How to clean W32/Ramnit (Win32.Siggen.8)

As explained in the previous article, that this virus will inject a file that has the extension EXE, DLL and HTM / HTML either program files or Windows system files, therefore it should be cleaning done on DOS mode. To facilitate cleaning please use the Windows Live CD Mini PE (please search on the Internet). Then download the tools Dr.Web CureIt! at the following address, and should be done on a computer that is not infected with a virus. In order for tools Dr.Web CureIt! not infected, preferably in ZIP and password.

Please download Dr.Web CureIt! at the following address : 

http://www.freedrweb.com/cureit/?lng=en

1. Ooptimal so that cleaning can be done, you should scan all HDD including USB flash and external HDD, this is because the virus is akaan drop some files on a USB flash or external HDD. 

2. Before doing the cleaning should block viral duplicate files by using the "Software Restriction Policies". This feature is only applicable for the operating system Windows XP Pro, Vista, 7, Server 2003 and Server 2008 in the following manner:

• Click the [Start]
• Click [Run]
• In the RUN dialog box, type the SECPOL.MSC then click the [OK]
• After the screen appears "Local Security Policy", right click menu [Software Restriction Policies "and click on" Create New Policies "or" New Software Restriction Policies "if using Windows Vista / 7
• Then right click on the menu "Additional Rules", then select "New Hash Rule ..." (see figure)

Block virus file

• Then the screen will display "New Hash Rule". In the "File Hash", click the [Browse] and select one of the viruses that have a duplicate file icon "Folder" with a size of 105 KB (example C: \ Windows \ Explorermgr.exe) then click the [Open]. In the "Security Level", select [Disallowed]. Then click the [OK] (see figure)

Which will determine the virus file in blocks

3. Connect the USB flash and external HDD to computers

Use the Dr. Web Live CD to eradicate this virus completely. Please download the software the address below:

http://www.freedrweb.com/livecd/?lng=en

IMPORTANT!!!

You are advised to always download Dr Web Live CD new each time you want to use to clean up and eradicate the virus. If you are using DR's old Live CD, then the virus definitions contained in the CD will follow the last time you downloaded the Dr. Web Live CD.  

• After the software is successfully downloaded Dr.Web LiveCD, burn into CD / DVD
• Connect the USB flash and external HDD to computers
• Boot the computer through CD / DVD ROM
• Then the screen will display "Welcome to Dr.Web LiveCD" (see figure 20)

Figure 20, Dr.Web LiveCD boot option

• Select "Dr.Web LiveCD (Default)" and then press "Enter" on the keyboard
• Wait a few moments to appear Dr.Web LiveCD interface that will display the application "Dr.Web Scanner" automatically. Dr.Web Scanner is working to conduct an examination of your computer from a possible virus (see Figure 21)

Figure 21, Dr.Web LiveCD 

• Scan to HDD, the screen "Dr.Web Scanner" select the location that will drive in the check list and make sure you check the option "Scan subdirectories" that Dr.Web can conduct an examination of directories and subdirectories for optimal cleaning. If the screen does not appear Dr.Web Scanner double click the icon "Dr.Web Scanner" found on the Desktop.
• Then click the [Start] button to start the examination process (scan)
• Wait a few moments until the scan is completed. If you find any viruses, Dr.Web will inform the infected file and the type of virus that infects the virus information is available column.
• Click the [Select All] to select all the objects / files to be in the clear or you can specify which files would you clean it with a check list on the options available
• then click the [Cure] to clean up files that have been infected with virus
• Wait until the cleaning process is completed
• Scan the computer to ensure your computer clean of viruses
• Restart the computer.

Author : Yohanes Gitoyo.