Video Screencast Help

help needed - How to remove w32.ramnit!html

Created: 03 Aug 2010 | 6 comments

I've followed the instructions on how to remove this virus from the symantec website, but it still keeps popping up in my auto protect.The website says disable auto update, get the latest virus definitions, and run a scan...but after restart, within a few minutes the auto protect comes on giving a list of files which are infected by this. Please HELP!!!

I am using NAV corporate edition v10

Comments 6 CommentsJump to latest comment

Thomas K's picture

First download the latest rapid release definitions. http://www.symantec.com/business/security_response...

Then boot into safe mode and running a Disk Cleanup (right-click the C drive, Properties, Disk Cleanup) - that will delete all the files that are in these temporary locations, as well as IE's temporary files, etc. Perform a full system scan in safe mode.

If that fails to remove the threat try using the Norton Power Eraser tool.

http://security.symantec.com/nbrt/npe.asp?lcid=103...

Because the Norton Power Eraser uses aggressive methods to detect these threats, there is a risk that it can select some legitimate programs for removal. You should use this tool very carefully, and only after you have exhausted other options.

Please keep us posted on your progress.

Thomas

petercgoh's picture

Thomas,

My company has updated the NAV corp edition to Symantec Endpoint Protection V11.. but the virus stiill showed up...

I did your steps assuming that it will also work the same way, but as soon as i logged on, the virus showed up again. Should i now proceed with the Norton Power Eraser tool? Or are there other ways?

I've attached the typical message i get...

ScreenHunter_01 Aug. 12 08.42.gif
Thomas K's picture

Be sure to disable System Restore -

http://www.symantec.com/security_response/writeup....

Since you are running SEP 11, I would download and run the Power Eraser from the SEP Support Tool.

http://service1.symantec.com/SUPPORT/ent-security....

Check out the video here - https://www-secure.symantec.com/connect/videos/pow...

The Load Point Analysis is another great too for finding threats and is included in the SEP Support download.

http://service1.symantec.com/SUPPORT/ent-security....

petercgoh's picture

All the Power eraser did was to remove several drivers that controled my power management on my thinkpad and my touchpad.. i had to reinstall the drivers... again..

The virus is still there, as the popups still apear...

Thomas K's picture

The Symantec Endpoint Recovery Tool (SERT) is another tool that is offered to SEP users.

SERT is not located on the SEP 11 DVD. Using your product serial number, you can download the tool from FileConnect (https://fileconnect.symantec.com). Please download this Symantec Endpoint Recovery Tool .iso file onto a computer that has a CD burner and is not infected.

http://service1.symantec.com/SUPPORT/ent-security....

Video - https://www-secure.symantec.com/connect/videos/sym...

Thomas

Blake Canaday's picture

I have a client that has this worm on it as well.  Seems there is no solution that will work that is faster than rebuilding the machine.

I am running SEP 11.

~ Blake