Results 1 to 4 of 4

Thread: Isvcmon.exe and virus activity

  1. #1
    Junior Member
    Join Date
    Apr 2004
    Posts
    12

    Isvcmon.exe and virus activity

    Twice now while updating windows I have had a DOS screen appear in the background of the update download screen, which lists all my NAV files and then disables them, gives me weird messages ("thanks for leeching") and disables NAV, causing me to uninstall and reinstall NAV for it to work again.

    I found the W32 Blaster. worm in my system and deleted it. Then I reloaded, NAV, and, this time, NIS and started surfing. NIS caught a file Isvcmon.exe trying to connect me to a site (never heard of it before). I stopped the process. What is this file?? Isvcmon.exe. It is also in my startup file! Is this another virus???

    NAV scans have not identified it as a virus.

    (As I am writing this NIS just caught an inbound trojan).

    Thanks in advance for your help
    Engineer

  2. #2
    Super Moderator Super Moderator Big Booger's Avatar
    Join Date
    Apr 2002
    Location
    JAPAN
    Posts
    10,941
    Svcmon.exe: Service Monitoring Tool

    This tool monitors services on local and remote computers for changes in state (starting or stopping). To detect these changes, Service Monitoring Tool implements a polling scheme. When a monitored service stops or starts, Service Monitoring Tool notifies you by sending e-mail or via Microsoft® Exchange Server.


    Are you sure it is Isvcmon.exe? And not svcmon.exe? Not doubting you but when I went to look up ISVCMON.EXE nothing came up. BUt svcmon.exe brought up several thousand results.

    This is a service monitoring tool that monitors services on local or remote computers and notifies the administrator when their status changes.

  3. #3
    Junior Member
    Join Date
    Apr 2004
    Posts
    12

    confirmed

    Yes, it is Isvcmon.exe and it resides on the registry at
    SOFTWARE/Microsoft/Windows/CurrentVersion/Run.

    I deleted the ISVCMON.EXE from Windows/System32 directory with no ill effects and since then, my system has stopped trying to connect to the internet.

    I have conducted a search on my system and the only place where this file now resides is on the registry. It is now currently showing up on my startup list when I access it through MSCONFIG (but not starting up).

    How do I get rid of this last registry entry? I found the two other entrys at HKEY/SOFTWARE/Microsoft/Windows/CurrentVersion/Run and at HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Run
    but I do not know where
    SOFTWARE/Microsoft/Windows/CurrentVersion/Run, is.

    Thanks
    Engineer

  4. #4
    Super Moderator Super Moderator Big Booger's Avatar
    Join Date
    Apr 2002
    Location
    JAPAN
    Posts
    10,941
    Use a program like the one linked to below:
    http://www.jv16.org/

    It should let you delete any startup items.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •