Posted 21 May 2011 - 11:16 AM
You should definitely not run combofix unless it's under instruction from a trained user, as it is a powerful tool as you say. Ramnit is an injector worm, which basically means that it injects iself into files and multiplies. Html files seem to be particularly susceptible, but it also infects exec files. The bad news is that it's an extremely serious infection which can spread really quickly, and also creates a backdoor allowing remote access. It's very difficult to clean off and sadly I'm speaking from experience as we got it earlier this year. We managed to save our documentation but only with an IT friend of ours spending 4 days on it, backing up our data and then reinstalling windows. It spreads quite happily on usb stick to so be carefull about back ups.
Someone far more qualified than I will no doubt be along to give you proper advice but it's a serious infection (esp due to the remote access issue) so you'll definitely need specialist help to get it dealt with so you might want to consider posting in the 'malware removal logs' forum. If the guys on this forum can't help, they'll transfer you over there anyway, with guidance on what to do next
Please bear in mind I'm in the UK so our timezones may not always sync.
If I'm helping you and haven't replied within 24 hrs please send me a pm