How to remove virus W32/Ramnit

One more line of recalcitrant virus latest version, a new virus variant is similar Sality obstinate, his name W32/Ramnit.

This morning one of the computers in the office and the new weird virus in my opinion, almost similar to the virus but more powerful shortcut. This virus belonged to the trojan / backdoor, it will be active if the target computer connected to the Internet and one of weapon. dangerous and nauseating computer users to download other viruses, "
Viruses have also downloaded the names and sizes vary so complicate anti-virus program for detection and cleaning your computer
From my studies after recovering office computer. Dr.Web Cure It is in the package Hiren's BootCD 13.0 and there was still some virus files on my flash, I try to analyze this virus:
First is the emergence of the Internet Explorer pop-up broser containing an offer or advertisement of investment, games and promotional programs. The second symptom is the change icon removable media (USB Flash, External HDD, and the like) into a folder icon. When a user accessible USB flash will get a warning "Access Denied". In addition it appears also the message "compressed zip folders" when USB flash access. Another symptom is the appearance of many files with the file name "Copy of Shortcut to (1). Lnk" s / d "Copy of Shortcut to (4). Lnk" in the USB Flash, this is very disturbing at all, but the virus is still not able to penetrate Folder protection with Unicode Characters I Made Unique.

USB Flash used this virus as a medium for spreading itself by using the autorun feature of Windows. For bodies active virus can be automated, W32/Ramnit also create the file autorun.inf and 4 (four) other shortcut files with the name "Copy of Shortcut to (1). Lnk" s / d "Copy of Shortcut to (4). lnk ".

After W32/Ramnit successfully infects a computer it will also mengifeksi file [C: \ Windows \ Explorer.exe and C: \ Windows \ System32 \ Winlogon]. After successfully carry out the action, this virus will call the other parent files assigned to be active in memory. To trick the user he will then call the application [C: \ Program files \ Internet Explorer \ Iexplore.exe].

Spend bandwidth and virtual memory
If the computer suddenly show information "Virtual Memory Minimum Too Low" while you're not doing anything so beware. Because the virus will always do an internet connection and call the website constantly with different content. Connection is done continuously resulted in a slow computer at the time of use. In some cases the virus can also cause the "Virtual Memory Minimum Too Low" It's very frustrating because our memory is full of unnecessary files from the file the virus.

How to Clean W32/Ramnit?
Because W32/Ramnit attack EXE files, DLLs and HTM / HTML, the best healing method is through DOS mode. Tools like Hiren's BootCD 13.0 is combined with an antivirus program Dr Web Cure It is a combination of the most effective when cleaning virus this Ramnit
The following are detailed steps to clean the virus Ramnit
Hopefully helpful

Read More …

How do I clean the virus sality?

A few days ago I again troubled by a virus which is already in circulation long enough, I can only detect Antivirus without being able to eliminate the virus.

The virus is often detected by antivirus software by name or W32Sality.AE Sality this is that many viruses are spread through a network that uses windows default share folder or share with full access.

Sality virus will attack and inject a lot of files ending in *. exe, disable the task manager, disable Regedit and make your windows can not run in safe mode. And worse, this Sality able to destroy some files ending in *. exe to not be used again.

To remove it automatically, you can update the antivirus software you use and do scanning and repair thoroughly. But if your antivirus does not solve this sality virus attack, then you can delete it manually. How to eradicate the virus W32Sality.AE or more often known by the name of this sality virus manually from your computer? The following I describe how to clean removes virus

1. Disconnect your computer from the network both LAN and internet.
2. Turn off system restore feature you during the process of cleaning the virus sality
3. Download Sality Repair here
4. Extract the file and right click the file SalityRepair repair.inf then right click and click Install
5. Turn off all active applications and are you open
6. Download Norman Malware Cleaner here or download directly here
7. Norman Malware Cleaner Change the extension from. Exe to. Cmd for application Norman Malware Cleaner is not infected by the virus sality
8. Make use Norman Malware scanning Cleaner.cmd (extension. Exe is your change to. Cmd)
9. Restart your computer after the cleaning process is complete
10. Download FixReg here
11. Extrack FixReg.rar and run the registry that is in the folder FixReg
according to the windows that you use.
12. Restart your computer.
13. Check task manager regedit and forth to make sure your computer has been recovered. You can also scan in safe mode to make sure your computer is correct - really clean from the virus sality.

Actually, almost all antivirus can detect and eradicate this virus sality. You can update your antivirus and do the scanning and repair with antivirus you use. If your antivirus was not able membasminya, then tips it manually eradicate the virus sality above could be a powerful solution free from attack W32Sality.AE

Read More …