NEWS
PARASITES
SOFTWARE
FORUM
DIRECTORY

 
 
 
 
 
 
  

Remove Rivon. Description and removal instructions

 
Title: Rivon
 Also known as: Attech
Type: Worms
Severity scale:Rivon severity is 68  (68 / 100)
 
Rivon, also known as Attech, is an Internet worm, which spreads by e-mail and through file sharing networks. It usually arrives in infected executable files attached to bogus e-mail messages. The user can also download the parasite as a purportedly useful program using a peer-to-peer application.

Once executed, Rivon installs itself to the system and runs a spreading routine. The worm copies itself to floppy disks, creates infected files with meaningful names in shared folders of installed instant messengers and file sharing clients including eDoneky2000, eMule, Kazaa, Morpheus, Grokster, iMesh, LimeWire, Kmd and ICQ. Rivon also searches local files for e-mail addresses, collects them and sends out malicious letters. E-mail messages have one of the following subjects:
"Buf Fix For NOD32", "Microsoft SP2", "New worms", "Save", "Test The New Sophos Anti-Virus"
and one of the following bodies:
"In the attachment we send you the new version of NOD32 Patch"
"Microsoft have release SP2, run the attechment and it will download SP2 To you"
"If you have (or if you think) that you have on your PC undetected virus/worm then run the progi in the attechment."
"Save the file on your disk!"
"I send to you the test Sophos AV"

The parasite's payload is comprised of several harmful functions. Rivon changes Windows Explorer and Internet Explorer default settings, disables numerous system components, blocks access to system configuration utilities, modifies keyboard and mouse settings, hides the desktop and clock, etc. The worm terminates running antiviruses, firewalls and various security-related software. It also blocks access to popular security-related web sites.

Rivon automatically runs on every Windows startup.

FORUM:
Discuss Rivon in
spyware removal forum

Rivon properties:
• Changes browser settings
• Hides from the user
• Stays resident in background

Automatic Rivon removal:

remover for Rivon

Rivon manual removal:

Kill processes:
cro.exe, download.exe, kaspersky_lab.exe, matrix.exe, nod32_fix.exe, rj3_vc1.exe, save_me.exe, sophos_3.89.exe, speed.exe, sp2.exe
HELP:
how to kill malicious processes

Delete registry values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\download
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\ShowGoButton=no
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\1=services.msc
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\2=gpedit.msc
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\3=msconfig.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\4=secpol.msc
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\5=sysedit.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\6=cmd.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\7=mmc.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\8=progman.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\9=ntbackup.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\10=rsop.msc
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\HideClock=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoBandCustomize=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoCDBurning=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoChangeStartMenu=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoClose=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDisconnect=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFileMenu=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFind=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoNetworkConnections=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesMyComputer=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetTaskbar=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSharedDocuments=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMMyDocs=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMMyMusic=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMMyPictures=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRecentDocsMenu=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuMFUprogramsList=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuMoreProgram=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuNetworkPlaces=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoUserNameInStartMenu=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoViewContextMenu=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoWindowsUpdate=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoWinKeys=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\NoAdminPage=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\NoDevMgrPage=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\NoDispSettingsPage=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\NoProfilePage=1
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions\NoBrowserClose=1
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions\NoBrowserOptions=1
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions\NoFileNew=1
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions\NoFileOpen=1
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions\NoFindFiles=1
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions\NoSelectDownloadDir=1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDesktop=1
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore\DisableSR=1
HELP:
how to remove registry entries

Delete files:
cro.exe, download.exe, kaspersky_lab.exe, matrix.exe, nod32_fix.exe, rj3_vc1.exe, save_me.exe, sophos_3.89.exe, speed.exe, sp2.exe
HELP:
how to remove harmful files

Other programs to remove Rivon:

• Malwarebytes Anti Malware - Review - Download
• Malwarebytes Anti Malware - Review - Download
• Windows Defender - Review - Download

Information added: 03/12/05
Information updated: 03/12/05

Additional resources related to Rivon:

Attention: If you know or you have a website or page about Rivon removal, feel free to add a link to this list: add url



more resources

Post Comment:

Attention: Use this form only if you have additional information about Rivon parasite, its removal instructions, additional resources or behavior. By clicking "post comment" button you agree not to post any copyrighted, unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, profane, hateful, racially, ethnically or otherwise objectionable material of any kind.



Enter security code:

Latest spyware news:
Similar parasites:
Latest Spyware Threats: VirusProtect Pro | VirusLocker | SpyCrush | ContraVirus | SpyLocked | SpyDawn | AntiVerminser | SpywareQuake | VirusBurst | AntiVermins | AntiVermeans | Zlob | PopCorn.net | MovieLand | TagASaurus | BraveSentry | VirusBurster | SystemDoctor | VirusRescue | MalwareWipe | SpySheriff | CmdService | Smitfraud | SpywareStrike | WinFixer | WinHound | PestTrap | UnSpyPC
Agreement of Use | Privacy policy | Webmasters | Contact us | RSS Feeds
© 2001-2008 2-spyware.com All Rights Reserved. Reproduction in part or whole without written permission is prohibited. Powered by: eSolutions.