It is known that over 500,000 Windows computers worldwide are infected with the Blackshades RAT (Remote Access Tool) malware creepware. This means that if you have a Windows computer, or run Windows on your Mac, you need to check to see whether your computer has been infected with this silent privacy and security killer. The surest way is to check for any of the following files anywhere on your hard drive: dos_sock.bss, nir_cmd.bss, pws_cdk.bss, pws_chro.bss, pws_ff.bss, pws_mail.bss, pws_mess.bss
To search for these files – which you must do one at a time – simply click on the Start menu, and type the file name into the search area.
If you find even one of these files on your computer, the odds are high that your computer is infected with the Blackshades Remote Access Tool (RAT).
You can also search for a modification that Blackshades makes to the Windows registry. To do this, you will need to start up the registery editor, regedit.exe. Once regedit is started, click on “Edit” from the toolbar, then select “Find” from the Edit menu, and search for the following string:
Computer\HKEY_CURRENT_USER\Software\VBandVBA Program Settings\SrvID\ID\
The Internet Patrol is completely free, and we don't subject you to ads or annoying video pop-ups. But it does cost us out of our pocket to keep the site going (going on 20 years now!) So your tips via CashApp, Venmo, or Paypal are VERY appreciated! Receipts will come from ISIPP.
Or just a fragment of it, such as “SrvID”
The presence of any of these modifications is evidence that Blackshades has been installed on your computer.
If you find that you likely have the Blackshades RAT on your computer, the FBI is “highly recommending” that you “wipe your hard drive and reload your operating system,” (even if your antivirus software claims to detect it) and immediately afterwards, change all of your passwords (if you change your passwords beforehand, Blackshades may just capture the new passwords). You can also change all of your passwords first from a non-infected computer, if that is an option for you.
While you may think that wiping your hard drive is a little extreme, especially if your antivirus software is up-to-date, even the people who intentionally purchased and used Blackshades are saying that the only way to get rid of it is to wipe your hard drive.
The Internet Patrol is completely free, and we don't subject you to ads or annoying video pop-ups. But it does cost us out of our pocket to keep the site going (going on 20 years now!) So your tips via CashApp, Venmo, or Paypal are appreciated!
Receipts will come from ISIPP.
Hi there, its nice paragraph concerning media print, we
all understand media is a impressive source of information. math-problem-solver,
This site was… how do you say it? Relevant!! Finally I
have found something which helped me. Kudos!
Hello,
Thanks for the info.
I had someone show me on command.exe – red/black ground data.. said it was black shades.. malware.
Used all your techniques.. Did not find any of the listed terms:
To check for Blackshades RAT look for any of these files: dos_sock.bss, nir_cmd.bss, pws_cdk.bss, pws_chro.bss, pws_ff.bss, pws_mail.bss, pws_mess.bss..
Any direction?
thanks,
Patrick