Is there a RAT on my computer?
A little under two weeks ago, I downloaded what was supposed to be a job application from a link I got in a craigslist email. My anti virus shut it down because it detected a worm, but it said the worm was removed and no action was required. However, every time I have opened my computer since then, I get a notification that my anti virus blocked an attack from the same IP address. Since then, I tried to use my webcam twice and it said it was already in use, although I didn't have any other programs open. I uninstalled several applications, including one that was installed on the day that I opened the "job application" that I don't remember authorizing. I restarted my computer but the webcam was still in use. This made me uncomfortable so I put a sticker over the camera. After doing this, I tried opening the webcam again and had no issue (the video was blank white because of the sticker but it was working fine). This was yesterday and I have tried using the webcam periodically since then to test it and it works fine now that there is a sticker over it. I ran a scan on my computer with my anti virus and it said there was a problem called "shadesrat" that it found and removed. (This may or may not have anything to do with the issue at hand.) I don't know if the webcam started working because I got rid of something malicious, because I covered the webcam and the RAT has no use for it anymore, or because there was never any problem in the first place. Do you think there could still be something wrong or was there ever? What would you do in this situation?
Shadesrat is a nasty malware so good that it was found and removed when you did the manual scan! Shadesrat can hijack webcams and also record keystrokes, bypass Windows firewall, steel passwords and licensing information etc (depending on which shadesrat type it is) Shadesrat.B description by Symantec
You say that the antivirus blocked the download, but still you found an "unknown" application installed that same day, so maybe everything wasn't blocked. However, you have now removed that application and run a scan that removed the shadesrat, and the previous problems are gone! Good, but I would definitively scan with other products as well if I were you:
More advanced advice:
http://community.f-secure.com/t5/Security/How-to-easily-scan-all-processes/m-p/43659 (scan with 50 AVs)
http://community.f-secure.com/t5/Security/Security-products-that/m-p/36397 (tips for improved layered protection)
Give Kudos to say "thanks". Click "Accept as Solution" to inform others when your issue's been solved
Need more help? Submit a Support Request or chat with or call F-Secure support. Or try the User Guides
To add to what NikK said above, if you have had a RAT on your computer for awhile I would contact your Bank/check your statements for any unusual activity in the last few weeks.
Further, I would change all of your passwords on that computer and possibly think of a complete reformat/reinstall. Better to be safe than sorry in the long term.1 1Like
I suggesting if you can download a free copy of Malwarebytes and do a full scan. (Not a quick scan, but a Full Scan)
Alternatively, you can use a cloud base version Hitman pro. Check to see if your computer is infected.
If you are running a 32 bit version of windows download the 32 bit version. And if you using a 64bit windows, dowload the 64 bit version.
Download a ISO version of Kaspersky Rescue CD or AVIRA Rescue CD. Without affecting your windows. Just download the ISO file and burn it.
And reboot your computer with the burned CD on your DVD drive.
And connect your computer to the internet. Download the latest virus updates and do a full scan.
Download Avira ISO here.
Download Kaspersky ISO here.
Keep those Rescue CD handy. (This is very useful tips!)
-If your problem is solve please click on Kudos!
If you are using a Mac OS X , you can use Intego Virusbarrier free via Apple Apps Store Download.
Or Avast for Mac.
Or Dr Web Light for Mac.
For Mac OS X spyware scan only.
Apple Adware removal guide see here.
If you are located in the United Kingdom.
Be extra carefull.
Some people in the streets are infected with Government virus so called Finfisher.
It infected your iPhones, Mac and Windows!
The latest news is this one.
A general tip.
Use a Avira or Kaspersky Rescue Disk to surf the web. Or better still download a Linux Live Distro. If you intend to use the internet in public places.