Win32/Monitor.Netmon.A - help!!

Discussion in 'NOD32 version 2 Forum' started by pykko, Jun 9, 2006.

Thread Status:
Not open for further replies.
  1. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    One of my friend has just installed NOD32. He had AVG before. He did a scan and NOD found the following:
    "application Win32/Monitor.Netmon.A found in operating memory. The file can be deleted. It is strongly recommended that you back up any crucial data before you proceed. No action can be taken while the file is in memory. Click "Leave" to continue and subsequently run the cleaning of all local disks. System memory infection originated from file C:\Program Files\Network Monitor\netmon.exe"

    How could he get out of this threat? Is it dangerous? Is there any other option besides scanning in Safe Mode?
     
  2. i_kenefick

    i_kenefick Registered Member

    Joined:
    Nov 29, 2005
    Posts:
    135
    Location:
    Cork, Ireland.
    RELAX!!

    The application is NOT dangerous at all. It's a Microsoft Network Monitor used to capture network traffic. As you can see by the nature of the description this 'COULD' be classified as a potentially unwanted application. It's detected by NOD32's 'Potentiall Dangerous Applications' option. Uncheck this to remove detection for this type of application.

    To remove the program (lets not call it a threat) use the Add/Remove Programs option in the Windows control panel.
     
  3. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    i_kenefick sorry to contradict you. Indeed it's not so dangerous, but that file shouldn't be there in Program Files. ;) So it's a threat, not a part of MS.

    Anyway, my friend deleted it manually than scanned again and the system is clean now.

    Additionally NOD32 found many other viruse that AVG didn't even heard about. :)
     
  4. i_kenefick

    i_kenefick Registered Member

    Joined:
    Nov 29, 2005
    Posts:
    135
    Location:
    Cork, Ireland.

    o_O It IS a Microsoft Program. It's default directory is %WINDIR%\Program Files so um yeah it should be there since someone installed it. Just because it didn't come with the OS doesn't mean it's shouldn't be there. For it to exist there in the first place means someone actually needed it sometimes (or thought they did) and installed it. You are not contradicting me... you are just incorrect.

    Now you have lots of unwanted registry junk and dll's. All you had to do was uninstall from the Control Panel :eek: This is a good example of how to break windows OS and make it unstable. What if this program had added contextual menu or worse added something to the Winsock LSP chain? Your friends Windows installation would be in a big mess. Deleting .exe's is fine for malware [it's not like Malware comes with an addition to add/remove programs :) ]- but for genuine installations then it should be removed using an uninstaller which contacins info like the files added during the install and registry entries which can safely be removed.

    The important thing to remember with files detected as 'applications' by NOD32 or any other AV for that matter. If the uninstaller exists use it otherwise you will have a lot of files and entries leftover after simply deleting the executable.

    No disrespect to free av solution but this is no surprise :cautious:
     
    Last edited: Jun 9, 2006
  5. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
    Relax, The netmon.exe file is Riskware, part of Microsoft's Network Monitor as noted above. You could have uninstalled it, but NOD32 deletes the reg keys in the 'RUN' category anyway, so you are safe enough. Yet, you should try to uninstall it the proper way in order to ensure proper functioning of Windows. :)
     
  6. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    ok, Firecat, thx for the reply ;)

    But strange I don't have that file on my computer... o_O
     
  7. i_kenefick

    i_kenefick Registered Member

    Joined:
    Nov 29, 2005
    Posts:
    135
    Location:
    Cork, Ireland.
    You probably haven't installed the application. You need to capture packets and analyse their contents? Are you debugging software which transmits data over a network? If you don't then you probably don't need this applciation anyways. Similar products are Ethereal and Commview.
     
  8. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    no, I'm not doing none of these. ;) And not my friend does...
     
  9. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
  10. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    I think this is the solution Firecat. My friend has no ideea of using Network Monitor, he has just installed Windows 2 days ago and then he entered some crack websites. :D :D (he was using AVG , and he installed NOD32 only today)

    He did another full scan with NOD32 and he found nothing. ;)
    Thx for the info
     
  11. i_kenefick

    i_kenefick Registered Member

    Joined:
    Nov 29, 2005
    Posts:
    135
    Location:
    Cork, Ireland.
    NETMON.exe with respect to Mimail is actually a MIMAIL component. If it was MIMAIL it would be detected as MIMAIL. In this case it's definately NOT MIMAIL.
     
Thread Status:
Not open for further replies.