W32/Ramnit.D

Hi,

After vising a website (not a nefarious one, a mismatch site that was in a Google search result for a uk radio station), I started getting a UAC Prompt for admin credentials for the Command Command Processor (sneaky as it looks legit with a blue UAC prompt).

Anyway, I'm always suspicious of UAC prompts, even ones I've initiated, and ones I haven't are a no no, so I clicked NO, at which point it poped up again...and again and again.
Then after I killed the pid calling it (rundll32.exe), MSSA pops up an Alert with W32/Ramnit.D found, so I selected delete. Rebooted as advised by MSSA, and it poped up again, at this point I booted in to safe mode (still using a standard user account) and ran autoruns, where I found a hidden exe running from my:
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs folder, so I deleted that and all files in %temp% and some other random exe's in my %userprofile%\Appdata folder.

I dont get the UAC popup anymore, but I want to be sure I'm not infected, as after some reading on this forum, this little file infector sounds really nasty.
I'm hoping that as my PC is always upto date, and never logged in as an Administrator, that it only managed to infect per-user locations that I've now removed.

I've attached an MGTools log (run as per instructions), I have also run a full system scan in safe mode, no reports of infection.
Would appreciate if someone could look over the logs aswell though.

Thanks in advance.

 

Hi and welcome to Major Geeks, xer0w!

Your MGlogs are clean. However I must first post the following if you think you have Ramnit.

In most cases the only safe and reliable way to properly remove Ramnit is to reinstall due to the damage it causes and also due to the security issues it opens. So let me first post a canned speech/warning about Ramnit.

If you want to proceed, here is what we recommend you do:

ESET Online Scanner

1. Do the scan once
2. Reboot your PC when it is finished
3. Go back to do the scan again
4. Reboot your PC again when it is finished
5. Do the scan for a 3rd and final time
6. Reboot your PC again when it is finished

Come back here and attach all 3 ESET logs

 

Hi, apologies for late reply. Thanks for all your help with this.

I have run all three scans now as directed, logs attached.

 

You're welcome.

All of these logs are clean. Are you having any malware problems?

 

No, everything looks fine.
I'm just nervous about it as it was Ramnit, and this laptop is very important to my work.

Would you advise nuking and reinstalling the OS, to be sure?
Or as nothing is reported in any of the logs, and that I only use a standard user account, that it should be fine?

Thanks.

 

No I would not.

 

Ok, thanks for your help again.

 

You're welcome