The following system changes may indicate the presence of this malware:
Your antivirus or security product does not work correctly or stops working completely
Trojan:WinNT/Ramnit.gen!A is a rootkit component that is a member of the Ramnit family of malware. This component is designed to prevent other components of the Ramnit family from being detected by certain antivirus and security products.
What to do now
To detect and remove this threat and other malicious software that may be installed on your computer, run a full-system scan with an appropriate, up-to-date, security solution. The following Microsoft products detect and remove this threat:
Trojan:WinNT/Ramnit.gen!A is dropped by other variants of the Ramnit family to the %TEMP% folder as a system file (.SYS) with a random name, for example "qxcouvmc.sys". In the wild, we have observed Trojan:Win32/Ramnit.A dropping this trojan.
Disables or prevents your antivirus and security products from working properly
Trojan:WinNT/Ramnit.gen!A hooks the following APIs to prevent security products from detecting other components of the Ramnit family:
Trojan:WinNT/Ramnit.gen!A also receives a list of security products from other components of the Ramnit family, for example, Trojan:Win32/Ramnit.A. Trojan:WinNT/Ramnit.gen!A then kills those products on the list.