my PC has been infected by ravmone…
i guess it’s a worm…
but im not sure
i got it several times from an infected pendrive
but i manage 2 remove it
but y avast cant detect it… ???
my PC has been infected by ravmone…
i guess it’s a worm…
but im not sure
i got it several times from an infected pendrive
but i manage 2 remove it
but y avast cant detect it… ???
Generally, if a virus is replicant (coming and coming again), you should:
Other option is scanning in SafeMode (repeatedly press F8 while booting): http://support.microsoft.com/default.aspx?scid=kb;en-us;315222
Hope this help in anyway… 8)
If avast can’t detect it then send them a sample.
If you are not getting a virus warning that you believe is a new, undetected virus then if you can zip and password protect (‘virus’, will do) the suspect file and send it to virus @ avast.com (no spaces), or send from the chest.
Give a brief outline of the problem (possibly a link to this thread), the fact that you believe it to be a either a new, undetected virus and include the password in the body of the email. Some info on the avast version and VPS number (see about avast {right click avast icon}) will also help.
Hi bohan,
This worm opens a backdoor on the system of the infected machine. It is written in the script language Python and converted into Windows PE format through using the py2exe tool. The worm file has a size of 3 513 806 bytes.
Every worm file that infects, tries to complete the following operations:
Copy its file to the main file of Windows under the name RavMon.exe
By running every time the system starts up, writes to the registry:
“RavAV” = “RavMon.exe”
to be found in:
HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows\ CurrentVersion\ Run
write to or delete from the registry,
run themes,
run files from the internet,
delete files,
get to data or files on the system,
run or stop servicesi,
halt procersses.
http://natrocket.kmip.net:5288/
http://natrocket.9966.org:5288/
http://scipaper.kmip.net:80/
autorun.inf
msvcr71.dll
RavMonE.exe
The worm file is targeted, every time the user checks the disk size.
Also look here: http://www.bleepingcomputer.com/startups/RavAV-15228.html
polonus
thx guys ;D
No problem, welcome to the forums.