How to remove RAVMON.exe virus without using any Antivirus?

>> Wednesday, August 13, 2008


Is your right click context menu showing some Chinese scripts ?
Is your show hidden files and folders not working ?
Is your command prompt , Registry Editor and task manager disabled ??

If all these things are happening to your Computer , the reason is that it has got infected by a virus named " RAVMON " .What can this Virus do ??

  • Disables task manager , Registry Editor and Command prompt .
  • Right click menu shows some Chinese scripts as shown in the figure.
  • Computer shutdown automatically and slogs a lot.
  • Folder Options disappear
  • Show hidden files and folders Option won't work.
With all these things not working , I can understand what can go with you !! because I have seen this problm in my friend's PC .But now you can be able to remove this virus completely as when i was searching for this problm I found a really good steps which are working quite nicely.

Follow the steps given below and you will be free from Ravmon.exe virus.

  • Confirm that you have Ravmon.exe virus . Right-click on any drive, if you see invalid characters in the menu, you are infected.
  • You have stop the process of virus,go to Task Manager(Ctrl+Alt+Del), go into Processes tab and find the progam named "SVCHOST.EXE", there will few more svchost in small case but you have to terminate the one which is written in CAPS, if you see more than one "SVCHOST.EXE" (all caps one) end the one with your username infront of it instead of LOCAL SERVICE, NETWORK SERVICE or SYSTEM.
  • Delete the virus files, for this you need to show system protected files.for this goto
My Computer>(Menu)Tools>Folder Options>(Tab)Views>Uncheck "Hide System protected files">Press OK
If you are unable to unhide the system files you can use 3rd party softwares to browse drive and delete files, try ACDsee or WinRAR.

Now you have delete these two files;

1.Autorun.inf

2.Ravmon.exe

from all of drives.Access drives from by typing drive letter in the address bar.
  • Once you are done with it, Open Windows folder(by address bar) and delete SVCHOST.EXE, SVCHOST.dll and MDM.exe.
Now restart the explorer.exe process by killing it in taskmanager and runing it again [(winkey + R), type "explorer" and hit enter].

Right-click on any drive and you will find valid characters...Congrats virus is removed.
This is optional as files are deleted from drives.

Remove MDM.exe from start-up.Press Winkey+R, type "msconfig" hit enter.Goto>(Tab) Start-up>Uncheck

"MDM.exe">OK>Exit without Restart.

0 comments:

Chitika

About This Blog

Lorem Ipsum

  © Blogger templates Sunset by Ourblogtemplates.com 2008

Back to TOP