- Slow Computer
- System crashes
- Normal system programs crash immediatelly
- Connects to the internet without permission
- Installs itself without permissions
- Can't be uninstalled via Control Panel
If you receive a threat called WSH RAT, your privacy could be at risk. As you see, the malware can employ specific malicious tools that may help it record various information about you; for example, what you type with your keyboard. Needless to say, if cybercriminals get their hands on data like your passwords, banking details, and so on, they could cause you a lot of troubles. Consequently, we recommend not to waste any time and remove WSH RAT immediately. Experienced users who wish to delete it manually could use the instructions we place below this article. As for those who do not have any experience with Trojans or malware alike, we highly recommend leaving this task to a chosen antimalware tool. Should you need more assistance or have anything else to ask about this malicious application, you can always leave us a comment at the end of this page.
Next, we would like to explain what could happen if a system gets infected with WSH RAT. At first, the malicious application may need to create a few files. Our researchers say such data could be added in the following locations: %TEMP%, %APPDATA%, and %APPDATA%\Microsoft\Windows\Start Menu\Startup. Files created in the listed folders should have random names, and they could have either .exe or .js extension. Later on, the malware may start downloading additional malicious tools. Some variants may download a keylogger, email credential viewer, and a browser credential viewer or just one of them. Thus, WSH RAT could be able to collect user’s keystrokes, login credentials stored on a victim’s browser, and so on. The mentioned tools needed to perform these tasks could be disguised so that victims would not suspect them. For example, their launchers could be titled klplu.tar.gz, bpvpl.tar.gz, and similarly.
Another thing users who encounter this threat should know is that WSH RAT might have lots of versions. It appears hackers can purchase it for 50 US dollars per month from the Dark Web. It is possible that each buyer could personalize the malicious application. As a result, each separate version could gather different information, create different files, and so on. Note that the instructions located below this article were based on a sample that we tested, and they may not work for everyone.
We do not mean to say you should not use our provided deletion steps or try to erase WSH RAT manually at all. What we suggest is that you scan your computer with a reliable antimalware tool afterward to check if you were successful in removing the Trojan from your system. Of course, if you prefer using automatic features, you should not hesitate to use a chosen antimalware tool instead of following our provided instructions. Lastly, we would like to remind that while the Trojan was installed it could have reordered various valuable details and it would be a good idea to think about how to protect yourself in case the hackers do anything with them. For instance, if you think they may have obtained some of your passwords (which is likely as one of the tools it uses is a keylogger, and such malware can record keystrokes), it would be smart to change them.
Eliminate WSH RAT