Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

UNABLE TO DOWNLOAD UPDATES/RKILL/ANYTHING


  • Please log in to reply
5 replies to this topic

#1 QUOMAN000

QUOMAN000

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:24 PM

Posted 01 October 2010 - 10:33 AM

Hi everyone, I have a nasty virus on my computer and whatever I do I can't get rid of it as my security bar has disappeared and I cannot download anything from Micsrosoft updates/Rkill/or any other anti virus type of program. At the very top of my IE screen there is a blue bar with the Microsoft E in the left hand side. I have no access to any other buttons that used to be there. Neither can I open Internet Properties from anywhere, including control panel. I have done a Norton scan , but all it found were W32.Ramnit!html types, but it couldn't delete or quarantine them. I have run MBAM and Spybot, but they found nothing.

Is there an anti virus program I could use if I got a friend to download it onto a CD?

Any help would be appreciated, thank you. :thumbsup: :flowers:

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 60,071 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:24 AM

Posted 01 October 2010 - 11:25 AM

Hello and welcome. The reason for this and the touble in the other topics you have here is the Ramnit infection. I'm afraid I have very bad news.
You must wipe the drive and reinstall.

RAMNIT = VIRUT
Trojan SHeur3.AQRA (AVG)
TR/Spy.Gen (Avira)
Win32.Rmnet (Dr.Web)
Trojan-Spy (Ikarus)
Mal/SillyFDC-A (Sophos)
W32.Ramnit!html (Symantec)


Your system is infected with a Win32/Ramnit.A!dll, a file infector with IRCBot functionality which infects .exe, .dll and .HTML files and opens a back door that compromises your computer.

Ramnit.A!dll is a component injected into the default web browser by Worm:Win32/Ramnit.A which is dropped by a Win32/Ramnit.A infected executable file. Ramnit.A also infects .exe, and .HTML/HTM files, downloads more malicious files to your system, and opens a back door that compromises your computer. The infected .HTML or .HTM files may be detected as Virus:VBS/Ramnit.A

In many cases the infected files cannot be disinfected properly by your anti-virus. When disinfection is attempted, the files become corrupted and the system may become irreparable. The longer Ramnit.A remains on a computer, the more files will become infected and corrupt so the degree of infection can vary.

Ramnit.A is commonly spread via a flash drive (usb, pen, thumb, jump) infection which is often contracted and spread by visiting remote, crack and keygen sites. These type of sites are infested with a smörgåsbord of malware and a major source of system infection.

In my opinion, Ramnit.A is not effectively disinfectable, so your best option is to perform a full reformat as there is no guarantee this infection can be completely removed. In most instances it may have caused so much damage to your system files that it cannot be completely cleaned or repaired. In many cases the infected files cannot be deleted and anti-malware scanners cannot disinfect them properly. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:

Whenever a system has been compromised by a backdoor payload, it is impossible to know if or how much the backdoor has been used to affect your system...There are only a few ways to return a compromised system to a confident security configuration. These include:
• Reimaging the system
• Restoring the entire system using a full system backup from before the backdoor infection
• Reformatting and reinstalling the system

Backdoors and What They Mean to You

This is what Jesper M. Johansson at Microsoft TechNet has to say: Help: I Got Hacked. Now What Do I Do?.

The only way to clean a compromised system is to flatten and rebuild. That’s right. If you have a system that has been completely compromised, the only thing you can do is to flatten the system (reformat the system disk) and rebuild it from scratch (reinstall Windows and your applications).


How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security

#3 QUOMAN000

QUOMAN000
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:24 PM

Posted 05 October 2010 - 08:45 AM

Thanks - if this is the only way then I will have to do it. I have just bought a 1TB external hard drive - is it an easy procedure to transfer my files over and what do you recommend I transfer.

I have Itunes, other mp3 music, documents, email, banking etc so if this is transferrable onto the external disk then I will do it. Do you also have an "idiots guide" to help me in reformatting the disk??

Thanks very much for your help.

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 30,802 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:24 AM

Posted 05 October 2010 - 09:50 AM

Caution: If you are considering backing up data and reformatting, keep in mind, with file infectors, there is always a chance of backed up data reinfecting your system. If the data is that important to you, then you can try to salvage some of it but there is no guarantee so be forewarned that you may have to start over again afterwards if reinfected by attempting to recover your data. Only back up your important documents, personal data files, photos to a CD or DVD drive, not a flash drive or external hard drive as they may become compromised in the process. The safest practice is not to backup any executable files (*.exe), screensavers (*.scr), dynamic link library (*.dll), autorun (.ini) or script files (.php, .asp, and .html) files because they may be infected by malware. Avoid backing up compressed files (.zip, .cab, .rar) that have executables inside them as some types of malware can penetrate compressed files and infect the .exe files within them. Other types of malware may even disguise itself by hiding a file extension or adding to the existing extension as shown here so be sure you look closely at the full file name. If you cannot see the file extension, you may need to reconfigure Windows to show file name extensions. Then make sure you scan the backed up data with your anti-virus prior to to copying it back to your hard drive.

If your CD/DVD drive is unusable, another word of caution if you are considering backing up to an external usb hard drive as your only alternative. External drives are more susceptible to infection and can become compromised in the process of backing up data. I'm not saying you should not try using such devices but I want to make you aware of all your options and associated risks so you can make an informed decision if its worth that risk.Again, do not back up any files with the following file extensions: exe, .scr, .dll, .ini, .htm, .html, .php, .asp, .xml, .zip, .rar, .cab as they may be infected.

If you're not sure how to reformat or need help with reformatting, please review:These links include specific step-by-step instructions with screenshots:Vista users can refer to these instructions:Windows 7 users can refer to these instructions:Don't forget you will have to go to Microsoft Update and apply all Windows security patches after reformatting.

Note: If you're using an IBM, Sony, HP, Compaq, Toshiba, Gateway or Dell machine, you may not have an original XP CD Disk. By policy Microsoft no longer allows OEM manufactures to include the original Windows XP CD-ROM on computers sold with Windows preinstalled. Instead, most computers manufactured and sold by OEM vendors come with a vendor-specific Recovery Disk or Recovery Partition for performing a clean "factory restore" that will reformat your hard drive, remove all data and restore the computer to the state it was in when you first purchased it. Also be sure to read Technology Advisory Recovery Media. If the recovery partition has become infected, you will need to contact the manufacturer, explain what happened and ask them to send full recovery disks to use instead. If you lost or misplaced your recover disks, again you can contact and advise the manufacturer. In many cases they will send replacements as part of their support..


If you need additional assistance with reformatting or partitioning, you can start a new topic in the Operating Systems Subforums forum.
Microsoft MVP - Consumer Security 2007-2014 MVP.gif

Member of UNITE, Unified Network of Instructors and Trusted Eliminators

#5 QUOMAN000

QUOMAN000
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:24 PM

Posted 06 October 2010 - 09:30 AM

Would a combofix sort this out before I wipe the drive and reinstall??

It sounds complicated !!!!!! I have backed my files onto an external hard drive and am ready to go for it, so any last words that could help are much appreciated. THANKS

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 30,802 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:24 AM

Posted 06 October 2010 - 09:43 AM

Would a combofix sort this out before I wipe the drive and reinstall?

No. ComboFix is one of our best tools but it cannot perform miracles or repair file infectors.
Microsoft MVP - Consumer Security 2007-2014 MVP.gif

Member of UNITE, Unified Network of Instructors and Trusted Eliminators




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users