1 2 3 4 Previous Next 38 Replies Latest reply on Feb 10, 2011 7:34 AM by Peter M

    Help - Ramnit.a!htm virus in my computer

      Hello folks !

       

      My full Mcafee scans show I have the recurring  'worm' virus:  Ramnit.a!htm - since 25 September 2010 - infecting files in my computer - the full scan will only 'clean' the virus & repair the infected files (Plus quarantine any other viruses it keeps letting in)

       

      I followed the McAfee instructions re disengaging 'System Restore' etc...but I cant' find the DAT 6123 which I think is required as the download to get rid of the 'worm' virus once and for all...!

       

      Can anyone advise re

      1) How to remove this 'worm' virus once and for all

       

      2) How to locate and download DAT 6123 (I went right throught the McAfee Threats Library on this virus - 46 pages - and could not locate DAT 6123 at all)

       

      Any help & advice on this VERY MUCH appreciated !!

        • 1. Re: Help - Ramnit.a!htm virus in my computer
          ConorD62

          Hi Blakey,


          Please open you're McAfee product, and go to Navigation > About > VirusScan, and see what DAT you are on.


          Then please enter safe mode by restarting and continuously pressing F8 from start up, then enter Safe Mode WITH Networking.


          Update McAfee, then run a full scan,


          Then please download Malwarebytes, then if Malwarebytes doesn't catch it, please run SuperantiSpyware


          Good Luck.


          Thanks.


           

           

           

          Message was edited by: ConorD62 on 08/02/11 06:13:38 CST
          • 2. Re: Help - Ramnit.a!htm virus in my computer
            Peter M

            Blakey that DAT is the minimum required - we are way past that now so you've already got it.

            • 3. Re: Help - Ramnit.a!htm virus in my computer

              Many Thanks Conor !

               

              I have done the first part and found I am on DAT 6250

               

              Sorry please bear with me, but I'm rather new to this !

              - The next part re 'Enter safe mode' - What exactly do I then do - do you mean shut dowm my compter and 're-start' it ?

               

              I note the button marked 'F8' at the top of the keyboard for repeated pressing

               

              Do I need to change the DAT I am on ? - Are you saying to then update McAfee to DAT 6123  ?

               

              Sorry to sound dense but I've never encountered anything like this before !!!

               

              Many Thanks again for your kind reply !

              • 4. Re: Help - Ramnit.a!htm virus in my computer

                Thanks Peter !

                 

                I'm still not sure re the next part as I stated about Re-starting etc....

                • 5. Re: Help - Ramnit.a!htm virus in my computer
                  ConorD62

                  Hi Blakey,


                  Yes, restart the computer and continuously press F8 from the start up.


                  The DAT you have is fine and should get rid of it.


                  Thanks.


                   

                  • 6. Re: Help - Ramnit.a!htm virus in my computer
                    Peter M

                    I had a look at what McAfee Labs report says about Ramnit.a!htm and it says to disable System Restore before doing anything else.

                     

                    Not sure of what system and service pack you are using but they don't vary that much really.  Right-click My Computer (XP) or Computer (Vista/Windows 7) and select Properties.

                     

                    XP:

                     

                    Steps to turn off System Restore

                    1. Click Start, right-click My Computer, and then click Properties.
                    2. In the System Properties dialog box, click the System Restore tab.
                    3. Click to select the Turn off System Restore check                     box. Or, click to select the Turn off System Restore on all drives check box.
                    4. Click OK.
                    5. When you receive the following message, click Yes to confirm that you want to turn off System                     Restore:
                      You have chosen to turn off System  Restore. If you continue, all existing restore points will be deleted,  and you will not be able to track or undo changes to your computer.

                      Do you want to turn off System Restore?
                      After a few moments, the System Properties dialog box closes.

                    Steps to turn on System Restore  (when this is all sorted out)

                    1. Click Start, right-click My Computer, and then click Properties.
                    2. In the System Properties dialog box, click the System Restore tab.
                    3. Click to clear the Turn off System Restore check                     box. Or, click the Turn off System Restore on all drives check box.
                    4. Click OK.

                      After a few moments, the System Properties dialog box closes.

                     

                    Vista/Windows 7:

                     

                    1. Click the Start Button.

                    2. From the Start menu click Control panel.

                    3. In Control Panel click the System Icon.

                    4. On the Left of the System properties window you will see a list of Tasks, click on the System protection link.

                    5. In the System Protection window remove the 'Tick' mark from beside the drive you want to disable system restore on.

                    6. A message will now appear asking: 'Are you sure you want to turn System restore off'.

                    7. Press the Turn System restore Off button.

                    8. System Restore will now be turned off permanently on that particular drive.

                    9. To re-enable system restore  (once this is sorted out) just click your mouse in the box next to the drive you require system restore to monitor ( a tick will appear in the box), the click the Apply button and system restore will resume monitoring the drive.

                     

                     

                    Once that's done we can then boot into Safe Mode with Networking by tapping F8 repeatedly while booting up and selecting that item from the ensuing menu, usually 2nd from the top.

                     

                    That mode allows you internet access yet keeps most processes incvluding malware from starting up hence making malware easier to remove.

                     

                    Then simply open Computer (Vista or Windows 7) , My Computer (XP) and right-click your drive and select 'Scan".  All you'll see is an extra icon on the taskbar (bottom by the clock) and hovering over it will tell you what's going on.  It takes a while to complete so be patient.

                     

                    That will hopefully get rid of it.  IOf it doesn't you can download, update and run the freee version of MalwareBytes that Conor suggested in that mode too.   That should take care of it.

                     

                    Edit:  Sorry Conor, I wasn't sure you were signed in or not....;-)

                     

                     

                    Message was edited by: Ex_Brit on 08/02/11 8:26:36 EST AM
                    • 7. Re: Help - Ramnit.a!htm virus in my computer

                      Many Thanks Guys.....Ii'll have a go !

                       

                      I am on XP & I disengaged 'System Restore' yesterday per McAfee instructions.

                       

                      Thanks for the extra info on re-setting it later Peter !

                       

                      Many Thanks Conor & Peter - I'll let you know how it goes !!

                      • 8. Re: Help - Ramnit.a!htm virus in my computer
                        Peter M

                        Good luck. ;-)

                        • 9. Re: Help - Ramnit.a!htm virus in my computer
                          Peter M

                          By the way I hope that's XP SP3?

                          1 2 3 4 Previous Next