RavMon.exe virus on new Toshiba Satellite laptop
I.T. April 16th. 2008, 6:55pmOn Sunday, I bought a very inexpensive Toshiba Satellite L40-18Z laptop from Comet in the UK. It’s a basic laptop running Windows Vista, but it does what my 8 year old daughter needs it for – browsing the web, running Windows Live Messenger and the like.
Today I had to reboot it as the network connection wasn’t reconnecting to my wireless network. After booting, the AVG Free virus checker that I installed on Sunday started running and detected the ravmon.exe trojan horse generic3 virus. I was stunned that my daughter had managed to get a virus so quickly.
While waiting on the checker finishing off, I did a quick Google with the search terms “ravmon.exe trojan horse generic3″. Hardly any hits, but the 3rd one was to a guy who had a problem so similar, it was worrying. Just go read his post.
Yes, Comet are selling laptops with viruses pre-installed. Ordinarily, if I’d read his post, I would have assumed he’d gone mad and had just gotten it by accident. But since I have the exact same deal, it’s no coincidence…..
I think a call to Comet might not go amiss.
Tags: comet | L40-18Z | toshiba satellite
April 16th, 2008 at 7:36 pm
You’re just confirming my decision to never buy Microsoft.
I use Macs and, so far, (even though the first computer virus was written on a Mac,) I haven’t regretted it.
My ex-employers have all had the most anally-retentively locked down PCs, without browsers if it could be helped, and with internet access strictly monitored. (I worked mostly for banks.)
April 16th, 2008 at 10:36 pm
You know, I *was* beginning to suspect that I had gone mad. I went through pretty much the same steps.. deinstalled whatever the heck AV it was it came with and installed ZoneAlarm and when it did the scan it discovered the RAVMON.EXE file.
The L40-18Z is just about the cheapest big name brand laptop you can find. I suspect that most people who buy it aren’t IT experts. There’s nothing really wrong with it, it’s just a bit underpowered.
@Charles: actually, the first microcomputer virus was on the Apple II (should that be Apple ][?) It was written by Rick Skrenta who later helped found the Open Directory Project (dmoz.org). Am I an anorak or what?
April 17th, 2008 at 7:24 am
Absolutely shocking. I’d be interested to know the outcome of your conversation with Comet!
June 12th, 2008 at 8:45 am
Interesting! I have the exact same problem, bought a Toshiba Satellite laptop last week, with Vista Business Edition.
W32.Nomvar keeps being detected.
Solution: Reinstalled my OS, Installed Debian Linux instead… works perfectly. Its sad that not everyone can use Linux and Microsoft doesn’t give its users any options.
June 14th, 2008 at 12:02 pm
People only don’t use Linux because they’ve never tried it before. And the desktop for Linux isn’t really as good as Windows XP – indeed, for the average user, Linux is just not worth the effort. Most people want a computer that just works, and XP does that for them.
What version of Debian did you install? Etch or Lenny, or did you go mad and try experimental?
August 11th, 2008 at 8:51 pm
Apologies for commenting on an old article in advance!
I have just been setting up a Toshiba Equium L40-17M that was purchased from PC World back in Feb 2008. This laptop has never been online and has never been used to boot a USB drive or CD. It has only been used by my mum (who is beginning to learn how to use a computer) to play card games and learn how to type and use Word. Upon configuring the AV for her this evening in preparation for going online I have also found RavMon.exe in C:/ and E:/. I wonder if my virus detection is similar to the issues that you had?
Did you ever hear back from Comet or Toshiba and find the source of the infection?
August 11th, 2008 at 9:00 pm
Budoc,
To be honest, I didn’t ever actually bother telling Comet, mainly because I didn’t see the point. I pretty much figure they would either have ignored me if I’d written them a letter, or if I’d gone down to the store they wouldn’t have understood me or believed me. It’s a pretty poor excuse though, because I’m not giving them the opportunity to do anything about it.
But it does sound suspiciously like the same issue that you’ve had. The virus apparently gets spread through USB devices rather than over the internet, so it’s suggested it spreads when it gets built by whoever builds them before they hit the shops.
I take it your AV took care of the virus successfully?
August 11th, 2008 at 9:08 pm
Yes, it appears that the virus has now gone.
If it wasn’t for these blog entries I either would’ve assumed that I’d gone mad or that my mum knows much more about computers than she’s letting on!
August 15th, 2008 at 6:04 pm
I’m afraid I can’t vouch for you not being mad ;)
November 21st, 2009 at 12:46 pm
RavMon.exe is part of Rising Anti-Virus Monitor, which was acquired by Microsoft Corporation. Maybe it’s the legit file that your laptop had, with the anti-virus mistaking it for the trojan.