Results 1 to 10 of 10

Thread: ramnit.1

  1. #1
    Lounger
    Join Date
    Jan 2008
    Posts
    47
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I have a Windows XP machine with a full compliment of anti-virus and anti-malware programs. I have been infected by something Microsoft Security Essentials (MSE) calls raminit.1.

    I have tried everything to get rid of this monster. Has anyone succeeded?

    I have used MSE, Malwarebytes Anti-Malware, Superantispyware (portable and regular), Spybot, and any other tools I can think of, in Safe mode and regular mode.

    I even uninstalled MSE and tried good old AVG, all to no avail. I tried Trend Micro's Housecall (online scan). Still no luck.

    Very frustrating. I find no hits when searching anywhere in this forum and also annoyances.org.

    Before I reinstall XP, any suggestions?

    Thank you,

    Tom

  2. #2
    Lounger
    Join Date
    Jan 2008
    Posts
    47
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Sorry, it's ramnit.1, not raminit.1.

    Tom

  3. #3
    New Lounger
    Join Date
    Dec 2009
    Location
    New England, USA
    Posts
    2
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Hi Tom,

    Where is MSE finding it? Location and name of file? Could also be a rootkit there.

    Sorry for the shameless plug but I did a writeup on Ramnit.A a few months ago. Pretty nasty stuff.

    Have you run TDSSKiller? Do you have any visible symptoms of infection?
    Dave aka IndiGenus

    Malware-Analysis.net

  4. #4
    Lounger
    Join Date
    Jan 2008
    Posts
    47
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I believe the virus has been spread by AUTORUN from a flash (thumb) drive. Consequently it has shown up everywhere. How it got on my flash drive is probably from downloading an infected file directly to the flash drive. Ramnit begins spreading quickly, infecting files. I have had scans finding hundreds of infected files. My Firefox was clobbered many times after I repeatedly reinstalled it. My IE 8 all of a sudden became IE6 ( thank you virus!). Just kidding.

    I have not heard of TDSSkiller, but will investigate. My greatest success so far (I refuse to give in and reinstall!) has been with Kaspersky's free Virus Removal Tool. It is not an antivirus program, just a removal tool - after the fact and perfect for what I need.

    I believe my HDD is clean now and I am working on the flash drive.

    What a mess.

    Thanks for your advice.

    Tom

  5. #5
    2 Star Lounger
    Join Date
    Dec 2009
    Location
    Calif
    Posts
    182
    Thanks
    0
    Thanked 14 Times in 13 Posts
    Hi Tom :

    Since Flash Drive is involved in the infection, I recommend you try the
    FREE "Flash Disinfector" developed by an antimalware Expert . See
    the info at http://experi3nc3.wordpress.com/2007...fector-by-subs .

    Should also consider use of the Panda USB Vaccine, available at
    http://www.pandasecurity.com/homeuse...ads/usbvaccine .
    For the BEST in what counts in Life :

    http://www.ctftoronto.com

  6. #6
    Lounger
    Join Date
    Jan 2008
    Posts
    47
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Thank you.

    I just tried TDSSKiller. Nothing found.

    I will try what you said if I need it. I am getting close with Kaspersky virus removal tool. It is pretty impressive.

    Tom

  7. #7
    Lounger
    Join Date
    Jan 2008
    Posts
    47
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I think I can close this out.

    An unlikely solution: the Kaspersky Virus Removal Tool (FREE!) is NOT an anti-virus program, in fact it provides no realtime monitoring. It is simply a "batch" program that examines the system for known viruses and then removes them. It took me several iterations as I struggled with the flash drive and the hard drive. I don't know how many files were infected, but I'm guessing over 1000. Many were healed, many were moved to quarantine, and an equal number were deleted. As a result of the deletions, several key programs got hit, namely Adobe Reader, Firefox, and IE. Somehow MS Office programs were not affected, and these programs work, very glad to say!

    So thanks for your tips and suggestions, and a special thanks to KASPERSKY VIRUS REMOVAL tool.]

    Tom

  8. #8
    WS Lounge VIP
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    8,170
    Thanks
    47
    Thanked 980 Times in 910 Posts
    Have you now turned auto run off on all drives?

    cheers, Paul

  9. #9
    Lounger
    Join Date
    Jan 2008
    Posts
    47
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I have. It's so strange to plug in a flash drive and/or an external HDD and have nothing happen!

    Tom

  10. #10
    WS Lounge VIP
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    8,170
    Thanks
    47
    Thanked 980 Times in 910 Posts
    Nothing is way better than lots of unwanted!

    cheers, Paul

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •