Jump to content


Photo

Is it possible to receive a rat from a website?


  • Please log in to reply
12 replies to this topic

#1 Jake91

Jake91

    New Member

  • Members
  • Pip
  • 14 posts

Posted 22 September 2013 - 06:47 AM

So a couple of weeks ago i went to a WoW private server website i frequently go to and it had a "Install java plugin" which i didn't click, lucky enough my friend had told me on skype that it had been hacked and it contained a RAT in the form of a Drive by. I want to know if i've gotten it by just visiting the website? I never downloaded the plugin and never returned to that site again. I reinstalled windows but didnt reformat, deleted the windows.old with Disc Cleanup & scanned Full and Quick and Anti-Rootkit and never found anything. I've turned paranoid and constantly check task manager and netstat -n to see ip's that are connecting to my computer. My friend had the virus and told me it was also FUD. I spoke to the person over skype that had planted the virus after reporting him to the internet police in his country * i know it sounds stupid but what he did was illegal * So for the past 2 weeks ive been on lockdown and havent used any bank acc information which is becoming hard since i often buy things off Amazon,Ebay,Steam.
I also got DOS'd for 3 days after i got the virus. I asked him if he had my computer on his RAT and he said yes and gave me my IP address. But at that moment i had realized i was on a VPN but he could of easily skype resolved my ip and told me it to become paranoid. Anyway this has become a big drama, im contemplating spending $95 on reformatting because i can't do it myself *trust me ive tried every option even bios* and wanted to know if what he did was just a thing to get me scared. I dont doubt his virusing skills so even if there was a way to get a RAT from visiting a website tell me. 

Also i got this block a couple hours later which looked like this
 

Malware Bytes has blocked a connection
IP: 93.115.241.58
Incoming
Port: 445

I looked up 445 and its the port for filesharing, is that a problem? IP is located in Romania because i already tracked him.


#2 Jake91

Jake91

    New Member

  • Members
  • Pip
  • 14 posts

Posted 22 September 2013 - 06:49 AM

Edit: i had AVG free version on when i visited the website but never got any popup information about anything getting blocked.



#3 Jake91

Jake91

    New Member

  • Members
  • Pip
  • 14 posts

Posted 22 September 2013 - 06:51 AM

Oh and a couple hours before that ip getting blocked i got a block from svchost.exe but couldn't read what it said in time. sorry for the triple post!! i don't know how to edit original



#4 daledoc1

daledoc1

    Forum Deity

  • Spam Hunters
  • PipPipPipPipPipPip
  • 11,871 posts
  • Gender:Not Telling

Posted 22 September 2013 - 06:54 AM

Hi, Jake91:
 
Welcome. :)
 
I'll leave the answer to your specific question to the staff and more expert forum members.
 
However, before reformatting, it might be worth having one of our malware analysts guide you through some diagnostic scans.
They can then advise you about cleanup versus nuke/pave.

To do so, I would suggest that you please follow the recommendations in this pinned topic: Available Assistance For Possibly Infected Computers.

Thanks,

daledoc1

 

P.S. Because of recent abuse, post editing isn't enabled until you reach a post count of 100. ;)


Just a home user & forum volunteer
DT1: Win7/Ult/64 SP1; Intel Core i7-3770 @3.4 GHz; 16 GB RAM; NVidia GeForce GT620; IE9; Fx; TB; Cable HSI; MBAM PRO 1.75.0.1300; KIS2014; SAS Free; CCleaner
DT2: Win7 Ult/64 SP1; Intel Core i7-860 @2.8 GHz; 8 GB RAM; ATI Radeon HD 5770; IE 9, Fx; TB; Cable HSI; MBAM PRO 1.75.0.1300; KIS2014; SAS Free; CCleaner.
LT: Win7 Pro/64 SP1; Intel Core i7-3632 cached @3.2 GHz; 16 GB RAM; NVidia GeForce GT640M; IE 10; Fx; TB; WLAN; MBAM PRO 1.75.0.1300; Sophos ES 10.3; SAS Free; CCleaner.


#5 Jake91

Jake91

    New Member

  • Members
  • Pip
  • 14 posts

Posted 22 September 2013 - 07:29 AM

Hi, Jake91:
 
Welcome. :)
 
I'll leave the answer to your specific question to the staff and more expert forum members.
 
However, before reformatting, it might be worth having one of our malware analysts guide you through some diagnostic scans.
They can then advise you about cleanup versus nuke/pave.

To do so, I would suggest that you please follow the recommendations in this pinned topic: Available Assistance For Possibly Infected Computers.

Thanks,

daledoc1

 

P.S. Because of recent abuse, post editing isn't enabled until you reach a post count of 100. ;)

thank you for this i have completed the steps and am about to post it in the sub thread selected, i apologize for spamming & posting it in the wrong section.



#6 daledoc1

daledoc1

    Forum Deity

  • Spam Hunters
  • PipPipPipPipPipPip
  • 11,871 posts
  • Gender:Not Telling

Posted 22 September 2013 - 07:32 AM

That's perfectly OK. :)

Newcomers often post in this section first, and you couldn't have known about the post-editing limits.

 

The experts over in the malware removal section ought to be able to get you cleaned up (or to advise you accordingly, if it's not possible).

 

Good luck!

 

daledoc1

 

P.S. I'm actually a "she", but you couldn't have known that, either. ;)


Just a home user & forum volunteer
DT1: Win7/Ult/64 SP1; Intel Core i7-3770 @3.4 GHz; 16 GB RAM; NVidia GeForce GT620; IE9; Fx; TB; Cable HSI; MBAM PRO 1.75.0.1300; KIS2014; SAS Free; CCleaner
DT2: Win7 Ult/64 SP1; Intel Core i7-860 @2.8 GHz; 8 GB RAM; ATI Radeon HD 5770; IE 9, Fx; TB; Cable HSI; MBAM PRO 1.75.0.1300; KIS2014; SAS Free; CCleaner.
LT: Win7 Pro/64 SP1; Intel Core i7-3632 cached @3.2 GHz; 16 GB RAM; NVidia GeForce GT640M; IE 10; Fx; TB; WLAN; MBAM PRO 1.75.0.1300; Sophos ES 10.3; SAS Free; CCleaner.


#7 David H. Lipman

David H. Lipman

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 4,245 posts
  • Gender:Male
  • Location:Jersey Shore USA
  • Interests:Malware Research, dSLR Photography, Numismatics & Surf Fishing

Posted 22 September 2013 - 08:00 AM

The answer is you can receive a Remote Access Trojan (RAT) like any other malware including a website that uses Exploitation or Social Engineering as a ploy to get you infected.  It is that simple.


David H. Lipman
DLipman@Verizon.Net

#8 Jake91

Jake91

    New Member

  • Members
  • Pip
  • 14 posts

Posted 22 September 2013 - 08:13 AM

I'm so sorry Daledoc!

I don't understand David, i know that you can get a RAT like you can get Viruses like downloading keygens, game hacks etc.. But it didnt download anything.



#9 Jake91

Jake91

    New Member

  • Members
  • Pip
  • 14 posts

Posted 22 September 2013 - 08:23 AM

Oh god im about to spam again.. but i got another from the same port and the same country.
0IzMag5.png
From Romania again.



#10 daledoc1

daledoc1

    Forum Deity

  • Spam Hunters
  • PipPipPipPipPipPip
  • 11,871 posts
  • Gender:Not Telling

Posted 22 September 2013 - 08:29 AM

Hi, Jake91:

 

Please just wait in your malware removal section topic for a helper -- someone will assist you shortly. :)

Many of the helpers are volunteers, it IS Sunday morning, and the forum can be quite busy.

 

Thanks for your patience,

 

daledoc1


Just a home user & forum volunteer
DT1: Win7/Ult/64 SP1; Intel Core i7-3770 @3.4 GHz; 16 GB RAM; NVidia GeForce GT620; IE9; Fx; TB; Cable HSI; MBAM PRO 1.75.0.1300; KIS2014; SAS Free; CCleaner
DT2: Win7 Ult/64 SP1; Intel Core i7-860 @2.8 GHz; 8 GB RAM; ATI Radeon HD 5770; IE 9, Fx; TB; Cable HSI; MBAM PRO 1.75.0.1300; KIS2014; SAS Free; CCleaner.
LT: Win7 Pro/64 SP1; Intel Core i7-3632 cached @3.2 GHz; 16 GB RAM; NVidia GeForce GT640M; IE 10; Fx; TB; WLAN; MBAM PRO 1.75.0.1300; Sophos ES 10.3; SAS Free; CCleaner.


#11 David H. Lipman

David H. Lipman

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 4,245 posts
  • Gender:Male
  • Location:Jersey Shore USA
  • Interests:Malware Research, dSLR Photography, Numismatics & Surf Fishing

Posted 22 September 2013 - 08:31 AM

Drive by Downloads.

 

Software is complex and when written, it is never perfect and often it is rushed to release based upon various economic, competitive and corporate pressures.  Therefore software can have mistakes or bugs in it.  Unscrupulous people (aka; Malicious Actors) find these mistakes and bugs and see if they can exploit them for their own ill gotten gains.  If there is a bug that can be exploited it is called a "vulnerability".  If that vulnerability is exploited malware can be dropped and executed on your computer without your knowledge and/or approval.  This can include Remote Access Trojans (RAT).  Social Engineering is also about Vulnerabilities and Exploitation except it isn't software it is "people" that is exploited as Social Engineering is the Human Exploit.

 

As for TCP Port 445, that has has nothing to do with email or spam.  That is a part of the Microsoft networking communication called Server Message Blocks (SMB).

 

This can be mitigated by using a NAT Router or a NAT Router with a Firewall implementation.  I always suggest specifically blocking/dropping TCP and UDP ports 135 ~ 139 and 445 on the LAN/WAN interface.


David H. Lipman
DLipman@Verizon.Net

#12 Jake91

Jake91

    New Member

  • Members
  • Pip
  • 14 posts

Posted 23 September 2013 - 04:20 AM

My Netgear has no port forwarding option so im not sure how to do that. I don't have a router only a modem.



#13 David H. Lipman

David H. Lipman

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 4,245 posts
  • Gender:Male
  • Location:Jersey Shore USA
  • Interests:Malware Research, dSLR Photography, Numismatics & Surf Fishing

Posted 23 September 2013 - 06:36 AM

What is your Netgear Modem's model number ?


David H. Lipman
DLipman@Verizon.Net




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users