Win32/RAMNIT.A Anyone?
in [Viruses]
|
From: Dustin on 8 Aug 2010 03:15 "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in news:i3fa1d0cj5(a)news4.newsguy.com: > From: "John Slade" <hhitman86(a)pacbell.net> > >| On 8/4/2010 1:53 PM, David H. Lipman wrote: >>> From: "John Slade"<hhitman86(a)pacbell.net> > > > >>>>> The term "malware" is generic. >>>>> The term "virus" is quite specific. > > > >>> | "Virus" is both a generic term and a specific term. Why do >>> | you think they call the software used to clean trojans and >>> | worms, "Anti-Virus" software? I'm sure you don't think that they >>> | only clean viruses and leave trojans and worms alone. It's all a >>> | matter of semantics. Just about all of the major anti-malware >>> | vendors have products that they call Anti-Virus. This is because >>> | it just stuck. You're a professional and you don't know this? > >>> Sorry John - No. > >| Well it's time you learned. > > I've been studying malware since I had to erradicate the > "Jerusalem.B" from a Novell 2.11 network. That was a true file > infecting virus. I have been at this long enough to say > emphatically, YOU need to learn otherwise do NOT call yourself a > professional. > > IAWTP -- "I like your Christ. I don't like your Christians. They are so unlike your Christ." - author unknown.
From: Dustin on 8 Aug 2010 03:35 John Slade <hhitman86(a)pacbell.net> wrote in news:hk%6o.57973$KT3.7352(a)newsfe13.iad: > On 8/6/2010 1:56 PM, David H. Lipman wrote: >> From: "John Slade"<hhitman86(a)pacbell.net> >> >> >> >> | And acid core capacitors are wet capacitors. Now let me >> | ask you this. Would you repair a motherboard that has several >> | bulging electrolytic capacitors rather than replace the >> | motherboard? I'm still waiting for Dustin to tell me when was >> | the last time he repaired a sound card and what it was. >> >> I would consider such a circuit board to have compromised integrity >> and not being worthy of repair, only replacement. >> >> > > > Now tell Dustin Cook that please. He doesn't seem to > get that point. That's because I have a strong background in electronics, John. And in some cases, integrity can be verified via a thorough and rigourous system burn in. You can stress test a system after doing such a repair to make sure she's going to keep running, or you can just replace the whole board if your unsure of the board or your ability to properly replace the caps. either way you wish to do it, it can be done. -- "I like your Christ. I don't like your Christians. They are so unlike your Christ." - author unknown.
From: ~BD~ on 8 Aug 2010 15:20 Peter Foldes wrote: > I do. It has been there for a while > You don't count!
From: FromTheRafters on 8 Aug 2010 16:19 "Dustin" <bughunter.dustin(a)gmail.com> wrote in message news:Xns9DCE2590F6B95HHI2948AJD832(a)no... [...] > A manager I once had was like that. I stood back and watched him burn > up 3 brand new mainboards right off the shelf, before he bothered to > check the voltage levels of the power supply. I only suggested as a > lowly employee at the time when the first one blew a couple of caps > right off of it that he might want to check the power supply. As he > was > "manager" and been there longer than me, he dismissed the advice and > wasted two more boards he didn't need to kill. The power supply was > putting out just under 38 volts on the 12volt rail. I'm sure you can > imagine the effects on a new board when he'd try to power them on. :) Yep, blasting caps. (not acid core - whatever that means) One time on a high power HF trsansmitter IPA stage, a tube shorted and apparently put plate voltage on the control grid. Several capacitors "blew" and spread foil and paper all over the unit. Really, it went off like a barrel bomb.
From: John Navas on 9 Aug 2010 13:52
What I do with this class of virus: 1. Turn off System Restore and delete all restore points. 2. Note the names and locations of infected files. 3. Boot from something like Ultimate Boot CD <http://www.ultimatebootcd.com/>, and delete the infections. Turn System Restore back on when disinfected. On Tue, 27 Jul 2010 04:51:56 GMT, in <i2lolb$s5r$1(a)news.eternal-september.org>, sfdavidkaye2(a)yahoo.com (David Kaye) wrote: >Sorry about the crosspost to ba.internet, but I know there are malware experts >out there. > >Does anybody have EXPERIENCE with Win32/RAMNIT.A ? I'm having a devil of a >time removing it. The only tool the detects it consistently is MS Security >Essentials, and MSSE keeps counting it and "disinfecting" it. > >I'm not sure if it's a virus or a worm. MSSE says it's a virus, but I can't >figure out what's launching it. > >I have eliminated one rootkit and subsequent scans show no more rootkits. >This thing has dropped startup payloads into the StartUp folder, into the Run >keys, into Prefetch, and it masquerades as everything from random 4-letter >clusters to names like "Microsoft Suite", etc. > >It also captures the date when Windows was first installed, so I can't >reliably search for the thing via date, either. > >Whenever MSSE detects a new round of infections (15, 78, all kinds of counts) >the infections are in everything from drivers to executables in all kinds of >directories. > >At the moment I'm running the computer in safe mode with no Internet and MSSE >is not detecting any more Ramnit. I've scanned it 3 times. But as soon as I >go back into regular mode and get an Internet connection back up it'll start >infecting again. > >Oh, and I've reset the Winsock stack twice just in case there's a little >wedgie in there. Still comes back. > >Any help would be most appreciated. You can reach me directly by email. The >address is valid. > >Thanks. -- John FAQ for Wireless Internet: <http://wireless.navas.us> FAQ for Wi-Fi: <http://wireless.navas.us/wiki/Wi-Fi> Wi-Fi How To: <http://wireless.navas.us/wiki/Wi-Fi_HowTo> Fixes to Wi-Fi Problems: <http://wireless.navas.us/wiki/Wi-Fi_Fixes> |