Trojan.Ramage, aliases Win32/Ontonphu and Win32/Flooder.Ramagedos, is a Trojan that servers as a back door. It is downloaded and dropped by other malicious programs and can be controlled remotely. This Trojan targets Windows OS. Although, it's not the most sophisticated piece of malicious code, Trojan Ramage may perform a distributed denial-of-service attack (DoS/DDoS) and collect certain information on the compromised computer. It then sends gathered information (operating system version and volume serial number) to a remote server.
When executed, the trojan usually copies itself into the 'Application Data' folder. However, it may drop additional files in Windows system folders as well. Trojan.Ramage creates the following files:
- %UserProfile%\Application Data\ODBC.exe
- %UserProfile%\Application Data\Intel.exe
- %UserProfile%\Application Data\Netscape.exe
- %UserProfile%\Application Data\Intel.exe
- %UserProfile%\Application Data\Sysinternals.exe
- %UserProfile%\Application Data\WinRAR.exe%
- UserProfile%\Application Data\Policies.exe
- %Windir%\Sxc\svchost.exe
- %System%\drivers\svclock.exe
The Trojan adds various keys to Windows registry to runs automatically after a system reboot. Trojan Ramage adds itself to the Windows firewall authorized applications list to avoid anti-virus software detection and by-pass Windows firewall. To remove Trojan Ramage, please scan your computer with anti-malware software. If you need help removing this Trojan, please leave a comment below. Good luck and be safe online!
Share this information with your friends:
No comments:
Post a Comment