Windows 8 and 8.1 Forums


PC infected with XTreme Rat

  1. #1


    Posts : 3
    Windows 8

    PC infected with XTreme Rat


    Hi,

    I recently installed AVG on the family computer and ran a virus scan, which came up with a few problems. The biggest one was that the computer was infected with the XTreme RAT trojan. This has been removed, but looking at the capabilities a RAT gives I would like to see what damage has been done.

    What do I need to be looking for in the Events Viewer for things like the Webcam being turned off and on, remote access, files being remotely accessed etc?

    Do I need to take any further action to protect the computer in the future? I don't know how long it's been on there, my sons keep installing games and things from the internet despite me telling them not to, so I don't know where it's come from.

    Any help/advice would be appreciated.

      My System SpecsSystem Spec

  2. #2


    Posts : 1,883
    7601.18247.x86fre.win7sp1


    Hi,

    Israeli Defense Systems Hacked with Xtreme RAT Trojan | The State of Security

    Wow, if this thing is good enough to mess with Israeli defense systems, your only logical choice is to use Killdisk on the hard drive and then install Windows clean after.

    Change passwords to everything local, and otherwise.

    Use only Firefox with assorted add-ons such as No-Script, BetterPrivacy, HttpsEverywhere, Adblock Edge, Disconnect, Ghostery, RefControl.

    Don't click links in e-mails and don't download torrents that do not have exceptional only reviews.
      My System SpecsSystem Spec

  3. #3


    Posts : 3
    Windows 8


    Quote Originally Posted by MasterChief View Post
    Hi,

    Israeli Defense Systems Hacked with Xtreme RAT Trojan | The State of Security

    Wow, if this thing is good enough to mess with Israeli defense systems, your only logical choice is to use Killdisk on the hard drive and then install Windows clean after.

    Change passwords to everything local, and otherwise.

    Use only Firefox with assorted add-ons such as No-Script, BetterPrivacy, HttpsEverywhere, Adblock Edge, Disconnect, Ghostery, RefControl.

    Don't click links in e-mails and don't download torrents that do not have exceptional only reviews.

    Yeah I saw that too, and that's probably good advice, but I would still like some info on the Events Viewer - which log do I look at to see if the webcam has been activated? What does the record say? What about remote access events etc etc, I just want to try and get a handle on how much damage has been done first.
      My System SpecsSystem Spec

  4. #4


    Posts : 1,883
    7601.18247.x86fre.win7sp1


    Anyone worth their salt accessing your machine would have cleared logs with a pre-written script they made to have ready.

    To me, all that is rather pointless anyhow. Machine has been compromised and as I see it, no need in worrying or picking apart the past. All you can do is move on in the best possible manner as has already been outlined.
      My System SpecsSystem Spec

  5. #5


    Posts : 1,360
    Windows 8.1 Enterprise


    I agree 100% with what MasterChief said. The only solution is to completely wipe the drive and reinstall.

    However, if your interested in looking into the damage caused you could use some Forensic Tools.

    OSFClone is a bootable CD which allows you to make a complete clone of the affected system.

    Link: OSFClone - Open source utility to create and clone forensic disk images

    You can then use OFSMount to view its contents.

    Link: OSFMount - Mount CD and Disk images in Windows, ISO, DD

    Finally, use OSForensics to create a detailed report.

    Link: OSForensics - Digital investigation for a new era by PassMark Software®
      My System SpecsSystem Spec

  6. #6


    I agree with what these gentlemen have said. Reload Windows and DO NOT rely on log files to give you any information as they have most likely been compromised also...
      My System SpecsSystem Spec

  7. #7


    Posts : 3
    Windows 8


    Thanks for the advice guys. Disk reformat and reinstall it is, then.............
      My System SpecsSystem Spec

  8. #8


    Posts : 70
    windows 8.1


    Unfortunately, in some instances even low level formatting will not get rid of some malware. Your system is simply compromised. Best bet is new disk and CPU (if Intel, AMD is o.k.). Of course, no user will go this far, but this just shows that today everybody needs to be very careful.
    Let's hope that formatting will be enough.
      My System SpecsSystem Spec

  9. #9


    United States
    Posts : 3,093
    Windows 8.1 Pro 64-bit


    Quote Originally Posted by Michal View Post
    Unfortunately, in some instances even low level formatting will not get rid of some malware. Your system is simply compromised. Best bet is new disk and CPU (if Intel, AMD is o.k.). Of course, no user will go this far, but this just shows that today everybody needs to be very careful.
    Let's hope that formatting will be enough.
    Malicious code can be permanently embedded within the Intel CPU? Or am I misinterpreting what you are saying?
      My System SpecsSystem Spec

  10. #10


    Posts : 1,883
    7601.18247.x86fre.win7sp1


    Quote Originally Posted by Michal View Post
    Best bet is new disk
    Killdisk renders a drive to the extent where it is literally not possible for any data to survive.

    Quote Originally Posted by Michal View Post
    Best bet is new disk and CPU (if Intel, AMD is o.k.).
    Quote Originally Posted by popeye View Post
    Malicious code can be permanently embedded within the Intel CPU? Or am I misinterpreting what you are saying?
    I can answer that. No.
      My System SpecsSystem Spec

Page 1 of 2 12 LastLast
PC infected with XTreme Rat
Related Threads
I scanned my computer with Adwcleaner in safe mode because adwcleaner wouldn't run otherwise, and the report is below. Neither Malwarebytes Pro or Hitman Pro finds anything, and after Adwcleaner says it has put the objects in quarantine and reboots the computer, the objects are back when I do...
The Creative Sound Blaster X-fi Xtreme Audio card works fine in Windows 8. The drivers for Windows 7 work without any problem and the Creative updater and control panel also work as they should in Windows 8. The drivers can be downloaded here for the X-Fi Xtreme Audio card - Creative Worldwide...
Hi, i'm curious if anybody is still using their x-fi xtremegamer soundcard on windows 8.1 OS. I really wanted to dump it and use my onboard realtek ALC892. But, the audio to my surprise was inferior. Odd that a card I acquired in 2008 still beats out a modern onboard sound solution even...
I have the latest Creative driver on here for Win 7 64bit, and I'm not getting any sound. Anybody else having this problem.
Not sure if infected or not in System Security
Hey fellas, I have this thing im worried about. While browsing the internet a new tab opened up on its own and a website loaded, a page with a Microsoft security essentials saying I have potential viruses on my computer. From what im reading MSE is not installed on windows 8 and windows defender is...
Eight Forums Android App Eight Forums IOS App Follow us on Facebook