How Do I Know if I Have the Blackshades RAT on My Computer?
0 (0)

how to tell if you have blackshades rat
Rate this post!
 

It is known that over 500,000 Windows computers worldwide are infected with the Blackshades RAT (Remote Access Tool) malware creepware. This means that if you have a Windows computer, or run Windows on your Mac, you need to check to see whether your computer has been infected with this silent privacy and security killer. The surest way is to check for any of the following files anywhere on your hard drive: dos_sock.bss, nir_cmd.bss, pws_cdk.bss, pws_chro.bss, pws_ff.bss, pws_mail.bss, pws_mess.bss

To search for these files – which you must do one at a time – simply click on the Start menu, and type the file name into the search area.


If you find even one of these files on your computer, the odds are high that your computer is infected with the Blackshades Remote Access Tool (RAT).

You can also search for a modification that Blackshades makes to the Windows registry. To do this, you will need to start up the registery editor, regedit.exe. Once regedit is started, click on “Edit” from the toolbar, then select “Find” from the Edit menu, and search for the following string:

Computer\HKEY_CURRENT_USER\Software\VBandVBA Program Settings\SrvID\ID\

No Paywall Here!
The Internet Patrol is and always has been free. We don't hide our articles behind a paywall, or restrict the number of articles you can read in a month if you don't give us money. That said, it does cost us money to run the site, so if something you read here was helpful or useful, won't you consider donating something to help keep the Internet Patrol free?
Click for amount options
Other Amount:
What info did you find here today?:

 

Or just a fragment of it, such as “SrvID”

The presence of any of these modifications is evidence that Blackshades has been installed on your computer.

If you find that you likely have the Blackshades RAT on your computer, the FBI is “highly recommending” that you “wipe your hard drive and reload your operating system,” (even if your antivirus software claims to detect it) and immediately afterwards, change all of your passwords (if you change your passwords beforehand, Blackshades may just capture the new passwords). You can also change all of your passwords first from a non-infected computer, if that is an option for you.

 

While you may think that wiping your hard drive is a little extreme, especially if your antivirus software is up-to-date, even the people who intentionally purchased and used Blackshades are saying that the only way to get rid of it is to wipe your hard drive.

No Paywall Here!
The Internet Patrol is and always has been free. We don't hide our articles behind a paywall, or restrict the number of articles you can read in a month if you don't give us money. That said, it does cost us money to run the site, so if something you read here was helpful or useful, won't you consider donating something to help keep the Internet Patrol free?
Click for amount options
Other Amount:
What info did you find here today?:

People also searched for how to determine if you have a rat installed, i recived a text message saying my computrt is infected with rat and i need to pay money
Rate this post!
 
Summary
How Do I Know if I Have the Blackshades RAT on My Computer?
Article Name
How Do I Know if I Have the Blackshades RAT on My Computer?
Description
To check for Blackshades RAT look for any of these files: dos_sock.bss, nir_cmd.bss, pws_cdk.bss, pws_chro.bss, pws_ff.bss, pws_mail.bss, pws_mess.bss
Author

2 thoughts on “How Do I Know if I Have the Blackshades RAT on My Computer?
0 (0)

  1. Hi there, its nice paragraph concerning media print, we
    all understand media is a impressive source of information. math-problem-solver,
    This site was… how do you say it? Relevant!! Finally I
    have found something which helped me. Kudos!

  2. Hello,
    Thanks for the info.
    I had someone show me on command.exe – red/black ground data.. said it was black shades.. malware.
    Used all your techniques.. Did not find any of the listed terms:
    To check for Blackshades RAT look for any of these files: dos_sock.bss, nir_cmd.bss, pws_cdk.bss, pws_chro.bss, pws_ff.bss, pws_mail.bss, pws_mess.bss..

    Any direction?
    thanks,
    Patrick

Leave a Reply

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.