In this post, I’m not going to insert any pictures or images. It has been a while since this problem occured. I’ve tried a number of those free anti-viruses (I’m stingy okay..hehe) and none of them work. I tried using a Ravmon Removal Tool (right click and save as here to download) but it didn’t cure my problem. I haven’t try the new version called the Smart Anti Virus 1.0 but I’m going to check it out soon.
Anyway, one of my colleague here at my office circulated an e-mail on how to remove RavMonLog virus. I’ve tried it myself, and it works:
- Right click on an empty space from the taskbar (or right click on the clock from the right corner) and select Task Manager.
– Select the Processes tab, locate ravmon.exe, right click on it and select End Process
– Delete the following file: C:\Windows\ravmon.exe
- To clean the removable storage device (USB stick, PEN drive etc.) right-click on your USB stick / PEN drive icon and select Explore.NB: Be careful NOT to double-click the icon because the malware will be reactivated.
– Locate and delete the autorun.inf and ravmon.exe files
- Click on Start, Run, type regedit and click on OK.
NB: Before you edit the registry, please export the keys that you plan to edit, or create a backup of the system before you proceed.
- Navigate to HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
- Delete the "RavAV" = "C:\windows\ravmon.exe"
- Presence of the autorun.inf and ravmon.exe files in the root of the storage device.
- Presence of a copy of the ravmon.exe file in the windows system folder.
- Presence of the RavMonLog file that contains the port number for the backdoor component.
- Worm.RJump.A spreads by creating a copy on removable storage devices or mapped drives.
- It drops the following malicious files:
- Also it drops a clean msvcr71.dll file that is a part of Microsoft Visual Studio.
- It opens a port for the backdoor component.