Hello and welcome.. Wish I had some thing good to say here. but the ZBOt ,backdoor trojan has allowed hackers to remotely control your computer, steal critical system information
and download and execute files
I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.
Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
The malware Trojan SHeur3.AQRA (AVG) is another name for a Ramnit or Virut infection.
RAMNIT = VIRUT
Trojan SHeur3.AQRA (AVG)
I'm afraid I have very bad news.
Your system is infected with a Win32/Ramnit.A!dll
, a file infector
functionality which infects .exe, .dll and .HTML files
and opens a back door
that compromises your computer
Ramnit.A!dll is a component injected into the default web browser by Worm:Win32/Ramnit.A
which is dropped by a Win32/Ramnit.A
infected executable file. Ramnit.A also infects .exe, and .HTML/HTM files
, downloads more malicious files to your system, and opens a back door
that compromises your computer
. The infected .HTML or .HTM files may be detected as Virus:VBS/Ramnit.A
In many cases the infected files cannot be disinfected
properly by your anti-virus. When disinfection is attempted, the files become corrupted and the system may become irreparable
. The longer Ramnit.A remains on a computer, the more files will become infected and corrupt so the degree of infection can vary. Ramnit.A is commonly spread
via a flash drive
(usb, pen, thumb, jump) infection
which is often contracted and spread by visiting remote
sites. These type of sites are infested with a smörgåsbord of malware
and a major source of system infection.
In my opinion, Ramnit.A is not effectively disinfectable
, so your best option is to perform a full reformat as there is no guarantee this infection can be completely removed
. In most instances it may have caused so much damage to your system files that it cannot be completely cleaned or repaired. In many cases the infected files cannot be deleted
and anti-malware scanners cannot disinfect them properly. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat
and reinstall the OS. Please read:
Backdoors and What They Mean to You
Whenever a system has been compromised by a backdoor payload, it is impossible to know if or how much the backdoor has been used to affect your system...There are only a few ways to return a compromised system to a confident security configuration. These include:
• Reimaging the system
• Restoring the entire system using a full system backup from before the backdoor infection
• Reformatting and reinstalling the system
This is what Jesper M. Johansson at Microsoft TechNet has to say: Help: I Got Hacked. Now What Do I Do?
The only way to clean a compromised system is to flatten and rebuild. That’s right. If you have a system that has been completely compromised, the only thing you can do is to flatten the system (reformat the system disk) and rebuild it from scratch (reinstall Windows and your applications).