Thursday, October 19, 2006

Clean Virus Infected iPods [i.e. remove RavMonE.exe]


If you own an iPod with Video, this is a must-read FAQ:

Are all iPods infected with Virus ?
Apple says that only some Video iPods shipped after September 12, 2006 could be carrying the Windows RavMonE.exe virus.

Are Mac users affected with RavMonE.exe ?
No, this virus exists only for the Windows Platform.

How to Remove iPod Virus on Windows ?
While any Virus scanning utility can remove this iPod W32/RJump.worm, an easier approach would be run the McAfee AVERT Stinger that just detects and removes specific viruses from your system. Now attach the Video iPod and run the anti-virus program. You can then use iTunes 7 to restore the iPod back to the factory default settings though this would delete all existing iPod data like music and videos.

Which iPod models are affected ?
Only Video iPods can potentially carry the worm. The iPod nano and iPod shuffle are safe.

How do I know if my computer is affected with iPod virus ?
Attach your Video iPod to the computer and run the Trend Micro Housecall utility which is an online virus scanner that can detect malware and even remove the infection without you having to install anything on your computer - a good alternative when you want to remove the iPod virus quickly or don't have the admin permission to install new software on your machine.

Technical description of the iPod Video Virus
McAfee explains that W32/Rjump.worm is a worm written using the Python scripting language and was converted into a windows portable executable file using the Py2Exe tool. It attempts to spread by coping itself to mapped and removable storage drives and also opens a backdoor on an infected system.

Sources: Apple iPod Support | McAfee W32/RJump.worm | iPod Search

iWorm Cartoon Credit: Blaugh.com

Apple is not missing the golden opportunity to blast Microsft and put the blame on the Redmond shoulders - "As you might imagine, we are upset at Windows for not being more hardy against such viruses, and even more upset with ourselves for not catching it."

No comments: