MS word keeps cache of the document that you are typing in a separate file hidden and with little weird name, usually virus files have such names but this is not a virus
file is undeleteable while MS word is running
this cache comes handy when your computer (most probably windows) carshes or electricity plays with you
next time you open that document (which you were typing while your computer crashed) MS word will automatically detect that file(s) and ask you to save the desired recoeverd file.
you can set the auto recovery file save time in Word options -> save
by default its 10 minutes
you can delete this file or keep its your call, before deleting its wise to check if it contains some data to be recoverd, word probably cannot read those files directly so open the orignal word document and word will see if there is any file for recovery.
removing ravmon virus without anti-virus is easy, btw i havent met any antivirus which can remove this virus they can stop your pc from being infected but once you are infected they wont be able to remov it.
I dont know the actual name of this virus nor its effects
Anyways its very easy to remove it
you will have to follow just few simple steps.
- check if ur infected
- stop currently running virus
- delete virus files
- remove virus to run from startup
so here are the following steps explained
remember until you delete the virus files please open drives using address bar by typing C:\ D:\ X:\ as the virus is activated if you double click the drive
1. Right click any drive on your computer and see if right click menu shows some invalild characters
like this
If yes then you are infected.
2. Press Alt+Ctrl+Del to bring up the task manager (or right click taskbar to run it)
there will be a program in processes named “SVCHOST.EXE” there will be few svchost in small case but check one in capital letters, if you see more than one “SVCHOST.EXE” (all caps one) end the one with your username infront of it instead of LOCAL SERVICE, NETWORK SERVICE or SYSTEM.
by pressing end process
3. to delete the virus files you need to show system protected files.
for this goto
My Computer->(Menu) Tools-> Folder Options -> (Tab) View -> uncheck “Hide System protected files” -> press OK
If you are unable to unhide the system files you can use 3rd party softwares to browse drive and delete files, try ACDsee or WinRAR
Now open drive (by typing drive letter in address bar)
delete these 2 files
also delete those in all drives (not CD(WR) or DVD(WR) drives) (and remember don’t double click else you will have to start over from top)
Open Windows folder and delete SVCHOST.EXE, SVCHOST.dll and MDM.EXE
Now restart the explorer.exe process by killing it in taskmanager and runing it again [(winkey + R), type “explorer” and hit enter]
now right click the drive letter and ull see a clean menu
congrats virus is removed
4. Now remove it from startup (Optional as files are deleted)
Winkey + R type “msconfig” hit enter
goto startup tab-> (uncheck) MDM -> OK -> Exit without Restart
How to prevent from this virus in feature
just right click any USB drive (that includes iPod) you have plugged into your PC
if they have currpoted menu the drive is infected
Access drive by typing drive letter and delete files from that drive
Remember you double click the curropted drive you get infected else ur safe
The End
