Inactive Cleanup after Ramnit?

Status
Not open for further replies.
Hi,

I got a fairly severe case of the ramnit virus on my desktop. The desktop has two disks (c and d). It was a nightmare, but I backed up my data from c to d and re-installed XP onto c. All appears ok now. However MSE is detecting infected html and .exe on the D Drive. It says that is has resolved these (removed/dis-infected). Can I be sure that MSE has effectively cleaned this up? Is deletnig the infected files a suitable soluiton? Incidentally the C disk with the XP OS is coming up clean after repeated MSE scans.

Thanks in advance for your advice.
 
Many thanks for your reply Broni...your advice is really appreciated!
MSE found infections in htlm, exe files and also files in sys_vol_information on d:\
For all found, MSE reported that that they were dis-infected or removed.
None the less I deleted the htmls and exe's that I didnt need to retain. (I have thus far retained some however)
I also deleted all but the last system restore points from D (I cant figure out how to delete the last one).
A full mbam scan found nothing on either c or d.
As recomended by yourself i ran ESET. This too came back clean on both c and d.
Can I trust MSE when it says that it resolved the found infections or should I delete anyway.?
Is it just html and exe files that are likely to be infected? are other files such as jpegs ok?
out of interest - how will ramnit 'activate' from D:\? Will it only activate if an infected file is opened or can it activate without interaction from the user?

Thanks again Broni!
 
I also deleted all but the last system restore points from D (I cant figure out how to delete the last one).
You should disable system restore for drive D altogether.

Will it only activate if an infected file is opened
Either by you, or by some program, so you have to be 100% sure, there is nothing malicious on drive D.

Can I trust MSE when it says that it resolved the found infections or should I delete anyway.?
I'd delete any finding.

Is it just html and exe files that are likely to be infected? are other files such as jpegs ok?
Any executable file may be affected:

ADE - Microsoft Access Project Extension
ADP - Microsoft Access Project
BAS - Visual Basic Class Module
BAT - Batch File
CHM - Compiled HTML Help File
CMD - Windows NT Command Script
COM - MS-DOS Application
CPL - Control Panel Extension
CRT - Security Certificate
DLL - Dynamic Link Library
DO* - Word Documents and Templates
EXE - Application
HLP - Windows Help File
HTA - HTML Applications
INF - Setup Information File
INS - Internet Communication Settings
ISP - Internet Communication Settings
JS - JScript File
JSE - JScript Encoded Script File
LNK - Shortcut
MDB - Microsoft Access Application
MDE - Microsoft Access MDE Database
MSC - Microsoft Common Console Document
MSI - Windows Installer Package
MSP - Windows Installer Patch
MST - Visual Test Source File
OCX - ActiveX Objects
PCD - Photo CD Image
PIF - Shortcut to MS-DOS Program
POT - PowerPoint Templates
PPT - PowerPoint Files
REG - Registration Entries
SCR - Screen Saver
SCT - Windows Script Component
SHB - Document Shortcut File
SHS - Shell Scrap Object
SYS - System Config/Driver
URL - Internet Shortcut (Uniform Resource Locator)
VB - VBScript File
VBE - VBScript Encoded Script File
VBS - VBScript Script File
WSC - Windows Script Component
WSF - Windows Script File
WSH - Windows Scripting Host Settings File
XL* - Excel Files and Templates
 
Thanks Broni.
Have now turned off sys restore for D
I will also delete all the findings as you recommend.
However, i do have lots of the executables files such as .doc, so I suppose I will just have to take my chances
Thanks again!
Cheers
Sham
 
Status
Not open for further replies.
Back