Remove RavMon.exe virus without any anti-virus

removing ravmon virus without anti-virus is easy, btw i havent met any antivirus which can remove this virus they can stop your pc from being infected but once you are infected they wont be able to remov it.
I dont know the actual name of this virus nor its effects
Anyways its very easy to remove it
you will have to follow just few simple steps.

* check if ur infected
* stop currently running virus
* delete virus files
* remove virus to run from startup

so here are the following steps explained
remember until you delete the virus files please open drives using address bar by typing C:\ D:\ X:\ as the virus is activated if you double click the drive
1. Right click any drive on your computer and see if right click menu shows some invalild characters
like this


If yes then you are infected.
2. Press Alt+Ctrl+Del to bring up the task manager (or right click taskbar to run it)



there will be a program in processes named “SVCHOST.EXE” there will be few svchost in small case but check one in capital letters, if you see more than one “SVCHOST.EXE” (all caps one) end the one with your username infront of it instead of LOCAL SERVICE, NETWORK SERVICE or SYSTEM.
by pressing end process
3. to delete the virus files you need to show system protected files.
for this goto
My Computer->(Menu) Tools-> Folder Options -> (Tab) View -> uncheck “Hide System protected files” -> press OK
If you are unable to unhide the system files you can use 3rd party softwares to browse drive and delete files, try ACDsee or WinRAR
Now open drive (by typing drive letter in address bar)
delete these 2 files

• Autorun.inf
• Ravmon.exe

also delete those in all drives (not CD(WR) or DVD(WR) drives) (and remember don’t double click else you will have to start over from top)

Open Windows folder and delete SVCHOST.EXE, SVCHOST.dll and MDM.EXE
Now restart the explorer.exe process by killing it in taskmanager and runing it again [(winkey + R), type “explorer” and hit enter]



now right click the drive letter and ull see a clean menu

congrats virus is removed

4. Now remove it from startup (Optional as files are deleted)
Winkey + R type “msconfig” hit enter



goto startup tab-> (uncheck) MDM -> OK -> Exit without Restart
How to prevent from this virus in feature
just right click any USB drive (that includes iPod) you have plugged into your PC
if they have currpoted menu the drive is infected
Access drive by typing drive letter and delete files from that drive
Remember you double click the curropted drive you get infected else ur safe
The End

How to remove copy.exe, host.exe, autorun.inf, temp1.exe & temp2.exe : Perlovga virus

Download the PRT Perlovga Removal Tool v1.0.2 and restart your computer in Safe mode and run this tool. If you have infected floppy/flash disks you can insert them and click remove. You can repeat this process for every disk you have.

How to remove FS6519.dll.vbs / power.dll.vbs & autorun.inf: Autoplay and TAGA LIPA ARE! Trojan Virus

Read and follow this instruction carefully.

1. Go to My Computer -> Tools Menu -> Folder Options -> View Tab
2. Check Show hidden files and folders
3. Uncheck Hide extensions for known file type and Hide protected operating system files
4. When Windows displays a popup warning you about protected operating system files, click on Yes and click on OK
5. Search for FS6519.dll.vbs/power.dll.vbs and autorun.inf on your hard disk drive and delete all instances of this file.
6. If you get a warning that something is using the program. Press Ctrl+Alt+Del (to bring up the Task Manager) and go to Processes, end all instances of wscript.exe. Close the Task Manager afterwards.
7. Run regedit.exe. Go to Edit -> Find and type FS6519.dll.vbs/power.dll.vbs
8. Edit any matching registry entry by selecting it, right-click to modify, remove the last two strings which is wscript.exe and FS6519.dll.vbs/power.dll.vbs, and click on OK.
9. To continue searching for other matching entries, press F3. Repeat step 8 if another match is found.
12. To remove the IE title TAGA LIPA ARE!, search that string again in the registry and delete the string for every matching entry.

check your local drives if you still have autoplay... kng meron pa... check mo nalang ng maayus... hehehe! pagnatanggal nyo yan ay OK na... just follow carefully at unawaing mabuti... goodluck!

for questions, comments and suggestions, just contact me...

Welcome to Ram's blogsite!

Welcome to Ram Panuela's blogsite . . .