Systmon.exe – Worm Virus Removal Advice

Danger Systmon.exe is a dangerous file, associated with viruses which create activities on a user’s computer which may be highly undesirable. This file is unsafe.

Type: Worm (Click Here To Learn More)
Location: C:\WINDOWS\system32\drivers\systmon.exe (Click Here To Learn How To Locate)
Risk Level: Moderate (Learn More About Risk Levels)

Below is our recommended removal tool for Systmon.exe. The removal tool has been rated 5 cows out of 5 by Tucows and was previously CNET’s Editor’s Choice. Feel free to download it below.

download

Manual Removal – Svñshost.exe may be removed through analyzing your HijackThis log. Feel free to post your hijackthis log below if you need assistance analyzing it. Hijackthis will be ideal to manually remove the virus.

Click Here To Learn About HijackThis. To download HijackThis, please click HERE.

We recommend that you follow our safety tips so that you can keep your computer clean. Please click here to view our safety tips

Please post comments below. Your comments are both useful to visitors and to us.

Posted in: Suspicious File

Tags:

This entry was posted on Friday, December 26th, 2023 at 10:39 pm and is filed under Suspicious File. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

One Response to “Systmon.exe – Worm Virus Removal Advice”

Dima energy January 9th, 2024 at 6:11 pm

Below you will find an information to be analized against my systmon.exe

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:40:43, on 01.01.2009
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Juniper Networks\Odyssey Access Client\odClientService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation\avpcc.exe
C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation\avpm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\srvany.exe
C:\WINDOWS\system32\resetservice.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Juniper Networks\Odyssey Access Client\OdTray.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation\avpcc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Juniper Networks\Odyssey Access Client\odClientMgr.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\QIP\qip.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.mks-chel.ru/
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Ссылки
F2 – REG:system.ini: Shell=Explorer.exe %windir%\system32\drivers\SYSTMON.EXE
O3 – Toolbar: &Радио – {8E718888-423F-11D2-876E-00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [OdTray.exe] “C:\Program Files\Juniper Networks\Odyssey Access Client\OdTray.exe”
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [AVPCC] “C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation\avpcc.exe” /wait
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 – HKCU\..\Run: [QIP.Online] C:\Program Files\QIP.Online\qiponline.exe auto_start
O4 – HKCU\..\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background
O4 – HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘?’)
O4 – HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘?’)
O4 – HKUS\S-1-5-21-1177238915-1580818891-725345543-1003\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe (User ‘?’)
O4 – HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘?’)
O4 – HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’)
O4 – Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O7 – HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 – Extra context menu item: &Экспорт в Microsoft Excel – res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 – Extra button: Related – {c95fe080-8f5d-11d2-a20b-00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra ‘Tools’ menuitem: Show &Related Links – {c95fe080-8f5d-11d2-a20b-00aa003c157a} – C:\WINDOWS\web\related.htm
O16 – DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) – https://juniper.net/dana-cached/setup/JuniperSetupSP1.cab
O20 – Winlogon Notify: reset5 – C:\WINDOWS\SYSTEM32\reset5.dll
O23 – Service: AVP Control Centre Service (AVPCC) – Kaspersky Labs. – C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation\avpcc.exe
O23 – Service: Juniper TNC Endpoint Assessment (EacService) – Juniper Networks – C:\Program Files\Common Files\Juniper Networks\TNC Client\jTnccService.exe
O23 – Service: Журнал событий (Eventlog) – Корпорация Майкрософт – C:\WINDOWS\system32\services.exe
O23 – Service: Служба COM записи компакт-дисков IMAPI (ImapiService) – Корпорация Майкрософт – C:\WINDOWS\System32\imapi.exe
O23 – Service: Juniper Unified Network Service (JuniperAccessService) – Juniper Networks – C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
O23 – Service: KAV Monitor Service (KAVMonitorService) – Kaspersky Labs. – C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation\avpm.exe
O23 – Service: NetMeeting Remote Desktop Sharing (mnmsrvc) – Корпорация Майкрософт – C:\WINDOWS\System32\mnmsrvc.exe
O23 – Service: Служба сетевого DDE (NetDDE) – Корпорация Майкрософт – C:\WINDOWS\system32\netdde.exe
O23 – Service: Диспетчер сетевого DDE (NetDDEdsdm) – Корпорация Майкрософт – C:\WINDOWS\system32\netdde.exe
O23 – Service: NVIDIA Driver Helper Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe
O23 – Service: Juniper OAC Service (odClientService) – Juniper Networks, Inc. – C:\Program Files\Juniper Networks\Odyssey Access Client\odClientService.exe
O23 – Service: Plug and Play (PlugPlay) – Корпорация Майкрософт – C:\WINDOWS\system32\services.exe
O23 – Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) – Корпорация Майкрософт – C:\WINDOWS\system32\sessmgr.exe
O23 – Service: Reset 5 – Unknown owner – C:\WINDOWS\system32\srvany.exe
O23 – Service: Модуль поддержки смарт-карт (SCardDrv) – Корпорация Майкрософт – C:\WINDOWS\System32\SCardSvr.exe
O23 – Service: Смарт-карты (SCardSvr) – Корпорация Майкрософт – C:\WINDOWS\System32\SCardSvr.exe
O23 – Service: Журналы и оповещения производительности (SysmonLog) – Корпорация Майкрософт – C:\WINDOWS\system32\smlogsvc.exe
O23 – Service: Теневое копирование тома (VSS) – Корпорация Майкрософт – C:\WINDOWS\System32\vssvc.exe
O23 – Service: Адаптер производительности WMI (WmiApSrv) – Корпорация Майкрософт – C:\WINDOWS\System32\wbem\wmiapsrv.exe


End of file – 5972 bytes

Leave a Reply