Video Screencast Help

Dark Comet RAT ACtivity

Created: 19 Sep 2013 | 3 comments

Symantec is currently popping up with the following message:

[SID:26653] System Infected: Dark Comet RAT Activity detected.

Every time it fades away, it comes right back up.

Does anyone here have experience in removing this risk?

Operating Systems:
Discussion Filed Under:

Comments 3 CommentsJump to latest comment

.Brian's picture

Is the attack being blocked? If so, does it show the source in the security log?

Symantec also has an AV signature for it so you should run a ful lscan in safe mode with latest defs

https://www-secure.symantec.com/connect/blogs/dark...

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Byolock's picture

Having the Same Issue right now. It´s getting Blocked and i can see the Source IP. But what should i do with that?

.Brian's picture

You can put in a firewall rule to block the source IP.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.