Home / malware Virus:Win32/Ramnit.AF
First posted on 05 January 2012.
Source: MicrosoftAliases :
Virus:Win32/Ramnit.AF is also known as Win32/Ramnit.N (AhnLab), W32/Ramnit.E (Command), Virus.Win32.Nimnul.a (Kaspersky), W32/Ramnit.I (Norman), Win32.Ramnit.Gen.3 (VirusBuster), W32/Ramnit.C (Avira), Win32.Ramnit.N (BitDefender), Win32.Rmnet.8 (Dr.Web), Win32/Ramnit.H virus (ESET), Virus.Win32.Ramnit (Ikarus), W32/Ramnit.a (McAfee), Win32.Ramnit.B (Rising AV), W32/Ramnit-A (Sophos), W32.Ramnit.B!inf (Symantec), PE_RAMNIT.DEN (Trend Micro).
Explanation :
Virus:Win32/Ramnit.AF is a virus that infects Windows executable files and HTML files, and drops and loads other malware, which may be detected as Trojan:Win32/Ramnit.D.
Top
Virus:Win32/Ramnit.AF is a virus that infects Windows executable files and HTML files, and drops and loads other malware, which may be detected as Trojan:Win32/Ramnit.D.
Installation
When run, Virus:Win32/Ramnit.AF drops malware with a file name the same as that of the infected host file with the string "mgr" appended, as in the following example format:
<original file name>mgr.exe
The dropped file may be detected as Trojan:Win32/Ramnit.D. Virus:Win32/Ramnit.AF launches the dropped file immediately and transfers execution of the infected file to the original host code.
Spreads via...
Infects files
Virus:Win32/Ramnit.AF also infects .HTML files with .HTML or .HTM extension.
Payload
Allows backdoor access and control
Virus:Win32/Ramnit.AF allows unauthorized access and control of an affected computer. An attacker can perform any number of different actions on an affected computer using Virus:Win32/Ramnit.AF. This could include, but is not limited to, the following actions:
- Download and execute arbitrary files
- Upload files
- Spread to other computers using various methods of propagation
- Log keystrokes or steal sensitive data
- Modify system settings
- Run or terminate applications
- Delete files
Analysis by Tim Liu
Last update 05 January 2012