VBS/Ramnit.SMC
Analysis
VBS/Ramnit.SMC is a generic detection for a VBS infector.
Below are examples of some of these behaviours:
- This VBS file infector usually affects HTML page.
- It drops a file undefinedTempundefined\svchost.exe and undefinedProgramFilesundefined\Microsoft\DesktopLayer.exe, both detected as W32/Snocry.JQ!tr.
- It also causes to infect EXE and DLL and will be mostly be detected as W32/Ramnit.A.
Recommended Action
- Make sure that your FortiGate/FortiClient system is using the latest AV database.
- Quarantine/delete files that are detected and replace infected files with clean backup copies.
Telemetry
Detection Availability
FortiGate | |
---|---|
Extended | |
FortiClient | |
FortiMail | |
FortiSandbox | |
FortiWeb | |
Web Application Firewall | |
FortiIsolator | |
FortiDeceptor | |
FortiEDR |