections. This question may sound extremely stupid, but, would blocking all incoming connections render the RAT useless? I am VERY paranoid about viruses and I just want to make sure.

2

If you are going to use a global BLOCK ALL rule, you will need to ensure that you are not also killing your local network connections.

One good method is to make a network zone that defines your local network. After defining this zone, make a global BLOCK ALL rule, but use the exclude option and nominate the zone that defines your local LAN.

Doing it this way, CIS will BLOCK all, except your local connections.

Hope this helps,
Ewen :slight_smile:

3

I just went to the firewall settings and clicked Block all incoming connections.

4

Have you tested whether you can still access any other local network connections you may have (NAS, network/wifi printers, etc.)?

5

No, I havnt gotten on my laptop since I saw the signs of the RAT, and I’m not getting back on it until I know for sure that the RAT cannot do anything… Thats really all I want to know, I can do that other stuff later :stuck_out_tongue:

6
This question may sound extremely stupid
Its not, its called learning :-TU
would blocking all incoming connections render the RAT useless?
Knowing that most RAT's have keyloggers and while I would also be worried about incoming connections, I'd (just my opinion) would be more worried about outgoing connections. With the exception of the RAT's spreading capability, m ost of its purpose would be pointless if it can report back to its master

On a different computer
download CRD
description

COMODO Rescue Disk (CRD) is a bootable disk image with COMODO Cleaning Essentials (CCE) for Linux embedded. CCE for Linux is a powerful virus, spyware, rootkit scanner and cleaner which works in both GUI and text mode. CRD works more efficient than CCE for Windows because it cleans your system before Windows operating system is loaded.
https://forums.comodo.com/comodo-rescue-disk-crd/comodo-rescue-disk-crd-v202752391-released-t94106.0.html Its a very very slow but through scan

If you dont have anything to burn it to a cd or dvd ( would recommend burnaware)

and to double check and get a second opinion
Get Kaspersky Rescue Disk 10 (It’s a bootdisk)
The instructions there are very good and simple

Then follow this link below when done
http://www.techsupportalert.com/content/how-know-if-your-computer-infected.htm