This page contains detailed analysis on W32/Ramnit.a. To get rid of this Trojan, please follow the removal guide below.

W32/Ramnit.a is a virus that is self-replicating. It usually propagates via unsecured network connection and removable USB drives including flash drive, writable CD and external hard disk drives. W32/Ramnit.a also spreads by infecting file on the system that is shared on a network environment.

Alias: Type_Win32, Win32/Zbot.A, W32/Infector.Gen2, Win32/Ramnit.A, Win32.Rmnet,
W32.Infector, W32/Patched-I, PE_RAMNIT.A

Damage Level: Medium

Systems Affected: Windows 9x, 2000, XP, Windows Vista

When executed, W32/Ramnit.a it will drop a random-name generated file that contains the strings “Mgr.exe” or “Srv.exe.” It also executes the same file that will to infect other executable it may found on the system. This virus can also infect files that have .HTML and .HTM extension.

Once loaded and running, W32/Ramnit.a will create a backdoor and connects to a remote server to allow a remote attacker to gain control on the compromised computer. It waits for other tasks that the remote attacker may perform on the PC.

The virus can inject malicious code into default Internet browser and uses this method to bypass Windows firewall and other security programs.

Some infected machines may display an error if the Trojan’s embedded code is having conflict to other programs. Here is the sample error message.

Error Report

Virus do self-replicate. Infections are commonly propagated on unsecured computer networks or transmitting the virus to a removable media devices like UDB drives, writable disc, and memory sticks. Viruses can also spread by compromising a shared system files within a network.

How to Remove W32/Ramnit.a

1. Temporarily Disable System Restore (Windows Me/XP). [how to]
2. To be able to identify even the most recent variant of W32/Ramnit.a, open your antivirus application and update the virus definition file.

3. Start Windows in Safe Mode with Networking.
- From a power-off state, turn on the computer and press F8 on your keyboard repeatedly.
- Your computer will display Windows Advanced Boot Options menu. Please select Safe Mode with Networking.
- The system will now boot Windows and loads only necessary drivers and files.

4. Open your antivirus program and run a full system scan. After the scan, delete all infected items. If unable to delete, better place them in quarantine. Once the scan is complete, please proceed with the next step.

Scan with McAfee Stinger:

Stinger is a portable security tool that can detect and remove particular viruses. It utilizes a highly developed scan engine technology that includes process scanning and scan function optimization.

5. Go to McAfee Labs Stinger web page and download the tool. Save it to your desktop.
6. Once the download completes, double click on the file to run the program.
7. The Stinger main program will open.
8. Default directory to scan is the system drive (C:\). You may add additional drives to scan by clicking on Add button.
9. Click on Scan Now button to begin scanning assigned drives.
10. Stinger will now scan and repair/delete all infected files.
11. When done, you may now close McAfee stinger and restart Windows in normal mode.

9 Responses

  1. Tracey says:

    Our McAfee security fixed an infected file on our desktop with this W32.Ramnit.a (virus). Could it have come via a memory stick which my 14 year old son normally uses for homework on his laptop, and if so, does it mean his laptop (which doesn’t have McAfee) could be infected too? He has been having a few problems with it lately…..any help would be appreciated, as we are not very ‘techie’ parents!!

  2. Remove W32.Ramnit says:

    thank u i had this virus in my pc & after using your advise it has gone so thanks….!

  3. Rais says:

    I used Dr. Cure IT before to remove this. Now in my laptop it takes too much time to scan & pc reboots for a Blue Screen problem. I tried Doctor Web with 1/2 effective solve. LETS HOPE YOUR IDEA WORKS

  4. REDDY says:


    I ram stinger.Ramnit.a virus not at all detected by this program.I tried with norman it is able to detect,but not able to clean the virus.Only option it gives is to delete the infected files.Is there any antivirus which can clean the infected(Ramnit.a) files.

    Thanks in advance

  5. Frankton says:

    Reddy, most of the people I know who got infected with this ended up reformatting their PC’s. As you last options, you may try Trend Micro Housecall.

  6. Kapil Sharma says:

    Try Guardian antivirus 2012 its properly repairing it before booot.

  7. dhirendra says:

    I am also facing the same problem with virus ramnit .It came thru pen drive . i am using anti virus micro soft essentials which is not able to remove it . it is again and again cleaning and removing the ramnit virus but again after 10 to 15 minutes it detects it .Pl. advice how to removes it . My OS window 7HB

  8. l says:

    same problem as @dhirendra but mine came through 1channel movie site, same antivirus micro soft essential and it cant remove it. the virus wont let me install any other anti virus such as avast, avg etc. in some cases it doesnt even display webpages to do with removal of this virus. my memory stick was in the whole time i hope it didnt affect it.

  9. sampath says:

    No one virus remove this Ramnit.A virus completely. I have successfully removed this virus in my system without any anitivirus. Any one contact me I will give suggestions to remove this virus completely from your system without any damages. contact email svsampathravi@gmail.com

Leave a Reply

Your email address will not be published. Required fields are marked *