I am attaching the scrnshot of my registry editor coz I dont knw the typical methods to transfer informations like registry.

The expandable keys in mountPoints2 belongs to the partitions in My Computer. As you can see there is some unknown language in the data and in "command key" there is written "RavMon.exe-e". If I delete the "shell" key everything becomes normal untill next reboot. All the 5 keys are automatically created on my next boot ( I have 5 drives in my computer) and I also delete "Ravmon.exe" but its present in every drive of My hard disk on next reboot. The other things is that I cant show hidden files and my computer becomes open for spywares and malwares if I uninstall norton (I have Norton Protection Centre - 2007 - Trial Version Installed). Please give me a permanent Solution for my problem. Also I scanned my pc with

 

spyware doctor

registry mechanics

Ad-aware SE Pro

 

but they didnt detect the Ravmon

 

here is the sample key of one drive

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{27497547-e68a-11db-9ae1-806d6172696f}\Shell\AutoRun\command

 

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{27497547-e68a-11db-9ae1-806d6172696f}\Shell\explore\Command

 

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{27497547-e68a-11db-9ae1-806d6172696f}\Shell\open\Command

 

these are the three sub keys in the key named "shell"

 

Sorry for bad English

Post Edited (Hot Male) : 4/22/2007 7:45:48 PM GMT

Image Attachment :

reg.JPG   83KB (image/pjpeg)

 

delete Autorun.inf

delete Ravmon.exe

delte copy.exe (if found)

 

.....from all the drives and

delete the "shell" key from HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2

 

and turn off system restore

I ran a scan with symantec,

 

However, the virus has a hidden file "autorun.inf" in the root directory.

The file contains autorun= ...ravmon.exe

which also probably screwd your hidden file folder options from appearing.

 

Change its attrib -h in dos, delete, rename or fiddle around with it, then your done.

 

 

I was looking for the best antivirus software to buy the other day & came across this site: www.notgettingscammed.co.uk/antivirus

it has loads of great unbiased information. All Free, check it out

Hi friends..

Assalam o Alikom

I am farimarwat from Lakki Marwat in pakistan. Do not worry about these fakes. These are two files that run in your pc. One is AutoRun.inf and the seconed is RavMon.exe. The work of AutoRun.inf is to run the RavMon.exe and add some unknown languages to your drive menu. And when RavMon.exe runs, it creat a file in windows directory MDM.exe. so I have made a tool to burn that fakes withour MDM.exe. Download the tool from here www.geocities.com/farimarwat/setup.zip

the tutorial is also in the tool. simply install the "Fari Auto Play Burner 2007" and scan drives for that fakes

farimarwat

lakkki marwat

pakistan

Hi, I Do have a solution regarding your problem. All you have to do just go to your command Prompt. Go to any drive of your system and write dir /ah when you press enter key it will display the hidden files of that drive. now type the following command i.e. del /ah racmon.exe and press enter key. So in this way you can erase ravmon.exe from your system. By folllowing this command you can also erase autorun.inf,nmtumef.exe and copy.exe too. So go for it, its quiet simple and easy one.

Ba bye