Problems

Discussion in 'Malware Help (A Specialist Will Reply)' started by Wolfbane, Jan 24, 2011.

  1. Wolfbane

    Wolfbane Private E-2

    Hi,

    After relying on my virus/spyware scanner (webroot virus and spyware removal) and it failing no end of times, I decided to look elsewhere. I left the scanner running thoughtout the night and when I checked it in the morning webroot said it picked up just under 4k traces and had a virus/worm on is w32/Ramnit-A and this was corrupting alot of files. I've no idea where it came from my comp was running fine till a few nights ago then suddenly .exe's stop working. I ran the scan and all this came up.

    After using webroot to remove the threat, I got instant notifications after quarantine/removal saying "w32/Ramnit-A" quarantined. I used webroot at least 4 times today to try remove it all but nothings working. I followed the guide here and got the logs.

    Also should prob note, sometimes when I load up windows and get to the desktop, my explorer.exe starts and stops every 4 seconds. Although doesn't happen all the times. Also when trying to use some .exe's it says I dont have permission to use them, or get could not load (like winace), or didn't install correctly (windows media player) which ran fine before virus got picked up.

    For these logs I uninstalled webroot. I used to find it reliable until they came up with a new update before christmas.

    thanks for your time.
     

    Attached Files:

    Wolfbane, Jan 24, 2011
    #1
  2. Wolfbane

    Wolfbane Private E-2

    the log I got from the MG thingy
     

    Attached Files:

    Wolfbane, Jan 24, 2011
    #2
  3. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Hi there and welcome. I am currently reviewing your logs and will get back to you with a set of instructions in the next post I make to you.
     
    Kestrel13!, Jan 24, 2011
    #3
  4. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Oh my, without you even attaching all of the requested logs it's apparent that you are severely infected! :(

    Ramnit infections have really become quite nasty and dangerous. We could attempt to remove it, and we have had some success in the past, but recently it has become even more troublesome to remove. It is really safer to just bite the bullet and do a clean reinstall.

    The problem is that the damage caused by this infection really makes a PC unreliable/untrustworthy. PE file infectors like Ramnit, Virut,.... etc can infect all executable files (DLL, EXE, SCR....and many more and also HTML). These infections can open back doors that truly may compromise your computer and your security. These backdoors could allow a remote attacker to access and instruct the infected computer to download and execute more malicious files.

    In many cases the infected files (which could number in the thousands) cannot be disinfected properly by your anti-virus or by other scanning tools. Also when disinfection is attempted, the files often become corrupted and the system may become unstable or irrepairable. The longer Ramnit remains on a computer, the more files it may infect and/or corrupt so the degree of infection can vary.

    Ramnit is commonly spread via a flash drive (usb, pen, thumb, jump) infection where it copies the Ramnit worm using a random file name. The infection is often contracted by visiting remote, crack and keygen sites. These type of sites are a major source of system infection.

    Run this and attach the results.

    Using ESET's Online Scanner

    Then run MGTools as requested as per the Read and Run Me First. (If you have not done so already) and attach the C:\MGlogs.zip
     
    Kestrel13!, Jan 24, 2011
    #4
  5. Wolfbane

    Wolfbane Private E-2

    thanks for looking into this, not sure how to get the MGlog.zip and the website got ESET's Online Scanner just isn't showing for me in firefox or IE (Same as mictosoft.com havn't been able to access that for a long while) just says page can't be displayed.

    I think ultimately a clean install is needed, which is a great pain since I don't have a windows disc now, lost it when I move house last year. Ramnit-A was originally picked up and also Virut was picked up along with it earlier today. If I do get around to a reinstall I'll go back to the old version of spysweeper, never had problems with it until they came out with the whole new one at christmas time.
     
    Wolfbane, Jan 24, 2011
    #5
  6. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Yes I agree. :(
     
    Kestrel13!, Jan 24, 2011
    #6
  7. Wolfbane

    Wolfbane Private E-2

    Thanks for all the help anyways, if I get problems in future at least I'll know where to come. Hopefully the ramnit thing can get hit on the head eventually. Biggest pain in the *** i've had to deal with.

    Take care.
     
    Wolfbane, Jan 24, 2011
    #7
  8. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Kestrel13!, Jan 24, 2011
    #8

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds