Need help? Ask the community or hire an expert.
Go to Avira Answers
Date discovered:18/11/2010
Type:File infector
In the wild:No
Reported Infections:Medium to high
Distribution Potential:Low to medium
Damage Potential:Medium to high
File size:65.536 Bytes
VDF version:
IVDF version:

 General Method of propagation:
   • Infects files

   •  Symantec: W32.Ramnit!inf
   •  Mcafee: W32/Ramnit.a
   •  Kaspersky:
   •  TrendMicro: PE_RAMNIT.H
   •  F-Secure: Win32.Ramnit
   •  Bitdefender: Win32.Ramnit
   •  Avast: Win32:Ramnit-B
   •  Microsoft: Virus:Win32/Ramnit.B
   •  PCTools: Malware.Ramnit
   •  Eset: Win32/Ramnit.A
   •  GData: Win32.Ramnit
   •  AhnLab: Win32/Ramnit
   •  Fortinet: W32/Ramnit.A
   •  Rising: Win32.Ramnit.a

Platforms / OS:
   • Windows 95
   • Windows 98
   • Windows 98 SE
   • Windows NT
   • Windows ME
   • Windows 2000
   • Windows XP
   • Windows 2003
   • Windows Vista
   • Windows 7

Side effects:
   • Third party control
   • Infects files

 Files The following file is created:

%executed file's name without extension%Srv.exe Furthermore it gets executed after it was fully created. Further investigation pointed out that this file is malware, too. Detected as: W32/Ramnit.A

 File infection Infector type:

Appender - The virus main code is added at the end of the infected file.
– The last section of the file is modified to include the virus code.


This direct-action infector actively searches for files.

Infection length:

- 65.536 Bytes

The following files are infected:

By file type:
   • *.exe
   • *.htm
   • *.html

 Backdoor Remote control capabilities:
    • Download file
    • Execute file

Description inserted by Razvan Olteanu on Tuesday, January 18, 2011
Description updated by Andrei Gherman on Monday, February 7, 2011

Back . . . .