Win32/RAMNIT.A Anyone?
in [Viruses]
|
From: David H. Lipman on 27 Jul 2010 16:43 From: "David Kaye" <sfdavidkaye2(a)yahoo.com> | Virus Guy <Virus(a)Guy.com> wrote: >>If at all physically possible, the standard proceedure for insuring that >>any hard drive is free of malware (trojans, viruses, rootkits, spyware, >>etc) is to remove the drive and connect it as a slave to a known/good >>computer that has competent anti-malware software on it. | Already did that. Jeez, you guys are no help whatsoever. Thanks for nothing, | friends. The only responses I've gotten are about things I've already done. | As stated here earlier, I am a professional who has been doing this stuff for | 8+ years. This is why I've asked specifically for someone who has experience | with THIS PARTICULAR infestation. Then Dave, state what you have done when you make an intial post! -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
From: David Kaye on 27 Jul 2010 17:07 "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote: > >Then Dave, state what you have done when you make an intial post! I've already stated most of what I've done in two previous posts. I've been posting in these newsgroups for some time, so people are well aware that I'm not a newbie to this stuff. I'm not looking for speculation, I'm looking for real experience with this specific infection, since it's very different from anything I've encountered before. I'm surprised that nobody here has seen it before. Does this mean that I'm the only one who sees these kinds of things? If so, does that mean that most of the people on here have no real-world experience with malware? That's what the situation appears to be so far. Sure you, David, must have experienced Win32/Ramnit.A in the 6 months since it launched. Or instead of being behind the curve on this infection, I'm actually far ahead of the curve?
From: Steve Pope on 27 Jul 2010 17:20 David Kaye <sfdavidkaye2(a)yahoo.com> wrote: >I'm not looking for speculation, I'm looking for real experience with this >specific infection, since it's very different from anything I've encountered >before. >I'm surprised that nobody here has seen it before. Does this mean that I'm >the only one who sees these kinds of things? If so, does that mean that most >of the people on here have no real-world experience with malware? That's what >the situation appears to be so far. > >Sure you, David, must have experienced Win32/Ramnit.A in the 6 months since it >launched. It may be that MSE calls it "Ramnit.A", but other products have different names for it which is why nobody has seen it. Steve
From: ~BD~ on 27 Jul 2010 18:01 Steve Pope wrote: > David Kaye<sfdavidkaye2(a)yahoo.com> wrote: > >> I'm not looking for speculation, I'm looking for real experience with this >> specific infection, since it's very different from anything I've encountered >> before. > >> I'm surprised that nobody here has seen it before. Does this mean that I'm >> the only one who sees these kinds of things? If so, does that mean that most >> of the people on here have no real-world experience with malware? That's what >> the situation appears to be so far. >> >> Sure you, David, must have experienced Win32/Ramnit.A in the 6 months since it >> launched. > > It may be that MSE calls it "Ramnit.A", but other products have > different names for it which is why nobody has seen it. > > Steve You are right, Steve! http://www.sophos.com/security/analyses/viruses-and-spyware/w32patchedi.html?_log_from=rss
From: David H. Lipman on 27 Jul 2010 19:02
From: "David Kaye" <sfdavidkaye2(a)yahoo.com> | "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote: >>Then Dave, state what you have done when you make an intial post! | I've already stated most of what I've done in two previous posts. I've been | posting in these newsgroups for some time, so people are well aware that I'm | not a newbie to this stuff. | I'm not looking for speculation, I'm looking for real experience with this | specific infection, since it's very different from anything I've encountered | before. | I'm surprised that nobody here has seen it before. Does this mean that I'm | the only one who sees these kinds of things? If so, does that mean that most | of the people on here have no real-world experience with malware? That's what | the situation appears to be so far. | Sure you, David, must have experienced Win32/Ramnit.A in the 6 months since it | launched. Or instead of being behind the curve on this infection, I'm | actually far ahead of the curve? I have never heard of the "Ramnit" trojan. But, there are 100's of thousands out there and it isn't a major family/player. I was actually hoping you may have had a sample you could have uploaded to http://www.uploadmalware.com/ BTW: I re-read this thread. Nowhere did I see anything about the removal of the hard disk and scanning it with a surrogate platform as suggested by Virus Guy. Whiles this can have drawbacks, it does have the propensity of removing protected malware. -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp |