Home / Spyware Help / DarkKomet Removal Guide

DarkKomet Removal Guide

by 0 Comments

Do you know what DarkKomet is?

DarkKomet is an incredibly malicious Trojan that continues to spread across the web. The infection’s development has been stopped, and it is no longer possible to download the official version of it. According to the official website (darkcomet-rat.com), the project was closed in 2012, and that is when the Trojan was spreading most actively. That being said, although the official installer has been dismantled, it is impossible to know how many copies exist and how they could be used in the future. The official website informs that many different websites offer it for free as well, but those websites are likely to bundle the free copy of the Trojan along with malicious threats. Originally, the Trojan was created by Jean-Pierre Lesueur, and he offered the RAT (remote access tool) for free right off the bat. Unfortunately, the program was employed by malicious parties in very extreme ways. It has been active for a decade now (originally developed in 2008), and it has done some serious damage. If you continue reading, we will introduce you to the RAT and show you how to delete it. So, are you interested in removing DarkKomet?

It is known that the malicious DarkKomet has been employed during the Syrian civil war to spy on civilians. The RAT has been used against architecture companies in Denmark back in 2015 as well. In this case, spear-phishing attacks were used to spread the Trojan. DarkKomet has been distributed using a social media scam as well. The launcher was introduced to users using the popular “JeSuisCharlie” hashtag that was linked to the mass shooting in Paris back in 2015. More recently (August 2018), the infection has been spreading via spam again. This time, the launcher was concealed as a seemingly-harmless document file that, allegedly, represented “shipping” confirmation. Spam emails are used to spread ransomware, Trojans, and other kinds of malware all the time, and most users know very well that spam emails should be removed instead of opened. Unfortunately, people make mistakes, and they often open spam messages and the links or attachments sent via them. In most cases, malware is executed without any warning, and so users do not realize that they need to delete threats for a long time. Once the RAT is executed, it can be extremely intrusive, and every victim’s virtual security can be jeopardized.DarkKomet Removal GuideDarkKomet screenshot
Scroll down for full removal instructions

According to our research team, once DarkKomet is executed, it can record video using the web camera. It can also record audio using the microphone, as well as log keystrokes to record passwords, usernames, and other sensitive information. The Trojan can also gain remote access to the Desktop to take over the control. It has the functionality to shut down and restart the computer, as well as to log the user off. The malicious DarkKomet can lock the infected computer, as well as restart, close, and uninstall servers. It also has plenty of network functions that allow it to scan IPs, download URLs, redirect IPs, access WiFi points, and so on. Basically, the Trojan can be extremely valuable to attackers who are seeking to spy on users in a silent manner. Since the malicious code is free for anyone to use, and it has been proven that spreading it is not that hard, this Trojan is serious threat, and if it manages to slither in, it must be removed ASAP.

Our malware researchers have created a list of directories that the malicious DarkKomet usually hides itself in. Unfortunately, the components of the Trojan can have random and unique names, and new directories could be used to hide it, which is why we cannot provide you with a very specific guide that would help you remove the RAT manually. Needless to say, if you lack experience, this is not the method you should employ. Instead, you should make use of a legitimate anti-malware program that could find and delete DarkKomet automatically. Needless to say, if you find and remove the threat, you must change passwords and take other security measures immediately.

Remove DarkKomet

  1. Launch Win+E keys to launch Explorer.
  2. Enter the following directories into the field at the top to access them (one by one):
    • %APPDATA%\Avocun
    • %APPDATA%\dclogs
    • %APPDATA%\HostProcess
    • %APPDATA%\VIA
    • %HOMEDRIVE%\MSDCSC
    • %HOMEDRIVE%\Windupdt
    • %USERPROFILE%\Desktop
    • %USERPROFILE%\Downloads
    • %USERPROFILE%\my documents\DCSCMIN
    • %USERPROFILE%\documents\DCSCMIN
    • %USERPROFILE%\my documents\MSDCSC
    • %USERPROFILE%\documents\MSDCSC
    • %TEMP%
    • %TEMP%\MSDCSC
  3. If you are able to identify malicious files, you should right-click and choose Delete immediately.
  4. Once you Empty Recycle Bin, immediately perform a full system scan using a trusted malware scanner.

In non-techie terms:

It is necessary to remove DarkKomet, and the sooner that is done, the better. The infection was designed to spy, and if it is executed on the operating system successfully, it can record video and audio, capture keystrokes to steal passwords, mess with the operating system, and cause serious security issues. Without a doubt, it is best to delete DarkKomet before it does anything malicious, but even if you think you have caught it fast, changing passwords and employing strong security software is imperative. We suggest using anti-malware software to secure your system. It also can automatically remove all existing threats. So, if you want to feed two birds with one scone, go ahead and install a trustworthy anti-malware program now.