Hi,
This post is regarding How to detect Remote Administration Tool (RAT) on windows, RAT also stands for remote access trojan.
Antivirus software can able to detect some RAT like this but still, we have many RAT which are undetected by Antivirus. In that scenario, we need to check it manually.
Steps to detect RAT manually on windows, this is one type of way we can detect.
Step 1: Click on Start menu.
Step 2: Search cmd open it.
Step 3: Type netstat -ano and press Enter.
Step 4: It will display like this and status will be ESTABLISHED. Now, this socket has an established connection. Here we need to find any socket which is different from others and we need to analyze that.
Step 5: I found one socket its PID is 8412
Step 6: Now press Ctrl+Shift+Esc.
Step 7: Now click on Processes.
Step 8: Now go to Select Columns.
Step 9: Check mark PID.
Step 10: Now you can see all PID.
Step 11: Now find 8412 PID in this list. once you confirm this is unknown process.
Step 12: Then end that process. Right click -> End Process -> End Process then close it.
Step 13: Now that process is closed.
Step 14: Now go to Start menu.
Step 15: Search msconfig.exe.
Step 16: Here also we need to find whether any unknown process is running. If it is confirm running, then we need to end it.
Step 17: Once you confirm any unknown process is running. Remove that check mark -> click Apply -> click Ok.
This is one of the ways to detect a rat on windows and end it.