Jump to content

Virus.Ramnit - is it worth reformatting yet?

oscy

By oscy
in Resolved Malware Removal Logs

 Share

Recommended Posts

oscy

oscy

Posted
Posted

Malwarebytes Anti-Malware found 1 object today: Virus.Ramnit.

It was in Local Settings\Application Data\smvshitj\bpnfrida.exe

I quarantined and deleted it. I scanned the folder and nothing was found. Yesterday I had done a Quick Scan and it found nothing. Apparently Ramnit is usually spread by flash drive. I do have a flash drive, but it has documents and stuff, from this computer only, which are a few months old mostly. Still, I've scanned it and it's come up with nothing.

Anyway, I have seen a few links. A few other threads from people who had this virus, but they had loads of files infected, not just one. One link from here says we must reformat and all that, another generic one from here suggests that all's fine if it's removed. Also, threat ratings I've seen linked have all said 'low' - the lowest, even.

A few questions that come to mind are:

If my scanner(s) don't pick up anything, should I continue as normal? Should I only take action if a later scan shows Virus.Ramnit up again in the near future (especially if it's multiple files)?

Now that the file is deleted, is my computer safe once more, or are backdoors and the other stuff this virus brings not detectable?

What should I do or change regarding passwords, bank cards etc.? I've already changed my Facebook password.

Is my result definitely Ramnit, or could it be something that just went under that name but was actually not that special?

I found only 1 result, does that mean I may have caught this early and stopped any harm? Should I wait and see if more results pop up before taking drastic and much-hassle action?

And so on.

attach.txt

dds.txt

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

That's usually is the best option, lets see how badly you're infected:

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

http://www.eset.eu/online-scanner

Tick the box next to YES, I accept the Terms of Use.

Click Start

When asked, allow the ActiveX control to install

Click Start

Make sure that the options Remove found threats is unchecked and the option Scan unwanted applications is checked

Click Scan

Wait for the scan to finish

Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt

Copy and paste that log as a reply to this topic

MrC

Link to post
Share on other sites
oscy

oscy

Posted
  • Author
Posted

I already have ESET NOD32 Antivirus 5.0.93.0 and haven't had a result from that for some time. I'll scan again with it as well, while I wait for a reply.

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=f45a4516d051b24aab86b4998438f118

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-04-09 05:03:29

# local_time=2012-04-09 06:03:29 (+0000, GMT Daylight Time)

# country="United Kingdom"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=3073 16777213 80 71 2384021 9664097 0 0

# compatibility_mode=8204 39157077 100 93 76546 21087047 0 0

# scanned=217479

# found=0

# cleaned=0

# scan_time=9334

# nod_component=V3 Build:0x30000000

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

It's clean, usually with that infection, it will show hundreds of infected files.

Local Settings\Application Data\smvshitj\bpnfrida.exe

This is definitely malware, but looks more like a folder/file from a fake anti-virus program.

See what an updated scans shows, MrC

Link to post
Share on other sites
oscy

oscy

Posted
  • Author
Posted

It's clean, usually with that infection, it will show hundreds of infected files.

Local Settings\Application Data\smvshitj\bpnfrida.exe

This is definitely malware, but looks more like a folder/file from a fake anti-virus program.

See what and updated scans shows, MrC

Awesome. Reformatting would've been a hassle, not least because, while I have a legal copy of Windows, I was never given a CD of it.

NOD32 scan didn't find anything else, none of my scanners have.

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Well if you had that infection, you should see more than one infected file.

The scans are clean, so time will tell...in a couple of days repeat the scans and make sure they're clean.

Anti-virus programs are best to pick up that infection.

Any questions...please post back.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites
LDTate

LDTate

Posted
Posted

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.