- Go to C:/ drive
- Open "Users"
- Go to the user that was infected (Usually the user account you're on administrator)
- Double Click on "App Data"
- Go to "Roaming"
- Go to "Search Roaming" it's the blank textbox in the upper right corner of the folder window
- Search for your RAT's startup name, mine was "svchost".
- Once found just delete it and then go back to "App Data"
- Open "Local"
- Scroll Down until you see "Temp" (If you don't see it, go to "Search Files and Programs" at the "Windows Start Menu" For WinXP it's "Run", and type in "%temp%"
- Once opened you'll see a shit load of files
- Delete EVERYTHING in that folder (Do Ctrl+A to highlight everything then press DELETE)
- If something cannot be deleted press "Skip".
Complete Steps for Removing
Paralacks Nov 3rd, 2012 173 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
RAW Paste Data