Win32/Ramnit.AF

View previous topic View next topic Go down

Win32/Ramnit.AF

Post by ImDaniel on Tue 06 Nov 2012, 2:57 am

Hello there. My laptop is infected with Win32/Ramnit.AF, it has Windows XP SP3. I think that I was infected with this via a USB of mine.

Here is the OTL log:

[You must be registered and logged in to see this link.]

Extras:

[You must be registered and logged in to see this link.]

AdwCleaner:

[You must be registered and logged in to see this link.]

Sorry for the links but I can't paste the contents of the files here, says the post is too long.

ImDaniel

Unborn
Unborn

Posts : 3
Joined : 2012-11-06
Operating System : Windows XP SP3

View user profile

Back to top Go down

Re: Win32/Ramnit.AF

Post by DragonMaster Jay on Tue 06 Nov 2012, 5:14 am

HI there!

Win32/Ramnit is an infection that is comprised of many different types of viruses and other malware, to damage your computer, and use it as a zombie for its backdoor network. In other words, your computer is under control of a hacker, and regaining control is now next to impossible.

The first component is a backdoor trojan, which is a type of trojan that communicates with a hacker: to transfer personal information about you, use your computer to help perform a denial-of-service attack, redirect your internet searches in order to make money off of your browsing habits, and can be a keylogger to steal personal identifiable information to help rob your identity.

The second component is a rootkit, which is a type of malware to take control over your computer at administrator access, having full permission to modify all of your device drivers, and allowing itself to hide all the malware on the system. In other words, it is a hackers way of taking control of your computer, and hiding in the dark at the same time. This is a prime initiative of hackers to help keep access to your computer, robbing all of your personal information, and using your computer to send spam across the internet.

The third component is a file infector, which is a type of virus to purposely damage as many files as possible, in order to keep control of your system, so you have as little access as possible.

Not only has your system been compromised severely, it is also highly damaged, and if you do not commit to my suggested removal method below, then your computer may not function anymore.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable. Do NOT change passwords or do any transactions while using the infected computer because the attacker may get the new passwords and transaction information. (If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before connecting again.) Banking and credit card institutions should be notified to apprise them of your situation (possible security breach). To protect your information that may have been compromised, I recommend reading these references:
  • How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
  • What Should I Do If I've Become A Victim Of Identity Theft?
  • Identity Theft Victims Guide - What to do


Removal method:

It is recommended to do a reformat and reinstall of your operating system. The experts in the Advanced Malware Analysts security community believe that once infected with such a piece of malware, the best course of action would be a reformat and clean reinstall of the OS. This is something I don't like to recommend normally, but in most cases it is the best solution for your safety.

I recommend the following articles to read:
  • When should I re-format? How should I reinstall?
  • Help: I Got Hacked. Now What Do I Do?
  • Help: I Got Hacked. Now What Do I Do? Part II
  • Where to draw the line? When to recommend a format and reinstall?
Guide for format and reinstall:

[You must be registered and logged in to see this link.]

However, if you do not have the resources to reinstall your computer's OS and would like me to attempt to clean it, I will be happy to do so. But please consider carefully before deciding against a reformat.
If you do make that decision, I will do my best to help you clean the computer of any infections, but you must understand that once a machine has been taken over by this type of malware, I cannot guarantee that it will be 100% secure even after disinfection or that the removal will be successful.

Please let me know what you have decided to do in your next post. Should you have any questions, please feel free to ask.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Win32/Ramnit.AF

Post by ImDaniel on Tue 06 Nov 2012, 6:58 am

Thanks for the reply.
But I have many files, how do I know if they're infected too? And I would need to backup right?

ImDaniel

Unborn
Unborn

Posts : 3
Joined : 2012-11-06
Operating System : Windows XP SP3

View user profile

Back to top Go down

Re: Win32/Ramnit.AF

Post by DragonMaster Jay on Tue 06 Nov 2012, 7:05 am

The way we've known it to be is that you shouldn't trust any files. Sorry for the bad news, however, I wouldn't recommend saving any of them, if possible.

Otherwise, the only other thing to do is to disinfect the system, and hope that the files you want to save will still be accessible.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Win32/Ramnit.AF

Post by ImDaniel on Tue 06 Nov 2012, 2:50 pm

Seems like I can't reinstall Windows.
I put on the DVD with Windows XP SP3 and I reboot my pc, but it doesn't recognizes it, it just boots normally again. I've already tried making the CD-ROM or whatever the first one in the boot order, and disabled the HDD, still, nothing.

ImDaniel

Unborn
Unborn

Posts : 3
Joined : 2012-11-06
Operating System : Windows XP SP3

View user profile

Back to top Go down

Re: Win32/Ramnit.AF

Post by Sponsored content Today at 7:40 pm


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum