First time poster. I have had problem with Remote Access Trojan for 2+ years and it has cost me a fortune in 1) lost revenue for home business 2) purchasing new machine and OS, 3) unsuccessful remote and live tech support.
Seems to be on PC/Macs before they are done setting up. Shows many users in admanced that sound off, e.g. "replicator, remote desktop access, remote *.*
#1: Will describe symptoms in Windows (OS7 & 10, 64 bit) as I know a bit more.
Changes environment settings/shortcuts/name for built-in admin; renders my admin accts standard
#2: locks caches and has NT level security so I cannot delete or clear. Cannot activate Net User to get higher priveleges since admin accounts returned to standard.
#3: Changes attributes on most files so cannot find My Docs. or run .exe programs
#4: Downloads potentially helpful are downloaded as .jpg/.htm files so cannot be run
#5 Few programs that seem to temporarily have success, i.e. Windows System Tweaker shortcut broken and program moved to locked folder.
#6: Most GUIs show what would otherwise be helpful options as "grayed out" so I cannot change
#7 DCOM log shows hundreds of errors as soon as PC gets network
#8 Cannot change ip settings (though I'm currently paying for static ip, settings are different. Most settings in ipconfig and any other network insight show vlanks for DNS settings, Have tried using openDNS but cannot set DNS.
#9 Changed service providers, many routers - all secured- to no avail. Port Forwarding software unable to run, unable to close ports. Only Windows tweaking software seemed to help but after purchasing pro version I watched screen in disbelief as registration name and number text was wiped out by curson that appeared on page and replaced info with, "/////"
#10 Cannot change many remote setings in services.msc first RPC and others were grayed out and unchangeable. Managed to block some remote access only to find services had been changed so that Services showed RPC was as shown as "depended upon " by almost every other service. Certificates have corrupt java script written at end of correct script.
#11: dozens of Svchst.com programs running and most systems svchst programs will shut down PC if I try to end process
#12 No amount of "reset" or "recovery" attempts help as (I believe) MBR, BIOS, Boot programs all corrupted and left untouched during reset.
Thank you to anyone who had the patience and willingness to tead lengthy submission, malware seems far, far too sophisticated to simply siphon off bandwidth but I have not received ranson or seen (yet) any personal ID issues. I do not know how possible but I had no idea that malware could be as adaptable and powerful as this is. Frankly, it's become an obsession and I would be incredibly grateful if an actual, able to be inplemented solution was offered.
Yes, we do have several detection for the RAT malware. However, in your case, if you suspect there is malicious activity ongoing in the computer, please report it to our labs via a SAS ticket. If you have a sample of the suspicious file, please submit it as well. Our labs will be able to provide more feedback on this issue once they check the file or the related log you submit.