Ramnit

The Win32 Flashbot and Win32 Malagent Virus Removal

The Win32/Flashbot.A  Worm, Trojan Win32/Malagent (Microsoft),  Variant.Strictor.2025 (Bitdefender)  is a kind of worm that spreads via removable media such as flash drive, external drive, memory card, etc.

flashbotThe worm searches for files and folders in the root folders of removable drives.  It copies itself into the root folders of removable drives using the same filename of the existing files and folder. The extension of the file or folder will become “.exe” and the original content   were hidden. When  the infected file is executed, the original file is also run.Before you proceed make sure you have select and unhide the following

    • Select Show hidden files, folders, or drives
    • Uncheck Hide extensions for known file types
  • Unchecked Hide protected operating files (recommended)

All the selection is located in My Computer, Tools, Folder Options Menu.

To fix  the problem:

    • Update the anti-virus into it’s latest virus signature
    • Run a quick scan in your computer
    • Run infected external storage; the “.exe” will automatically deleted
  • Unhide file and folder in removable drive

To unhide the folder

    • Right click the hidden file or folder
    • Click Properties
  • Uncheck or deselect “Hidden” and “Read-only”

The Removable Drive infected with Win32 Flashbot Worm

Flashbot.A