We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
The Forum now has a brand new text editor, adding a bunch of handy features to use when creating posts. Read more in our how-to guide
Shopodo Shopping Browser Hijacker
Comments
-
disabling autorun/play won't stop a worm!!
> . !!!! ----> .0 -
Explain more?
Edit: Never mind, we're clouding the issue. With autorun disabled in this instance it should stop Ramnit re-infecting. The drive would need to be checked for any offending autorun.inf files.Win32/Ramnit then writes an Autorun configuration file named "autorun.inf" pointing to the worm copy in the target drive. When the removable or networked drive is accessed from another computer supporting the Autorun feature, the malware is launched automatically.0 -
If the worm infects and spreads only by changing autorun.inf, then disabling autorun would stop a user infecting a clean machine by plugging in an infected drive/usb key/cd/dvd etc.
Worms that infect/corrupt/simulate/tag onto data files or folders can go from an infected machine to anything plugged in, network shares etc, depends on the code. If the user then reinstalls windows/wipes the c: drive, plugs in infected drive again and clicks on what looks like a folder/pic/doc/html, it's back to square one.!!
> . !!!! ----> .0 -
Agreed, but from the information we have - limited, I know - possibly not relevant in this instance. The link was more for the OP, for information as how to mitigate re-infection.0
-
Ho no, you've got me worried now!
Does this mean that once all my Word docs, JPGs and HTML files are all on my back up drive, there is a chance the virus would still be on them and affect my hard drive too? Tell me it isn't so.
If it is, then how do I scan all those copied docs to ensure the damn thing is completely eradicated?
Oh yes, and what is the BEST virus/firewall protection I can get - and not one that slows my computer up like Norton did - to ensure my laptop never suffers such damage from these rogue programs ever again?Be careful what you back up.
From the MS link I gave (post #10)0 -
.JPeg's should be fine but there's a good chance the .HTML's & .doc's are infected.
You could upload a sample few to VirusTotal to check.
http://www.virustotal.com/
You could try disinfecting them with an AV, but there's a chance they may be left corrupted. With other file infectors such as virut, the viral code was often buggy so did leave files corrupted.
I have to say, if these files were important you should already have made backups of them - in the event of things like this happening they can prove invaluable.
My advice would be, when you backup your files - BE CAREFULL what you back up. Read the information & links posted previously and make sure you don't backup ANY file types Ramnit may infect.
After reinstalling windows make getting windows updates and installing & updating an antivirus your priority. Then, & only then, scan the media you have your files backed up to by initiating the context menu (right click) scan of your antivirus on the drive.
If the scans are clear, then proceed to restore the files.Oh yes, and what is the BEST virus/firewall protection I can get - and not one that slows my computer up like Norton did - to ensure my laptop never suffers such damage from these rogue programs ever again?
See post #21. You have to try to identify & eradicate whatever behaviour is causing you to be at risk from this kind of thing.0 -
by using a boot cd first - post 17!!
> . !!!! ----> .0 -
looking back, I assume I'm correct in thinking you have a website? All the more reason to make sure the .html files are disinfected or removed.
http://blogs.mcafee.com/mcafee-labs/taking-a-look-at-w32ramnit
http://techblog.avira.com/2010/11/25/closer-look-at-w32ramnit-c/en/This malware spreads via web sites, for example, as infected webmasters upload infected web pages and binary files to their servers0 -
How do you disable autorun? And when do you disable it - after you have formatted your drive and reinstalled Windows?Explain more?
Edit: Never mind, we're clouding the issue. With autorun disabled in this instance it should stop Ramnit re-infecting. The drive would need to be checked for any offending autorun.inf files.0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 353.6K Banking & Borrowing
- 254.2K Reduce Debt & Boost Income
- 455.1K Spending & Discounts
- 246.7K Work, Benefits & Business
- 603K Mortgages, Homes & Bills
- 178.1K Life & Family
- 260.7K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards