Indeed Ramnit Virus is a very fast virus is transmitted, but nevertheless there must be something terrible weakness .... :)
Here I will explain thoroughly how the virus works ramnit ... once I fix ...
Virus Ramnit .. :
1. Viruses that inject files. Html,. Exe and. Etc.
2. The virus is transmitted through the removable disk (UFD) with a way of copying files. Cpl and. Exe is always growing and changing namanya.Yang exact file is located in the Recycler folder ... and 4 copies of a shortcut file that would run the *. cpl infektor recycler folder contained in the UFD.
3. If the virus has had a computer system infection, the virus will create and run the svchost.exe file that will do various things: a. create a file named: watermark.exe located in the folder: C: \ programfiles \ mikrosoft \ watermark.exe. b. userinit.exe registry change form the run: watermark.exe, so that the virus is permanently controlled system, by infecting files ending in. exe,. dll and. html
4. If in the properties, the UFD will look much used up by files. Cpl and. Exe in the folder recycler.
1. Ramnit virus will create a file the program does not run normally, for example: mozilla firefox, winamp etc.
2. we can not erase existing files watermark.exe difolder c: \ programfiles \ microsoft \ watermark.exe, because the file is locked by svchost.exe files its ramnit virus.
3. when we delete files / folders that exist within the UFD recycler folders, files. cpl and. exe files will appear again .. and continues to write back ...
4. for a particular file system wherewith infected .. for example: explorer.exe will be replaced explorermgr.exe
5. if we clean this virus is not exhaustive (there are not yet cleared), this virus will come back if we run the application (for example: right-click).
How to clean:
1. Prepare cleaner Anti Virus (I use NOD32 Stand alone) in a way> download here <and save it in zip file / RAR for the exe file is not infected with the virus.
2. Save the file on the UFD or copy and paste on computer hard drives that have been infected.
3. Use task manager, select the task / processes tab and end task all the file svchost.exe and also all that can end task (except: task manager)
4. Open the file that has been shaped cleaner NOD32 zip / RAR, using the file open in the task manager.Rubah program options in an open file into allfiles for zip / rar of NOD32 can be seen.
5. after teropen NOD32 with winrar or other application .. please double click *. exe file Nod after the next ... next dipilihan action, the left select Clean and to the right select delete.Lalu run the Scan & Clean
6. after running close / close winrar / applications made to open NOD32 zip / rar.
7. Please be supervised by the task manager if there is a file svchost.exe out / in processes soon appear on the end task ... and as usual when there is no display windows which warned that the computer will shutdown in 60 seconds / 1 minute .... please type in the file menu open / run: shutdown-a meaning-a is the shutdown command to cancel the action ...
8. Warning !!!!! , While NOD 32 clean up the files on your computer, not to open / run any file ... because let alone run the exe file, right click aja we have means to run a virus / its svchost.exe Virus Ramnit.
9. Remember ... we need to watch is: turn off / end task svchost.exe file for nod32 clean up the files on your computer ... ..
Anticipation Virus RAmnit:
To maintain similar virus ramnit for not returning to our computer infections ... here I include a variety of tricks ... including:
1. Turn off windows autorun.inf can be a variety of ways: by using gpedit.msc>> administrative templates>> turn off auto play>> enable>> alldrive, or use regedit please read: so that the virus does not enter through the flash disk
2. Change the number of file extensions that could potentially be used by the virus with the file associations (for example: assoc. Vbs = txtfile) ramnit virus is mainly for the extension. Cpl
3. Always remove recycler folder within the UFD, if there can be no possibility of a computer is infected with Virus ...
4. And delete by using the mini-windows Xp (Hiren boot CD) or Linux-based systems, and recycler folders in the folder _restore systeminformation
5. Install Anti-virus with the latest database update anti-Viru ... and try the updated database .. either online ataupu offline .. :)