Home / malware Virus:Win32/Ramnit.J
First posted on 15 February 2019.
Source: MicrosoftAliases :
There are no other names known for Virus:Win32/Ramnit.J.
Explanation :
Spreads via… Infected files Virus:Win32/Ramnit.J infects HTML document files with .HTML or .HTM extension. The infected HTML files may be detected as Virus:VBS/Ramnit.B. Payload Installs other malware The virus drops a file as "
mgr.exe", for example, "mytestmgr.exe", where is the file name of the infected executable. The dropped file is then run. This file may be detected as Worm:Win32/Ramnit.A. Allows backdoor access and control Virus:Win32/Ramnit.J creates a backdoor by connecting to a remote server. Using this backdoor, a remote attacker can instruct an affected computer to download and run files. The virus creates a default web browser process (which is invisible to users) and injects code to it. The infection and backdoor functionality occurs in the web browser process context, presumably for the purpose of bypassing a firewall. See the Worm:Win32/Ramnit.A description for more details on how this malware downloads and runs files. Analysis by Scott Molenkamp Last update 15 February 2019