NanoCore RAT symptoms
The NanoCore RAT can be disguised as a secure and hard-to-find process. However, the PC system begins to show itself with typical general symptoms, such as:
- The processor consumes more computer system resources.
- PC often hangs and crashes.
- Browsers are flooded with malicious pop-ups.
- The random window starts working on its own, without any action from the user.
- The page in the browser redirects the user to a malicious site.
How did the NanoCore RAT get into my PC?
NanoCore RAT is spread through spam and fake updates. Spam is a variety of malicious attachments (PDF files, MS Office documents and more). Users run the specified script by opening the extension, and they silently download and install the trojan.
Fake update programs start infecting systems by applying bugs and vulnerabilities to outdated software.
The main ways the emergence of the virus:
- A program with a virus is download and install on the PC (free programs are often bundle with the NanoCore RAT).
- The infect email is open.
- The user clicks on a pop-up ad.
- Peer-to-peer network.
The trojan program starts a chain reaction, in addition to installing other viruses.
NanoCore RAT: legit or fake?
When a user views a NanoCore RAT file, he can check whether it is legitimate or fake in two ways.
- File location. The standard files are located in the C:\Windows\System32 folder. All other files with NanoCore RAT in their titles are placed in different folders but not in the C:Windows\System32 folder.
- Task Manager. First, start Task Manager – go to ‘Processes’ and look for NanoCore RAT.exe – right click to delete it – if Windows displays a warning message, then NanoCore RAT.exe is a good process and does not need to be removed. Otherwise, when the warning appears, the NanoCore RAT.exe process is fake.
Remove NanoCore RAT from your system
It very often happens that users notice that the trojan program remains on the system after its removal. This scenario may be because the registry with other PC system files is infected. Let’s try to remove NanoCore RAT from computer:
Method 1: Remove NanoCore RAT withAvarmor
Avarmoris a tool that removes malware. The utility helps users remove trojans like NanoCore RAT and various malware from their computers. This utility has a simple and user-friendly interface, as well as powerful mechanisms to protect your entire PC system.
- Download and installAvarmor.
- After completing the download process, run the tool, adjust it according to its settings. Before that, you have to close all extraneous programs on your PC.
- The utility will start working, and the user will need to click on the ‘Scan’ button for malware.
- After the scan is complete, a list of found malicious objects will be created.
- Remove all threats found.
- After the cleaning is complete, restart your PC.
Method 2: Delete via Registry Editor
Those who want to try removing the NanoCore RAT manually use Regedit as the trojan can modify the registry itself.
- Let’s run the command line.
- Enter Regedit when prompted.
- Before uninstalling, you need to make a backup copy of the registry (File – Export – save the registry to a safe place).
- Once the backup copy has been created, press Edit – Find.
- Enter NanoCore RAT.exe – Find next.
- Registry found? Right click on it and click Delete.
Method 3: Connect your computer to the network and enter Safe Mode
First, try booting your computer in safe mode. It will help if you do this to prevent the NanoCore RAT from starting.
Windows 7, 10, Vista, XP
- First, restart the computer.
- Press F8 Before you see Windows.
- You will see a menu of advanced options.
- Open ‘Safe Mode with Networking’
- Press Enter.
Windows 8, Windows 8.1
- Press Windows+R to open the RUN window.
- Enter the msconfig command.
- Click OK.
- Click on the Boot tab.
- In that area, select the Safe Boot and Networking option.
- Click OK.
- Reboot the computer.
Method 4: Delete all dubious apps
The causative app may persist even after trying to uninstall it, finding a new location in the PC system. Try to find the location:
- Right click on the taskbar.
- Select Task Manager.
- View all applications using system memory.
- Look for applications that have not been install and run by the user.
- Right click on it to open its location.
- Now open Control Panel.
- Click Uninstall a program.
- Check for suspicious apps.
Method 5: Delete temporary files
The temporary files folder is where the malicious files are store. Try deleting temporary files and folders:
- Open the Run window
- Enter the command %temp% and press Enter.
- The path C:\Users\[username]\AppData\Local\Temp will appear; meaning, the temp folder will open.
- Delete files and folders, then empty the Recycle Bin.