Ramnit Virus and Blueinit Trojan - have they really gone?

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by catface, Jan 17, 2012.

  1. catface

    catface Private E-2

    Hi everyone,

    I did a Malware Bytes scan yesterday and found my computer was infected with the Ramnit Virus as well as Blueinit Trojan and Trojan.Downloader. I scanned twice with MBAM (a quick scan and a full scan) then did a system restore to a month ago from Safe Mode. This seemed to sort out the problems with browser redirects and Chrome refusing to initialise but then I came across this forum and did some reading about Ramnit and how serious it is. I followed your malware removal guide and also did two ESET scans. The programs removed and quarantined some files and the logs are below. I haven't added Super Anti Spyware as all it found were tracking cookies.

    View attachment ComboFix.txt

    View attachment eset.txt

    View attachment mbam-log-2012-01-16 (11-31-17).txt

    View attachment mbam-log-2012-01-16 (12-32-16).txt


    ESET, MBAM and Norton are now saying my computer is clear of threats but my question is, given the seriousness of Ramnit, can I be sure that my computer is completely safe?

    Many thanks for any advice.
     
  2. catface

    catface Private E-2

  3. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

  4. catface

    catface Private E-2

    Thank you for the quick reply. I've scanned twice more with ESET and it found no threats. It doesn't give a log when it is clean so nothing to attach. Does this mean I'm definitely clear of it? :) Thanks again!
     
  5. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Well, it's looking good yes.


    Java(TM) 6 Update 23
    <--- Uninstall outdated Java.

    delete these if you do not know what they are for.

    C:\Users\Trish\AppData\Local\fnuwwvli.log
    C:\Users\Trish\AppData\Local\hcetwvdb.log


    I want you to run TDSSKiller so refer to the below for how to do so.

    TDSSkiller - How to run


    Please also download MBRCheck to your desktop
    • Double click MBRCheck.exe to run (vista and Win 7 right click and select Run as Administrator)
    • It will show a Black screen with some information that will contain either the below line if no problem is found:
      • Done! Press ENTER to exit...
    • Or you will see more information like below if a problem is found:
      • Found non-standard or infected MBR.
      • Enter 'Y' and hit ENTER for more options, or 'N' to exit:
    • Either way, just choose to exit the program at this point since we want to see only the scan results to begin with.
    • MBRCheck will create a log named similar to MBRCheck_07.16.10_00.32.33.txt which is random based on date and time.
     
  6. catface

    catface Private E-2

  7. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Would still like to see the log if you don't mind. :) And you are most welcome.
     
  8. catface

    catface Private E-2

  9. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Java(TM) 6 Update 23 <--- uninstall outdated Java.

    Reboot your machine and install the most current and up to date version of Java available here at the below link:

    Java Runtime 6

    Another scan with MBAM... if all clean follow the below steps. :)


    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required (If we renamed it please rename it back to Combofix.exe.
      • "%userprofile%\Desktop\combofix" /uninstall
        • Notes: The space between the combofix" and the /uninstall, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
    3. Go back to step 6 of the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
    4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    7. Go to add/remove programs and uninstall HijackThis.
    8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
      related to MGtools and some other items from our cleaning procedures.
    9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning procedures pointed to by step 7 of the READ ME
        for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.
    10. After doing the above, you should work thru the below link:
     
  10. catface

    catface Private E-2

    Hmmm - I had already uninstalled two out of date versions of Java when you told me to earlier via Control Panel. I'm not seeing anything to uninstall on my Add/Remove programs list. Should I just go ahead and install the most up to date version, or do I need to completely get rid of this old version and, if so, how do I do it as I can't do it via Control Panel?

    Many thanks :)
     
  11. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Sorry, that was my bad, just get the latest version installed if not already.
     
  12. catface

    catface Private E-2

    That's all done, thanks again Kestrel and everyone on this helpful site.:)

    I noticed this thread http://forums.majorgeeks.com/showthread.php?t=252347 - I was getting the same 'do you want to run this program?' messages popping up only I clicked yes as I was stressed and just wanted to get on with my work. I only did something about it when I started getting browser redirects I know, I know, that was seriously stupid :-o and I actually do know better. I will not be so stupid in the future, I was really lucky not to have to reformat my computer.

    Anyway, the reason I'm pointing that thread out to you is that I'm not sure if it's OK for me to post in other people's threads and they may have the same version of Ramnit as me that is actually possible to get rid of. Here's hoping!
     
  13. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Yes, the warning about Ramnit still applies to you. It looks like you got very lucky, some people do. Keep an eye on things.
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds