Win32/RAMNIT.A Anyone?
in [Viruses]
|
From: John Navas on 10 Aug 2010 20:55 On Tue, 10 Aug 2010 20:44:55 -0400, in <i3srqb$fkc$1(a)news.eternal-september.org>, "FromTheRafters" <erratic(a)nomail.afraid.org> wrote: >"John Navas" <spamfilter1(a)navasgroup.com> wrote in message >news:3dp2669is92a9f58ai7nih728pi8164jpf(a)4ax.com... >> On Tue, 10 Aug 2010 07:45:46 -0400, in >> <i3re5e$jkc$1(a)news.eternal-september.org>, "FromTheRafters" >> <erratic(a)nomail.afraid.org> wrote: >> >>>"John Navas" <spamfilter1(a)navasgroup.com> wrote in message >>>news:utd1665r4ab04coghfdir9rsn06cc3f5m8(a)4ax.com... >>>> On Mon, 9 Aug 2010 20:39:32 -0400, in >>>> <i3q747$ago$1(a)news.eternal-september.org>, "FromTheRafters" >>>> <erratic(a)nomail.afraid.org> wrote: >>>> >>>>>"John Navas" <spamfilter1(a)navasgroup.com> wrote in message >>>>>news:8a5166l8harrijvc3lh42u24s9h0b8r01h(a)4ax.com... >>>> >>>>>> I thought "this class of virus" would be specific enough, >>>>>> but you're right that I should have been clearer, >>>>>> and I thank you for the clarification. >>>>> >>>>>Just curious, what did you mean by 'this class of virus' and the >>>>>infection of possibly needed executables? >>>> >>>> I meant the class of virus that implants its own executable files, >>>> and protects them from most methods of removal. Sorry for not being >>>> more clear. >>> >>>That's okay. You are correct that self-contained replicator files can >>>be >>>deleted outright - there is nothing there that needs to be salvaged, >>>but >>>Ramnit.a actually modifies (infects/trojanizes) preexisting program >>>files (although not with a replicant). >> >> That depends on the actual problem, what the anti-virus system is or >> is >> not able to remove and disinfect on its own. According to this >> report: >> <http://www.threatexpert.com/report.aspx?md5=074a688443faea25c2589975069de044> >> Win32/RAMNIT.A modifies few essential executables. My own experience >> with Microsoft Security Essentials (cf OP) is that only non-essential >> files are missed in this case. Do you have experience to the >> contrary? > >No, but I think I understand what you are saying now. I understood what I was saying in the first post, thank you very much. -- John "Never argue with an idiot. He'll drag you down to his level and then beat you with experience." -Dr. Alan Zimmerman
From: FromTheRafters on 11 Aug 2010 07:13 "John Navas" <spamfilter1(a)navasgroup.com> wrote in message news:j7t3665drnnvo6j1epdv7an546mbcs7d8u(a)4ax.com... > On Tue, 10 Aug 2010 20:44:55 -0400, in > <i3srqb$fkc$1(a)news.eternal-september.org>, "FromTheRafters" > <erratic(a)nomail.afraid.org> wrote: > >>"John Navas" <spamfilter1(a)navasgroup.com> wrote in message >>news:3dp2669is92a9f58ai7nih728pi8164jpf(a)4ax.com... >>> On Tue, 10 Aug 2010 07:45:46 -0400, in >>> <i3re5e$jkc$1(a)news.eternal-september.org>, "FromTheRafters" >>> <erratic(a)nomail.afraid.org> wrote: >>> >>>>"John Navas" <spamfilter1(a)navasgroup.com> wrote in message >>>>news:utd1665r4ab04coghfdir9rsn06cc3f5m8(a)4ax.com... >>>>> On Mon, 9 Aug 2010 20:39:32 -0400, in >>>>> <i3q747$ago$1(a)news.eternal-september.org>, "FromTheRafters" >>>>> <erratic(a)nomail.afraid.org> wrote: >>>>> >>>>>>"John Navas" <spamfilter1(a)navasgroup.com> wrote in message >>>>>>news:8a5166l8harrijvc3lh42u24s9h0b8r01h(a)4ax.com... >>>>> >>>>>>> I thought "this class of virus" would be specific enough, >>>>>>> but you're right that I should have been clearer, >>>>>>> and I thank you for the clarification. >>>>>> >>>>>>Just curious, what did you mean by 'this class of virus' and the >>>>>>infection of possibly needed executables? >>>>> >>>>> I meant the class of virus that implants its own executable files, >>>>> and protects them from most methods of removal. Sorry for not >>>>> being >>>>> more clear. >>>> >>>>That's okay. You are correct that self-contained replicator files >>>>can >>>>be >>>>deleted outright - there is nothing there that needs to be salvaged, >>>>but >>>>Ramnit.a actually modifies (infects/trojanizes) preexisting program >>>>files (although not with a replicant). >>> >>> That depends on the actual problem, what the anti-virus system is or >>> is >>> not able to remove and disinfect on its own. According to this >>> report: >>> <http://www.threatexpert.com/report.aspx?md5=074a688443faea25c2589975069de044> >>> Win32/RAMNIT.A modifies few essential executables. My own >>> experience >>> with Microsoft Security Essentials (cf OP) is that only >>> non-essential >>> files are missed in this case. Do you have experience to the >>> contrary? >> >>No, but I think I understand what you are saying now. > > I understood what I was saying in the first post, thank you very much. Oh, that's rich. The old "I knew what I meant". Unfortunately, some users might consider some non-essential files as needed files and they don't always have backups of them. Your stated method does nothing to retain or recover them.
From: John Navas on 11 Aug 2010 10:51 On Wed, 11 Aug 2010 07:13:33 -0400, in <i3u0l1$eel$1(a)news.eternal-september.org>, "FromTheRafters" <erratic(a)nomail.afraid.org> wrote: >"John Navas" <spamfilter1(a)navasgroup.com> wrote in message >news:j7t3665drnnvo6j1epdv7an546mbcs7d8u(a)4ax.com... >> On Tue, 10 Aug 2010 20:44:55 -0400, in >> <i3srqb$fkc$1(a)news.eternal-september.org>, "FromTheRafters" >> <erratic(a)nomail.afraid.org> wrote: >> >>>"John Navas" <spamfilter1(a)navasgroup.com> wrote in message >>>news:3dp2669is92a9f58ai7nih728pi8164jpf(a)4ax.com... >>>> On Tue, 10 Aug 2010 07:45:46 -0400, in >>>> <i3re5e$jkc$1(a)news.eternal-september.org>, "FromTheRafters" >>>> <erratic(a)nomail.afraid.org> wrote: >>>> >>>>>"John Navas" <spamfilter1(a)navasgroup.com> wrote in message >>>>>news:utd1665r4ab04coghfdir9rsn06cc3f5m8(a)4ax.com... >>>>>> On Mon, 9 Aug 2010 20:39:32 -0400, in >>>>>> <i3q747$ago$1(a)news.eternal-september.org>, "FromTheRafters" >>>>>> <erratic(a)nomail.afraid.org> wrote: >>>>>> >>>>>>>"John Navas" <spamfilter1(a)navasgroup.com> wrote in message >>>>>>>news:8a5166l8harrijvc3lh42u24s9h0b8r01h(a)4ax.com... >>>>>> >>>>>>>> I thought "this class of virus" would be specific enough, >>>>>>>> but you're right that I should have been clearer, >>>>>>>> and I thank you for the clarification. >>>>>>> >>>>>>>Just curious, what did you mean by 'this class of virus' and the >>>>>>>infection of possibly needed executables? >>>>>> >>>>>> I meant the class of virus that implants its own executable files, >>>>>> and protects them from most methods of removal. Sorry for not >>>>>> being >>>>>> more clear. >>>>> >>>>>That's okay. You are correct that self-contained replicator files >>>>>can >>>>>be >>>>>deleted outright - there is nothing there that needs to be salvaged, >>>>>but >>>>>Ramnit.a actually modifies (infects/trojanizes) preexisting program >>>>>files (although not with a replicant). >>>> >>>> That depends on the actual problem, what the anti-virus system is or >>>> is >>>> not able to remove and disinfect on its own. According to this >>>> report: >>>> <http://www.threatexpert.com/report.aspx?md5=074a688443faea25c2589975069de044> >>>> Win32/RAMNIT.A modifies few essential executables. My own >>>> experience >>>> with Microsoft Security Essentials (cf OP) is that only >>>> non-essential >>>> files are missed in this case. Do you have experience to the >>>> contrary? >>> >>>No, but I think I understand what you are saying now. >> >> I understood what I was saying in the first post, thank you very much. > >Oh, that's rich. The old "I knew what I meant". > >Unfortunately, some users might consider some non-essential files as >needed files and they don't always have backups of them. Your stated >method does nothing to retain or recover them. Are you rude by nature, or do you have to work at it? -- John "Never argue with an idiot. He'll drag you down to his level and then beat you with experience." -Dr. Alan Zimmerman
From: FromTheRafters on 11 Aug 2010 12:04 "John Navas" <spamfilter1(a)navasgroup.com> wrote in message news:v5e566tpfo771brf2g3tnvpfgv8hqiv5ma(a)4ax.com... > On Wed, 11 Aug 2010 07:13:33 -0400, in > <i3u0l1$eel$1(a)news.eternal-september.org>, "FromTheRafters" > <erratic(a)nomail.afraid.org> wrote: > >>"John Navas" <spamfilter1(a)navasgroup.com> wrote in message >>news:j7t3665drnnvo6j1epdv7an546mbcs7d8u(a)4ax.com... >>> On Tue, 10 Aug 2010 20:44:55 -0400, in >>> <i3srqb$fkc$1(a)news.eternal-september.org>, "FromTheRafters" >>> <erratic(a)nomail.afraid.org> wrote: >>> >>>>"John Navas" <spamfilter1(a)navasgroup.com> wrote in message >>>>news:3dp2669is92a9f58ai7nih728pi8164jpf(a)4ax.com... >>>>> On Tue, 10 Aug 2010 07:45:46 -0400, in >>>>> <i3re5e$jkc$1(a)news.eternal-september.org>, "FromTheRafters" >>>>> <erratic(a)nomail.afraid.org> wrote: >>>>> >>>>>>"John Navas" <spamfilter1(a)navasgroup.com> wrote in message >>>>>>news:utd1665r4ab04coghfdir9rsn06cc3f5m8(a)4ax.com... >>>>>>> On Mon, 9 Aug 2010 20:39:32 -0400, in >>>>>>> <i3q747$ago$1(a)news.eternal-september.org>, "FromTheRafters" >>>>>>> <erratic(a)nomail.afraid.org> wrote: >>>>>>> >>>>>>>>"John Navas" <spamfilter1(a)navasgroup.com> wrote in message >>>>>>>>news:8a5166l8harrijvc3lh42u24s9h0b8r01h(a)4ax.com... >>>>>>> >>>>>>>>> I thought "this class of virus" would be specific enough, >>>>>>>>> but you're right that I should have been clearer, >>>>>>>>> and I thank you for the clarification. >>>>>>>> >>>>>>>>Just curious, what did you mean by 'this class of virus' and the >>>>>>>>infection of possibly needed executables? >>>>>>> >>>>>>> I meant the class of virus that implants its own executable >>>>>>> files, >>>>>>> and protects them from most methods of removal. Sorry for not >>>>>>> being >>>>>>> more clear. >>>>>> >>>>>>That's okay. You are correct that self-contained replicator files >>>>>>can >>>>>>be >>>>>>deleted outright - there is nothing there that needs to be >>>>>>salvaged, >>>>>>but >>>>>>Ramnit.a actually modifies (infects/trojanizes) preexisting >>>>>>program >>>>>>files (although not with a replicant). >>>>> >>>>> That depends on the actual problem, what the anti-virus system is >>>>> or >>>>> is >>>>> not able to remove and disinfect on its own. According to this >>>>> report: >>>>> <http://www.threatexpert.com/report.aspx?md5=074a688443faea25c2589975069de044> >>>>> Win32/RAMNIT.A modifies few essential executables. My own >>>>> experience >>>>> with Microsoft Security Essentials (cf OP) is that only >>>>> non-essential >>>>> files are missed in this case. Do you have experience to the >>>>> contrary? >>>> >>>>No, but I think I understand what you are saying now. >>> >>> I understood what I was saying in the first post, thank you very >>> much. >> >>Oh, that's rich. The old "I knew what I meant". >> >>Unfortunately, some users might consider some non-essential files as >>needed files and they don't always have backups of them. Your stated >>method does nothing to retain or recover them. > > Are you rude by nature, or do you have to work at it? I took the statement "I understood what I was saying in the first post, thank you very much." as rude and responded in kind. Good bye.
From: John Navas on 11 Aug 2010 12:27
On Wed, 11 Aug 2010 12:04:27 -0400, in <i3uhme$qrv$1(a)news.eternal-september.org>, "FromTheRafters" <erratic(a)nomail.afraid.org> wrote: >"John Navas" <spamfilter1(a)navasgroup.com> wrote in message >news:v5e566tpfo771brf2g3tnvpfgv8hqiv5ma(a)4ax.com... >> On Wed, 11 Aug 2010 07:13:33 -0400, in >> <i3u0l1$eel$1(a)news.eternal-september.org>, "FromTheRafters" >> <erratic(a)nomail.afraid.org> wrote: >> >>>"John Navas" <spamfilter1(a)navasgroup.com> wrote in message >>>news:j7t3665drnnvo6j1epdv7an546mbcs7d8u(a)4ax.com... >>>> On Tue, 10 Aug 2010 20:44:55 -0400, in >>>> <i3srqb$fkc$1(a)news.eternal-september.org>, "FromTheRafters" >>>> <erratic(a)nomail.afraid.org> wrote: >>>> >>>>>"John Navas" <spamfilter1(a)navasgroup.com> wrote in message >>>>>news:3dp2669is92a9f58ai7nih728pi8164jpf(a)4ax.com... >>>>>> On Tue, 10 Aug 2010 07:45:46 -0400, in >>>>>> <i3re5e$jkc$1(a)news.eternal-september.org>, "FromTheRafters" >>>>>> <erratic(a)nomail.afraid.org> wrote: >>>>>> >>>>>>>"John Navas" <spamfilter1(a)navasgroup.com> wrote in message >>>>>>>news:utd1665r4ab04coghfdir9rsn06cc3f5m8(a)4ax.com... >>>>>>>> On Mon, 9 Aug 2010 20:39:32 -0400, in >>>>>>>> <i3q747$ago$1(a)news.eternal-september.org>, "FromTheRafters" >>>>>>>> <erratic(a)nomail.afraid.org> wrote: >>>>>>>> >>>>>>>>>"John Navas" <spamfilter1(a)navasgroup.com> wrote in message >>>>>>>>>news:8a5166l8harrijvc3lh42u24s9h0b8r01h(a)4ax.com... >>>>>>>> >>>>>>>>>> I thought "this class of virus" would be specific enough, >>>>>>>>>> but you're right that I should have been clearer, >>>>>>>>>> and I thank you for the clarification. >>>>>>>>> >>>>>>>>>Just curious, what did you mean by 'this class of virus' and the >>>>>>>>>infection of possibly needed executables? >>>>>>>> >>>>>>>> I meant the class of virus that implants its own executable >>>>>>>> files, >>>>>>>> and protects them from most methods of removal. Sorry for not >>>>>>>> being >>>>>>>> more clear. >>>>>>> >>>>>>>That's okay. You are correct that self-contained replicator files >>>>>>>can >>>>>>>be >>>>>>>deleted outright - there is nothing there that needs to be >>>>>>>salvaged, >>>>>>>but >>>>>>>Ramnit.a actually modifies (infects/trojanizes) preexisting >>>>>>>program >>>>>>>files (although not with a replicant). >>>>>> >>>>>> That depends on the actual problem, what the anti-virus system is >>>>>> or >>>>>> is >>>>>> not able to remove and disinfect on its own. According to this >>>>>> report: >>>>>> <http://www.threatexpert.com/report.aspx?md5=074a688443faea25c2589975069de044> >>>>>> Win32/RAMNIT.A modifies few essential executables. My own >>>>>> experience >>>>>> with Microsoft Security Essentials (cf OP) is that only >>>>>> non-essential >>>>>> files are missed in this case. Do you have experience to the >>>>>> contrary? >>>>> >>>>>No, but I think I understand what you are saying now. >>>> >>>> I understood what I was saying in the first post, thank you very >>>> much. >>> >>>Oh, that's rich. The old "I knew what I meant". >>> >>>Unfortunately, some users might consider some non-essential files as >>>needed files and they don't always have backups of them. Your stated >>>method does nothing to retain or recover them. >> >> Are you rude by nature, or do you have to work at it? > >I took the statement "I understood what I was saying in the first post, >thank you very much." as rude and responded in kind. When you treat someone with discourtesy, it's a bit disingenuous to complain about some mild pushback. >Good bye. Good bye to you too. -- John "Never argue with an idiot. He'll drag you down to his level and then beat you with experience." -Dr. Alan Zimmerman |