How to DELETE RavMonE.exe,autorun.inf,msvcr.dll without any anti-virus programs

How to DELETE RavMonE.exe, AUTORUN.INF, msvcr71.dll

I am using Windows XP.

Lets name (RavMonE.exe,AUTORUN.INF,msvcr71.dll) as TRIO.

After plugging in your USB device, DO NOT do anything
even if Windows asks what to do to open the drive.
CANCEL or CLOSE it. DO NOT double-click your USB drive/device.

If you want to know if your USB drive contains TRIO, right-click
it within My Computer. If you see “Auto” written in bold above “AutoPlay”
then it means you have the TRIO virus/worm (i dont know but it stinks).

The reason for NOT double-clicking it is that AUTORUN.INF will execute
some instructions… messing your registry…

Even if you show all files within the Folder Options, TRIO will
not show up on your USB device. The only chance to see it is
using the command window.

These are the steps on how to delete it assuming you follow those
instructions mentioned earlier:

important: Press Ctrl+Alt+Delete then
Go to the Process tab, select Image Name: RavMonE.exe, click “End Process”
and confirm it “Yes”.

  1. Go to Start menu then Run. Type: cmd or command

  2. Type your USB drive letter: e.g. G:

  3. Type on the command window: edit AUTORUN.INF (edit or dont edit the file.)

  4. “Save As” the file with the SAME NAME AND DIRECTORY replacing the original
    file. This will prevent the file from being invisible.

  5. Exit the ms-dos editor

  6. Do the same for RavMonE.exe and msvcr71.dll (steps 3-5)

  7. On the command window, delete the files
    e.g: del AUTORUN.INF
    del RavMonE.exe
    del msvcr71.dll

  8. Exit the command window by closing it or typing: exit

  9. This is a very necessary step: RESTART YOUR PC

Your USB drive is now virus free / worm free. You can now double-click it
inside My Computer.

===============================================================================

In case you accidentally double-clicked your USB drive. The following steps
on how to delete it are the following:

a. Press Ctrl+Alt+Delete
b. Go to the Process tab, select Image Name: RavMonE.exe, click “End Process”
and confirm it “Yes”.
c. Do the instructions above from 1-9
d. Go to Start menu then Run. Type: cmd or command
e. Type on the command window: cd
f. Type: cd Windows
g. Try typing “RavM” and strike Tab on your keyboard in order to see if RavMonE.exe
is residing inside Windows folder. Do the same for AUTORUN.INF and
msvcr71.dll. If one or all of them is present then type: cls
h. Do steps 3-5
i. Go to c:\windowd\system32 folder. In case you have already opened the command
window, type: cd system32 and DO steps 3-5 again
j. DO steps 8 and 9.

I know RavMonE.exe is present inside the registry after you accidentally
double-clicked your USB drive but accessing and modifying the windows registry
is a risk. Please don’t try. :slight_smile:

For advance users, search for RavMonE.exe only inside the registry
and modify its entry. You can delete its entry but it’s not applicable
if RavMonE.exe is included with the system files entry. Only erase the word/s
“RavMonE.exe e”.

xmx23 is always open for suggestions/corrections. :wink:

Thanks for posting… hope that it helps someone with this infection.

My one question would be to the infected person would be “Why haven’t you got any AVS on your machine?”

Quite bizarre in this day and age.

i dont have AVS… anti-virus programs keeps my pc busy… (hang)…
;D

For my opinion, for those whom have good knowledge 'bout programming it won’t be a big prob handle with this kind of virus without antivirus but what will happened if you facing the real threat? What will you do if you can’t even open Registry, unhide hidden files etc…

Answer, you live or die on your back-up and recovery strategy.

If I get into a situation that would cause me more that say 30 minutes to resolve, I would just restore my last weeks image of my primary hard disk partitions, this takes me a little over 15 minutes.

I do a weekly image of my primary HDD as part of my regular system maintenance and save that to my secondary HDD mainly used for storing these images (or to DVD) and back-ups of data files. I do daily back-ups of data I don’t want to lose, documents, emails, bookmarks, email address book, connection settings, etc. if you don’t want to loose it back it up.

The last restore was after a BSOD which on boot my firefox settings were all screwed up (so it doesn’t have to be a virus, etc.) and even though I have the FEBEs extension that didn’t work fully, so it was going to take time. So I just restored the last image and this was the worst case scenario, it was 6 days since my image backup. I then restored the last daily back-up of my data files and it looked as though nothing had happened. I had a couple of small programs to reinstall that weren’t on the image back-up but the downloaded programs were backed up by my daily data back-up.