SecurityHome.eu Virus:VBS/Ramnit.F

Home / malware PDF

Virus:VBS/Ramnit.F

First posted on 04 January 2012.
Source: Microsoft
Aliases :
Virus:VBS/Ramnit.F is also known as VBS.Ramnit.T (VirusBuster), VBS.Rmnet.2 (Dr.Web), W32.Ramnit!html (Symantec).
Explanation :
Virus:VBS/Ramnit.F is the detection for Visual Basic script appended to HTML document files by variants of Virus:VBS/Ramnit. When the infected HTML document is opened, Virus:VBS/Ramnit.F drops and executes Trojan:Win32/Ramnit.A.

Top

Virus:VBS/Ramnit.F is the detection for Visual Basic script appended to HTML document files by variants of Virus:VBS/Ramnit. When the infected HTML document is opened, Virus:VBS/Ramnit.F drops and executes Trojan:Win32/Ramnit.A.

The file detected as Trojan:Win32/Ramnit.A is dropped in the Windows Temporary Files folder as "svchost.exe". Note that a legitimate file also named "svchost.exe" exists by default in the Windows System folder.

Analysis by Fang Fang

Last update 04 January 2012

TOP

Malware :

RATDispenser
whispergate
Borat RAT
Trojanized X_Trader
BlackLotus

Last 20

Family:

Virus:VBS/Ramnit.gen!B
Virus:VBS/Ramnit.gen!A
Virus:VBS/Ramnit.A
Virus:VBS/Ramnit.F