Please help :)

Ermonis · Jan 31, 2011

Hi there, I'm new at this forum, stumbled over it while searching for malware removal on Google.

My problem is I have processes wich I know are malware and they keep coming back even if i end the process and delete the files manually

Have you guys got any idea?

I tried to go through the READ & RUN ME FIRST Guide (wich was great btw, thanks!)

I encountered my first problem with running RootRepeal. System crashed, I rebooted, Windows had to do a system restore before it could load.

Here is all my logs:

Kestrel13! · Jan 31, 2011

Hi there and welcome. I am currently reviewing your logs and will get back to you with a set of instructions in the next post I make to you.

Kestrel13! · Jan 31, 2011

Ramnit infections have really become quite nasty and dangerous. We could attempt to remove it, and we have had some success in the past, but recently it has become even more troublesome to remove. It is really safer to just bite the bullet and do a clean reinstall.

The problem is that the damage caused by this infection really makes a PC unreliable/untrustworthy. PE file infectors like Ramnit, Virut,.... etc can infect all executable files (DLL, EXE, SCR....and many more and also HTML). These infections can open back doors that truly may compromise your computer and your security. These backdoors could allow a remote attacker to access and instruct the infected computer to download and execute more malicious files.

In many cases the infected files (which could number in the thousands) cannot be disinfected properly by your anti-virus or by other scanning tools. Also when disinfection is attempted, the files often become corrupted and the system may become unstable or irrepairable. The longer Ramnit remains on a computer, the more files it may infect and/or corrupt so the degree of infection can vary.

Ramnit is commonly spread via a flash drive (usb, pen, thumb, jump) infection where it copies the Ramnit worm using a random file name. The infection is often contracted by visiting remote, crack and keygen sites. These type of sites are a major source of system infection.

So all the above being said, and please do take serious note of the warnings, do you really wish to attempt cleaning even though the stability and security of your be cannot be guaranteed? And also note that we could spend a lot of time trying to fix it and still fail due to the number of files that have been infected. What would you like to do?

Ermonis · Jan 31, 2011

Thank you very much for your efforts, I really appreciate it

It looks like I would have to do this the "hard" way (or easy, as it seems) so I will choose to do a clean install.

But then I ask you, what of my other drives, and backup drives, could they be compromised aswell? Could this monster just return the minute I reinstall windows and connect my drives?

Or is there a way of checking it all before I'll get infected again? And really become, well, paranoid.

Thanks again

Kestrel13! · Jan 31, 2011

You can always reinstall windows and then run the procedures like you did here before. Of course you could use another computer to transfer the tools needed if nervous to be online, then run scans and attach them here for us to check.

The ESET scanner is also very good at picking up on ramnet infections.

Using ESET's Online Scanner

Ermonis · Jan 31, 2011

Alrighty then, thanks for youre help

Got any other good tips on how to keep my drives infection free in the future?

Kestrel13! · Jan 31, 2011

How to Protect yourself from malware!

Ermonis · Jan 31, 2011

Thanks again, just what I was looking for Great guides btw

Log in or Sign up

Please help :)

Ermonis Private E-2

Attached Files:

ComboFix.txt

mbam-log-2011-01-31 (02-02-39).txt

MGlogs.zip

SASlog.txt

Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

Ermonis Private E-2

Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

Ermonis Private E-2

Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

Ermonis Private E-2