This page contains data and removal guide to delete W32.Ramnit.B from an infected computer. Follow the instruction carefully to get rid of the Trojan instantly.
W32.Ramnit.B is a computer worm that will spread itself by creating a copy on removable USB drives. W32.Ramnit.B also scans local drives for .exe, .dll and .html files. When found, it appends these files with an encrypted payload. The worm will create a back door that will allow distant attacker to carry out malicious actions. It uses rootkit techniques to hide its presence and monitor network traffic of the compromised computer.
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Windows Vista
W32.Ramnit.B loads by means of removable media devices. When it runs, the worm will create a copy it itself inside the target computer. It may utilize the Autorun function of Windows to execute the worm when accessing the drive or exploit certain weakness on the operating system. Whatever method that materialized to launch the worm, it will create a mutex called INTEL_CEDR_STORE to make sure that only once instance is running.
Then, the worm will create several files under Program Files and User Profile. It will look for presence of removable USB drives and when found, the worm will drop a copy of itself. Accompanying those items is an Autorun.inf file that launches the threat when drive is accessed. Please see Associated Files area for the complete list.
To configure automatic start-up, W32.Ramnit.B will add registry entries. The worm will start on every time Windows starts. A backdoor is essential so that remote attacker can control the infected computer. After opening this transmission protocol, remote attacker may have full access to perform malicious actions on the PC.
- Upload and download files
- Capture screen shots
- Update the worm
- Scan traces of user name and passwords from Internet browser cookies
- Clear the cookies
- The most deadly payload that W32.Ramnit.B can bring to a computer is making it unusable. W32.Ramnit.B can destroy the whole operating system simply by deleting essential files.
W32.Ramnit.B spreads through spam email messages and unsecured peer-to-peer connections. Once inside the computer, it attempts to propagate by infecting removable drives like USB Flash Drive, External Hard Drives and Memory Sticks. It may also inject malicious VBS script to .HTML files that operates will fetch more threats when executed.