Some of our readers reported to be infected by the popular Win 32 Ramnit virus variants there are many different versions of this virus and most of the time it comes from flash drives which you plug to the USB ports, its infect your computer by executing the malicious code in the autorun.inf files in USB drive, if you want to avoid further infection of any virus coming from flash drive you should read our article on USB Autorun Blocker or read how to stop virus transfer or copy from USB Flash Drive or follow our guide on prevent virus infection.
Win32 Ramnit Virus Information
Now some information about this virus, Win32/Ramnit.A is a file infector with IRCBot functionality which infects .exe, and .HTML/HTM files, and opens a back door that compromises your computer. Using this backdoor, a remote attacker can access and instruct the infected computer to download and execute more malicious files. The infected .HTML or .HTM files may be detected as Virus:VBS/Ramnit.A.Win32/Ramnit.A!dll is a related file infector often seen with this infection. This virus infection is often contracted by visiting remote, crack and keygen sites.
What Harm It Can Do?
Once you have this virus infection the safest way to get rid of this virus completely is by reformatting your windows computer, as this virus invites the key loggers and other Trojans which could steal your username and passwords of emails and banking account as well, so this could really turn out to be a big danger for your pc and your personal and professional data. Apart from this, it will always try to use your internet connection and try to load a malicious code website which could install more malware and other viruses on your computer, When you search something in google or yahoo, you will be redirected to malicious sites no matter which link you clicked and you could see some undesired pop-up windows with objectionable content anywhere and you should avoid clicking on them.
Is there Any Way To Remove This Virus?
Yes, the best possible way to remove this virus is to run the windows in safe mode by pressing F8 at the time of boot up, there are many free programs like Malwarebytes which could help you remove this malware, and other programs like SUPERantispyware and Dr. Web Cure but all these programs can only make this virus inactive till the time you visit some website again which could initiate the action of this virus. As known about this virus that it may infect a file to such an extent that it cannot be repaired back to original state by your common antivirus programs, as the infected file often becomes corrupt and system may become irreparable.
Following are some possible ways to remove this virus, let us know if they work for you.
Method 1: Try Removing Rootkit.Win32. Ramnit By TDS Killer
You will first need to download TDS Killer on the infected PC and then run is as administrator, it will show the infections in a report once the tool completely scans your computer. When the scan is over, the utility outputs a list of detected objects with description. The utility automatically selects an action (Cure or Delete) for malicious objects and prompts the user to select an action to apply to suspicious objects (Skip, by default).
Once this utility repairs the infections by the virus on your computer, you will need to restart the PC for the repair to be completed.
By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. Logs have names like: UtilityName.Version_Date_Time_log.txt. In these log files you can see which file has been repaired by this software and which ones has been skipped if they are corrupted.
Please Note: Apart from the above tool to remove this virus, you should also try both SuperAntiSpyware and MalwareBytes [ Download Links Given Above ].
In case you find a infected file which cannot be deleted then you can try Norton Power Eraser which removes any file. It eliminates deeply embedded and difficult to remove crimeware that traditional virus scanning doesn’t always detect. Because the Norton Power Eraser uses aggressive methods to detect these threats, there is a risk that it can select some legitimate programs for removal. You should use this tool very carefully.
Method 2: Remove The Win 32 Ramnit Virus Manually
Open Start >> Run and then type secpol.msc and then click ok button or press enter key.
On the screen of “Local Security Policy”, right-click and select Software Restriction Policies “and click” Create New Policies “or” New Software Restriction Policies ”
Now right click on the “Additional Rules”, then select “New Hash Rule …”
After that screen will display “New Hash Rule” In the column “Hash Files”, click the[Browse] for example C: \ Windows \ Explorer.exe and specify one of the viruses that have duplicate file icon of a “folder” with a size of 105 KB.
Now in security level – select Disallowed and click the ok button. This how you can block the virus exe file from executing causing damage to your computer, but this method is not easy as you need to the know the exact virus file and its location
Read the source of method 2 to understand this quick solution.