Win32 Ramnit gen!A infection

[Lowe]

Anyone got much experience with this one? MSE went nuts this morning saying my system was infected. It's running a scan now and the list of items infected is frankly quite concerning. Even worse it seems to have spread onto both my Win7 and WinXP partitions. Reading a few bits and pieces around the web it seems to suggest that the only course of action is a reinstall. Is this really the case?

If a reinstall is a must, how can I safely copy files for backup purposes? I've never had a serious infection before, god only knows how this got in.

[pollaxe]

IIRC that's an email-based one (it gets in via attachments, I think..)

I've no direct experience with it but I've dealt with a number of infections on other people's PCs and have found Malwarebytes AntiMalware one of the better ones to use.

Give that a try as a cleaner (the free version works fine). So far I've not had to blat any systems that have been infected with anything using that - fingers crossed for you.

Edit: This looks a nasty little beast. This may be of use too if you've not already seen/tried it (this is a Google find so as ever, treat with caution).

[Lowe]

IIRC that's an email-based one (it gets in via attachments, I think..)

I've no direct experience with it but I've dealt with a number of infections on other people's PCs and have found Malwarebytes AntiMalware one of the better ones to use.

Give that a try as a cleaner (the free version works fine). So far I've not had to blat any systems that have been infected with anything using that - fingers crossed for you.

D'oh, only the missus checks emails on the computer... Grr...

Will try that cleaner when I get home - ta!

[Behemoth]

Even if malware bytes does get the worst of it off I know from experience that you'll never be totally clear of it. The best thing to do is to backup any important data and re-install the lot. You don't know where else the virus will be hiding.

A friend of mine had it and he thought he'd gotten shot of it, only to find two weeks later it reared its ugly head again so he had no choice but to start from scratch and a reintall was needed.

[Lowe]

Well it looks like the system is shot. All kinds of programs beginning to simply fail, system is unstable and it's killed my system backups as well.

I'm desperately trying to save what I can to USB pen drives and my Mac laptop and I think I'm going to have to bite the bullet and reinstall. Gutted, absolutely gutted.

[SiM]

Sorry mate, but the evidence is clear. Your missus has been opening penis enlargement emails

But seriously, I hope you can recover all your important data. I would suggest loading the hard drive in a linux pc to copy everything over and prevent it spreading to other files on the PC and to other computers over the USB drives

[XA04]

Boot up in safe mode from now on. That way things should function better and you can backup that way too. If you run an online virus scan or use the above suggested tool in safe mode too it should help.

[Lowe]

It looks like the important stuff like documents and pictures will be OK, it's just a case of copying and reinstalling by the look of it. Everything else like programs can be downloaded and replaced.
But, it's clear that Microsoft Security Essentials simply isn't up to the job. It's currently saying that the system is 100% clear, which is odd given 5 minutes ago it was saying there was 225 infections...

[Behemoth]

Looks like I'll have to switch over to something else as I'm also running MSE.

[[GSV]Trig]

Do you have a spare machine you can stick the drive in to clean it?

[SiM]

it's clear that Microsoft Security Essentials simply isn't up to the job

Don't think that is fair to be honest. It could be the user's fault and you won't ever see a post saying "MSE saved my PC" because people just click quarantine/delete and then get on with their lives, but people who get hit complain.

I'm more than satisfied with MSE + general IT awareness until I see some hard evidence proving it is not effective.

[Splash]

But, it's clear that Microsoft Security Essentials simply isn't up to the job. It's currently saying that the system is 100% clear, which is odd given 5 minutes ago it was saying there was 225 infections...

Have you cleared out system restore and disconnected it from the network in case another machine is re-infecting it? Cleared temporary internet files and the like?

Possibly worth trying something like http://www.f-secure.com/en_EMEA/secu...ols/rescue-cd/ too

[Lowe]

Do you have a spare machine you can stick the drive in to clean it?

Nope - and I've gone for a 'copy whats important and format the PC' approach. I don't want any backdoors left open.

Don't think that is fair to be honest. It could be the user's fault and you won't ever see a post saying "MSE saved my PC" because people just click quarantine/delete and then get on with their lives, but people who get hit complain.

I'm more than satisfied with MSE + general IT awareness until I see some hard evidence proving it is not effective.

I see your point, and I was of the same opinion myself until I found myself in this situation. I don't consider myself someone who would find themselves at the mercy of a virus through lack of general IT awareness. It's possible the missus clicked on something but again pretty unlikely. I suppose it's even possible that my 3 year old clicked something without me knowing. But, even if you did open a dodgy attachment, surely an antivirus should step in and stop it from progressing? Perhaps I don't understand how antivirus systems work?

Have you cleared out system restore and disconnected it from the network in case another machine is re-infecting it? Cleared temporary internet files and the like?

Possibly worth trying something like http://www.f-secure.com/en_EMEA/secu...ols/rescue-cd/ too

Frankly it takes 3 hours to run a full system scan. I've bitten the bullet and formatted the sod.

[Behemoth]

Having had to do this to my own two systems just recently I know how gutting it is. I had a friend come over with his USB memory stick as there were some files on it he wanted me to burn to DVD for him as his PC isn't fast enough to make Movie DVD's.

Just think Athlon XP 1800 with 512 megs of ram and no DVD burner kinda slow.

He is very tight, he still uses dial up and thinks that broadband is a con, yet he pays BT for two sets of line rental. Personally I think thats a bigger con than paying one monthly amount for phone and broadband.

Anyway he doesn't run any Windows Update, it crashes his dial (no surprise there then) he does run a very out of date version of AVG (so he hasn't got anything) and without so much as asking me to scan the memory stick first, plugs it into my PC. His memory stick has an autorun virus and several other trojans on it from his old slow PC.

Not content with infecting my PC he does the same to my laptop. It took me 5 hours a piece to sort out and that was before I started on re-installing Windows.

Needless to say he won't be touching my kit again, ever !