I once took a flash disk to a friend to copy a file. His machine running McAfee detected a virus (ravmon.exe) and cleaned it. I was surprised because I had checked the flash disk on my wife’s computer running a licensed version of a “top-rated” antivirus. My dell notebook (Xp-professional) computer runs avast (free version) and has always shouted “virus, virus” (usually this ravmon.exe) whenever I copy a file from my wife’s computer.
Last week again, I wanted to scan a flash disk from a friend, I saw Avast list ravmon.exe among the files on the flash disk but did not raise any alarm for me to tell it what to do (eg delete). I scanned again, the same thing. Agian, I tried to retrieve a file from my wife’s computer it and it was zonealarm (free version), not Avast, that told me that ravmon.exe wanted to assess the trusted zone and also wanted to connect to the internet. I denied it permission
Oh, What about my wife’s computer? She paid for 2-years internet suite and she still has over 1 year to run. The vendor wanted me to disable the antivirus, zip the antivirus and send it to them for analysis. I am not a techie and cannot handle any convoluted process. So I may get somebody to do what they want or just go ahead and uninstall completely. To be fair, this licensed internet suite often detects some malware (win.32…I don’t remember their full names) that Avast does not pick up.
My question - has Avast being compromised by this ravmon.exe?
I detected RavmonE.exe (that is actually the correct name) on my wife’s computer (the one running a licenced internet security suite) under processes (within Windows task manager). I was grateful for the opportunity to kill (end process). It is actually residing within C:\windows folder and I have been able to zip and mail it to the vendor. I was luck that yahoo virus scanner was temporarily unavailable at the time of attaching it, otherwise, it may have prevented me from mailing it.
Virustotal reported that it is malware, actually about 26 of the various antivirus software detected it but could not agree on the name - worm, win32, …jump were the common names. Only 6 software (including the one my wife is using say that it is clean).
Avast incidentally reported it as Win32:RJump-B from Virustotal, but it still passes it (I can see it as it is scanning) on my computer when I put in the USB drive. My Avast signature is up to date. Right clicking Explore does not reveal it under my computer. To see it, you have to be watching Avast as it is scanning the files. I do not think my own computer is infected - RavmonE.exe is not within C:\windows and it does not show up under running processes within windows task manager.
Thanks anyway. There is a new post on the topic (how to delete RavmonE, autorun…without antivirus), the author calls them the TRIO, and I have just skimmed it. I will read it in detail later and act.
To recap, avast! does not detect a known malware file on a USB drive, even when claiming to be scanning the drive.
The only possibility I can think of is that the file is in archive form on the drive and you do not have ‘scan archives’ enabled, but you said the file was an .exe file.
Does avast! detect the file if you right click on it and select scan with avast!?
Are the resident shield settings set to normal or have you customised the settings?
Maybe somebody else will have an idea why this is happening.
Sounds very much like what was happening at my workplace.
The virus was not detected “on-access” but was when an “on-demand” scan was performed.
Eventually the geniuses at the avast! virus labs concocted an evil smelling brew which killed the damn thing off, even from USB devices.
It may be another variant you have there, send it off asap.
What I do is insert the USB disk into my computer, go to my computer and right click the removable drive icon and ask Avast to scan it. I try to watch the files as Avast lists and scans them. My previous experience was that Avast would list this particular file and immediately raise an alarm. Of course I would ask it to delete all of it. However, Avast no longer does that. It now lists the file and passes it without any alarm that it is a virus. If I open the USB file normally to work on it, I won’t see it. I will only see files like word doc, powerpoint, but not this RavmonE.exe. Yet I know that it is there (having seen as it was being scanned) and I did not copy it onto the USB disk.
Avast detected it when I passed it through Virustotal, although that service just tells you about the viruses without doing anything about it. (Incidentally something just occured to me - why don’t they find a way of making this virustotal available to users normally - to scan and disinfect files. Although I can guess 2 reasons why they will not agree)
One thing, how do you enable archives scan in Avast? I have been trying to do it, but I don’t know how to.
Or you can press PrtScr button on your keyboard, paste it to Paint, Fireworks etc then upload it to any filehosting website. Get their link and paste it here…