Hey all gurus and pros i just gotten this deadly virus in my thumb drive , i gotten it from my school pc labs which sux.

the virus contains two hidden read only files called RavTack.exe and AutoRun.inf.

autorun is hidden to execute the ravtack.exe idiot kid programmer.

what it does is, when u execute the Ravtack.exe by accident or u double clicked yr Thumb DRIVE. it'll prompt out a window telling you what kind of program you want to launch this file. its a drive not a file so this virus has caused this problem.

It'll affect your other Drives also. but those i can remove it. the only thing i cant remove is the one in my thumb drive, i tried Formatting using Imation formatter tool. my thumb drive is flashGo.

deleting it wont work. cmd wont work. anti virus useless wont even detect. AVG 7.5.:s16:
google no help at all. the one posted in the forum is my friend if u search for it. so dun bother searching it if yr searching keyword is RavTack.exe.

I tried Decompiling the exe . it seems to be done in C language and alot of function of damaging other hardware stuff also. but it seems not to affect any of my hardwares so thats fine. only thing it successfully Damages Hard disk and all those storage drives.

i am out of ideas of deleting it , it 'll come back again when ever i plug it back on to any PC i go.

It'll come back even its deleted.

It'll be nice if to see someone helping me thx if u helped me :)

Format the thumbdrive.

erm yes i did that it wont work = )

it will still come back oh yes i also typed that in my post on the 5th sentence or the 6th line without whitespace. hope u did read that.

It's possible the the computer re-infect the formatted thumbdrive.

Have you try formatting the thumbdrive on another computer?

Important: Make sure the other computer have the latest antivirus update.

O.o lol hmm i not too sure with that so how am i gona fix it? = ) .

i plug in my other drive never appear such RavTack.exe and Autorun.inf only my new thumbdrive which got infected by my school pc lab has it . arr i hate this type of viruses.

yes reformated onto my laptop the never infected one casue i seldom touch it.

but it stills come back.

Try formatting it via a linux system... You might just be simply spreading the virus around by plugging in and out of clean systems.

If really want to use a "clean" windows system to format, you should have do it with the autorun features turned off even before considering plugging it in.

arr ok i try yr idea. doing true linux system. gosh have to go find for a linux system. the autorun thing i turn off le just havan tried reformating in linux system. also dunnoe if imation formatter works in linux.

arr ok i try yr idea. doing true linux system. gosh have to go find for a linux system. the autorun thing i turn off le just havan tried reformating in linux system. also dunnoe if imation formatter works in linux.

windows has two forms of autorun, autorun and autoplay.... Also there's the "plug and pray".

As deskoh91 below said... your clean window system is now dirty.

arr ok i try yr idea. doing true linux system. gosh have to go find for a linux system. the autorun thing i turn off le just havan tried reformating in linux system. also dunnoe if imation formatter works in linux.
just use the format function in linux.

caught a similar virus before. even if you thought it didnt infect your hard disks, maybe you might wanna try showing the hidden files and folders in your hard disk drives.

if these hidden files dont show up (by default there will be folders like System Volume Information showing up when you do the above), that means your hard disk is infected as well. and that will be the reason the virus keeps reappearing on the thumbdrive.

My line of thought:

1. My computer is clean

2. My computer have the latest virus definations

3. If I plug in infected thumbdrive, it should detect and quarantine/delete the virus

Am I correct?

maybe have to try deleting from registry?

My line of thought:

1. My computer is clean Assumption

2. My computer have the latest virus definitions Based on anti-virus vendor release date for known viruses

3. If I plug in infected thumbdrive, it should detect and quarantine/delete the virus
Based on if the virus is known and in a detectable form and method of execution recognized by the engine or heuristics

Am I correct? No, you can only minimize the threat

If it's perfect , there won't be a need for so many vendors with their own engines. Just one will do. Auto execution, buffer overrun execution, email script execution, unknown variants, blah blah. Solution? Don't turn on the computer. :s22:

If infected even after you make it hard to be infected, then find ways to disinfect. E.g Formatting is a great technique though not feasible for most.

try this:
http://stylez.wordpress.com/2007/07/02/a-guide-to-fix-the-thumbdrive-virus-ravmoneexe-part-2/

similar thread:
http://forums.hardwarezone.com.sg/showthread.php?t=1848465

Erm the link for republic poly wont work cause i did that before. even using cmd. the other link i did that before also. search from internet one.

only linux one havan tried but haiz i need go find one first and have some time on it.

Registry arr that secret storage place. i seldom touch that. i dun think it would be there. oh yes i always let my folders hidden files show. i dun find RavTack.exe and autorun.inf in my Local disk but IF i execute that RavTack in my thumbdrive then my other local disk will get it but delete them normally then never appear already. only in my thumbdrive delete still keep appearing i dunnoe why . like built into teh ROM like that sia = (.

only linux one havan tried but haiz i need go find one first and have some time on it.

Just download a Linux LiveCD, burn it to a CD and then run from CD/DVD drive if you don't have access to a linux machine. Then work from there.

My line of thought:

1. My computer is clean

2. My computer have the latest virus definations

3. If I plug in infected thumbdrive, it should detect and quarantine/delete the virus

Am I correct?

I dealt with similar virus before, and my anti-virus didn't work against it.
Best way you dis-enable any startup from the thumb drive when plugged in, then format. You can't help to clear the virus if your PC is infected with the loading virus, right?

I think the safest is to use Linux to format the thumbdrive.

So far I've managed to quarantine/delete virus from thumbdrive without infecting my computer; maybe I'm lucky.

I'm not too worried of being infected because I've multiple backup of my HDD. I can recover within 15 to 20 minutes.

hey thx everyone for the help. Oh no the imation formatter only support Window stuff. omg cant format. cant use that normal formatting way we always do by right click on the drive then click format arrr = (.

Nvm Ido it myself manully and it works = D, no anti virus help. just simple regedit, msconfig, search , cmd , and the program called killbox. well the only person who gave me that infomation is teh regedit by tekster so thx one again but its not only that its more then that = ) aniway i did myself mnaulyl so erm i try to post a tutorial in my blog so if anyone get tis virus can find a way to solve it = ).

i also kena something like tat before..try delete from registry but it keep replicate when restart...so i install kapserky n it kill the virus..liao..now using avg..quite fine also..

i also kena something like tat before..try delete from registry but it keep replicate when restart...so i install kapserky n it kill the virus..liao..now using avg..quite fine also..

Did the virus infect your computer when you plug in thumbdrive?

paiseh more links from googling:

http://forum.flashband.net/viewtopic.php?p=6157

http://neo-code.blogspot.com/

http://www.e-nil.com/blogs/?p=3

i need urgent help here, my thumbdrive got virus and i think it got affected by my laptop. now i cant open it to retrieve my files. i always get this msg: http://i81.photobucket.com/albums/j201/lov.../thumbdrive.jpg (http://i81.photobucket.com/albums/j201/lovegoodx/thumbdrive.jpg) is there any way to remove the virus without formatting the thumbdrive, cos i got a lot of impt files inside the thumbdrive. thanks!

Rightclick on the folder (actually suppose to be a removable drive icon), select explore then delete the autorun.inf file, the folder will change to removable drive after system restart, you should be able to access the drive once the autorun.inf file deleted.

if your thumbdrive has 'autorun' when you right click on the thumbdrive, then most likely you're infected.

Confirmed infected when the picture shown the flash drive as a folder.......

You must be using winxp. Vista have better autorun countermeasures.