How to get rid of Remote Access Trojans?

In this article we’ll explain how to get rid of Remote Access Trojans.

What are Remote Access Trojans?

Remote Access Trojans (RATs) are programs that allow hackers to control or monitor your computer remotely, usually through the internet. RATs can be either purchased or programmed by a hacker him-or-herself, but generally they fall under three categories:

1. Remote Administration Tools (RATS)

2. Backdoors

3. Trojans

The three types of programs typically work together to accomplish their goal: to take control or monitor your computer (what hackers would refer to as “the host”).

A RAT’s original purpose is to let a user remotely access and manage computers, servers, networks and entire infrastructures via the internet. They were developed for legitimate purposes such as system administration, remote learning/teaching and customer support (to name a few). The problem with such programs is that they often do not require any authentication; meaning it doesn’t always require a login and password when you want to access them. Hackers can exploit this function by figuring out which are the default logins of popular RATS, then infecting thousands of computers all at once.

Once infected, RATs give the attacker full control of your computer; they can remotely activate your webcam and microphone without you knowing, intercept keystrokes (including sensitive information like passwords), steal files, destroy files or entire hard drives, delete Windows settings (to prevent recovery), install Crypt malware, use MS Office to send emails that look like they’re from someone else (and thus trick them into giving up their password) open any arbitrary website on your computer/browser, change system settings (background picture etc.) and so much more.

What makes matters worse is that even if you have anti-virus software installed on your computer, most AV programs are not capable of detecting a RAT infection. This is because RATS are legitimate programs which have been modified by hackers to include malicious code.

How to get rid of remote access trojans (RAT)?

Here’s what to do when you have a RAT infection:

Step 1: Boot into Safe Mode

Most RATs will disallow users from booting into safe mode, so your first step is to get you computer to load in “Safe Mode” with networking. To do this, simply turn your PC on and immediately start tapping the F8 key repeatedly. You should get a menu that lets you choose between windows options like usual, but also gives an option of safe mode. Select “Safe Mode with Networking”, then press enter – your machine should begin to boot normally after performing this step!

Step 2: Disinfection

Use your computer’s task manager (Ctrl+Alt+Delete) and end all of the running processes that look suspicious or unrecognizable. If you’re not sure what they are, ask someone who knows more about computers than you do; we don’t want any accidental termination of important processes!

It is also possible that your RAT will be installed as a service in Windows – there will be 2 entries for it in the Task Manager: one with “Rundll32” and another with an unknown file name (the original file name of the RAT). Unfortunately, terminating these entries may NOT get rid of your RAT. You should instead run a full system scan with a very reputable anti-malware program.

Step 3: Update your software

After your virus is successfully removed, update all of your software as soon as possible – this includes Windows itself as well as any programs you use regularly (Java, Flash Player, etc.). New viruses are created every day, and by keeping everything up to date, you’re drastically decreasing your chances of having another RAT infection in the future!

Step 4: Take care of Trojan Remnants

If you only successfully remove one of your RAT’s components, then there is still a chance that it may return – especially if it was installed by another user on the same computer! This will require more advanced steps to fix (such as reinstalling Windows), which you should not attempt without help from an expert.


Step 5: Complete Scan

Perform a scan of your entire system with updated antivirus software to remove any other components that aren’t recognized by the RAT removal tool. Some viruses are particularly tricky to find, so this is an important step in order to get everything!

Step 6: Clean Up

After successfully removing the RAT infection, there are still some things left to clean up! This includes restoring any files that were permanently modified by the malware and manually removing all registry entries created during the attack. Doing this requires some expertise, but if you feel comfortable making manual changes in Windows you should be able to handle it without too much trouble.

Step 7:   Reinstalling the Operating System

If you were unable to boot into safe mode in the Step 1 or if it failed while attempting it (common problems include malware disabling one of these boot options) it’s time to reinstall your operating system. It’s not as simple as inserting your installation media and clicking through the installer – you’ll need to boot using a different method. Any CD/DVD or USB device should work so long as it contains an operating system that is compatible with your PC (i.e., either Windows 10, 8 or 7 for most users).

Follow these steps carefully, and you should be able to delete your RAT infection without too much trouble! If you need further assistance, I recommend contacting a local computer repair specialist or taking your PC into a shop for help.

How to prevent a RAT from taking over your computer again?

Plugging the Ethernet cable into your router and disabling WiFi should prevent a RAT from taking over your computer again. If you do not plug in an Ethernet cord, ensure that your wireless is turned off and that all security programs are up to date as this will stop any future attacks. Even though these steps may prevent future remote access trojan attacks , it does not get rid of the file itself on your computer.

Another good tip is to keep your computer software updated. Most of Microsoft’s security patches and a strong antivirus like Kaspersky or Malwarebytes will help prevent your computer from future attacks.

I am a computer engineer holding a bachelor's degree in Computer Science, complemented by a Master's in Business Administration from University of Strathclyde, Scotland. I currently work as a Senior IT Consultant in Melbourne, Australia. With over 15 years of...