Remove W32.Ramnit
Posted on: January 27th, 2010
| Discovered: | January 19, 2010 |
| Updated: | January 20, 2010 12:08:42 AM |
| Type: | Virus |
| Systems Affected: | Windows 98, Windows 95, Windows XP, Windows Me, Windows Vista, Windows NT, Windows Server 2003, Windows 2000 |
| Recommended Action: | |
 In order to Remove W32.Ramnit you need to Download the ‘No Adware’ remover software. Based on our testing this was the best peforming remover of W32.Ramnit. Read our full No Adware Review |
|
| Technical Details: |
| Once executed, the worm creates the following folder:
%ProgramFiles%\MNetwork It then creates the following mutex so only one instance of the worm is running: Ghiyhjmnklowqq The worm spreads by encrypting and then appending itself to files with the following extensions: * DLL * EXE * HTM When an infected file, detected as W32.Ramnit!inf, is executed, it drops a copy of the worm executable file with the following file name and executes it: %CurrentFolder%\[INFECTED FILE NAME]Srv.exe The worm also spreads by copying itself to the recycle bin on the removable drive and creates the following file so that it executes whenever the drive is accessed: %DriveLetter%\autorun.ini The worm attempts to connect to the following remote location: rmnzerobased.com It attempts to download a .dll file and register it. Note: At the time of writing, the file was unavailable. |
| Action Steps: |
| FREE SCAN: NoAdware can Remove W32.Ramnit. Click the link below for your free download & scan your PC now.
Please click here for manual removal instructions. |
