Win32/RAMNIT.A Anyone?

Discussion in 'Virus Information' started by David Kaye, Jul 27, 2010.

  1. David Kaye

    John Navas Guest

    I thought "this class of virus" would be specific enough,
    but you're right that I should have been clearer,
    and I thank you for the clarification.
     
    John Navas, Aug 10, 2010
    1. Advertisements

  2. | I thought "this class of virus" would be specific enough,
    | but you're right that I should have been clearer,
    | and I thank you for the clarification.

    Thank you for all the networking information you have provided over the years.

    BTW: Your Thwate email cert. expired in January.
     
    David H. Lipman, Aug 10, 2010
    1. Advertisements

  3. David Kaye

    John Slade Guest

    I do the same thing. Sometimes I do a repair reinstall
    if it's Windows XP then do the updates.

    John
     
    John Slade, Aug 10, 2010
  4. David Kaye

    John Navas Guest

    Yep. Thwate shut down that service.
     
    John Navas, Aug 10, 2010
  5. Just curious, what did you mean by 'this class of virus' and the
    infection of possibly needed executables?

    ....and yes, if you have a good backup you're golden - much more
    preferable to replace than to disinfect.
     
    FromTheRafters, Aug 10, 2010
  6. David Kaye

    John Navas Guest

    I meant the class of virus that implants its own executable files,
    and protects them from most methods of removal. Sorry for not being
    more clear.
     
    John Navas, Aug 10, 2010
  7. David Kaye

    David Kaye Guest

    No, of course not, but in those days (and my dad told me he'd first heard the
    phrase during World War II radio duty) electronics was a man's game -- not
    just a man's game, but a "man's man" game, not unlike car repair, boxing, or
    icing.
     
    David Kaye, Aug 10, 2010
  8. David Kaye

    David Kaye Guest

    I was a rebel in high schoo. I even violated Ohm's law a few times on the
    weekends...

    Uh, I'm schizophrenic?
     
    David Kaye, Aug 10, 2010
  9. Are you a member of the resistance?
    :eek:D
     
    FromTheRafters, Aug 10, 2010
  10. That's okay. You are correct that self-contained replicator files can be
    deleted outright - there is nothing there that needs to be salvaged, but
    Ramnit.a actually modifies (infects/trojanizes) preexisting program
    files (although not with a replicant).
     
    FromTheRafters, Aug 10, 2010
  11. David Kaye

    John Navas Guest

    That depends on the actual problem, what the anti-virus system is or is
    not able to remove and disinfect on its own. According to this report:
    <http://www.threatexpert.com/report.aspx?md5=074a688443faea25c2589975069de044>
    Win32/RAMNIT.A modifies few essential executables. My own experience
    with Microsoft Security Essentials (cf OP) is that only non-essential
    files are missed in this case. Do you have experience to the contrary?
     
    John Navas, Aug 10, 2010
  12. David Kaye

    Dustin Guest

    (David Kaye) wrote in
    it's still an honored skillset, atleast, IMHO.
     
    Dustin, Aug 10, 2010
  13. David Kaye

    David Kaye Guest

    Yeah. We violated Ohm's law all the time but never got arrested. Some said
    it was a power trip. Some guys in our crowd just liked getting all amped up.
     
    David Kaye, Aug 10, 2010
  14. David Kaye

    David Kaye Guest

    I already knew about car repair and stuff, but icing was one of those male
    rituals I just learned about. Now I feel really really manly.
     
    David Kaye, Aug 10, 2010
  15. From: "John Navas" <>

    | On Tue, 10 Aug 2010 07:45:46 -0400, in

    | That depends on the actual problem, what the anti-virus system is or is
    | not able to remove and disinfect on its own. According to this report:
    | <http://www.threatexpert.com/report.aspx?md5=074a688443faea25c2589975069de044>
    | Win32/RAMNIT.A modifies few essential executables. My own experience
    | with Microsoft Security Essentials (cf OP) is that only non-essential
    | files are missed in this case. Do you have experience to the contrary?

    That ThreatExpert report is insuficient.

    Go back and read Ant's analysis based upon the Ramnit samples I provided him with.
     
    David H. Lipman, Aug 10, 2010
  16. David Kaye

    John Navas Guest

    In which of the 184 messages in this thread would those specifics be?
     
    John Navas, Aug 10, 2010
  17. | In which of the 184 messages in this thread would those specifics be?

    Message-ID: <>

    Message-ID: <>
     
    David H. Lipman, Aug 10, 2010
  18. David Kaye

    John Navas Guest

    Thank you. That would seem to confirm what I wrote:

    It does NOT infect:-
    1) Files in the windows directory and its subdirectories.
     
    John Navas, Aug 10, 2010
  19. No, but I think I understand what you are saying now.
     
    FromTheRafters, Aug 11, 2010
  20. David Kaye

    John Navas Guest

    I understood what I was saying in the first post, thank you very much.
     
    John Navas, Aug 11, 2010
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.