Know Your Malware: Rivon Removal

Rivon, also known as Attech, is an Internet worm, which spreads by e-mail and through file sharing networks. It usually arrives in infected executable files attached to bogus e-mail messages. The user can also download the parasite as a purportedly useful program using a peer-to-peer application. Once executed, Rivon installs itself to the system and runs a spreading routine. The worm copies itself to floppy disks, creates infected files with meaningful names in shared folders of installed instant messengers and file sharing clients including eDoneky2000, eMule, Kazaa, Morpheus, Grokster, iMesh, LimeWire, Kmd and ICQ.

Rivon also searches local files for e-mail addresses, collects them and sends out malicious letters. The parasite's payload is comprised of several harmful functions. Rivon changes Windows Explorer and Internet Explorer default settings, disables numerous system components, blocks access to system configuration utilities, modifies keyboard and mouse settings, hides the desktop and clock, etc. The worm terminates running antiviruses, firewalls and various security-related software. It also blocks access to popular security-related web sites.

Rivon automatically runs on every Windows startup.

Related files: cro.exe, download.exe, kaspersky_lab.exe, matrix.exe, nod32_fix.exe, rj3_vc1.exe, save_me.exe, sophos_3.89.exe, speed.exe, sp2.exe

Rivon properties:
Changes browser settings
Hides from the user
Stays resident in background

Remove Rivon, removal instructions

Linked by shanmuga Sunday, 4th December 2005 12:21AM