Wednesday, August 20, 2014

Kajal Majhi

How to remove RAMNIT malware

    No comments:



Ramnit is one of the most dangerous threat which is active today, it is a form of malware which is integrated with social engineering and because of which an user can be victim of this malware very easily. Usually it infects the .exe , .dill , .html files and also steals banking and financial information.

It is a multi component malware which spreads through removal devices such as USB Flash drive and stays stable until an user logged into his account.
It opens a backdoor which becomes easy for remote attackers to access your system remotely and make sudden changes as per their wish.

It makes some terrify changes in your computer , due to which it becomes difficult to make any changes such as OS updates, install security software or any anti malware programs.

Its steals browser cookies

Its steals login data and saved FTP and financial credentials.


How RAMNIT infect and work in a windows system?
When an user logged in into his Online bank account , then RAMNIT inject into a page where the user has to configure a phone number for one time password (OTP) or any other page to “set transfer processing system”  where it execute a temporary phone number. Then it connect to the command server designed by the attacker where it dispatch the details . Then the user receive a temporary number via RAMNIT and a OTP from the bank’s server. When the user enter the both his is right in the traps because he has authorized a money transfer to the attacker’s account unknowingly .
How to detect RAMNIT in your system?
You can diagonanis your system by various system diagonis tools and can see the infected output below:

REG:system.ini: UserInit=c:\windows\system32\userinit.exe,,c:\program files\microsoft\desktoplayer.exe”


How to get ride of RAMNIT malware?
Its is not easy to get ride of such type of malware which makes difficult to install security suit , but we have many options  to try.
Microsoft has many free tools which can detect and remove such threats .

Windows Defender  for Windows 8 and Windows8.1
Microsoft security Essentials for  Windows 7 and Windows Vista

Option two:
Download eScan antivirus toolkit.
Start your PC in safe mode  ( You can get the Safe mode option in BIOS under Boot settings )
Lunch the Toolkit and scan the complete hard drive.

Advice for user :
Always use a strong password
Use a good Firewall software
Always scan the removal storage media
Perform system updates at least once in a month.


Kajal Majhi

About Kajal Majhi -

Kajal Majhi is professionally a Cyber Security Analyst , a blogger , tech geeks and a newbie into the world of photography. He occasionally writes about IT security, Technology, reviews and also writes column in his personal blog at My Life and Words

Subscribe to this Blog via Email :