How to detect rat on windows

How to detect rat on windows

Hi,

This post is regarding How to detect Remote Administration Tool (RAT) on windows, RAT also stands for remote access trojan.



Antivirus software can able to detect some RAT like this but still, we have many RAT  which are undetected by Antivirus. In that scenario, we need to check it manually.

Steps to detect RAT manually on windows, this is one type of way we can detect.

Step 1: Click on Start menu.

Step 2: Search cmd open it.

Step 3: Type netstat -ano and press Enter.



Step 4: It will display like this and status will be ESTABLISHED. Now, this socket has an established connection. Here we need to find any socket which is different from others and we need to analyze that.



Step 5: I found one socket its PID is 8412



Step 6: Now press Ctrl+Shift+Esc.



Step 7: Now click on Processes.



Step 8: Now go to Select Columns.



Step 9: Check mark PID.



Step 10: Now you can see all PID.



Step 11: Now find 8412 PID in this list. once you confirm this is unknown process.



Step 12: Then end that process. Right click -> End Process -> End Process  then close it.



Step 13: Now that process is closed.



Step 14: Now go to Start menu.



Step 15: Search msconfig.exe.



Step 16: Here also we need to find whether any unknown process is running. If it is confirm running, then we need to end it.


Step 17: Once you confirm any unknown process is running. Remove that check mark -> click Apply -> click Ok.


This is one of the ways to detect a rat on windows and end it.


    • Related Articles

    • OS Injection

      Hi, This post is regarding OS Injection. Injection always possible on user input field only. In OS injection first, we need to determine the Operating System (OS) on which the server running. So we are running on Windows and the payload varies. For ...
    • command injection

      Hi, This post is regarding Command Injection. Command injection is an attack in which the goal is execution of arbitrary commands on the host operating system via a vulnerable application. Command injection attacks are possible when an application ...
    • How to work with Drozer (Penetration Testing Tool Mobile)

      Hey Everyone, In this post, we will be seeing about Drozer and how it can be used to pen-test the android application. So for that, we need following things: A mobile device/Emulator (Rooted preferred) and with debugging mode on. Drozer agent needed ...
    • Web Application Vulnerability Scanner

      Hello Ladies & Gentleman, Here we came with the new topic `Web Application Vulnerabilities` and how do we scan it using the tool. So without any delay lets get to the topic What is Web Application Vulnerability ? The vulnerability is a weakness which ...
    • RESTAPI Vulnerability Scanner

      Hi, This post is regarding VOOKI – RESTAPI Vulnerability Scanner. Before you learn about RESTAPI Vulnerability Scanner. You need to learn few things please read below. First, we learn about what is Web Service? WEB SERVICE: A web service is a ...