Skip navigation
This discussion is archived

RavMonE.exe ???

8686 Views 19 Replies Latest reply: Nov 3, 2006 10:48 AM by humminbird RSS
1 2 Previous Next
dctrjons Calculating status...
Currently Being Moderated
Sep 22, 2006 9:53 PM
JUST bought a 30Gig video Ipod. I connected it, downloaded the Itunes software and then sync'd my music and Podcasts. After which I changed the settings to use the Ipod as a drive. Instructed I would have to manually eject the drive.

Well I told ITunes to do so - "Cannot drive is still in use"
Closed ITunes and tried to eject it from Windows explorer and was given the same error. Closed all programs, taskbar, disconnected from the internet, still no luck.

Finally opened task manager and being very familiar with all processes that are legal on my machine I found 3 RavMonE.exe's running. Googled it and I have found several references but 99% of them are in foreign language and many relate to IPods...but did not bother to translate myself.

So my question is, anyone else JUST get an Ipod and see encounter this. I see someone else stating there computer was locked up...I noticed severe slowdown when I went through trouble-shooting. I forcibly closed the RavMonE.exe processes and my IPod started working fine.
Windows XP, 4200+ AMD
  • b noir Level 9 Level 9 (71,990 points)
    Currently Being Moderated
    Sep 24, 2006 2:15 AM (in response to dctrjons)
    i'm afraid you're infected by a worm. for some more information about it, see:

    W32/RJump.worm
    gateway, p4 (belladonna), Windows XP, 20gb b&w ipod (mauve) 20gb color ipod (attractive beast)
  • b noir Level 9 Level 9 (71,990 points)
    Currently Being Moderated
    Sep 25, 2006 10:54 AM (in response to dctrjons)
    ... that's my suspicion (if it was a brand new ipod fresh out of the box) ... i'm still not all that experienced with dealing with that worm, though, so i can't say that with confidence.

    if you download fresh definitions and run virus scans, does that pick up the worm? or is your antivirus currently saying that you are clean?
    gateway, p4 (belladonna), Windows XP, 20gb b&w ipod (mauve) 20gb color ipod (attractive beast)
  • b noir Level 9 Level 9 (71,990 points)
    Currently Being Moderated
    Sep 27, 2006 12:19 PM (in response to dctrjons)
    hmmmmm. i think we need to get you to a reputable malware removal help forum, where a specialist helper can give your system a thorough going-over with a HijackThis log to see precisely what's going on. (not trying to get rid of you here, it's just that we're out beyond the limits of my competence at the moment. i'd like someone with some better skills to have a look.)

    there's a nice list of reputable malware removal help forums given at the end of this document. (there are others out there, but this list gathers together a number of options for you.)

    doxdesk: other sites about parasites
    gateway, p4 (belladonna), Windows XP, 20gb b&w ipod (mauve) 20gb color ipod (attractive beast)
  • ChadA Calculating status...
    Currently Being Moderated
    Oct 3, 2006 9:09 AM (in response to dctrjons)
    I'd just like to confirm the following, that a 30 gb IPOD, purchased 1 October 2006, out of the box from a big box store, does in fact contain the RAVMONE.EXE virus.
    The package was sealed from the factory.
    Upon connecting it to a PC with the latest signatures from both Symantec and McAfee antivirus, it immediately quarantined the .exe file.
    Also on the drive are the supporting files, an autorun.inf, msvcr71.exe.
    Disabling the AV software on a test system allowed the infection to occur, and confirmed that this is in fact a virus and not a false positive.

    See here for more details:
    http://vil.nai.com/vil/content/v_139985.htm
    30gb IPOD, Windows XP Pro
  • Chris CA Level 9 Level 9 (73,330 points)
    Currently Being Moderated
    Oct 3, 2006 9:18 AM (in response to ChadA)
    The package was sealed from the factory.
    You do know that stores have plastic sealing & packaging setups?
    They are not (usually) trying to mislead but returns and damaged plastic wrap can simply be resealed.

    Not to say it absolutely did not have come from the factory with a worm on it, but doubtful.
    iMac G5 (Rev B) - 1 GB RAM, Mac OS X (10.4.8), Silver Mini, Blue Mini
  • laus Calculating status...
    Currently Being Moderated
    Oct 5, 2006 11:53 PM (in response to Chris CA)
    Hi all

    I purchased an 80gb iPod, from a dept store in Bucks, UK, on 3rd October. After configuring it in iTunes 7 and plugging it back in, my AV software identified and quarantined the ravmonE.exe virus.
    As someone else mentioned, there was also an autorun.inf, but my PC gave me the option of running it or not ... so I didn't.

    My own PC is not infected (ie not in running processes), nor does it have that .exe on it.

    I think my iPod shipped with this file on the HDD.
  • negrab Calculating status...
    Currently Being Moderated
    Oct 6, 2006 11:32 AM (in response to dctrjons)
    exactly same problem. received ipod 30gb yesterday, no problems. activated removable drive today, virus warninig (g-data internet security). blocked virus, deleted ravmondllautorun. no running task. in spite of that it shows on ipod screen "do not disconnect". and i can not eject the drive in windows. i bought it directly in the apple store, and it was shipped from zurich... dunno what 2 do, guess i'm gonna write apple an angry e-mail...

    This was added later:
    Yeah, if i could... i tried to find their e-mail address on the apple site, but nothing! they don't have a support e-mail address. just the (expensive) phone and the do-not-reply address. WHAT THE HECK!! if anyone has the e-mail, please post it here...
    iPod Video 30gb 5th generation - 2 days old, Windows XP Pro
1 2 Previous Next

Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.