How Do I Remove W32.Ramnit?

W32.Ramnit is a dangerous worm that can enter your system through removable drives or executable files that you run.

It can work as a browser hijacker as it redirects your browser to malicious or dubious websites.

When W32.Ramnit is installed on your system it will create a copy in the recycle bin and produces several autorun.inf files on each drive.

When an infected drive is accessed the virus will initiate and create several issues such as –

  • hijacked web browser
  • corrupted files
  • slow and/or unreliable PC
  • altered system settings
  • a redirected browser
  • slow internet connection
  • pop ups

Therefore, you will want to remove W32.Ramnit as quickly as possible.

The first thing you will need to look at is the registry entries created by W32.Ramnit. When you find these you can delete them –

Files

Windows\System32\rundll32Srv.exe
Windows\System32\dmlconf.dat
ProgramFiles\Microsoft\DesktopLayer.exe
UserProfile\Local-Settings\Application Data\\.exe

Registry Entries

HKEY_CURRENT_USER\Software\Microsoft \Windows\CurrentVersion\Internet Settings “Proxy Override” = “”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “”
HKEY_CURRENT_USER\Software\AVSolution

I would, however, always advise caution when making changes with the registry and mistakes can cause further problems – only perform a manual removal of W32.Ramnit if you are sure you know what you are doing.

Also, make sure you install one of the best antivirus programs so that you have ample protection against malware in the future.

About Lee Munson

Lee's non-technical background allows him to write about internet security in a clear way that is understandable to both IT professionals and people just like you who need simple answers to your security questions.

Speak Your Mind

*