Detect and Remove DarkComet RAT Malware used by Syrian Government

DarkComet is a remote administration tool that opens an invisible backdoor giving the controller full access to the computer including access to the hard drive, activating webcam and sound capture, keylogging to steal username and passwords by capturing keystrokes and many more. DarkComet is one of the very few free remote administration tool that has been in development for such a long time. About 2 months ago CNN reported that the Syrian government was using a free and publicly available remote administration tool called DarkComet to spy on the supporters of the Syrian opposition. When the coder of DarkComet got to know about this, he quickly created a remover for his own tool to fix what the Syrian government did to the opposition movement.

Since DarkComet can be downloaded publicly, the server file that is generated from it is obviously fully detected by most if not all antiviruses. So anyone with the intention of infecting another person’s Windows computer will have to make the server file fully undetectable by crypting it to bypas the antivirus detection. What makes DarkComet RAT Remover special is the ability to detect DarkComet’s presence even if it is virtualized, packed, encrypted, compressed or obfuscated.

DarkComet RAT Remover

DarkComet RAT Remover is a portable and simple to use tool that is able to detect DarkComet RAT instance by taking a few minutes to scan the memory and offers to cure the threat in just a click of a button. The DarkComet removal tool also shows the process name and the installed location if the presence is found. Since modern Windows operating system such as Windows and 7 has UAC enabled by default which protects third party application from modifying the registry, it is advisable to run the DarkComet RAT Remover as administrator by right clicking on the tool and select “Run as administrator”.


As you can see from the video demo above, the DarkComet RAT Remover is able to detect the presence of DarkComet but the ability to remove the infection is a bit weak. DarkComet RAT Remover terminates the process but the file and registry entry that makes it auto start with Windows is still intact which means that when Windows is restarted, DarkComet will run again. The persistence installation option at the Module Startup is not even enabled during the creation of a new stub.

Another powerful option found in DarkComeT RAT that definitely breaks the DarkComet RAT Remover tool is the persistent process option in the Module Shield. When this option is enabled, the server process will automatically restart when it is killed or terminated.

Perhaps the DarkComet RAT Remover is very useful to detect its presence but shouldn’t fully rely on it to remove the infection until the cleaning function has been polished. The latest version of DarkComet RAT Remover was released about 2 months ago and this file has been constantly being scanned in VirusTotal with the result of a perfect zero (0/42) detection. Rest assured that the DarkComet removal tool is definitely safe without any backdoor being embedded to it that is if you download from the official link below.

Download DarkComet RAT Remover

30 Comments - Write a Comment

  1. sid vishas 11 years ago
  2. mowrrrman 12 years ago
  3. mcphlen 12 years ago
  4. Yohan Perera 12 years ago
  5. Raymond 12 years ago
  6. mowrrrman 12 years ago
  7. Chiku 12 years ago
  8. david trevallee 12 years ago
  9. david trevallee 12 years ago
  10. mcphlen 12 years ago
  11. Laptop 12 years ago
  12. Laptop 12 years ago
  13. mowrrrman 12 years ago
  14. Pelso 12 years ago
  15. phil 12 years ago
  16. Pelso 12 years ago
  17. Freewear 12 years ago
  18. Freewear 12 years ago
  19. Raymond 12 years ago
  20. Chiku 12 years ago
  21. Raymond 12 years ago
  22. Dr. Sheldon Cooper, Phd 12 years ago
  23. sjf 12 years ago
  24. Victor 12 years ago
  25. Nuno 12 years ago
  26. mcphlen 12 years ago
  27. Raymond 12 years ago
  28. sjf 12 years ago
  29. Subhayan 12 years ago
  30. Lovaboy 12 years ago

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: Your comment is subject to approval. Read our Terms of Use. If you are seeking additional information on this article, please contact us directly.