is a detection for a malicious VBScript appended to HTML files by a variant of Virus:Win32/Ramnit. When an infected HTML file is opened, Virus:VBS/Ramnit.D
drops and runs a copy of either Trojan:Win32/Ramnit
This VBScript malware is appended to HTML files by a variant of Virus:Win32/Ramnit.
Drops and executes arbitrary files
Virus:VBS/Ramnit.D drops an executable binary into the user's Temporary folder and attempts to run it:
If a file of the same name already exists in that folder, Virus:VBS/Ramnit.D replaces that file with this dropped file.
The malware appends random characters to its body in an attempt to evade detection.
Analysis by Gilou Tenebro
The following system changes may indicate the presence of this malware: