Jump to content


  • Content Count

  • Joined

  • Last visited

Profile Information

  • Location
  1. i have 1 more question: so if i use Wireshark, and put the filter as "dns" would i be able to get the persons IP and block it in the firewall? also, i will set UAC to max.
  2. Okay, so when i downloaded the RAT, the person disabled my "Administrator Permissions" I'm not really sure how, but i have it enabled now though. He also kept opening up CMD and folders, so i kept pressing Alt + F4 so he could do anything,i believe he tried deleting ESET, thank god you can't delete it so easily, after that i restarted my computer, and it had an update, I'm not sure if the update was caused by the RAT or just a legit update. (it was a pretty small update)
  3. Okay, thank you very much, and thanks for the very fast replies!
  4. no, all it did was get rid of the startup. so I'm guessing It's okay to delete?
  5. So i ran the adwcleaner and Searchservice no longer opens on start up like before. and here is the link for the analysis: https://www.hybrid-analysis.com/sample/c1ac18c9c98e3fffc50553950c154601032048b4e007ef502bc9362f1acec90f/5be9cbea7ca3e132553fd388
  6. Do you know if its supposed to open on startup? edit: i just checked and my version of of searchservice.exe has a space..
  7. Recently I downloaded a RAT and the person started deleting things and downloading stuff, not too sure why but the person started to install AVAST Security on my PC? (maybe to override ESET so the RAT wouldn't get detected?) I think i did a pretty good job getting rid of the RAT? but, you can never be too sure so I installed Process Explore (alternative Task Manager) and then I checked everything with Virustotal.com, about 6 of the programs have like 1-3/60 detected, but SearchService.exe has 30/68, (i have never seen SearchService.exe before, until recently) It's located in "C:\Windows" and is 198KB in size. There isn't much info on it and I'm not quite sure what to do. Here is the Virustotal link: https://www.virustotal.com/#/file/c1ac18c9c98e3fffc50553950c154601032048b4e007ef502bc9362f1acec90f/detection It's also not verified by Microsoft.