Win32/Ramnit.A and Win32/Ramnit.B, please help

Discussion in 'Virus Information' started by ottomatic, Aug 9, 2010.

  1. ottomatic

    ottomatic

    Joined:
    Aug 9, 2010
    Messages:
    1
    Likes Received:
    0
    Hello, I see there is already a thread with this similar infection. I read it and saw it did not reach a fix, hopefully the details I have attached will help. I could use any relevant feedback as my main computer is not functional at this time due to the infection.

    Machine: 1 year old Dell Inspiron Desktop
    OS: Windows XP
    Security Software: Prevx, Malwarebytes Anti-Malware, and Microsoft Security Essentials.

    Symptoms: About a week ago, Prevx began detecting normal .exe programs such as Nero as infected. When opening Firefox, Windows Media Player would immediately open and play nothing, later found to be the dreaded DesktopLayer.exe related Worm. Also, intermittently when opening Firefox, a box with a Java label would appear and then freeze and crash Firefox. Repeated scans with Prevx would identify a few infections which I would select to be removed, but then they would return at the reboot. I used Malwarebytes' Anti Malware which found about a dozen Trojans and Rootkits on each scan. I would again remove them but then they would return at reboot.

    Prevx was becoming more erratic through the last few days and detecting my router, Nero, Firefox, and other common .exe's as infected. I noticed that the Task Manager would have IExplorer.exe running on its own, and I haven't used IE in years.

    My research put me on the correct trail. I implemented ComboFix which did not repair anything, it had no effect. Through further research, I installed Microsoft Security Essentials (MSSE). This program was the only one of the 3 to identify instantly the Win32/Ramnit A and B. It found infections of these types by the dozens. The first scan revealed 110 infections. After removal and reboot, infections were again found instantly. The number of infections is staggering, MSSE will find over 100, then over 200, and so on, at most that I have seen, it read over 400 infections, all of which were either Win32/Ramnit.A or Win32/Ramnit.B.

    The second that they are cleaned through MSSE, they return.

    Now, its becoming much worse, last week, when I noticed something was wrong, the computer was functioning still. Now, Firefox will not open, it crashes instantly. Oddly Nero, which was inoperable at the onset, is now once again working. Constantly, MSSE keeps finding, removing, and finding more infections.

    I have never had this type of trouble with a Virus, normally Prevx is proactive and keeps my computer safe. Not this time. I produced a HijackThis log but am unable to include it in the post as I have not yet posted enough. Please let me know if it is important for a solution and I will include it. Thank you.
     
    ottomatic, Aug 9, 2010
    #1
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.