Ravmon.exe is actually a virus also known as W32.Nomvar, which is a worm that copies itself to the root of all drives, including removable and shared drives, and downloads potentially malicious files on to the compromised computer. So follow this removal process:
1.Confirm that you have Ravmon.exe virus.Right-click on any drive, if you see invalid characters in the menu, you are infected.
2.You have stop the process of the virus, open Task Manager(Ctrl+Alt+Del), go to the Processes tab and find the progam named "SVCHOST.EXE", there will few more svchost in small case but you have to terminate the one which is written in CAPS, if you see more than one “SVCHOST.EXE” (all caps) end the one with your username infront of it instead of LOCAL SERVICE, NETWORK SERVICE or SYSTEM.
3.Delete the virus files, for this you need to show system protected files.for this goto
My Computer>(Menu)Tools>Folder Options>(Tab)Views>Uncheck "Hide System protected files”>Press OK
If you are unable to unhide the system files you can use 3rd party softwares to browse drive and delete files, try ACDsee or WinRAR.
Now you have delete these two files;
1.Autorun.inf
2.Ravmon.exe
from all of drives. Access drives from by typing drive letter in the address bar.
4. Once you are done with it, Open Windows folder(by address bar) and delete SVCHOST.EXE, SVCHOST.dll and MDM.exe.
Now restart the explorer.exe process by killing it in taskmanager and runing it again [(winkey + R), type “explorer” and hit enter].
Right-click on any drive and you will find valid characters, -The virus is removed.
This is optional as files are deleted from drives.
Remove MDM.exe from start-up.Press Winkey+R, type "msconfig" hit enter.Goto>(Tab) Start-up>Uncheck
"MDM.exe">OK>Exit without Restart.
To ensure that your are no longer infected, Download a copy of HijackThis and save it to your desktop in a folder. Do a scan and save the HijackThis logfile. Do not remove anything. Post your log file here. Link to HijackThis:
http://castlecops.com/zx/Merijn/hijackthis.zip