In this post, I’m not going to insert any pictures or images. It has been a while since this problem occured. I’ve tried a number of those free anti-viruses (I’m stingy okay..hehe) and none of them work. I tried using a Ravmon Removal Tool (right click and save as here to download) but it didn’t cure my problem. I haven’t try the new version called the Smart Anti Virus 1.0 but I’m going to check it out soon.

Anyway, one of my colleague here at my office circulated an e-mail on how to remove RavMonLog virus. I’ve tried it myself, and it works:

THREAT NAME
Worm.RJump.A

CLEAN INSTRUCTIONS

1. Right click on an empty space from the taskbar (or right click on the clock from the right corner) and select Task Manager.
   - Select the Processes tab, locate ravmon.exe, right click on it and select End Process
   - Delete the following file: C:\Windows\ravmon.exe
2. To clean the removable storage device (USB stick, PEN drive etc.) right-click on your USB stick / PEN drive icon and select Explore.NB: Be careful NOT to double-click the icon because the malware will be reactivated.
   - Locate and delete the autorun.inf and ravmon.exe files
3. Click on Start, Run, type regedit and click on OK.

NB: Before you edit the registry, please export the keys that you plan to edit, or create a backup of the system before you proceed.

1. Navigate to HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
2. Delete the "RavAV" = "C:\windows\ravmon.exe"

SYMPTOMS

1. Presence of the autorun.inf and ravmon.exe files in the root of the storage device.
2. Presence of a copy of the ravmon.exe file in the windows system folder.
3. Presence of the RavMonLog file that contains the port number for the backdoor component.

DESCRIPTION

1. Worm.RJump.A spreads by creating a copy on removable storage devices or mapped drives.
2. It drops the following malicious files:
   • autorun.inf
   • ravmon.exe
3. Also it drops a clean msvcr71.dll file that is a part of Microsoft Visual Studio.
4. It opens a port for the backdoor component.

I believe that every one of us are promoters. If we feel good about the stuff that we use, we will always tell it to someone else whether directly or indirectly. Today I’m going to write about a new high tech tool that I’ve been using for the past 2 months. Being introduced to Remote Desktop Connection (RDC) during one of my visit to a Microsoft road show, it has truly changed the way I’ve been looking at computers. If you are using Windows XP like me, the application is already built inside START > All Programs > Accessories > Communications:

If you have never used RDC before, you need to find another PC for you to connect and try out. However, it is best if you are familiar with IP Address and networking configuration before you use this facility. This application when in use and connected, acts like your normal Windows but you are actually controlling another computer remotely. If you want a free web-based application that is easy to use, one more tool that I use is a web service called LogMeIn:

If you look at the screenshot above, that is my remote computer or specifically known as a Virtual Private Server (VPS) located half way across the globe in Pennsylvania, US. I pay USD19 per month to use this VPS which is always online 24/7. If you do the math, I save a lot by leasing this VPS instead of owning one simply because:

1. I don’t have to buy those expensive PC/Server stuff that will cost me thousands of dollars
2. The VPS is always online 24/7 and I don’t have to worry about high electricity bill because the extensive need of cooling system the computers/servers need to have
3. The download connection in the US is superb. At 1GB per second network connection, it is hundred times faster than my normal internet connection. Of course, getting that file to my PC requires FTP that is limited by my internet connection
4. I can use a unique static IP address for my website or web apps for a fraction of a price rather than leasing one from my local ISP

My only problem for using this VPS is it can be sometime slow just to access and because of the low price, I only get 256MB of RAM which is rather limited. Occasionally, I need to restart my VPS at least once a week to free up the RAM or the VPS will crashed. Well as usual, you get what you pay for right?

If you are interested to use a cheap VPS for your Windows remote development or even Linux powered one, check out SWVPS. I’ll write more of how and what I have use my VPS for in my next following post to come.

My web hosting just recovered from a serious hard disk failure. All the data, my websites are all gone! I only had back up for just my blog. I had a horrendous weekend! I think it is time to change to a new web host.

I have to rebuild back all of my website thanks to not making back ups and thanks to my web host who was in hurry of upgrading their hard disk and corrupted all the data. I feel so miserable right now. Later..

I was trying to log into my blog control panel and all of sudden this screen showed up:

At first I thought my office IP address was being blocked. So I thought, maybe I’ll try and access it from home and see if my home IP address can get through. Then I said to myself, “How come I am using my new found proxy server technique but still I can’t access my own blog?”, “There must be something wrong here!”. So, using my new HTTP-Tunnelling proxy technique accessing through another web-based proxy called Guardster, I still cannot get into my blog control panel. Now this is ridiculous!

I suspect that there might be something wrong with my plugin, so I immediately went to Bad Behavior plugin blog. There it is, a download solution to my login problem. Now comes the most challenging part, replacing the plugin with the new updated one. My FTP was not working because there is a connection problem where the directory can’t be retrieved. I had to do it using my web hosting control panel file manager and replace the files manually one by one. It took me longer than I thought because the download files were not being in the order as the previous plugin.

Luckily, I still managed to log into my blog eventually. Frustrated, I decided to disable the Bad Behavior plugin once and for all. It’s a shame though because this plugin is good to prevent blogging spam. Without this plugin, I predict my Akismet spam plugin could easily reach thousands with the amount of traffic I received nowadays. I should have hacked into my Wordpress database and disable this plugin but I don’t want to mess around with it since I haven’t done my back up yet.

I can’t imagine someone who doesn’t have the necessary skill of repairing a Wordpress blog enduring this problem. Being blocked out from your own blog can drive you NUTS! I hope that this incident won’t happen again in the future.