How to remove Worm.RJump.A
1. Right click on an empty space from the taskbar (or right click on the clock from the right corner) and select Task Manager.
- Select the Processes tab, locate ravmon.exe, right click on it and select End Process
- Delete the following file: C:\Windows\ravmon.exe
2. To clean the removable storage device (USB stick, PEN drive etc.) right-click on your USB stick / PEN drive icon and select Explore.
NB: Be careful NOT to double-click the icon because the malware will be reactivated.
- Locate and delete the autorun.inf and ravmon.exe files
3. Click on Start, Run, type regedit and click on OK.
NB: Before you edit the registry, please export the keys that you plan to edit, or create a backup of the system.
- Navigate to HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
- Delete the "RavAV" = "C:\windows\ravmon.exe"
4. Download BullGuard and run a full scan of the system.
1. Presence of the autorun.inf and ravmon.exe files in the root of the storage device.
2. Presence of a copy of the ravmon.exe file in the windows system folder.
3. Presence of the RavMonLog file that contains the port number for the backdoor component.
1. Worm.RJump.A spreads by creating a copy on removable storage devices or mapped drives.
2. It drops the following malicious files:
3. Also it drops a clean msvcr71.dll file that is a part of Microsoft Visual Studio.
4. It opens a port for the backdoor component.
The BullGuard Team