Jump to content

I got Ramnit in may business machine


Recommended Posts


Two programs to download


ISOBurner this will allow you to burn drweb.iso to a cd and make it bootable. Just install the program, from there on in it is fairly automatic. Instructions


  • Download Dr.Web LiveCD and burn it to a CD using ISO Burner. NOTE: This file is 90Mb in size so it may take some time to download.
  • When downloaded, double click the file and this will then open ISOBurner to burn the file to a CD.
  • Reboot your system using the Dr.Web Live CD.
  • Note : If you do not know how to set your computer to boot from CD follow the steps here .
  • As loading starts, a dialogue window will prompt you to choose between the standard and safe modes.
  • Use arrow keys to select to select DrWeb-LiveCD (Default) and press "Enter".
  • The operating system will detect all available disk drives automatically. It will also try to connect to the local network, if available.
  • When the system is loaded, click on the green circle button at the top and let it update.
  • After it is done updating, check the disks or folders you want to scan (which is all of them) and click the "Start" button.
  • Then select what drives (should be all) so we can disinfect all partitions.
  • After the scan is complete, and if the scan found stuff:
    • Click "Select All" and the click "Cure" NOTE: Make double sure to click CURE and NOT Delete!
    • Let Dr.Web RENAME the files that can't be cured.
    • After that, please reboot your PC.


Please click here to download AVP Tool by Kaspersky.

  • Save it to your desktop.
  • Reboot your computer into SafeMode.

    You can do this by restarting your computer and continually tapping the
    key until a menu appears.

    Use your up arrow key to highlight SafeMode then hit

  • Double click the setup file to run it.
  • Click Next to continue.
  • Accept the Licence agreement and click on next
  • It will by default install it to your desktop folder.Click Next.
  • It will then open a box There will be a tab that says Automatic scan.
  • Under Automatic scan make sure these are checked.

  • Hidden Startup Objects

  • System Memory

  • Disk Boot Sectors.

  • My Computer.

  • Also any other drives (Removable that you may have)

Leave the rest of the settings as they appear as default.

  • Then click on Scan at the to right hand Corner.
  • It will automatically Neutralize any objects found.
  • If some objects are left un-neutralized then click the button that says Neutralize all
  • If it says it cannot be Neutralized then chooose The delete option when prompted.
  • After that is done click on the reports button at the bottom and save it to file name it Kas.
  • Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

    Note: This tool will self uninstall when you close it so please save the log before closing it.

Link to post
Share on other sites

Thank you Gammo,

I had tried every things are available on the web. Manually and with several tools too, and just the Kaspersky killed the virus.

A resume of my war:

Ramnit.B keep some bad files on the disk, like these examples:

c:\program files\microsoft\DesktopLayer.exe

c:\program files\internet explorer\dmlconf.dat




Link to post
Share on other sites

  • 2 weeks later...

@ Maluf

This system has been severely infected by Ramnit and cannot be cleaned.

nuke.gif As you must see, it has also infected exe files and cannot be disinfected.

See When should I re-format? How should I reinstall?

Where to draw the line? When to recommend a format and reinstall?

I advise you do a thorough wipe/reformat and then re-install Windows.

Disconnect this system from the internet right away.

I suggest a clean (new) Windows Install:

Before you do that, make sure you have at hand the Windows CD/DVD and also, a fresh new copy of your antivirus that is downloaded from a clean pc and saved on transportable-media (CD-DVD or clean thumb drive).

When you are at point of re-installing o.s., I'd recommend you have the pc disconnected from internet until after the o.s. is installed, plus the antivirus is fully setup and running.

You will loose your documents so if you have some to save, offload them to a separate offline media. And later on insure you do a full scan of them by running your antivirus.

P.S. You are strongly advised to do the following immediately.

1. Contact your banks, credit card companies, financial institutions and inform them that you "may" be a victim of identity theft and ask them to put a watch on your accounts or change all your account numbers.

2. From a clean computer, change ALL your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups.

3. Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.

* Take any other steps you think appropriate for an attempted identity theft.

Also, any pen/thumb/USB flash drives used with this system should be wiped and reformatted. Ramnit is also known to be spread via these portable drives.

Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.