Jump to content

Recommended Posts

Attach.zipHello,

I recently had the Windows Recovery virus which I think I managed to get rid of.

Installed Microsoft Security Essentials and now keep getting various Ramnit infections e.g VBS/Ramnit.B, Win32/Ramnit.gen!B, Win32/Ramnit.gen!A, Win32/Ramnit.AB.

The malwarebytes log and the dds log are below and attached is the zipped ark and attach.

Your help would be gratefully received and appreciated.

Thanks in advance.

iiidddlll

Please find below the Malwarebytes log:

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6633

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.19048

21/05/2011 11:45:56

mbam-log-2011-05-21 (11-45-56).txt

Scan type: Quick scan

Objects scanned: 159027

Time elapsed: 8 minute(s), 7 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Please find below the DDS log:

.

DDS (Ver_11-05-19.01) - NTFSx86

Internet Explorer: 8.0.6001.19048

Run by Ian at 12:07:16 on 2011-05-21

Microsoft

Link to post
Share on other sites

Ramnit infections

http://www.techspot.com/vb/topic154671.html

Courtesy Broni

Win32/Ramnit is a file infector with IRCBot functionality which infects .exe, and .HTML/HTM files, and opens a back door that compromises your computer. Using this backdoor, a remote attacker can access and instruct the infected computer to download and execute more malicious files. The infected .HTML or .HTM files may be detected as Virus:VBS/Ramnit.A. Win32/Ramnit.A!dll is a related file infector often seen with this infection. It too has IRCBot functionality which infects .exe, .dll and .HTML/HTM files and opens a back door that compromises your computer. This component is injected into the default web browser by Worm:Win32/Ramnit.A / B which is dropped by a Ramnit infected executable file.

-- Note: As with most malware infections, the threat name may be different depending on the anti-virus or anti-malware program which detected it. Each security vendor uses their own naming conventions to identify various types of malware.

Understanding virus names

Threat aliases for Win32/Ramnit.A / B

With this particular infection the safest solution and only sure way to remove it effectively is to reformat and reinstall the OS.

Why? The malware injects code in legitimate files similar to the Virut virus and in many cases the infected files (which could number in the thousands) cannot be disinfected properly by your anti-virus. When disinfection is attempted, the files often become corrupted and the system may become unstable or irreparable. The longer Ramnit.A remains on a computer, the more files it infects and corrupts so the degree of infection can vary.

Ramnit is commonly spread via a flash drive (usb, pen, thumb, jump) infection where it copies Worm:Win32/Ramnit.A with a random file name. The infection is often contracted by visiting remote, crack and keygen sites. These type of sites are infested with a sm

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.