Jump to content
Due to inclement weather in Southwest Florida, our Clearwater support team is offline. Our other offices are available to assist you, however their responses may be delayed. We appreciate your patience and understanding during this time. ×

Infected (again!)


Recommended Posts

I think you are infected with a polymorphic file infector which is bad news.

Please run this online scan if possible:

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

http://www.eset.eu/online-scanner

Tick the box next to YES, I accept the Terms of Use.

Click Start

When asked, allow the ActiveX control to install

Click Start

Make sure that the options Remove found threats and the option Scan unwanted applications is unchecked

Click Scan

Wait for the scan to finish

Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt

Copy and paste that log as a reply to this topic

MrC

Link to post
Share on other sites

  • Replies 50
  • Created
  • Last Reply

Top Posters In This Topic

That's what I was afraid of: (we can't fix this, you have to format and reinstall)

You are infected with a polymorphic file infector. This infection can and will infect all the machine's executable files .exe, .scr, .rar, .zip, .htm, .html. Because there are a number of bugs in its code, it may create executable files that are corrupted beyond repair resulting in an inoperative machine.

Some links to read:

http://forums.malwar...ndpost&p=320816

http://miekiemoes.bl...s-throwing.html

http://www.bleepingc...28#entry1366528

MrC

Link to post
Share on other sites

Wonderful news...I really do appreciate the help, though, at least I know what it is now and what needs to be done. I am, however, unable to afford a new OS disc, and I certainly don't have one with me, and I'm assuming you certainly need one for a re-format reinstall, so it looks like I'm out of luck.

Anyway, thankyou so much for your help.

Link to post
Share on other sites

The drives should be scanned to make sure their not infected and then run Flash_Disinfector as outlined below:

Please download Flash_Disinfector.exe by sUBs and save it to your desktop.

  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
  • Hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.

Note: As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that was plugged in when you ran it. Do not delete this folder...it will help protect your drives from future infection by keeping the autorun file from being installed on the root drive and running other malicious files.

-----------------------

You computer most likely has a repair option built into it, you'll have to check your documentation or with customer support on their website.

MrC

Link to post
Share on other sites

Well, I found out what was spreading it, a memory stick. It infected another one of my machines, but I reformatted that without any problem. I've now formatted the hard-drive; just one more question, can any anti-virus software catch Ramnit before it infects the computer? I plugged the USB in and McAfee immediately stated that it had found Ramnit and deleted it. I then scanned with McAfee and it has found nothing.

Link to post
Share on other sites

Ok, I've formatted one USB stick (that was infected) and then put in the other too, and used Flash Disinfector on both. I then scanned with McAfee and found nothing on either of them. I've also scanned the system with MBAM and got this:

Malwarebytes Anti-Malware (Trial) 1.60.0.1800

www.malwarebytes.org

Database version: v2012.01.24.05

Windows Vista Service Pack 1 x86 NTFS

Internet Explorer 7.0.6001.18000

Josh :: JOSH-PC [administrator]

Protection: Enabled

25/01/2012 00:19:34

mbam-log-2012-01-25 (00-19-34).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 161537

Time elapsed: 8 minute(s), 10 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

Well you said McAfee did detect it.

Here's some info on it and how to protect the computer:

http://www.microsoft...in32%2fRamnit.A

I would recommend Microsoft Security Essentials as a good free anti-virus / anti-malware program:

http://windows.micro...rity-essentials

also..........

Take a look at My Preventive Maintenance to avoid being infected again.

MrC

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.