[RAT help]

Thanks so much for your help. Could I ask what antivirus/anti-rootkit software you use? I'm slightly paranoid about reinfection - Thanks.

[RAT help]

Thanks, I have removed older versions of Python and updated the rest, regards,

[RAT help]

Thank you for the continued speedy help. I have uninstalled Bonjour.

SecurityCheck.txt

[RAT help]

It's not allowFRST.txtAddition.txting me to edit my previous post - I forgot to restart my PC before running FRST, my apologies. Please find the new logs below. Thanks in advance

[RAT help]

Please find attached logs - Thanks.

AdwCleaner[S04].txt MalwareBytesLog.txt Addition.txt FRST.txt

[RAT help]

Thanks, I'll update with the logs when they're done. I've found these System overrides in my Windows Exploit Protection settings and I don't remember ever setting these, are they suspicious? Thanks so much for the help

 

<?xml version="1.0" encoding="UTF-8"?>
<MitigationPolicy>
  <AppConfig Executable="ExtExport.exe">
    <ASLR ForceRelocateImages="true" RequireInfo="false" />
  </AppConfig>
  <AppConfig Executable="ie4uinit.exe">
    <ASLR ForceRelocateImages="true" RequireInfo="false" />
  </AppConfig>
  <AppConfig Executable="ieinstal.exe">
    <ASLR ForceRelocateImages="true" RequireInfo="false" />
  </AppConfig>
  <AppConfig Executable="ielowutil.exe">
    <ASLR ForceRelocateImages="true" RequireInfo="false" />
  </AppConfig>
  <AppConfig Executable="ieUnatt.exe">
    <ASLR ForceRelocateImages="true" RequireInfo="false" />
  </AppConfig>
  <AppConfig Executable="iexplore.exe">
    <ASLR ForceRelocateImages="true" RequireInfo="false" />
  </AppConfig>
  <AppConfig Executable="mscorsvw.exe">
    <ExtensionPoints DisableExtensionPoints="true" />
  </AppConfig>
  <AppConfig Executable="msfeedssync.exe">
    <ASLR ForceRelocateImages="true" RequireInfo="false" />
  </AppConfig>
  <AppConfig Executable="mshta.exe">
    <ASLR ForceRelocateImages="true" RequireInfo="false" />
  </AppConfig>
  <AppConfig Executable="MsSense.exe">
    <StrictHandle Enable="true" />
    <SEHOP Enable="true" TelemetryOnly="false" />
  </AppConfig>
  <AppConfig Executable="ngen.exe">
    <ExtensionPoints DisableExtensionPoints="true" />
  </AppConfig>
  <AppConfig Executable="ngentask.exe">
    <ExtensionPoints DisableExtensionPoints="true" />
  </AppConfig>
  <AppConfig Executable="PresentationHost.exe">
    <DEP Enable="true" EmulateAtlThunks="false" />
    <ASLR ForceRelocateImages="true" RequireInfo="false" BottomUp="true" HighEntropy="true" />
    <SEHOP Enable="true" TelemetryOnly="false" />
    <Heap TerminateOnError="true" />
  </AppConfig>
  <AppConfig Executable="PrintDialog.exe">
    <ExtensionPoints DisableExtensionPoints="true" />
  </AppConfig>
  <AppConfig Executable="runtimebroker.exe">
    <ExtensionPoints DisableExtensionPoints="true" />
  </AppConfig>
  <AppConfig Executable="SystemSettings.exe">
    <ExtensionPoints DisableExtensionPoints="true" />
  </AppConfig>
</MitigationPolicy>

[RAT help]

Thanks @AdvancedSetup

ESET2.txt

[RAT help]

Thanks,

msert.log

[RAT help]

1 hour ago, AdvancedSetup said:

-snip-

 

Hello, Hope you are well.

Thanks

mbar-log-2021-12-22 (21-36-06).txt system-log.txt

[RAT help]

I've just had this error while trying to scan some files.



Kind regards,

[RAT help]

Hello,

I'm fairly sure I've been infected by a RAT, and I have some questions - is there anyway to see if this was installed by a family member on the same network with physical access to the computer? I dread to think it was my brother but I'm fairly certain. Is this system still infected? 

I have also found Malwarebytes antivirus scans with no action taken and things added to my exception list. I have added those logs alongside the log this advice - Thanks in advance.

Addition.txt FRST.txt AdwCleaner[C00].txt MostRecentPostADW.txt Previous1.txt Previous2.txt Previous3.txt Previous4.txt