Solved

wmon32.exe

Posted on 2004-09-06
8
141 Views
Last Modified: 2010-04-13
On one of my PC's wmon32.exe is shown as one of the processes running at close to 100% and keeping the cpu very busy and makeing the PC extremely slow. How do I get rid of it.
0
Comment
Question by:Janekom
8 Comments
 
LVL 21

Accepted Solution

by:
jvuz earned 350 total points
Comment Utility
It' spossible you got infected with the W32/Agobot-IT virus
0
 
LVL 21

Assisted Solution

by:jvuz
jvuz earned 350 total points
Comment Utility
Check already with stinger:

http://vil.nai.com/vil/stinger/
0
 
LVL 21

Expert Comment

by:jvuz
Comment Utility
0
 
LVL 57

Assisted Solution

by:Pete Long
Pete Long earned 150 total points
Comment Utility
agree,

after unning AV check for the existance of the reg keys

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
WSAConfiguration = wmon32.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\
WSAConfiguration = wmon32.exe

if they still exist delete them, some variants of this worm also add junk to your hosts file
look in c:\winnt\system32\drivers\etc

open hosts in notepad and dete everything that appears below the

127.0.0.1    localhost

entry

Pete
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 

Author Comment

by:Janekom
Comment Utility
Hi jvuz and Petelong,
I have scanned with Stinger and found w32/nachitptpd virus on one PC and w32/sdbot.worm.gen.g.worms on another PC, both showed svchost.exe as infected. I will see if the problem comes up again.
Thanks.
0
 
LVL 19

Expert Comment

by:Zaheer Iqbal
Comment Utility
0
 
LVL 21

Expert Comment

by:jvuz
Comment Utility
Thanx,

Jvuz
0
 
LVL 57

Expert Comment

by:Pete Long
Comment Utility
ThanQ
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
In this step by step tutorial with screenshots, we will show you HOW TO: Enable SSH Remote Access on a VMware vSphere Hypervisor 6.5 (ESXi 6.5). This is important if you need to enable SSH remote access for additional troubleshooting of the ESXi hos…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now