I was recently helping an older friend fix some issues with her Windows XP computer when I came to realized that it had been infected with some sort of RAT. The RAT had been on the system for about a week, and in that time the user had created a couple of new users accounts, installed Advanced Mass Sender and Dbrute IP scanner. I disconnected her from the internet, deleted all the new accounts, ran two separate virus scans, and uninstalled any new programs that she couldn't explain. The scan found some viruses files which were quarantined and removed.
What other steps do I need to take to make sure she's secure before I reconnect the computer to the internet? Should we just be reinstall the whole OS, or can we guarantee a reasonable level of security short of that?
Answer
While an MBR infection or some other low level infection could have happen, its very likely, for the most part the RAT infection was pretty much the only thing that happen. Even if we assume that its safe to say the current installation cannot be used. Its only use is to backup personal files so those can be scanned on a seperate clean system.
I would just reinstall the operating system if you confirmed it was infected with a RAT tool. Of course I highly suggest not reinstalling Windows XP because the exploit that allowed it to happen likely will never be patched.
No comments:
Post a Comment