Free Malware Removal Forum

[kpnuts]

Hi, I know just about nothing when it comes to computers and I'm having a problem with this virus that my ESET security can't clean.

I know the last time I posted this question, it was closed and I was told to run DDS but unfortunately one of the ways of downloading it was blocked by the virus and the other I tried to download but it wouldn't complete, sorry.

I ran a scan and it said on object was infected, then I looked at the scan log and it said -

Operating memory » hpqwutils.exe(3384) - probably a variant of Win32/Ramnit.L virus - unable to clean


My laptop has been running quite slowly the last few days and I only just realised that internet explorer is not letting me on to sites like norton or kaspersky.

Can anyone please help me because I have literally no idea what to do.

[askey127]

Hi kpnuts,
Unfortunately, there is no way to "get rid of" a Ramnit infection on an infected machine, without re-installing Windows.
It is frequently transmitted by an infected flash drive, so if you have any flash drives that have been plugged into this machine, I would discard them. Don't try to fix or reformat them.
-----------------------------------------------------------
Unfortunately, this is a very dangerous, catastrophic infection, with "backdoor" capabilities.
This allows intruders to remotely control the computer, log keystrokes, steal critical system information, and download and execute files of their own.

• Get this machine OFF the Internet. It can infect others.
• If you do any banking or other financial transactions on the PC, or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable. This would include contacts like your Internet Provider, email, banks, financial accounts, PayPal, eBay, online companies, and any online forums or groups to which you belong.
• It would be wise to contact any of the financial institutions directly and apprise them of your situation. Failure to notify your financial institutions can result in refusal to reimburse funds lost due to fraud or similar criminal activity.
• Do NOT change passwords or do any transactions while using the infected computer because the intruder may get the new passwords and transaction information.

How Do I Handle Possible Identify Theft, Internet Fraud and Credit Card Fraud?

Once infected with this type of Trojan or Worm, the ONLY course of action is to completely Re-install the Windows Operating System from scratch. That is my best advice to you.
In this case, the infection is known as a polymorphic file infector.
It corrupts possibly hundreds of system files, so there is NO REMEDY except to either do a COMPLETE RECOVERY, using the Manufacturer's option at bootup, or a complete "reformat/re-install" of Windows.
There is a tutorial here on Remote Access Trojans and Full System Recovery methods: viewtopic.php?f=4&t=60204

Performing a complete disk reformat and fresh installation of windows will work, if you have a Windows installation disk.
If your machine has a system recovery option at bootup, only an option that puts the machine back into its "as purchased" state will work. Any "Repair install" or similar will fail.

If you don't have a Windows system disk, you may be able to get one at reasonable cost from the manufacturer.
AT THIS TIME, I WOULD NOT ATTEMPT TO USE ANY BACKUPS FOR ANY PURPOSE, EVEN AFTER A COMPLETE RECOVERY.
The only safe programs to re-install would be from original installation CDs.

askey127

[askey127]

Since it has been determined the best resolution of this issue requires a ReFormat and Re-Installation of Windows, this topic will now be closed.