I bought an mp3 player, I notice an executable file Ravmon.exe and an autorun.inf those files run when I connect first time mp3 player with my laptop.
Strange things happened Avast antivirus announced viruses but files cannot be cleaned. Viruses had infected all executable files in my laptop, it has WIN XP SP2. Nothing could disinfect my files.
I couldn’t find virus files. I checked the internet and I found that ravmon.exe caused hidden files not to be seen. They suggested making all files unhidden. Finally I found Ravmon.exe in root and MDM.exe under windows folder. I deleted them clean the registry where file had been written. Still virus was everywhere, if I tried to clean with avast no way just to delete files; it was not the best solution because most of them were operating system files. I tried to clean them with a boot cd with mcaffe antivirus the procedure was stopping in the middle.
I tried to search internet and I found a tool called virutcure.com from HAURI Inc. it seem that worked, it cleaned those files that most antivirus said not, only delete.
Virus identified as win32.virut.b and cleaned from all files.
I found an explanation of how this virus works and is amazing what is it doing the blog is at http://www.teamfurry.com/wordpress/?p=20 and is really very informative.
Tuesday, July 31, 2007
A virus Ravmon was inside mp3 player!
Subscribe to:
Post Comments (Atom)
4 comments:
Thank u Stavros! Very interesting search. Your notes have been very usefull. Keep up the good work. The ignorants of the world salute you...
Thank u Stavros. Your comments are very usefull. It's great to know that there are still engineers out there with real need for quest for knowledge. Please keep up the "...Fight Against Ignorance..."
p.s. Give "FAI" to the people!!!
its really very informative.thx
Thanks m8!
Post a Comment