Virus

Virus:VBS/Ramnit.B removal tips

Malware Removal

The Virus:VBS/Ramnit.B is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Virus:VBS/Ramnit.B virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • A process attempted to delay the analysis task.
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • HTTPS urls from behavior.
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Unconventionial language used in binary resources: Russian
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Installs itself for autorun at Windows startup
  • Installs itself for autorun at Windows startup
  • Operates on local firewall’s policies and settings
  • Creates a copy of itself
  • Harvests credentials from local FTP client softwares

How to determine Virus:VBS/Ramnit.B?



File Info:

name: A4BDD88F2DF6D43A0005.mlw
path: /opt/CAPEv2/storage/binaries/4400c371365389269281846e89dad1c5023d1785cdad3b1fa8b7b232275668b1
crc32: 4CF4A070
md5: a4bdd88f2df6d43a00057651eac1cf02
sha1: f7a79c69c451a57d97ce6ee4a28375a0a73b32a7
sha256: 4400c371365389269281846e89dad1c5023d1785cdad3b1fa8b7b232275668b1
sha512: 71b8c1ef5b5c1e860173d6b5f77d4a8136d489469f7eb3c038d2b11e8948d9ee4fe2023dfcabcedf517d60651a403d23a0501480f3b101ee82c8066f5408785e
ssdeep: 6144:R8HmlDtDQ5lM5pr2mmJ5JjZsami+eNfUn/LADc+d5AB8x:R8Hm1OlMSmeLvNncqx
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1B8A6D1EA91B980D2E8020EF8F518B7A3953271337FF5095032277F44B97BDD6A11CA5A
sha3_384: 03db48be13825a9814eaa5e895aa90c567d5dfa780913e936db6f00d611d451852be9bb46bbcf7958788676b7d7f2539
ep_bytes: 558bec83c4cc686b550000ff75f45151
timestamp: 2004-06-08 13:41:01


Version Info:

0: [No Data]

Virus:VBS/Ramnit.B also known as:

LionicTrojan.Win32.Generic.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.HTML.Ramnit.A
FireEyeGeneric.mg.a4bdd88f2df6d43a
ALYacTrojan.HTML.Ramnit.A
CylanceUnsafe
ZillyaTrojan.Kryptik.Win32.943328
SangforTrojan.Win32.Kryptik.LXZ
K7AntiVirusTrojan ( 0055dd191 )
AlibabaVirus:VBS/Ramnit.fb71027d
K7GWTrojan ( 0055dd191 )
Cybereasonmalicious.f2df6d
SymantecW32.Ramnit!html
ESET-NOD32a variant of Win32/Kryptik.LXZ
APEXMalicious
Paloaltogeneric.ml
ClamAVWin.Dropper.Ramnit-9821749-0
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderTrojan.HTML.Ramnit.A
NANO-AntivirusTrojan.Script.Agent.bfcghy
AvastWin32:FakeInst-AN [Trj]
TencentMalware.Win32.Gencirc.10c22e5f
Ad-AwareTrojan.HTML.Ramnit.A
EmsisoftTrojan.HTML.Ramnit.A (B)
ComodoMalware@#2zqjs8hpv5ekf
DrWebVBS.Rmnet.5
VIPREPacked.Win32.PWSZbot.gen (v)
McAfee-GW-EditionGenericR-HMY!A4BDD88F2DF6
SophosMal/Generic-S
SentinelOneStatic AI – Malicious PE
GDataTrojan.HTML.Ramnit.A
JiangminTrojan/Scar.ahgn
AviraVBS/Ramnit.abcd
Antiy-AVLTrojan[Dropper]/VBS.Ramnit.a
ArcabitTrojan.HTML.Ramnit.A
ViRobotTrojan.Win32.A.Scar.363618
ZoneAlarmHEUR:Trojan.Win32.Generic
MicrosoftVirus:VBS/Ramnit.B
CynetMalicious (score: 100)
McAfeeGenericR-HMY!A4BDD88F2DF6
MAXmalware (ai score=100)
VBA32Trojan.Zeus.EA.0999
RisingRansom.LockScreen!8.83D (CLOUD)
YandexVBS.Ramnit.T
IkarusTrojan.Win32.Ransom
BitDefenderThetaAI:Packer.5A093C5F21
AVGWin32:FakeInst-AN [Trj]
PandaTrj/CI.A
CrowdStrikewin/malicious_confidence_90% (D)

How to remove Virus:VBS/Ramnit.B?

Virus:VBS/Ramnit.B removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment