It is known that over 500,000 Windows computers worldwide are infected with the Blackshades RAT (Remote Access Tool) malware creepware. This means that if you have a Windows computer, or run Windows on your Mac, you need to check to see whether your computer has been infected with this silent privacy and security killer. The surest way is to check for any of the following files anywhere on your hard drive: dos_sock.bss, nir_cmd.bss, pws_cdk.bss, pws_chro.bss, pws_ff.bss, pws_mail.bss, pws_mess.bss
To search for these files – which you must do one at a time – simply click on the Start menu, and type the file name into the search area.
If you find even one of these files on your computer, the odds are high that your computer is infected with the Blackshades Remote Access Tool (RAT).
You can also search for a modification that Blackshades makes to the Windows registry. To do this, you will need to start up the registery editor, regedit.exe. Once regedit is started, click on “Edit” from the toolbar, then select “Find” from the Edit menu, and search for the following string:
Computer\HKEY_CURRENT_USER\Software\VBandVBA Program Settings\SrvID\ID\
Or just a fragment of it, such as “SrvID”
The presence of any of these modifications is evidence that Blackshades has been installed on your computer.
If you find that you likely have the Blackshades RAT on your computer, the FBI is “highly recommending” that you “wipe your hard drive and reload your operating system,” (even if your antivirus software claims to detect it) and immediately afterwards, change all of your passwords (if you change your passwords beforehand, Blackshades may just capture the new passwords). You can also change all of your passwords first from a non-infected computer, if that is an option for you.
The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.
While you may think that wiping your hard drive is a little extreme, especially if your antivirus software is up-to-date, even the people who intentionally purchased and used Blackshades are saying that the only way to get rid of it is to wipe your hard drive.