Win32:Rameh [Trj]

Viruses and worms
1

Hi,

I have been a very happy user of Avast and recomended it to a friend instead of Norton.

We ran a full scan and it found Win32:Rameh [Trj] in windows/iNetPal and in this folder was an exe file with the extension of m3tsp8.

He is running XP with service pack 2. I also run XP and avast and checked my Windows files and there is no iNetPal folder.

Could anyone tell me what is usally stored in iNetPal folder and is it safe to delete the file inside.

I have copied and pasted Jotti’s scan result of the file so don’t think its a false alarm.

AntiVir TR/Dldr.Keenval.B.1 (0.48 seconds taken)
Avast Win32:Trojan-gen. (1.73 seconds taken)
BitDefender Trojan.Dropper.Small.JH (0.90 seconds taken)
ClamAV Trojan.Downloader.Rameh-1 (1.21 seconds taken)
Dr.Web Trojan.MulDrop.996 (1.33 seconds taken)
F-Prot Antivirus W32/Mudrop.E@dr (0.15 seconds taken)
Kaspersky Anti-Virus TrojanDropper.Win32.Small.jh (1.67 seconds taken)
mks_vir Trojan.Dropper.Small.Jh (0.66 seconds taken)
NOD32 No viruses found (1.96 seconds taken)
Norman Virus Control W32/GenericDrp (0.31 seconds taken)

Cheers

Jlo

2

Hi,

Checked the file via Web iminue Mcaffee and it looks like its adware.

adware-netpals.dr is what they detect it as.

Still wondering if its safe to delete from the current location.

Cheers

James

3

Hi Jlo,

  • if tons of scanners tell you it’s malware, you can at least move it to chest
  • you can also try and see if Ad-Aware and/or Spybot remove it automatically
  • or google for the folder or filename and look up manual removal instructions
  • maybe you’ll have to deactivate System RESTORE first before cleaning (
  • after Cleaning, post a hijackthis-Log here to check if you’re all clean, or follow the advice on Eddy’s page
    → for more details: see link “VirusRemoval” below in my sig

:wink:

4

Thanks WhoCares,

Goolge brings up quite a few people who have had the same problem.

It is spyware and the file is not a system file so will delete manualy and see if it comes back. I sent the file to spybot to see what they make of it as well.

It is already detected by avast but I am nervous just deleting files in Windows file!!! I guess it would be ok if I back up the file or delete in to recycle bin, then restart just to make sure there are no probs and everything still works? then delete the file.

Thanks

Jlo

5

that’s the boy… :slight_smile:

And oh wonder: this is said also in “VirusREmoval”-instructions below