Need help? Ask the community or hire an expert.
Go to Avira Answers
Virus:W32/Ramnit.A
Date discovered:23/09/2010
Type:File infector
In the wild:No
Reported Infections:Medium to high
Distribution Potential:Medium to high
Damage Potential:Low
File size:65.536 Bytes
VDF version:7.10.05.87
IVDF version:7.10.12.23 - Thursday, September 23, 2010

 General Method of propagation:
    Infects files


Aliases:
   •  Symantec: W32.Ramnit!inf
   •  Mcafee: W32/Ramnit.a
   •  Kaspersky: Trojan.Win32.Patched.ki
   •  TrendMicro: PE_RAMNIT.H
   •  F-Secure: Win32.Ramnit
   •  Bitdefender: Win32.Ramnit
     Avast: Win32:Ramnit-B
     Microsoft: Virus:Win32/Ramnit.B
     PCTools: Malware.Ramnit
   •  Eset: Win32/Ramnit.A
     GData: Win32.Ramnit
AhnLab: Win32/Ramnit
     Fortinet: W32/Ramnit.A
     Rising: Win32.Ramnit.a


Platforms / OS:
   • Windows 95
   • Windows 98
   • Windows 98 SE
   • Windows NT
   • Windows ME
   • Windows 2000
   • Windows XP
   • Windows 2003
    Windows Vista
    Windows 7


Side effects:
   • Third party control
Infects files

 Files The following file is created:

%executed file's name without extension%Srv.exe Furthermore it gets executed after it was fully created. Further investigation pointed out that this file is malware, too. Detected as: W32/Ramnit.A

 File infection Infector type:

Appender - The virus main code is added at the end of the infected file.
 The last section of the file is modified to include the virus code.


Method:

This direct-action infector actively searches for files.


Infection length:

- 65.536 Bytes


The following files are infected:

By file type:
   • *.exe
   • *.htm
   • *.html

 Backdoor Remote control capabilities:
     Download file
     Execute file

Description inserted by Razvan Olteanu on Monday, January 17, 2011
Description updated by Razvan Olteanu on Thursday, January 20, 2011

Back . . . .