THREAT NAME
Worm.RJump.A
CLEAN INSTRUCTION
* Right click on an empty space from the taskbar (or right click on the
clock from the right corner) and select Task Manager
* Select the Processes tab, locate ravmon.exe, right click on it and select End Process
* Delete the following file:C:\Windows\ravmon.exe
* To clean the removable storage device (USB stick, PEN drive, etc… )
right click on your USB stick/PEN drive icon and select Explore
NB: Be carefull not to double click on the icon because the malware will be reactivated.
* Locate and delete the autorun.inf and ravmon.exe files.
* Click on Start, Run, type regedit and click on OK.
NB: Before you edit the registry, export the keys that you plan to edit,
or create a backup of the system
* Navigate to: HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows\CurrentVersion\Run
* Delete the “RavAV” = “C:\windows\ravmon.exe”
* We recommend that you download Bullguard and run a full scan of your system
SYMPTOMS
* Presence of the autorun.inf, ravmon.exe in the root of the storage device
* Presence of a copy of the virus (ravmon.exe) in the windows system folder
* Presence of the RavMonLog file that contains the port number for the backdoor component
DESCRIPTION
* Worm.RJump.A spreads by creating a copy on removable storage devices or mapped drives
* It drops the following malicious files:autorun.inf and ravmon.exe
* Also it drops a clean msvcr71.dll file that is a part of Microsoft Visual Studio
* It opens a port for the backdoor component
hope you can get some info out of this guys… c”,)
Related posts:
thanks…atleast..lam ko na paanu madelete tong worn na ni..sakit kaau sa mga usb..hahahaha
Thanks mate that was very helpful.