Follow:

You have been re-routed to the Trojan:Win32/Ramnit.C write up because Trojan%3aWin32%2fRamnit.C has been renamed to Trojan:Win32/Ramnit.C
 

Trojan:Win32/Ramnit.C


Microsoft security software detects and removes this threat.
 
This threat can be used to install other malware onto your PC.
 
See the Win32/Ramnit family description for more information.
 


What to do now

Use the following free Microsoft software to detect and remove this threat:

You should also run a full scan. A full scan might find other, hidden malware.

Get more help

You can also visit our advanced troubleshooting page or search the Microsoft virus and malware community for more help.

If you’re using Windows XP, see our Windows XP end of support page.

Threat behavior

Trojan:Win32/Ramnit.C is the generic detection for a DLL component dropped by other malware. It is used to load another malware.
Installation
Trojan:Win32/Ramnit.C is dropped by other malware as a DLL file with the following file name format:
 
  • <random characters>.cpl (for example, "kxxxacvv.cpl", "qrejtdcd.cpl")
 
It is usually dropped with an EXE file, for example, "kctcsugs.exe" and "rdkidfba.exe". Trojan:Win32/Ramnit.C creates a mutex named "INTEL_CEDR_STORE".
Payload
Runs other malware
 
Trojan:Win32/Ramnit.C creates a process to run the dropped EXE file, which may be detected as other malware such as Worm:Win32/Autorun.AAY
 
Analysis by Lena Lin

Symptoms

Alerts from your security software may be the only symptom.


Prevention


Alert level: Severe
First detected by definition: 1.93.1757.0
Latest detected by definition: 1.189.1636.0 and higher
First detected on: Nov 12, 2010
This entry was first published on: Jan 18, 2011
This entry was updated on: Sep 22, 2014

This threat is also detected as:
  • Win-Trojan/Starter.3584.F (AhnLab)
  • Trojan.Win32.Starter.yy (Kaspersky)
  • W32/Runner.NZ (Norman)
  • Trojan.Ramnit!iQNQL6zS3w0 (VirusBuster)
  • TR/Starter.Y (Avira)
  • Win32/Ramnit.H (CA)
  • Trojan.Starter.1591 (Dr.Web)
  • Win32/Ramnit.F (ESET)
  • Trojan.Win32.Ramnit (Ikarus)
  • W32/Ramnit.a (McAfee)
  • Trj/Starter.G (Panda)
  • TROJ_STARTER.SM (Trend Micro)