virus logo Virus

VBS/Ramnit.SMC

description-logoAnalysis



VBS/Ramnit.SMC is a generic detection for a VBS infector.
Below are examples of some of these behaviours:

  • This VBS file infector usually affects HTML page.

  • It drops a file undefinedTempundefined\svchost.exe and undefinedProgramFilesundefined\Microsoft\DesktopLayer.exe, both detected as W32/Snocry.JQ!tr.

  • It also causes to infect EXE and DLL and will be mostly be detected as W32/Ramnit.A.



recommended-action-logoRecommended Action

  • Make sure that your FortiGate/FortiClient system is using the latest AV database.
  • Quarantine/delete files that are detected and replace infected files with clean backup copies.

Telemetry logoTelemetry

Detection Availability

FortiGate
Extended
FortiClient
FortiMail
FortiSandbox
FortiWeb
Web Application Firewall
FortiIsolator
FortiDeceptor
FortiEDR

Version Updates

Date Version Detail
2023-05-18 91.03385
2022-08-29 90.05506
2022-05-31 90.02802
2021-11-09 89.06714
2019-12-10 73.69300 Sig Updated
2019-12-05 73.58000 Sig Updated
2019-06-18 69.35000 Sig Updated
2019-05-13 68.49700 Sig Updated
ID 2887575
Released Jul 14, 2011
Description
Updated		 Oct 17, 2017
Aliases W32/Ramnit.A, W32/RAMMITa.D!tr, W32/Patched.I!tr, W32/Snocry.JQ!tr, VBS/Agent.BP!tr, Trojan-Dropper.VBS.Agent.bp, W32/Ramnit.a!htm virus, VBS_RAMNIT.SMC, Troj/Inor-Fam, Trojan.HTML.Ramnit.A, Win32/Ramnit.A virus
Platform Profile Visual Basic Script