Virus disabled Windows Update on millions of PCs

The Ramnit-botnet which was taken down this week by Europol, Microsoft and security companies, disabled Windows Update, Windows FireWall, Windows Defender, User Account Control and virus scanners on more than 3 million computers the last 5 year. The infected computers no longer received important updates and were at risk of being infected by malware.


Ramnit first appeared in 2010 and was designed to steal passwords and data for internet banking. The virus can infect .exe, .dll and .html files on the hard disk and attached storage devices and once the virus is active, it disables several security measures in Windows, including the installed virusscanner. To achieve this, Ramnit uses a special blacklist with more than 300 antivirus applications.

The last couple of months the virus mainly disabled virus scanners from Microsoft. The software giant detected the last 6 months more than 500,000 computers that are still infected with Ramnit. Although since this week the cybercriminals behind the botnet are no longer able to communicate with infected computers, the infected computers still contain the virus and the modified settings are still active.

Fortunately virus scanners and removal tools are able to detect and remove the malware. Microsoft advises users to regularly scan their computer with antivirus scanners and warns to be careful with e-mails and social media messages of unknown users.