Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
I am infected with a R.A.T. (Poison Ivy version 2.3.2)I have tried many online scanners, etc. I have tried deleting the registry key, however when you reboot, the registry key is re-created. I then tried changing the value of the stubpath to Disabled so it was not a correct file path, however when I rebooted, it created another stubpath. I can not get rid of this, and have been infected for about two weeks, could someone please help me? Does anyone have any other ideas of removing this RAT other than a re-format because I have lost my windows cd. Please post any answers or ideas you may have to help me fix this, thank you.
What Reg Key did you delete? Did you try a System Restore to a date prior to the software being installed?
Life's more painless for the brainless.
0 
I know what registry key the RAT is using and I deleted it, but it just comes back, I have tried a system restore but everytime i try it says failed to restore to earlier date.
0
R.A.T. (Remote Administration Tool) by Poisonivy-rat.com appears to be a legitimate remote assistance tool. If it is, explain how you determined your machine is "infected" by R.A.T.
BTW Have you look at the website for info about deleting whatever registry entry you think is the culprit?
i_Xp/VistaUser
0
I guess I should have said that. XPUser is right. This is a legitimate program. Why do you think it's "infected" your system? And, as XPU suggested, did you look at the ratforget.net site?
And, I repeat; which Reg Key/entry did you delete? Did you uninstall the software? Why did you install it in the first place? Or did someone else install it for RA?
The stubpath was probably created because the key still exists, or the software hasn't been unistalled.
Life's more painless for the brainless.
0
I have tried a system restore but everytime i try it says failed to restore to earlier date.
Did you try it in safe mode?
0
worldlibrary,
Forgive my intrusion but what does your comment have to do with this thread?
i_Xp/VistaUser
0
I haven't tried it in safe mode yet, i will try, and someone else sent me the "trojan". and yes i have looked at many sites such as ratforge.net, poisonivy-rat.com and many many others there are no ways of removing it manually that I can find. And as you can see, this can be used as a very malicious R.A.T. retrieving, all cached passwords, online banking info, paypal/ebay acounts, online game acounts as well as full control over the victims PC processes, installed aplications, etc. And there is nothing to un-install, you don't install anything. Just run a .exe file
0
Have you navigated to c:/program files to have a look there for a R.A.T folder?... There might be an uninstaller in its folder.
If it is a legitimate program with no uninstaller, a third party utility such as Revo Uninstaller might be the ticket.
You could also run Hijackthis create a log, study the entries and have Hijackthis remove anything R.A.T related.
0  |
 |
 |
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
