downloaded the latest adw,  problem with a virus in the exe..  ramnit virus detected by ....  reason core security.. brrrr...  then downloaded

the exe on my external backup disk and ran the scan again...  same result ... as the virus was already in my system,  ran my recent backup.. virus gone

Re: ramnit virus

Hello,

Can you describe a bit more your problem ?

What symptoms do you have now ?

Regards,

Re: ramnit virus

Hi, yes I downloaded the latest ADWcleaner 5.03 and could not open it...  it said it was open already, but it was not...so I thought this was suspect and I ran a scan of the exe file with reason core security which told me that there was a ramnit virus ... I used the free edition of that program so unless I paid I could not get rid of the virus...   So deleted the exe file manually...Then I tried downloading again on my external

backup disk...  lthe same happened, could not open it and the scan gave the same result ramnit virus...  Then I scanned the exe file with malwarebytes and that found no virus...  So thought maybe a false positive by reason core security..   But the fact remained I cannot open the file...   Tried several more times but the same result...   To make sure I put a recent backup back with True Image..  So all is working ok now apart that I cannot use ADWcleaner, it will not open..Hope you have a solution as I love my ADW... Thanks Johann

Re: ramnit virus

Hello,

Please launch Malwarebyte's Anti-Malwares and do a scan of the whole system. Be patient and share me the results.

Regards,

Re: ramnit virus

Ok will do that...  will download ADW 5.03 first and put it in users/johann/downloads... will let  you know the result of the scan..  regards

Re: ramnit virus

latest result... malwarebytes scan ok...no detection....  did run reason again and yes detected ramnit...  decided to click on ignore...and yes adw opened up and ran a scan...deleted adw manually and uninstalled reason core..downloaded adw again and it opened up and ran a scan with no problem...  so this might be a false positive...for added safety I will run trend micro housecall later on and will let you know the result...  regards......  further to the investigation re ramnit virus....   did run herdprotect also a product of readon core security....yes it found ramnit b y avira antivirus and ESET Nod... so 3 anti virus programs found that virus...  so deleted adwcleaner 5.03 and wont run it till later...it could be a false positive but seeing the result better be safe than sorry...  my inkling is that it is a fale positive    anyhow will look at it later and run herdprotect as you regularly update adw...   thanks and regards

Re: ramnit virus

Hello,

it found ramnit b y avira antivirus and ESET Nod... so 3 anti virus programs found that virus...  so deleted adwcleaner 5.03 and wont run it till later...it could be a false positive but seeing the result better be safe than sorry...  my inkling is that it is a fale positive    anyhow will look at it later and run herdprotect as you regularly update adw...   thanks and regards


johan442, 2016-01-21 00:24:03 (UTC)

It would be great to share the Malwarebyte's logfile and  a screenshot of these antivirus detections reports.

Regards,

Re: ramnit virus

well will try again by downloading aswcleaner and scan with malwarewarebytes and herdprotect and virus total

will then screen shoot  regards

Re: ramnit virus

lost the origin email...  and cannot send any attachments here...  pse repeat email and from there I can reply wih attachments (screenshots)   thanks

Re: ramnit virus

Hello,

Please host any attachment on https://up2sha.re/ and share the generated links here.

Regards,

Re: ramnit virus

downloaded the latest adw,  problem with a virus in the exe..  ramnit virus detected by ....  reason core security.. brrrr...  then downloaded

the exe on my external backup disk and ran the scan again...  same result ... as the virus was already in my system,  ran my recent backup.. virus gone


johan442, 2016-01-20 04:35:56 (UTC)

You are infected with file-virus. Win32/Ramnit (and related variants) is a dangerous file infector with IRCBot functionality which infects .exe, and .HTML/HTM files, and opens a back door that compromises your computer. Using this backdoor, a remote attacker can access and instruct the infected computer to download and execute more malicious files. The infected .HTML or .HTM files may be detected as Virus:VBS/Ramnit.A or VBS/Generic. Win32/Ramnit.A!dll is a related file infector often seen with this infection. It too has IRCBot functionality which infects .exe, .dll and .HTML/HTM files and opens a back door that compromises your computer. This component is injected into the default web browser by Worm:Win32/Ramnit.A which is dropped by a Ramnit infected executable file.

 

Please perform all actions as described in this topic http://support.kaspersky.com/us/4162