1. % Windir% \ system32 \ microsoft \ watermark.exe and
2. % Userprofile% \ application data \ microsoft \ watermark.exe
This suggests that the creator of this RAMnit Virus, actually have observed how the development of Viruses of the creation and always wanted to make it more powerful...
RAMnit virus is highly contagious due to:
- Infect dll files, dll files, very few people even notice it but the file extension dll files that are used more often than the files ending in exe, because almost every time we run the exe file then inadvertently we have also run a dll file is, for example: click right, open, explorer and so on.....Infect html file, html file is a file that is always used by Internet users, both online and offline.Untuk it will make the effects of transmission will be very fast in order to spread this virus ramnit.Infect exe files, exe files are program files / applications that must be used by all computer users, when the application file is infected, how? .... The master program we will be infected and every time we install a program... for example: Office, Photoshop, Corel, acrobat reader, etc.... Then our system will always be infected.
- Infect the system with the file extension. CPL, besides RAMnit Viruses transmitted through EXE files, the virus also makes files ending in. Cpl, exe and shortcuts in all of the UFD / portable hard drive, especially the FAT format, which by default... if didobel click the shortcut... will automatically run by control.exe.... and will be dropped as well rename the file watermark.exe watermark.exe running into svchost.exe.... look at the contents of the shortcut copy of a copy of...
- Autorun Windows.... , Almost all the viruses that infect tercopy to the UFD to rely on its autorun windows.
Please clean with cleaner Anti Virus (PCMAV for ramnit, NOD32 stand-alone, etc.) after successfully cleaned up I recommend to make the program files / master is a RAR file with Winrar program / 7zip etc., or for a large size can be used as an ISO or NRG files..... with the help of ultra ISO / NERO image... because the file will be more awake than virus infection...
How to clean:
- Prepare cleaner Anti-Virus (I use NOD32 stand-alone) in a way> download here <and save it in the form of a zip file / RAR to the exe file is not infected.
- Save the file on the UFD or copy and paste on the infected computer's hard drive.
- Use task manager, select the task / processes tab and end task all the file svchost.exe and also all that can end task (except: task manager)
- Open the file which is already cleaner NOD32 zip / RAR, using the file open in the task manager.Rubah program options in order to open the file into allfiles file zip / rar of NOD32 can be seen.
- after teropen NOD32 with winrar or other application.. please double click the *. exe file of Nod after the next... next dipilihan action, the left select Clean and right select Scan & delete.Lalu run clean
- after running close / close winrar / applications made to open NOD32 zip / RAR.
- Please be supervised by the task manager if there is a file svchost.exe / exit processes appear in the task immediately at the end... and as usual when there is no display windows, warning that the computer will shutdown in 60 seconds / 1 minute.... please type in the file menu open / run: shutdown-a meaning-a is the shutdown command to cancel the action...
- Warning!!!!! , While NOD 32 clean file on your computer, not to open / run any file... because let alone run the exe file, right click aja we have means to run a virus / its svchost.exe Virus Ramnit.
- Remember... we need to watch are: turn off / end task svchost.exe file for NOD32 to clean files on your computer.....