What is tRat?
tRat is a malicious application created by a group of hackers who call themselves TA505. The same cybercriminals are responsible for malicious programs known as Dridex and Locky Ransomware. It is not a new threat since the first time it was noticed was a few months ago. It might still be active at the moment of writing, and if you have not heard of it yet, we highly recommend reading our full report. This Trojan can collect data about the infected device and then download malicious files to complete specific tasks given to the threat by its creators. In other words, the malicious application could be highly capable, and for your computer’s and privacy’s safety it would be wise to get rid of it without any delays. Users who feel up to the task could use the instructions located below. Of course, tRat can be removed with an antimalware tool too, so if you prefer using such a tool, all that is left to do is make sure it is legitimate.
Where does tRat come from?
To our knowledge, the Trojan is being spread with Microsoft Word and Publisher documents containing malicious macros commands. After launching such files, the targeted victim should be asked to enable editing, which is said would allow viewing the document’s content. Sadly, once the user does it, the file should download tRat and install it on the system. It is essential to know the described files could be sent to targeted victims via Spam emails. Knowing this, users should try to be extremely careful with any attachments they did not expect to receive, files that are sent by people they are not familiar with, and so on. It is always smart to check suspicious files with a legitimate antimalware tool if you suspect they could be dangerous or if they are received under suspicious circumstances.
How does tRat work?
At first, the malware should establish a connection to a server to which it should send information about the infected device. Our specialists say, once installed tRat ought to send the computer’s and its user’s names. Also, the Trojan is supposed to generate a random ID that should be sent along with the mentioned information. Its next task is to wait for the hackers commands silently. Apparently, they should be received along with specific files that could have various functionality, for example, to collect user’s sensitive information, infect the machine with similar Trojans or other threats, etc. At the time, we were testing the malicious application it did not receive any commands, but it is possible it could have if the malware stayed on the system for longer. This is why, we recommend to erase tRat immediately, so it would not have the time to cause any trouble.
How to remove tRat?
The Trojan can be deleted in two ways. The first one is to locate and erase all of the data associated with tRat manually. Users who think they can handle this task should take a look at the instructions available below as they will explain the process step by step. The other option is to download a legitimate antimalware tool, scan the computer, and let the tool deal with the identified threats.
Eliminate tRat
- Tap Ctrl+Alt+Delete.
- Pick Task Manager.
- Select the Processes tab.
- Look for a process associated with the Trojan.
- Select the process and click End Task.
- Leave Task Manager.
- Tap Win+E.
- Go to these locations:
%TEMP%
%USERPROFILE%\Downloads
%USERPROFILE%\Desktop - Find the malicious text document that infected the device, right-click it and select Delete.
- Look for this path %APPDATA%\Adobe\Flash Player\Services\Frame Host
- Find a file named fhost.exe, right-click it and choose Delete.
- Finally, locate this path %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup
- Search for a file called bfhost.lnk, right-click it and select Delete.
- Close File Explorer.
- Empty Recycle Bin.
- Restart the computer.
100% FREE spyware scan and
tested removal of tRat*
0 Comments.