From: jcdill on
David Kaye wrote:
> Sorry about the crosspost to ba.internet, but I know there are malware experts
> out there.
>
> Does anybody have EXPERIENCE with Win32/RAMNIT.A ?

No experience, but if I were in your shoes I'd start here:

<http://www.experts-exchange.com/Virus_and_Spyware/HijackThis/Q_26343474.html>

jc
From: ~BD~ on
jcdill wrote:
> David Kaye wrote:
>> Sorry about the crosspost to ba.internet, but I know there are malware
>> experts out there.
>> Does anybody have EXPERIENCE with Win32/RAMNIT.A ?
>
> No experience, but if I were in your shoes I'd start here:
>
> <http://www.experts-exchange.com/Virus_and_Spyware/HijackThis/Q_26343474.html>
>
>
> jc

I saw no answer to the 'Question' - but I did copy and paste the HJT log
into www.hijackthis.de - there were six questionable entries highlighted.
From: David Kaye on
jcdill <jcdill.lists(a)gmail.com> wrote:

>No experience, but if I were in your shoes I'd start here:
>
><http://www.experts-exchange.com/Virus_and_Spyware/HijackThis/Q_26343474.html>

Been there, done that. Thanks anyway. I'm reinstalling Windows and the
programs this afternoon. I hate to do that. Oh well.

From: David Kaye on
Virus Guy <Virus(a)Guy.com> wrote:

>If at all physically possible, the standard proceedure for insuring that
>any hard drive is free of malware (trojans, viruses, rootkits, spyware,
>etc) is to remove the drive and connect it as a slave to a known/good
>computer that has competent anti-malware software on it.

Already did that. Jeez, you guys are no help whatsoever. Thanks for nothing,
friends. The only responses I've gotten are about things I've already done.
As stated here earlier, I am a professional who has been doing this stuff for
8+ years. This is why I've asked specifically for someone who has experience
with THIS PARTICULAR infestation.

From: David H. Lipman on
From: "jcdill" <jcdill.lists(a)gmail.com>

| David Kaye wrote:
>> Sorry about the crosspost to ba.internet, but I know there are malware experts
>> out there.

>> Does anybody have EXPERIENCE with Win32/RAMNIT.A ?

| No experience, but if I were in your shoes I'd start here:

| <http://www.experts-exchange.com/Virus_and_Spyware/HijackThis/Q_26343474.html>

The problem is that may not be the same based upon the !HTML suffix which infers HTML code
and possibly exploitation rather than the actual infection.


--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp