Infected by not-a-virus:Monitor.Win32.NetMon.b

Discussion in 'malware problems & news' started by avboy, Feb 29, 2008.

Thread Status:
Not open for further replies.
  1. avboy

    avboy Registered Member

    Joined:
    Feb 11, 2008
    Posts:
    165
    Hi,

    Today got infected by not-a-virus:Monitor.Win32.NetMon.b. ZASS detected it. However Avira did not detect it. I got very little information about this one on the Net including virus encyclopedia on virustotal. Can anyone tell me where to look for its type, potency, payload etc or if any of the AV suites has this definition?

    Thanks in advance.
    Avboy
     
  2. computer geek

    computer geek Registered Member

    Joined:
    Oct 6, 2007
    Posts:
    776
    this will be moved to the other-malware section.
     
    Last edited: Feb 29, 2008
  3. ASpace

    ASpace Guest

  4. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Where is the file located?
     
  5. avboy

    avboy Registered Member

    Joined:
    Feb 11, 2008
    Posts:
    165
    It has infected the executable of Bysoft Network Monitor.
     
  6. kinwolf

    kinwolf Registered Member

    Joined:
    Oct 19, 2006
    Posts:
    271
    Your exe is not infected. The name says it all "not-a-virus:Monitor.Win32.NetMon" is not a virus. It's just that it flagged netmon.exe as a potentially dangerous application that could be used for malicious activities. Other legit applications, like WinVNC, are also flagged by many antivirus becauase they can be used in a bad way.

    If it's you that installed Bysoft Netwokr Monitor, then just tell you AV to thrust the application.
     
  7. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    I suspect same but u need to be sure.
     
  8. avboy

    avboy Registered Member

    Joined:
    Feb 11, 2008
    Posts:
    165
    Thanks everyone for replying! Yes I installed it. Will not trust it yet till i know the possible danger. If you have time, can you tell me what exactly can it be used for (malicious activities)? And how? By opening other processes? Acting as a dialer? Any resource where I can read about it?

    Thanks
    Avboy
     
  9. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    It may be used to remotely control your machine.
     
  10. kinwolf

    kinwolf Registered Member

    Joined:
    Oct 19, 2006
    Posts:
    271
    Really? I was under the impression it got flagged simply because it's a network sniffer.
     
  11. dawgg

    dawgg Registered Member

    Joined:
    Jun 18, 2006
    Posts:
    817
    +1...
    With not-a-virus detections, it basically means that you should take caution with where it came from...

    If you intentionally installed it and know where it came from and what its used for, then add it to exclusions and its alright.

    If you didn't install it and do not know where it came from and how it got there; then remove it.

    Simple :)
     
  12. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    My bad :) I was thinking in a RAT. With a packet sniffer, it's possible to steal sensitive/personal information such as passwords, user IDs and any information which is transmited unencrypted.
     
Loading...
Thread Status:
Not open for further replies.