I installed a RAT

[MonkeyManofLife]

Hello, recently I was just browsing the web and installing some things for my computer and I downloaded a suspicious file and my antivirus luckily caught it and it was from a website known as ronin.black and named Backdoor.NJRat however I'm sure it is still somewhere on my computer as it is made to bypass Malwarebytes. I was wondering what I should do to eliminate this virus as I don't want to be apart of a botnet or my computer being mined on for cryptocurrency or anything of the sort.

 

Thank you ahead of time and sorry if this is the wrong subforum.

[SansVarnic]

IMHO a full wipe and reinstall. That is what I would do personally.

[Dougarooo]

Well usually with RATs you should need to run it in order to actually have it installed on your system as it has to propagate itself on a program that you have to run. It's not a worm I'm assuming as you downloaded the file so it sounds you should be okay. Since your antivirus caught it and I'm assuming you didn't force it to run anyways you should be good. Check your process manager for any weird processes and things that shouldn't be in startup config.

 

Like SansVarnic said the best bet is to do a complete wipe and reinstall if you can to be 100% safe but I don't believe it would be necessary in this situation.

 

It's good that your antivirus caught the file but you definitely need to be more careful on the internet. No torrents or cracks my man. That's 100% a way to get you pwned. 

[dfsdfgfkjsefoiqzemnd]

Only way to be sure is a full reinstall.  Don't even waste your time trying to get rid of whatever nasty stuff is on your PC, a full wipe and fresh install is usually faster. 

 

[Enderman]

3 minutes ago, ReggieGRS said:

While i agree, what if OP has important unbacked up data for instance?

Then you back up the data to another drive or USB first and reinstall windows......

[MonkeyManofLife]

I did open a .exe file which is how I got the RAT I believe I'm running all these antivirus scans and stuff because I have so much downloaded on my PC that I don't want to lose.

[Dougarooo]

6 minutes ago, MonkeyManofLife said:

I did open a .exe file which is how I got the RAT I believe I'm running all these antivirus scans and stuff because I have so much downloaded on my PC that I don't want to lose.

When you "opened a .exe file" did it run? If your antivirus stopped it from running at all you could be safe but it sounds like you're pushing your luck at this point. Do a file integrity check with windows built in System File Checker. (Article on how to do it is here: https://support.microsoft.com/en-us/help/929833/use-the-system-file-checker-tool-to-repair-missing-or-corrupted-system).

 

If your files seem to not be compromised move your important data to a thumb drive, external drive, or even the cloud to save the data for when you reinstall. When you do reinstall you can also choose the addition in the windows installer to "Keep data and files" but I don't believe that has ever worked for me so just make sure you keep your important items backed up on another drive for when you reinstall.

 

If SFC comes back and says the integrity of the files may have been compromised then windows will automatically try to fix what was altered about your files but that is also a hit or miss. If it comes back not being able to fix your files and your entire system is still compromised you may just have to kiss your data goodbye and reinstall windows fresh.

[Dougarooo]

1 minute ago, ReggieGRS said:

my question on based on the assumption of the unlikely yet possible scenario that it had infected one or some of the very files one would want to backup, is it worth the risk?

Windows system file checker will check to see if those files have been compromised and if it has been compromised it will try to fix it but if it can't he's just SOL

[Enderman]

17 minutes ago, ReggieGRS said:

my question on based on the assumption of the unlikely yet possible scenario that it had infected one or some of the very files one would want to backup, is it worth the risk?

The files that you back up should only be documents, pictures, music, etc. Not the entire drive.

Those are not files that get infected by a virus.

Program executables and other stuff in the registry or startup processes do.

[Dougarooo]

1 minute ago, Enderman said:

The files that you back up should only be documents, pictures, music, etc. Not the entire drive.

Those are not files that get infected by a virus.

Program executables and other stuff in the registry or startup processes do.

Although common, this is not 100% true. Viruses can attach itself to many things such as registry, processes, programs, and even files. It could have also infected the boot sector of his machine. Until we know for certain we have to assume his machine is infected to the highest degree possible until proven otherwise. Better safe than sorry.

[Enderman]

13 minutes ago, Dougarooo said:

Viruses can attach itself to many things such as registry, processes, programs

This is literally what I said.

 

13 minutes ago, Dougarooo said:

even files

I don't think you understand how files, for example an image works. A program like windows gallery cannot execute any kind of code stored in an image.

 

13 minutes ago, Dougarooo said:

It could have also infected the boot sector of his machine

"backing up files" does not mean "clone the entire drive"

Maybe you should try reading my post again, I clearly said to NOT do that.

[MonkeyManofLife]

I've come to the point where I don't care and want to reset my pc entirely and wipe everything, however, when I try to do it I get stuck at 1%. I've been going to Settings, then Recovery and Reset this PC. Then I click remove everything and all drives and then remove files and clean the drive so that it is totally and completely cleaned. However, it just gets stuck at 1%. I've had this issue every time I've down it before however, I managed to fix it I just can't remember how I did it. If anyone could help me that would be great! I'm also using Windows 10