Trojan:Win32/Ramnit.C is the generic detection for a DLL component dropped by other malware. It is used to load another malware.
Trojan:Win32/Ramnit.C is dropped by other malware as a DLL file with the following file name format:
<random characters>.cpl (for example, "kxxxacvv.cpl", "qrejtdcd.cpl")
It is usually dropped with an EXE file, for example, "kctcsugs.exe" and "rdkidfba.exe".
Trojan:Win32/Ramnit.C creates a mutex named "INTEL_CEDR_STORE".
Runs other malware
Trojan:Win32/Ramnit.C creates a process to run the dropped EXE file, which may be detected as other malware such as Worm:Win32/Autorun.AAY
Analysis by Lena Lin