Removing a Remote Access Trojan (RAT) from my Windows PC

Windows 10
1

I recently got a Remote Access Trojan (RAT) from a GitHub download. The malware logged into my Discord account and promoted a server. Since I had tampered protection disabled during the download, Windows Defender and MRT scans didn't detect any issues. However, the Microsoft Safety Scanner found and removed some corrupt files. Despite this, subsequent scans still detected corrupt files. I've run SFC scans, including in safe mode, which report no corrupt files. I've also restored my system to a point before the infection. To ensure the RAT is removed and my system is clean, should I continue using the Microsoft Safety Scanner until it finds no issues, or is a factory reset necessary?

2

To ensure you remove the RAT completely and your Windows 10 system is clean, follow these steps:

  1. Disconnect from the Internet:

    • This is crucial to prevent any ongoing data theft and to stop the RAT from communicating with the attacker’s server.

  2. Boot into Safe Mode:

    • Reboot your computer and press the F8 key during startup to enter Safe Mode.

  3. Run Anti-Virus Scans:

    • Ensure your anti-virus software is up-to-date with the latest definitions.
    • Run a full system scan using your anti-virus software to detect and remove any malware.

  4. Run SFC Scans:

    • Run System File Checker (SFC) scans in safe mode to repair potentially corrupted system files.

  5. Run DISM Scans:

    • Run the Deployment Image Servicing and Management (DISM) tool to repair and clean up any corrupted system components.

  6. Remove Unrecognized Programs and Files:

    • Manually check for any unrecognized programs or files that might have been missed by the anti-malware scans. Be cautious and remove anything suspicious.

  7. Restore System to a Clean State:

    • If the RAT was downloaded from GitHub, restore your system to a point before the infection. Continue using the Microsoft Safety Scanner until it finds no issues.

  8. Change Passwords:

    • From a clean device, change all your passwords - especially for sensitive online accounts such as banking and email.

Important:

  • Regularly update your operating system and security software to prevent future infections.
  • Avoid downloading files from untrusted sources.
  • Always have active security software and be mindful of suspicious activities on your system.

Remember, a factory reset might be necessary if these steps don’t completely remove the RAT.