Ramnit is a virus in it’s most literal sense. In 2012, this worm already infected over 50,000 Facebook accounts, of which 27% of accounts were French, and reached over 800,000 other computers around the world. Although a number of anti-virus programs can detect it, Ramnit mutates constantly to continually reappear on the worldwide web.
This virus directly infects commands (explorer.exe, userinit.exe, cmd.exe, etc.) and dll files on a system. The virus modifies key startup programs in safe mode to prevent its use. Restrictions are also imposed on your computer (deactivating attaching hidden files and folders, deactivating task manager; registry editor; User Account Control; alerts from the security center; etc.). Certain iterations of the virus even release a KillAV program (antivirus killer) and stop the critical processes and services of security tools, as well as preventing a fresh installation. Ramnit then begins a search on your personal information, scanning Windows system files in addition to the cookies on your internet browsers: usernames, serial numbers, etc. The virus spreads rather quickly!
The virus only needs to infect one file and enter the memory of the computer to begin to spread to other files.
The infections of this kind often come from an unfortunate click on an infected file that can typically come from the internet (specifically from P2P networks or newsgroups) or infected USB drives. Ramnit is discretely installed onto the PC, and begins to rummage through the hard drive searching for personal information and usernames that will then be sent to hackers.
View full solution