Can I get rid of RAMNIT virus on my pc

  rachel99 21:38 05 Aug 11

Hi. I seem to have picked up a virus called Ramnit on my WindowsXP pc. I googled it & asked a friend....My pc antivirus is normally pretty good, but each time I log on the Threat window comes says.... Threat - Win32/Ramnit.L virus "Event occured on a new file created by the application" & The application always has"ciepjdbhopiqmvyd.exe" in it, & the file always has the same sequence of letters before the .sys bit. I did a search on my Start menu bit, & found a few PF files in Windows/Prefetch, & a few Applications in the C drive section too. These files & Apps all have the letter sequencethings like above.

Should I keep trying my antivirus & see what it does, Can I delete the files or applications? Any advice would be nice of you. Thank you x

  badhair1963 22:09 05 Aug 11


1: might help.

(I hope that hyperlink works. If not, I'll post again.)

  badhair1963 22:11 05 Aug 11

Well, that didn't work as expected, but at least you got the link. :)

  rachel99 22:44 05 Aug 11

hi thanks for that link. I used it & went into my TaskManager section, but could not see any W32Ramnit processes?, then tried the WindowsStart button bit to find the W32Ramnit inthe HKEY area, but no joy there too. So no joy but thanks alot anyway

  birdface 22:52 05 Aug 11

According to most of the forums out there.The best way to remove it is to do a reformat.

Not sure if this one actually removes it or not although it says it does.

You can get a free trial of it so maybe worth trying.

  rachel99 09:15 06 Aug 11

thanks pretty scared about doing that reformat thing. as worried about mucking it up and spoiling things on my pc, but i know i need to do something.

  birdface 09:23 06 Aug 11

Best maybe going to this forum which will be able to hep.

You have to sign in and follow instructions and it may take a few days for them to get back to you as they are kept very busy.

If anyone can fix it they can.

Saturday and Sunday is usually a bit slow on here for help so maybe best thinking about the other forum who specialise on problems like this.

Maybe there are other security programs that can repair it now, so have a look see what others think when they come on here this morning.

  Secret-Squirrel 09:51 06 Aug 11

Rachel, if your problem's relatively recent then an XP "System Restore" done in "Safe Mode" may help neutralise the infection. The restore won't affect any of your personal files. Here's what you need to do:

1) Shutdown your PC, restart it, and immediately start tapping the F8 key quickly till the boot options menu appears - it'll be a black screen with white writing. Using the arrow keys on your keyboard, select "Safe Mode" then hit the Enter key to confirm your selection. When XP loads, don't be concerned that the screen looks different with extra-large icons etc.

2) Once in, click your Start button -> All Programs -> Accessories -> System Tools -> System Restore. Tell the program you want to restore to an earlier date and pick any date on the calendar that's in bold that pre-dates this problem. Don't go further back than you need to. If the restore doesn't help or gives unexpected results then you can always go back in and undo that restore.

When the PC reboots, let us know if you're now free of those virus alerts. If you are then I'll give you extra instructions on how to check for any (inactive) virus files that may remain.

  rachel99 13:04 06 Aug 11

Hi thanks alot buteman & secret squirrel for your advice. Both really nice of you. I'm going to try that SystemRestore thing first (and maybe message another forum as advised as backup for help maybe). So to Mr Squirell I need to ask somethings before I do the Restore if thats ok? : 1. A family member has a 2nd UserAccount on my pc. They have also started having the Threat popups. So I take it I can just go ahead & do the Restore anyway? 2. you said Shutdown & Restart it before F8 button lots. Do you mean use Restart(close&reopen) buttonfromwhen my pc is on - like it is now, OR, totally Shutdown with the whole thing tured off, then, turn pc back on by pressing main computer button? Oh & when I do that, I start pressing F8 button IMMEDIATELY (as in that very second??) Will I have to press F8 maybe 10 times 20? 50?? just so I have an idea? lol 3. The Threats started about 5 or 6 days ago. I know you said don't go back further than you have to. So to be safe, maybe go back 10 days?
4. And is going back to an earlier date like going back in time a few days & the pc will be hopefully like it was then. I think that's what you mean, ie before Ramnit thing happened. 5. You said if Restore doesn'y help, I go back in and Undo. Is that easy for me to do.

Thanks alot for advice Rachel x

  rachel99 13:07 06 Aug 11

oh & I forgot to say, when I try and use my antivirus ESET, i click on the Indepth analysiss bit, and it doesn't any more do the next bit, where there's another window, and it shows you its whizzing through all the files and things. Maybe thats this ramnit thing doing that? Thanks again Rachel

  rachel99 13:09 06 Aug 11

oh and when I click on my men to load, the little green and blue men start to spin round, then the window disapears off the screen, and it hasnt turned on :(

