win32ramnit g

got a bad infection win32ramnit g.

do a scan with avast founds 600-1200 infections, moved them to chest then a few days they are back.

not sure what i should do because last time i moved them to chest it fucked up my java and took me ages to fix it. also i fucked up some important windows file because it keeps giving me the windowsfile protection message!! not sure what to do because i don’t have my windows cds.

malwarebytes doesn’t pick them up so i think im screwd

need help please

Another with same problem

This Win32:Hiloti-AX is a real nuisance

Not detected by Avast 5.1.889

You will find some IEXPLORE.EXE or FIREFOX.EXE processes running in your task manager. They are causing the problem. End them.

You have a trojan that is loading everytime you boot the computer and is spawning your default browser to infect your files.

Removing the trojan is one thing, cleaning the infected files it has created is another.

Have a look in this thread, another guy with same problem only yesterday:
http://forum.avast.com/index.php?topic=76551

Please create a custom topic and do not post your problems in the topic of this guy…

As doktornotor said in another topic,
this infection is aggresive and you cannot get rid of It.
You will need to make a clean install of windows :frowning:

thnx ornette but i dont have those apps running. i using google chrome and i have a lot of chrome.exe wwould u say they are also infected???

Danny,

I am not posting my problem in another person’s topic, for I have infact SOLVED my infection of Win32:Hiloti-AX [Trojan]. I am only trying to help others in dealing with this problem that few people seem to be aware of and took me two solid days to fix.

The root of the problem is a trojan that is loading either via

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon:
C:\WINDOWS\system32\userinit.exe,C:\Program Files<random key #1><random key #2>.exe

or

C:\Documents and Settings<user name>\Start Menu<random key #2>.exe

It operates by spawning processes of your default browser. These are then infecting your files with VBS:ExeDropper-gen [Trj] or Win32:Ramnit-G.

Avast 5.1.889 and MalwareBytes Anti-Malware 1.50.1.1100 are not detecting this!!!

To resolve, you must first close all instances of your default browser - IEXPLORE.EXE, FIREFOX.EXE, google chrome? - before you can effectively deal with the file infections OR the trojan causing this itself.

Yes if you use Chrome then this would be your default browser process.

These would be the processes you need to kill!!!

ok last thing do i delete those registry key and bedone with it or will there still be more filesinfected after ive deleted them???

600-1200 infections.I wouldn’t clean the pc,you may also have system32 damaged files.Ranmit is a nasty virus,cocktail infection ;D.I’ve seen articles about that virus,your pc may also be under control of a hacker as they use it as a zombie for its backdoor network.Essexboy can only help here,killing processes won’t help in any way,there is no root of infection,your files are infected and i am not talking about executables.

Just to clarify, it is not Chrome (or Internet Explorer or Firefox) that is infected.

Rather, it is the trojan that launches them with injected code when you start your computer

Once you have closed down all your default browser processes, you are good to continue using Chrome (or Internet Explorer or Firefox)

At this stage, no more infections will happen. You now need to scan your computer for viruses.

In the other thread, it was suggested to use Dr Web Cure It

http://forum.avast.com/index.php?topic=76551.msg633762#msg633762

In my opinion, if this infection has been going for a few days and you have a lot of infected files, a better bet would be to install the latest version of Avast and use that to scan your computer. That way, you will be able to review the chest and see what files have been compromised.

The reason for this, is so you can ascertain what programs on your computer may need reinstalling for them to work again.

Avast 6.0.1 should also detect the presence of this Win32:Hiloti-AX trojan and remove it as well.

Do remember to end all processes of your Google Chrome browser each and every time you restart your computer!!!

Dr.web may help somehow but i repeat i wouldn’t clean a computer with 1200 infected files.

Ramnit

infected HTML files
a very serious infection
is combined with a rootkit and Trojan Downloader

CureIt scan a few hours and the result is uncertain. 1200 infected files hmmm ???

In such kind of heavy infection every kind of scan inside windows is useless, you better format all partitions and reinstall windows (clean install).

If you are not going to reinstall windows and just want to repair it, try this: http://www.omidfarhang.com/computer/malware/removal

Hi,

This topic is about 2 years old and it’s a better idea to open a new topic regarding your problem.

And now to answer your question, the answer is yes, if you are suspect there are malwares in your external hard disk, you have to scan and remove them with either avast or tools listed in my link, but you have to be careful, if there are malwares in your external hard disk, they may already have infected your laptop’s Windows installation too, so you have to double check it too.

Aside from the fact that the original post started two years ago, the safest way to clean your external hard drive is to boot into some sort of Linux system and run a virus scan using that operating system, not windows.

ramnit is a virulent file infector, hence Omid Farhang’s warning above especially applies.

I’d disconnect the windows drive and any other secondary drive (if you have one) first, and run the Linux program as a Live CD. Then and only then would I connect the sick external drive. Using Linux as a Live CD will allow you to run online scans of the external drive, as many as you wish, because Linux is not affected by the windows version of ramnit. Since it is being run as a Live CD, it is running only in system memory, and will vanish on system reboot. You will have to reconnect your system and secondary hard drives to get back into windows, tho.

No guarantees can ever be given when dealing with ramnit. Either way, you are going to lose a few/many files.

Same thing can be done to the windows system drive when you boot as a live CD if you need to check that.