Trojan.Ramage is a harmful Trojan that permits a remote attacker to secure an access on the target computer. The Trojan also performs Distributed Denial of Service attack (DDoS) to make computer or network resources unavailable.
Also Detected As: Trojan/Win32.Ramage (AhnLab-V3), TR/ATRAPS.Gen (AntiVir), Win32:Downloader-LWI [Trj] (Avast), Gen:Trojan.Heur.PT.cGW@aqWKyPf (BitDefender), Trojan.Win32.Spy!IK (Emsisoft), HEUR:Trojan.Win32.Generic (Kaspersky), Generic.tfr!ba (McAfee), Trojan:Win32/Ontonphu.A (Microsoft)
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Windows Vista, Windows 7
Once Trojan.Ramage is executed, it will create several harmful files under Windows, System, and UserProfile directory. Any of the dropped files can be used to perform individual task. The Trojan is also capable of running itself when Windows starts by adding Windows registry entry. Trojan.Ramage will drop corresponding file name and values that can be any of the following:
Lastly, Trojan.Ramage makes necessary registry changes to pass-through Windows firewall and allows backdoor communication. It will connect to command and control server (C&C) to receive instructions to carry out distributed denial of service attack.
Common distribution of Trojan.Ramage involves another Trojan and virus infection. An unspecified malware may download and drop Trojan.Ramage onto target computer through security breaches that may be exploited by malware authors intentionally.