Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ramnit prevention after formatting drive?


  • Please log in to reply
2 replies to this topic

#1 Forau

Forau

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:37 PM

Posted 28 January 2012 - 06:26 AM

Yesterday i decided to install Windows 7 as for a while ive had performance issues and i was having some issues such as missing lnk's and your standard ramnit symptoms.

I have 2x drives in my pc, a 1tb drive containing windows xp sp2, and a 500gb which i installed windows 7 onto.


After installing windows 7 i went ahead and dragged across all my documents from my other drive, all my music etc, being extremely careful not to pull anything dodgy across (the only exe's i pulled across were install files, which im guessing is how i reinfected myself). I had been using the pc absolutely fine for about 5-7 hours (typically by this point i had set everything up perfectly, all files organised etc) I then started getting Security Essentials messages saying i was infected with Ramnit, researched it, (this is when i realised this was the problem i was having in XP), so went ahead to try and disinfect, i did your usual healthcheck procedure, ran mbam in safe mode, checked msconfig for startup items, etc.

It got to about 1am this morning and i thought screw it, i'll deal with it tommorow.

I decided to format, i decided its not worth trying to disinfect as traces will remain etc, and thats not what i went right at the beginning of a new build.

Now im sitting here on a freshly built machine, first thing i did was install mbam and avg, now im just browsing through my other hard drive (XP C: drive) for files i need to get across, but im a bit hesitant to.
How can i ensure ramnit doesnt reinfect? If i get the mbam trial where it actively protects your system and have avg running whilst i do it, im assuming this will help me corner the originally infected file, and stop it before it infects?



the TL;DR version:

How can i stop ramnit from reinfecting when i copy all my files across?



Cheers!



EDIT: just ran AVG on my D drive (old xp installation) and it found over 4000 infected files. Had a look through and majority are dll's, couple of .exe's and a tonne of html files (help files etc). Ive deleted all of them. Going to reboot into safe mode and run mbam and avg on both drives and see if anything comes up.

Advice would still be greatly appreciated. I have a lot fo files i want to copy across onto my W7 installation, but really dont want to risk reinfecting.

FURTHER EDIT: Everything found has been in appdata or program files. I didnt copy ANYTHING from these directories over to my windows 7 installation. Which makes me think ramnit isnt being picked up by my anti-malware :/

Edited by Forau, 28 January 2012 - 07:35 AM.


BC AdBot (Login to Remove)

 


#2 Forau

Forau
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:37 PM

Posted 28 January 2012 - 11:34 AM

Seeing as i got a distinct lack of help.

This is how i resolved it.



-After installing windows 7 i:

-installed avg free and the malwarebytes full product trial so i could have real time protection.

-ran a scan with both on both hard drives in safe mode

-deleted everything it found (infections were to html, dll's and .exe's mainly,)

-Booted windows 7 and took ownership over the folders inside the xp drive and proceeded to carefully transfer files by navigating through the directories and working backwards. So i didnt copy Documents, i copied everything manually out of it, avoiding all files with html, dll or exe extensions.

-I also made sure i only copied files which i absolutely 100% needed. So photo's, music, couple of word doc's etc

-Installed my software and set all my settings etc how i wanted them, leaving out any possibly dangerous applications such as cracked programs or keygens etc

-Took an acronis image of the drive

-Amalgamated all the software that is on the darker side of legit... Put them in one folder, and deep scanned this folder in safe mode with as many anti-malware progs i could get my hands on. Nothing found.

-Began to reinstall this software.


All seems fine. No errors, no missing shortcuts, no security essentials going crazy etc.

Seems to be fine.
Going to give the D drive a once over to make sure i havent missed anything i want to keep, then format the drive, take another acronis image of the 500gb windows 7 drive and stick it on the old xp 1tb drive.


Cheers to anyone who bothered to look at my post.

#3 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:37 AM

Posted 28 January 2012 - 11:39 AM

So i didnt copy Documents, i copied everything manually out of it, avoiding all files with html, dll or exe extensions.
//

:thumbup2:

Just to make sure that you didnot back up any infected files

Download dr web cureit(i prefer this when it comes to raminit)

http://www.softpedia.com/get/Antivirus/Dr-WEB-CureIt.shtml

Install it and scan the backed up files.

Good luck

Edited by narenxp, 28 January 2012 - 11:40 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users