Firstly I’d just like to apologise since I’ve searched this forum and seen solutions posted to fix this but I really need a step by step guide because nothing I’ve done has worked. I got this virus yesterday and I tried to fix it using avast but it didn’t seem to work so I decided to format my hard drive using f10 when the computer boots up. I formatted the hard drive and my computer seemed clean but within a few minutes of reinstalling Avast and Google Chrome It said I was coming under attack. I tried again to fix it using Avast and MBAM but MBAM froze about 12 minutes into the scan. By froze I mean the timer kept rolling but it the number of files check stayed the same and didn’t move. I again tried to format my computer but now when I use f10 from the boot menu it loads me to my format hard drive screen then the computer just restarts itself. Can anyone tell me where I should start when it comes to getting rid of this virus? Thanks.
Try disinfecting Ramnit with Dr. Web LiveCD.
Download and burn Dr. Web LiveCD to a blank CD from a non-infected computer using ISO Burner.
Follow these steps:
I don’t have any cds at the minute but would that definitely work? In the mean time I’ve been running various scans and I used ComboFix last night which seemed to slightly help. Microsoft Security Essentials had stopped working but after ComboFix it seemed to work again. I ran an antivirus scan today and it found 11 infected files but a full scan only took 15-20mins so I don’t know if it is working correctly. I just did an MBAM scan and it didn’t find anything?? Here is the log
Malwarebytes’ Anti-Malware 1.46
www.malwarebytes.org
Database version: 4967
Windows 5.1.2600 Service Pack 2 (Safe Mode)
Internet Explorer 6.0.2900.2180
28/10/2010 15:13:29
mbam-log-2010-10-28 (15-13-29).txt
Scan type: Full scan (C:|D:|)
Objects scanned: 204626
Time elapsed: 16 minute(s), 17 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
OBS: you did not update MBAM before you scanned, latest database is 4974 and you scanned with 4967
You can try Dr.Web Cureit, that is no cd. download and save to desktop and run
Dr.Web CureIt http://www.freedrweb.com/cureit/?lng=en
How Do I Use Dr.Web CureIt!? http://www.freedrweb.com/cureit/how_it_works/?lng=en
Thanks for the link I am downloading Dr.Web now. Just updated MBAM what should I run first, Dr.Web or the updated MBAM?
Try MBAM quick first …since it is quick ;D
If no success with the above…
Follow this guide from our expert malware remover Essexboy, and post the log`s here
http://forum.avast.com/index.php?topic=53253.0
To avoid using multiple posts with copy and paste you have to attach the logs
Lower left corner: Additional Options > Attach ( OTL.Txt and Extras.Txt.)
MBAM found nothing so is there any point in posting the log? I also did the Dr.Web Cure it scan which also found nothing. The virus(s) are there though so I don’t know what’s going on! ???
then follow the guide and post the OTL log`s so Essexboy can have a look. He enters the forum here in 2-3 hours
I have attached the MBAM Scan (Which came up clean again) the OTL and Extras.txt.
Google Chrome is working again which it wasn’t yesterday but last night I did the ComboFix thing and it seems to have helped. I still can’t format my hard drive from pressing f10 when the computer boots up though so I’m not sure what’s happening there.
Lets have a look at the MBR first - I see you have run combofix, could you attach the log please
Please download MBRCheck.exe to your desktop.
[]Be sure to disable your security programs
[]Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt)
[*]A window similar to this should open on your desktop:
http://i677.photobucket.com/albums/vv132/RPMcMurphy_album_photos/mbrcheck.png
[*]If you are prompted with options, enter N at the prompt and press [i]Enter[/i]
[*]Press [i]Enter[/i] again
[*]A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your deskop. Please post the contents of that file.
Here are the logs, thanks.
MBR is good, could you delete your current copy of combofix and download then run a fresh one, as there is a hidden file I will need to look at
Download ComboFix from one of these locations:
* IMPORTANT !!! Save ComboFix.exe to your Desktop
[*]Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
[*]Double click on ComboFix.exe & follow the prompts.
[*]As part of it’s process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it’s strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
[*]Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it’s malware removal procedures.
http://img.photobucket.com/albums/v706/ried7/RcAuto1.gif
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
http://img.photobucket.com/albums/v706/ried7/whatnext.png
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Here’s the ComboFix log.
Do you still have the F10 problem ? The logs look good now - what other problems are you experiencing ?
Yea the f10 at boot up still won’t let me format my computer. Also when I click on Windows Media Player it just says searching for file. The WMP icon has changed as well to a box with a blue header on it. I’m pretty sure the virus is gone since Avast isn’t going crazy like it was but I don’t think everything is fixed. I was also trying to uninstall Java update using Add/Remove programs which didn’t work.
Lets look at repairing any missing files
The easiest way would be to upgrade to Service Pack 3
Still not letting me reformat even after installing windows update.
OK I will check it out - what is your computer make and model ?
Thanks it is a
Compaq Presario SR1709UK
Evidently there are two ways to re-install the system if F10 does not work
- Click Start
- Click Shutdown
- The “Shut Down Windows” dialog box will be displayed
- Select “Shut Down” from the menu
- Start the system again.
- When the Red Compaq logo appears press F8 repeatedly until prompted with the “Windows Startup Menu”
- Select option 6 (Safemode Command Prompt) by pressing the down arrow key until Safe Mode Command Prompt is highlighted
- Press Enter
- At the C:\ prompt type D: and press Enter
10.At the D:\ prompt type CD CPQS and press Enter
11.At the D:\CPQS prompt type XQR press Enter
Method 2:
- Click Start
- Click Run
- In the “Open” box type C:\CPQS\QUICKSR\FRESTORE.EXE
Performing these steps should resolve this issue and restore the computer to factory settings.
Don’t forget to back up any data first as your drive will be wiped.