Complete Steps for Removing

Nov 3rd, 2012
  1. Go to C:/ drive
  2. Open "Users"
  3. Go to the user that was infected (Usually the user account you're on administrator)
  4. Double Click on "App Data"
  5. Go to "Roaming"
  6. Go to "Search Roaming" it's the blank textbox in the upper right corner of the folder window
  7. Search for your RAT's startup name, mine was "svchost".
  8. Once found just delete it and then go back to "App Data"
  10. Open "Local"
  11. Scroll Down until you see "Temp" (If you don't see it, go to "Search Files and Programs" at the "Windows Start Menu" For WinXP it's "Run", and type in "%temp%"
  12. Once opened you'll see a shit load of files
  13. Delete EVERYTHING in that folder (Do Ctrl+A to highlight everything then press DELETE)
  14. If something cannot be deleted press "Skip".
