Results 1 to 5 of 5

Thread: Virus "not-a-virus:Monitor.Win32.NetSpy.c"

  1. #1
    baiter Guest

    Default Virus "not-a-virus:Monitor.Win32.NetSpy.c"

    Hi, every day for the last 2 weeks when I switch on my PC,
    Zone alarm scans and finds not-a-virus:Monitor.Win32.NetSpy.c in C:WINNT\system32\KBhook.dll,
    and renames it.
    I can't find much information about this virus, what can I do to permanently delete it?cheers, Baiter.
    P4 1.5GHz CPU, Win2000 with latest updates, ZA 7.0.337.000 with daily updates, IE6 sp1,

    Operating System:Windows 2000 Pro
    Product Name:ZoneAlarm Internet Security Suite

  2. #2
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,289

    Default Re: Virus "not-a-virus:Monitor.Win32.NetSpy.c"

    Hi!looks like someone have installed NetSpy on your computer...Go to add/remove programs and scoll to find the 'offending' program and remove it.Then startup your system in SAFE MODE and run a full AV/AS scan.You can find netspy general info here:http://www.symantec.com/security_res...080510-5653-99Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  3. #3
    baiter Guest

    Default Re: Virus "not-a-virus:Monitor.Win32.NetSpy.c"

    thanks Fax.I can't see it on the control panel/ add-remove programs list.
    Going into safe mode, starting ZA and scanning did not show anything.The Symantec link says to use NSutil.exe in winnt/Sys32, maybe that is one of their files because I don't have it.That site does say that netspy must be manually installed, how would this have been done?cheers Baiter.

  4. #4
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,289

    Default Re: Virus "not-a-virus:Monitor.Win32.NetSpy.c"

    Hi!So, in SAFE MODE is not detected, have you tried to scan again for spyware in Normal Mode?If you still get the detection I think the best isto get your system checked by professionals....At castlecop they will do it for you... just explain the situation and detection by ZA.Here you can post you Hijackthis Log:http://www.castlecops.com/f67-Hijack...ans_Oh_My.htmlBut before, please read mandatory steps before posting:http://www.castlecops.com/t102301-Hi...e_Posting.htmlFax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  5. #5
    gerard_konijn Guest

    Default Re: Virus "not-a-virus:Monitor.Win32.NetSpy.c"

    Hi Baiter and welcome to the Forum,You have to delete the values from the registry like this: I strongly recommend that you back upthe registry before making any changes to it. Incorrect changes to the registry can result in permanent data loss or corrupted files. Modify the specified keys only. Read the document,How to back up, edit, and restore the registry in Windows 2000,for instructions.Click Start &gt; Run. Type<TT>regedit</TT>, then click OK.
    1. <LI>Navigate to the key:
      <TT>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\ CurrentVersion\Run</TT>
      <LI>In the right plane, delete the value:
      <TT>"nsys" = "nsys.exe"</TT> <LI>Navigate to the key:
      <TT>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\ CurrentVersion\SharedDLLs</TT> <LI>In the right plane, delete the values:
      <TT>"%System%\nsys.exe" = "0x1"
      "%System%\nconfig.exe" = "0x1"
      "%System%\nsutil.exe" = "0x1"
      "%System%\Faq.fil" = "0x1"</TT> <LI>Navigate to the key:
      <TT>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\ CurrentVersion\App Paths</TT> <LI>In the left plane, delete the subkey:
      <TT>nsys.exe</TT> <LI>Navigate to the key:
      <TT>HKEY_CURRENT_USER\Software</TT> <LI>In the left plane, delete the subkey:
      <TT>S7000</TT> <LI>Navigate to the key:
      <TT>HKEY_CURRENT_USER\Software\</TT> <LI>In the left plane, delete the subkey:
      <TT>NetSpy</TT> <LI>If the Spyware has disabled the Task Manager, you can enable it by navigating to the key:
      <TT>HKEY_CURRENT_USER\Software\Microsoft\Windows\C urrentVersion\Policies\System</TT> <LI>In the right plane, modify the value:
      <TT>DisableTaskMgr </TT>to: <TT>0</TT> <LI>Exit the Registry Editor.</LI><LI>Restart your PC</LI>
    Best regards/Vriendelijke groeten. Gerard Konijn. Tilburg. The Netherlands.
    Help with ZoneAlarm? There's a red Search! &gt; option at the bottom of the page to find your answer.
    Or navigate the following link: http://www.donhoover.net/




    Message Edited by Gerard-Konijn on 05-05-2007 07:56 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •