How Do I Know if I Have the Blackshades RAT on My Computer?

how to tell if you have blackshades rat
Share the knowledge

It is known that over 500,000 Windows computers worldwide are infected with the Blackshades RAT (Remote Access Tool) malware creepware. This means that if you have a Windows computer, or run Windows on your Mac, you need to check to see whether your computer has been infected with this silent privacy and security killer. The surest way is to check for any of the following files anywhere on your hard drive: dos_sock.bss, nir_cmd.bss, pws_cdk.bss, pws_chro.bss, pws_ff.bss, pws_mail.bss, pws_mess.bss

To search for these files – which you must do one at a time – simply click on the Start menu, and type the file name into the search area.

If you find even one of these files on your computer, the odds are high that your computer is infected with the Blackshades Remote Access Tool (RAT).

You can also search for a modification that Blackshades makes to the Windows registry. To do this, you will need to start up the registery editor, regedit.exe. Once regedit is started, click on “Edit” from the toolbar, then select “Find” from the Edit menu, and search for the following string:

Get New Internet Patrol Articles by Email!


Computer\HKEY_CURRENT_USER\Software\VBandVBA Program Settings\SrvID\ID\

Or just a fragment of it, such as “SrvID”

The presence of any of these modifications is evidence that Blackshades has been installed on your computer.

If you find that you likely have the Blackshades RAT on your computer, the FBI is “highly recommending” that you “wipe your hard drive and reload your operating system,” (even if your antivirus software claims to detect it) and immediately afterwards, change all of your passwords (if you change your passwords beforehand, Blackshades may just capture the new passwords). You can also change all of your passwords first from a non-infected computer, if that is an option for you.

The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.

CashApp us Square Cash app link

Venmo us Venmo link

Paypal us Paypal link

While you may think that wiping your hard drive is a little extreme, especially if your antivirus software is up-to-date, even the people who intentionally purchased and used Blackshades are saying that the only way to get rid of it is to wipe your hard drive.

Share the knowledge

2 thoughts on “How Do I Know if I Have the Blackshades RAT on My Computer?

  1. Hi there, its nice paragraph concerning media print, we
    all understand media is a impressive source of information. math-problem-solver,
    This site was… how do you say it? Relevant!! Finally I
    have found something which helped me. Kudos!

  2. Hello,
    Thanks for the info.
    I had someone show me on command.exe – red/black ground data.. said it was black shades.. malware.
    Used all your techniques.. Did not find any of the listed terms:
    To check for Blackshades RAT look for any of these files: dos_sock.bss, nir_cmd.bss, pws_cdk.bss, pws_chro.bss, pws_ff.bss, pws_mail.bss, pws_mess.bss..

    Any direction?

Leave a Reply

Your email address will not be published.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.