We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Riddled with ramnit
Cadi
Posts: 489 Forumite
in Techie Stuff
I'm not very computer savvy (this will become obvious). I uninstalled AVG due to toolbar issues and before I reinstalled it I got a virus (have Trojan Hunter but didn't catch it). Malwarebytes has confirmed it to be ramnit (had 1400 errors on the first full scan yesterday, then none on a repeat scan after rebooting, then 38 or so this morning). I wasn't able to access any anti-viral websites or microsoft, but I've managed to install Avast (thanks to a link on this forum) which is now alerting me to viruses on a frequent basis. IE is not working, nor is google chrome (using firefox).
From a search on here and other forums it seems that a system reinstall is probably a good idea. My OS is Windows XP and I don't have a disc for this (came installed on my Dell PC) but I think I've found instructions for this. I am going to back-up my photos etc onto CDs. I've uninstalled iTunes as couldn't access it. Will I lose my iTunes library? Is there anything else I should do or try?
From a search on here and other forums it seems that a system reinstall is probably a good idea. My OS is Windows XP and I don't have a disc for this (came installed on my Dell PC) but I think I've found instructions for this. I am going to back-up my photos etc onto CDs. I've uninstalled iTunes as couldn't access it. Will I lose my iTunes library? Is there anything else I should do or try?
0
Comments
-
Can you post the logs from Malwarebytes here to start off with? (Open Malwarebytes, LOGS tab and post the logs in question).0
-
try an avast boot time scan
if you factory restore, you'll lose everything!!
> . !!!! ----> .0 -
Thanks guys. This is the log from earlier today: I tried to run a full scan this evening again but avast was constantly flashing up with viruses on malwarebytes itself before it crashed. I've just rebooted and avast promptly crashed again.
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Database version: 8142
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11
13/11/2011 12:01:56
mbam-log-2011-11-13 (12-01-56).txt
Scan type: Full scan (C:\|)
Objects scanned: 268561
Time elapsed: 2 hour(s), 36 minute(s), 1 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 31
Registry Values Infected: 26
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 67
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{CD000001-8B95-11D1-82DB-00C04FB1625D} (Virus.Ramnit) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CDO.Message.1 (Virus.Ramnit) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CDO.Message (Virus.Ramnit) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{CD000000-8B95-11D1-82DB-00C04FB1625D} (Virus.Ramnit) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{CD000020-8B95-11D1-82DB-00C04FB1625D} (Virus.Ramnit) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{10072CEC-8CC1-11D1-986E-00A0C955B42E} (Virus.Ramnit) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\PeerDraw.PeerDraw.1 (Virus.Ramnit) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\PeerDraw.PeerDraw (Virus.Ramnit) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{CC0B082D-A7FB-11D3-BC35-00C04F79E594} (Virus.Ramnit) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{5328A245-A8B6-11D3-BC35-00C04F79E594} (Virus.Ramnit) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MsoLang.LanguageResources.1 (Virus.Ramnit) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MsoLang.LanguageResources (Virus.Ramnit) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8376CB5C-B66B-4678-AB07-03E5FDA2F04E} (Virus.Ramnit) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CXLServer.CXLServer.1 (Virus.Ramnit) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CXLServer.CXLServer (Virus.Ramnit) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{B776FDAF-2388-42D0-8A7C-386E1BC2E19E} (Virus.Ramnit) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Pdapi2.ApiImpl.1 (Virus.Ramnit) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Pdapi2.ApiImpl (Virus.Ramnit) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5F6FFE82-8B74-43BF-A583-EF4E3AEF9C3D} (Virus.Ramnit) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\SyncProxy.SyncProxyAddin.1 (Virus.Ramnit) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\SyncProxy.SyncProxyAddin (Virus.Ramnit) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{E3AA9B8F-F8BF-4536-A3D8-B405A4C6B5AE} (Virus.Ramnit) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{9FA4F9E0-BBAA-11D3-B375-0800460222F0} (Virus.Ramnit) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{CAAB2715-2CC2-44B1-8451-2F876B33AC76} (Virus.Ramnit) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} (Virus.Ramnit) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{D01E70E5-2E5A-4EDC-B8A7-84FA45346E34} (Virus.Ramnit) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{9DF0C21E-FBC2-436A-9C9D-71BC6A6AC9F4} (Virus.Ramnit) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShellExecuteHook.SABShellExecuteHook.1 (Virus.Ramnit) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShellExecuteHook.SABShellExecuteHook (Virus.Ramnit) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MICORSOFT_WINDOWS_SERVICE (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Micorsoft Windows Service (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\REFERENCE TITLES\MSREFTL.DLL (Virus.Ramnit) -> Value: MSREFTL.DLL -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\CDO\CDOEX.DLL (Virus.Ramnit) -> Value: CDOEX.DLL -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\OFFICE10\USP10.DLL (Virus.Ramnit) -> Value: USP10.DLL -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\COMMON FILES\RESEARCH IN MOTION\BBBI DRIVERS\VBB\VBBCLIENTCOMMFORWM.DLL (Virus.Ramnit) -> Value: VBBCLIENTCOMMFORWM.DLL -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\COMMON FILES\RESEARCH IN MOTION\RIMDEVICEMANAGER\RIM_SERIAL.DLL (Virus.Ramnit) -> Value: RIM_SERIAL.DLL -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE10\MSOSTYLE.DLL (Virus.Ramnit) -> Value: MSOSTYLE.DLL -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE10\1033\MSOLANG.DLL (Virus.Ramnit) -> Value: MSOLANG.DLL -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\RESEARCH IN MOTION\BLACKBERRY\ATTENDEES.DLL (Virus.Ramnit) -> Value: ATTENDEES.DLL -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\RESEARCH IN MOTION\BLACKBERRY\CONFIGURATIONUPGRADE.DLL (Virus.Ramnit) -> Value: CONFIGURATIONUPGRADE.DLL -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\RESEARCH IN MOTION\BLACKBERRY\CONNECTORREQUESTHANDLER.DLL (Virus.Ramnit) -> Value: CONNECTORREQUESTHANDLER.DLL -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\RESEARCH IN MOTION\BLACKBERRY\CXLB.DLL (Virus.Ramnit) -> Value: CXLB.DLL -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\RESEARCH IN MOTION\BLACKBERRY\ILSYNC.DLL (Virus.Ramnit) -> Value: ILSYNC.DLL -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\RESEARCH IN MOTION\BLACKBERRY\ILSYNCEX.DLL (Virus.Ramnit) -> Value: ILSYNCEX.DLL -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\RESEARCH IN MOTION\BLACKBERRY\ILTIF32.DLL (Virus.Ramnit) -> Value: ILTIF32.DLL -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\RESEARCH IN MOTION\BLACKBERRY\ILX32.DLL (Virus.Ramnit) -> Value: ILX32.DLL -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\RESEARCH IN MOTION\BLACKBERRY\MIMEPP_CORE.DLL (Virus.Ramnit) -> Value: MIMEPP_CORE.DLL -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\RESEARCH IN MOTION\BLACKBERRY\PTATTACH.DLL (Virus.Ramnit) -> Value: PTATTACH.DLL -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\RESEARCH IN MOTION\BLACKBERRY\PTSSLOG.DLL (Virus.Ramnit) -> Value: PTSSLOG.DLL -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\RESEARCH IN MOTION\BLACKBERRY\SYNCCONFIRMATION.DLL (Virus.Ramnit) -> Value: SYNCCONFIRMATION.DLL -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\RESEARCH IN MOTION\BLACKBERRY\SYNCCONFLICT.DLL (Virus.Ramnit) -> Value: SYNCCONFLICT.DLL -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\RESEARCH IN MOTION\BLACKBERRY\USERLOCMGR.DLL (Virus.Ramnit) -> Value: USERLOCMGR.DLL -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\RESEARCH IN MOTION\BLACKBERRY\ZLIB1.DLL (Virus.Ramnit) -> Value: ZLIB1.DLL -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\RESEARCH IN MOTION\BLACKBERRY\IS71 ACTION ENGINE\SYNCAE_PB.DLL (Virus.Ramnit) -> Value: SYNCAE_PB.DLL -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\RESEARCH IN MOTION\BLACKBERRY\IS71 CONNECTORS\MS OUTLOOK CONNECTOR\MSOUTLOOKAPI.DLL (Virus.Ramnit) -> Value: MSOUTLOOKAPI.DLL -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\RESEARCH IN MOTION\BLACKBERRY\IS71 CONNECTORS\YAHOO CONNECTOR\DCSXLATOR.DLL (Virus.Ramnit) -> Value: DCSXLATOR.DLL -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} (Virus.Ramnit) -> Value: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\program files\common files\microsoft shared\reference titles\MSREFTL.DLL (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\program files\common files\microsoft shared\CDO\CDOEX.DLL (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\program files\common files\microsoft shared\Office10\UCS20.DLL (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\program files\common files\microsoft shared\Office10\USP10.DLL (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\program files\common files\microsoft shared\Proof\MSTHES3.DLL (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\program files\common files\microsoft shared\VGX\vgx.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\program files\common files\research in motion\bbbi drivers\VBB\vbbclientcommforwm.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\program files\common files\research in motion\rimdevicemanager\rim_serial.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\program files\microsoft office\Office10\BIDI32.DLL (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\program files\microsoft office\Office10\MSOSTYLE.DLL (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\program files\microsoft office\Office10\WDBIMP.DLL (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\program files\microsoft office\Office10\1033\MSOLANG.DLL (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\program files\dell support center\bin\ssleay32.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\program files\dell support center\HWDiag\bin\Common.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\program files\dell support center\HWDiag\bin\msvcp71.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\program files\dell support center\HWDiag\bin\msvcr71.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\program files\dell support center\HWDiag\bin\pcd5services.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\program files\dell support center\HWDiag\bin\pcdrmodemui.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\program files\dell support center\HWDiag\bin\SSE3DLL.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\program files\research in motion\blackberry\attendees.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\program files\research in motion\blackberry\configurationupgrade.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\program files\research in motion\blackberry\connectorrequesthandler.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\program files\research in motion\blackberry\CXLB.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\program files\research in motion\blackberry\ilsync.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\program files\research in motion\blackberry\ilsyncEx.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\program files\research in motion\blackberry\iltif32.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\program files\research in motion\blackberry\ilx32.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\program files\research in motion\blackberry\mimepp_core.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\program files\research in motion\blackberry\PTATTACH.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\program files\research in motion\blackberry\PtSSLog.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\program files\research in motion\blackberry\syncconfirmation.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\program files\research in motion\blackberry\syncconflict.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\program files\research in motion\blackberry\userlocmgr.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\program files\research in motion\blackberry\zlib1.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\program files\research in motion\blackberry\is71 action engine\syncae_pb.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\program files\research in motion\blackberry\is71 connectors\data migration wizard\attendees.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\program files\research in motion\blackberry\is71 connectors\data migration wizard\cxlserver1.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\program files\research in motion\blackberry\is71 connectors\data migration wizard\ilsyncEx.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\program files\research in motion\blackberry\is71 connectors\data migration wizard\iltif32.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\program files\research in motion\blackberry\is71 connectors\data migration wizard\ilx32.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\program files\research in motion\blackberry\is71 connectors\data migration wizard\mimepp_core.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\program files\research in motion\blackberry\is71 connectors\data migration wizard\PTATTACH.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\program files\research in motion\blackberry\is71 connectors\data migration wizard\PtSSLog.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\program files\research in motion\blackberry\is71 connectors\data migration wizard\syncconfirmation.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\program files\research in motion\blackberry\is71 connectors\data migration wizard\userlocmgr.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\program files\research in motion\blackberry\is71 connectors\data migration wizard\Wizard.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\program files\research in motion\blackberry\is71 connectors\data migration wizard\zlib1.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\program files\research in motion\blackberry\is71 connectors\data migration wizard\connectors\palm desktop\pdapi2.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\program files\research in motion\blackberry\is71 connectors\data migration wizard\connectors\palm desktop\pdoptions.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\program files\research in motion\blackberry\is71 connectors\data migration wizard\connectors\palm desktop\syncproxy.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\program files\research in motion\blackberry\is71 connectors\data migration wizard\connectors\windows mobile connector\desktopclient.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\program files\research in motion\blackberry\is71 connectors\ms outlook connector\msoutlookapi.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\program files\research in motion\blackberry\is71 connectors\yahoo connector\attendees.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\program files\research in motion\blackberry\is71 connectors\yahoo connector\authentication.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\program files\research in motion\blackberry\is71 connectors\yahoo connector\calendarobjectmodel.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\program files\research in motion\blackberry\is71 connectors\yahoo connector\configuration.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\program files\research in motion\blackberry\is71 connectors\yahoo connector\contactsobjectmodel.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\program files\research in motion\blackberry\is71 connectors\yahoo connector\dcsxlator.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\program files\research in motion\blackberry\is71 connectors\yahoo connector\dcsxlatorutil.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\program files\research in motion\blackberry\is71 connectors\yahoo connector\Logger.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\program files\research in motion\blackberry\is71 connectors\yahoo connector\ltxmllib5u_vc80.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\program files\research in motion\blackberry\is71 connectors\yahoo connector\notesobjectmodel.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\program files\research in motion\blackberry\is71 connectors\yahoo connector\protocolhandler.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\program files\research in motion\blackberry\is71 connectors\yahoo connector\xmlaccess.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\program files\research in motion\blackberry\is71 connectors\yahoo connector\yahoonotifier.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\program files\research in motion\blackberry\is71 connectors\yahoo connector\yahooui_options.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\program files\superantispyware\SASSEH.DLL (Virus.Ramnit) -> Quarantined and deleted successfully.0 -
did you do a boot time scan
failing that, try a boot cd, burn to cd using imgburn disc image option
http://support.kaspersky.com/viruses/rescuedisk!!
> . !!!! ----> .0 -
Thanks closed, running a boot scan now, it's taking a while.0
-
ramnit is a complete PITA, as it's a regenerating virus...good luck
you may want to run combofix after the bootime scan
http://www.bleepingcomputer.com/combofix/how-to-use-combofix download link partway down page (scroll down)
If you do post the log up here ......Gettin' There, Wherever There is......
I have a dodgy "i" key, so ignore spelling errors due to "i" issues, ...I blame Apple
0 -
Well, I ran a boot time scan which removed a lot of infections (ramnit G and H, PrefPoly, Kryptik-FFB and Cycbot-gen noted) and my PC has been running much more smoothly. I can now access anti-viral pages and microsoft, and avast has not warned me of any infections since then. I tried running Combofix but had numerous file error warnings and didn't appear to run correctly. I did a full malwarebytes scan again this morning and it picked up one trojan. This is the log:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Database version: 8142
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11
15/11/2011 11:11:49
mbam-log-2011-11-15 (11-11-49).txt
Scan type: Full scan (C:\|D:\|)
Objects scanned: 272132
Time elapsed: 2 hour(s), 31 minute(s), 42 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Micorsoft Windows Service (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Any additional suggestions gratefully received!0 -
Actually, you won't be able to run combofix as you have avg - the two are incompatible with each other. The other I would probably recommend would be Dr Web, but be warned - it is VERY good, but it will take 10-12 hrs to scan your machine. If you do use it, the first time it detects something it will wait for an input from you. Select Yes to all (or however it's worded) , then it will automatically kill/quarantine anything else it finds without any further user input ......Gettin' There, Wherever There is......
I have a dodgy "i" key, so ignore spelling errors due to "i" issues, ...I blame Apple0 -
I'd do the kaspersky boot cd scan, then when clean, backup data and reinstall, virus scanners can do their best at removing infections, but don't undo all the damage.!!
> . !!!! ----> .0 -
Combofix does't run on vista as well...
You're being given good advise from closed and GunJack which is good to know!0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 351.7K Banking & Borrowing
- 253.4K Reduce Debt & Boost Income
- 454K Spending & Discounts
- 244.7K Work, Benefits & Business
- 600.1K Mortgages, Homes & Bills
- 177.3K Life & Family
- 258.3K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.2K Discuss & Feedback
- 37.6K Read-Only Boards