Win32/Ramnit.I on Wins7 Enterprise x64

Discussion in 'Malware Help (A Specialist Will Reply)' started by petermn33, Nov 12, 2012.

  1. petermn33

    petermn33 Private E-2

    Hello,

    I've had the pleasure of catching this nasty virus today. I either caught it by browsing websites in search of troubleshooting tips for using ADMT or from an infected removeable drive. I'm currently running ESET 4.72 with the latest patterns but it appears that it was no match for this variant.

    I have run the ESET Sysrescue utility as well which scans the PC while in windows PE but after cleaning everything that was found that way and re-booting into the full OS, the virus re-appeard. I then went into safemode with networking and ran their on-line scan because the engine is a bit newer... but that didn't find anything further. I did, from what I can tell, disable the virus but utilizing hijackThis. There were a few obvious randomly named executable files that were starting up via registry entires and I am now able to operate well in the OS but am not going to plug into our corporate network for now.

    Anyway, after stopping this from starting up, I've discovered that my firewall is now non functional and that the MS security center service is missing all together. I'd like to repair this if possible as I'm on a business trip in Germany and could really use my production laptop for some network infrastructure work that I need to complete. Also, my system restore state is disabled via group policy (becuase of a nasty virus outbreak last year on our network).

    Any suggestions / help would be greatly apprecaited!

    One more note. I did shutdown and stop using this PC immediately after noticing that it was infected. I don't think the damage is great...but one never knows until digging in more deeply to see. Also, there were a few forign scheduled tasks created today that I have since deleted. They were disguised as google updaters of which I have nothing google to update on my machine. The tasks pointed at what looked like SID's (I'm sure there is a proper term for that but don't know it) and were scheduled to run again tomorrow at 3:30PM.

    I'll most likely re-build this machine after getting back to the US but could really use it now as I have work to do an no other english OS's to do so on.

    Peter
     
    Last edited: Nov 12, 2012
    petermn33, Nov 12, 2012
    #1
  2. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Kestrel13!, Nov 14, 2012
    #2

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds