ProRat (trojan horse)
From Wikipedia, the free encyclopedia
ProRat is a Microsoft Windows based backdoor trojan horse, more commonly known to the Hacker community as a RAT (Remote Administration Tool). As with other trojan horses it uses a client and server. ProRat opens a port on the computer which allows a hacker with the client to perform numerous operations on the server (the machine being controlled). ProRat is available in a free version, and a paid version. In the free version, ProRat cannot connect to users over wireless networks, only over L.A.N (Local Area Network). ProRat is known for it's server to be almost impossible to remove without up-to-date antivirus software.
Contents |
[edit] Features
ProRat allows hackers to perform many malicious actions on the victim's machine. Some of it's abilities include:
- Logging keystrokes
- Stealing passwords
- Full control over files
- Drive formatting
- Open/close CD tray
- Hide taskbar, desktop, and start button
- Take screenshots
- View system information
- View webcam
- Download and run files
[edit] Infection Method
ProRat has a server creator with features that allow it to be undetected by antivirus and firewall software, and also allow it to stealthily run in the backround. Such features include killing security software, removing and disabling system restore points, and displaying a fake error message to mislead the victim.
[edit] Removal
Most virus removal tools detect and can remove Prorat. However, it is possible to encrypt and compress the exectuable using a tool such as UPX or Armadillo which would mask it from a virus removal utility then add a rootkit to hide it from the user. In such a case you should see the rootkit article for removal.