ramnit.c

gavincdavies · May 13, 2011

My PC is infected with the ramnit.c virus. I have read that combofix may be able to fix the problem but I also know that this should only be run under the supervision of a trained user. Is there anyone who could advise if I should run this and also run me through the process - I understand I should post the log report after it's run. Can anyone help? Thanks.

TimW · May 13, 2011

You need to do an online Eset scan. Run it once, save the log and reboot. Then run it again, save the log and reboot. Then do it a third time, save the log and attach all three to your next post.

eSet Online Scan.

gavincdavies · May 14, 2011

Thanks for the help. One thing before I run this program - I have about 90% of my files backed up but I don't want to try to back up the other 10% in case I infect my external drive - is there any risk of losing any files if I run this?

Cheers

TimW · May 14, 2011

No, you shouldn't lose files. But it really all depends on how bad the infection is. I won't know that until I see the logs.

gavincdavies · May 14, 2011

Thanks Tim - sorry about this but one last question before I do this. I know that one of the nasty things this ramnit.c can do is try and download loads of other malware and viruses (I'm working on a mac at the moment). My anti-virus (CA) will be on and the firewall too - do you think it will be relatively safe to connect to the internet to download Eset? I expect it's a catch 22 situation and I have no choice!!

Cheers

TimW · May 14, 2011

Eset is an online scan, no downloading to do. At this point, you have little choice. This is our normal warning about these infections:

Ramnit infections have really become quit nasty and dangerous. We could attempt to remove it, and we have had some success in the past, but recently it has become even more trouble to remove. It is really safer to just bite the bullet and do a clean reinstall.

The problem is that the damage caused by this infection really makes a PC unreliable/untrustworthy. PE file infectors like Ramnit, Virut,.... etc can infect all executable files (DLL, EXE, SCR....and many more and also HTML). These infections can open back doors that truly may compromise your computer and your security. These backdoors could allow a remote attacker to access and instruct the infected computer to download and execute more malicious files.

In many cases the infected files (which could number in the thousands) cannot be disinfected properly by your anti-virus or by other scanning tools. Also when disinfection is attempted, the files often become corrupted and the system may become unstable or irrepairable. The longer Ramnit remains on a computer, the more files it may infect and/or corrupt so the degree of infection can vary.

Ramnit is commonly spread via a flash drive (usb, pen, thumb, jump) infection where it copies the Ramnit worm using a random file name. The infection is often contracted by visiting remote, crack and keygen sites. These type of sites are a major source of system infection.

So all the above being said, and please do take serious note of the warnings, do you really wish to attempt cleaning even though the stability and security of your be cannot be guaranteed? And also note that we could spend a lot of time trying to fix it and still fail due to the number of files that have been infected. What would you like to do?
Click to expand...

chaslang · May 14, 2011

TimW said: ↑

Eset is an online scan, no downloading to do.
Click to expand...

Actually it does have to download some pieces of software inorder to run the scan.

gavincdavies said: ↑

- I have about 90% of my files backed up but I don't want to try to back up the other 10% in case I infect my external drive
Click to expand...

I have to comment on the statement that 90% of your files are backed up! When were these backed up. If you backed up after this infection occurred, you most likely already infected your external drive. Unless when you stated 90% of your files you meant only your own personal data and you were not just referring to your whole PC. Ramnit can infect ALL exectuables ( and this includes as you will see ) HTML files. Every program that you have ever downloaded ( the installer files and the installed programs ) may now already be infected. This includes your CA Antivirus which is most likely infected too.

gavincdavies · Sep 3, 2011

Hi Tim

I've been using a Mac for the last few months and finally got round to sorting out this Ramnit problem on my PC. I have run several scans/malware removal tools including tdss killer, microsoft windows malicious software removal tool and malwarebytes. The misrosoft tool seemed to do a good job and removed alureon.a and ramnit.gen!a. Ramnit.d was partially removed and then seems to have been fully removed after the other scans. ramnit.c was actually not detected - I think an earlier scan using malwarebytes (run in a local computer shop) removed it. My PC is certainly running faster and now runs at 3% instead of 100% on the CPU. The floppy drive has also stopped constantly switching on and off which it started to do after I got the infection. I ran the eset scan 3 times as you instructed and as you will see from the attached logs the first log removed 5 infected files (not ramnit) but was 'unable to clean' 21 files infected with ramnit.a. I'm not sure if this is because these have been quaranteened by one of the other removal tools. Please could you advise what the next step should be. Thanks.

Gavin

SCAN 1

Log in or Sign up

ramnit.c

gavincdavies Private E-2

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

gavincdavies Private E-2

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

gavincdavies Private E-2

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

gavincdavies Private E-2

Attached Files:

Ramnitscan.txt

Log in or Sign up

ramnit.c

gavincdavies Private E-2

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

gavincdavies Private E-2

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

gavincdavies Private E-2

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

gavincdavies Private E-2

Attached Files:

Ramnitscan.txt

Useful Searches