1 Reply Latest reply on Nov 6, 2010 8:10 PM by Hayton

    Ramnit.a

      Hi all,

       

      Looks like i'm infected with Ramnit.a

       

      Dell Inspiron Laptop, pre installed Mcafee subscription.

       

      Suffered two blue screen shut downs after normal start up with Windows box error message showing "appdata\local\wmaterx.dll missing"

      Ran Full scan showing 1 file found and repaired, checked logs which showed real time scans detecting and repairing a file every second or so - file infected with 'ramnit.a'.

       

      I rebooted in Safe Mode with Networking, ran Full Scan again. Here's the Security Report:

       

      06/11/2010 17:52:31 Scan Started: 11/06/2010 05:52:31 PM
      06/11/2010 18:49:26 "C:\Users\Ben\AppData\Local\Temp\3A0A.tmp" "Artemis!072C8354BDFC" "5"
      06/11/2010 19:52:59 Total objects scanned: 270421

      06/11/2010 19:52:59 Objects detected: 1

      06/11/2010 19:52:59 Scan Done: 11/06/2010 07:52:59 PM

      06/11/2010 20:14:42 Scan Started: 11/06/2010 08:14:42 PM

      06/11/2010 20:16:47 "c:\users\ben\appdata\roaming\microsoft\windows\cookies\ben@doubleclick[1].txt" "Cookie-Doubleclick" "13"

      06/11/2010 21:26:50 "C:\Users\Kezia\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04 -3aa5e90a-n\msvcr71.dll" "W32/Ramnit.a" "5"

      06/11/2010 21:26:52 "C:\Users\Kezia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bomab.exe" "W32/Ramnit.a" "5"

      06/11/2010 21:26:53 "C:\Users\Kezia\AppData\Roaming\Mozilla\Firefox\Profiles\ghej97sm.default\bookm arks.html" "W32/Ramnit.a!htm" "5"

      06/11/2010 21:54:39 Total objects scanned: 278337

      06/11/2010 21:54:39 Objects detected: 4

      06/11/2010 21:54:39 Scan Done: 11/06/2010 09:54:39 PM

       

      Also ran Stinger as suggested, here's the Report:

       

      McAfee(r) Labs Stinger(tm) Version 10.1.0.1096 built on Oct 28 2010

      Copyright (c) 2010 McAfee, Inc. All Rights Reserved.

      Virus data file v1000.0000 created on Oct 28 2010.

      Ready to scan for 2065 viruses, trojans and variants.

       

      Scan initiated on Sat Nov 06 20:21:59 2010

        Number of clean files: 239011

       

       

      Scan ran on Very High, report only.

       

      Any ideas how to remove it? Thanks for any help!!

       

      Ben Jennings

        • 1. Re: Ramnit.a
          Hayton

          This is a malware question, so it should really be in the malware forum where the experts will pick it up.

           

          The path for that is :

          McAfee Communities > Security Awareness > Malware Discussion > Home User Assistance

           

          You can, I think, move it yourself - otherwise a moderator can do it for you.

           

          Look under 'Actions' on the RH side of the page, and you will see an option for 'Move Thread'.

           

          Click on it, then either type 'Home User Assistance' into the box, or click on 'All Communities' and scroll down the list of groups until you find the right place to move it to.

           

           

          Message was edited by: Hayton on 07/11/10 01:10:35 GMT
          1 of 1 people found this helpful