Worm.Ramnit is Malwarebytes' detection name for a specific wormthat is able to steal information from the compromised system.
Type of infection
The primary task of Worm.Ramnit is to steal information from the compromised system. It does this by downloading component files that perform particular tasks. For example, one of its components is capable of stealing cookies in order to hijack banking and social media sites. Another component is capable of giving threat actors remote access to the affected system.
Common infection method
Worm.Ramnit arrives on affected systems via removable and fixed drives, public FTP servers, exploit kits, or bundled with potentially unwanted software. Sometimes, it can also be dropped by Virus.Ramnit.
Malwarebytes blocks Worm.Ramnit
Malwarebytes can remove Worm.Ramnit without further user interaction. However, it is also advisable to call legitimate computer technical support services should one encounter complications.
- Please download Malwarebytesto your desktop.
- Double-click MBSetup.exeand follow the prompts to install the program.
- When your Malwarebytes for Windowsinstallation completes, the program opens to the Welcome to Malwarebytes screen.
- Click on the Get started button.
- Click Scan to start a Threat Scan.
- Click Quarantineto remove the found threats.
- Reboot the system if prompted to complete the removal process.
It is also recommended to change all passwords that could have been stolen from the affected system.
How to remove Worm.Ramnit with the Malwarebytes Nebula console
You can use the Malwarebytes Anti-Malware Nebula console to scan endpoints.
Nebula endpoint tasks menu
Choose the Scan + Quarantine option. Afterwards you can check the Detections page
to see which threats were found.
On the Quarantine page
you can see which threats were quarantined and restore them if necessary.