Malware

AIT.Heur.Ramy.1.042FFC81.Gen removal tips

Malware Removal

The AIT.Heur.Ramy.1.042FFC81.Gen is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What AIT.Heur.Ramy.1.042FFC81.Gen virus can do?

  • Performs HTTP requests potentially not found in PCAP.
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Attempts to modify proxy settings
  • Touches a file containing cookies, possibly for information gathering
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine AIT.Heur.Ramy.1.042FFC81.Gen?



File Info:

name: 318636A3F28964AB5FEB.mlw
path: /opt/CAPEv2/storage/binaries/91e2085ab3fb4f561d8a8fc3b83850e20e8de5c158304f2fbcad5bfb5a7881b9
crc32: 9AB21050
md5: 318636a3f28964ab5febc285688faf3c
sha1: c6ef0bf657d2e7d6baacc0929b11a2911f1f1c2b
sha256: 91e2085ab3fb4f561d8a8fc3b83850e20e8de5c158304f2fbcad5bfb5a7881b9
sha512: ec16f18b77ce7406a59f9d3276b41e5fad40fb49b718b3d843dd3032e476233dff867dfd64b34974b8cb4eab4590e94ef4cbce41bdddf1d01127a193db7b6b2c
ssdeep: 24576:iwWHhK2FjW8WVKVe5wEhUwQXzjbZwYAefWn28MnT8f8hkqvtjMVp0j:9WHhKejW8gK05wEhYjbZwjeOn28I8f8y
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T18E3533667DD911BCD2F3427832E521805FA9EBA1EC38FF503ED9356CCD36121968827A
sha3_384: 93c43502792f5f4066cab262325f51fb733403c6249bd89b342253e0350e825d6aeda1ebc515af77bd0a3c60e466d930
ep_bytes: 60be001046008dbe0000faff5783cdff
timestamp: 2016-12-07 08:52:41


Version Info:

CompanyName: Avira Operations GmbH & Co. KG
FileVersion: 15.0.23.0
LegalCopyright: Copyright 2016 Avira Operations GmbH & Co. KG. All rights reserved.
OriginalFilename: ManagedFirewall_SysTray.exe
ProductName: Avira Swat Apl Rs
ProductVersion: 15.0.23.0
Translation: 0x0809 0x04b0

AIT.Heur.Ramy.1.042FFC81.Gen also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.Ramy.4!c
DrWebTrojan.BtcMine.1084
MicroWorld-eScanAIT.Heur.Ramy.1.042FFC81.Gen
ClamAVWin.Malware.Autoit-6992293-0
FireEyeAIT.Heur.Ramy.1.042FFC81.Gen
ALYacAIT.Heur.Ramy.1.042FFC81.Gen
MalwarebytesGeneric.Malware.AI.DDS
VIPREAIT.Heur.Ramy.1.042FFC81.Gen
SangforTrojan.Win32.Autcobit.Vce5
K7AntiVirusTrojan ( 700000111 )
AlibabaTrojan:Win32/AutCobit.5dfb08da
K7GWTrojan ( 700000111 )
SymantecSMG.Heur!gen
Elasticmalicious (moderate confidence)
ESET-NOD32a variant of Generik.KPALKOY
APEXMalicious
CynetMalicious (score: 100)
BitDefenderAIT.Heur.Ramy.1.042FFC81.Gen
AvastWin32:Evo-gen [Trj]
TencentWin32.Trojan.Autcobit.Bkjl
EmsisoftAIT.Heur.Ramy.1.042FFC81.Gen (B)
TrendMicroTROJ_GEN.R002C0DGS23
McAfee-GW-EditionBehavesLike.Win32.Generic.tc
Trapminesuspicious.low.ml.score
SophosMal/Generic-S
SentinelOneStatic AI – Suspicious PE
GDataWin32.Trojan.PSE.CDL9ON
AviraTR/AutCobit.dggdq
Antiy-AVLHackTool/Win32.Agent
ArcabitAIT.Heur.Ramy.1.042FFC81.Gen [many]
MicrosoftTrojan:Win32/AutCobit
GoogleDetected
AhnLab-V3Trojan/Win32.Nymeria.C2495045
McAfeeArtemis!318636A3F289
MAXmalware (ai score=89)
VBA32Trojan.Autoit.Wirus
Cylanceunsafe
PandaTrj/Genetic.gen
TrendMicro-HouseCallTROJ_GEN.R002C0DGS23
RisingTrojan.Generic@AI.100 (RDML:QZIl7YIXbAJGOF6aM1nW2Q)
IkarusWin32.Outbreak
AVGWin32:Evo-gen [Trj]
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_70% (W)

How to remove AIT.Heur.Ramy.1.042FFC81.Gen?

AIT.Heur.Ramy.1.042FFC81.Gen removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment