Ramnit Blocking your sites

The authors of this worm may have gotten wind of your support - I can no longer reach any of the download sites listed in the read and try me first postings. Looks like they are being diverted to file not found messages on bit.ly etc. Advice would be appreciated.

 

I am working my way through the read me and run me file now as I got versions of the programs to work from CNET sites. Meanwhile I have some important work deadlines. Is it safe to email myself word and ppt files for sue on other clean systems? Are video and picture files and pdf files safe as well? Thanks again for your help.

 

Also does it matter if McAfee VS is also running at the same time as SAS etc as I cannot seem to disable it from running and cleaning files constantly. Thanks again

 

right now I am running SAS step then Malwarebytes on the read me run me list. Should I continue that path and send logs accordingly or switch to the eSet approach first?

 

The SAS scan has been going on for 5 hours. DO I need to run the Malwarebytes immediately after this one? I may ned to be in bed for work before the SAS is completed at this rate.

Thanks again

 

SAS finished and provided a log (pasted below). Malwarebytes appeared to install correctly but will not open in regular or safe mode. Please advise if I continue to try malwarebytes or move to eSet now. Thanks again for your help.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/12/2010 at 11:05 PM

Application Version : 4.44.1000

Core Rules Database Version : 5610
Trace Rules Database Version: 3422

Scan type : Complete Scan
Total Scan Time : 07:00:20

Memory items scanned : 661
Memory threats detected : 1
Registry items scanned : 7924
Registry threats detected : 7
File items scanned : 37307
File threats detected : 2

Trojan.Agent/Gen-QTPlugin
C:\WINDOWS\SYSTEM32\QTPLUGIN.EXE
C:\WINDOWS\SYSTEM32\QTPLUGIN.EXE
[RegistryMonitor1] C:\WINDOWS\SYSTEM32\QTPLUGIN.EXE

Trojan.DNS-Changer (Hi-Jacked DNS)
HKLM\SYSTEM\CONTROLSET001\SERVICES\TCPIP\PARAMETERS\INTERFACES\{880310EA-1163-4710-857B-534692BDFC57}#NAMESERVER
HKLM\SYSTEM\CONTROLSET004\SERVICES\TCPIP\PARAMETERS\INTERFACES\{880310EA-1163-4710-857B-534692BDFC57}#NAMESERVER
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\INTERFACES\{880310EA-1163-4710-857B-534692BDFC57}#NAMESERVER
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS#NAMESERVER
HKLM\SYSTEM\CONTROLSET001\SERVICES\TCPIP\PARAMETERS#NAMESERVER
HKLM\SYSTEM\CONTROLSET004\SERVICES\TCPIP\PARAMETERS#NAMESERVER

Adware.CouponBar
C:\WINDOWS\SYSTEM32\CPNPRT2.CID

 

Finished 2 eset scans and my text files re too large to attach. What do you dvise me to do at this stage? Thank you for your help.

 

Running the third eset scan now; noticed that IE temp files are still on the system despite running cc cleaner as recommended.

Do files need to be deleted as eset ends or are these effectively quarantined? I am hoping to at least print if not preserve many of the htm files before having these removed from this system or my backup drives which seem also infected.

Best regards

 

I attach a zipped folder with the three Eset logs. Please let me know if you get them OK and also what you think I need to do to preserve as many files as possible.

Thanks again for your help.