Jump to content
Kaspersky Support Forum

hacked by Rat

man47

By man47
in Kaspersky Internet Security

 Share

Recommended Posts

man47

man47

Posted
  • Author
Posted

hi 

I have been using your product for a long time
I was hacked by a program called Revenge Rat
The hacker sat talking to me for a while via his chat
After running the file, I continued to classify the file and found it was classified in the low restriction rule

The hacker made a video explaining what he can do when hacking my device
In this video

https://www.youtube.com/watch?v=_ikZoDQlnP4

 

Specifications used
Kaspersky Publication (kaspersky internet security  v21.1.15.500 (c) )
- Windows version and update (windows 10 pro x64 v2004 build 19041.572)
- The file was not detected from your signature database

 

What do I have to do to stop this happening again ???

 

Link to comment
Share on other sites
man47

man47

Posted
  • Author
Posted

Hello @man47

Welcome!

We’re not into silent movies, nor can we read Arabic, please provide specific details about Casper on the maximum settings, VS is a hack file with all features

Was remote access given to anyone for this experiment? 

Please post back? 

Thank you🙏

Flood🐳 +🐋

he did this video As a definition of what he could do with me

for me yes he control all over my pc and pull a lot of my data

I actually cleaned my device, a new copy of Windows was installed, and the hack was removed

But I ask, how can I deal in this situation and how was I penetrated so easily in the presence of your program

 

Link to comment
Share on other sites
Flood and Flood's wife

Flood and Flood's wife

Posted
Posted

Hello @man47,

Thank you for posting back👌

Regarding “how was I penetrated so easily in the presence of your program”, we have no association with Kaspersky whatsoever, other than to use their products and voluntarily provide assistance to Community members, such as yourself. 

  1. Don’t give remote access to anyone who is unknown to you, especially a hacker.
  2. Raise a case with Kaspersky Technical Support, follow the template as in our image, ask them to advise you. 
  3. Provide as much detail as possible,  a silent video is insufficient, you need to add information so Technical experts understand the issue, that will help them help you

 

 

  • After submitting the case, you’ll receive an automated email with an INC+12digits reference number, then, normally, within 5 business days, a Kaspersky Technical Support human will communicate with you, also by email, you may continue to engage with the Kaspersky Technical Team via email or by updating the INC in your MyKaspersky account.
  • Please share the outcome with the Community when it’s available?

Thank you🙏

Flood🐳+🐋

Link to comment
Share on other sites
man47

man47

Posted
  • Author
Posted

he hacked me 

I did not give remote access to him 

he hacked me some how I do not know how

he hacked me and kaspersky did not detected suspicious behavior with him 

I only know he hacked me when he talked to me via his chat
If he didn't, I wouldn't know that I was hacked by him

kaspersky failed to protect me from this intrusion and could not discover any suspicious method he had done with me

Link to comment
Share on other sites
Flood and Flood's wife

Flood and Flood's wife

Posted
Posted

Hello @man47

Thank you for the update👌

  • When you wrote “he did this video as a definition of what he could do with me, for me yes he control all over my pc and pull a lot of my data”, we understood that to mean you had knowingly granted permission for him to access your device.
  • Irrespective, you must consult the Kaspersky Technical expert team, in the incident request, make sure you include a link to this topic.  Also prepare and provide a GSI & Windows Logs
  • Please do share the outcome with the Community, when it’s available? 

Thank you🙏

Flood🐳+🐋

Link to comment
Share on other sites
Igor Kurzin

Igor Kurzin

Posted
Posted

Hi @man47 
Please submit a ticket to technical support and send me the incident number. 

No need to collect GSI & Windows Logs (as the system has been reinstalled from scratch). 

What was the application where you had a chat with the hacker? 

Did you download and run the application yourself (that was classified as low restricted)?

It is recommended that you change the passwords for your Windows accounts, disable Remote access (Open System and Security. Choose System in the right panel. Select Remote Settings from the left pane to open the System Properties dialog box for the Remote tab. Click Don't Allow Connections to This Computer and then click OK.), reset your wi-fi router. 

Regards,

Igor

Link to comment
Share on other sites
maxmathew

maxmathew

Posted
Posted

Hello,

 

I read this topic and i wanted to give little info for max protection in Kaspersky Internet Security. In first attachment “settings for max protection 00.jpg”, in low restricted and high restricted parts, in network column, you will see that network connection is question mark and when we click on it, it writes in the bottom: “” you will be prompted for a decision if the “perform recommend actions automatically” check box is cleared (Settings window, the General section). If this check box is selected,the executable file is allowed to perform the action.  ”” . If we choose “perform recommended actions automatically” , then the network connection will be allowed for low restricted and high restricted applications if i didn’t misunderstand, of course if no malign actions are detected by kaspersky.

  As far as we know, rat programs can be used for good purposes or for bad purposes. This is like a knife: we can use that knife for kitchen works for good intentions, or we can kill a person with that knife,too, for bad purposes. 🙂 Rat programs are like that. If we want to be protected maximum by kaspersky, then we must uncheck “perform recommended actions automatically” check box as in the attachment “settings for max protection 01.jpg”..  Of course, for not technical users, this option can be a little pain, because every low restricted , high restricted applications will give a warning for your decision, but low restricted and high restricted programs cannot use network without your knowledge in this way..  and most probably, that hacker wouldn’t be able to penetrate in his pc, in this way.. 

 

By the way, in fact, while we are using kaspersky with “perform recommended actions automaticaly” option, this network connection for low and high restricted applications can be made by kaspersky team in a way so that kaspersky asks users for their decisions,too, for max protection..I hope in future versions, this situation will be considered by kasperky.. 

 

I forgot to say,that’s why i edited, of course, if a user wants to use kaspersky in automatic mode and if a user doesn’t want low and high restricted programs to use his network, then in application manager, manage applications part, that user can adjust low restricted and high restricted parts from “question mark” to “deny” so that low and high restricted applications won’t use network. This is an option,too. :)

Best wishes..  

Link to comment
Share on other sites
maxmathew

maxmathew

Posted
Posted

By the way, i gave a feedback /suggestion to Support for Kaspersky so that even in automatic mode Kaspersky will give warning to users for their decisions for low and high restricted applications to connect to network or not.. If this is done by Kaspersky, then no RAT-like applications will be able to bypass Kaspersky protection without user knowledge.. 

 

Best regards 

Link to comment
Share on other sites
man47

man47

Posted
  • Author
Posted

Hello @man47

Thank you for the update👌

  • When you wrote “he did this video as a definition of what he could do with me, for me yes he control all over my pc and pull a lot of my data”, we understood that to mean you had knowingly granted permission for him to access your device.
  • Irrespective, you must consult the Kaspersky Technical expert team, in the incident request, make sure you include a link to this topic.  Also prepare and provide a GSI & Windows Logs. 
  • Please do share the outcome with the Community, when it’s available? 

Thank you🙏

Flood🐳+🐋

 

i will send them the report

 

classified in the low restriction rule

In this case :  “ ...  user's permission is required for most operations … “

Also , to clarify this issue Kaspersky Lab should have obtained Logs before cleaning with a new copy of Windows.

 

i still have a report before i install new windows 

 

Hi @man47 
Please submit a ticket to technical support and send me the incident number. 

No need to collect GSI & Windows Logs (as the system has been reinstalled from scratch). 

What was the application where you had a chat with the hacker? 

Did you download and run the application yourself (that was classified as low restricted)?

It is recommended that you change the passwords for your Windows accounts, disable Remote access (Open System and Security. Choose System in the right panel. Select Remote Settings from the left pane to open the System Properties dialog box for the Remote tab. Click Don't Allow Connections to This Computer and then click OK.), reset your wi-fi router

 

Regard

 

Igors,. 

 

i still have a report before i install new windows 

 

the chat program is a features with in program hacker ( Revenge Rat ) 

 

Did you download and run the application yourself (that was classified as low restricted)? 

yes i run i by myself but kaspersky classified it automatically to low restricted

 

Hello,

 

I read this topic and i wanted to give little info for max protection in Kaspersky Internet Security. In first attachment “settings for max protection 00.jpg”, in low restricted and high restricted parts, in network column, you will see that network connection is question mark and when we click on it, it writes in the bottom: “” you will be prompted for a decision if the “perform recommend actions automatically” check box is cleared (Settings window, the General section). If this check box is selected,the executable file is allowed to perform the action.  ”” . If we choose “perform recommended actions automatically” , then the network connection will be allowed for low restricted and high restricted applications if i didn’t misunderstand, of course if no malign actions are detected by kaspersky.

  As far as we know, rat programs can be used for good purposes or for bad purposes. This is like a knife: we can use that knife for kitchen works for good intentions, or we can kill a person with that knife,too, for bad purposes. 🙂 Rat programs are like that. If we want to be protected maximum by kaspersky, then we must uncheck “perform recommended actions automatically” check box as in the attachment “settings for max protection 01.jpg”..  Of course, for not technical users, this option can be a little pain, because every low restricted , high restricted applications will give a warning for your decision, but low restricted and high restricted programs cannot use network without your knowledge in this way..  and most probably, that hacker wouldn’t be able to penetrate in his pc, in this way.. 

 

By the way, in fact, while we are using kaspersky with “perform recommended actions automaticaly” option, this network connection for low and high restricted applications can be made by kaspersky team in a way so that kaspersky asks users for their decisions,too, for max protection..I hope in future versions, this situation will be considered by kasperky.. 

 

I forgot to say,that’s why i edited, of course, if a user wants to use kaspersky in automatic mode and if a user doesn’t want low and high restricted programs to use his network, then in application manager, manage applications part, that user can adjust low restricted and high restricted parts from “question mark” to “deny” so that low and high restricted applications won’t use network. This is an option,too. :)

Best wishes..  

By the way, i gave a feedback /suggestion to Support for Kaspersky so that even in automatic mode Kaspersky will give warning to users for their decisions for low and high restricted applications to connect to network or not.. If this is done by Kaspersky, then no RAT-like applications will be able to bypass Kaspersky protection without user knowledge.. 

 

Best regards 

 

Thanks for this advice

I know that

But only the company is supposed to adjust its options in order to prevent this method in order to be more powerful
In such cases

Link to comment
Share on other sites
maxmathew

maxmathew

Posted
Posted

Hi,

I had given a feedback/suggestion to Support and the Support replied to me today. I wanted to inform you about this subject. (I translated from Turkish to English) The reply is:

“ Thank you for contacting Kaspersky Lab's Technical Support Team.

According to the response from our programmers, your proposal was saved in the system and forwarded to the program developers to work on it.

Thank you. ”

 

In future versions,i hope this suggestion will be applied.. 

 

Sincerely

 

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing


×
×
  • Create New...