Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


SHeur3.AQRA + 668 infections

  • Please log in to reply
1 reply to this topic

#1 99macca


  • Members
  • 1 posts
  • Local time:06:17 PM

Posted 01 October 2010 - 08:46 AM

Ok well I was watching a film today on a website (streaming) and I got a pop up whether to accept "Pro.exe" I clicked no and though that was the last of it. Then I got a pop up from AVG saying I had 4 infections and that they'd been removed. So I scanned my computer with superantispyware and malwarebytes and nothing came up. Then I had another pop up with the same thing so I scanned with AVG and got a massive 668 infections that claim to of been removed. I know that this isn't the case because right now my computer is slow as hell. So I want to make sure that this little bugger is removed from my computer completely so can you help me please. Will be extremley appreciated. I also remember a Java sun pop up half way through the movie saying it was loading. If that helps.

Print screen of the results. I hope you can help me.
Posted Image

BC AdBot (Login to Remove)


#2 boopme


    To Insanity and Beyond

  • Global Moderator
  • 73,490 posts
  • Gender:Male
  • Location:NJ USA
  • Local time:07:17 PM

Posted 01 October 2010 - 11:48 AM

Hello and Ugggh!!
Trojan SHeur3.AQRA (AVG)
TR/Spy.Gen (Avira)
Win32.Rmnet (Dr.Web)
Trojan-Spy (Ikarus)
Mal/SillyFDC-A (Sophos)
W32.Ramnit!html (Symantec)

I'm afraid I have very bad news.

Your system is infected with a Win32/Ramnit.A!dll, a file infector with IRCBot functionality which infects .exe, .dll and .HTML files and opens a back door that compromises your computer.

Ramnit.A!dll is a component injected into the default web browser by Worm:Win32/Ramnit.A which is dropped by a Win32/Ramnit.A infected executable file. Ramnit.A also infects .exe, and .HTML/HTM files, downloads more malicious files to your system, and opens a back door that compromises your computer. The infected .HTML or .HTM files may be detected as Virus:VBS/Ramnit.A

In many cases the infected files cannot be disinfected properly by your anti-virus. When disinfection is attempted, the files become corrupted and the system may become irreparable. The longer Ramnit.A remains on a computer, the more files will become infected and corrupt so the degree of infection can vary.

Ramnit.A is commonly spread via a flash drive (usb, pen, thumb, jump) infection which is often contracted and spread by visiting remote, crack and keygen sites. These type of sites are infested with a smörgåsbord of malware and a major source of system infection.

In my opinion, Ramnit.A is not effectively disinfectable, so your best option is to perform a full reformat as there is no guarantee this infection can be completely removed. In most instances it may have caused so much damage to your system files that it cannot be completely cleaned or repaired. In many cases the infected files cannot be deleted and anti-malware scanners cannot disinfect them properly. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:

Whenever a system has been compromised by a backdoor payload, it is impossible to know if or how much the backdoor has been used to affect your system...There are only a few ways to return a compromised system to a confident security configuration. These include:
• Reimaging the system
• Restoring the entire system using a full system backup from before the backdoor infection
• Reformatting and reinstalling the system

Backdoors and What They Mean to You

This is what Jesper M. Johansson at Microsoft TechNet has to say: Help: I Got Hacked. Now What Do I Do?.

The only way to clean a compromised system is to flatten and rebuild. That’s right. If you have a system that has been completely compromised, the only thing you can do is to flatten the system (reformat the system disk) and rebuild it from scratch (reinstall Windows and your applications).

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users