Cheat Engine

[homer_simpson]

Well It seems I've been scammed with a CyberGate RAT. It has been crypted with a FUD Crypter and I was wondering how can I remove it? It seems to have attached itsself to chrome.exe. It kept creating some files in C:\Users\Alex\AppData\Local\Temp called xxxyyyzzz.dat and Alex6,Alex7, Alex10.Alex10 containing "Messenger|<myusername>|<mypassword>", so yeah I'm a bit concerned. Yes I've thought of System Restore but I'd like to know an option.

[OhAndyOh]

Full sweep, reformatt.

[homer_simpson]

I've got rid of it manually. Since other people might have this problem, here's what I did:
This RAT is user customizable so a user chooses which path to store the main executable and a user can choose to make it hook into Google Chrome. First of all terminate chrome.exe's task. Then you can find the path of this executable by going on regedit/regedt32. Just browse to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run and you will find a key that contains the path. Delete this key (make sure to write down the path it contained). Now you will have to delete the executable. Go to Control Panel, chose View by: "Small icons" and click Folder Options. Now on the view tab tick "Show hidden files, folders and drives" and untick "Hide Protected operating system files". Now simply go to the path mentioned earlier and delete the executable. Done!

[Falc0n]

Persistancy will kill you.

Dissect the RAT and look for all the places it has initiated and set itself. Then remove it.