W32.Ramnit!html infection

Discussion in 'Malware Help (A Specialist Will Reply)' started by PSStu, Apr 18, 2011.

  1. PSStu

    PSStu Private E-2

    Afternoon all,

    Hoping someone might be able to help with a PC with a W32.Ramnit!html infection on an XP Pro machine. The PC showed evidence an "IQ Challenge" program had been installed (since removed). Symantec Endpoint Protection detected numerous instances of W32.Ramnit.B!inf which seemed to be cured after numerous scans in safe mode and deletion of files created after the infection began. There was also W32.Ramnit!html detected with three processes labeled as iexplorer.exe appearing immediately after logging in. After a reboot, there were numerous .tmp files flagged with W32.Ramnit!html, however since quarantining them they have not been detected again by Symantec (latest virus defs). I note two iexplorer.exe processes now appear each time Internet Explorer is opened. In addition, MalwareBytes (latest update) is detecting the following post-reboot:

    c:\documents and settings\administrator\start menu\Programs\Startup\xcwagmkf.exe

    c:\documents and settings\administrator.pc\start menu\Programs\Startup\xcwagmkf.exe

    c:\documents and settings\user\start menu\Programs\Startup\xcwagmkf.exe

    c:\program files\000\xcwagmkf.exe

    c:\program files\er\xcwagmkf.exe


    Any help would be gratefully received.
     
    PSStu, Apr 18, 2011
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    TimW, Apr 18, 2011
    #2

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds