IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Four steps to exterminating RATs controlling your computer

Unless actively pursued, damaging remote access trojans have the ability to live years undetected

Red horse image imposed atop a circuitboard

With trojan detection numbers on the rise, the attention of security professionals is turning towards the packages which facilitate them.

Remote access trojans (RATs) are a type of malware program that allows hackers to covertly gain administrative control over a victim’s computer. Malicious RAT programs work by infiltrating the computer then connecting back to the hacker, giving them unauthorised access from a remote location.

Related Resource

Decade of the RATs - remote access trojans

Cross-platform APT espionage attacks targeting Linux, Windows and Android

Download now

RATs can be as damaging as they sound. Once scurrying around your computer, RATs enable hackers to use your microphone and camera, record on-screen activity, alter personal files, and distribute further malware to other networks. If left unopposed, RAT infections will only worsen.

Fortunately, there are a series of techniques which can be employed to prevent and remove RATs. Read on to learn how to safeguard your computer and keep RATs in the cage.

Individual awareness

Rather obviously, the best way to remove RATs from a computer is to avoid getting them in the first place. The most common route a RAT takes into a computer is through downloaded files, typically sent as attachments in emails.

For organisations with large hubs of administrative staff, meaning a greater number of email addresses to target and a larger risk-surface, employee-awareness of phishing practices must be heightened through comprehensive and recurring training; phishing tactics evolve and so blanket one-day training isn’t sufficient. 

Knowing not to open email attachments from unfamiliar addresses, or even the email itself, is a vital step to curtailing malware. Nor should files be downloaded from untrustworthy sources on the web, both of which allow organisations to remain vigilant and clear of any RATs.

Patch management 

The second preventative measure is to ensure patch management is constantly up-to-date. Updates are deployed for good reasons, and so it’s essential they are promptly downloaded for both operating systems and browsers alike.

Any time where updates are avoided, whether due to employees being unaware an update is available or if patches are viewed as irritating disruptors to workload, creates a window of opportunity for hackers. For those struggling to keep on top of patch management, it may be time to invest in a patch management tool.

Follow the trail of crumbs

If the worst comes to pass and efforts of prevention are undermined, it’s time to move into the location and removal phases. However, RATs can only be removed once they have first been detected. Therefore it’s vital to know and recognise what signs to look for, the trail of crumbs left by the RAT.

One of the less obvious signs is a slower network connection. Being a symptom related to many ailments, even seasoned IT professionals can be forgiven for experiencing connection issues and not immediately accusing invisible RATs. However, chances are that given a slower operating speed an autopsy is carried out, likely resulting in the inspector coming across an unexpectedly open IP port. This is a clear giveaway that there could be a RAT lurking in the shadows. Also look out for altered or deleted files, and unknown programs installed onto the device.

When suspicions are raised, it’s them time to install security software from a trusted and reliable source - here, exercise caution. Ideally, the computer would be disconnected from the internet to ensure the security probe can itself work undetected. After a full security scan, follow the recommended steps listed by the security software to remove the threat. Once the infection has been successfully removed, all details should be considered compromised. Passwords should be changed and accounts explored to scope out the damage. 

Trojan removal tools

Ordinary antivirus scanners aren’t likely to detect encrypted RATs, proven by their ability to live undetected in computers for years. Utilising reputable antivirus and anti-malware solutions do help ensure RATs are unable to properly function, and assist in mitigating any data-collection activities, however the best way to target and remove RATs is through investing in an intrusion detection tool.

Intrusion detection tools are efficient and able to automate much of the removal process. They can contain signatures that can detect trojan packets within network traffic, and if properly configured, can even reliably detect encrypted traffic. Security administrators continue to rely on trojan-specific scanners as they are the only pieces of software that can consistently stamp out a RAT. 

Here, the saving grace is that RATs take a lot of time to construct. Typically those employed by hackers are acquired rather than built, meaning that trojan scanners or even more general anti-virus software is able to pull them up. As they are a time-consuming method of attack, they are also generally saved for larger corporations where they provide hackers with a decent ROI. However, since any computer is a target, there’s pay in being prepared.

Featured Resources

Four strategies for building a hybrid workplace that works

All indications are that the future of work is hybrid, if it's not here already

Free webinar

The digital marketer’s guide to contextual insights and trends

How to use contextual intelligence to uncover new insights and inform strategies

Free Download

Ransomware and Microsoft 365 for business

What you need to know about reducing ransomware risk

Free Download

Building a modern strategy for analytics and machine learning success

Turning into business value

Free Download


What is a Trojan?

What is a Trojan?

27 Aug 2021
Senate report slams agencies for poor cyber security
cyber security

Senate report slams agencies for poor cyber security

3 Aug 2021
Most employees put their workplace at risk by taking cyber security shortcuts
cyber security

Most employees put their workplace at risk by taking cyber security shortcuts

27 Jul 2021
61% of organizations say improving security a top priority for 2021
cyber security

61% of organizations say improving security a top priority for 2021

29 Jun 2021

Most Popular

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack

16 May 2022
Windows Server admins say latest Patch Tuesday broke authentication policies
Server & storage

Windows Server admins say latest Patch Tuesday broke authentication policies

12 May 2022
Microsoft to double salary budget to retain workers
Careers & training

Microsoft to double salary budget to retain workers

17 May 2022