How to remove STRRAT malware

What is STRRAT

STRRAT is a malicious program distributing through e-mail spam messages. Decoded, STRRAT refers to Remote Administration Trojan (RAT), which aims at hijacking sensitive data. The object of focus is usually hanging around login data saved in browsers or e-mail clients. A list of data usually includes banking credentials, passwords, history, IP addresses, and more personal intel representing the money value sought by the developers. STRRAT allows the extortionists standing behind to manage a PC of victims remotely. By doing so, they are able to read and sort out the information they need to extort. Web browsers like Google Chrome, Mozilla Firefox, Internet Explorer, and e-mail clients like Foxmail, Microsoft Outlook, and Mozilla Thunderbird can be easily tracked by the virus once it gets on the system. The stolen information can therefore be abused to perform illegitimate transactions and other fraudulent steps pursuing personal benefit. Technically, as STRRAT developers have access to affect your entire system, they are more than capable of installing other potentially dangerous software (e.g. ransomware, cryptocurrency mining programs, adware, browser hijackers, etc.). It is known that this trojan contains a script that mimics ransomware abilities, which may be used to temporarily block the stored files (by changing their extension to “.crimson”). Do not mistake this with real ransomware, which encrypts data with ciphers. STRRAT simply changes the names, so that users are unable to access data by usual double-clicking. To fix this, it is enough to remove the appended extension at the end of the files and roll back to the original one. Considering all of these threats, it is critically important to prevent the STRRAT virus from impacting the data by running complete removal from your computer. Apart from deletion instructions, we will also show you the ways STRRAT malware is spread right below.

How STRRAT infected your computer

A number of conducted researches have established that STRRAT is distributed via malicious spam letters. These messages are bundled with a malicious file named NEW ORDER.jar, which is meant to cause a chain of malware infections including the STRRAT trojan. If you see JavaScript, MS Office documents, executable, or PDF files attached to an unknown message, more likely there is some malicious activity awaiting to be unleashed. You can pull off the lever only by opening the attached files. In other words, there is no way they can impact your system unless you take a step yourself. Also, it is worth mentioning that some extortionists tend to insert external links leading to download pages. Such pages are usually looking as legitimate download websites developed by delivery companies. In reality, they end up being fake and dangerous in 99% of cases. This is why it is good to avoid interacting with messages that indicate something suspicious. Below, we will show you a number of ways you can protect yourself from similar threats in the future.

1. Download STRRAT Removal Tool
2. Use Windows Malicious Software Removal Tool to remove STRRAT
3. Use Autoruns to remove STRRAT
4. Files, folders and registry keys of STRRAT
5. Other aliases of STRRAT
6. How to protect from threats, like STRRAT

Remove STRRAT manually

Manual removal of STRRAT by inexperienced users may become a difficult task because it does not create entries in Add/Remove Programs under Control Panel, does not install browser extensions, and uses random file names. However, there are pre-installed instruments in the Windows system, that allow you to detect and remove malware without using third-party applications. One of them is Windows Malicious Software Removal Tool. It comes with Windows Update in Windows 11, 10, 8. 8.1. For older operating system you can download it here: 64-bit version | 32-bit version.

Remove STRRAT using Windows Malicious Software Removal Tool

1. Type mrt in the search box near Start Menu.
2. Run mrt clicking on found item.
3. Click Next button.
4. Choose one of the scan modes Quick scan, Full scan, Customize scan (Full scan recommended).
5. Click Next button.
6. Click on View detailed results of the scan link to view the scan details.
7. Click Finish button.

Remove STRRAT using Autoruns

STRRAT is often set up to run at Windows startup as an Autorun entry or Scheduled task.

1. Download Autoruns using this link.
2. Extract the archive and run Autoruns.exe file.
3. In Options menu make sure there are checkboxes near Hide Empty Locations, Hide Microsoft Entries, and Hide Windows Entries.
4. Search for suspicious entries with weird names or running from locations like: C:\{username}\AppData\Roaming.
5. Right-click on suspicious entry and choose Delete. This will prevent the threat to run at startup.
6. Switch to Scheduled Tasks tab and do the same.
7. To remove files themselves, click on suspicious entries and choose Jump to Entry…. Remove files or registry keys found.

Remove files, folder and registry keys of STRRAT

STRRAT files and folders


NEW ORDER.jar
x.jar


STRRAT registry keys


KEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
{randomname} = "%AppDataLocal%\{randomname}\{randomname}.hta"


Aliases of STRRAT

How to protect from threats, like STRRAT, in future

Standard Windows protection or any decent third-party antivirus (Norton, Avast, Kaspersky) should be able to detect and remove STRRAT. However, if you got infected with STRRAT with existing and updated security software, you may consider changing it. To feel safe and protect your PC from STRRAT on all levels (browser, e-mail attachments, Word or Excel scripts, file system) we recommend a leading provider of internet security solutions – BitDefender. Its solutions both for home and business users proved to be one of the most advanced and effective. Choose and get your BitDefender protection via the button below: