Author Topic: Win32:Rameh HELP!  (Read 4997 times)

0 Members and 1 Guest are viewing this topic.

Zillien6345

  • Guest
Win32:Rameh HELP!
« on: January 08, 2006, 12:54:29 AM »
Hi everyone,

I hope someone can help. I am new to all this so please bear with me. I have just download Avast Home Edition 4.6 and have got all the updates. When it rebooted the 1st time and did the master scan it found 3 virus which was deleted. After updates and reboot again it has came with 2 more virus: Win32:Rameh.  Both Files end in .exe and one is in system32 and the other one is in system volume information. When it notified me the action recommended was to move to chest which I did. Now how do I clean these up and/or get rid of them? What kind of virus is this? It has been on my computer for 4 months that my old virus scan did not detect! Please help! Simple terms would be greatly appreciated.

Thanks....

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89426
  • No support PMs thanks
Re: Win32:Rameh HELP!
« Reply #1 on: January 08, 2006, 01:03:04 AM »
Disable system restore and reboot, that will remove anyinfected restore point/s in system volume information. Schedule a boot time-scan from within avast if that comes up clean, you can enable system restore.

Leave the file in the avast Chest, a protected area where it can do no harm. You should leave it there for a week or two to ensure no harmful effects of having moved it. If there are no harmful effects, then scan it again if that scan also confirms it as infected you can delete it from within the chest.

A google.com search for Win32:Rameh returns lots of hits and would indicate it to be trojan downloader.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.6.6121 (build 24.6.9241.848) UI 1.0.809/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33976
  • malware fighter
Re: Win32:Rameh HELP!
« Reply #2 on: January 08, 2006, 01:50:05 AM »
Hi Zillien6345

This trojan installs and executes a trojan downloader program.
It is written in Visual C++ and packed using UPX. When launched it creates and executes a file hrlypn35.dll in the Windows system directory. The program has no other malicious payload.
Trojan downloaders are used as malicious entry vectors. Rameh has various sub types, all are trojan downloaders.
A general description of what a trojan downloader is and does,
you can read from here: http://www.f-secure.com/v-descs/trojdown.shtml

polonus
« Last Edit: January 08, 2006, 02:08:07 AM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Zillien6345

  • Guest
Re: Win32:Rameh HELP!
« Reply #3 on: January 08, 2006, 08:28:42 AM »
Greetings,

Thank you very much! I did disable system restore and rebooted and then the boot time scan and it came back clean. I will wait a couple of weeks and rescan the "infected files". Thank you so much with helping solve this.

I read what a trojan is and still kinda confused about what information it sends....but hey I guess I am having one of those so called blonde moments LOL.

Zillien6345

Offline FreewheelinFrank

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 4872
  • I'm a GNU
    • Don't Surf in the Nude!
Re: Win32:Rameh HELP!
« Reply #4 on: January 08, 2006, 11:34:19 AM »
Hi Zillien6345,

Running these anti-Trojan/anti-spyware programs would be a good idea if you haven't got them already. They are all free.

Ewido http://www.ewido.net/en/ (Requires Win2000/XP)

a-Squared http://www.emsisoft.com/en/

Ad-Aware http://www.majorgeeks.com/download506.html

Spybot Search & Destroy http://www.safer-networking.org/
     Bambleweeny 57 sub-meson brain     Don't Surf in the Nude Blog

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89426
  • No support PMs thanks
Re: Win32:Rameh HELP!
« Reply #5 on: January 08, 2006, 02:54:53 PM »
Thank you very much!
Glad we could help, welcome to the forums Zillien6345.

As Frank mentions get these other programs, security in depth is best and the programs he suggests work well with avast with no conflicts. However, you do have to take care and not install two resident and active anti-virus programs as this often results in conflict.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.6.6121 (build 24.6.9241.848) UI 1.0.809/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Zillien6345

  • Guest
Re: Win32:Rameh HELP!
« Reply #6 on: January 08, 2006, 07:51:56 PM »
Okay one more quick question. I am going to download the recommended programs mentioned above. But I do have have microsoft anti - spyware and Online Armor program. Can you tell me if the 2 I have pretty much sucks or are they okay programs?

Zillien

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89426
  • No support PMs thanks
Re: Win32:Rameh HELP!
« Reply #7 on: January 08, 2006, 07:59:57 PM »
Personally with MS anti-spy being beta I won't be an unpaid beta guniea pig for MS, but some rate it. But that is anti-spyware and some of the ones recommendes/suggested are specialist trojan hunters (ewido and a-squared).

I haven't used on-line armor
Quote
Online Armor™ is a revolutionary product that protects your computer from Spyware, Trojan horses and other dangerous internet programs ...
However, based on the above, in this case it doesn't appear to have lived up to the expectation.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.6.6121 (build 24.6.9241.848) UI 1.0.809/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security