Virus

About “Virus:Win32/Ramnit.AH” infection

Malware Removal

The Virus:Win32/Ramnit.AH is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Virus:Win32/Ramnit.AH virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Behavioural detection: Injection (inter-process)
  • Behavioural detection: Injection with CreateRemoteThread in a remote process
  • CAPE detected the Ramnit malware family
  • Operates on local firewall’s policies and settings
  • Attempts to disable UAC
  • Attempts to disable Windows Defender
  • Attempts to modify or disable Security Center warnings
  • Registers an application compatibility shim database for persistence
  • Anomalous binary characteristics
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Virus:Win32/Ramnit.AH?



File Info:

name: 446F6D56E3754E37F33E.mlw
path: /opt/CAPEv2/storage/binaries/b5804e30872807d8b11613ee881a4b29dc1856afae3b8babec8c89789a7fe927
crc32: D7FA0F07
md5: 446f6d56e3754e37f33e5539e15023e8
sha1: f4b7da061afcf3ede9d4ff830f0966aa93c79d5a
sha256: b5804e30872807d8b11613ee881a4b29dc1856afae3b8babec8c89789a7fe927
sha512: 67bcccc54209e65dcc6693bbd77747fad9635e071a1ec430f8251ed9df66cb1802b95125b6431550478814dedbdc4741ebf9154ddcf5b486e7c84eacc114d3d6
ssdeep: 12288:TRtwxnvuoV35GFPw/+YOAEPZNc+csNBIsXecEWZQXHja:Tzw1uoV35GFPw/+YOAmZNmOIg5ZQXH
type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
tlsh: T140A4E100BAC78431F479093901E5C3924F78AF5327E7E5EBAFC82A5D146A3E51B3479A
sha3_384: 9a0a642712e1c116da0eb733945911308472297799dfc5810938a84bdd5092b0588e7c16656841c07ad9e5701af71f55
ep_bytes: eb0bb8c830021029c15153eb6e6031c9
timestamp: 2011-10-19 03:11:02


Version Info:

0: [No Data]

Virus:Win32/Ramnit.AH also known as:

LionicVirus.Win32.Nimnul.n!c
MicroWorld-eScanWin32.Ramnit.Y
CMCVirus.Win32.Ramnit.2!O
CAT-QuickHealW32.Nimnul.F
SkyhighW32/Ramnit.o
McAfeeW32/Ramnit.o
ZillyaVirus.Nimnul.Win32.2
SangforVirus.Win32.Nimnul.e
CrowdStrikewin/malicious_confidence_100% (D)
K7GWVirus ( 004c861e1 )
K7AntiVirusVirus ( 004c861e1 )
ArcabitWin32.Ramnit.Y
BaiduWin32.Virus.Nimnul.dan
SymantecTrojan.Dropper
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Ramnit.AM
CynetMalicious (score: 100)
KasperskyVirus.Win32.Nimnul.e
BitDefenderWin32.Ramnit.Y
NANO-AntivirusVirus.Win32.Nimnul.bauhiz
AvastWin32:Ramnit-AR
TencentVirus.Win32.Nimnul.b
EmsisoftWin32.Ramnit.Y (B)
F-SecureMalware.W32/Nimnul.D
DrWebWin32.Nimnul.1
VIPREWin32.Ramnit.Y
TrendMicroPE_RAMNIT.SM
FireEyeGeneric.mg.446f6d56e3754e37
SophosW32/Ramnit-BD
JiangminWin32/Nimnul.d
VaristW32/Nimnul.A!Generic
AviraW32/Nimnul.D
MAXmalware (ai score=87)
Antiy-AVLVirus/Win32.Ramnit.am
XcitiumVirus.Win32.Ramnit.GENV@4roe85
MicrosoftVirus:Win32/Ramnit.AH
ZoneAlarmVirus.Win32.Nimnul.e
GDataWin32.Ramnit.Y
GoogleDetected
AhnLab-V3Win32/Ramnit.S
BitDefenderThetaAI:FileInfector.17F650D70E
ALYacWin32.Ramnit.Y
TACHYONVirus/W32.Ramnit.D
VBA32Virus.Nimnul.ea
Cylanceunsafe
PandaGeneric Suspicious
TrendMicro-HouseCallPE_RAMNIT.SM
RisingVirus.Ramnit!1.A1AD (CLASSIC)
IkarusVirus.Win32.Nimnul
MaxSecureVirus.Nimnul.E
FortinetW32/Ramnit.AM
AVGWin32:Ramnit-AR
DeepInstinctMALICIOUS

How to remove Virus:Win32/Ramnit.AH?

Virus:Win32/Ramnit.AH removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment