W32.Ramnit - Does anyone REALLY know what this does?

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by latekhed, Sep 24, 2010.

  1. latekhed

    latekhed Private E-2

    Hey All, earlier this week I noticed that Symantec kept popping up LARGE numbers (2000+) of notifications that my laptop has been infected with a virus. It lists them as W32.Ramnit!html and W32.Ramnit!inf, which I am lead to believe are variants of W32.Ramnit.a.

    I've done almost 3 days of research on this little bugger and have tried a couple dozen fixes, including registry cleaning, full system scans in safe mode, deletion of certain files, etc. and nothing works. I'm now facing the dreaded reformat and reinstall.

    Here's the problem I have. Symantec's site lists this virus as low threat, McAfee's site seems to do the same, and no-one seems to really know how this virus propagates or how to get rid of it (or what it actually DOES, for that matter). From about 10 different "cures" that don't work and lots of reading I see from the forums here that I am not the only one with this issue.

    How do we all rattle some chains at the big guys- Symantec, McAfee, Kaspersky, etc. and get them to do some serious research on this? And then let us "common" IT people know how we can rid the virus from our systems without spending hours and hours re-provisioning systems?

    Sorry for my rant. Anyone who can post some good info is really appreciated.

    Thx, B
     
    latekhed, Sep 24, 2010
    #1
  2. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    It infects valid system files and spreads like hell.

    Please immediately do the below. You must do this immediately and you must complete all 3 scans one after the other with only the delay to post logs in between. DO NOT use your PC for anything else but these instructions.

    Run this Using ESET's Online Scanner and immediately attach the log.

    Then run the Eset scan a second time and attach the 2nd log.

    Then run the Eset scan a third time and attach the 3rd log.

    After attaching the 3rd log, if any Ramnet infections were found by Eset, try to repeat the above until it comes up clean. The only infections of Ramnet you can ignore, are ones that may be found in the System Volume Information folder which is System Restore and cannot be cleaned. We will remove them later by disabling System Restore.
     
    Kestrel13!, Sep 24, 2010
    #2

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds