Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


infected with w32/pedalac.A

  • Please log in to reply
2 replies to this topic

#1 barba


  • Members
  • 2 posts
  • Local time:01:14 PM

Posted 21 September 2010 - 08:43 AM

hello guys,

since today im getting weird messages from avira. 30 infections perminute. html virus and w32/pedalac.A aredetected all the time. i don't know what to do now. please help me

BC AdBot (Login to Remove)


#2 barba

  • Topic Starter

  • Members
  • 2 posts
  • Local time:01:14 PM

Posted 22 September 2010 - 08:21 AM

I don't really know how to get this thing under control. i used avira to scan my system with a full system scan option. but it failed ending with en error message. i think the worm is influenting my anitvirus software. im trying to perform a malwarebytes scan in secure mode now

EDIT: when avira crashed nearly 2000 files were infected by the worm and some sort of html script virus.

hope you guys can help me saving my files or reparing them, because i really need all of the programs! hope i don't have to reinstall all of them. the worm infected .dll and .exe files.

Edited by barba, 22 September 2010 - 09:42 AM.

#3 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 51,754 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:14 AM

Posted 22 September 2010 - 12:00 PM

I'm afraid I have very bad news.

Pedalac.A is the name used by Avira for a variant of Win32/Ramnit.A, a file infector with IRCBot functionality which infects .exe, and .HTML/HTM files, and opens a back door that compromises your computer. The infected .HTML or .HTM files may be detected as Virus:VBS/Ramnit.A. Win32/Ramnit.A!dll is a related file infector with IRCBot functionality which infects .exe, .dll and .HTML/HTM files and also opens a back door that compromises your computer. This component is injected into the default web browser by Worm:Win32/Ramnit.A which is dropped by a Ramnit infected executable file.

-- Note: As with most malware infections, the threat name may be different depending on the anti-virus or anti-malware program which detected it. Each security vendor uses their own naming conventions to identify various types of malware.With this particular infection, which is similar to the Virut virus, the safest solution and only sure way to remove it effectively is to reformat and reinstall the OS.

In many cases the infected files cannot be disinfected properly by your anti-virus. When disinfection is attempted, the files become corrupted and the system may become irreparable. The longer Ramnit.A remains on a computer, the more files will become infected and corrupt so the degree of infection can vary.

Ramnit.A is commonly spread via a flash drive (usb, pen, thumb, jump) infection which is often contracted and spread by visiting remote, crack and keygen sites. These type of sites are infested with a smörgåsbord of malware and a major source of system infection.

In my opinion, Ramnit.A is not effectively disinfectable, so your best option is to perform a full reformat as there is no guarantee this infection can be completely removed. In most instances it may have caused so much damage to your system files that it cannot be completely cleaned or repaired. In many cases the infected files cannot be deleted and anti-malware scanners cannot disinfect them properly. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:

Whenever a system has been compromised by a backdoor payload, it is impossible to know if or how much the backdoor has been used to affect your system...There are only a few ways to return a compromised system to a confident security configuration. These include:
• Reimaging the system
• Restoring the entire system using a full system backup from before the backdoor infection
• Reformatting and reinstalling the system

Backdoors and What They Mean to You

This is what Jesper M. Johansson at Microsoft TechNet has to say: Help: I Got Hacked. Now What Do I Do?.

The only way to clean a compromised system is to flatten and rebuild. That’s right. If you have a system that has been completely compromised, the only thing you can do is to flatten the system (reformat the system disk) and rebuild it from scratch (reinstall Windows and your applications).

Edited by quietman7, 22 September 2010 - 12:02 PM.

Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users