Malware

AIT.Heur.Ramy.1.68950967.Gen removal

Malware Removal

The AIT.Heur.Ramy.1.68950967.Gen is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What AIT.Heur.Ramy.1.68950967.Gen virus can do?

  • Performs HTTP requests potentially not found in PCAP.
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Attempts to modify proxy settings
  • Touches a file containing cookies, possibly for information gathering
  • The sample wrote data to the system hosts file.
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine AIT.Heur.Ramy.1.68950967.Gen?



File Info:

name: DCF94642178985B81B8E.mlw
path: /opt/CAPEv2/storage/binaries/7e9cc011c6e4592b24704ed672f808021f6e38f9b9bdd5a7d4c921688bfeba7d
crc32: 9F77A3C0
md5: dcf94642178985b81b8ebb8cb3499cdc
sha1: 1de5622567016cb2d916fc758c161cec8ec41de3
sha256: 7e9cc011c6e4592b24704ed672f808021f6e38f9b9bdd5a7d4c921688bfeba7d
sha512: 578b81ef566fb6511a64c96da857d2ac02e10a12f0b9eec90eba4096d976bad8dd6e76cc9f2fadf9e741a0e79234290f2694d5591d244f5c12d9a5815251bc1d
ssdeep: 24576:JwWHhK2FjW8WVKxpRfWIAGyRXrrNfbfIqWguvfASvyvKNJIkeZoUoWlw3T:6WHhKejW8gKxpRfWIPyRXrrNf7QgGX6P
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T196353345EDCB0739E9A3013607DF71412C29EEB0DE1BFFD29A64844A4E342636A57336
sha3_384: ce1d1a7094d35c7698a30d53b2bc6b2ae0248195dad387ab63a523282e5d5404acd3a747108affb2759c613527fd0b8a
ep_bytes: 60be001046008dbe0000faff5783cdff
timestamp: 2016-11-23 16:57:09


Version Info:

CompanyName: Avira Operations GmbH & Co. KG
FileVersion: 15.0.23.0
LegalCopyright: Copyright 2016 Avira Operations GmbH & Co. KG. All rights reserved.
OriginalFilename: Telemetry_UAS.exe
ProductName: Avira Swat Apl Rs
ProductVersion: 15.0.23.0
Translation: 0x0809 0x04b0

AIT.Heur.Ramy.1.68950967.Gen also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.Ramy.4!c
MicroWorld-eScanAIT.Heur.Ramy.1.68950967.Gen
ClamAVWin.Malware.Autoit-6992293-0
FireEyeAIT.Heur.Ramy.1.68950967.Gen
CAT-QuickHealTrojan.Autcobit
ALYacAIT.Heur.Ramy.1.68950967.Gen
Cylanceunsafe
SangforTrojan.Win32.Autcobit.V2x0
K7AntiVirusTrojan ( 700000111 )
AlibabaTrojan:Win32/AutCobit.497231de
K7GWTrojan ( 700000111 )
SymantecSMG.Heur!gen
Elasticmalicious (moderate confidence)
ESET-NOD32a variant of Generik.GHPAUEM
APEXMalicious
CynetMalicious (score: 100)
BitDefenderAIT.Heur.Ramy.1.68950967.Gen
EmsisoftAIT.Heur.Ramy.1.68950967.Gen (B)
DrWebTrojan.BtcMine.1084
VIPREAIT.Heur.Ramy.1.68950967.Gen
TrendMicroTROJ_GEN.R002C0DGS23
McAfee-GW-EditionBehavesLike.Win32.Generic.tc
Trapminesuspicious.low.ml.score
SophosMal/Generic-S
GDataWin32.Trojan.PSE.CDL9ON
AviraTR/AutCobit.wzhoc
Antiy-AVLHackTool/Win32.Agent
ArcabitAIT.Heur.Ramy.1.68950967.Gen [many]
MicrosoftTrojan:Win32/AutCobit
GoogleDetected
AhnLab-V3Trojan/Win32.Nymeria.C2495045
McAfeeArtemis!DCF946421789
MAXmalware (ai score=87)
VBA32Trojan.Autoit.Wirus
MalwarebytesGeneric.Malware.AI.DDS
PandaTrj/Genetic.gen
TrendMicro-HouseCallTROJ_GEN.R002C0DGS23
RisingTrojan.Generic@AI.100 (RDML:95T3ld+2hjKGBpBPAFHncQ)
FortinetW32/PossibleThreat
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_70% (W)

How to remove AIT.Heur.Ramy.1.68950967.Gen?

AIT.Heur.Ramy.1.68950967.Gen removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment