I also have the Win32: Downloader NUA Trojan Virus.... Help needed

So my computer is running okay so far… bit worried bout this Ramnit virus though

If it was active on your system Avast would be screaming blue murder as it is a file infector, however as Avast moved it to the chest that was probably the dropper that failed to work.

If you wish though we can get a second opinion

Run ESET Online Scan

[*] Hold down Control and click on the following link to open ESET OnlineScan in a new window.
[*] ESET OnlineScan
[] Click the
http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png
button.
[
] For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
[] Click on
http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png
to download the ESET Smart Installer. Save it to your desktop.
[
] Double click on the
http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png
icon on your desktop.

[*] Check
http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png

[] Click the
http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png
button.
[
] Accept any security warnings from your browser.
[*] Check
http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png

[*] Make sure that the option “Remove found threats” is Unchecked
[*] Push the Start button.
[] ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
[
] When the scan completes, push
http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png

[] Push
http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png
, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
[
] Push the
http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png
button.
[*] Push
http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png

There we go

Note that the ESETSCAN file was done as unticked for removal per essexboy, so entries for Ramnit.T are prevalent. As you are in good hands here with essexboy, await his response before you do anything here.

Info re Ramnit.t here: (Note this is an older version) http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Virus%3AWin32%2FRamnit.T

and a more generic page from Microsoft here: http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Win32/Ramnit

Both pages explain what Ramnit is and what it is known to do.

Okay thank you

Just in two minds whether or not to just format my pc and start over… ramnit seems like it is baaaad

There is that option as if ESET cannot clean the file it will delete it

Which means you will probably lose Open office, java

But re-run ESET now and this time select remove threats

Okay i’ll do that now

Interesting. I am curious to see how effective eSet is against an “in the wild” Ramnit infection.

It says all threats cleaned

Attached the report

I must admit I am surprised that Avast did not catch them

Could you scan the ESET quarantine folder with Avast, use the right click function and see if it detects them

You will probably have the infected programmes unable to start so they may need reinstalling

Is the computer behaving any better now ?

Ive come across of ramnit ;D

its nasty

Anthony :wink:

Seems to have gone…

Pc is working fine! Could this be fixed?

Did Avast detect the files in the ESET quarantine folder ? If not we will need to upload some to Avast for analysis

Could you check windows updates please and also see how the rest of your programmes are working

Plus let me know of any anomolies that you are seeing

Sorry no i did a quick scan and nothing was found…

where is the quarantine folder? sorry, i’m not as brilliant as you guys! :smiley:

There should be a folder on your C drive called ESET quarantine, or it may be in programme files\eset

Open the folder and right click one file and select scan with Avast, does it alert ?

I hope you restarted after the eSet scan? There was a log entry that said it would not be removed till a restart done:

C:\Documents and Settings\Gemma Wright\AS3fXO3 a variant of Win32/Kryptik.ADSK trojan cleaned by deleting (after the next restart) - quarantined

Yeah i have

Done it, says SCAN COMPLETE, NO THREATS FOUND

Appears only eSet and Microsoft have signatures for this Win32/Ramnit.T variant.

The only issue i’m having now is blackberry media sync wont unistall and launches windows installer when i turn on my pc

Could you try an uninstall over the top please

Also did you locate the quarantine folder ?