1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

A/V Virus attack

Discussion in 'Tech Support' started by Arboreal, 11 Jun 2012.

  1. Arboreal

    Arboreal Keeper of the Electric Currants

    Joined:
    21 Jan 2011
    Posts:
    4,891
    Likes Received:
    1,239
    Hi, I'm in the Doghouse today:

    In an effort to speed up his PC I substituted Dad's Norton with MsSE and Malwarebytes and within 10 days he's got Win32Ramnit!A and Ramnit D.

    I've run both in safe mode and restarted lots but can't shift the b***er, don't really want to do a full reinstall if I don't have to BUT a lot of advice is wipe & reinstall.

    Can I safely save his over 18k photos???

    Thanks for any help as I'm in it up to my neck!
     
    Last edited: 11 Jun 2012
  2. lp rob1

    lp rob1 Modder

    Joined:
    14 Jun 2010
    Posts:
    1,530
    Likes Received:
    140
    Burn a Linux distro (Ubuntu will do) to a disk, then live boot that. Copy all the pictures and any other data to a USB stick or external HDD, then rest assured that the data is safe. Wipe, reinstall, copy everything back (this can be done in the new Windows), ???, then PROFIT.
     
  3. Arboreal

    Arboreal Keeper of the Electric Currants

    Joined:
    21 Jan 2011
    Posts:
    4,891
    Likes Received:
    1,239
    lp rob1,
    Thanks for that advice, I have a Mint 7 Live CD in the drawer, so could do all that tomorrow.

    Much appreciated - one aspect solved.

    Then it's "take off and nuke the entire site from orbit" :D
     
  4. RichCreedy

    RichCreedy Hey What Who

    Joined:
    24 Apr 2009
    Posts:
    4,699
    Likes Received:
    172
    have you tried chamelion mode for malwarebytes?
     
  5. cdb

    cdb No comment

    Joined:
    25 Apr 2009
    Posts:
    478
    Likes Received:
    4
    Why did you remove his norton?

    I know this is tempting fate, but I've been using it for about 10years now and NEVER had a virus and I've tested it on plenty of websites.
     
  6. bulldogjeff

    bulldogjeff The modding head is firmly back on.

    Joined:
    2 Mar 2010
    Posts:
    8,403
    Likes Received:
    634
    Have a little read of THIS Might help a bit. Once you downloaded anything you need take the PC off line as it'll have a back door. At least that way you're not open to further attacks.
     
  7. Arboreal

    Arboreal Keeper of the Electric Currants

    Joined:
    21 Jan 2011
    Posts:
    4,891
    Likes Received:
    1,239
    Weeeeeeeell, I felt that it was a resource hog and the PC could do with lightening the load.

    I did do a fair bit of research online, and MsSE + Malwarebytes was recommended numerous times with little criticism.

    I know that noting is 100% safe, but was confident that it was a suitable replacement.

    Bulldog, thanks for the link - I saw that it has a backdoor so will take it offline and deal with it in round 2.

    Watch this space - Thanks again guys, it's good to have you out there:clap:
     
  8. jimmyjj

    jimmyjj Minimodder

    Joined:
    20 Jul 2010
    Posts:
    663
    Likes Received:
    15
    A cautionary tale.

    Have been very happy with Norton for several years, but was going to try MsSE and save a few quid.

    Think I will pass now...

    Good luck getting your pictures back.
     
  9. Arboreal

    Arboreal Keeper of the Electric Currants

    Joined:
    21 Jan 2011
    Posts:
    4,891
    Likes Received:
    1,239
    Thanks Jimmy, it looks like it infects HTML files, so the jpg archive should be OK.
    Similarly, I hope the Office files come across OK.
    I should know by the end of tomorrow, depending on what time I have to work on the problem.
     
  10. Booga

    Booga Cuppa tea anyone?

    Joined:
    28 Sep 2009
    Posts:
    767
    Likes Received:
    30
    Sorry this isn't to help with OP but I just wanted to understand why you are assuming it was the replacement of Norton that got your Dad's PC infected.
    Could the viruses have been there and not been detected by Norton, only to be found once you had installed MSE?
    I have no idea what sites your Dad frequents but to pick up 2 viruses like that in 10 days seems a little, strange.

    I don't think this is a cautionary tale until all the facts are known.
     
  11. Shirty

    Shirty W*nker! Super Moderator

    Joined:
    18 Apr 1982
    Posts:
    12,835
    Likes Received:
    1,987
    I am currently using the free editions of Avast and Comodo Firewall and the PC seems to be bulletproof. With lots of RAM, an SSD and decent processing power resources are plentiful :)

    Just a thought, because most people are more than happy with the Windows 7 firewall but I wanted more flexibility.
     
  12. Arboreal

    Arboreal Keeper of the Electric Currants

    Joined:
    21 Jan 2011
    Posts:
    4,891
    Likes Received:
    1,239
    Booga,
    Thanks for your thoughts; it seems a large coincidence that after 3 years of clean operation, that the system picks something up after a change of AV software.
    I can't be sure whether Norton missed it, but it was a week or so before MsSE picked up a problem and tried to deal with it.

    I'm on that machine now running from a live Mint Linux CD and just about to back up the working files (photos etc.) to a spare external HDD.We'll see what happens from there.

    Cheers
     
  13. sourdough

    sourdough Minimodder

    Joined:
    17 Sep 2010
    Posts:
    123
    Likes Received:
    1
    NoScript, the Firefox plugin is also good for stopping unwanted scripts from running but need to involve end user interaction which may not be suitable for everyone.
     
  14. mrbungle

    mrbungle Undercooked chicken giver

    Joined:
    20 Sep 2004
    Posts:
    5,307
    Likes Received:
    165
    Seen loads of computers with norton and riddled with viruses.

    Nothing to say it would have stopped it.

    Id rather know what your old man has done to get infected rather than what didnt stop it.
     
  15. kenco_uk

    kenco_uk I unsuccessfully then tried again

    Joined:
    28 Nov 2003
    Posts:
    9,928
    Likes Received:
    496
    It sounds belt and braces, but ensure you have a backup by then copying what you've backed up to another machine.

    It might also pay to check what's used for email, if it's Outlook you'll need to back up the PST, OST and NLK files. These are stored in hidden folders within the user profile folder, one is AppData which has Local, LocalLow and Roaming folders in it (I can't remember the name of the other folder atm).

    If he plays games, there may very well be some savegame files tucked away in those hidden folders, too.
     
  16. Parge

    Parge the worst Super Moderator

    Joined:
    16 Jul 2010
    Posts:
    13,005
    Likes Received:
    612
    I've used MsSE ever since its release and never had a virus, I think its great!

    Get the photos off and nuke it! Messing about is not worth the time and effort and a clean reinstall is always a good thing!
     
  17. short1uk

    short1uk Minimodder

    Joined:
    20 Sep 2011
    Posts:
    140
    Likes Received:
    9
    :thumb:
    Used MSSE since the beginning with MWB Pro and been fine.

    Seen few with Norton and malware and viruses.

    Hate Ramnit -evil evil thing
     
  18. maple

    maple Minimodder

    Joined:
    23 Feb 2012
    Posts:
    1,014
    Likes Received:
    36
    cant you do a system restore to a time before the virus came
     
  19. Arboreal

    Arboreal Keeper of the Electric Currants

    Joined:
    21 Jan 2011
    Posts:
    4,891
    Likes Received:
    1,239
    AFAIK it gets into the system restore and infects the files there too....VERY nasty.

    Update tomorrow - just loading up the U 238:eeek:
     
  20. munkey

    munkey What's a Dremel?

    Joined:
    24 May 2012
    Posts:
    62
    Likes Received:
    2
    Careful with that stuff, I've heard mixed reviews. :lol:
     

Share This Page