W32.Ramnit is a worm that spreads through removable drives adding a back door, stealing passwords and monitoring activities.

The threat is distributed through removable drives, infected files on public FTP servers, exploit kits served through malicious advertisements on legitimate websites or social media, and is also bundled with potentially unwanted applications.

To spread itself, the threat will infect EXE, DLL, HTM, and HTML files and make copies of itself on removable and fixed drives.



The primary function of this threat is to steal information from the compromised computer. It does this by downloading various modules that can steal cookies to hijack online sessions for banking and social media websites.

It will also open a back door and connect to a C&C server so it can receive commands and request the modules that are used to steal information from the compromised computer. The commands that the threat can receive include capturing screenshots, uploading cookies, gathering computer-related information, and deleting root registry keys to prevent the computer from starting up.

The Removal Tool will perform the following:

Terminate processes associated with Ramnit
Repair infected files
Reset registry keys to multiple pre-selected values

Download @ http://www.majorgeeks.com/files/details/symantec_ramnit_removal_tool.html