Hello everybody,

first of all: Please excuse my english. It is not my first language. :)

I have a question about a situation that I just had:
A computer was fully infected by ramnit.h maleware, but Spybot S&D
told me that I have a 'maleware-free' system. So did Malewarebytes and
Hijackthis as well.
I even changed the Antivirus-program from Sophos to ESET NOD32 to
be sure that the program has no malfunction.
And to be absolutely sure I connected the harddisk to another system
with ESET and tested it.
The antivirus program always told me many infections (at the moment 803! . . still running).
Has anyone an idea why the above programs didn't recognize the Maleware?

Thanks in advance for your help,
the questioner

Hello questioner :welcome:


Has anyone an idea why the above programs didn't recognize the Maleware?

Offering an opinion based on one post would be guessing. ;)



The antivirus program always told me many infections (at the moment 803! . . still running). :eek:

In order for someone to advise see this forum's sticky which includes guidelines for this forum and instructions in post #2 on how to provide preliminary "DDS" logs used for analysis.
http://forums.spybot.info/showthread.php?t=288

Then start a new topic providing the logs and a volunteer analyst will assist you when available. :)

Best regards.

Hello tashi,

thanks for your quick answer. I guess I posted my question in the wrong topic.
I didn't want to know how to get rid of the virus because with this many infections I am not seriously thinking of letting the system still run. We already made a new installation on a new disk.

I just wondered that the three programs (Spybot S&D, Malewarebytes and Hijackthis) didn't find any of the infections. I always depended on these programs because they helped me a lot.

Maybe my question was wrong verbalized. I should have asked if anyone have the same situation with this kind of maleware and have an explanation for that.

Nevertheless . . . :thanks: a lot.
questioner

Hi questioner,



I just wondered that the three programs (Spybot S&D, Malewarebytes and Hijackthis) didn't find any of the infections. I always depended on these programs because they helped me a lot.

In the malware removal forum we ask for an initial DDS log which is more effective for preliminary analysis than HJT. :)

Without analysts seeing logs a definitive answer can't be given, we don't know exactly what your anti virus program is detecting, the 800 and counting that you mentioned is considerable.

If Spybot-S&D does not detect or remove an item and you can find the files, please zip or rar them and send to: detections(at)spybot.info (Replace AT with @)

That way they can directly examine the threat which could help to improve detections.

Cheers.