Trimble Bracegirdle
2011-02-08 20:37:38 UTC
http://therachmat.blogspot.com/2011/01/ramnit-worm-removal-guide.html
@@Will the experts here please comment on the approach given on this Web
Page@@.
http://therachmat.blogspot.com/2011/01/ramnit-worm-removal-guide.html
I had this very badly back in late summer ...My main method was with DR WEB
CUREIT ( A Free download) told it to 'Cure' the ramnit infected files but I
left the HTML files it detected with 'Igor' alone.
Since then the system has seemed free until late Jan. (last week). when a
new one got in .. Slightly different from the 1st & spread very fast though
out my complex Win XP & Win Vista & Win 7(64bit) system.
Infection getting into any corner.
I stopped it (I hope) with repeated DR WEB.
@@@@@
"Win32/RAMNET" Symptoms:
A file called Desktoplayer.exe persistently re appears in C:/Program
Files/Microsoft.
Fake FireFox and/or iExplore Processes are shown in Task Manager .
These are much smaller 2Kb to 8 Kb than the real thing 80+Kb They will be
there whether a Browser is really running or not.
The processes are directly connected to a High, near constant,(very High)
level of Disc Activity . Stopping the fakes in TaskMan stops this Disc
activity.
Files with the names of actual files (always exe's ???) are created which
are copies of that Destoplayer.exe file which is 60,416 Bytes in size & has
the actual file name with an addition of 'Srv'
added into it.
Thus; Real "ProgName.exe" ...
fake 59Kb files in same Folder,
"ProgNameSrv.exe""ProgNameSrvSrv.exe""ProgNameSrvSrvSrv.exe"
Etc ...etc...etc
@@@@@@
@@Will the experts here please comment on the approach given on this Web
Page@@.
http://therachmat.blogspot.com/2011/01/ramnit-worm-removal-guide.html
I had this very badly back in late summer ...My main method was with DR WEB
CUREIT ( A Free download) told it to 'Cure' the ramnit infected files but I
left the HTML files it detected with 'Igor' alone.
Since then the system has seemed free until late Jan. (last week). when a
new one got in .. Slightly different from the 1st & spread very fast though
out my complex Win XP & Win Vista & Win 7(64bit) system.
Infection getting into any corner.
I stopped it (I hope) with repeated DR WEB.
@@@@@
"Win32/RAMNET" Symptoms:
A file called Desktoplayer.exe persistently re appears in C:/Program
Files/Microsoft.
Fake FireFox and/or iExplore Processes are shown in Task Manager .
These are much smaller 2Kb to 8 Kb than the real thing 80+Kb They will be
there whether a Browser is really running or not.
The processes are directly connected to a High, near constant,(very High)
level of Disc Activity . Stopping the fakes in TaskMan stops this Disc
activity.
Files with the names of actual files (always exe's ???) are created which
are copies of that Destoplayer.exe file which is 60,416 Bytes in size & has
the actual file name with an addition of 'Srv'
added into it.
Thus; Real "ProgName.exe" ...
fake 59Kb files in same Folder,
"ProgNameSrv.exe""ProgNameSrvSrv.exe""ProgNameSrvSrvSrv.exe"
Etc ...etc...etc
@@@@@@