win32ramnit g

[needassistance]

got a bad infection win32ramnit g.

do a scan with avast founds 600-1200 infections, moved them to chest then a few days they are back.

not sure what i should do because last time i moved them to chest it fucked up my java and took me ages to fix it. also i fucked up some important windows file because it keeps giving me the windowsfile protection message!! not sure what to do because i don't have my windows cds.

malwarebytes doesn't pick them up so i think im screwd

[needassistance]

need help please

[Ornette]

Another with same problem

This Win32:Hiloti-AX is a real nuisance

Not detected by Avast 5.1.889

You will find some IEXPLORE.EXE or FIREFOX.EXE processes running in your task manager. They are causing the problem. End them.

You have a trojan that is loading everytime you boot the computer and is spawning your default browser to infect your files.

Removing the trojan is one thing, cleaning the infected files it has created is another.

Have a look in this thread, another guy with same problem only yesterday:
http://forum.avast.com/index.php?topic=76551

[danny96]

Another with same problem

This Win32:Hiloti-AX is a real nuisance

Not detected by Avast 5.1.889

You will find some IEXPLORE.EXE or FIREFOX.EXE processes running in your task manager. They are causing the problem. End them.

You have a trojan that is loading everytime you boot the computer and is spawning your default browser to infect your files.

Removing the trojan is one thing, cleaning the infected files it has created is another.

Have a look in this thread, another guy with same problem only yesterday:
http://forum.avast.com/index.php?topic=76551

Please create a custom topic and do not post your problems in the topic of this guy...

[danny96]

got a bad infection win32ramnit g.

do a scan with avast founds 600-1200 infections, moved them to chest then a few days they are back.

not sure what i should do because last time i moved them to chest it fucked up my java and took me ages to fix it. also i fucked up some important windows file because it keeps giving me the windowsfile protection message!! not sure what to do because i don't have my windows cds.

malwarebytes doesn't pick them up so i think im screwd

As doktornotor said in another topic,
this infection is aggresive and you cannot get rid of It.
You will need to make a clean install of windows  

[needassistance]

thnx ornette but i dont have those apps running. i using google chrome and i have a lot of chrome.exe wwould u say they are also infected??

[Ornette]

Danny,

I am not posting my problem in another person's topic, for I have infact SOLVED my infection of Win32:Hiloti-AX [Trojan]. I am only trying to help others in dealing with this problem that few people seem to be aware of and took me two solid days to fix.


The root of the problem is a trojan that is loading either via

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon:
"C:\WINDOWS\system32\userinit.exe,C:\Program Files\<random key #1>\<random key #2>.exe"

or

C:\Documents and Settings\<user name>\Start Menu\<random key #2>.exe


It operates by spawning processes of your default browser. These are then infecting your files with VBS:ExeDropper-gen [Trj] or Win32:Ramnit-G.

Avast 5.1.889 and MalwareBytes Anti-Malware 1.50.1.1100 are not detecting this!!!

To resolve, you must first close all instances of your default browser - IEXPLORE.EXE, FIREFOX.EXE, google chrome? - before you can effectively deal with the file infections OR the trojan causing this itself.

[Ornette]

thnx ornette but i dont have those apps running. i using google chrome and i have a lot of chrome.exe wwould u say they are also infected??

Yes if you use Chrome then this would be your default browser process.

These would be the processes you need to kill!!!

[needassistance]

ok last thing do i delete those registry key and bedone with it or will there still be more filesinfected after ive deleted them?

[Left123]

600-1200 infections.I wouldn't clean the pc,you may also have system32 damaged files.Ranmit is a nasty virus,cocktail infection .I've seen articles about that virus,your pc may also be under  control of a hacker as they use it as a zombie for its backdoor network.Essexboy can only help here,killing processes won't help in any way,there is no root of infection,your files are infected and i am not talking about executables.

[Ornette]

Just to clarify, it is not Chrome (or Internet Explorer or Firefox) that is infected.

Rather, it is the trojan that launches them with injected code when you start your computer

Once you have closed down all your default browser processes, you are good to continue using Chrome (or Internet Explorer or Firefox)


At this stage, no more infections will happen. You now need to scan your computer for viruses.

In the other thread, it was suggested to use Dr Web Cure It

http://forum.avast.com/index.php?topic=76551.msg633762#msg633762

Download CureIt  

Code: [Select]

ftp://ftp.drweb.com/pub/drweb/cureit/launch.exereboot pc to safe mode
...

In my opinion, if this infection has been going for a few days and you have a lot of infected files, a better bet would be to install the latest version of Avast and use that to scan your computer. That way, you will be able to review the chest and see what files have been compromised.

The reason for this, is so you can ascertain what programs on your computer may need reinstalling for them to work again.

Avast 6.0.1 should also detect the presence of this Win32:Hiloti-AX trojan and remove it as well.

Do remember to end all processes of your Google Chrome browser each and every time you restart your computer!!!

[Left123]

Dr.web may help somehow but i repeat i wouldn't clean a computer with 1200 infected files.

[argus]

Ramnit

infected HTML files
a very serious infection
is combined with a rootkit and Trojan Downloader

CureIt scan a few hours and the result is uncertain. 1200 infected files hmmm 

[Omid Farhang]

In such kind of heavy infection every kind of scan inside windows is useless, you better format all partitions and reinstall windows (clean install).

If you are not going to reinstall windows and just want to repair it, try this: http://www.omidfarhang.com/computer/malware/removal

[Omid Farhang]

Hi,

This topic is about 2 years old and it's a better idea to open a new topic regarding your problem.

And now to answer your question, the answer is yes, if you are suspect there are malwares in your external hard disk, you have to scan and remove them with either avast or tools listed in my link, but you have to be careful, if there are malwares in your external hard disk, they may already have infected your laptop's Windows installation too, so you have to double check it too.