Detect and Remove DarkComet RAT Malware used by Syrian Government
DarkComet is a remote administration tool that opens an invisible backdoor giving the controller full access to the computer including access to the hard drive, activating webcam and sound capture, keylogging to steal username and passwords by capturing keystrokes and many more. DarkComet is one of the very few free remote administration tool that has been in development for such a long time. About 2 months ago CNN reported that the Syrian government was using a free and publicly available remote administration tool called DarkComet to spy on the supporters of the Syrian opposition. When the coder of DarkComet got to know about this, he quickly created a remover for his own tool to fix what the Syrian government did to the opposition movement.
Since DarkComet can be downloaded publicly, the server file that is generated from it is obviously fully detected by most if not all antiviruses. So anyone with the intention of infecting another person’s Windows computer will have to make the server file fully undetectable by crypting it to bypas the antivirus detection. What makes DarkComet RAT Remover special is the ability to detect DarkComet’s presence even if it is virtualized, packed, encrypted, compressed or obfuscated.
DarkComet RAT Remover is a portable and simple to use tool that is able to detect DarkComet RAT instance by taking a few minutes to scan the memory and offers to cure the threat in just a click of a button. The DarkComet removal tool also shows the process name and the installed location if the presence is found. Since modern Windows operating system such as Windows and 7 has UAC enabled by default which protects third party application from modifying the registry, it is advisable to run the DarkComet RAT Remover as administrator by right clicking on the tool and select “Run as administrator”.
As you can see from the video demo above, the DarkComet RAT Remover is able to detect the presence of DarkComet but the ability to remove the infection is a bit weak. DarkComet RAT Remover terminates the process but the file and registry entry that makes it auto start with Windows is still intact which means that when Windows is restarted, DarkComet will run again. The persistence installation option at the Module Startup is not even enabled during the creation of a new stub.
Another powerful option found in DarkComeT RAT that definitely breaks the DarkComet RAT Remover tool is the persistent process option in the Module Shield. When this option is enabled, the server process will automatically restart when it is killed or terminated.
Perhaps the DarkComet RAT Remover is very useful to detect its presence but shouldn’t fully rely on it to remove the infection until the cleaning function has been polished. The latest version of DarkComet RAT Remover was released about 2 months ago and this file has been constantly being scanned in VirusTotal with the result of a perfect zero (0/42) detection. Rest assured that the DarkComet removal tool is definitely safe without any backdoor being embedded to it that is if you download from the official link below.
Download DarkComet RAT Remover