Ramnit/RootkitWin32/Nimnul.a-HELP

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by easy88, Jun 1, 2011.

  1. easy88

    easy88 Private E-2

    Hi guys!

    So i suddenly get a message 2 days ago on my pc informing me of a "hardrive failure" and it reboots and tries to load up a "pc recovery" thing.

    It has hidden my desktop icons and none of my stuff comes up in the start bar. I've searched countless forums for information and tried removing it myself but having trouble.

    Since then my AV and malaware/spyware doctor have come up with various viruses- "virus.Win32.Nimnul.a" then MEM:Rootkit.Win32.TDSS.fa and finally rootkit.Win32.Backboot.gen and the Ramnit one.

    My pc frequently crashes and am unable to start in Safe mode.

    I was unable to run Combofix, got an error stating that it detects rootkit activity and must reboot. Similarly when running RootRepeal PC Freezes.

    Please help me guys !! and find attached my logs from SAS, MBAM and MG.
     

    Attached Files:

    easy88, Jun 1, 2011
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    NOTE: You are extremely out of date with your copy of Malwarebytes. You did not update as requested.

    Yes you do have a Ramnit infection.

    In most cases the only safe and reliable way to properly remove Ramnit is to reinstall due to the damage it causes and also due to the security issues it opens. So let me first post a canned speech/warning about Ramnit.

     
    chaslang, Jun 1, 2011
    #2
  3. easy88

    easy88 Private E-2

    Wow, firstl thanks for the swift reply. Sounds like bad news- it does seem like it is infecting more and more files so trying to remove it may unfortunately be futile...:( seems like full windows restore is only solution...

    I just have few questions before going ahead with it:

    1) will installing fresh copy of xp from restore cd completely clean my system?

    2) i have a few hundred gbs of stuff, would at least like to keep some important files and photos, how can i do this safely?

    3) think i may have connected my external hd via usb at some point whilst the virus was in my system- what can i do to ensure it is safe- especiallt if i reinstall new windows and wish to connect my external hd.
    If i connect it now to copy aforementioned important files will it get infected too? What is safest way of saving files?

    Thanks and i look forward to your reply!
     
    easy88, Jun 1, 2011
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Yes that is what it does and I could see many copies of the infection already.

    A system restore will not help. You need to do a full reinstall.

    You need Windows XP boot CD to reinstall. A restore CD sounds like a CD you got from your PC vendor to just restore to original factory ship condition, but it should work too since it basically reimages your drive effectively removing everything on it right now.

    Photos are likely okay. You must not back up any executable programs as they may be carrying the infection which would cause you to reinfect your whole system again as soon as you ran one of them.

    If the external hard disk has any executable files or HTML files on it, there is a chance that they are infected and will have to be deleted. You can scan your external drive using an online scanner like ESET ( posted below ) which is helpful in finding Ramnit infections. YOU MUST SCAN this external drive from a KNOWN CLEAN and properly protected PC before using anything from the external drived.


    Using ESET's Online Scanner
     
    chaslang, Jun 1, 2011
    #4
  5. easy88

    easy88 Private E-2

    Thanks for the tips- will go ahead and try my restore CD (yep the one that came with the PC) finger crossed it works fine like you said!

    One thing- my HDD is partioned in 3 drives- I should clear it all up right? Not just the :C/ with windows?

    My external HD is only used to store photos/movies/docs, no EXEs on it so should be ok.

    Will scan it just in case from a clean pc, hopefully there is nothing on it and it wont infect my laptop too!

    Thanks for the advice. Will definately be taking more precautions in the future.
     
    easy88, Jun 1, 2011
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome.
    I'm not sure if the factory restore CD reimages all drives or just the C drive. If the data still exists on the other two after the reimage then obviously it did not reimage them and files on them could potentially still be infected.

    Yes rescan them anyway. Some forms of "movies"/videos can be considered executables and can get and can carry/spread infections ( like AVI, MPEG, ...to name a couple ).

    Yes! See the below:

    How to Protect yourself from malware!
     
    chaslang, Jun 1, 2011
    #6

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds