Avast WEBforum

Other => Viruses and worms => Topic started by: markus0r on September 22, 2004, 04:55:11 PM

Title: winmon.exe
Post by: markus0r on September 22, 2004, 04:55:11 PM

do you know any trojaner/virus/worm that is called " winmon.exe" ?

i already deleted it in the "regedit" , but it is still in the systemstart of "msconfig"

the newest version of avast!4 doesnt find that worm/trojaner neither..

im sure that it isnt a file of windows, so it has to be anything like a virus..

best regards,
markus0r

Title: Re:winmon.exe
Post by: Eddy on September 22, 2004, 05:02:21 PM

winmon.exe is a filename not the name of malware. That file is used by Agobot (Sdbot) and some other malware.

Title: Re:winmon.exe
Post by: markus0r on September 22, 2004, 05:13:25 PM

Quote from: Eddy on September 22, 2004, 05:02:21 PM

winmon.exe is a filename not the name of malware. That file is used by Agobot (Sdbot) and some other malware.

hmm, my english is not _that_ good that i know the translation of malware..do you mean something like worms/dialer?

anyways...so what does this file? google doesnt find anything 'bout it..and how can i remove it if even avast doesnt find it?

Title: Re:winmon.exe
Post by: Eddy on September 22, 2004, 05:19:40 PM

Malware (for "malicious software") is any program or file that is harmful to a computer user. Thus, malware includes computer viruses, worms, Trojan horses, and also spyware, programming that gathers information about a computer user without permission.

Quote

google doesnt find anything 'bout it

Google DOES find it. 87 links to be precise, of which the first ones tells you it malware.

Please post a HijackThis log here.

Title: Re:winmon.exe
Post by: markus0r on September 22, 2004, 05:29:54 PM

Quote

google doesnt find anything 'bout it

Google DOES find it. 87 links to be precise, of which the first ones tells you it malware.

Please post a HijackThis log here.

Quote

yes, google finds 87 links, but they are either dead or not useful

and your answer "the first one tells you that it's malware" is correct, but i dont want to know if its malware or not, i wanna know _how i can remove it_

hmm, how shall i post a hijack-this-log in here if avast doesnt find anything? :(

Title: Re:winmon.exe
Post by: whocares on September 22, 2004, 05:36:32 PM

either look in Eddy's signature links,
or in mine ("VirusRemoval")

oder hier:
http://hjt.klaffke.de/ oder www.lurkhere.com -> Nicefiles (newer version)
klicken, lesen, machen.. ;D

Be sure to unpack the archive before running the tool, and don't fix anything yet

Title: Re:winmon.exe
Post by: markus0r on September 22, 2004, 05:47:51 PM

ok, ill download this proggie

eh? how can i use the tool if i dont unpack it? :P

Title: Re:winmon.exe
Post by: whocares on September 22, 2004, 05:54:53 PM

Das kommt auf die Download-Form an..:
Wenn du es als ZIP oder RAR-SFX(EXE) bekommst, erst entpacken !!


Fielmann:
"   1. HijackThis herunterladen.

   2. Aus der zip entpacken, dann die HijackThis.exe starten. "

Title: Re:winmon.exe
Post by: DavidR on September 22, 2004, 09:02:31 PM

Quote from: markus0r on September 22, 2004, 05:29:54 PM

yes, google finds 87 links, but they are either dead or not useful

and your answer "the first one tells you that it's malware" is correct, but i dont want to know if its malware or not, i wanna know _how i can remove it_

hmm, how shall i post a hijack-this-log in here if avast doesnt find anything? :(

I had no problem with the links, they are live or at least the ones I checked. Yes not all are useful, you have to do some investigation, check what it says in the brief description of the returned search hits, check the URL if it's to one of the major anti-virus sites it is more likely to be relevant.

The first link is the most relevant and does indicate how to remove it, 1st  winmon.exe link (http://www.boredguru.com/modules/newbb/viewtopic.php?topic_id=678&forum=24)

Title: Re:winmon.exe
Post by: markus0r on September 23, 2004, 08:22:23 AM

@whocares: jo, logisch dsa ich *.zip zerst entpacken muss ^^

@davidR:

i did exactly what is described on http://www.boredguru.com/modules/newbb/viewtopic.php?topic_id=678&forum=24 (http://www.boredguru.com/modules/newbb/viewtopic.php?topic_id=678&forum=24) (like i posted in my first post...) <--i changed it in the "regedit" like the site tells me to do..

but when i do "Msconfig" it is still in the startup...

Title: Re:winmon.exe
Post by: Eddy on September 23, 2004, 11:00:14 AM

- Disable system restore
- Reboot
- Remove it from the startup list with StartUp.cpl (http://www.mlin.net/StartupCPL.shtml)
- Reboot
- Check if it is gone or not

ps: still haven't seen a HJT log ;)

Title: Re:winmon.exe
Post by: markus0r on September 23, 2004, 05:08:09 PM

Quote

- Check if it is gone or not

and what if it's not gone?

Quote

ps: still haven't seen a HJT log

maybe because i haven't been on my pc yet :) you'll get it after the weekend (if i find the time- damn school)

Title: Re:winmon.exe
Post by: markus0r on September 24, 2004, 02:06:52 PM

here's a screenshot of the "msconfig"

btw, i didn't forget to post the "hijack-log" , i won't forget, i'll post it in some days :)

Title: Re:winmon.exe
Post by: raman on September 24, 2004, 02:46:01 PM

Mach dir mal die Muehe mit Hijackthis, das ist aussagekraeftiger.

Und wenn du an die Datei herankommen kannst, teste sie mal hier: http://virusscan.jotti.dhs.org/

Title: Re:winmon.exe
Post by: markus0r on September 25, 2004, 03:41:17 PM

ok, werd i mal testen :)