MajorGeeks Support Forums

Go Back   MajorGeeks Support Forums > ----------= PC, Desktop and Laptop Support =---------- > Malware Removal
Register FAQ Members List Calendar Casino Mark Forums Read

Malware Removal Malware removal forum. Please see the READ ME FIRST thread before you post. Forum is staffed by a small number of volunteers, please be patient.


Reply
 
Thread Tools Display Modes
  #1  
Old 02-18-12, 22:56
Olaus Olaus is offline
Private E-2
 
Join Date: Feb 2012
Posts: 4
Thanks: 1
Thanked 0 Times in 0 Posts
Default Ramnit on 1 SDHC memory card and 2 USB flash drives

Hi,
I'm currently traveling abroad, meaning I take a lot of pictures. In order to send some of these home, I have at several times connected my camera to computers on internet cafes WITHOUT locking the SDHC memory card so it can only be read from (this function I have learnt after this ordeal started).

Last week I noticed my camera wouldn't read the card. It said "Can't create folder". I connected it to a internet cafe PC and folder names were messed up, but some pictures could be retrieved with Recuva (photo recovery software), so I saved them to 2 different USB flash drives (most pics looked ok, only a few were irreparably damaged). I figured something was fishy when folder names changed on one of the USB sticks. Scans with SUPERAntiSpyware and Malwarebytes revealed Ramnit infection.

IE my own PC is not infected, but I have questions on how to tackle this problem when I come home:

1. Is there any way to safely extract pictures and videos and then format the memory sticks?
2. Is it safe to access the memory card and the USBs in Linux?
3. Will a low-level format get rid of Ramnit for sure?

Any suggestions and ideas are welcome.

Thank you for your time.

Olaus
Reply With Quote
Sponsored links
  #2  
Old 02-20-12, 21:55
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,140
Thanks: 61
Thanked 7,571 Times in 4,072 Posts
Default Re: Ramnit on 1 SDHC memory card and 2 USB flash drives

Welcome to Major Geeks!

Ramnit is quite dangerous and not always detectable in every file that could be carrying the infection. It most frequently spreads into any .exe and .html files on every disk drive ( including removeable drives ) in a PC.

The best you could do would be to scan all drives using your antivirus scanner and also another online scan like ESET ( see:
Using ESET's Online Scanner) to see if anything is found. If so delete them.

Only save your pictures! DO NOT save any EXE, HTML, DLL, or MSI ( installer programs ). If is okay to save them to your flash drive, but make sure the flash drive has no EXE, HTML, DLL, or MSI file types on it before plugging it in.

Yes a low-level format will get rid of Ramnit, but you copy back on just one infected file and use it, you could respread the infection all over again.
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
Reply With Quote
The Following User Says Thank You to chaslang For This Useful Post:
Olaus (02-21-12)
  #3  
Old 02-21-12, 01:47
Olaus Olaus is offline
Private E-2
 
Join Date: Feb 2012
Posts: 4
Thanks: 1
Thanked 0 Times in 0 Posts
Default Re: Ramnit on 1 SDHC memory card and 2 USB flash drives

Many thanks for your reply, chaslang!

I'm a bit worried about Ramnit doing an autorun as soon as I plug my USB or SDHC in to my PC. Would it be enough to use USB Panda to block this? Or should I extract the pictures in Ubuntu mode?


Olaus
Reply With Quote
  #4  
Old 02-21-12, 21:59
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,140
Thanks: 61
Thanked 7,571 Times in 4,072 Posts
Default Re: Ramnit on 1 SDHC memory card and 2 USB flash drives

Yes you could run Panda USB Vaccine or any other tool that disables autoruns. Another tool is AutoRun Eater ( see: http://majorgeeks.com/Autorun_Eater_d6074.html )
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
Reply With Quote
  #5  
Old 02-23-12, 06:21
Olaus Olaus is offline
Private E-2
 
Join Date: Feb 2012
Posts: 4
Thanks: 1
Thanked 0 Times in 0 Posts
Thumbs up Re: Ramnit on 1 SDHC memory card and 2 USB flash drives

Thanks a lot. I'll be home in about 3 weeks, I'll give it a try then and update this thread with the results.
Reply With Quote
Sponsored links
  #6  
Old 02-23-12, 21:09
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,140
Thanks: 61
Thanked 7,571 Times in 4,072 Posts
Default Re: Ramnit on 1 SDHC memory card and 2 USB flash drives

You're welcome. Good luck.
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
Reply With Quote
  #7  
Old 03-15-12, 07:51
Olaus Olaus is offline
Private E-2
 
Join Date: Feb 2012
Posts: 4
Thanks: 1
Thanked 0 Times in 0 Posts
Thumbs up Re: Ramnit on 1 SDHC memory card and 2 USB flash drives

Hello,
I just came back home and so far things are looking good. I use ESET NOD32 as antivirus program and Zonealarm's free firewall on a 64-bit Win 7 system (I've had this combination for a couple of years and it's been working very well for me). Before starting to fix my USBs and memory cards, I installed Panda USB Vaccine:
http://www.pandasecurity.com/homeuse...ds/usbvaccine/

and let it "vaccinate" my computer (ie autoruns from flash drives are denied).

I also installed Malwarebytes Anti-Malware:
http://www.malwarebytes.org/products/malwarebytes_free

Then I plugged in the first USB stick and NOD32 immediately reacted and removed the infected files. I ran an MBAM scan on my system + the USB which found nothing bad. Then I copied the pictures and movies to my hard drive, and made a low-level format of the USB using Hard Disk Low Level Format Tool:
http://www.softpedia.com/get/System/...mat-Tool.shtml

I repeated these steps for both USB's and all my camera's memory cards (only one of them was infected, but I wanted to be sure). Finished by letting USB Panda "vaccinate" the flash drives so they won't start autorunning when plugged into other CPU's (don't know how well this works, but can't see any harm in it).

For file recovery I use Piriform's excellent software Recuva:
http://www.piriform.com/recuva
Which helped me recover most pictures.

Hope this thread can be of any help to others. Remember kids, always use protection when connecting to unfamiliar computers!
Reply With Quote
  #8  
Old 03-15-12, 21:20
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,140
Thanks: 61
Thanked 7,571 Times in 4,072 Posts
Default Re: Ramnit on 1 SDHC memory card and 2 USB flash drives

Glad to hear you have things worked out.
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
Reply With Quote
Reply

Tags
ramnit, sdhc, trojan, usb

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Portable "Flash" Drives? ~ Storage? Memory? grc123 Hardware 5 10-04-10 05:23
Flash Drives Geobob73 Hardware 3 03-01-10 18:31
Problems reading SDHC 8GB memory card greyfi Hardware 2 01-22-10 18:21
Flash Drives help jaishankar Hardware 11 02-25-09 01:09
SDHC 4GB card driver problem fernthewanderer Hardware 3 12-24-08 21:35


All times are GMT -5. The time now is 06:11.

MajorGeeks.Com Menu

MajorGeeks.Com \ All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ NEW! PC Games \ System Tools \ Macintosh \ Demonews.Com \ Top Downloads

MajorGeeks.Com \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds


Powered by vBulletin® Version 3.8.4
Copyright © 2009 vBulletin Solutions, Inc. All rights reserved.
Ad Management by RedTyger