1. Symantec-Broadcom-Horizontal/
  2. Security Response/
  3. Attack Signatures/
  4. System Infected: W32 Ramnit Activity 4

System Infected: W32 Ramnit Activity 4

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.


A Web based attack relating to W32.Ramnit has been blocked. Opening infected page may result in compromise of the host machine. No further action is required, but you may wish to update your virus definitions and run a full system scan as a precautionary measure.

Additional Information

W32.Ramnit is a worm that spreads through removable drives and by infecting executable files. W32.Ramnit!html is a generic detection for .html files infected by W32.Ramnit.


  • Windows


No further action is required but you may wish to perform some of the following actions as a precautionary measure.
Run the Norton Power Eraser. (home users)
Run the Symantec Power Eraser. (business users)
Update your product definitions and perform a full system scan.
Submit suspicious files to Symantec for analysis.

If you believe that the signature is reported erroneously, please read the following:
Report a potential false positive to Symantec.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube