Ramnit botnet shut down

Toggle sidebar Toggle sidebar
corkyg

corkyg

Elite Member | Peripherals
Super Moderator
Mar 4, 2000
27,370
239
106
Good tip Kaido. Any idea as to infection sources?
 
Kaido

Kaido

Elite Member & Kitchen Overlord
Feb 14, 2004
51,057
6,933
136
corkyg said:
Good tip Kaido. Any idea as to infection sources?
Click to expand...

Typically either email attachments & infected websites that prompt you to download something, the usual attack vectors.

imo most people should just have Chromebooks. No risk of Cryptolocker, Botnets, and so on, even if they're not as diligent as they should be. That, and 2-factor authentication on Gmail. At the very least, their computer & email account would be pretty much 100% bulletproof in terms of protection.
 
VirtualLarry

VirtualLarry

No Lifer
Aug 25, 2001
56,579
10,215
126
Kaido said:
Removal tool here:

http://windows.microsoft.com/en-us/windows/detect-remove-ramnit-virus

Sneaky one. It loads into RAM at boot & reinstalls itself if you try to get rid of it.
Click to expand...

I downloaded the MS Safety Scanner tool, msert.exe, from that link, and when I went to run it, it said "Unknown publisher", and that it didn't have a valid security certificate!

WTF?

MS doesn't digitally sign their security tools? Or is my internet connection being MITMed?

Anyone else seeing this?

Edit: I would appreciate other people downloading the tool, and attempting to run it, and tell me if their copy is digitally signed by Microsoft Corporation, or unsigned ("unknown publisher"). I downloaded it via the "select your version" link, then clicked "64-bit" to the pop-up frame that appeared.

Edit: I downloaded it again. Both times, Waterfox said it was 127MB, but msert (unsigned) was only 1MB on-disk. Doing a FC /B resulted in not only the real msert (127MB, signed by MS) being longer, but also a range of different bytes that showed up. Very suspicious.
 
Last edited:
Chiefcrowe

Chiefcrowe

Diamond Member
Sep 15, 2008
5,056
199
116
Just tried to open that tool to see and it is signed by Microsoft here, certificate expiring in July.
 
corkyg

corkyg

Elite Member | Peripherals
Super Moderator
Mar 4, 2000
27,370
239
106
My first line of defense is to screen all email at the POP using Mailwasher Pro. I routinely delete all unwanted mail at the pop box without ever downloading it. Saves a lot of grief!
 
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom