Worm:Win32/Ramnit!pz removal

The Worm:Win32/Ramnit!pz is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Worm:Win32/Ramnit!pz virus can do?

Sample contains Overlay data
The binary contains an unknown PE section name indicative of packing
The executable is compressed using UPX
Authenticode signature is invalid

How to determine Worm:Win32/Ramnit!pz?


File Info:
name: 6A2EDBF0DA6DBABFF07D.mlw
path: /opt/CAPEv2/storage/binaries/a8d61f6456f0e727181236d148dc111220e8b35c8075a4b5a5a3f6af9d11617c
crc32: BA3744A9
md5: 6a2edbf0da6dbabff07de0dd7ccfc119
sha1: 47f2b7ec71f849bcbaabcf34c6fc6c7136a6d60c
sha256: a8d61f6456f0e727181236d148dc111220e8b35c8075a4b5a5a3f6af9d11617c
sha512: 5046a967fa4e51ab2ad942fc120f6834f171f9e95dc242896f1e2002ac71eabb1b16f41fff11989e3cba480d695b42b54839af862d98eb3cb8f4733ccc178190
ssdeep: 1536:HNhlUsX61D8w22laSR0V+3CJrVdXHSzJl44:tHUCq8ilVR++3CVVdKJl
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1D5043A02B84298F6C3520BB5BA883351F3FC047546759A9AEF281F263FB1593CB4F466
sha3_384: 00ed037543c4d773794f0a5346ab33a6b56b44a4bc7217e090a675af05166fd9f57cae03e5340651d0e55ccea9fee4e2
ep_bytes: 1683c2045e5f595bc9c20400558bec83
timestamp: 2010-07-18 15:35:42

Version Info:
0: [No Data]

Worm:Win32/Ramnit!pz also known as:

Bkav	W32.AIDetectMalware
Elastic	malicious (high confidence)
DrWeb	Win32.Rmnet.1
ClamAV	Win.Virus.Ramnit-9808983-0
McAfee	GenericRXQF-YP!6A2EDBF0DA6D
Malwarebytes	Generic.Malware.AI.DDS
Zillya	Trojan.Agent.Win32.3304623
Sangfor	Suspicious.Win32.Save.a
K7AntiVirus	Riskware ( 00584baa1 )
K7GW	Riskware ( 00584baa1 )
Cybereason	malicious.c71f84
BitDefenderTheta	Gen:NN.ZexaF.36662.lmZ@ai03B5l
Cyren	W32/Agent.ENP.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
Cynet	Malicious (score: 100)
Kaspersky	HEUR:Trojan.Win32.Agent.gen
Avast	Win32:Ramnit-CA [Trj]
McAfee-GW-Edition	BehavesLike.Win32.Generic.cz
Trapmine	suspicious.low.ml.score
FireEye	Generic.mg.6a2edbf0da6dbabf
Sophos	ML/PE-A
SentinelOne	Static AI – Malicious PE
GData	Win32.Virus.Nimnul.A
Jiangmin	Trojan.Generic.bjtxj
Antiy-AVL	Trojan/Win32.TSGeneric
Xcitium	Packed.Win32.MUPX.Gen@24tbus
ZoneAlarm	HEUR:Trojan.Win32.Agent.gen
Microsoft	Worm:Win32/Ramnit!pz
Google	Detected
AhnLab-V3	Trojan/Win32.Poison.C55785
Acronis	suspicious
Cylance	unsafe
TrendMicro-HouseCall	TROJ_GEN.R03BH06IF23
Ikarus	VBS.Ramnit
MaxSecure	Trojan.Malware.8326453.susgen
Fortinet	W32/Ramnit.A!dam
AVG	Win32:Ramnit-CA [Trj]
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_100% (W)

How to remove Worm:Win32/Ramnit!pz?

Worm:Win32/Ramnit!pz removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X