I ran avg this morning and it came up with a infected file in my dll stuff. trojan downloader.Rameh.E, ive been looking all over the net to find out what this is and im not finding any information about what it is. What does it do, avg said it healed it but alot of the times healed stuff always comes back so id appreciate any ideas on how to get rid of it.....ive ran spybot, adaware, adn avg adn the cleaner! Thanks!!

One of the troubles with getting owned by a bad piece of software is sometimes it won't let you find the info to fix it. AVG is healing the infected file, but it's not found the source of the infection which is probably a very stealthed file on your system that you are not going to find by hand. What you need to do is scan all your files using deep scan methods, and determine how it is connecting to the net to redownload that nasty. This should lead you to two potential sources for the problem. Here's a bit of info... http://www.securityfocus.com/archive/82/246928 This link is a draft of how to craft a downloader trojan in a generic way. I hazard some of the IIS/Win rootkits feature very similiar methods. Now I did try a different approach and googled this with 'TROJAN RAMEH' which led some informative articles the first of which is http://www.faqfarm.com/Computer/Virus/22172 And of course the posting from lavasoft, makers of Ad-ware (yes it cleans it apparently, read the article tho...) http://www.lavasoftsupport.com/index.php?showtopic=26794 And of course one of my favorite sites for this stuff, when you can find it that is =) http://computercops.us/postp153015.html HTH, J. j e r u v y a t y a h o o d o t c o m

If AVG says it cleaned it, you should be fine. You could go through the step of turning system restore off and enter the safe mode and use AVG while in it. At the top of this forum's page the is a link for helpful security tools. You could download and install TDS for a free trial and use it for another opinion that your system is clean. Be sure to update it before you run its scan. The best places for additional virus definitions are Symantec and Trend Micro, they also provide excellent free removal tools and scans. Remember different companies might have different names for a virus/worm/trojan. Trend Micro's "HOUSECALL" is really a nice on line scanner that will remove and clean things for you, if there is an infection. Take care and all the best!

I disagree 100% with capt statement. Just because AVG found the symptom, doesn't mean your cured. It just means it found the nasty unpacked. The trojan is still available for the next time it decides to install something. The AV program simply can't find it. In some cases I've had to wait months for the trojan to reactivate, in some cases by a newer worm but, I would also agree that it probably isn't a issue until such time reoccurs. The moral of the story is: If your only line of defense against trojans is your AntiVirus product (I don't care who's...) then your going to be vulnerable to infection. The biggest challendge is discovery. Not once it decides to do something, then it is trivial to find. But then we only get the installed virus/malware..not the trojan. I do agree (and I have suggested it in many other posts of mine here) to get TDS-3 as it has all the tools you'll need to check your system out. Of course I would look at a real 'stop them at the front door, before they come in' approach and install a smart firewall with IDS/IPS protection used in real time. HTH, J. j e r u v y a t y a h o o d o t c o m

I use avg and it neither can remove or heal it. I have 2 like this I can't get rid of I think i am blind as I didn't see in the links I clicked a how to remove

You think you've got problems? I've got 35 files infected with this one virus and I have been trying for over a month to find something that would at least icilate them.....with no luck at all! My AVG finds them all...but can neither heal them or move them to the virus vault. In the past I have tried Spybot and the Cleaner and neither of them could do anything with them. Yesterday I installed NoAdware...paid my 29.95. It said it fixed them but my AVG scan found them again this morning. Also tried running AVG scan in the safe mode...as capt. suggested....to no avail. One program said they were currently running and that was why it couldn't do anything with them. Every single one of them is in my Restore/Temp files! help!

If you have system restore enabled cleaning is a waste of time. Doesn't anyone read the instructions..... Every SINGLE AV Vendor's site I've been to tells you the FIRST thing to do when you've discovered infection is TURN OFF SYSTEM RESTORE. If the virus hides here, then cleaning will work for a few minutes and then you get reinfected. J. j e r u v y a t y a h o o d o t c o m