CLEAN INSTRUCTIONS

1. Right click on an empty space from the taskbar (or right click on the clock from the right corner) and select Task Manager.

- Select the Processes tab, locate ravmon.exe, right click on it and select End Process
- Delete the following file: C:\Windows\ravmon.exe

2. To clean the removable storage device (USB stick, PEN drive etc.) right-click on your USB stick / PEN drive icon and select Explore.

NB: Be careful NOT to double-click the icon because the malware will be reactivated.

- Locate and delete the autorun.inf and ravmon.exe files

3. Click on Start, Run, type regedit and click on OK.

NB: Before you edit the registry, please export the keys that you plan to edit, or create a backup of the system.

- Navigate to HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
- Delete the "RavAV" = "C:\windows\ravmon.exe"

4. Download BullGuard and run a full scan of the system.


SYMPTOMS
1. Presence of the autorun.inf and ravmon.exe files in the root of the storage device.

2. Presence of a copy of the ravmon.exe file in the windows system folder.

3. Presence of the RavMonLog file that contains the port number for the backdoor component.


DESCRIPTION
1. Worm.RJump.A spreads by creating a copy on removable storage devices or mapped drives.

2. It drops the following malicious files:

autorun.inf
ravmon.exe

3. Also it drops a clean msvcr71.dll file that is a part of Microsoft Visual Studio.