Author Topic: vbs:exedropper-gen[trj] and win32:ramnit-b Rootkit (Read 5116 times)

stebelskiy2709 · « **on:** November 27, 2010, 11:49:19 PM »

Hi, I have got a problem with rookit, As I have read some posts of guys who had the same problems, I have checked my system whith Dr.WebCureit,Malwarebytes' Anti-Malware,SUPERAntiSpyware Free Edition: Only Dr Web helped to delete some of these files like just html, but system files are uncured although Drweb monitor have showed me .exe files are cured when scanning process was running; I have started up with Dr.WebCureit and Avast again,but problem with infected files haven't gone, it shows me a lot .exe files infected by win32:ramnit-b. After all I've started up with ComboFix.exe and had report into ComboFix.txt, I did it second time but problem still have a place. I want to take a suggestion from your professional stuff, what I will to do? The next step to delete virus?Thanks a lot for your support. I wait impatiently for your report. I have attached my ComboFix.txt.

DavidR · « **Reply #1 on:** November 28, 2010, 12:05:29 AM »

I have asked essexboy if he can take a look at this as it is going to take someone with the specialist knowledge and tools to deal with it as you can't simply remove those infected files explorer.exe and winlogon.exe or your system could be toast.

The infection has to be killed and these infected copies replaced with clean ones, if you simply try to replace them without dealing with the underlying infection the new files will be reinfected.

essexboy · « **Reply #2 on:** November 28, 2010, 12:10:56 AM »

Unfortunately with the lates variant - which you have the only realistic option is to reformat. Combofix reported at least 10 system files corrupted and there is most probably a lot more

Sorry not to be able to give you better news

DavidR · « **Reply #3 on:** November 28, 2010, 12:40:52 AM »

Yes, even though I'm not familiar with combofix, it looked bad. Unfortunately it looks like we are going to see a rash of these until everyone catches up.

Any ideas on the route of entry, etc.

stebelskiy2709 · « **Reply #4 on:** November 28, 2010, 01:13:13 AM »

Thanks for your trouble..

The only one way to reformat disk C and reinstall windows, so sad and my soft in Disk D is infected too

, It is just a way to hang yourself ...
I dont suppose where I have caught these viruses.. But my drive pack which I've downloaded from official Asus support are infected too, maybe this is the reason???

essexboy · « **Reply #5 on:** November 28, 2010, 01:37:15 PM »

This is generally gained from a drive by download in a social networking site i.e. Facebook etc.. As people tend to click on all and sundry there

DavidR · « **Reply #6 on:** November 28, 2010, 03:30:56 PM »

Thanks for the feed back, if only we could get samples of what comes down the pipe to create the mayhem, so it could either be blocked or detected.

essexboy · « **Reply #7 on:** November 28, 2010, 03:55:27 PM »

The only problem is - that the activator self deletes as soon as it infects the first file

Author Topic: vbs:exedropper-gen[trj] and win32:ramnit-b Rootkit (Read 5116 times)

stebelskiy2709

vbs:exedropper-gen[trj] and win32:ramnit-b Rootkit

DavidR

Re: vbs:exedropper-gen[trj] and win32:ramnit-b Rootkit

essexboy

Re: vbs:exedropper-gen[trj] and win32:ramnit-b Rootkit

DavidR

Re: vbs:exedropper-gen[trj] and win32:ramnit-b Rootkit

stebelskiy2709

Re: vbs:exedropper-gen[trj] and win32:ramnit-b Rootkit

essexboy

Re: vbs:exedropper-gen[trj] and win32:ramnit-b Rootkit

DavidR

Re: vbs:exedropper-gen[trj] and win32:ramnit-b Rootkit

essexboy

Re: vbs:exedropper-gen[trj] and win32:ramnit-b Rootkit