"RAMNIT desktoplayer" Worm Removal Guide

08/02/2011 - 21:37 von Trimble Bracegirdle | Report spam

@@Will the experts here please comment on the approach given on this Web


I had this very badly back in late summer ...My main method was with DR WEB
CUREIT ( A Free download) told it to 'Cure' the ramnit infected files but I
left the HTML files it detected with 'Igor' alone.

Since then the system has seemed free until late Jan. (last week). when a
new one got in .. Slightly different from the 1st & spread very fast though
out my complex Win XP & Win Vista & Win 7(64bit) system.
Infection getting into any corner.
I stopped it (I hope) with repeated DR WEB.

"Win32/RAMNET" Symptoms:

A file called Desktoplayer.exe persistently re appears in C:/Program
Fake FireFox and/or iExplore Processes are shown in Task Manager .
These are much smaller 2Kb to 8 Kb than the real thing 80+Kb They will be
there whether a Browser is really running or not.
The processes are directly connected to a High, near constant,(very High)
level of Disc Activity . Stopping the fakes in TaskMan stops this Disc

Files with the names of actual files (always exe's ???) are created which
are copies of that Destoplayer.exe file which is 60,416 Bytes in size & has
the actual file name with an addition of 'Srv'
added into it.
Thus; Real "ProgName.exe" ...
fake 59Kb files in same Folder,
Etc ...etc...etc

Lesen sie die antworten

#1 VanguardLH
09/02/2011 - 02:15 | Warnen spam
Trimble Bracegirdle wrote:

<snip - same message MULTI-posted in alt.comp.anti-virus>

See the same but disconnected thread you MULTI-posted half an hour later
in the other single newsgroup.

Ähnliche fragen