Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

feel like crying--can you help my RAMNIT infection problem?


  • This topic is locked This topic is locked

#1
zelz

zelz

    New Member

  • Member
  • Pip
  • 1 posts
HI, I am at my wits end. It began late last night after visiting a page I got an AVG threat alert about a Tjojan Horse Hider. Usually AVG spots virus threats and deals with them. I clicked 'move to vault' but got 'unsuccessful'--I tried to email an online guy who is more tech savvy than me (I am not savvy at all), but the email would send at Tbord, so I did a CCleaner. and then restarted. When it came back on I was faced with an AVG Multiple Threat Detection with iles proliferating before my eyes, all infected. I tried the only option 'heal files' and it didn't work. So I was freaked.

Eventually I went to the actual AVG site and there were more options and I clicked remove all threats and the ones i saw--which were lots all got 'healed and ticked. But then it just went on and on with yet more files. Last count ages ago was over 5000!

by this time my online friend recommend I download Malwarebytes which i have and ran a scan, and it found 12 maclicious softwares, and I cleaned them. But that other AVG just kept popping up again and again with increasin infected files

ny frined said that Ram nit was very nasty. I also tried to get actual help with this from techguy but that was hours ago and its said that the people there are volunteers and it could take a couple of days. So I am desprate, and just dont know what to do. I do a lot of work online and the thought of losing everything in a wipe is causing me great stress. please can you help?
  • 0

Advertisements


#2
azarl

azarl

    GeekU Admin

  • Administrator
  • 25,203 posts
It is possible that you have Ramnit, a file infecter. If Ramnit has has infected this machine, it can and will infect all the machine's executable files .exe, .scr, .rar, .zip, .htm, .html. It may corrupt and damage some files beyond repair.

I recommend that you back up all your important data from this machine to a USB memory stick.

Step 1
Download Flash_Disinfector.exe by sUBs from here and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your USB memory stick. Please do so and allow the utility to clean it.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.

    Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you run it. Don't delete this folder - it will help protect your drives from future infection.
You can safely back up files to this device and transfer to another machine, without risk of infection

Step 2
Copy any important files you need to keep from the suspect machine.
Do not backup any executable files (.exe .scr .html or .htm) or compressed files (zip/cab/rar) files that may contain .exe or .scr files

I would strongly suggest that you reformat you machine as it is the only way to be sure that the infection is gone. We can try and remove it but I have to warn you that the odds are not good, file infecters are very difficult to clear. If too many system files are damed, we may have an unbootable machine.

If you want to reformat, please come back to me. If you want to try and clear it, follow the following instructions exactly.

Please print out these instructions

» Step 1 «
On a clean machine, download Malwarebytes' Anti-Malware from Here or Here and save to a flash /usb disk

» Step 2 «
Download combofix from http://download.blee...Bs/ComboFix.exe and save it to your USB disk.

» Step 3 «
On a clean machine, download Avira Rescue CD from here. Follow the intructions here, to burn a bootable CD.

» Step 4 «
Insert Avira, and boot and run in the infected machine again follow the instructions from here . I suggest you print out the instructions from the Avira forum.

Once that's done, reboot your system normally, if you can (let me know if you can't before doing anything else)

» Step 5 «
Insert your flash disk into the infected machine and double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply.
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

» Step 6 «
ComboFix

Notes:
  • Copy ComboFix from your USB to your desktop but do not run it yet
  • Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See http://www.bleepingc...opic114351.html

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks
  • Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
  • A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.
Posted Image

Posted Image

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.
  • 0

#3
azarl

azarl

    GeekU Admin

  • Administrator
  • 25,203 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP