This page contains detailed analysis on W32/Ramnit.a. To get rid of this Trojan, please follow the removal guide below.

W32/Ramnit.a is a virus that is self-replicating. It usually propagates via unsecured network connection and removable USB drives including flash drive, writable CD and external hard disk drives. W32/Ramnit.a also spreads by infecting file on the system that is shared on a network environment.

Alias: Type_Win32, Win32/Zbot.A, W32/Infector.Gen2, Win32/Ramnit.A, Win32.Rmnet,
W32.Infector, W32/Patched-I, PE_RAMNIT.A

Damage Level: Medium

Systems Affected: Windows 9x, 2000, XP, Windows Vista

When executed, W32/Ramnit.a it will drop a random-name generated file that contains the strings “Mgr.exe” or “Srv.exe.” It also executes the same file that will to infect other executable it may found on the system. This virus can also infect files that have .HTML and .HTM extension.

Once loaded and running, W32/Ramnit.a will create a backdoor and connects to a remote server to allow a remote attacker to gain control on the compromised computer. It waits for other tasks that the remote attacker may perform on the PC.

The virus can inject malicious code into default Internet browser and uses this method to bypass Windows firewall and other security programs.

Some infected machines may display an error if the Trojan’s embedded code is having conflict to other programs. Here is the sample error message.

Error Report

Virus do self-replicate. Infections are commonly propagated on unsecured computer networks or transmitting the virus to a removable media devices like UDB drives, writable disc, and memory sticks. Viruses can also spread by compromising a shared system files within a network.

9 Responses

  1. Tracey says:

    Our McAfee security fixed an infected file on our desktop with this W32.Ramnit.a (virus). Could it have come via a memory stick which my 14 year old son normally uses for homework on his laptop, and if so, does it mean his laptop (which doesn’t have McAfee) could be infected too? He has been having a few problems with it lately…..any help would be appreciated, as we are not very ‘techie’ parents!!

  2. Remove W32.Ramnit says:

    thank u i had this virus in my pc & after using your advise it has gone so thanks….!

  3. Rais says:

    I used Dr. Cure IT before to remove this. Now in my laptop it takes too much time to scan & pc reboots for a Blue Screen problem. I tried Doctor Web with 1/2 effective solve. LETS HOPE YOUR IDEA WORKS

  4. REDDY says:


    I ram stinger.Ramnit.a virus not at all detected by this program.I tried with norman it is able to detect,but not able to clean the virus.Only option it gives is to delete the infected files.Is there any antivirus which can clean the infected(Ramnit.a) files.

    Thanks in advance

  5. Frankton says:

    Reddy, most of the people I know who got infected with this ended up reformatting their PC’s. As you last options, you may try Trend Micro Housecall.

  6. Kapil Sharma says:

    Try Guardian antivirus 2012 its properly repairing it before booot.

  7. dhirendra says:

    I am also facing the same problem with virus ramnit .It came thru pen drive . i am using anti virus micro soft essentials which is not able to remove it . it is again and again cleaning and removing the ramnit virus but again after 10 to 15 minutes it detects it .Pl. advice how to removes it . My OS window 7HB

  8. l says:

    same problem as @dhirendra but mine came through 1channel movie site, same antivirus micro soft essential and it cant remove it. the virus wont let me install any other anti virus such as avast, avg etc. in some cases it doesnt even display webpages to do with removal of this virus. my memory stick was in the whole time i hope it didnt affect it.

  9. sampath says:

    No one virus remove this Ramnit.A virus completely. I have successfully removed this virus in my system without any anitivirus. Any one contact me I will give suggestions to remove this virus completely from your system without any damages. contact email svsampathravi@gmail.com

Leave a Reply

Your email address will not be published. Required fields are marked *