So my computer is running okay so far… bit worried bout this Ramnit virus though
If it was active on your system Avast would be screaming blue murder as it is a file infector, however as Avast moved it to the chest that was probably the dropper that failed to work.
If you wish though we can get a second opinion
Run ESET Online Scan
[*] Hold down Control and click on the following link to open ESET OnlineScan in a new window.
[*] ESET OnlineScan
[] Click the
http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png
button.
[] For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
[] Click on
http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png
to download the ESET Smart Installer. Save it to your desktop.
[] Double click on the
http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png
icon on your desktop.
[*] Check
http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png
[] Click the
http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png
button.
[] Accept any security warnings from your browser.
[*] Check
http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png
[*] Make sure that the option “Remove found threats” is Unchecked
[*] Push the Start button.
[] ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
[] When the scan completes, push
http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png
[] Push
http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png
, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
[] Push the
http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png
button.
[*] Push
http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png
There we go
Note that the ESETSCAN file was done as unticked for removal per essexboy, so entries for Ramnit.T are prevalent. As you are in good hands here with essexboy, await his response before you do anything here.
Info re Ramnit.t here: (Note this is an older version) http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Virus%3AWin32%2FRamnit.T
and a more generic page from Microsoft here: http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Win32/Ramnit
Both pages explain what Ramnit is and what it is known to do.
Okay thank you
Just in two minds whether or not to just format my pc and start over… ramnit seems like it is baaaad
There is that option as if ESET cannot clean the file it will delete it
Which means you will probably lose Open office, java
But re-run ESET now and this time select remove threats
Okay i’ll do that now
Interesting. I am curious to see how effective eSet is against an “in the wild” Ramnit infection.
It says all threats cleaned
Attached the report
I must admit I am surprised that Avast did not catch them
Could you scan the ESET quarantine folder with Avast, use the right click function and see if it detects them
You will probably have the infected programmes unable to start so they may need reinstalling
Is the computer behaving any better now ?
Ive come across of ramnit ;D
its nasty
Anthony
Seems to have gone…
Pc is working fine! Could this be fixed?
Did Avast detect the files in the ESET quarantine folder ? If not we will need to upload some to Avast for analysis
Could you check windows updates please and also see how the rest of your programmes are working
Plus let me know of any anomolies that you are seeing
Sorry no i did a quick scan and nothing was found…
where is the quarantine folder? sorry, i’m not as brilliant as you guys!
There should be a folder on your C drive called ESET quarantine, or it may be in programme files\eset
Open the folder and right click one file and select scan with Avast, does it alert ?
I hope you restarted after the eSet scan? There was a log entry that said it would not be removed till a restart done:
C:\Documents and Settings\Gemma Wright\AS3fXO3 a variant of Win32/Kryptik.ADSK trojan cleaned by deleting (after the next restart) - quarantined
Yeah i have
Done it, says SCAN COMPLETE, NO THREATS FOUND
Appears only eSet and Microsoft have signatures for this Win32/Ramnit.T variant.
The only issue i’m having now is blackberry media sync wont unistall and launches windows installer when i turn on my pc
Could you try an uninstall over the top please
Also did you locate the quarantine folder ?