Virus:Win32/Ramnit.B information

Malware Removal

The Virus:Win32/Ramnit.B is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Review

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Virus:Win32/Ramnit.B virus can do?

  • Executable code extraction
  • Creates RWX memory
  • Drops a binary and executes it
  • Unconventionial binary language: Russian
  • Unconventionial language used in binary resources: Russian
  • Uses Windows utilities for basic functionality
  • Tries to suspend Cuckoo threads to prevent logging of malicious activity
  • Checks for the presence of known windows from debuggers and forensic tools
  • Tries to unhook or modify Windows functions monitored by Cuckoo
  • Installs itself for autorun at Windows startup
  • Anomalous binary characteristics

Related domains:

zahlung.name
bing.com
yahoo.com

How to determine Virus:Win32/Ramnit.B?


File Info:

crc32: 9D78711F
md5: 4d261fdf15aa586a56fc47e146caa072
name: 216153-karta-vyshek-servera-delirium-gtasa.exe
sha1: 51921988c3923ebe3cdb92b73230457d4ba4b8f1
sha256: e5d793e9b2bb929c593c2180fc07ba626c11513bb713629bcfb83454cc3f3e88
sha512: e7146ee5d47cfc91a628fc95bbb55feb916ed4bd6a330229644fc0cff47e3828227f82c1752f64dc2031a748286612fed46144bb393ded15751caab27198a39e
ssdeep: 393216:PXPSSGIrSnatybzqXRjZENRyZeEmOaYNaFFRa:PpSnatgzexZwypmOaOar4
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows

Version Info:

LegalCopyright: www.GameModding.net
InternalName:
FileVersion: 3.1.0.0
CompanyName: www.GameModding.net
LegalTrademarks:
Comments:
ProductName: ModInstall
ProductVersion: 1.0.0.0
FileDescription: ModInstall 3.0
OriginalFilename:
Translation: 0x0419 0x04e3

Virus:Win32/Ramnit.B also known as:

BkavW32.Trmnet.PE
MicroWorld-eScanWin32.Ramnit
FireEyeGeneric.mg.4d261fdf15aa586a
CAT-QuickHealW32.Ramnit.A
McAfeeW32/Ramnit.q
CylanceUnsafe
VIPREVirus.Win32.Ramnit.a (v)
K7AntiVirusVirus ( 002fe95d1 )
BitDefenderWin32.Ramnit
K7GWAdware ( 004d85191 )
Cybereasonmalicious.f15aa5
TrendMicroPE_RAMNIT.H
BaiduWin32.Virus.Nimnul.a
F-ProtW32/Ramnit.B!Generic
SymantecW32.Ramnit!inf
TotalDefenseWin32/Ramnit.A
APEXMalicious
AvastWin32:RmnDrp
ClamAVWin.Trojan.Ramnit-1846
GDataWin32.Virus.Nimnul.A
KasperskyVirus.Win32.Nimnul.a
NANO-AntivirusVirus.Win32.Ramnit.eslalb
ViRobotWin32.Ramnit.E
RisingVirus.Ramnit!1.9AA5 (CLASSIC)
Endgamemalicious (high confidence)
SophosW32/Patched-I
ComodoVirus.Win32.Ramnit.A@1xq65p
F-SecureMalware.W32/Ramnit.CD
DrWebWin32.HLLW.Tophos.6
ZillyaVirus.Nimnul.Win32.1
Invinceaheuristic
McAfee-GW-EditionBehavesLike.Win32.Ramnit.tm
Trapminemalicious.high.ml.score
EmsisoftWin32.Ramnit (B)
IkarusPUA.GameModding
CyrenW32/Ramnit.B!Generic
JiangminWin32/Nimnul.a
WebrootW32.Ramnit
AviraW32/Ramnit.CD
MAXmalware (ai score=85)
KingsoftWin32.Ramnit.la.30720
ArcabitWin32.Ramnit
ZoneAlarmVirus.Win32.Nimnul.a
MicrosoftVirus:Win32/Ramnit.B
AhnLab-V3Win32/Ramnit
Acronissuspicious
VBA32Virus.Win32.Nimnul.a
ALYacWin32.Ramnit
TACHYONVirus/W32.Ramnit.B
Ad-AwareWin32.Ramnit
PandaW32/Cosmu.gen
ZonerTrojan.Win32.Ramnit.32880
ESET-NOD32Win32/Ramnit.A
TrendMicro-HouseCallPE_RAMNIT.H
TencentVirus.Win32.Ramnit.c
YandexWin32.Ramnit.Gen.3
SentinelOneDFI – Malicious PE
FortinetW32/Ramnit.A
BitDefenderThetaAI:FileInfector.EAEEA7850C
AVGWin32:RmnDrp
CrowdStrikewin/malicious_confidence_100% (D)
Qihoo-360Virus.Win32.Ramnit.B

How to remove Virus:Win32/Ramnit.B?

Virus:Win32/Ramnit.B removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

Leave a Comment