39 replies to this topic

[Satchfan]

Hi Tony Please allow it to run the complete scan satchfan

[tonyperrin]

Hi Satchfan - Had to abandon scan on Thursday night, so ran again last night. Scan took over five hours, found a heckuvalot of infections. I can't post the report as it runs to more than 120 pages! Still getting the redirect in Firefox And sitll blocked from Kaspersky website at present - Tonyp

[Satchfan]

Hi Tony

Unfortunately, even though you couldn’t send the result of the full scan, the partial scan showed the presence of a serious viral infection known as Ramnit..

At this time Ramnit can not be cleaned and the only option is a reformat, not just a windows repair install.

Infection information

Win32/Ramnit is a file infector which infects .exe, and .HTML/HTM files, and opens a back door that compromises your computer. Using this backdoor, a remote attacker can access and instruct the infected computer to download and execute more malicious files.

Why the only sure way to remove it effectively is to reformat and reinstall the OS.

The malware injects code in legitimate files similar to the Virut virus and in many cases the infected files (which could number in the thousands) cannot be disinfected properly by your anti-virus. When disinfection is attempted, the files often become corrupted and the system may become unstable or irreparable. The longer Ramnit.A remains on a computer, the more files it infects and corrupts so the degree of damage can vary.

In most instances it may have caused so much damage to your system files that it cannot be completely cleaned or repaired. Security vendors that claim to be able to remove file infectors cannot guarantee that all traces of it will be removed as they may not find all the remnants. If something goes awry during the malware removal process there is always a risk the computer may become unstable or unbootable and you could loose access to all your data.

Here's a write-up:

Because your computer has likely been compromised by the backdoor Trojan and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume the computer is secure even if your anti-virus reports that the malware appears to have been removed.

I would suggest you do this: • use another, uninfected computer to change all your internet passwords, especially ones with financial implications such as banks, paypal, ebay, etc. You should also change the passwords for any other site you use.
• call your bank(s), credit card company or any other institution which may be affected and advise them that your login/password or credit card information may have been stolen and ask what steps to take with regard to your account.
• consider what other private information could possibly have been taken from your computer and take appropriate steps
When you’ve done the above, reformat the system partition and reinstall Windows – it is the only 100% sure answer.
• When should I re-format? How should I reinstall?
• Where to draw the line? When to recommend a format and reinstall?

I'm sorry not to have better news but the fact that you had a Virut infection is probably the reason that you have become re-infected.

Please let me know if you have any more questions or if I can close this thread.

Thanks

Satchfan

[tonyperrin]

Hi Satchfan - Thanks for your note. To be honest, I was pretty sure it would end this way. Tellya, I think I'd give a month's salary in exchange for ten minutes in a dimly-lighted room with one of the people who spread these things around (five minutes would probably do it). My only worry when reformatting is my lack of O/S knowledge. Shouldn't be a problem since guides are available here and I am pretty good at following instructions. One thing though, as you told me, this problem is possibly down to the fact that there are two partitions currently on the disk - will I be able to remove both of these during reformatting? Tonyp

[Satchfan]

Hi Tony Formatting clears the complete hard drive of all the information that was on it, including the operating system. Your hard drive is a space that can contain different sections, (partitions), that can independently contain infomation.. When you "format", all the space is cleared and the sections, (partitions), are also cleared. This means that the hard drive becomes one single empty space which you can place information on again. If you choose to place that information in different places, you will need to again separate it into partitions. If you are unsure how to "format" and re-install Windows, please let me know. Satchfan

[tonyperrin]

Thanks Satchfan - glad to know that existing partitions are cleared, though I still don't understand why the person who formatted for me last time created a seperate partition. I haven't done a reformat myself before, so I'd be very glad of some help. I have my windows and all other installation disks, so I'd only need to save off some data (non-executable files) from the diseased machine. Thanks - Tonyp

[Satchfan]

Hi Tony

Formatting and re-installing Windows is relatively straightforward. However, after re-installation, Windows updates and driver updates will have to be applied.

There is an excellent tutorial here which shows you step-by-step and also shows how to save all your settings.

I would not advise saving emails as most of your personal files are infected. Because of this, I would strongly suggest that you start a topic here as they have much more expertise in this field than I have and will help you through the process.

Explain that you have a file-infector on your system so that the helper is aware of what you can/cannot transfer.

Good luck

Satchfan

[tonyperrin]

Hi Satchfan - Just read through the tutorial, I think I can follow that with no worries. I really need to save my email profile, it's got all my business correspondence from way back on it, so what I'm gonna do it save it off to a disk on its own, then after formatting I'll start a new thread as you suggest and see what people think. Thanks again for sticking with me Satchfan, it's good of you to give your time, I appreciate it a lot. Very best - Tonyp

[Satchfan]

Hi Tony

Thanks again for sticking with me Satchfan, it's good of you to give your time, I appreciate it a lot.

You are welcome - I'm sorry I couldn't give you better news.

Saving your correspondence to disk is OK if the disk is "closed". If a disk autoruns with infected files (emails). you will be back to square one.

I would suggest you ask for help before you do anything. The Tech team will advise you on the best way to proceed.

Best wishes

Satchfan

[Satchfan]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please follow the instructions here http://forums.whatth...ed_t106388.html
and start a New Topic.