vbs:exedropper-gen[trj] and win32:ramnit-b

[SafeSurf]

@ Mura,

Your problems that you wrote in Post #68 are now gone?  Your machine is working normally now?  Have you done Avast scans and everything comes out clean?  Don't go anywhere until I find out from Essexboy if he needs to remove any of his tools that he put on your machine.

@ Essexboy,

Do you need to do any removal tools with Mura?  She was away for a little while.  See page 5 of this thread.  Thanks.

[essexboy]

@Mr.T it looks like the file infector is deeply entrenched - run an Avast boot scan twice, if the second one comes up clean you are OK.  If the second scan still finds infections you will need to reformat and re-install I am afraid

@ Mura

I will remove my tools now and give some recommendations, but I would like you to run for 24 hours or so and come back if you have any problems

 Now the best part of the day ----- Your log now appears clean  :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset  System Restore points:

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :Commands
  [resethosts]
  [purity]
  [emptytemp]
  [EMPTYFLASH]
  [CLEARALLRESTOREPOINTS]
  [Reboot]

• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done

Click Start > Run  and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

Run OTL and hit the cleanup button.  It will remove all the programmes we have used plus itself.  MBAM can be uninstalled via control panel add/remove along with ERUNT.  But they may be useful tools to keep

We will now confirm that your hidden files are set to that, as some of the tools I use will change that

• Click Start.
• Open My Computer.
• Select the Tools menu and click Folder Options.
• Select the View Tab.
• Under the Hidden files and folders heading select Do not show hidden files and folders.
  
• Click Yes to confirm.
• Click OK.

SPRING CLEAN
 
Download and run Puran Disc Defragmenter

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

• SpywareBlaster to help prevent spyware from installing in the first place.
  Malwarebytes.  Run weekly to keep your system clean
  

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

• Microsoft Windows Update
  

To learn more about how to protect yourself while on the internet read our little guide  How did I get infected in the first place ?
Keep safe  :wave:

[Mr.T]

I have completed 2 boot scans through Avast 5. First scan found and deleted all infected files. Second scan 0 infected files.

I can't thank you enough for all the support... Long live Essexboy (and the avast forum)! 

PS: Is there anything else you recommend me doing to further help protect my computer? I only have Avast 5 (free version) at the moment. Should I also follow your spring clean instructions as mentioned in you last post?

Thanks again

[essexboy]

Yep what is good for mura is good for you

[stebelskiy2709]

Hi, I have got a problem with rookit,  As I have read some posts of guys who had the same problems, I have checked my system whith Dr.WebCureit,Malwarebytes' Anti-Malware,SUPERAntiSpyware Free Edition: Only Dr Web helped to delete some of these files like just html, but system files are uncured although Drweb monitor have showed me .exe files cured when scanning process was running; I have started up with Dr.WebCureit and Avast again,but problem with infected files haven't gone, it shows me a lot .exe files infected by win32:ramnit-b. After all I've started up with ComboFix.exe and had report into ComboFix.txt, I did it second time but problem still have a place. I want to take a suggestion from your professional stuff, what I will to do? The next step to delete virus?Thanks a lot for your support. I wait impatiently for your report. I have attached my ComboFix.txt.

[DavidR]

It would probably be best to create your own new topic rather than add to an already long topic. Click on this link http://forum.avast.com/index.php?board=4.0 to take you to the Viruses and worms home page and click the New Topic button near the top of the page.

[stebelskiy2709]

Thanks a lot, I've made a new topic.

[DavidR]

You're welcome.

[ElDiabloo]

Hi!
Yesterday a friend of mine asked me to check her laptop for viruses. When i saw it  no virus protection at all and connected to internet.
So I downloaded Avast 5 free, updated and scheduled boottime scan. About 600 infections :'(
however vbs:exedropper-gen[trj] and win32:ramnit-b still popped out.
I read all this topic and did Avast full system scan and couple times MBAM full scan. Now finally no reports on viruses. However OS barely runs (slow like snail)
then I ran OTL (attaached OTL/Extras.txt)
Is there any ways to save this system? If it was my laptop, I'd do a clean install, but since it is not mine and owner asked not to do clean install (if possible), i am trying my best to repair it. It is OEM Polish Win XP. don't know where to get original install disk.

[essexboy]

win32:ramnit-b still popped out.

The only decent solution to this infection is a reformat as it will and has messed up so many system files

[SafeSurf]

@ ElDiabloo,

It would be best if you would start a New Topic of your own as this will just confuse the current thread and we will help you there since I believe your problem is different from the original OP. 

Go to this link, http://forum.avast.com/index.php, scroll down to the Virus and Worms forum and click it, click the New Topic button at the top of the list and post there.  Thank you.

In your post, you can just cut and paste what you posted here, attach your logs to the post as well.  Also mention if you have anything in the Avast Virus Chest and if MBAM put anything into quarantine...if so give screen shots or the exact name of the file and infection.

In addition please mention when your problems began and what your problems are ("slow as snail" on or off-line, etc.).

I recommend the following once you open up your new thread:

Once you post your new thread with logs, we will refer you to our Certified Malware expert, named Essexboy.  He will also review your logs and give you further instructions, however he comes on the forum late UK time.  He will respond to you in your new thread, so remember to check the thread daily. 

IMPORTANT: If you are on a home network, disconnect the affected machine from the network.  Do not share a USB/flash drive with this affected machine.  Do not use this machine unless absolutely necessary unless Essexboy instructs you do to malware removal instructions; use a different machine to check email, sync your phone, etc.

***Please do not make any further changes to your machine after you have provided the logs.***

Let me know if you have any questions.  Thank you.

[rik130]

Evening guys,

I could throttle my little 'un...     Recently found out he'd set up a Minecraft server on my Lenovo T500 and the open port has let in a ton of undesirables.  Thought I'd managed to sort it out and remove them all but, you've guessed it, they're all back again with a vengeance and I also have the win32/ramnit.gen!B virus along with a bunch of others (445 infected files).  Full list of viruses found :

VBS:ExeDropper-gen [Trj]
Win32:Malware-gen
Win32:Ramnit-G
Win32:Rootkit-gen [Rtk]
Win32:Spyware-gen [Spy]
Win32:Trojan-gen

I've moved the whole lot off to the chest.  Virus database and definitions were updated before the full scan and I also disconnected from the interweb whilst doing it.

Now running Malwarebytes (after downloading latest database and disconnecting that machine from the web again).  Will post results here when done. 

[rik130]

Well, AVAST completely ground to a halt from the non-stop "threat has been detected messages" coming in while Malwarebytes was running.  Completely froze up the machine and had to hard shut it down.  That's probably another 1000 infected files to add to the others.  Any ideas guys ?

[rik130]

Anyone alive here? 

[essexboy]

Yep, I am afraid you system will need a reformat and reinstall as too many files have been corrupted 


Have a look at this thread for a tutorial on hoow to reformat a computer and the things to save - but do not backup any files with exe, com, scr, zip

http://www.geekstogo.com/forum/topic/173729-reformat-and-install-of-windows/