winmon.exe

do you know any trojaner/virus/worm that is called " winmon.exe" ?

i already deleted it in the “regedit” , but it is still in the systemstart of “msconfig”

the newest version of avast!4 doesnt find that worm/trojaner neither…

im sure that it isnt a file of windows, so it has to be anything like a virus…

best regards,
markus0r

winmon.exe is a filename not the name of malware. That file is used by Agobot (Sdbot) and some other malware.

hmm, my english is not that good that i know the translation of malware…do you mean something like worms/dialer?

anyways…so what does this file? google doesnt find anything 'bout it…and how can i remove it if even avast doesnt find it?

Malware (for “malicious software”) is any program or file that is harmful to a computer user. Thus, malware includes computer viruses, worms, Trojan horses, and also spyware, programming that gathers information about a computer user without permission.

google doesnt find anything 'bout it
Google DOES find it. 87 links to be precise, of which the first ones tells you it malware.

Please post a HijackThis log here.

google doesnt find anything 'bout it
Google DOES find it. 87 links to be precise, of which the first ones tells you it malware.

Please post a HijackThis log here.

yes, google finds 87 links, but they are either dead or not useful

and your answer “the first one tells you that it’s malware” is correct, but i dont want to know if its malware or not, i wanna know how i can remove it

hmm, how shall i post a hijack-this-log in here if avast doesnt find anything? :frowning:

either look in Eddy’s signature links,
or in mine (“VirusRemoval”)

oder hier:
http://hjt.klaffke.de/ oder www.lurkhere.com → Nicefiles (newer version)
klicken, lesen, machen… ;D

Be sure to unpack the archive before running the tool, and don’t fix anything yet

ok, ill download this proggie

eh? how can i use the tool if i dont unpack it? :stuck_out_tongue:

Das kommt auf die Download-Form an…:
Wenn du es als ZIP oder RAR-SFX(EXE) bekommst, erst entpacken !!

Fielmann:
" 1. HijackThis herunterladen.

  1. Aus der zip entpacken, dann die HijackThis.exe starten. "

I had no problem with the links, they are live or at least the ones I checked. Yes not all are useful, you have to do some investigation, check what it says in the brief description of the returned search hits, check the URL if it’s to one of the major anti-virus sites it is more likely to be relevant.

The first link is the most relevant and does indicate how to remove it, 1st winmon.exe link

@whocares: jo, logisch dsa ich *.zip zerst entpacken muss ^^

@davidR:

i did exactly what is described on http://www.boredguru.com/modules/newbb/viewtopic.php?topic_id=678&forum=24 (like i posted in my first post…) <–i changed it in the “regedit” like the site tells me to do…

but when i do “Msconfig” it is still in the startup…

  • Disable system restore
  • Reboot
  • Remove it from the startup list with StartUp.cpl
  • Reboot
  • Check if it is gone or not

ps: still haven’t seen a HJT log :wink:

- Check if it is gone or not

and what if it’s not gone?

ps: still haven't seen a HJT log

maybe because i haven’t been on my pc yet :slight_smile: you’ll get it after the weekend (if i find the time- damn school)

here’s a screenshot of the “msconfig”

btw, i didn’t forget to post the “hijack-log” , i won’t forget, i’ll post it in some days :slight_smile:

Mach dir mal die Muehe mit Hijackthis, das ist aussagekraeftiger.

Und wenn du an die Datei herankommen kannst, teste sie mal hier: http://virusscan.jotti.dhs.org/

ok, werd i mal testen :slight_smile: