BSOD Problem

[Jacee]

Oh my! :eek: You picked a bad one!

Virus:Win32/Ramnit.A is a detection for a virus that infects Windows executable files and HTML files, and spreads to removable drives. The virus attempts to open a backdoor and wait for instructions.

Warning! Backdoor Trojans

These are the most dangerous, and most widespread, type of Trojan.
Backdoor Trojans provide the author or ‘master’ of the Trojan with remote ‘administration’ of victim machines. Unlike legitimate remote administration utilities, they install, launch and run invisibly, without the consent or knowledge of the user. Once installed, backdoor Trojans can be instructed to send, receive, execute and delete files, harvest confidential data from the computer, log activity on the computer and more.

If your computer was used for online banking or has credit card information on it, all passwords should be changed immediately to include those used for email, eBay and forums.

You should consider them to be compromised.
They should be changed by using a different computer and not the infected one, if not an attacker may get the new passwords and transaction information.
Banking and credit card institutions should be notified of the possible security breech.

More info can be found below:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
How to report ID theft, fraud, drive-by installs, hijacking and malware? Security | DSLReports.com, ISP Information

When should I re-format? How should I reinstall?
When should I re-format? How should I reinstall? Security | DSLReports.com, ISP Information

If you choose to format and reinstall see this link for instructions:
Windows: reformat and reinstall - Cyberwalker.com
Though the Trojans have been identified there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS.
Should you decide not to follow that advice, we will of course do our best to clean the computer of any infections that we can see but, as I already stated, we can in no way guarantee it to be trustworthy again.
If you decide to reformat, you should still download the protection on the newly formatted PC, or else you will have a high chance of reinfection.

 

[neil67]

Hi, yes I suspected it was going to be bad news. I notified my bank when I first suspected a virus and changed all passwords and have not used new ones on this PC! Sounds like I'm going to need to reformat. Have looked at instructions and they look a little beyond me. I have a good local shop to go to to get OS re-formatted and re-installed. I also have an external hard drive, Expansion Drive (G). Will this need the same process?

 

[neil67]

Hi Jacee. I've been on hols for a few weeks. Where are you?? What would cleaning process entail? Thanks

 

[richc46]

Jacee has not forgotten you. She will be away for a few days. I will see if our other specialist is available.

 

[Corrine]

Hi, neil67.

If you decide to do the clean install yourself, perhaps this tutorial will be helpful: Clean Install with a Full Version of Vista.

As to your external hard drive, much depends upon when it was attached to the infected computer. It can be scanned with an antivirus program. If you have been doing regular backups to the external drive, it may have infected programs. Do not reinstall any program files/installers from that drive, only critical documents, family pictures, etc. I am certain that the local shop can scan the drive for you.

 

[neil67]

Hi Corrine, thanks for reply. Problem is that when purchased laptop had pre-installed version of Vista and I do not have any original dvd with it on to re-install.

 

[Corrine]

Hi, neil67.

Based on the way Ramnit.A infects executable and HTML files and spreads to removable drives, you would be best advised to take the computer to the local shop you mentioned to have the operating system reinstalled. With a valid license key, they can do the installation for you.

~~~~~~~~~~~~~~~~~~

If you elect to attempt a cleanup -- which would in no way guarantee that your computer can be trusted, please do the following in the order presented.

Start by uninstalling the programs that ESET identified. Go to add/remove programs and uninstall the following:

Adobe Reader
Uniblue

(You can update to the current version of Adobe Reader later.)

Next, please delete the ComboFix.exe on your desktop and do the following:

Please follow these instructions carefully.

Download ComboFix from one of the following locations:

Link 1
Link 2

!!! IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your antivirus and anti-malware security applications. If not disabled, these programs will likely interfere with cleanup process. This can usually be accomplished by a right-click on the icon in the System Tray.

Note: If you are unsure how to disable your security software, see the instructions in this topic at Tech Support Forum: How to disable your security applications.

Now, please run ComboFix:

• Note: If infections are found, ComboFix will automatically reboot the machine to complete the removal process. Please ensure all opened windows are closed before proceeding.
• Double-click ComboFix.exe on your desktop and follow the prompts.
• As part of the process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it is strongly recommended to have this pre-installed on your machine before doing any malware removal. The Recovery Console will allow you to start up the computer in a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
  Please note: If the Microsoft Windows Recovery Console is already installed on the computer, ComboFix will continue the malware removal procedures.
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
• When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  
  
  
• After the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
  
  
  
• Click "Yes" to continue scanning for malware.
• When finished, a log will be produced. Please include the C:\ComboFix.txt in your next reply.

Following the same instructions Jacee provided previously, I would like a fresh scan with ESET:

1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
   ESET OnlineScan
2. Click the
   
   button.
3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
   1. Click on
      
      to download the ESET Smart Installer. Save it to your desktop.
   2. Double click on the
      
      icon on your desktop.
4. Check
   
5. Click the
   
   button.
6. Accept any security warnings from your browser.
7. Check
   
8. Push the Start button.
9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
10. When the scan completes, push
    
11. Push
    
    , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
12. Push the
    
    button.
13. Push
    

Please copy/paste the ComboFix.txt log and the ESET log in your next reply.

 

[Jacee]

Oh wow!, this is the first notification on this topic I've been sent. I'm so sorry neil67.

Follow Corrine's instructions!

 

[Corrine]

Hi, Jacee!

I hope neil67 follows your original advice and doesn't attempt clean-up. This isn't a machine I would trust.

 

[Jacee]

Neither would I ..... if it was my own computer.