Win32:Rameh HELP!

Hi everyone,

I hope someone can help. I am new to all this so please bear with me. I have just download Avast Home Edition 4.6 and have got all the updates. When it rebooted the 1st time and did the master scan it found 3 virus which was deleted. After updates and reboot again it has came with 2 more virus: Win32:Rameh. Both Files end in .exe and one is in system32 and the other one is in system volume information. When it notified me the action recommended was to move to chest which I did. Now how do I clean these up and/or get rid of them? What kind of virus is this? It has been on my computer for 4 months that my old virus scan did not detect! Please help! Simple terms would be greatly appreciated.

Thanks…

Disable system restore and reboot, that will remove anyinfected restore point/s in system volume information. Schedule a boot time-scan from within avast if that comes up clean, you can enable system restore.

Leave the file in the avast Chest, a protected area where it can do no harm. You should leave it there for a week or two to ensure no harmful effects of having moved it. If there are no harmful effects, then scan it again if that scan also confirms it as infected you can delete it from within the chest.

A google.com search for Win32:Rameh returns lots of hits and would indicate it to be trojan downloader.

Hi Zillien6345

This trojan installs and executes a trojan downloader program.
It is written in Visual C++ and packed using UPX. When launched it creates and executes a file hrlypn35.dll in the Windows system directory. The program has no other malicious payload.
Trojan downloaders are used as malicious entry vectors. Rameh has various sub types, all are trojan downloaders.
A general description of what a trojan downloader is and does,
you can read from here: http://www.f-secure.com/v-descs/trojdown.shtml

polonus

Greetings,

Thank you very much! I did disable system restore and rebooted and then the boot time scan and it came back clean. I will wait a couple of weeks and rescan the “infected files”. Thank you so much with helping solve this.

I read what a trojan is and still kinda confused about what information it sends…but hey I guess I am having one of those so called blonde moments LOL.

Zillien6345

Hi Zillien6345,

Running these anti-Trojan/anti-spyware programs would be a good idea if you haven’t got them already. They are all free.

Ewido http://www.ewido.net/en/ (Requires Win2000/XP)

a-Squared http://www.emsisoft.com/en/

Ad-Aware http://www.majorgeeks.com/download506.html

Spybot Search & Destroy http://www.safer-networking.org/

Glad we could help, welcome to the forums Zillien6345.

As Frank mentions get these other programs, security in depth is best and the programs he suggests work well with avast with no conflicts. However, you do have to take care and not install two resident and active anti-virus programs as this often results in conflict.

Okay one more quick question. I am going to download the recommended programs mentioned above. But I do have have microsoft anti - spyware and Online Armor program. Can you tell me if the 2 I have pretty much sucks or are they okay programs?

Zillien

Personally with MS anti-spy being beta I won’t be an unpaid beta guniea pig for MS, but some rate it. But that is anti-spyware and some of the ones recommendes/suggested are specialist trojan hunters (ewido and a-squared).

I haven’t used on-line armor

Online Armor™ is a revolutionary product that protects your computer from Spyware, Trojan horses and other dangerous internet programs ...
However, based on the above, in this case it doesn't appear to have lived up to the expectation.