Jump to content

Ramnit.v - Backup & Removal log


Recommended Posts

Ramnit.V (Worm:Win32.Ramnit.V) is a new version of the Ramnit Worm. Up to yet there are no articles on the internet about Ramnit.V, only Ramnit.A and Ramnit.B.


The Ramnit worm replicates itself and infects other files. It also infects Removable Disks with an autorun, and about 2000 copies of itself in the disk's "RECYCLER" folder (Hidden).


It infects HTML and EXE files, which can be cleaned with Antivirus Software. However, once these are cleared it replicates itself, usually doubling the number of instance  :/

It stores itself in a different location to Ramnit.B and Ramnit.A and as there are no articles about it, you cannot easily find the it's registry values and file locations.


Up to yet I believe there is a central, undetectable file residing in a networking file or driver, as once a browser is opened it rapidly infects other files.



To Backup Your Files....

[*]On an Uninfected Computer Download The Latest Release of Linux Ubuntu 32 bit and Burn this to Disc

[*]Using the Ubuntu Disc, Boot the Infected Computer from Disc, and Run Ubuntu directly from disc (Try Ubuntu)

[*]Using a Data Stick,which hasn't been plugged into the computer whilst infected, copy all files to a data stick, except EXEs and HTML documents. Avoid Copying Folders to prevent Hidden Files from being transferred


'Uninfecting' a Data Stick/Removable Disk

[*]Boot in Ubuntu

[*]Transfer your files from the infected disk to a clean data stick. DO NOT COPY THE WHOLE CONTENTS OF THE DRIVE AND DO NOT COPY .EXE PROGRAM FILES AND HTML FILES

[*]To See the extent of the damage you can open the removable disk and then open the "RECYCLER" folder. This will usually be filled with hundreds of thoudands of EXE files, and usually accompanied by a Autorun file, with the contents "RMV" in the root of the disk.

[*]Using G-Parted (Partition Manager) Delete the Partition on the Infected Drive (Make Sure it is the Right Drive!) (Highlight the Partition and Hit the Delete key)

[*]Right Click the newly Unallocated Space, and create a new partition, in FAT32 Format (Or NTFS for External Hard Drives)

[*]G-Parted doesn't perform these actions straight away, it just creates the instructions to do so, so you need to click "Run" button.


Removal Log

I Will Update this as I go along.... Any advice welcome :)


Disabling all Networking and Bluetooth Drivers.....Failed :D


Just got my Avast Linux edition Free License Key, It scans for Windows Viruses whilst on Linux. I'm gonna try that.


Scanned Using Avast Linux Edition for about 12 hours, it found around 1000 trojans that Ramnit.V had downloaded :/

I've kicked them off, along with Ramnit.G

Deleted the Pagefile through Ubuntu, as that was also infected.

Booted Windows backup but unfortunately it hasn't removed Ramnit.V, ATM I'm going to try another antivirus.


Scanned thoroughly with BitDefender Linux Edition, and it has successfully removed all viruses :)


Installing Bit Defender on Ubuntu

Remember as Ubuntu is only installed temporarily, all installed programs are removed when you shut down Ubuntu.

[*]Download BitDefender Linux From here: Bit Defender Linux

[*]Bit Defender should now be saved on Ubuntu's Desktop. Go to Applications>Accessories>Terminal and type "cd Desktop" press Enter and then type "sudo sh BitDefender-Antivirus-Scanner-7.6-4.linux-gcc4x.i586.deb.run" and press enter. This installs Bit Defender.

[*]When asked to accept the Terms type "accept" and press enter.

[*]When asked if you want to install the GUI type "y" and press enter.

[*]Now BitDefender should be installed under Applications>System Tools. Open it and Update the Virus Database - You may be asked to enter a license key, you can get one from BitDefender's website for free

[*]To scan your Windows Drive you first must open the drive (to mount it in Ubuntu). To do this simply just open "Computer" (in the places drop down menu) and then select your drive. The drive should now appear on the desktop as well

[*]Now you can run your antivirus scan in BitDefender, start a BitDefender scan and under when asked for a folder to scan locate your windows drive, it is usually in a folder called "media".

[*]Once the scan is complete Disinfect all the files, if any still remain delete them.

[*]Shut down Ubuntu and boot Windows, your Computer should now be free of viruses :)


Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...