Problem Anyone heard of Ramnit virus?

Discussion in 'Computer Security' started by michael78, Feb 16, 2011.

  1. michael78

    michael78 Terabyte Poster

    2,085
    29
    141
    Feb 16, 2011 #1
    Remove Advertisement - Premium Membership
    and more to the point anyone been able to remove the thing?
     
    Certifications: A+ | Network+ | Security+ | MCP | MCDST | MCTS: Hyper-V | MCTS: AD | MCTS: Exchange 2007 | MCTS: Windows 7 | MCSA: 2003 | ITIL Foundation v3 | CCA: Xenapp 5.0 | MCITP: Enterprise Desktop Administrator on Windows 7 | MCITP: Enterprise Desktop Support Technician on Windows 7
    WIP: Online SAN Overview, VCP in December 2011
  2. BosonMichael
    Honorary Member Highly Decorated Member Award 500 Likes Award

    BosonMichael Yottabyte Poster

    19,183
    500
    414
    Feb 16, 2011 #2
    Remove Advertisement - Premium Membership
    I've never had to deal with that one... it looks pretty ugly. Microsoft's site says that Security Essentials can remove it, but from the reports I'm seeing online, I hesitate to believe their claim.

    Which variant do you have? Or do you know?

    EDIT: Symantec says that they can remove it too... but if they can, why are so many people having trouble with removing it? Click that "having trouble" link... there's a guy on there who says he's consistently able to remove it.
     
    Last edited: Feb 16, 2011
    Certifications: CISSP, MCSE+I, MCSE: Security, MCSE: Messaging, MCDST, MCDBA, MCTS, OCP, CCNP, CCDP, CCNA Security, CCNA Voice, CNE, SCSA, Security+, Linux+, Server+, Network+, A+
    WIP: Just about everything!
  3. AJ

    AJ 01000001 01100100 01101101 01101001 01101110 Administrator

    6,897
    182
    221
    Feb 16, 2011 #3
    Here you go straight from the, of all places, the Microsoft Site

    Edit: Boohoo BM beat me too it
     
    Certifications: MCSE, MCSA (messaging), ITIL Foundation v3
    WIP: Breathing in and out, but not out and in, that's just wrong
  4. michael78

    michael78 Terabyte Poster

    2,085
    29
    141
    Feb 16, 2011 #4
    Think it's Ramnit.A inf. It's the worst virus I've come across as it seems to jump from dll to dll and exe's as well. One PC had 1800 instances of it. Just our luck that another 3-5 PC's are infected. Nothing seems to get rid of the virus and what makes me laugh is that it's deemed a low risk. Cheers for the links guys will check them out.
     
    Last edited: Feb 16, 2011
    Certifications: A+ | Network+ | Security+ | MCP | MCDST | MCTS: Hyper-V | MCTS: AD | MCTS: Exchange 2007 | MCTS: Windows 7 | MCSA: 2003 | ITIL Foundation v3 | CCA: Xenapp 5.0 | MCITP: Enterprise Desktop Administrator on Windows 7 | MCITP: Enterprise Desktop Support Technician on Windows 7
    WIP: Online SAN Overview, VCP in December 2011
  5. ThomasMc

    ThomasMc Gigabyte Poster

    1,507
    49
    111
    Feb 16, 2011 #5
    format c: lol
     
    Certifications: MCDST|FtOCC
    WIP: MCSA(70-270|70-290|70-291)
  6. michael78

    michael78 Terabyte Poster

    2,085
    29
    141
    Feb 16, 2011 #6
    Yep looks that way :(
     
    Certifications: A+ | Network+ | Security+ | MCP | MCDST | MCTS: Hyper-V | MCTS: AD | MCTS: Exchange 2007 | MCTS: Windows 7 | MCSA: 2003 | ITIL Foundation v3 | CCA: Xenapp 5.0 | MCITP: Enterprise Desktop Administrator on Windows 7 | MCITP: Enterprise Desktop Support Technician on Windows 7
    WIP: Online SAN Overview, VCP in December 2011
  7. ThomasMc

    ThomasMc Gigabyte Poster

    1,507
    49
    111
    Feb 16, 2011 #7
    I find you end up pissing about more trying to remove it than it takes to reinstall, miss one bit and your work just got wasted
     
    Certifications: MCDST|FtOCC
    WIP: MCSA(70-270|70-290|70-291)
  8. michael78

    michael78 Terabyte Poster

    2,085
    29
    141
    Mar 11, 2011 #8
    Forgot to say I ended up formatting the PC and then we found 3 more so wiped them as well.
     
    Certifications: A+ | Network+ | Security+ | MCP | MCDST | MCTS: Hyper-V | MCTS: AD | MCTS: Exchange 2007 | MCTS: Windows 7 | MCSA: 2003 | ITIL Foundation v3 | CCA: Xenapp 5.0 | MCITP: Enterprise Desktop Administrator on Windows 7 | MCITP: Enterprise Desktop Support Technician on Windows 7
    WIP: Online SAN Overview, VCP in December 2011
  9. JK2447
    Highly Decorated Member Award 500 Likes Award

    JK2447 Petabyte Poster Administrator Premium Member

    7,203
    951
    318
    Mar 12, 2011 #9
    Full rebuild if ever in doubt can often save you a lot more headaches further down the line. Perhaps you can write a process or procedure for virus outbreaks at your place of work if one doesn't exist already. Tis a good way to get brownie points 8)
     
    Certifications: VCP4, 5, 6, 6.5, 6.7, 7, 8, VCAP DCV Design, VMConAWS Skill, Google Cloud Digital Leader, BSc (Hons), HND IT, HND Computing, ITIL-F, MBCS CITP, MCP (270,290,291,293,294,298,299,410,411,412) MCTS (401,620,624,652) MCSA:Security, MCSE: Security, Security+, CPTS, CCA (XenApp6.5), MCSA 2012, VSP, VTSP
    WIP: Google Cloud Certs
  10. michael78

    michael78 Terabyte Poster

    2,085
    29
    141
    Mar 12, 2011 #10
    lol where I'm contracting now I have seen more viruses than probably the rest of my contracts put together. It's in a little bit of a mess.
     
    Certifications: A+ | Network+ | Security+ | MCP | MCDST | MCTS: Hyper-V | MCTS: AD | MCTS: Exchange 2007 | MCTS: Windows 7 | MCSA: 2003 | ITIL Foundation v3 | CCA: Xenapp 5.0 | MCITP: Enterprise Desktop Administrator on Windows 7 | MCITP: Enterprise Desktop Support Technician on Windows 7
    WIP: Online SAN Overview, VCP in December 2011
  11. JK2447
    Highly Decorated Member Award 500 Likes Award

    JK2447 Petabyte Poster Administrator Premium Member

    7,203
    951
    318
    Mar 13, 2011 #11
    Good job you're on the ball mate 8)
     
    Certifications: VCP4, 5, 6, 6.5, 6.7, 7, 8, VCAP DCV Design, VMConAWS Skill, Google Cloud Digital Leader, BSc (Hons), HND IT, HND Computing, ITIL-F, MBCS CITP, MCP (270,290,291,293,294,298,299,410,411,412) MCTS (401,620,624,652) MCSA:Security, MCSE: Security, Security+, CPTS, CCA (XenApp6.5), MCSA 2012, VSP, VTSP
    WIP: Google Cloud Certs
  12. UKDarkstar
    Honorary Member

    UKDarkstar Terabyte Poster

    3,477
    121
    184
    Mar 13, 2011 #12
    Some help/info on it over at SOPHOS
     
    Certifications: BA (Hons), MBCS, CITP, MInstLM, ITIL v3 Fdn, PTLLS, CELTA
    WIP: CMALT (about to submit), DTLLS (on hold until 2012)
  13. michael78

    michael78 Terabyte Poster

    2,085
    29
    141
    Mar 14, 2011 #13
    Cheers for the link mate. It's a bit of a strange virus as some places rate it as low and others very high. Looked at the link at Sophos and the files don't match up from what I remember. Think the issue is that there are a few varieties of this virus. It's defo the worst I've come across.
     
    Certifications: A+ | Network+ | Security+ | MCP | MCDST | MCTS: Hyper-V | MCTS: AD | MCTS: Exchange 2007 | MCTS: Windows 7 | MCSA: 2003 | ITIL Foundation v3 | CCA: Xenapp 5.0 | MCITP: Enterprise Desktop Administrator on Windows 7 | MCITP: Enterprise Desktop Support Technician on Windows 7
    WIP: Online SAN Overview, VCP in December 2011

Share This Page

Loading...
Remove Advertisement - Premium Membership
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...