SecurityHome.eu Virus:VBS/Ramnit.gen!C

Home / malware PDF

Virus:VBS/Ramnit.gen!C

First posted on 21 February 2019.
Source: Microsoft
Aliases :
Virus:VBS/Ramnit.gen!C is also known as VBS/Inor.DZ, VBS.Ramnit.T, Win32.Rmnet.12, Virus.VBS.Ramnit, W32/Ramnit.a!htm, W32.Ramnit!html, Dropper.Script.VBS.Fednu.a.
Explanation :
Virus:VBS/Ramnit.gen!C is a VBScript appended to HTML documents. It spreads via HTML documents. It drops and runs another malware, which is detected as Trojan:Win32/Ramnit.A, which in turn infects HTML files.

Spreads through...

File infection

When an infected HTML file detected as Virus:VBS/Ramnit.gen!C is opened, it drops and runs a copy of Trojan:Win32/Ramnit.A as the file ""%Temp%svchost.exe".

Trojan:Win32/Ramnit.A infects DLL and EXE files, as well as HTML files. Infected HTML files are detected as Virus:VBS/Ramnit.gen!C. In certain cases, the infected HTML file may instead be detected as Virus:VBS/Ramnit.B.

Additional information

Virus:VBS/Ramnit.gen!C appends random comments to its body in an attempt to avoid detection.

Analysis by Horea Coroiu
Last update 21 February 2019

TOP

Malware :

Last 20

Virus:VBS/Ramnit.gen!C

Aliases :

Explanation :

Malware :

Family: