W32/Ramnit.C and HTML Script Virus serious Problems

[Kojima]

Hey.

This is very strange, but few days back I entered one forum website to get some information and suddenly my Avira started to note me about many detections.
I've run the Avira scan many times now. Last time it detected like over 11000 viruses. W32/Ramnit.C's and many HTML script viruses.

This seriously isn't getting me anywhere.
I'm completely confused.
So, please tell me step by step what should I do next.
I seriously wouldn't want to reformat and reinstall this whole thing.

Regards.

[chaslang]

Welcome to Major Geeks!

If you really have a Ramnit infection, you will most like be needing to reinstall. Read on!

Ramnet infections are very bad since they can infected many system files and other files you use. And detecting/removing all of the can be very difficult to impossible. In addition, trying to remove all of them can make a PC and applications you run become very unreliable. Not removing is very dangerous to your security and also can still cause many problems in running the PC properly. The proper course of action with Ramnit infections is to format and reinstall so that you can be sure of the reliability of your PC.

Inline with what I'm mentioning about security issues, I advise you to go to a known clean computer and change ALL passwords every type of account you have( do not use this infected PC to do this ). I will post some additional info that we normally post when we see Ramnit infections.

Quote:

Ramnit infections have really become quit nasty and dangerous. We could attempt to remove it, and we have had some success in the past, but recently it has become even more trouble to remove. It is really safer to just bite the bullet and do a clean reinstall.

The problem is that the damage caused by this infection really makes a PC unreliable/untrustworthy. PE file infectors like Ramnit, Virut,.... etc can infect all executable files (DLL, EXE, SCR....and many more and also HTML). These infections can open back doors that truly may compromise your computer and your security. These backdoors could allow a remote attacker to access and instruct the infected computer to download and execute more malicious files.

In many cases the infected files (which could number in the thousands) cannot be disinfected properly by your anti-virus or by other scanning tools. Also when disinfection is attempted, the files often become corrupted and the system may become unstable or irrepairable. The longer Ramnit remains on a computer, the more files it may infect and/or corrupt so the degree of infection can vary.

Ramnit is commonly spread via a flash drive (usb, pen, thumb, jump) infection where it copies the Ramnit worm using a random file name. The infection is often contracted by visiting remote, crack and keygen sites. These type of sites are a major source of system infection.

[Kojima]

Oh I see, what a pain.
But hey my question is that it doesn't infect images and videos right?
So am I safe to copy them into the safe PC?
Thanks.

And it's just so strange, that kind of a crazy virus can attack your computer only when you visit a forum website...

[chaslang]

Quote:

Originally Posted by Kojima

But hey my question is that it doesn't infect images and videos right?
So am I safe to copy them into the safe PC?

I''m not 100% sure that they are not infected. Your safest bet is to make your backups and to then scan them afterwards to make sure they are not infected. ESET's Online Scanner does a pretty good job sniffing out quite a few of the files infected by Ramnit. See the below:

Using ESET's Online Scanner