Jake91

Is it possible to receive a rat from a website?

13 posts in this topic

So a couple of weeks ago i went to a WoW private server website i frequently go to and it had a "Install java plugin" which i didn't click, lucky enough my friend had told me on skype that it had been hacked and it contained a RAT in the form of a Drive by. I want to know if i've gotten it by just visiting the website? I never downloaded the plugin and never returned to that site again. I reinstalled windows but didnt reformat, deleted the windows.old with Disc Cleanup & scanned Full and Quick and Anti-Rootkit and never found anything. I've turned paranoid and constantly check task manager and netstat -n to see ip's that are connecting to my computer. My friend had the virus and told me it was also FUD. I spoke to the person over skype that had planted the virus after reporting him to the internet police in his country * i know it sounds stupid but what he did was illegal * So for the past 2 weeks ive been on lockdown and havent used any bank acc information which is becoming hard since i often buy things off Amazon,Ebay,Steam.
I also got DOS'd for 3 days after i got the virus. I asked him if he had my computer on his RAT and he said yes and gave me my IP address. But at that moment i had realized i was on a VPN but he could of easily skype resolved my ip and told me it to become paranoid. Anyway this has become a big drama, im contemplating spending $95 on reformatting because i can't do it myself *trust me ive tried every option even bios* and wanted to know if what he did was just a thing to get me scared. I dont doubt his virusing skills so even if there was a way to get a RAT from visiting a website tell me. 

Also i got this block a couple hours later which looked like this
 

Malware Bytes has blocked a connection
IP: 93.115.241.58
Incoming
Port: 445

I looked up 445 and its the port for filesharing, is that a problem? IP is located in Romania because i already tracked him.

Share this post


Link to post
Share on other sites

Edit: i had AVG free version on when i visited the website but never got any popup information about anything getting blocked.

Share this post


Link to post
Share on other sites

Oh and a couple hours before that ip getting blocked i got a block from svchost.exe but couldn't read what it said in time. sorry for the triple post!! i don't know how to edit original

Share this post


Link to post
Share on other sites

Hi, Jake91:
 
Welcome. :)
 
I'll leave the answer to your specific question to the staff and more expert forum members.
 
However, before reformatting, it might be worth having one of our malware analysts guide you through some diagnostic scans.
They can then advise you about cleanup versus nuke/pave.

To do so, I would suggest that you please follow the recommendations in this pinned topic: Available Assistance For Possibly Infected Computers.

Thanks,

daledoc1

 

P.S. Because of recent abuse, post editing isn't enabled until you reach a post count of 100. ;)

Share this post


Link to post
Share on other sites

Hi, Jake91:

 

Welcome. :)

 

I'll leave the answer to your specific question to the staff and more expert forum members.

 

However, before reformatting, it might be worth having one of our malware analysts guide you through some diagnostic scans.

They can then advise you about cleanup versus nuke/pave.

To do so, I would suggest that you please follow the recommendations in this pinned topic: Available Assistance For Possibly Infected Computers.

Thanks,

daledoc1

 

P.S. Because of recent abuse, post editing isn't enabled until you reach a post count of 100. ;)

thank you for this i have completed the steps and am about to post it in the sub thread selected, i apologize for spamming & posting it in the wrong section.

Share this post


Link to post
Share on other sites

That's perfectly OK. :)

Newcomers often post in this section first, and you couldn't have known about the post-editing limits.

 

The experts over in the malware removal section ought to be able to get you cleaned up (or to advise you accordingly, if it's not possible).

 

Good luck!

 

daledoc1

 

P.S. I'm actually a "she", but you couldn't have known that, either. ;)

Share this post


Link to post
Share on other sites

The answer is you can receive a Remote Access Trojan (RAT) like any other malware including a website that uses Exploitation or Social Engineering as a ploy to get you infected.  It is that simple.

Share this post


Link to post
Share on other sites

I'm so sorry Daledoc!

I don't understand David, i know that you can get a RAT like you can get Viruses like downloading keygens, game hacks etc.. But it didnt download anything.

Share this post


Link to post
Share on other sites

Oh god im about to spam again.. but i got another from the same port and the same country.
0IzMag5.png
From Romania again.

Share this post


Link to post
Share on other sites

Hi, Jake91:

 

Please just wait in your malware removal section topic for a helper -- someone will assist you shortly. :)

Many of the helpers are volunteers, it IS Sunday morning, and the forum can be quite busy.

 

Thanks for your patience,

 

daledoc1

Share this post


Link to post
Share on other sites

Drive by Downloads.

 

Software is complex and when written, it is never perfect and often it is rushed to release based upon various economic, competitive and corporate pressures.  Therefore software can have mistakes or bugs in it.  Unscrupulous people (aka; Malicious Actors) find these mistakes and bugs and see if they can exploit them for their own ill gotten gains.  If there is a bug that can be exploited it is called a "vulnerability".  If that vulnerability is exploited malware can be dropped and executed on your computer without your knowledge and/or approval.  This can include Remote Access Trojans (RAT).  Social Engineering is also about Vulnerabilities and Exploitation except it isn't software it is "people" that is exploited as Social Engineering is the Human Exploit.

 

As for TCP Port 445, that has has nothing to do with email or spam.  That is a part of the Microsoft networking communication called Server Message Blocks (SMB).

 

This can be mitigated by using a NAT Router or a NAT Router with a Firewall implementation.  I always suggest specifically blocking/dropping TCP and UDP ports 135 ~ 139 and 445 on the LAN/WAN interface.

Share this post


Link to post
Share on other sites

My Netgear has no port forwarding option so im not sure how to do that. I don't have a router only a modem.

Share this post


Link to post
Share on other sites

What is your Netgear Modem's model number ?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.