Please help. Last night I stopped being able to access my website for which I have a Filezilla client shortcut on my desktop, although any other computer could access it fine. That was the first problem.

Then a few hours later I started getting tons of Avast warnings for ExeDroper and Win32:Ramnit every few seconds.

Then when I tried running Malwarebytes, I kept getting an error message when I tried to update the definitions. I noticed Avast was the same.

Then I stopped being able to access the Avast forum domain on IE, although other websites worked. Same with sites to download MWB again.

I set the max size of my virus chest to 0 as suggested in similar posts. when I tried a boot time scan, it could not complete because after a while it could not save to chest because it said the disk was full.

I am currently using an old computer to access this site. I would be so grateful if someone could help me; I run my business from my infected computer and am lost without it.

Thanks

Jason

I forgot to add that I am using the free version of Avast.

Currently running the infected machine in Safe Mode to see why Avast said the drive was full on the boot time scan. Just noticed each time I go to settings in Avast and change the max size of the chest to 0 and click on “OK”, the next time I go into virus chest settings it is reset to 256MB…

From the info i find on the net, Ramnit is a file infector and not so easy to clean, so you need our expert malware remover Essexboy on this

Follow this guide from our expert malware remover Essexboy, and post the log`s here
http://forum.avast.com/index.php?topic=53253.0

To avoid using multiple posts with copy and paste you have to attach the logs
Lower left corner: Additional Options > Attach ( OTL.Txt and Extras.Txt.)

Thanks for the reply Pondus… I was wondering, should I be doing the Malwarebytes scan or others if I can’t upgrade the definitions first?

just do the part of the guide you are able to do, and post the logs so essexboy can see what/where the problem is

Also… I can’t reach this forum on the infected computer to post the logs to. Although most of the rest of the web works fine…

It seemed this time I was able to update my Avast virus definitions this time, though the first couple times it said error connecting to server. Still get an error message with Malwarebytes.

Could you do the following please

Download Dr Web from here http://www.freedrweb.com/?lng=en link on the top right of the page, tick the EULA and then download

It will download as an 8 digit file save it to your desktop

Restart in safe mode and run
Accept the enhanced version
Then run the quick scan
About halfway through you will be prompted to buy - just X the box closed
Once finished it will generate a log please attach that

Thanks for the reply Essexboy. I am current downloading DrWeb as you instructed. However I will not be able to paste the log directly here because the infected computer will not allow me to access this forum. I’ve just found, however, that I can access the geekstogo forum from the infected computer and have posted my OTL there at http://www.geekstogo.com/forum/topic/289581-win32ramnit-e-exedropper-blocking-access-to-malwarebytes-update-avast-forum/

I’ve found I can attach logs to the geekstogo forum from the infected computer, then access the forum from this clean computer and copy them from geekstogo and paste here…

I’ve attached my OTL log here for you in the meantime

I’ve just finished running Malwarebytes again without the latest updates, and, after restart, I am now able to access this forum from the infected computer! Also, I am now able to update Malwarebytes!

I’ve attached the MWB log of the last scan.

Almost finished downloading DrWeb (large file! 49.1MB) About to do the scan with that program…

Ok I will continue this in the Geeks to go thread with you

Just in case you’ve logged out of geekstogo…

DrWeb scan is just finishing and a popup came up saying “the HOSTS file modified”. Shall I allow it to restore the default HOSTS file?

HELP!

I’m just running the OTL scan with the “Custom Scans/Fixes” rules pasted in again, and as it was creating the restore point an error message came up. I clicked ok, and now the program is stuck at creating the restore point. It says DO NOT INTERRUPT… Can I close it and restart the system, or will that screw everything up? Not sure what to do, please help…

It will probably be a couple of hours before essexboy is back on line after work.

figurer, I noticed on the gtg forum that you asked about your “My Documents” showing up when you logged into your computer.

Give this KB article a try: http://support.microsoft.com/kb/899865

Thanks Scythe,

Before I can do that… can anyone help me by letting me know whether I’m OK to just shut down the stuck OTL scan with the suggested custom fix? It is stuck at creating the restore point. An error message came up that I clicked OK to and has been stuck for the last hour. I am scared to shut down and reset because the OTL program says “DO NOT INTERRUPT”…

The custom fix I entered (suggested by Essexboy) is:
:OTL
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.164.128,93.188.160.208
[2010/11/03 10:06:57 | 000,000,000 | —D | C] – D:\WINDOWS\LMI15.tmp

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]

Unfortunately, I’m not really sure. Essexboy or someone of his expertise would be needed to answer that question for you.

However, if there are no other options other than to shutdown or restart, I wouldn’t really care what OTL had to say. If there’s no other choice, then there’s no other choice.

That’s just me though, and I would leave it alone until I heard from Essexboy for further suggestions.

If it gets stuck in that loop - which it does sometimes, it is OK to close the programme and reboot