All Spyware/Malware not running and no internet connection

gsmac1989 · Nov 11, 2010

Hey guys,

My sisters PC started redirecting to unwanted pages on the internet, more of a nuisance than anything. But then i tried to run MalwareBytes Anti-malware. Nothing Happened. After several attempts on different user names and in safe mode nothing was happening. So i assumed i had been infected so i tried to install SUPERantispyware but it wouldn't install. I finally got a portable version to run and it found 799 tracking cookies and 2 Disabled.securitycentre which i removed. But Malwarebytes and others are still not working and now my internet has been cut off even in safe mode. Scans from the portable Superantispyware arent showing anything more up so i am at a loss.

I attach a Hijackthis log file and hope someone can see something on there or recommend something that i can do. In the mean time i'll keep at it

Thanks

TimW · Nov 11, 2010

You have a Ramnit infection. Ramnit infections have really become quit nasty and dangerous. We could attempt to remove it, and we have had some success in the past, but recently it has become even more trouble to remove. It is really safer to just bite the bullet and do a clean reinstall.

The problem is that the damage caused by this infection really makes a PC unreliable/untrustworthy. PE file infectors like Ramnit, Virut,.... etc can infect all executable files (DLL, EXE, SCR....and many more and also HTML). These infections can open back doors that truly may compromise your computer and your security. These backdoors could allow a remote attacker to access and instruct the infected computer to download and execute more malicious files.

In many cases the infected files (which could number in the thousands) cannot be disinfected properly by your anti-virus or by other scanning tools. Also when disinfection is attempted, the files often become corrupted and the system may become unstable or irrepairable. The longer Ramnit remains on a computer, the more files it may infect and/or corrupt so the degree of infection can vary.

Ramnit is commonly spread via a flash drive (usb, pen, thumb, jump) infection where it copies the Ramnit worm using a random file name. The infection is often contracted by visiting remote, crack and keygen sites. These type of sites are a major source of system infection.

So all the above being said, and please do take serious note of the warnings, do you really wish to attempt cleaning even though the stability and security of your be cannot be guaranteed? And also note that we could spend a lot of time trying to fix it and still fail due to the number of files that have been infected. What would you like to do?

If you wish to continue, please follow these instructions to the best of your ability:
READ & RUN ME FIRST. Malware Removal Guide

gsmac1989 · Nov 11, 2010

Uh Oh:confused

Well thanks for the reply and the link to the guide, might try fixing it first, might as well try at least :major. I'll back up everything important first though. If it persists then I'll have to do a full restore.

Not liking the sound that my system may be compromised, if i get rid of it and i get all my systems back up and running is there no way of telling if i am still vulnerable?

Thanks Tim

*gulp*

TimW · Nov 11, 2010

If caught in time we can pretty much determine if you are compromised or not. The main thing is to run the scans that you can and hope to be able to get internet access again so you can run an online eSet scan.

The results of repeated scans will tell us if it is too late or not.

gsmac1989 · Nov 17, 2010

Hey, just thought i'd get back to you.

So the story was i tried to get rid of it following the instructions, superantispyware wouldnt install and the portable version wasn't picking anything up, mbam and combofix weren't working but my Microsoft Security Essentials detected and removed well over 3000 traces of the w32.Ramnit so it had obviously been festering for quite a while, also the internet went back on so ran an eset scan, picked up nothing.

In the end up i had no other choice but to do a clean re-installation as even with it gone the system just seemed that badly shocked that more malware kept getting on it and mbam still wouldn't work. It must have tried to get onto my main PC through the network or my usb drive as MSE caught and removed it.

Since that scare ive done loads of scans on the other PCs in my house so they are all ok and hope that my sisters pc will be ok now too. Thanks for the help, shame i couldn't save it :cry

But for now :wave

TimW · Nov 17, 2010

Yes, once it gets a strong hold on your system it is often the only recourse. Good to know you are back up and running and clean. Safe surfing.

You may wish to read this:
How to Protect yourself from malware!

gsmac1989 · Nov 17, 2010

lol just read it before reading your comment :-D i do all that on my own pc but i leave it to my sister to look after hers, think i'm going to have to change that.

TimW · Nov 17, 2010

Yes, a word from the wise may be needed. Or at least tell her the next time she must sign up at MG's and do the malware removal work herself.

Log in or Sign up

All Spyware/Malware not running and no internet connection

gsmac1989 Private E-2

Attached Files:

hijackthis.log

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

gsmac1989 Private E-2

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

gsmac1989 Private E-2

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

gsmac1989 Private E-2

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member