In addition to the file i have another log file by same name and 2 other files with pf extension. The exe file appears in the windows explorer window when i open a folder or a removable drive and then dissappers from the window without a trace.Also i have noticed it in the processes list when i press 'ctrl+alt+del'. Also i tried scanning the file with antivirus and did not get any error or warning message. please advice as i have not noticed this before.Is this a normal windows file(I am using XP windows)
2007-01-22 03:01:49 · 7 answers · asked by sahadevan 1 in Computers & Internet ➔ Software
Yes it is a VIRUS.
Discovered: June 23, 2006
Updated: December 22, 2006 02:38:44 PM GMT
Type: Worm
Infection Length: 3,513,806 bytes
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP
When W32.Rajump is executed, it performs the following actions:
Copies itself as the following file:
%Windir%\RavMonE.exe
Note: %Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows (Windows 95/98/Me/XP) or C:\Winnt (Windows NT/2000).
Adds the value:
"RavAV" = "%Windir%\RavMonE.exe"
to the registry subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
so that it is executed every time Windows starts.
Opens a randomly choosen TCP port.
Posts IP addresses, port numbers and threat versions to one of the following URLs:
[http://]natrocket.kmip.net:5288/ret[REMOVED]
[http://]natrocket.kmip.net:5288/ies[REMOVED]
[http://]natrocket.9966.org:5288/ies[REMOVED]
[http://]scipaper.kmip.net:80/ies[REMOVED]
May copy itself to removable USB drives.
TO REMOVE IT:
To delete the value from the registry
Click Start > Run.
Type regedit
Click OK.
Navigate to the subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
In the right pane, delete the value:
"RavAV" = "%Windir%\RavMonE.exe"
Exit the Registry Editor.
Restart your PC. Then goto the windows directory and delete the file. You are now clean. Also get a virus scanner so your not running blind!
2007-01-22 03:11:37 · answer #1 · answered by pws8us 2 · 0⤊ 0⤋
File purpose and description:
Ravmone.exe is a file that has been reported as a virus and spyware related program (both). Be sure to verify the exact hard drive location shown below. This file is part of the "backdoor trojan" virus, which has many variations. This file should be removed immediately, if you are not comfortable removing files, remember you can always just rename the file (for example rename ravmone.exe to ravmone.backup). Then it can no longer run, terminate the task in your tasklist first if you have trouble renaming it or getting access to it. (See the details below for the actual location of this file.)
2007-01-22 11:07:05 · answer #2 · answered by newton3010 6 · 2⤊ 0⤋
This is a well known virus, sometimes propagated by usb devices so scan your flash drives and ipods etc too
for removal instructions, read here
http://stylez.wordpress.com/2006/10/09/a-guide-to-removing-ravmoneexe/
2007-01-22 11:15:31 · answer #3 · answered by zoomjet 7 · 0⤊ 0⤋
It is a virus (trojan) prevalent with ipod. Go to the below link to get more info and software to remove it.
http://www.sophos.com/security/analyses/trojbdoordij.html
or you may also remove it using AD Aware Se at www.lavasoftusa.com
2007-01-22 11:11:09 · answer #4 · answered by Slim Shady 5 · 0⤊ 0⤋
Yes, it could be. If you don't know what it is, better find a way do remove it.
For more information, check http://www.bleepingcomputer.com/startups/RavAV-15228.html
2007-01-22 11:06:02 · answer #5 · answered by octi 2 · 0⤊ 0⤋
See:
http://www.bleepingcomputer.com/startups/RavAV-15228.html
Amongst many others
2007-01-22 11:05:59 · answer #6 · answered by Mictlan_KISS 6 · 0⤊ 0⤋
don't know
2007-01-22 11:04:52 · answer #7 · answered by angela b 1 · 0⤊ 0⤋