I have a Ramnit detection on my Windows 2000 system 'number one'. I have browsed on the internet and this seems to be a very aggressive virus. It seems only reinstalling the OS brings 100% guarantee this virus is gone? I do not have the Windows 2000 CD's. I do have a valid licence, written in a sticker on the mc. I am thinking of getting rid of the total system and installing something like linux, puppy linux on this old computer. Or am I being mysophobic?


This was the message:

C:\program files\Adobe\Acrobat 7.0\Reader\AcroRdIF.dll: Win.Trojan.Ramnit-1485 FOUND

I could remove the named dll, I have uninstalled Acrobat. Presently running a system scan again.


(By the way this is another machine than the one I mention in my previous post, I have two W2000 machines)

Okay I have actually removed the whole W2000 system, and installed Linux.

I am not sure if it was overkill or not, but, it's no longer relevant.

Windows offers lots of opportunities for viruses/malware to install, but for most malware, I don't think there is a need to reinstall the OS. Certainly Linux offers a safer environment, but I think this is primarily due to (1) ability/knowledge of the average Linux user compared to the average Windows user, (2) lack of malware targeting Linux--which equates to the size of the user base, and (3) objectives of the software producers--which equates to marketing (ease of installation/use to appeal to a many eyeballs as possible--which (again) equates to user base.

Below is my specification sheet for malware cleaning on a Windows box:

Malware Cleaning Advice For Windows XP And Newer Computers

Update AV/Windows Patches/Java/Flash/PDF Reader/Uninstall unneeded programs

Perform Scans in Normal Mode:
Scan with updated AV program like Microsoft Security Essentials
Scan With updated Malwarebytes Antimalware
Scan with Malwarebytes Antirootkit (MBAR)
Scan with Bitdefender Bootkit Removal
Scan with updated ClamWin Portable (optional)

Perform Scans In Windows Safe Mode With Networking (repeat F8 during bootup):
Scan with updated AV program (some AVs will not work in Safe Mode)
Scan with updated Malwarebytes Antimalware
Scan with Malwarebytes Antirootkit (MBAR)
Scan with updated ClamWin Portable (optional)

If unable to get into Windows Safe Mode (blocked by malware):
Repeat F8 during bootup
Select Safe Mode With Command Prompt
Type: "control nusrmgr.cpl" (do not use the quotes)
On the User Account Screen select "Manage another account"
On the Manage Account screen click on "Create new account"
Name the account whatever you want and create it--give it admin priviliges
Reboot computer and log into the new account (either in safe mode or normal mode)
The new account will not have any malware-created policies--run normal or Safe Mode scans

Next Step:
Scan With Microsoft Windows Defender Offline Bootable Rescue USB

If Still Infected:
Use Windows System Restore to restore to a point prior to infection
Use your computer manufacturer's recovery image to restore to original state when purchased
Get professional Help if unable to restore

Regards,

Okay thanks. Next time I will follow your instructions.

I ... kinda panicked. I read something like as if this Ramnit virus was the most dangerous virus ever made or something. Is that true? Well I closed the whole system down and changed my passwords with another system and flashed the whole harddrive. Should be effective enough Might have been overkill though.

Most viruses are written now to make money for someone else using your computer, so in my book that makes them all bad! Now and then a virus can slip by any AV program Those programs I mentioned in the removal specifications are good to keep around. ClamWin is only an on-demand scanner that scans on a schedule or when you tell it to. You need a real-time scanner when you are on the world-wide web, and Security Essentials(free from Microsoft) is a pretty good real-time scanner. It does not do well in some tests because Microsoft is more concerned with protecting its users against viruses they might get than protecting a tester against test viruses! Malwarebytes also has an anti-exploit program (Malwarebytes Anti Exploit beta) that provides good protection against exploits from the web.

Regards,