Ok.. so it seems like Ive gotten a RAT.. and thats a virus that uses ur pc to do some stuff, in this case it removes my steam and my msn, my brother and me cant take it any longer so ive made this thread.. I googled some answers and all I found was Windows Defender and that needs a REAL windows XP thingy.. and mine isnt so i cant download that.. if u got any ideas plz tell me cuz soon im gona take a hammer and smash my pc..


FIXED!!!!!!!!!

What is the exact name of the virus you have?

You'd be better off asking for support on a tech-support forum, rather than a runescape cheating community...

NOD32, Hitman Pro and Format C:, and you're ready to go :D

i used to go to a hacker's forum.... don't ask why.... but the site got hacked... go figure... but anyway to the point... im pretty sure you have to find the RAT exe file... but you cant delete it so you have to put it in a new folder and then delete it... but to do this you would need to know the name of the file and search it on your computer... BTW ask any of your friends or family if they put it on your computer as a prank... which is very common...

No.. me and my biggest brother are the best ''programmers'' in my family so no, and if someone has put it in as a prank they just fuck up a pc cuz they dont know anything :D and we have about umh... about 100 million files.. mostly for games and shit and about 350000 from my brothers folder that is filled with crapy music.. so itll be hard to find it, but im sure its a RAT cuz when i read some info about it a text said what a RAT could do and one thing was:


Hitta dina filer och visa, kopiera, ändra eller ta bort dem. Fjärråtkomst-trojanerna kan vara programmerade så att det här utförs en gång eller varje gång du startar om datorn.

Translated:


Find your files and show,copy,change or delete them.
Remote-trojans may be programmed so when u re-boot ur pc it will delte some files 1 time or all the time

so any ideas?

Edit: Markus, NOD32 SUCKS MY B**LS!, A guy sent me a test of a virus that all virus programs had detected in Jotties scan thingy and then when I got it the pc went crazy and started changing all of my porno sites in favorites :( It was a sad day :(

If i remember right RAT is a visual basic coded "virus". For more info google = visual basic RAT

RAT means "Remote Administration Tool" and can be used in many ways.. (mostly good ways)

but in ur case bad... Deleting RAT can be tricky.. But try to run a simple virus scan should be good enough.

But try to run a simple virus scan should be good enough.

Yeah that.. hardly ever works unless its a crappy virus.

Moved to FAQ. You also might want to consider an online virusscanner?

if you find it its sure to be protected and un deleteable. so youl need to download the free softwere MoveOnBoot. which will delete somthing from the hardrive even if it is protected. =) good luck finding it! and make sure when you search you look in invisible files =)

Onlinescanner? explain and give link if possible

Jukka, Ive done that virus scan, found 89 trojans but not what I wanted :D

http://www.pctools.com/spyware-doctor/?ref=google_trojans&gclid=CN7e4vfogJECFQTslgodiTVhGQ
check her out :D

I think ive found it!

http://img236.imageshack.us/img236/8319/virusic3.png

just to let you know if it wont let you delete it.... you cant put it in a new folder and then delete it or just delete the folder its in right now...

"wups.dll is a Windows Update client proxy stub from Microsoft Corporation belonging to the Microsoft® Windows® Operating System.wups.dll should not be disabled, required for essential applications to work properly."

you might want to make sure you know what you're doing before you go delete it

"wups.dll is a Windows Update client proxy stub from Microsoft Corporation belonging to the Microsoft® Windows® Operating System.wups.dll should not be disabled, required for essential applications to work properly."

you might want to make sure you know what you're doing before you go delete it

Yea but the date is suspicious.


If at all possible, backup files (no .exe), format, and reinstall. I know it sounds like a pain in the ass, but it is often quicker than removing malware, and is 100% guaranteed.

Wut? explain

Edit: Just woke up, and it seems like the RAT deletes my Spyware Terminator.. so I have to re-install all the time.. im afraid of re-booting :(

If i remember right RAT is a visual basic coded "virus". For more info google = visual basic RAT

RAT means "Remote Administration Tool" and can be used in many ways.. (mostly good ways)

but in ur case bad... Deleting RAT can be tricky.. But try to run a simple virus scan should be good enough.

Like bkof?


But also, even you'd find the exe it can do the "Could not delete file IRVIRUS.EXE - processs might be in use of another process"...

Though thats when you create a bat that has



@ECHO OFF
Color a
ECHO HAXXXING FILE _
DEL C:\FileDir\FileDir2\Filedirbla\IRBIGBADRAT.exe K
CALL TheFileOfThisBat



Hehhehhe - DIE IE DIE!

Wut? explain

Backup your stuff and reinstall windows.

NOOOOOO!!!!! and i think ive found it..
its something called VIR and its locked, maybe the RAT?

http://img301.imageshack.us/img301/5356/virwh1.png

unless you have a program called steam since you found that in the program files... and it would be kinda stupid to hide a trojan/keylogger/RAT/any other virus in the program files... dont you think?... unless its encripted... or someone tried to download a program called steam and turned out to be a virus

To be honest it was most likely injected into a windows component when it was installed meaning that it is very hard to remove. Your best bet is backup everything and reinstall windows

Lol, you guys don't know what Steam is?

here (steampowered.com)


And umm, no, I don't think the virus has gone to your Steam folder :p

If you don't have a shitload of mods and plugins, you don't need to backup your steam, just re-install it.. It knows what games you have when you login, though you need to re-install the games, but, back on the point, no need to backup steam.

I reinstalled my windows like a week ago from a ''virus'' sp0rk-eh made.. and I think I know how I got this RAT, theres a guy called Jussi, he was selling a RS autofighter made by VB when i bought I used it, then i stoped using it so then i asked him to help me with VB.. he did and recently (about when he sent stuff) the pc got fucked up.. can it be him? cuz RAT is a VB made virus...

Edit: Umh.. I dont know what a Drop.Agent is but my pc is crawling with them.. i get a Detection! window like every sec from my anti-virus..

I reinstalled my windows like a week ago from a ''virus'' sp0rk-eh made.. and I think I know how I got this RAT, theres a guy called Jussi, he was selling a RS autofighter made by VB when i bought I used it, then i stoped using it so then i asked him to help me with VB.. he did and recently (about when he sent stuff) the pc got fucked up.. can it be him? cuz RAT is a VB made virus...

Edit: Umh.. I dont know what a Drop.Agent is but my pc is crawling with them.. i get a Detection! window like every sec from my anti-virus..

If you weren't trying leach things off sp0rk-eh.com you wouldn't of had a problem from sp0rk. and if you reinstalled windows that recently and you already have all this stuff you NEED how long woud it take to get it all again? You got all that stuff in a week do it again. FORMAT FTW. What did sp0rk's virus do to people?

cuz RAT is a VB made virus...

I was under the impression that RAT stood for Remote Administration Tool, a collective name for any application that lets you remotely control a computer and so could be written in any language, not just VB

I guess so.. but rick, his ''virus'' made ur pc to 98.. disabled ur task manager (thats why i wanted to reinstall) and turned ur startpage to porno, wich i think he watches 24/7 :p and delets msn, THATS why my brother wanted to reinstall (msn=hes life) yes.. pretty pathectic :D wrong spelling http://sp0rk-eh.com/forum/images/smilies/xdot.gif

Have you tried system restore to a time before you got the virus?

now u confuse me, but it sounds like a good thing.. plz explain (offtopic) tryin to crack a RS millions guide.. (offtopic)

Ok.. 2 mins ago my brother (pc store owner :p) fixed the RAT problem.. I dont know how but he used AVG.. so use AVG.. :D

check if it deleted the .com in system32. this type of virus will stuff your computer up really so you need to download, google (HiJackThis) it will get rid of it.

people do talk about hijackthis.. ty