desktoplayer.exe now gone 
u do a reinstall or clean it out somehow?
i just followed safesurf’s instructions.
nice what exactly did you do, and can u guarantee the desktoplayer is removed totally?? please go to c:\programfiles\microsoft and see if the file is still there
Win32/Ramnit.A is a file infector with IRCBot functionality which infects .exe, and .HTML/HTM files, and opens a back door that compromises your computer. Using this backdoor, a remote attacker can access and instruct the infected computer to download and execute more malicious files. The infected .HTML or .HTM files may be detected as Virus:VBS/Ramnit.A. Win32/Ramnit.A!dll is a related file infector often seen with this infection. It too has IRCBot functionality which infects .exe, .dll and .HTML/HTM files and opens a back door that compromises your computer. This component is injected into the default web browser by Worm:Win32/Ramnit.A which is dropped by a Ramnit infected executable file.
– Note: As with most malware infections, the threat name may be different depending on the anti-virus or anti-malware program which detected it. Each security vendor uses their own naming conventions to identify various types of malware.
Understanding virus names
Threat aliases for Win32/Ramnit.A
With this particular infection the safest solution and only sure way to remove it effectively is to reformat and reinstall the OS.
Why? The malware injects code in legitimate files similar to the Virut virus and in many cases the infected files (which could number in the thousands) cannot be disinfected properly by your anti-virus. When disinfection is attempted, the files often become corrupted and the system may become unstable or irreparable. The longer Ramnit.A remains on a computer, the more files it infects and corrupts so the degree of infection can vary.
Ramnit is commonly spread via a flash drive (usb, pen, thumb, jump) infection where it copies Worm:Win32/Ramnit.A with a random file name. The infection is often contracted by visiting remote, crack and keygen sites. These type of sites are infested with a smörgåsbord of malware and a major source of system infection.
In my opinion, Ramnit.A is not effectively disinfectable, so your best option is to perform a full reformat as there is no guarantee this infection can be completely removed. In most instances it may have caused so much damage to your system files that it cannot be completely cleaned or repaired. Further, your machine has likely been compromised by the backdoor Trojan and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume the computer is secure even if your anti-virus reports that the malware appears to have been removed.
Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:
When should I re-format? How should I reinstall?
Where to draw the line? When to recommend a format and reinstall?
i pulled that post from someone named elise on another forum, but as you can see its pretty severe - thats me done with this now…i just try to post as much as i can to spare others the pain of dealing with this crappy virus.
cheers and thanks
Bill
Thank you Safesurf. I followed your instruction on page 1 and it worked. Phew!
The virus ‘took out’ most of my programs and left me with the problem of clearing up the mess. I was unable to uninstall what was left through add/remove programs. With the help of some uninstall utilities (and a bit of careful deleting and re-naming) I was then able to re-install all my programs.
Thanks again.
following on from my previous post… is the general opinion that this virus is impossible to get rid of, except with a clean install of the OS? My laptop has been ok now for 7 days and I run scans everyday just in case.
Is this virus lurking somewhere ready to re-appear? Is there anything I can do to prove I am clean (or still infected)?
Thanks
Del
@ dingley_del,
You can run an Full MBAM and OTL log and attach them in your next post for review.
Please see this thread for instructions: Check the information on the first post of this thread under Virus/Worms for you to check your machine for malware: http://forum.avast.com/index.php?topic=53253.0.
Follow the directions of obtaining an MBAM log (make sure you update MBAM first) and the OTL logs. Post the MBAM log here (copy and paste) and the two (2) OTL log as an attachment (Additional Options > Attach > Browse (the logs will be on your desktop > Post). Should anything be lurking, I will contact our Certified Malware expert to clean your machine of this nasty.
Thanks SafeSurf
Here are the results of the MBAM log. I have also attached otl.txt and extras.txt files.
Malwarebytes’ Anti-Malware 1.46
www.malwarebytes.org
Database version: 4755
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
12/10/2010 21:39:38
mbam-log-2010-10-12 (21-39-38).txt
Scan type: Quick scan
Objects scanned: 138897
Time elapsed: 16 minute(s), 14 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Many thanks for all your help
Del
Hi Del,
Had you previously done an Avast Full or Boot-time scan and if so, do you have anything sitting in your Avast Virus Chest? If so, can you give me a screen shot or type exactly what is in the Chest? Thank you.
Although the MBAM scan was only a Quick scan instead of a Full scan, it is clean.
As for the OTL logs, I am going to refer you to Essexboy, our malware expert, for evaluation. He will contact you here in this thread, so keep an eye for his post and further instructions from him. He is on UK time zone. Please do not make any changes to your machine until you hear from him or you will need to repeat the steps you just did. In the meantime, I will continue to assist you then remain in the background. Thank you.
Hi SafeSurf
I have included my first MBAM log file with the detected malware. Subsequent scans have been clear. I have also managed to include a screen shot of my Avast Chest. The chest is full of similar items (as I set the chest size to 0 whilst I was under attack - as you suggested on page 1).
Once again, thanks for your help and time,
Del
The logs look clean - are you experiencing any problems or oddities at all ?
Hi essexboy
My laptop is running ok with no problems… mostly thanks to safeSurfs advice.
Thanks for taking a look at the logs.
Del
Kudos to the man ;D
lol i used malware bytes too it doesnt find it…bah i dont know, maybe you can clean it - do me a favour tho, navigate to C:programfiles\microsoft… if you have a file in the called desktoplayer.exe then you are still infected. for this virus a REINSTALL IS HIGHLY RECOMMENDED!!! your security has been compromised and ports in your computer have been opened so it needs done, take it or leave it but its the truth
Normal ports are open according to the scan and there is no sign of desktoplayer, I have found that some variants of this go quietly others hang on for grim death
Thanks for the info
I have had a look in c:\program files\microsoft and it is empty (even with ‘show hidden files’ enabled and ‘hide protected operating system files’ disabled).
another good sign?
Del
Yep ;D
I’m glad everything worked out for you. Thank you Essexboy for checking the OTL logs. 
Since there have been several software updates recently (and this is ongoing), I would recommend that you check out Secunia Software Inspector to make sure you have the latest software patches: http://secunia.com/vulnerability_scanning/personal/, as well as checking the Avast “General Topics” section of the forum for updates on software or security warnings. Secunia will give you the vendor’s direct download for a patch if one is needed. Remember to reboot after an uninstall and again after an install.
I’m not sure if you are using a system cleaner, but many of us use CCleaner - a freeware system optimization, privacy and cleaning tool. There is a Slim version available as well at http://www.piriform.com/ccleaner/builds - 4th option down. It removes unused files (cache, temporary Internet files, etc.) from your system, allowing Windows to run faster and freeing up valuable hard disk space. It also cleans traces of your online activities such as your Internet history. Additionally it contains a fully featured registry cleaner; I recommend making a backup prior to using the registry cleaner.
You can also keep your machine running smoothly with free Puran Defrag http://www.puransoftware.com/. It includes a boot-time defrag as well, and works with 64-bit; click on “More Info” to learn more about the product.
Most importantly, try to learn from your experience as to how you got infected. Use safe browsing practices, adjust your browsers for maximum protection, and layer your lines of security defense by using on-demand tools like MBAM (there are others as well) in addition to your regular AV and FW. XP Windows FW is not effective enough (only 1-way protection) and a third-party FW is strongly recommended for 2-way protection.
Let us know if you experience any additional problems. 