Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Microsoft Safety scanner only partially removed Ramnit.B, what do I do now?

  • Please log in to reply
1 reply to this topic

#1 melnew


  • Members
  • 2 posts
  • Local time:07:35 PM

Posted 21 May 2011 - 06:54 AM

Im very inexperienced with malware/spyware etc. I've tried many programmes including malwarebytes, spybot, spyware doctor, microsoft safety scanner.
On spybots first ever scan it detected Interent security 2011 as malware but failed to delete it.
now microsoft safety scanner has detected ramnit.b and only partially removed it. My computer seems to be running better but im cautious that its still there. One common problem among many others is that my browser page jumps back to a previous page I was on 5 minutes ago (although not sure if this is caused by virus or not).
Combofix is my next option however there's several warnings that its extremely powerful, and shouldnt be done without assistance.
Any help at all with this problem would be hugely appreciated, its taken up a lot of my time.


BC AdBot (Login to Remove)


#2 ~Kal~


  • Members
  • 699 posts
  • Gender:Not Telling
  • Location:UK
  • Local time:08:35 PM

Posted 21 May 2011 - 11:16 AM

Hi there

You should definitely not run combofix unless it's under instruction from a trained user, as it is a powerful tool as you say. Ramnit is an injector worm, which basically means that it injects iself into files and multiplies. Html files seem to be particularly susceptible, but it also infects exec files. The bad news is that it's an extremely serious infection which can spread really quickly, and also creates a backdoor allowing remote access. It's very difficult to clean off and sadly I'm speaking from experience as we got it earlier this year. We managed to save our documentation but only with an IT friend of ours spending 4 days on it, backing up our data and then reinstalling windows. It spreads quite happily on usb stick to so be carefull about back ups.

Someone far more qualified than I will no doubt be along to give you proper advice but it's a serious infection (esp due to the remote access issue) so you'll definitely need specialist help to get it dealt with so you might want to consider posting in the 'malware removal logs' forum. If the guys on this forum can't help, they'll transfer you over there anyway, with guidance on what to do next
Please bear in mind I'm in the UK so our timezones may not always sync.
If I'm helping you and haven't replied within 24 hrs please send me a pm

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users