Hello all, Jasper here. Today, I shall have the honour of showing you all, especially students from RP, who has been fed-up with the RavMonE.exe virus that’s been going around school!
Firstly, an introduction to RavMonE.exe.
What is RavMonE, and what exactly does it do?
RavMonE is actually a backdoor.trojan found on the Internet that possess certain dangerous risks involved. It can actually download spyware/adware in the background, and slows down your computer to an amazing rate which you will find unbelieveable.
Currently for RP students, I have found that it brings in the malware from the chinese website, www.3721.com, which is very irritating for the constant popups it brings along, and the background program, sxs.exe
I have not found much information on sxs.exe yet, but I understand it’s also a unpleasant program sleeping within the computer.
At the same time, I understand that RavMonE.exe also contain alot of potential threats, so my first step to handling such a situation, is to eliminate it by its roots.
So the guide shall begin without further ado……
1st Part : Check for the symptoms of RavMonE.exe running within your laptop.
- Is your computer lagging?
- Do you see a process called RavMonE.exe running in your task manager? **
** If you don’t know how to access your task manager, right click on your taskbar and select the option Task Manager
done?
Check for any processes by the name RavMonE.exe, whether if it’s running.
If it’s running, select it, and end the process, by clicking on the end process button.
NOTE: Check whether there are more than one RavMonE.exe process running within the Task Manager, I have seen laptops running with 8-10 RavMonE.exe processes after repeated “innocent” clickings to find out what the program actually does.
2nd Part : No. The situation is not over yet, if RavMonE.exe could be fixed that easily, this guide will never surface. So it comes to finding the source file that actually causes this program, the very famous, very well-known, notorious…RavMonE.exe! It actually has a program within one of your computer’s system folders. Now I shall elaborate on going to the source itself.
- Let’s go to My Computer and find your Local C: Drive.
For RP students, it’s your System Drive C:/
- Go in, and find the Windows Folder.
- Continuing, go into your Windows Folder.
- Now to find the RavMonE.exe program among the…OMG..so many files!
What to do?
tip : press R a few times to fasten up the speed of finding files starting with the name R, to narrow down to RavMonE.exe easily.
- after you find the file, laugh in an evil manner to yourself and say, “you can’t escape me, bwhahahahhaha!”
Seriously, back to topic, once you find the file, delete it. At the same time, also check out for the Ravmonlog file normally accompanying it. Delete the ravmonlog file, although that one is rather harmless.
3rd Part : The Final Step, The last Step, the Technical Step.
- As we come to quite a situation since just now, we reached the very technical step of removing RavMonE.exe from your startup.
- If you are very proeficient in using msconfig, you should know about the functions, to control the processes and services loading at startup of your laptop.
- If not, to people who are new to msconfig, it’s a utility created to allow you to select how your laptop is starting up with certain files, to ensure minimal lag.
NOTE : Why you may ask, that I discuss about msconfig. RavMonE.exe actually leaves a startup registry key within the msconfig, and my 3rd step is to remove this startup registry key. If you would like to know how to run msconfig, press on your start button. Go to “Run…” and click it. In the blank space, type in msconfig and press enter.
But seriously, don’t mess around with the msconfig, you may disable the wrong file.
- back to topic, like what I have say, I wanted to remove that startup registry key so that there will be no re-self activation of RavMonE.exe in your computer. This involves the editing of your registry, so read carefully.
1st : run the Registry Editor, by going to your start button, and pressing “Run…” and type in regedit, and press enter.
- after doing the above steps, you have reached the registry editor.
- you have reached quite a far step, so at this point of time, read carefully.
- 1st: go to hkey_local_machine and click on the + button.
- 2nd: go to software and click on the + button.
- 3rd: go to Microsoft and click on the + button.
- 4th: go to Windows (not the other windows folder, please don’t touch it) and click on the + button.
- 5th: go to CurrentVersion, and click on the + button.
- 6th: go to Run.
- You should have reached this part of the registry editor now.
- Find the RavAV subkey and select it, and press the delete button on your keyboard.
- If it ask for confirmation to delete the key, press yes.
- Now close your registry editor.
- Get yourself a drink and pat yourself on the back.
- THE JOB’s COMPLETED!
NOTE: Small update here, readers, please also check your “Prefetch” Folder in your Windows Folder in your C: Drive. My fellow classmate, Nasri, has identified it to be one of the loopholes for RavMonE.exe to run again. Thanks Nasri! Will keep you guys updated about this post!
Note: This is a guide for students who does not have antivirus, or wish to learn how to remove ravMonE.exe manually. There are actually a few antiviruses programs that I would recommend to remove RavMonE.exe, basically
- AVG Antivirus (Free/Server/Corporate) [Either one works wonderfully in detecting and removing it)
- TrendMicro
- Norton Antivirus (Can detect, Can remove, but is a heavy memory hogger, your nightmare antivirus)
DISCLAIMER : This guide can be freely distributed, but it shall not be used for any commercial or illegal purposes to sell to staff/students of RP, and this guide is not exactly perfect, so I apologise in advance if I have caused any confusion. At any point of time, if you have any suggestions or opinions, please reflect it into the comments section, or mail me at 63183@myrp.edu.sg for any enquiries.
I understand that there are actually a few methods to solve the RavmonE problem, so this is a suggestion from me. I welcome all other suggestions and ideas from anyone else.
Thank you for reading this guide, and I hope you have understand and enjoyed your time here.
Thank you.
- StyleZ
“Play with Originality, Play with StyleZ”
