We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
Contact Forum Editor

Send an email to our Forum Editor:


PLEASE NOTE: Your name is used only to let the Forum Editor know who sent the message. Both your name and email address will not be used for any other purpose.

Tech Helproom


It's free to register, to post a question or to start / join a discussion


 

Can I get rid of RAMNIT virus on my pc


rachel99

Likes # 0

Hi. I seem to have picked up a virus called Ramnit on my WindowsXP pc. I googled it & asked a friend....My pc antivirus is normally pretty good, but each time I log on the Threat window comes on...it says.... Threat - Win32/Ramnit.L virus "Event occured on a new file created by the application" & The application always has"ciepjdbhopiqmvyd.exe" in it, & the file always has the same sequence of letters before the .sys bit. I did a search on my Start menu bit, & found a few PF files in Windows/Prefetch, & a few Applications in the C drive section too. These files & Apps all have the letter sequencethings like above.

Should I keep trying my antivirus & see what it does, Can I delete the files or applications? Any advice would be nice of you. Thank you x

Like this post
Secret-Squirrel

Likes # 0

@rachel

1) The second user account is irrelevant so you can still do a restore.

2) I meant for you to use XP's "Shutdown" command which of course turns the PC off. To restart it you'll need to switch it back on. Once you've done that you've only got a few seconds to start tapping away at that F8 key. So, "immediately" means "as fast as you can". I can't tell you how many times you'll need to do it - it depends on on fast you're tapping and the performance of your PC. You'll soon know when to stop tapping as you'll see that black screen with white text I mentioned.

3) Yes, ten days or thereabouts sounds good to me. The reason I said don't go too far back is that some folks decide to go back several months and that'll undo too many changes.

4) Yes, that's what System Restore does - it'll (hopefully) put Windows XP back to how it was before the infection took hold. It doesn't however affect any documents, photos, music, or other personal files.

5) Like I suggested earlier, if you go back in to System Restore there'll be an option that says "Undo the last restore" - so yes, it is easy.

Safe Mode and System Restore are both very common and safe ways of fixing problems so please try not to worry :)

PS: If you're unable or unwilling to get into Safe Mode then by all means try the System Restore without going through all that faff. However, you'll stand a much better chance of success in Safe Mode as it's unlikely the infection will active and so unable to prevent System Restore from working.

Like this post
rachel99

Likes # 0

thanks again! I'll take a deep breath & try that in a few minutes I think. So I understand now i think - the System Restore (done in Safemode as best that way) takes the windowsXP back to how it was say 2 weeks ago when it was nice & happy....& it only does that to the Xp thing that affects how well everything works?

So any infected files etc will still be infected I think then? there are some different file names that have been made by an Application - so it says on the Threat window that pops up - "event occured on new file created by the application" - & the Apps. ALL have the same bunch of 16 or so letters followed by .exe. There are now several Apps. (I put the 16orso letters in the search thingy) ALL with the same 16letters then .exe. .......so can I delete those as are they making the new files ?

But anyway I will now try the System Restore thing thanks again Rachel x

Like this post
rachel99

Likes # 0

hi didn't work as I hoped! selected Safe Mode as prompted, & the pc started to Reboot like it would normally, but then it went on a white onblack screen - it said apologise for incoinvenience but Windows did NOT start successfully.... then gave me options of Safe mode, or safemode with Networks, or safemode with Command prompt, ot last known good configuration, or Start Windows normally.....so i took the start windows normally option. I think that means my pc is not in the safe mode still, so not sure if i should system restore if thats the case. thanks again...sorry about this. Rachel

Like this post
Secret-Squirrel

Likes # 0

Don't worry about Safe Mode for now and try System Restore in whatever mode you're in - it'll either work or you'll get an "unsuccessful" message - if it's the latter then no changes will be made to the PC so it's unlikely to break anything.

Like this post
rachel99

Likes # 0

Hi Have tried the System Restore (not in safemode as it would not "load" the safemode up successfully. Went back about 10 days, but when my pc rebooted after this, it said system restore incomplete. I tried another date & that said the same too. So maybe the virus is stopping the restoration?I have tried a few times to do an indepth analysis thing with my ESET antivirus...but nothing happens at all when I click on it to do that. No idea what to try now as the system restore doesn't seem to work :( thanks

Like this post
buteman

Likes # 0

If you are using Internet explorer try Tools.Internet Options.Connections.Lan settings.And If Proxy Server is ticked untick it and try System Restore again.

Also try updating all of your security programs and running them before the system restore but only if the proxy server was ticked and you unticked it.

You could try this but I don't hold out a lot of hope.

  1. Turn off computer ,then turn on and start tapping F8
  2. When the Advanced startup options appear Select Safe mode With Networking
  3. Open internet explorer goto google.com ,download Hitman pro "32-bit or 64-bit depending on your Os"
  4. Run Hitman pro ,let this scan the computer
  5. Activate Free Licence
  6. Reboot Pc
Like this post
johndrew

Likes # 1

Apparently MS Security Essentials and/or the Safety Scanner (scroll to the bottom of the page) will remove this.

The MS Malicious Software Removal Tool may also assist.

However, my preference would be to use the AVG Rescue CD as it is free standing, free and simple to use. It does take a bit of time to run, but after booting from it and enabling the task you simply go and put the kettle on.

Like this post
johndrew

Likes # 0

You may also find this link of interest link text

Like this post
buteman

Likes # 0

Safe mode with networking or just plain safe mode would have done.

If you are going to use HitmanPro it would need to be safe mode with networking.

If it is a laptop you are using you should have the option of putting it back to Factory settings but you would loose whatever you have downloaded on to the laptop.

That would be tapping F10 or F11 as the laptop starts.

If a tower that would not work unless they gave you restore CD's when the computer was bought.

There should be others on here today who might be able to help but maybe better trying the Malware Removal Forum that I posted earlier.

It was almost impossible to get on here yesterday because of problems with the PCA Forum.

If you decide to try the other Forum let us know how you get on.

Like this post

Reply to this topic

This thread has been locked.



IDG UK Sites

Best Christmas 2014 UK tech deals, Boxing Day 2014 UK tech deals & January sales 2015 UK tech...

IDG UK Sites

LED vs Halogen: Why now could be the right time to invest in LED bulbs

IDG UK Sites

Christmas' best ads: See great festive spots studios have created to promote themselves and clients

IDG UK Sites

Ultimate iOS 8 Tips: 35 awesome and advanced tips for using iOS 8 on iPhone and iPad