Categories: Virus

Virus:Win32/Ramnit.G removal tips

The Virus:Win32/Ramnit.G is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Virus:Win32/Ramnit.G virus can do?

  • Executable code extraction
  • Injection with CreateRemoteThread in a remote process
  • Creates RWX memory
  • Attempts to connect to a dead IP:Port (6 unique times)
  • Expresses interest in specific running processes
  • Drops a binary and executes it
  • Performs some HTTP requests
  • The binary likely contains encrypted or compressed data.
  • Tries to suspend Cuckoo threads to prevent logging of malicious activity
  • Code injection with CreateRemoteThread in a remote process
  • Crashed cuckoomon during analysis. Report this error to the Github repo.
  • A process attempted to delay the analysis task by a long amount of time.
  • Tries to unhook or modify Windows functions monitored by Cuckoo
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • Installs itself for autorun at Windows startup
  • Clears Windows events or logs

Related domains:

www.round.arkku.net
fget-career.com
eavytybstr.com
tybsrthynuyksrtvyaerb.com
waecybuojityer.com
qwreertyutifgjdfgsdvxcb.com

How to determine Virus:Win32/Ramnit.G?



File Info:

crc32: 2C2887EEmd5: 7a0cbbd6507c1f8b4c7134b8016163caname: 7A0CBBD6507C1F8B4C7134B8016163CA.mlwsha1: dd2636b5e04b39886df53ae05744358c5d859f62sha256: e83b6943699aeeeecac95b89db186cc5c696962b7b6150efef7e3ec2cfffd614sha512: b43172f03ef30b0a18526d01e568f3a76ebcf6d4cb330b0ff015c23aa82784a4159ced8c18cb9e8a3607f451cb215eda70a09f29de1e30b4df6a25d28bd64df2ssdeep: 6144:mqZsznMReD+aR/jL/nCT8VZoeOY93g9LXJn:mqZIn+uLGTh1cQ1type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

ProductName: New Vegas ConfigatorTranslation: 0x0000 0x04b0

Virus:Win32/Ramnit.G also known as:

Bkav W32.0422Infect.PE
K7AntiVirus Virus ( 002fe95d1 )
DrWeb Win32.Rmnet
MicroWorld-eScan Win32.Ramnit
CAT-QuickHeal W32.Ramnit.A
ALYac Win32.Ramnit
Cylance Unsafe
Zillya Virus.Nimnul.Win32.1
CrowdStrike win/malicious_confidence_100% (W)
Alibaba Virus:Win32/Ramnit.gen2
K7GW Virus ( 002fe95d1 )
Cybereason malicious.6507c1
TrendMicro PE_RAMNIT.H
Baidu Win32.Virus.Nimnul.a
Cyren W32/Ramnit.B!Generic
Symantec W32.Ramnit!inf
ESET-NOD32 Win32/Ramnit.E
Zoner Trojan.Win32.Ramnit.32880
APEX Malicious
TotalDefense Win32/Ramnit.A
Avast Win32:RmnDrp
ClamAV Win.Trojan.Ramnit-1847
GData Win32.Virus.Nimnul.A
Kaspersky Virus.Win32.Nimnul.a
BitDefender Win32.Ramnit
NANO-Antivirus Virus.Win32.Ramnit.eslalb
ViRobot Win32.Ramnit.E
Tencent Virus.Win32.Ramnit.c
Ad-Aware Win32.Ramnit
Sophos W32/Patched-I
Comodo Virus.Win32.Ramnit.A@1xq65p
F-Secure Malware.W32/Ramnit.CD
BitDefenderTheta AI:FileInfector.EAEEA7850C
VIPRE Virus.Win32.Ramnit.a (v)
Invincea heuristic
McAfee-GW-Edition BehavesLike.Win32.Ramnit.dc
Trapmine malicious.high.ml.score
FireEye Generic.mg.7a0cbbd6507c1f8b
Emsisoft Win32.Ramnit (B)
SentinelOne DFI – Malicious PE
F-Prot W32/Ramnit.B!Generic
Endgame malicious (high confidence)
Webroot W32.Ramnit
Avira W32/Ramnit.CD
eGambit Unsafe.AI_Score_98%
Antiy-AVL Virus/Win32.Nimnul.a
Kingsoft Win32.Ramnit.la.30720
Microsoft Virus:Win32/Ramnit.G
Jiangmin Win32/Nimnul.a
Arcabit Win32.Ramnit
AegisLab Virus.Win32.Nimnul.lmWE
ZoneAlarm Virus.Win32.Nimnul.a
TACHYON Virus/W32.Ramnit.B
AhnLab-V3 Win32/Ramnit.E
Acronis suspicious
McAfee W32/Ramnit.q
MAX malware (ai score=81)
VBA32 Virus.Win32.Nimnul.a
Panda W32/Cosmu.gen
TrendMicro-HouseCall PE_RAMNIT.H
Rising Virus.Ramnit!1.9AA5 (CLOUD)
Yandex Win32.Ramnit.Gen.3
Ikarus Virus.Win32.Nimnul
MaxSecure Virus.Nimnul.A
Fortinet W32/Ramnit.A
AVG Win32:RmnDrp
Paloalto generic.ml
Qihoo-360 Virus.Win32.Ramnit.B

How to remove Virus:Win32/Ramnit.G?

  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.
Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment
Share
Published by
Paul Valéry
Tags: eavytybstr.comfget-career.comqwreertyutifgjdfgsdvxcb.comtybsrthynuyksrtvyaerb.comVirus:Win32/Ramnit.Gwaecybuojityer.comwww.round.arkku.net
3 years ago

Recent Posts

Generic.Dacic.94CCEEA9.A.6E0589A0 (B) information

The Generic.Dacic.94CCEEA9.A.6E0589A0 (B) is considered dangerous by lots of security experts. When this infection is…

31 mins ago

How to remove “Malware.AI.1414244178”?

The Malware.AI.1414244178 is considered dangerous by lots of security experts. When this infection is active,…

32 mins ago

MSIL/Kryptik.AKBF (file analysis)

The MSIL/Kryptik.AKBF is considered dangerous by lots of security experts. When this infection is active,…

36 mins ago

Generik.HKMGMJM removal

The Generik.HKMGMJM is considered dangerous by lots of security experts. When this infection is active,…

36 mins ago

Zusy.535909 malicious file

The Zusy.535909 is considered dangerous by lots of security experts. When this infection is active,…

40 mins ago

Win32:Agent-AMKL [Drp] (file analysis)

The Win32:Agent-AMKL [Drp] is considered dangerous by lots of security experts. When this infection is…

40 mins ago