May 22nd, 2004, 16:36 PM
Isvcmon.exe and virus activity
Twice now while updating windows I have had a DOS screen appear in the background of the update download screen, which lists all my NAV files and then disables them, gives me weird messages ("thanks for leeching") and disables NAV, causing me to uninstall and reinstall NAV for it to work again.
I found the W32 Blaster. worm in my system and deleted it. Then I reloaded, NAV, and, this time, NIS and started surfing. NIS caught a file Isvcmon.exe trying to connect me to a site (never heard of it before). I stopped the process. What is this file?? Isvcmon.exe. It is also in my startup file! Is this another virus???
NAV scans have not identified it as a virus.
(As I am writing this NIS just caught an inbound trojan).
Thanks in advance for your help
May 22nd, 2004, 20:55 PM
Svcmon.exe: Service Monitoring Tool
This tool monitors services on local and remote computers for changes in state (starting or stopping). To detect these changes, Service Monitoring Tool implements a polling scheme. When a monitored service stops or starts, Service Monitoring Tool notifies you by sending e-mail or via Microsoft® Exchange Server.
Are you sure it is Isvcmon.exe? And not svcmon.exe? Not doubting you but when I went to look up ISVCMON.EXE nothing came up. BUt svcmon.exe brought up several thousand results.
This is a service monitoring tool that monitors services on local or remote computers and notifies the administrator when their status changes.
May 22nd, 2004, 22:24 PM
Yes, it is Isvcmon.exe and it resides on the registry at
I deleted the ISVCMON.EXE from Windows/System32 directory with no ill effects and since then, my system has stopped trying to connect to the internet.
I have conducted a search on my system and the only place where this file now resides is on the registry. It is now currently showing up on my startup list when I access it through MSCONFIG (but not starting up).
How do I get rid of this last registry entry? I found the two other entrys at HKEY/SOFTWARE/Microsoft/Windows/CurrentVersion/Run and at HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Run
but I do not know where
May 23rd, 2004, 05:21 AM
Use a program like the one linked to below:
It should let you delete any startup items.