How to remove “Dropped:Win32.Ramnit”?

The Dropped:Win32.Ramnit is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Dropped:Win32.Ramnit virus can do?

The binary contains an unknown PE section name indicative of packing
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid

How to determine Dropped:Win32.Ramnit?


File Info:
name: D92D1C590B65B8AFE145.mlw
path: /opt/CAPEv2/storage/binaries/9e47bc15a3c9e065ac861f04385edb92738567f3dc8687508d6cbdfd05e940f1
crc32: 56136FE6
md5: d92d1c590b65b8afe1450c17317afd44
sha1: 61ad1aa626cd5062e31f1c53becdfbc382cb5436
sha256: 9e47bc15a3c9e065ac861f04385edb92738567f3dc8687508d6cbdfd05e940f1
sha512: 09d7cf6c3bc659cbd969fbb894677237f1c0efa3d77912b2e99cc52765d4eed86b80b614c23d7f0ce0d6c69f1b59a139bf3249feaba660c7a8573dab990ea9fe
ssdeep: 1536:/MASiLNFZdO/VWGCq2iW7zlE6ZCGKu9YwM4Kfh4WMPcKHAEBQH8:/3vO/8GCHu6ZCWYwMpuSNUQH
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T174B3D172BFA84421E4F1E67009B1626197BABD70B83DAC4FE6A445071E310C6A5FD73B
sha3_384: 0dde75d72f29e9fcc964aec300ae14a0fa074f9db4d40ebecc32e83d1fb0458a73886f69fa80b92141b200728f908a5a
ep_bytes: 558bec81ec6c01000033c05356578945
timestamp: 2001-07-19 19:29:57

Version Info:
CompanyName: Microsoft Corporation
FileDescription: MSN Uninstall Progman
FileVersion: 6.10.0016.1624
InternalName: MSNUNIN
LegalCopyright: Copyright (C) Microsoft Corp. 1981-2000
OriginalFilename: MSNUNIN.EXE
ProductName: Microsoft(R) MSN (R) Communications System
ProductVersion: 6.10.0016.1624
Built by: msnbld
Translation: 0x0409 0x04b0

Dropped:Win32.Ramnit also known as:

Bkav	W32.FamVT.DumpModuleInfectiousNME.PE
Lionic	Virus.Win32.Nimnul.m1R5
tehtris	Generic.Malware
MicroWorld-eScan	Dropped:Win32.Ramnit
FireEye	Dropped:Win32.Ramnit
ALYac	Dropped:Win32.Ramnit
Malwarebytes	Ramnit.Virus.FileInfector.DDS
Zillya	Virus.Nimnul.Win32.5
Sangfor	Suspicious.Win32.Save.ins
K7AntiVirus	Virus ( 0040f7441 )
Alibaba	Virus:Win32/Nimnul.103f
K7GW	Virus ( 0040f7441 )
Cybereason	malicious.90b65b
VirIT	Backdoor.Win32.Darkshell.JM
Cyren	W32/PatchLoad.E
Elastic	malicious (high confidence)
APEX	Malicious
ClamAV	Win.Trojan.Vjadtre-6170948-0
Kaspersky	Virus.Win32.Nimnul.f
BitDefender	Dropped:Win32.Ramnit
Avast	Win32:RmnDrp [Inf]
Tencent	Virus.Win32.Loader.aab
TACHYON	Virus/W32.Ramnit.C
Emsisoft	Dropped:Win32.Ramnit (B)
DrWeb	BackDoor.Darkshell.246
VIPRE	Dropped:Win32.Ramnit
TrendMicro	TROJ_GEN.R002C0OA323
McAfee-GW-Edition	BehavesLike.Win32.Virut.ch
Sophos	Mal/Generic-S
Ikarus	Virus.Win32.Wapomi
GData	Win32.Virus.Nimnul.A
Jiangmin	Win32/Nimnul.f
Google	Detected
Antiy-AVL	Virus/Win32.Nimnul.f
Xcitium	Virus.Win32.Wali.KA@558nxg
Arcabit	Win32.Ramnit
ViRobot	Win32.Ramnit.F
ZoneAlarm	Virus.Win32.Nimnul.f
Microsoft	Trojan:Win32/Wacatac.B!ml
Cynet	Malicious (score: 100)
AhnLab-V3	Win32/Wampori.Gen
McAfee	W32/Kudj
MAX	malware (ai score=81)
Cylance	unsafe
Panda	W32/Pcarrier.A
TrendMicro-HouseCall	TROJ_GEN.R002C0OA323
Rising	Virus.Roue!1.9E10 (CLASSIC)
Yandex	Win32.Ramnit.Gen
SentinelOne	Static AI – Malicious PE
MaxSecure	Virus.Nimnul.F
Fortinet	W32/Kudj
BitDefenderTheta	AI:FileInfector.EAEEA7850C
AVG	Win32:RmnDrp [Inf]
DeepInstinct	MALICIOUS

How to remove Dropped:Win32.Ramnit?

Dropped:Win32.Ramnit removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X