iiidddlll Posted May 21, 2011 ID:432008 Share Posted May 21, 2011 Attach.zipHello,I recently had the Windows Recovery virus which I think I managed to get rid of.Installed Microsoft Security Essentials and now keep getting various Ramnit infections e.g VBS/Ramnit.B, Win32/Ramnit.gen!B, Win32/Ramnit.gen!A, Win32/Ramnit.AB.The malwarebytes log and the dds log are below and attached is the zipped ark and attach.Your help would be gratefully received and appreciated.Thanks in advance.iiidddlllPlease find below the Malwarebytes log:Malwarebytes' Anti-Malware 1.50.1.1100www.malwarebytes.orgDatabase version: 6633Windows 6.0.6002 Service Pack 2Internet Explorer 8.0.6001.1904821/05/2011 11:45:56mbam-log-2011-05-21 (11-45-56).txtScan type: Quick scanObjects scanned: 159027Time elapsed: 8 minute(s), 7 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)Please find below the DDS log:.DDS (Ver_11-05-19.01) - NTFSx86 Internet Explorer: 8.0.6001.19048Run by Ian at 12:07:16 on 2011-05-21Microsoft Link to post Share on other sites More sharing options...
iiidddlll Posted May 23, 2011 Author ID:432780 Share Posted May 23, 2011 48+ Hour Bump.Thanks Link to post Share on other sites More sharing options...
iiidddlll Posted May 24, 2011 Author ID:433001 Share Posted May 24, 2011 72 hour bump.Still require help!Thanks Link to post Share on other sites More sharing options...
LDTate Posted May 24, 2011 ID:433018 Share Posted May 24, 2011 Ramnit infectionshttp://www.techspot.com/vb/topic154671.htmlCourtesy BroniWin32/Ramnit is a file infector with IRCBot functionality which infects .exe, and .HTML/HTM files, and opens a back door that compromises your computer. Using this backdoor, a remote attacker can access and instruct the infected computer to download and execute more malicious files. The infected .HTML or .HTM files may be detected as Virus:VBS/Ramnit.A. Win32/Ramnit.A!dll is a related file infector often seen with this infection. It too has IRCBot functionality which infects .exe, .dll and .HTML/HTM files and opens a back door that compromises your computer. This component is injected into the default web browser by Worm:Win32/Ramnit.A / B which is dropped by a Ramnit infected executable file. -- Note: As with most malware infections, the threat name may be different depending on the anti-virus or anti-malware program which detected it. Each security vendor uses their own naming conventions to identify various types of malware.Understanding virus names Threat aliases for Win32/Ramnit.A / BWith this particular infection the safest solution and only sure way to remove it effectively is to reformat and reinstall the OS. Why? The malware injects code in legitimate files similar to the Virut virus and in many cases the infected files (which could number in the thousands) cannot be disinfected properly by your anti-virus. When disinfection is attempted, the files often become corrupted and the system may become unstable or irreparable. The longer Ramnit.A remains on a computer, the more files it infects and corrupts so the degree of infection can vary. Ramnit is commonly spread via a flash drive (usb, pen, thumb, jump) infection where it copies Worm:Win32/Ramnit.A with a random file name. The infection is often contracted by visiting remote, crack and keygen sites. These type of sites are infested with a sm Link to post Share on other sites More sharing options...
LDTate Posted May 30, 2011 ID:434703 Share Posted May 30, 2011 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts