Hello all, Jasper here. Today, I shall have the honour of showing you all, especially students from RP, who has been fed-up with the RavMonE.exe virus that’s been going around school!
Firstly, an introduction to RavMonE.exe.
What is RavMonE, and what exactly does it do?
RavMonE is actually a backdoor.trojan found on the Internet that possess certain dangerous risks involved. It can actually download spyware/adware in the background, and slows down your computer to an amazing rate which you will find unbelieveable.
Currently for RP students, I have found that it brings in the malware from the chinese website, http://www.3721.com, which is very irritating for the constant popups it brings along, and the background program, sxs.exe
I have not found much information on sxs.exe yet, but I understand it’s also a unpleasant program sleeping within the computer.
At the same time, I understand that RavMonE.exe also contain alot of potential threats, so my first step to handling such a situation, is to eliminate it by its roots.
So the guide shall begin without further ado……
1st Part : Check for the symptoms of RavMonE.exe running within your laptop.
– Is your computer lagging?
– Do you see a process called RavMonE.exe running in your task manager? **
** If you don’t know how to access your task manager, right click on your taskbar and select the option Task Manager
done?
Check for any processes by the name RavMonE.exe, whether if it’s running.
If it’s running, select it, and end the process, by clicking on the end process button.
NOTE: Check whether there are more than one RavMonE.exe process running within the Task Manager, I have seen laptops running with 8-10 RavMonE.exe processes after repeated “innocent” clickings to find out what the program actually does.
2nd Part : No. The situation is not over yet, if RavMonE.exe could be fixed that easily, this guide will never surface. So it comes to finding the source file that actually causes this program, the very famous, very well-known, notorious…RavMonE.exe! It actually has a program within one of your computer’s system folders. Now I shall elaborate on going to the source itself.
– Let’s go to My Computer and find your Local C: Drive.
For RP students, it’s your System Drive C:/
– Go in, and find the Windows Folder.
– Continuing, go into your Windows Folder.
– Now to find the RavMonE.exe program among the…OMG..so many files!
What to do?
tip : press R a few times to fasten up the speed of finding files starting with the name R, to narrow down to RavMonE.exe easily.
– after you find the file, laugh in an evil manner to yourself and say, “you can’t escape me, bwhahahahhaha!”
Seriously, back to topic, once you find the file, delete it. At the same time, also check out for the Ravmonlog file normally accompanying it. Delete the ravmonlog file, although that one is rather harmless.
3rd Part : The Final Step, The last Step, the Technical Step.
– As we come to quite a situation since just now, we reached the very technical step of removing RavMonE.exe from your startup.
– If you are very proeficient in using msconfig, you should know about the functions, to control the processes and services loading at startup of your laptop.
– If not, to people who are new to msconfig, it’s a utility created to allow you to select how your laptop is starting up with certain files, to ensure minimal lag.
NOTE : Why you may ask, that I discuss about msconfig. RavMonE.exe actually leaves a startup registry key within the msconfig, and my 3rd step is to remove this startup registry key. If you would like to know how to run msconfig, press on your start button. Go to “Run…” and click it. In the blank space, type in msconfig and press enter.
But seriously, don’t mess around with the msconfig, you may disable the wrong file.
– back to topic, like what I have say, I wanted to remove that startup registry key so that there will be no re-self activation of RavMonE.exe in your computer. This involves the editing of your registry, so read carefully.
1st : run the Registry Editor, by going to your start button, and pressing “Run…” and type in regedit, and press enter.
– after doing the above steps, you have reached the registry editor.
– you have reached quite a far step, so at this point of time, read carefully.
– 1st: go to hkey_local_machine and click on the + button.
– 2nd: go to software and click on the + button.
– 3rd: go to Microsoft and click on the + button.
– 4th: go to Windows (not the other windows folder, please don’t touch it) and click on the + button.
– 5th: go to CurrentVersion, and click on the + button.
– 6th: go to Run.
– You should have reached this part of the registry editor now.
– Find the RavAV subkey and select it, and press the delete button on your keyboard.
– If it ask for confirmation to delete the key, press yes.
– Now close your registry editor.
– Get yourself a drink and pat yourself on the back.
– THE JOB’s COMPLETED!
NOTE: Small update here, readers, please also check your “Prefetch” Folder in your Windows Folder in your C: Drive. My fellow classmate, Nasri, has identified it to be one of the loopholes for RavMonE.exe to run again. Thanks Nasri! Will keep you guys updated about this post!
Note: This is a guide for students who does not have antivirus, or wish to learn how to remove ravMonE.exe manually. There are actually a few antiviruses programs that I would recommend to remove RavMonE.exe, basically
– AVG Antivirus (Free/Server/Corporate) [Either one works wonderfully in detecting and removing it)
– TrendMicro
– Norton Antivirus (Can detect, Can remove, but is a heavy memory hogger, your nightmare antivirus)
DISCLAIMER : This guide can be freely distributed, but it shall not be used for any commercial or illegal purposes to sell to staff/students of RP, and this guide is not exactly perfect, so I apologise in advance if I have caused any confusion. At any point of time, if you have any suggestions or opinions, please reflect it into the comments section, or mail me at 63183@myrp.edu.sg for any enquiries.
I understand that there are actually a few methods to solve the RavmonE problem, so this is a suggestion from me. I welcome all other suggestions and ideas from anyone else.
Thank you for reading this guide, and I hope you have understand and enjoyed your time here.
Thank you.
– StyleZ
“Play with Originality, Play with StyleZ”
StyleZ.BLOG @ Republic Polytechnic 
Good effort! I appreciate your effort in preparing this alternative solution! I’m sure those who do not have AVs wil lfind this useful. 🙂
Hmm, just a note, my AVG detected it and removed it already… And i think my machine is clear of this virus because I can’t actually find the regkey it self… But I think my AVG itself is screwed up, it hangs while scanning…
Any ideas why it might hang?
Any help is much appreciated! 😀
Thankies!!
Comment by bakajam — October 14, 2006 @ 2:05 pm |
im krieg gibt es keine regeln…
apple scheint im moment alle tricks einzusetzen um windows benutzer zu einem mac zu bewegen ;)einige modelle des…
Trackback by FlowBlog - blog.flo.cx — October 18, 2006 @ 3:09 am |
Can you give me information how to clean it in thumbdrive???
Comment by nqfaq — October 20, 2006 @ 9:39 am |
if your thumbdrive , external hdd , had this virus
1.tools/folder option : uncheck the hide protected operating system files.
2.remove the following scumbags *autorun.inf,*msvcr71.dl,*RavMonE.exe.
Comment by nqfaq — October 20, 2006 @ 9:46 am |
hi nqfag, to remove it from your thumbdrive, download AVG Free Edition, and do a scan on your thumbdrive to remove it.
Comment by iceknight — October 20, 2006 @ 10:36 am |
ravmone removing
Comment by shahram — November 6, 2006 @ 3:57 pm |
thanks for ur advice: but we have discovered a better and short way of removing RavMonE.exe.
any ways thanks a lot!!!!
Comment by Mak — November 18, 2006 @ 4:41 pm |
Thanks for posting this info. It was very valuable… and ez to use.
Comment by Marco — November 25, 2006 @ 12:59 am |
dear sir thank you very much for your help I’m very glade to see people like you working to sovle othors problems if you got any update information about virus pleas email me too I will be happy …
Comment by khalid — November 27, 2006 @ 10:22 pm |
i wana know how can i remove backdoor ravemon.exe virus from my windows2000 im chakeking all my regedit files but it is not there but im using nortan antivirus9 corporate edittion with latest updater but im amazed it is still in my pc tell me right answer how can i remove actually im very tense coz im a technical supporting engineer in mediabank pakistan tell me plz how can i remove that all sorces ihad applied but virus still in my all pc tell me i have 150 computers on my company and all systems have this virus?
Comment by Atif — December 15, 2006 @ 2:46 am |
which antivirus is better for removing ravemone.exe virus tell me and im waiting reply me on my email add
broken_promisess@hotmail.com
Comment by Atif — December 15, 2006 @ 2:50 am |
hi atif, sorry for replying late, AVG Antivirus, is effective in removing ravmone.exe.
Norton Antivirus will slow down your system’s speed, so I recommend AVG antivirus as the choice.
Comment by StyleZ — December 15, 2006 @ 7:51 pm |
dude..thank you very much, i was so unaware that it was the one causing my computer to slow down..good thing you are there..thanks…
Comment by arjay — January 25, 2007 @ 9:56 pm |
you ARE AMAZING! I LOVE U! thank you~~ the steps were easy to follow and the screen shots were so helpful. YOU ARE THE GOD. THANKS AGAIN
Comment by grace — January 26, 2007 @ 1:18 pm |
hihi
dont really understand this :
if your thumbdrive , external hdd , had this virus
1.tools/folder option : uncheck the hide protected operating system files.
2.remove the following scumbags *autorun.inf,*msvcr71.dl,*RavMonE.exe.
can trouble u to provide step-by-step instructions?
thanks!
Comment by mel — January 27, 2007 @ 8:14 pm |
zoloft
news
Trackback by zoloft — February 4, 2007 @ 5:12 am |
huhuhu…
Help… all my pc was attacked by this evil RavMonE. I’ve already use AVG but then it cannot romove the virus. Even have i done online scanning this virus still there smiling at ME….
Comment by koja — February 14, 2007 @ 2:23 pm |
hey…
thnx 4 the advice…
bt i still have sum problm…
it seems that this virus have disabled my folder option..
i now cant hide or unhide folders..
is it because of the virus??
please help
Comment by Shat — February 23, 2007 @ 1:17 am |
thanks dude!you solved my problem..
Comment by alpha phi chupapi — February 28, 2007 @ 3:50 pm |
Been hunting around for ages this afternoon for some way to get rid of this damned thing and your advice was spot on. Thanks!
Comment by Tom — March 1, 2007 @ 5:13 am |
thanks a bunch for that tutorial! but what about the prefetch folder? should I delete the ravmone files in there?
Comment by shioan — March 2, 2007 @ 11:42 pm |
Hi, thank a lot for you advise on how to remove the Rav virus
It really helpful and appreciate you good effort.
how do you know so much about it.
Comment by Kenny — March 12, 2007 @ 11:16 pm |
well, I was working in my own school, and this RavMonE.exe started infecting multiple computers, so what I did was to actually find a manual method to remove this problem, as most of the computers was not installed with a fool-proof Antivirus solution.
Comment by J — March 13, 2007 @ 1:35 pm |
thank you very much it was very easy to understand and correctly done. cheers
Comment by Mohamed Nassar — April 3, 2007 @ 11:34 am |
On behalf of Delta Battery of the 2 Royal Canadian Horse Artilley, I thank your for telling me how to rid this off of our fire control computers here in Afghanistan
Comment by Tim — April 4, 2007 @ 7:24 pm |
THANKS ,,VERY EASY NOW MY PC IS FREE FROM RAVMOVE.. BUT STILL HAVE THE RAMONES
Comment by IAN UYVICO — April 5, 2007 @ 6:53 am |
it WORKS!~ really APPRECIATED!~ ya make it EASY to UNDERSTAND!~ n even EASIER to remove the SHIT out!~ so now, shud i be worry with my pendrive? how shud i remove it onmy pendrive? cud i easily format the pendrive? TQ very MUCH!~
Comment by lii — April 6, 2007 @ 3:59 am |
how to remove RavMonLog from hdd.
dun really understand :
if your thumbdrive , external hdd , had this virus
1.tools/folder option : uncheck the hide protected operating system files.
2.remove the following scumbags *autorun.inf,*msvcr71.dl,*RavMonE.exe.
need some step-by-step instructions.
thanks!!
Comment by ben — April 9, 2007 @ 1:34 am |
I still see the virus in my msconfig-startup window, how to remove it.????
Comment by richa — April 10, 2007 @ 8:39 pm |
hey! thanks so much for your help..but i can’t find the very last step. i can’t find the RAVav key.
question : can ramonexe virus be transferred through USB?
thanks again,
n
Comment by nix — April 12, 2007 @ 10:10 am |
Hi nix, RavMonE.exe virus is transferrable through USB. Do not pass around thumbdrives or flashdrives or harddrives that has been infected with RavMonE.exe.
Comment by J — April 12, 2007 @ 8:07 pm |
Hi,
Great solutions here..! Before reading this solution, I had tried AVG to remove RavMonlog virus. Then I tried this manual method but I didnt find anything in regestry… so I am sure that it had been removed..
But now I have new trouble that…
The drives(HDD) that had ravMonLog has lost its normal opening method(Double Click) it ask for the which programm to start..So I have to do right click each time & have to click on open..
Because on right click it shows “autoplay” is the first option…!!
I think so you have understood my problem…
If anyone know how to get rid of this trouble..
pls tell me..or mail me at darsheetjoshi@yahoo.co.uk
Pls. Help…
Comment by da — April 21, 2007 @ 5:37 pm |
Hmm….Thanks for teaching us to kill the virus. 🙂 Although I did my office’s computer and still, there are my home computer and laptop need to be done too. Sigh! Virus virus virus….I HATE VIRUS!!!!!! >:-/
Comment by Angie — April 23, 2007 @ 8:53 am |
Hi.. Thanx for the guide.
I have removed successfully after following you guide, BUT it pops up again everytime i try on open my USB Memory stick. I have noticed when I “right-click” on the drive, the first option is “Auto”, which normaly shouldn’t be there. If i double click, it takes LONG to open, then RavMonLog appears on the drive, and also the RavMonE scambag is back in the processes 😦
Please help.
Comment by Afro Dennis — April 24, 2007 @ 11:52 pm |
Oh! And AVG 7.5 doesn’t find it! it does a full system scan every morning, but NEVER finds RavMon
Comment by Afro Dennis — April 24, 2007 @ 11:54 pm |
HELP!!!
i did not find any registry key in the “current version” section… i dint find the RUN option over ther.>!! also i think avg has deleted tht virus..
is this some kinda virus ????????!!!
in start up ravmon.exe isnt there and in task manager also i cant see sxs.exe or ravmon.exe running…….
but ive a new problem,,, the hard disc drives are not openin by double click…. i have to right click and click on open to open the drives… but all the folders inside the drives can be opend by double clik…. if anyone knows how to fix this plz help……………..
thanks..!
Comment by SandS — May 7, 2007 @ 11:10 am |
my regedit is not working similarly msconfig and i also did not found any files of rav mon log in windows folder
Comment by coolone — May 8, 2007 @ 6:30 pm |
well i have AVG free edition but it doesnt seem to pick that there is a virus!i jus found out that it was thier when i put my pen drive in a machine with Norton. But i guess its because of the varient of this virus.The exe i got was named “AdobeR.exe” but the all the other files were there the autorun.inf,msvcr71.dll and ravmon.log file
i used a procedure from this link to fix it.But i still have to see if it worked?
http://www.bullguard.com/techguides/200407.aspx
Comment by cdoshi — May 9, 2007 @ 11:08 pm |
Se debe buscar en el RegEdit “Ravmone”, hay otras claves donde aparece, por ejemplo: “HKEY_CURRENT_USER\Software\ … \Explorer\MountPoints2\{52a40006-c629-11db-b43d-00300a1b44c5}” en “Shell\Auto\command\(Predeterminado)” y en “Shell\AutoRun\command\(Predeterminado)” y en muchas otras localizaciones! Se debe buscar dentro del RegEdit.
LuisS
Comment by Luis — May 9, 2007 @ 11:29 pm |
In “http://www.symantec.com/enterprise/security_response/removaltools.jsp” there is one “Removal Tools”: “W32.Rajump Removal Tool”. Download and use.
LuisS (Venezolan – español)
Comment by Luis — May 9, 2007 @ 11:52 pm |
what about if your thub drive have write-protected and you cannot remove the autorun,ravmon.exe…..what should I do?
Comment by nasuha — May 18, 2007 @ 1:29 am |
Your method to remove RavMonE virus worked well with my Windows XP. However, my FREE version (with the latest daily updates) failed to detect RavMonE virus in my computer and Thumbdrive, hence everytime I plug in my Thumbdrive, my computer will get infected again.
Many of my friends’ computers still use Windows 98. How do I get help them rid of RavMonE virus in their computers? I did the same thing as instructed for Windows XP, but I could not find the items.
Thanks.
Comment by Muthalib — May 22, 2007 @ 7:19 am |
I run AVG 7.5 free and it detected RavMonE.exe as soon as I plugged in my USB stick. Make sure that you update AVG regularly( both Priority updates and non priority updates. I picked up this virus from another PC that was running out of date anti virus. If your files are important to you, protect them!!
Comment by Peter G — May 23, 2007 @ 8:23 pm |
Hey Dude! RamNovLog was really getting on my nerves since months.
Your advice was of a great help.
Thanks a ton.
Devam Mody/Ahmedabad/India
Comment by Devam Mody — May 24, 2007 @ 4:31 pm |
wauu, that help. thanks
Comment by sufrie — May 27, 2007 @ 6:26 pm |
Thanks!! First i scan with avg, but it can’t detect RavMonE, even i’ve updated it. Then i found this webpage n it really helps! Thanks a lot!!
Comment by Peper — May 28, 2007 @ 5:42 pm |
Bravo!! D instruction is clear and easy to follows.
Comment by Peper — May 28, 2007 @ 5:43 pm |
Thanks for this very helpful website. I’m just disappointed with the AVG and Ad-Aware SE because now they don’t detect the RavMone.Exe. I have to manually remove it.
Comment by Kristine — May 29, 2007 @ 10:05 am |
Thanks! I have followed your advice and got rid of all the RavMon files and the computer appears to be alright. However, when I double-click on my external hard-drive, an “open with” window pops-up. Also, when I right-click on the hard-drive, the first option is “Auto” instead of “Open”. Can anyone please help me?
Comment by mel — June 2, 2007 @ 11:31 am |
I have done all the steps. I have run virus scan in safe mode. BUT IT KEEPS COMING BACK! I deleted it in the regedit, startup manager and even used msconfig to delete it. Here’s what happens:
1. I delete it in the locations stated.
2. I click on something else.
3. I click on stated location to check again.
4. It’s BACK!
This is soooo frustrating! My AVG doesn’t detect it at all. When i do a search for ravmone.exe, it is not found. But when i check in my regedit & startup, it’s there! And the location stated is in my Windows file but when i open windows to look for it… it’s not there! It’s only seen in the regedit and startup…(although the location stated is in windows)…
Help me help me i’m stuck and don’t know what to do! Oh dear oh dear Its driving me NUTS!
Comment by Aliza — June 5, 2007 @ 11:50 am |
[…] To my surprise I discover this RavMonE.exe inside my computer today, when I try to force shutdown my FireFox Browser. So I discover these tips from StyleZ. […]
Pingback by A Guide To Removing RavMonE.exe — June 7, 2007 @ 9:40 am |
Exclellent guide 😀
There are automatic removal tools already though 🙂
Here’s one from McAfee : http://vil.nai.com/vil/content/v_139985.htm
and from Symantec : http://www.symantec.com/en/mx/home_homeoffice/security_response/writeup.jsp?docid=2006-101916-4325-99
Comment by nikerym — June 14, 2007 @ 11:46 pm |
Hi.
er..just wanted to say about the Ravmon.log virus.actually the antivirus like avg not exactly detect the virus coz mhen i’m scanning my pendrive,it doesn’t detect any treats at all.now my pc get infected,but i do know what to do…except looking another antivirus (if it can detect those things..)
Comment by Aizen — June 26, 2007 @ 11:52 am |
Pls, i have got rid of the virus RavMonE.exe but my flash drive and external hard drive can no longer open directly from My Computer when i double click it. But If i right click, autorun first appears. Though i can open it with explore.
Please assist me.
Chika.
Comment by chika — June 26, 2007 @ 6:43 pm |
Thanks a lot. I’m french and Ravemone disturbed my computer ’til I found your work. Thank you, nice job, and very funny too.
Comment by David — June 30, 2007 @ 8:07 pm |
Hi all, the autorun or access problem that you all have mentioned, have been provided with a resolution @
You can visit the link to see the way to remove the access problem to your drive.
cheers!
StyleZ
Comment by J — July 2, 2007 @ 10:07 pm |
thank you! thank you! thank you! thank you! thank you! thank you! thank you!
what more can i say……….
Comment by pinky — July 2, 2007 @ 11:07 pm |
try this one http://fkn1337.com/remove-ravmonexe-virus-without-any-anti-virus/
Comment by Hasnat — July 20, 2007 @ 6:55 am |
I just deleted this thing a week ago but It goes on and it goes on. I had avast but It couldnt repair the error. I got Kaspersky and it blocks the process pretty well but everytime the process wants to run it just keeps popping up a little window in the right side of my PC screen.
If you know how to really terminate the process email me!
Comment by Mike — August 6, 2007 @ 10:52 am |
hi,
thanks for your information but i’m sorry i didn’t find this info useful as i didn’t find ravmone.exe nor I found registry entry.
plz update me if you’ve any other solution.
Regards
Comment by Hassan — August 6, 2007 @ 6:54 pm |
hello.
ther r mybe other ravmon .
1- go to tasks manger and seek “SVCHOST.exe” writen uppercase and kill the process
2- make displays all files and protected file system
3- delete the file name “SVCHOST.exe” in the Windows folder
4- delete all “Ravmon.exe” and “autorun.inf” files in the root of Your drivers
Comment by zakironi — August 6, 2007 @ 11:39 pm |
gracias por enseñar a matar este virus tan fastioso que se nos sube a la computadora de la nada… bueno espero que encuentres una manera para destruir otros virus….
Comment by rose — August 8, 2007 @ 8:24 am |
[…] or http://download.nai.com/products/mca…umpStinger.zip Further reading if that doesn’t work A guide to removing RavMonE.exe The Life of StyleZ __________________ – Click on my siggy to see the truth […]
Pingback by my computer hard disk not open while double click? - Asian4Ever — August 21, 2007 @ 12:30 am |
yo dude…thanks for your guide..
I really had a pain in the neck with the ravmon…
I nearly declared 4th world war for this small thingy…
anyway, thanks again…
Comment by Yamashita — August 23, 2007 @ 7:25 am |
thanks a lot to u n nasri. u made it so simple.
May ur tribe incr
Comment by gautam — August 26, 2007 @ 4:08 pm |
AVG cannot remove ravmon !!!!!
Comment by jazz — September 6, 2007 @ 3:47 pm |
yes, AVG can’t remove it…
Comment by patrick — September 22, 2007 @ 12:01 pm |
Hey you’re a lifesaver! I’ve had this idiotic virus on my laptop for way over a year – no I’m not kidding…. THANKS a lot!!!
Comment by Astrea — September 24, 2007 @ 8:32 pm |
StyleZ – Werd to you brother. Thanks for helping me and my buddies out.
Peace.
Comment by Dan — October 1, 2007 @ 3:12 pm |
Thanks a lot…The guide is very useful
Comment by Francis Masangkay — October 1, 2007 @ 10:08 pm |
HELP!!!
I’ve succeded remove that virus, BUT why I couldnt still access my USB or external hardisk with the “normal Way”??
PLEASE SOMEBODY HELP ME!!
Comment by DPD — October 4, 2007 @ 10:55 am |
hi..my usb drive is infected by ravemone.exe. i tries all the methods above (delete the autorun.. etc.) but to no avail. it keep on saying the disk is write-protected. how do i solve this?..
Comment by kHai — October 7, 2007 @ 4:23 am |
We really appreciate the effort you have done. this procedure is very helpful. very concise and easily understandable.
Comment by it web — October 9, 2007 @ 2:16 pm |
guys please help, i cant open my drive C and D! it prompts “CAN NOT FIND SCRIPT FILE C:\IMGKULOT.VBS
Comment by ryan — October 11, 2007 @ 12:08 pm |
Thank you for putting up help like this, there should be more people like this.
Thanks.
Comment by Dm — October 14, 2007 @ 11:42 am |
Hi! Thank you so much for your help! I really appreciate it! I’m not really sure whether the virus is gone for good.. Coz my AVG antivirus couldn’t detect it when I did a thorough scan thru my computer..(before I found this webpage)
Comment by -C- — October 16, 2007 @ 10:33 am |
Hi, Thank you so very much, I was ready to cry. My laptop, PC and 3 pendrives are all infected. I really don’t know what to do. VAG can’t detect it, Bullguard cannot remove it.
May the blessing of Lord Buddha shine upon you.
Comment by Crystal Cheah — October 22, 2007 @ 4:30 pm |
I think that the most easiest way to eliminate this virus and possibly any other of its kind is by, going to the registry.
First press the windows key + R or just click the start button then select run, type in regedit and press OK.
next go to Edit menu and select FIND or press Ctrl+F
Next type the ame of the virus and click FindNext.
At this time you are free to delete the mount points or the whole folder for to be finally free.
One interesting thing about this virus is that it embedds itself in C:\windows\system32\RunDLL32.DLL, ShellExec_RunDLL RavMon.exe e
and at
C:\windows\system32\RunDLL32.ExE, ShellExec_RunDLL RavMon.exe e
Please be careful with this trojan/virus
However, you can download Security task Manager to monitor Evil processes killing our operating system.
Always wiling to help(artakazezs)
Comment by Artakazezs — October 23, 2007 @ 7:30 pm |
Hey… thx for the BEST guide to removing this RavMonE on the net!!! Easy step & easy to understand… and also thx to all commentator for gud advised… cool!!!
Comment by ixam — October 26, 2007 @ 10:40 am |
Most detailed guide for newbies.. Additional information, RavmonE.exe and msvcr71.dll resides in your thumbdrive as hidden files and cannot be unhidden whether using command prompt attrib -h or in Tools->Folder Options… To be able to remove these files my suggestion is to backup your files to a clean drive then format the infected hard drive. Tedious but at least you’re sure that the virus is gone.
NEVER double-click the thumbdrive or select Autoplay on yout right mouse-click options. I think everyone should have a habit of using the right mouse-click option menu then select Open to open thumbdrive’s or any storage drive. I do it and from then on the virus hasn’t affected my PC…
Comment by Jericho — October 26, 2007 @ 11:07 am |
a very Cool help~ thank you very much !! 🙂
Comment by levian — October 27, 2007 @ 11:00 am |
AVG can’t detect nor remove this virus 😦 and the steps above doesn’t work for me.
i think the virus may be residing somewhere else. i need some additional help please!!!
Comment by uplinkhack — October 29, 2007 @ 8:18 pm |
THX FOR UR HELP… ravmone is finally deleted
Comment by amadero — November 3, 2007 @ 12:19 pm |
Hi, I found your tutorial quite helpful. I was able to get rid of the damn bugger and I do notice an increase in my computer’s performance rate.
Just a question though, I got locked out of my own registry. Any ideas how to unlock it?
I did your 3rd step by downloading a third party registry editor.
Thanks.
Comment by Nina — November 11, 2007 @ 1:51 am |
hahahaha, i’ll remove the devil, thanks, ur my hero bro
Comment by boriks — November 15, 2007 @ 4:03 pm |
hahaha, i’ll remove the devil, ur my idol, thanks bro
Comment by boriks — November 15, 2007 @ 4:04 pm |
Hi. Thank you for provided step-by-step tutorial.
I have one advice. Instead of looking for a specific path in registry to find RavMonE.exe, “FIND” tool can be used to locate it in registry. Usually this program is written in at least 2 registry entries.
Free Av 7.5 doesn’t detect it. But single search with Windows explorer can find any of RavMonE copies, as well as for accompaning dll and autorun.inf.
Comment by PAN — November 17, 2007 @ 11:54 pm |
Thanks, worked quite well.
Cheers.
Comment by Tony James — November 20, 2007 @ 3:08 pm |
thank you!!! you’re my life savour. >.<
Comment by person — November 25, 2007 @ 8:28 pm |
Thanks!!! Very very much!!
I got RavMon was a file AdobeR.exe…
I think its a variant of RavMonE
AVG doesnt detect it
I deleted the (many) AdobeR registries..
It´s all right now!!!
May the peace of Jesus be with you
Comment by Marcos — November 29, 2007 @ 5:27 pm |
Wow, this was really easy to follow, and it worked! Thanks a lot. You’ve been a great help. 🙂
Comment by May — November 29, 2007 @ 6:55 pm |
But does reformatting the whole PC or any removable disks helps to remove the virus?
THX —LK stylezZ
Comment by LK stylezZ — December 1, 2007 @ 3:54 pm |
RavMon – This spyrus is still giving headaches. Thanks for the information
Comment by abediaz — December 2, 2007 @ 5:50 pm |
ok..i done all the steps above but in the regitry section…okay…i opened the RUN in the currentversion but i stll cant find da RavAV thingy!!! NEED ASSISTANCE!!!!
Comment by LK stylezZ — December 3, 2007 @ 4:20 pm |
Thanks 😀 big help
Comment by Martin — December 7, 2007 @ 5:04 am |
Thanks. it help.
Comment by KFC — December 10, 2007 @ 8:17 pm |
appreciate your effort. thanks a lot.
Comment by KJ — December 12, 2007 @ 12:46 am |
how do you delete ravmonlog in a
usb flash drive.
Comment by Robert — December 14, 2007 @ 10:43 am |
Thank YOU!! U rock!
Comment by Blackempress — December 27, 2007 @ 4:01 am |
Thank you. It worked out. And also Nasri hint about prefetch folder was instrumental to have my PC completely clean (hope so!). Ciao
Comment by Pasquale — January 8, 2008 @ 5:33 am |
Hi Thanks for the great advice. i have AVG it didnt find this RavMon virus, i cant find it in my C drive, not in the msconfig, task manager or in regedit yet the RavMonlog file keeps popping up any time i save jpgs or other files. What else can i do? Also bittorrent.exe should i be worried about this program? I just disabled it in rededit.
Comment by Dave — January 10, 2008 @ 3:11 am |
just so u no avast finds the virus as well and it does not activate it. I almost got it but thankfully i was alerted by avast
Comment by arj154 — January 12, 2008 @ 2:34 am |
Y’know, you could just search using keyword RavMon*
And then delete those files… sinple.
Comment by Iori Yagami — January 18, 2008 @ 1:46 pm |
Thank you so much, my computer was VERY slow. Just to know, my AVG free version cant remove virus from drive G, but check this:
If your thumbdrive , external hdd , had this virus
1.tools/folder option : uncheck the hide protected operating system files.
2.remove the following scumbags *autorun.inf,*msvcr71.dl,*RavMonE.exe.
Instructions was originaly posted by nqfaq!
Comment by ReljaSrbin — January 23, 2008 @ 1:23 am |
I cant open my task manager!!!
maybe the ravmone keeping my task manager closed.!!!
What can I do?
thanks
Comment by eleni — January 25, 2008 @ 2:19 pm |
mekacih Bro…
Comment by peasatbskills — January 25, 2008 @ 10:49 pm |
Thanks for this guide…my school’s computers are flooded with this trojan, it just jumps from one networked computer to the next. A little tip to those who are experiencing the autorun problem…if you let it continue on a flash drive it will eventually corrupt every file you have, so it’s a good idea to get it off of your flash drive immediately. Ravmon also loves attracting a particular virus that activates itself on Halloween…thanks to this particularly nasty little trick, I backup my flashdrives and all important documents every single month.
Comment by rainethecomposer — January 26, 2008 @ 12:12 am |
One more tnx, HVALA, you helped me so much…
Comment by NeO — February 4, 2008 @ 3:08 pm |
Hi all. This is Jasper, writer of the guide.
I am moving my content soon to a new website as shown in my recent post.
Remember to visit me once it’s done!
I will be updating the removal guide soon, as I received multiple requests to work on such guides again.
Thank you all for the constant support!
Comment by J — February 4, 2008 @ 8:38 pm |
Ravmon changed my desktop icons to links. how can i restore it back. i already did this method but the desktop links doesn’t change. tnx! hope there’s a solution 4 that…of course not formating….hehehe.
Comment by Jhay Relorcasa — February 6, 2008 @ 9:52 am |
Very easy to follow and accurate!
Comment by Rusty — February 19, 2008 @ 10:03 pm |
Goooooood Job! zapped that thing like that! I am glad I found your site.
Comment by Francisco — February 21, 2008 @ 1:00 am |
Just to add my expirience with RavMonE.exe… I comed from a friend’s PC where I copied something on my USB STICK and when I pluged it in my PC, my NOD32 antivirus program find it on my stick. There was RavMonE.exe file on it, I deleted it and then gone on the web to search for it. Then I found out this page and after reading it I checked once again my stick and deleted also autorun.inf and hidden file feulihl.exe which was written in autorun.inf… so I soposed that this is also from same virus. It seems that my computer didn’t infect… lucky for me. Now I have to see to check my computers PC where I was yesterday.
Comment by dfilo — March 3, 2008 @ 5:22 pm |
hi me hamza i have also having this problem my usb is infected with it when i open the file it say it is write ptotected tell me the soloution
Comment by HaMzA — April 1, 2008 @ 1:50 am |
THANX OH SO MUCH! ❤ ❤ ❤
Comment by Nora & Davor — April 12, 2008 @ 9:12 pm |
THANK YOU SO MUCH….for the help…
this is one useful website
Comment by Aaron — April 25, 2008 @ 4:38 am |
hey man you are really genoious we want more article from you like that
Comment by rahman — May 5, 2008 @ 3:48 am |
nice info for your programming needs visit thanks!
Comment by johnnybravo — May 7, 2008 @ 5:44 pm |
thnx dude….. ur advice, simply awesome…. thnx again, chill…… but me still dont understand how to del it 4rm me thumbdrive????? any suggestions???? thnx….
Comment by Patrick — May 17, 2008 @ 4:56 pm |
Toor’s
Comment by SHAWAN — May 23, 2008 @ 7:53 pm |
It works! It works! Previously I tried running anti-spyware to remove it but for an unknown reason, the exe file still exist in my computer. Haha, now my computer could process much faster.. Appreciate your sharing, StyleZ. Thanks thanks thanks.
Comment by Chloe the F!sH — June 2, 2008 @ 10:31 am |
Man..you are thr great con..thanx for give me these helpful guide..i’m save from it now…huhuhu..
Comment by sky — June 29, 2008 @ 2:30 pm |
wah good solution….
Comment by lee — July 7, 2008 @ 3:50 pm |
[…] I think the stick is infected. Its a virus. A guide to removing RavMonE.exe StyleZ.BLOG @ Republic Polytechnic […]
Pingback by RavMonE.exe wtf is it and why does it keep reappearing. - MacTalk Forums — July 10, 2008 @ 1:19 pm |
Thx…you really help a lot…
somehow…my AVG (free ver.) can’t detect and delete the virus. I only knew that my comp was infected after saw the “rav.monE.exe” icon and a notice jumped out asking me if i wan to block or unblock the program “rav.monE.exe”.
Comment by Jane — July 14, 2008 @ 2:01 am |
after i done all the steps,and open my Harddisc,RavMon come out again..and my anti virus also cant detect it and show me no harmful virus are Found..grrkk..
Comment by Tammy — July 15, 2008 @ 2:45 am |
greeting,
how if i jz found the Ravmene.exe on my external…but its nt running on my task manager ..
izzit tat my computer infected oso ?
Comment by Kah_wah — July 17, 2008 @ 11:38 pm |
I thank your help very much becouse make me skill to eliminate ravemon from my laptop, but from my pen drive. Could you help me in that matter?
Thanks in advance,
Daniel
Comment by Daniel Babetto — July 25, 2008 @ 8:45 pm |
thanks, i have to try first, hope will work on my pendrive also
Comment by guest — August 11, 2008 @ 4:10 pm |
i ahve tried to delete the ravmon.exe virus from the windows folder but it is not allowing me to delete it please help but i can delete the registry key easily
Comment by kasron — August 14, 2008 @ 4:50 am |
Tq so much… i’ve tried all d step to remove ravmone.exe from my laptop.. u’ve said about ravmonlog in windows folder.. but i couldn’t find it… what should i do… can dis log made the virus back 2 my laptop..
Comment by elly — August 31, 2008 @ 12:34 pm |
Thanks for this… I don’t have internet at home (yet) *gasp* but my friend gave me a portable USB drive that she had bought “unopened” from Ebay. Lucky me I get the virus 😀
Comment by Dustin — September 5, 2008 @ 2:22 am |
I tried your method. Hope it works. But you know what, all my friends in my hostel are having the same virus. So ultimately I am going to get it again. AVG doesn’t help, I dont know why my AVG cant detect it even with the latest updates. I cant manually remove each time. Any suggestions?
Comment by Azzad — September 7, 2008 @ 4:28 pm |
[…] A guide to remove RavMonE.exe […]
Pingback by Brent’s News » Blog Archive » Guide to remove RavMonE.exe (virus in STI) — September 7, 2008 @ 10:30 pm |
thank you. i hope i got it right but this is the 2nd time i’ve used your technique. sorry, i wasn’t able to thank you last time. but it’s really helpful! again, my heartfelt gratitude. God bless!
Comment by cecil — September 9, 2008 @ 10:15 am |
i have a RavMonE.exe in my flashdisk, but my AVG 8.0 cannot recogize it or remove it with latest update today. why…
Comment by adv — September 11, 2008 @ 7:55 pm |
Thanks !! i really work … i really hate virus … even harmless one ^^
Comment by Xing — September 15, 2008 @ 8:49 am |
Hey thanks a lot!
Comment by BrokenArrow — September 25, 2008 @ 2:57 pm |
Thank you so much! 😀 My RavMon problem’s finally solved.
Comment by Michel — October 5, 2008 @ 5:20 pm |
isn’t prefetch a system file?? deleting it might disable other programs to work.
Comment by Ganendra — October 10, 2008 @ 2:41 pm |
Thank you!!! I am using AVG free and always updated but it didn’t detect RavMonE.exe. Before this, i am frustrated for not knowing how to remove RavMonE.exe. You are really a big help!
Comment by hanna — October 17, 2008 @ 9:10 am |
Thanks a lot! this scumbag is hidinh in my PC, notebook, MP3player, my SD Card and my thmbdrive. been scanning in with AVG8free & bitdefender still not get it flushed down.
usually when you look in windows explorer (even when you had “show hidden file” turned on) the ravmone is not visible.
finally i spotted it using any picture viewer (ACDSee, ALSee, etc)
just look in yout thumbdrive/MP3 player/memorycard and VOILA! gotcha!
Comment by Konco — October 24, 2008 @ 11:21 am |
[…] is very irritating for the constant popups it brings along, and the background program, sxs.exe A guide to removing RavMonE.exe __________________ The FIFA Manager 2009 PC […]
Pingback by RavMonE.exe - Windows Software — October 27, 2008 @ 4:37 pm |
Great advice!!! Thanks!!
Comment by John L — November 3, 2008 @ 10:38 pm |
Hi all, first and foremost thanks to Jasper for the tips on how to remove ravmone from my PC. I have tried it and it works but for some reason it keeps coming back. On the subject of which software to use, I have downloaded AVG Freeware 8.0.175 but it can’t detect and remove the ravmone virus. I am currently using ad-aware 2008 from lavasoft, this software is much better at detecting the worm and removing it but sad to say the friggin virus/worm keeps coming back, does anyone have a more permanent solution?
Comment by Mike — November 14, 2008 @ 12:30 am |
Real thanks~! Muacks~!!
Comment by Michelle — November 18, 2008 @ 11:11 pm |
hey..thanks!!! iv seen ravmone.exe for a long time hir in my laptop, i dont know wat it was, and i suddenly bumped to ravmone again while doing the Control startup programs thing.. for my confusing for wat it was, i searched d net for ravmone, and saw dis guide.. and this is useful .. thanks a lot!!
Comment by jerald — December 4, 2008 @ 5:58 pm |
thanks again Jasper..
Comment by jerald — December 4, 2008 @ 5:59 pm |
muito obrigado virus deleted !!!
From Brasil.
thank you.
Comment by vinicio — December 10, 2008 @ 9:21 pm |
Thanks man..it work for me ;D
Comment by Spark — December 12, 2008 @ 9:47 pm |
[…] apple – supportseite zum problem guide zum entfernen von RavMonE.exe [engl] […]
Pingback by im krieg gibt es keine regeln… « blog.flo.cx — December 16, 2008 @ 4:03 am |
Thank you for great tips!
Hvala puno 🙂
Comment by Milan, Serbia — December 19, 2008 @ 7:52 am |
Thanks for a really great guide!! Problems fixed now!
Thanks soooo much!!!
Comment by Christina — January 7, 2009 @ 11:17 pm |
Thanks a lot!! This guide is really useful!!
I’ve finally ‘killed’ it!! Hahaha!!
Thank you very much!!
Comment by D.c — February 15, 2009 @ 3:23 am |
10x man, I really appreciate you doing this for the people who don’t have an antivirus, but, no mater what, I still won’t install one >:) That’s because I hate the AV policy.
Comment by Mar — February 20, 2009 @ 2:28 pm |
God Thx a lot, just let that virus go hell already …. how dare it ruin my working pc……
Comment by God — February 27, 2009 @ 2:22 pm |
thanks bro!!!… sana hindi na mag pop up ulit ito…
Comment by jerry stone — March 26, 2009 @ 9:33 am |
It does exist in the C:\WINDOWS\Prefetch
Delete as well
Comment by TC — April 15, 2009 @ 10:30 am |
Thanks for the post, I found it and deleted it through the Registry Editor and the Prefetch folder but the “access denied” error kept popping up when I would try to delete it from the C drive / WINDOWS folder. Any idea on how to get around this one? It hasn’t shown up on Task Manager so that’s still a good thing.
Maraming salamat po!
Comment by sketch247 — May 12, 2009 @ 4:20 pm |
Hey Cheri, whatever =D
Comment by agrippina insurance — October 4, 2010 @ 8:21 am |
it’s work, thank you so much. U so cute. ^____^
Comment by Pandora — March 13, 2012 @ 5:53 pm |
We stumbled over here different web page and thought I
might check things out. I like what I see so now i’m following you. Look forward to exploring your web page for a second time.
Comment by Open Office — June 30, 2012 @ 1:04 pm |
I was wondering if you ever considered changing the page layout of your blog?
Its very well written; I love what youve got to say. But maybe you could a little more
in the way of content so people could connect with it better.
Youve got an awful lot of text for only having 1 or 2 images.
Maybe you could space it out better?
Comment by pc repair technician — September 10, 2012 @ 8:31 pm |
Hello, i read your blog from time to time and i own a similar one and i was just curious if you get a lot of spam
feedback? If so how do you prevent it, any plugin or anything you can advise?
I get so much lately it’s driving me insane so any assistance is very much appreciated.
Comment by Samdarshi Rana — January 15, 2013 @ 6:45 am |
Superb blog! Do you have any suggestions for aspiring writers?
I’m planning to start my own site soon but I’m a little
lost on everything. Would you propose starting with a free
platform like WordPress or go for a paid option?
There are so many options out there that I’m totally overwhelmed .. Any ideas? Appreciate it!
Comment by Sleep apnea — July 23, 2013 @ 2:15 pm |
Thanks for any other informative site. The place else may I get that type of info written in such an ideal approach?
I’ve a project that I am simply now working on, and I have been at the glance out for such
info.
Comment by dubli network blogs — October 18, 2014 @ 11:36 pm |
Hello, my friends 🙂
I looking for XRumer for free !
Would you make advice me, where I can download it?
It is really the best program for mass posting on forums, blogs and social networks !
P.S. I need XRumer of only latest version – 12.0.6, all other versions are too old and are not effective!
Comment by VanGoghRip — November 7, 2014 @ 4:36 am |
click here!
A guide to removing RavMonE.exe | StyleZ.BLOG @ Republic Polytechnic
Trackback by click here! — April 6, 2017 @ 9:43 am |
We really like your web site, it has unique articles, Have a nice day!
Comment by Travis Gooslin — December 3, 2018 @ 3:55 pm |
Everything should be written down in a business plan. If we can permit for fluctuation, and have the things in location to offer with fluctuation. This means with $100 you only play in a sport with $10.
Comment by Signe Escalon — September 5, 2020 @ 1:11 am |
how To become a life coach – Things you need to know before you coach a life
A guide to removing RavMonE.exe | StyleZ.BLOG @ Republic Polytechnic
Trackback by how To become a life coach - Things you need to know before you coach a life — September 21, 2023 @ 1:22 pm |