Another Ramnit Victim :(

[OwenMelbz]

After reading a few of the other threads about Ramnit with no success I'm giving up and turning to the big guns.

Im running
Windows 7 Ultimate 64bit.
Eset Smart Security 4
Firefox 3.6 (Sandboxed)

The story goes:

Found a random popup in the background of firefox with a women talking to me about something, wasnt listening and then a livejasmin.com popup behind that.
Then suddently nod32 popped up saying that a varient of win32.ramnit.b was messing with some .html files coming from firefox.exe.

So i terminated firefox n everything then Ran a quick malwarebytes scan which came up with nothing interesting on a quick scan. So ran CCleaner and tidied everything up (while running nod32 full system scan and windows defender scan in background)

Booted up firefox again and started browsing. then suddently nod started alerting me about more threads from random .exe/dlls/html files scattered throughout my PC.

Have Run MGTools, MalwareBytes, SuperAntiSpyware and CCleaner.

Still getting the nasty little poppu saying infected files. This all started from about 2pm Today (GMT) so only 2-3 Hours into the infection.

Hope we can catch it in time! coz a format is sort of..impossible at the moment. As was a Dell machine with vista on it. Then I purchased a Digital copy of w7 Upgrade (wont do fresh installs ) and this was what 7 was released so my w7 cdkey is for upgrade only. so id have to install vista again first(which came pre-installed) so cant install that from retail discs. yada yada yada, u get the point im sure?.

Hope we sort this out

Thank you.

PENDING ATTACHMENTS (SOME SCANS ARE STILL SCANNING! AS ITS SEARCHING 3TB OF DATA ON 4 PHYSICAL DISKS)

[OwenMelbz]

Cant edit my post? so this isnt a BUMP!

UAC is disabled but when MGTools says Complete your file is at c:\mglogs.zip the file doesnt exist.

EDIT: Manually zipped unkeys and runkeys

[TimW]

Please run an eSet online scan and repeat it each time it finds something. Attach each log in your next reply. You may need to run it 2 or 3 times:

eSet Online Scan.

When it comes back clean, then see if you can run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). Attach that log if it runs.

[OwenMelbz]

Quote:

Originally Posted by TimW

Please run an eSet online scan and repeat it each time it finds something. Attach each log in your next reply. You may need to run it 2 or 3 times:

eSet Online Scan.

When it comes back clean, then see if you can run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). Attach that log if it runs.

okay eset is running its online scanner now, ill update thread with full eset logs soon as.

below is the malwarebytes log, super anti spyware log and the previous post is the MGTools log, named MGtools.zip

[TimW]

MBAM indicates that you did not fix what it found. And your previous MGLogs.zip is missing numerous logs. That is why I said to run eSet until it was clean and then try to run the getlogs. bat.

[OwenMelbz]

Quote:

Originally Posted by TimW

MBAM indicates that you did not fix what it found. And your previous MGLogs.zip is missing numerous logs. That is why I said to run eSet until it was clean and then try to run the getlogs. bat.

Woops, I saved a log before fixing the errors, and after but i uploaded the before fix log. Ive uploaded the latest one.

another woops, i simply downloaded someone elses mglogs.zip to see what files it included, apparently theirs wasnt full.

Ive sorted the permissions out which wouldnt let mgtools create file inside c:\ and have attached it below.

eset is still scanning, even though its been on 99% for about 40 mins now.

Thankyou for your patience.

[TimW]

Well, let's see what eSet finds.

[OwenMelbz]

Quote:

Originally Posted by TimW

Well, let's see what eSet finds.

here is the 1st eset scan (although called eset2) took 6 hours!! wooo

2nd scan log coming once its completed (most likely tomorrow morning for me) ie 8 hours time.

[TimW]

Quote:

Originally Posted by OwenMelbz

2nd scan log coming once its completed (most likely tomorrow morning for me) ie 8 hours time.

Not a problem, I will be here.

[OwenMelbz]

morning

Right eset online finished and chucked the attached log out.

then ran mg tools again and attached a new version of that

thanks :D

[TimW]

Looks better. What issues are you currently having, if any?

[OwenMelbz]

Quote:

Originally Posted by TimW

Looks better. What issues are you currently having, if any?

nod32 keeps popping up saying Win32/Ramnit.B is in random files. but all scans show pretty clean apart from stuff i know about.

[TimW]

Run the eSet online scan one more time. We want to do this until it doesn't find anything.