Type of file: exefile
Description: Random filename
Location: Startup Folder
Size: 101872 b
MD5: F3873258A4258A6761DC54D47463182F
What it does:
- Starts with Windows
- Infects exe, dll and html files
- Worm spreads via the default web browser
- Create 4 shortcuts on external drives
- Create copies of itself at the RECYCLER folder on external drives
Manual removal instructions
These instructions are specific to this variant of Ramnit.
1. Terminate the malware process using Taskman or Taskkill
TASKKILL /F /IM FIREFOX.EXE*
* Replace filename with your default web browser
2. Delete the worm located at the Startup folder. Filename is
random.exe.
3. Delete all shortcuts and RECYCLER folder on external drives.
4. Scan with an updated antivirus.
Note: DO NOT SCAN while malware is active in memory.
Do not use Smadav (Very low detection with high False Positive)
To GOD be the glory!
All content ("Information") contained in this report is the copyrighted work of WinXPert: Virus and Malware Removal.
The Information is provided on an "as is" basis. WinXPert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, WinXPert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.
Copyright © 2016 WinXPert. All rights reserved. All other trademarks are the sole property of their respective owners.
