Ramnit Worm

D

dogfacedboy uk1

New member
Ahh wonderful my computer has been screwed over by this vile worm infection and I'd just like to take some time to wish the hacker author of this particular virus a painful and violent death and may a thousand curses blight you and your descendants for a thousand ages..............

Looks like a windows wipeout may be in order when I have saved everything relevant. It took me ages to even get this thing booted in safe mode, apart from not knowing what button to press to get it to bring up the menu for safe mode....

Virus authors - almost worse than politicians.....


dfb
 
Spoontoes

Spoontoes

New member
On slightly related note - I recently had my (at the time unsubscribed) WoW battle.net account hacked. Somewhat amusingly I was at my computer when I received an email saying my requested character transfer was being processed.. so - I logged on to my battle.net account to find that two of my WoW accounts (I have several - don't ask how many ;) ) had had timecards applied to them - an hour previously. So I changed my password (which 'they' hadn't as yet), downloaded the iphone RSA key app thingy and nailed everything down tight - logged in to make sure nothing had been liquidated - which it hadn't.

The upshot of the stiory being I now have 60days free WoW time curtesy of some less than proficient hacker type dudes - hehehehe.

The related part being that my account can only have been compromised at a very specific time which I was able to figure out - and clean out the nefarious code hiding on my machine to grab said details, in truth I've no idea how the nefarious software got onto my machine - though I'm savvy enough to know there are many places it 'could' have come from. The curious other aspect of this particular episode is that only two of my several accounts were re-activated, and they are the only two accounts with characters on that could be construed as having any value...... how would anyone know which accounts to activate without having inside knowledge from Blizzard (not implying anything here - just saying)? To my knowledge tracing a char to a particular account is not possible from outside the account - especially as they have been inactive for 6months+?

Anywho - apologies for jacking your thread, your situation just made me think of that.

Edit:sytpo
 
Last edited:
D

dogfacedboy uk1

New member
Heheheh Finn, as if..... and as far as I know malacious code can't hide in video files.....

Tommie - No idea on this virus. I recently picked up the virus with the "Hard Drive" program that overlays your desktop so you cant see your desktop programs and puts a fake program screen that "checks" your system for viruses and refuses to allow you to do anything much. It somehow disables your task manager as well. In reality all it does is overlay the desktop and kills explorer.exe and I managed to access task manager through another user account with less privelages lol. It was a bugger manually hunting for the files responsible as a help guide was not relevant for Vista folder structure for some reason and the buggers were hiding somewhere slightly different.

It needs a big sweep out anyway, its just the hassle of file juggling as I have some Mini Mentor video files I havent watched yet taking up a crap load of space on my c drive, looks like I'll have to burn them to one of them old fangled DVD thingies.... or invest in a USB stick lol.

dfb
 
D

dogfacedboy uk1

New member
no as I had this before. you can delete the file manually very easily. it just reappears when you reboot. this time I managed to trick it into not being able to recreate by creating a folder of the same name ...desktoplayer.exe in the Microsoft directory of the c drive at the folder root. can't log in now.....
 
Last edited:
RuneBrush

RuneBrush

New member
Grab a copy of Malwarebytes. It's free and pretty good at getting shot of a number of nasty little bits of spyware/malware. Make sure you run it normally so that it's fully up to date and then boot into safe mode and do a full scan - which can take some time depending upon the amount of files/porn you have ;)
 
D

dogfacedboy uk1

New member
Thanks Runebrush I have this program. I am in safe mode now so I will try a re-scan with it, but as it is a worm it just regenerates the file after malware bytes gets rid of it upon reboot. I need to know what file is checking to see if it is there and generating a new one if it isn't and also resolve why it does not let me log on. If I stop the file recreating at reboot then it does not let me log into normal windows, it just hangs. PC works fine in safe mode though. The easiest way is of course to scrap the lot lol! Just another wasted day putting all the programs back on. I normally keep the programs on the C drive with windows in case they go bad anyway, sometimes its good just to start again with a fresh version, but it is a hassle.
 
Spoontoes

Spoontoes

New member
Not had to do any in depth machine virus fixing for some time but I seem to remember that the prefetch directory is a favoured place for 'here I am again!' virus shenanigans after reboots, dunno if that helps but might give you somewhere to start.
 
RuneBrush

RuneBrush

New member
AVG have a downloadable boot CD that has helped in the past for me. But in fairness if I get a machine that MalwareBytes doesn't shift it easily I do have a habit of a complete reinstall just to be safe :(
 
You must log in or register to reply here.
Back To Top
Top