Remote Access Trojans (RATS) are malicious programs that run invisibly on host PCs and permit an intruder remote access and control.
On a basic level, many RATs mimic the functionality of legitimate remote control programs such as TeamViewer but are designed specifically for stealth installation and operation. Intruders usually hide these Trojan horses in games and other small programs that unsuspecting users then execute on their PCs. Typically, exploited users either download and execute the malicious programs or are tricked into clicking rogue email attachments.
On a basic level, many RATs mimic the functionality of legitimate remote control programs such as TeamViewer but are designed specifically for stealth installation and operation. Intruders usually hide these Trojan horses in games and other small programs that unsuspecting users then execute on their PCs. Typically, exploited users either download and execute the malicious programs or are tricked into clicking rogue email attachments.
http://technet.microsoft.com/en-us/library/dd632947.aspx
Recent RATS create the following null registry keys;
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F4046E19-9A33-3DA4-5EBC-CD6114454DBA}
This key F4046E19-9A33-3DA4-5EBC-CD6114454DBA is not deletable using Registry Editor. You cannot search for it and delete it, Regedit will complain that it is not found!Use GMER tool (is an application that detects and removes rootkits and works with Win7) available at http://www.gmer.net/ to find suspect rootkits and bad registry keys.
To remove a null registry key, you can use the toolkit provided by Mark Russinovich's suite of tools available from Microsoft named Sysinternals.
No comments:
Post a Comment