Symantec is currently popping up with the following message:
[SID:26653] System Infected: Dark Comet RAT Activity detected.
Every time it fades away, it comes right back up.
Does anyone here have experience in removing this risk?
Is the attack being blocked? If so, does it show the source in the security log?
Symantec also has an AV signature for it so you should run a ful lscan in safe mode with latest defs
https://www-secure.symantec.com/connect/blogs/darkcomet-rat-it-end
Having the Same Issue right now. It´s getting Blocked and i can see the Source IP. But what should i do with that?
You can put in a firewall rule to block the source IP.