cancel
Showing results for 
Search instead for 
Did you mean: 

help needed - How to remove w32.ramnit!html

petercgoh
Level 2

I've followed the instructions on how to remove this virus from the symantec website, but it still keeps popping up in my auto protect.The website says disable auto update, get the latest virus definitions, and run a scan...but after restart, within a few minutes the auto protect comes on giving a list of files which are infected by this. Please HELP!!!

I am using NAV corporate edition v10

6 REPLIES 6

Thomas_K
Level 6

First download the latest rapid release definitions. http://www.symantec.com/business/security_response/definitions/download/detail.jsp?gid=rr

Then boot into safe mode and running a Disk Cleanup (right-click the C drive, Properties, Disk Cleanup) - that will delete all the files that are in these temporary locations, as well as IE's temporary files, etc. Perform a full system scan in safe mode.


If that fails to remove the threat try using the Norton Power Eraser tool.

http://security.symantec.com/nbrt/npe.asp?lcid=1033&origin=default

Because the Norton Power Eraser uses aggressive methods to detect these threats, there is a risk that it can select some legitimate programs for removal. You should use this tool very carefully, and only after you have exhausted other options.

Please keep us posted on your progress.

Thomas

petercgoh
Level 2
Thomas,

My company has updated the NAV corp edition to Symantec Endpoint Protection V11.. but the virus stiill showed up...

I did your steps assuming that it will also work the same way, but as soon as i logged on, the virus showed up again. Should i now proceed with the Norton Power Eraser tool? Or are there other ways?

I've attached the typical message i get...

Thomas_K
Level 6
Be sure to disable System Restore -

http://www.symantec.com/security_response/writeup.jsp?docid=2010-012006-3513-99&tabid=3

Since you are running SEP 11, I would download and run the Power Eraser from the SEP Support Tool.

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008071709480648

Check out the video here - https://www-secure.symantec.com/connect/videos/power-eraser-overview

The Load Point Analysis is another great too for finding threats and is included in the SEP Support download.

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2009092215125548


petercgoh
Level 2
All the Power eraser did was to remove several drivers that controled my power management on my thinkpad and my touchpad.. i had to reinstall the drivers... again..

The virus is still there, as the popups still apear...

Thomas_K
Level 6

The Symantec Endpoint Recovery Tool (SERT) is another tool that is offered to SEP users.

SERT is not located on the SEP 11 DVD. Using your product serial number, you can download the tool from FileConnect (https://fileconnect.symantec.com). Please download this Symantec Endpoint Recovery Tool .iso file onto a computer that has a CD burner and is not infected.

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2010041515464348

Video - https://www-secure.symantec.com/connect/videos/symantec-endpoint-recovery-tool-sert



Thomas

Blake_Canaday
Not applicable

I have a client that has this worm on it as well.  Seems there is no solution that will work that is faster than rebuilding the machine.

I am running SEP 11.

~ Blake