Please, have in mind that SpyHunter offers a free 7-day Trial version with full functionality. Credit card is required, no charge upfront.
This article can help you to remove GravityRAT Virus. The step by step removal works for every version of Microsoft Windows.
GravityRAT virus is very dangerous. It is a type of Trojan horse that enables remote access to your system. In other words, the hackers can use the Trojan to control your computer. The parasite has used trickery to invade your machine and to corrupt your entire system. Following a successful installation, the Trojan modifies your System Registry and corrupts essential system files and processes. It roots itself into your OS. You cannot see it, but the virus loads together with your OS. Thus, it doesn’t matter how many times you reboot your device. The virus will not disappear. It always run in the background and cause troubles. This nasty parasite wreaks total havoc. At first, it has no symptoms. Yet, given enough time, it starts to interfere with every aspect of your daily activities. It may cause your programs to load slowly and to crash frequently. It is behind your computer’s underperformance and slow Internet connection. It is also causing odd system errors. Unfortunately, these issues should not be your main concern. What the Trojan does behind your back is far more worrisome. The virus has full control of your system. The hackers can use it to modify your settings, to steal and corrupt your personal files, to spy on you, and to infect your device with other malware and virus. No one can tell you what the future holds. It all depends on the hackers and what they need at the moment. GravityRAT is a great tool in their arsenal. This virus can be devastating. So, don’t waste your time. Remove it immediately. The sooner it’s gone, the better!
How did I get infected with?
To infect your machine, GravityRAT Trojan relies on trickery. It uses torrents, fake updates, and spam messages. The good old spam emails are still the number one cause of Trojan infections. Yes, you know the scheme, you also know how dangerous an attached file can be. But, did you know that the scammers tend to embed malicious links in their messages? One click is all it takes for a virus to be downloaded. So, if you receive an unexpected message, do not interact with it. Verify the sender first. If it’s supposed to be sent from an organization (your bank, for example), go to their official website and compare the addresses listed there with the one you have received a message from. If they don’t match, delete the pretender intermediately. Also, be extremely careful when you download attachments. The crooks corrupt various file types. When you open such a corrupted document, you would be asked to enable the “Editing mode.” Do not do it! Your bank would not send you such a file. It’s definitely a trap. The document is corrupted. If you click that “enable” button, you will give the virus the green light it needs to invade your machine. Be careful what you are giving your permission to. Only your caution can keep your device virus-free!
Why is this dangerous?
GravityRAT Trojan enters your machine in complete silence and takes full control. The virus was used in the past for espionage and is continuously upgraded. Every new version of the virus becomes more and more dangerous. This parasite is a hackers’ tool. You should not tolerate it on board. GravityRAT jeopardizes your privacy and security. The Trojan can steal users-created files such as documents, archives, presentations, databases, etc. Do you remember what kind information you have saved in your documents? The hackers may become in possession of very sensitive information, including personally identifiable one. Can you imagine what may happen if this scenario unfolds? The hackers may hold your files to ransom. They may blackmail and threaten you. Unfortunately, this is not the end of the stream of bad news. GravityRAT may be used as a backdoor to your system. The hackers can use this Trojan to further infect your machine. They may transfer any type of parasite directly on your device. This Trojan is not a parasite you should neglect. Take immediate action against it!
Manual GravityRAT Removal Instructions
Please, have in mind that SpyHunter offers a free 7-day Trial version with full functionality. Credit card is required, no charge upfront.
The GravityRAT infection is specifically designed to make money to its creators one way or another. The specialists from various antivirus companies like Bitdefender, Kaspersky, Norton, Avast, ESET, etc. advise that there is no harmless virus.
If you perform exactly the steps below you should be able to remove the GravityRAT infection. Please, follow the procedures in the exact order. Please, consider to print this guide or have another computer at your disposal. You will NOT need any USB sticks or CDs.
STEP 1: Track down GravityRAT related processes in the computer memory
STEP 2: Locate GravityRAT startup location
STEP 3: Delete GravityRAT traces from Chrome, Firefox and Internet Explorer
STEP 4: Undo the damage done by the virus
STEP 1: Track down GravityRAT related processes in the computer memory
- Open your Task Manager by pressing CTRL+SHIFT+ESC keys simultaneously
- Carefully review all processes and stop the suspicious ones.
- Write down the file location for later reference.
Step 2: Locate GravityRAT startup location
Reveal Hidden Files
- Open any folder
- Click on “Organize” button
- Choose “Folder and Search Options”
- Select the “View” tab
- Select “Show hidden files and folders” option
- Uncheck “Hide protected operating system files”
- Click “Apply” and “OK” button
Clean GravityRAT virus from the windows registry
- Once the operating system loads press simultaneously the Windows Logo Button and the R key.
- A dialog box should open. Type “Regedit”
- WARNING! be very careful when editing the Microsoft Windows Registry as this may render the system broken.
Depending on your OS (x86 or x64) navigate to:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] or
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] or
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
- and delete the display Name: [RANDOM]
- Then open your explorer and navigate to: %appdata% folder and delete the malicious executable.
Clean your HOSTS file to avoid unwanted browser redirection
Navigate to %windir%/system32/Drivers/etc/host
If you are hacked, there will be foreign IPs addresses connected to you at the bottom. Take a look below:
Step 4: Undo the possible damage done by GravityRAT
This particular Virus may alter your DNS settings.
Attention! this can break your internet connection. Before you change your DNS settings to use Google Public DNS for GravityRAT, be sure to write down the current server addresses on a piece of paper.
To fix the damage done by the virus you need to do the following.
- Click the Windows Start button to open the Start Menu, type control panel in the search box and select Control Panel in the results displayed above.
- go to Network and Internet
- then Network and Sharing Center
- then Change Adapter Settings
- Right-click on your active internet connection and click properties. Under the Networking tab, find Internet Protocol Version 4 (TCP/IPv4). Left click on it and then click on properties. Both options should be automatic! By default it should be set to “Obtain an IP address automatically” and the second one to “Obtain DNS server address automatically!” If they are not just change them, however if you are part of a domain network you should contact your Domain Administrator to set these settings, otherwise the internet connection will break!!!
- Check your scheduled tasks to make sure the virus will not download itself again.
How to Permanently Remove GravityRAT Virus (automatic) Removal Guide
Please, have in mind that once you are infected with a single virus, it compromises your whole system or network and let all doors wide open for many other infections. To make sure manual removal is successful, we recommend to use a free scanner of any professional antimalware program to identify possible virus leftovers or temporary files.