Home / malware Virus:Win32/Ramnit.gen!A
First posted on 28 September 2010.
Source: SecurityHomeAliases :
There are no other names known for Virus:Win32/Ramnit.gen!A.
Explanation :
Virus:Win32/Ramnit.gen!A is a generic detection for a virus that infects Windows executable files and HTML files, and spreads to removable drives. The virus attempts to open a backdoor and wait for instructions.
Top
Virus:Win32/Ramnit.gen!A is a generic detection for a virus that infects Windows executable files and HTML files, and spreads to removable drives. The virus attempts to open a backdoor and wait for instructions. When executed, the virus drops a file as "<file_name>Srv.exe" (for example, "mytestSvr.exe"), where <file_name> is the file name of the infected executable. The dropped file is then executed. This file may be detected as Worm:Win32/Ramnit.A. The virus creates a default web browser process (which is invisible to users) and injects code to it. The infection and backdoor functionality occurs in the web browser process context, presumably for the purpose of bypassing a firewall. Spreads via€¦ Infects files Virus:Win32/Ramnit.gen!A also infects .HTML files with .HTML or .HTM extension. The infected .HTML or .HTM files may be detected as Virus:VBS/Ramnit.A. Payload Allows backdoor access / Connects to remote server Virus:Win32/Ramnit.gen!A creates a backdoor by connecting to a remote server. Using this backdoor, a remote attacker can instruct an affected computer to download and execute files. See the description for Worm:Win32/Ramnit.A for more details on how the malware downloads and executes arbitrary files.
Analysis by Chun Feng & Shawn WangLast update 28 September 2010