Posted 30 November 2010 - 08:20 AM
Please rerun OTL, click the NONE button, then change the value under Extra Registry to "use safelist" and click Run Scan. Post me extra.txt
Posted 01 December 2010 - 12:32 PM
Posted 02 December 2010 - 04:40 AM
What do i do? I think the computer is still infected..
Posted 02 December 2010 - 05:19 AM
Win32/Ramnit.A / Win32/Ramnit.B is a dangerous file infector with IRCBot functionality which infects .exe, and .HTML/HTM files, and opens a back door that compromises your computer. Using this backdoor, a remote attacker can access and instruct the infected computer to download and execute more malicious files. The infected .HTML or .HTM files may be detected as The infected .HTML or .HTM files may be detected as Virus:VBS/Ramnit.A or VBS/Generic. Win32/Ramnit.A!dll is a related file infector often seen with this infection. It too has IRCBot functionality which infects .exe, .dll and .HTML/HTM files and opens a back door that compromises your computer. This component is injected into the default web browser by Worm:Win32/Ramnit.A which is dropped by a Ramnit infected executable file.
-- Note: As with most malware infections, the threat name may be different depending on the anti-virus or anti-malware program which detected it. Each security vendor uses their own naming conventions to identify various types of malware.
- Understanding virus names
- VirusTotal Threat aliases for W32/Ramnit <- Win32.Ramnit!IK, W32.Ramnit!inf, Win32.Rmnet
- VirScan Threat aliases for W32/Ramnit <- Win32/Zbot, PWS.Panda.387, PE_RAMNIT, Trojan/Generic.arhm
- McAfee Threat aliases for W32/Ramnit - link 1 <- Trojan.Generic.KD, Win32/Zbot, W32/Cosmu
- McAfee Threat aliases for W32/Ramnit - link 2 <- SHeur3.AQRA, W32/Patched-I, Win32.Nimnul, W32/Pedalac
Why? The malware injects code in legitimate files similar to the Virut virus and in many cases the infected files (which could number in the thousands) cannot be disinfected properly by your anti-virus. When disinfection is attempted, the files often become corrupted and the system may become unstable or irreparable. The longer Ramnit.A remains on a computer, the more files it infects and corrupts so the degree of damage can vary.
Ramnit is commonly spread via a flash drive (usb, pen, thumb, jump) infection where it copies Worm:Win32/Ramnit.A with a random file name. The infection is often contracted by visiting remote, crack and keygen sites. These type of sites are infested with a smörgåsbord of malware and a major source of system infection.
In my opinion, Ramnit is not effectively disinfectable, so your best option is to perform a full reformat as there is no guarantee this infection can be completely removed. In most instances it may have caused so much damage to your system files that it cannot be completely cleaned or repaired. Security vendors that claim to be able to remove file infectors cannot guarantee that all traces of it will be removed as they may not find all the remnants. If something goes awry during the malware removal process there is always a risk the computer may become unstable or unbootable and you could loose access to all your data.
Further, your machine has likely been compromised by the backdoor Trojan and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume the computer is secure even if your anti-virus reports that the malware appears to have been removed.
Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:
- When should I re-format? How should I reinstall?
- Where to draw the line? When to recommend a format and reinstall?
Backdoors and What They Mean to You
Whenever a system has been compromised by a backdoor payload, it is impossible to know if or how much the backdoor has been used to affect your system...There are only a few ways to return a compromised system to a confident security configuration. These include:
• Reimaging the system
• Restoring the entire system using a full system backup from before the backdoor infection
• Reformatting and reinstalling the system
This is what Jesper M. Johansson at Microsoft TechNet has to say: Help: I Got Hacked. Now What Do I Do?.
The only way to clean a compromised system is to flatten and rebuild. That’s right. If you have a system that has been completely compromised, the only thing you can do is to flatten the system (reformat the system disk) and rebuild it from scratch (reinstall Windows and your applications).
Posted 02 December 2010 - 05:49 AM
will it delete the virus off my USB's though - all my work and stuff is saved on there.
Posted 02 December 2010 - 09:41 AM
Flash disinfector will prevent the virus from infectin usb-drives and thus prevent the risk of spreading the infection. But be very careful. One leftover file is enough to reinfect everything!
Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
- Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
- The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
- Hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present.
- Wait until it has finished scanning and then exit the program.
- Reboot your computer when done.
Posted 02 December 2010 - 01:23 PM
1. Can I use the flash disinfector on this 'infected' computer? and will it wipe out everything from the flash drive?
2. If I do the above to my 'infected' computer will it wipe out everything and delete all documents and stuff? And how long will it take?
3. If I insert an 'infected' USB onto another computer will the new computer be infected?
Posted 03 December 2010 - 01:51 AM
2. Meaning a reformat? Yes, it will remove everything? Typically it takes a few hours to reformat and reinstall most things.
3. Yes, unless that computer has an antivirus that catches and stops the infection.
Posted 05 December 2010 - 07:00 AM
remember I don't have any windows disc - everything came pre-installed!!!!
Posted 05 December 2010 - 07:49 AM
Posted 05 December 2010 - 01:59 PM
Posted 06 December 2010 - 12:38 PM
but when i click internet explorer - tools - internet options - delete - the cookies box is always unticked. even if i tick it once i open a new internet explorer its back to normal.
im cleaning all the flash drives atm.
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users