Man this thing is persistent.
Everytime I log into windows my symantic auto protect results start going crazy with virus results (w32.ramnitb.inf continually comes up, even when i close the dialog box it continually happens, among others). I googled the name and came to the conclusion that it's the recycler virus, so I popped in my only usb stick that I have, and yes, it has a folder named RECYCLER, that no matter what I do will not stay deleted. So I'm guessing this is the root of the problem. I've also had to use proxy sites to get on to several websites while infected. This virus would not let me see bleeping computer.com, microsoft.com and several other sites that could help. I'm using hidemyass.com to be here now. edit: I forgot to mention that I also get other dialog boxes with errors such as "windows explorer has encountered an error" or something to that effect. In which if I click the OK button windows explorer completely freezes, forcing a power off restart. It also will not let me run certain programs, msn messenger specifically.
What I have done so far:
I followed another persons instructions on here quite loosely (this thread http://www.bleepingcomputer.com/forums/topic226173.html). So I've done the usual, updated and ran rkill, mbam, super antispyware. They all found and "killed" their results. This was all done in safe mode, however, when I log back into regular boot mode, the problem persists. So I've logged back into safemode to retrieve and post my logs. Here are my logs for mbam, super antispyware and rkill. please note I have done this same cycle several times, so weather the problem was worse to begin with and these have helped slightly I do not know. What I mean is, the first runs of mbam and SAS I think found more things, but these are the logs from running mbam, rkill and SAS today.
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Rkill was run on 18/04/2011 at 20:12:36.
Operating System: Microsoft Windows XP
Processes terminated by Rkill or while it was running:
Rkill completed on 18/04/2011 at 20:12:48.
SUPERAntiSpyware Scan Log
Generated 04/18/2011 at 06:59 PM
Application Version : 4.50.1002
Core Rules Database Version : 6337
Trace Rules Database Version: 4149
Scan type : Complete Scan
Total Scan Time : 03:33:12
Memory items scanned : 281
Memory threats detected : 0
Registry items scanned : 8869
Registry threats detected : 0
File items scanned : 115097
File threats detected : 10
ia.media-imdb.com [ C:\Documents and Settings\Ciaran\Application Data\Macromedia\Flash Player\#SharedObjects\7X8NZTQW ]
media.mtvnservices.com [ C:\Documents and Settings\Ciaran\Application Data\Macromedia\Flash Player\#SharedObjects\7X8NZTQW ]
secure-us.imrworldwide.com [ C:\Documents and Settings\Ciaran\Application Data\Macromedia\Flash Player\#SharedObjects\7X8NZTQW ]
C:\DOCUMENTS AND SETTINGS\CIARAN\DESKTOP\PSP STUFF\POPSTATION\DATA\POPSTATION.EXE
C:\DOCUMENTS AND SETTINGS\CIARAN\LOCAL SETTINGS\TEMP\RARSFX43\H\IEXPLORE.EXE
C:\DOCUMENTS AND SETTINGS\CIARAN\LOCAL SETTINGS\TEMP\RARSFX43\PROCS\IEXPLORE.EXE
C:\DOCUMENTS AND SETTINGS\CIARAN\LOCAL SETTINGS\TEMP\RARSFX44\H\IEXPLORE.EXE
C:\DOCUMENTS AND SETTINGS\CIARAN\LOCAL SETTINGS\TEMP\RARSFX44\PROCS\IEXPLORE.EXE
C:\DOCUMENTS AND SETTINGS\CIARAN\LOCAL SETTINGS\TEMP\RARSFX45\H\IEXPLORE.EXE
C:\DOCUMENTS AND SETTINGS\CIARAN\LOCAL SETTINGS\TEMP\RARSFX45\PROCS\IEXPLORE.EXE
Please help guys, I'm going insane!
EDIT: I forgot to ask this question aswell. Is there any way to clean my USB stick of this virus without running the risk of being infected again? I'd like to be able to use the stick again, but I tried everything including formatting it, and it would not get rid of the virus, I also don't think it would be worth putting it back into my pc to delete it if I ran the risk of having this virus infect me again. Any safe way of doing it, or should I just burn the thing? Cheers.
Edited by Mrconeman, 18 April 2011 - 05:59 PM.