Methods of checking and killing windows 2008 R2 infected with Ramit.x virus 01/16 Update SLTechnology News&Howtos

Methods of checking and killing windows 2008 R2 infected with Ramit.x virus

2025-01-16 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >

Shulou(Shulou.com)06/03 Report--

One day, I suddenly found a special card on the Internet. I looked at the exit firewall log and found that a server was desperately sending packets, which led to network congestion. I logged on to the target server to check, and found all kinds of strange processes and services that started automatically. I immediately unplugged the network cable and killed the virus.

Note: do not restart to enter the normal boot mode at this time, otherwise the virus will mercilessly wreak havoc on your system, and after rebooting the system, you will find that you still cannot log in after entering your user name and password, and have been stuck in the login interface.

The manifestation after poisoning: the virus type is Ramnit.x. It will generate a hidden wsock32.dll file in each folder. In service.msc, you can see that many messy services have been started. Looking at the system process, you can also see many abnormal service processes that have not been started, such as ftp.exe srv*.exe, etc.

Restart into safe mode, scan using the 360system first aid kit, or use symantec's FxRamnit.exe kill to clear the virus.

If you need symantec, you can contact Brother Chicken. Please move to the official website to download the first aid kit.

After the safe mode check and kill, the computer installs the antivirus software, it is recommended to use the fee version antivirus software (money is not given in vain, foreign products are recommended), conduct a full scan many times, and then restart several times after confirming that there is no virus, because the virus is very stubborn, and do not open any service during antivirus, so as not to infect the client.

Postscript:

At present, the cause of the infection has not been found, there may be loopholes in the services that may be opened, or the computer may be infected by downloaded malware tools. Another possibility is to be infected by a machine poisoned by the intranet. If there are those who encounter the same problem, we can discuss it together.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.