dzypherus
RAdmin
 Number of posts: 337
Age: 26
Location: Philippines(Iligan)
Registration date: 2007-08-20
 |  Subject: Rampant on USB, Ravmonlog Virus (2007)  Thu Aug 21, 2008 10:44 am | |
| HOW TO REMOVE RAVMONLOG VIRUS:THREAT NAME
Worm.RJump.A
CLEAN INSTRUCTION
* Right click on an empty space from the taskbar (or right click on the clock from the right corner) and select Task Manager
* Select the Processes tab, locate ravmon.exe, right click on it and select End Process
* Delete the following file:C:\Windows\ravmon.exe
* To clean the removable storage device (USB stick, PEN drive, etc...
)right click on your USB stick/PEN drive icon and select Explore
NB: Be carefull not to double click on the icon because the malware will be reactivated.
* Locate and delete the autorun.inf and ravmon.exe files.
* Click on Start, Run, type regedit and click on OK.
NB: Before you edit the registry, export the keys that you plan to edit, or create a backup of the system
* Navigate to: HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows\CurrentVersion\Run
* Delete the "RavAV" = "C:\windows\ravmon.exe"
SYMPTOMS
* Presence of the autorun.inf, ravmon.exe in the root of the storage device
* Presence of a copy of the virus (ravmon.exe) in the windows system folder
* Presence of the RavMonLog file that contains the port number for the backdoor component
DESCRIPTION
* Worm.RJump.A spreads by creating a copy on removable storage devices or mapped drives
* It drops the following malicious files:autorun.inf and ravmon.exe
* Also it drops a clean msvcr71.dll file that is a part of Microsoft Visual Studio
* It opens a port for the backdoor component
-- d
_________________
Dream as if you'll live FOREVER,
Live as if you'll die TODAY.
|
|
