how to rescue my data?

Ramnit infections have really become quit nasty and dangerous. We could attempt to remove it, and we have had some success in the past, but recently it has become even more trouble to remove. It is really safer to just bite the bullet and do a clean reinstall.

The problem is that the damage caused by this infection really makes a PC unreliable/untrustworthy. PE file infectors like Ramnit, Virut,.... etc can infect all executable files (DLL, EXE, SCR....and many more and also HTML). These infections can open back doors that truly may compromise your computer and your security. These backdoors could allow a remote attacker to access and instruct the infected computer to download and execute more malicious files.

In many cases the infected files (which could number in the thousands) cannot be disinfected properly by your anti-virus or by other scanning tools. Also when disinfection is attempted, the files often become corrupted and the system may become unstable or irrepairable. The longer Ramnit remains on a computer, the more files it may infect and/or corrupt so the degree of infection can vary.

Ramnit is commonly spread via a flash drive (usb, pen, thumb, jump) infection where it copies the Ramnit worm using a random file name. The infection is often contracted by visiting remote, crack and keygen sites. These type of sites are a major source of system infection.

So all the above being said, and please do take serious note of the warnings, I suggest the you just reformat, re-partition and re-install. You run too great a risk trying to save anything.

 

If you have run eset numerous times and it is still showing the infection, then your only course of action is to reformat.

I would be very hesitant to try to rescue or back up ANY files. All it takes is one infected file to reinfect your other media.

Yes, you run a very great risk of infecting the external drive.

 

Best to scan the files with eset. Making sure that what you are backing up is clean.