W32.Ramnit.a & Watermark.exe Removal

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by InvisibleSoul, Nov 3, 2010.

  1. InvisibleSoul

    InvisibleSoul Private E-2

    Couldn't reply to someone's recent thread, but I registered to post about my experience with it and how I managed to get rid of it. Hope it helps someone...

    I got this new strain of W32-Ramnit last week on October 27th. When I got infected, it must have been new enough that there were no related hits on Google for W32-Ramnit and watermark.exe, so I had to rely on some info for the older desktoplayer.exe version of W32-Ramnit and some trial and error on my own, but eventually I seemingly managed to get rid of this nasty bugger.

    Also had the symptom where one svchost.exe process was consuming all CPU cycles, likely going through the whole system and reading files to inject them with replicating code.

    Basically what worked for me was booting up into Safe Mode, and then deleting several of the malicious file drops, such as c:\program files\microsoft\watermark.exe and C:\Windows\Temp\<random>.tmp

    Ran ESET online scanner several times, and also a full scan Symantec Antivirus client. I did end up having to delete a bunch of infected HTML, DLL and EXE files, but fortunately it never got to any that crippled the system.

    Ran Hijackthis and got rid of any unwelcome entries.

    Disabled and deleted all System Restore points.

    After that, W32-Ramnit looked to be gone from my system. No more runaway svchost.exe processes, malicious file drops have not returned, and no more infected files.
     
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    Consider yourself lucky if you have fully been able to remove it and if all of the programs on your PC are still running properly. Since it can infect many many executables and almost every html file on your PC, it can break many applications when the files are deleted. You may have been lucky enough to catch it early in the process before the hooks go to deep into your system.

    If you run a new ESET scan now, does it still come up clean?


    We have sometimes been succesful in removing this infection, but more often than not this now requires a reinstall because system stability and reliability become a major factor.
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds