W32/Ramnit-A

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by camzzz83, Nov 17, 2010.

  1. camzzz83

    camzzz83 Private E-2

    Hi

    I'm running sophos antivirus and about two days ago it detected W32/Ramnit-A virus/Malware had infected many different files on my computer. After performing the READ & RUN ME FIRST tutorial I think I still have issues.

    The only step i could not complete was the combofix. It would just about finish downloading then pop up with an error saying it could not be saved because you cannot change the contents of that folder. Also, when I try to delete the part file left over on my desktop it says it cannot delete because the disk is full or write-protected and the file is currently in use.

    The other logs are posted.

    Any help is greatly appreciated!
     

    Attached Files:

  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Please start running back to back eSet scans. Save the logs and attach the first three scans in your next reply:

    eSet Online Scan.
     
  3. camzzz83

    camzzz83 Private E-2

    Hey Tim,

    Thanks for the quick reply. I ran eSet three times and on the third time it found no threats. The first two logs are attached, on the clean scan it did not produce a log.

    Thanks
     

    Attached Files:

  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Good deal! Now re-run both SAS and MBAM. Then run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

    Then attach the below logs:
    * SAS
    * MBAM
    * C:\MGlogs.zip

    Make sure you tell me how things are working now!
     
  5. camzzz83

    camzzz83 Private E-2

    I did everything and attached the logs. My computer is running a bit better, less laggy on the startup is the main difference I have noticed so far. Let me know what to do next :)
     

    Attached Files:

  6. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You need to run CCLeaner and then check that this folder is cleaned out:
    C:\Documents and Settings\Quantum\Local Settings\Temp\

    Since a few TDSS type infections were found, I want to be safe and have you run this scan:

    Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!


    Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.

    • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
      Vista/Windows 7 users right-click and select Run As Administrator.
    • If TDSSKiller does not run, try renaming it.
    • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
    • Click the Start Scan button.
    • Do not use the computer during the scan
    • If the scan completes with nothing found, click Close to exit.
    • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_14.17.05_log.txt) will be created and saved to the root directory ( usually Local Disk C ).
    • Attach this log to your next message
     
  7. camzzz83

    camzzz83 Private E-2

    Hi Tim,

    I ran CCleaner, and checked the temp folder and it was not cleaned out. I then tried to manually delete the files and managed get get all but about 4. The ones left said they were currently being used by programs.

    I also ran TDSSkiller and it found nothing. But I'm not sure it worked right, it only scanned the C:\WINDOWS\system32 drivers files, so a grand total of 215 files and it only took 6 seconds.
     
  8. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    What issues are you still having? Also, are you using a router? If so, do any other computers have this issue with redirecting?
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds