Script: scripts/Remove/⛔Remove All RATs.ps1
Launcher: launchers/Remove/⛔Remove All RATs.ps1
Version: 2026.02.06.01
Category: Remove
Detects and removes 70+ known remote access tools (RATs) from the system, including commercial tools, VNC variants, RMM tools, and known malicious RATs.
- Commercial tools: AnyDesk, TeamViewer, RustDesk, Splashtop, LogMeIn, etc.
- VNC variants: RealVNC, TightVNC, UltraVNC, TigerVNC
- RMM tools: Action1, Atera, Datto, NinjaRMM, Kaseya, etc.
- Known malicious RATs: Remcos, QuasarRAT, AsyncRAT, njRAT, etc.
- Level.io (authorized RMM)
- ScreenConnect (use dedicated removal script for non-MSP instances)
- Stop services and processes
- Run uninstallers (registry-based, silent)
- Delete services
- Remove files and folders
- Clean registry entries
- Remove firewall rules and scheduled tasks
| Code | Status | Description |
|---|---|---|
| 0 | Success | No RATs detected, or all removed successfully |
| 1 | Alert | RATs detected or removal failed |
| File | Path | Purpose |
|---|---|---|
| Launcher | launchers/Remove/⛔Remove All RATs.ps1 |
Deploy to Level.io |
| Script | scripts/Remove/⛔Remove All RATs.ps1 |
Detection and removal logic |
| Module | modules/COOLForge-Common.psm1 |
Shared library |
A standalone version for USB-based remediation is available:
standalone_scripts/Remove/Remove-AllRATs-Standalone.ps1
- RAT Detection — Detection-only script (no removal)
- Force Remove AnyDesk — Deprecated (now handled by this script)