5 Replies Latest reply on Apr 18, 2011 10:27 AM by davidh

    Ramnit.a again


      I have just found i have ramnit.a.  It must have got on 2 days ago.  I have windows XP (2004) and have macafee dat 6316. I am currently on the third full scan in safe mode with system restore switched off.  Before i give up and do a full reformat, since this seems to only affect exe, dll and html files am I ok to copy music/photo/document files to external hard drive or will the virus find its way across?

       

      Thanks for any response.

        • 1. Re: Ramnit.a again
          Peter M

          XP SP3 I hope?   You say 'again', like this is not the first time?

           

          Try the following in "Safe Mode with Networking", reached by tapping F8 repeatedly while booting up - all the following steps will work in that mode.

           

          Download, install, update (important) and run a full scan with the FREE version of THIS software.

           

          Let it remove anything it finds and reboot if it asks you to, immediately.

           

          If that fails to budge it then run Hijackthis in regular mode and post its log on one of the following forums for expert guidance.

           

          DOWNLOAD HIJACKTHIS

           

          Do not post Hijackthis logs here, we can't help with  those!

           

          Post the logs at a specialist Forum:

           

          AUMHA

           

          BLEEPINGCOMPUTER

           

          MAJOR GEEKS

           

          MALWAREBYTES

           

          MALWARE REMOVAL

           

          SPYWAREHAMMER

           

          SPYWARE INFO

           

          WHATTHETECH

           

          Be sure to read all the sticky announcements/instructions at the top of each malware forum!

          • 2. Re: Ramnit.a again

            Thanks for that Peter.  It's the first time i've had this (I said again because there are othere threads on the subject).  I'll give all that a go.  Failing that what do you think about copying unaffected files to another drive?

             

            Thanks

            • 3. Re: Ramnit.a again
              Peter M

              Sorry, I'm not too well at the moment and overlooked that request.  Possibly it will be OK but I am really not qualified to answer such a question.  One of those HJT forums would be able to, I am sure.

              • 4. Re: Ramnit.a again
                ConorD62

                Ramnit is a file infector, therefore you would probably need to reformat seeing as it infects everything.

                 

                It depends on the infection, really, but I don't think it would infect pictures, but this is just my opinion.

                • 5. Re: Ramnit.a again

                  I signed up to this forum for exactly the same thing. My current McAfee security centre failed to recognise the threat and is totally unable to deal with it. Very very unimpressed!

                   

                  I have tried all sorts of suggestions to get rid of the Ramnit.a virus but with no joy. In fact it was getting worse as it seemed a backdoor was opened and other hoards of viruses where imported to the drive. These McAfee did detect but they where coming in quicker than they could be quarantined.

                   

                  In the end I had to shut it down and pull the hard drive. I have brought a replacement drive now and am setting up for a rebuild. The infected drive is in a linux machine where I am hoping I can cherry pick off all the important files I need. Seeing a lot of my files is web work, I have a shed load of html files to clean off. I can safely say all the exe and dll files are a right off.

                   

                  I am concerned that the virus may reinfect the new drive somehow - can it live in the BIOS? I don't know. Whats worse is that I can run my back up drive as that will infect as well.

                   

                  Left me with a completely ruined set up, several web projects inaccessible and my wifes training course home assignments and work backing up - Gee thanks McAfee - remind me why I pay my subscription again?? Seems to have just made matters worse.

                   

                  AND.. the thing that really annoys me the most is that I have spend several wasted hours online and on the phone trying to speak to you about it. Like walking through treacle. The online help don't work and won't pass me to the email chat as I am using a linux machine which it don't recognise. Calls to the overseas call centre are a waste of time as the operators are reading scripts and can not help me. They asked me for details I won't know as they are on the affected PC. I can't log into my account to get my serial.

                   

                  Plus I can not find out how I will get the software reinstalled on my new drive (although I have to think seriously if I will trust McAfee to do that job again)

                   

                  The thing I want explained the most is WHY didn't McAfee see the threat and deal with it.

                   

                  Don't know how this forum works - hopefully someone will contact me.