Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HIJACK Log Post: Monitor.exe trying to access the Internet


  • Please log in to reply
2 replies to this topic

#1 Catmandoo

Catmandoo

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:31 AM

Posted 11 April 2005 - 03:49 PM

:thumbsup: HI All!
Is it normal for the "Monitor.exe" to try to access the internet? Or do I have a bug? According to MS description, this device regulates internal functions and needs no Internet access. I have blocked it completely, after a system reinstall and putting in the firewall FIRST before connecting to anything by phone line. The firewall indicates a good deal of port scanning (eTrust), so I put in PortBlocker to help out.
What brought all this to my attention is that my previous firewall was attacked and turned off/on and adjusted without my knowing (Sygate free) and let a lot of stuff get into the machine. The balloons that pop up from the bottom of the screen indicated 'Monitor.exe' was trying to access the Net and I was getting a flurry of portscans from outside. It got worse, and other software devices became vehicles for unauthorized access as well. After using the system recovery disc for full reinstallation, it behaved well for a short time, then began regular attempts to get out to the Net again. The firewall requires ok for all traffic, except what's allowed by me, so the Monitor.exe is blocked completely. YES, you could live with it this way . . . but what does this? And can this be utilized by attackers?
I have run every detection/removal device recommended to me, and have had AdAware, SpybotS&D, SpywareBlaster, AVG Antivirus, BHODemon, MRUBlaster, and a few more, all MS updates. If there's nothing wrong with HJT log does it mean there's nothing wrong with the system? It's been an uphill battle and any help will be greatly appreciated. Thanks.

--Catman

Sorry, can't get the log to post.

BC AdBot (Login to Remove)

 


#2 stidyup

stidyup

  • Members
  • 641 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:31 AM

Posted 12 April 2005 - 02:54 AM

You need to post a hijackthis log here

How_to_submit_a_Hijackthis_Log

#3 Catmandoo

Catmandoo
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:31 AM

Posted 12 April 2005 - 01:11 PM

:thumbsup: HI! STIDYUP!!
I did as you suggested, and thanks for the tips about posting the HJT log. Part of the trouble is I went to a security site, followed the suggestions for security--and couldn't get Windows to function because Internet Explorer features seem to need to be enabled to allow NotePad to copy & paste. I think. . . .? There's a device called RegAlyzer that lets you look at things in the Registry (I don't know how to open Registry), and it seems like a great idea!--but I have no idea what I'm looking at . . . . or what to do with it
? ? ?
If there's nothing wrong with HJT log, could there STILL be something hiding? I'm going to get offline, shut off eTrust AV, and run a scan with Clam AV, which claims to detect "Flux" Trojans. They come in about a dozen flavors, and seem to get past defenses. Iread in PCWorld that they are easily removable (for now), but that a new and nearly unremovable cookie which resides in flashplayer, behaves much like a trojan, in that it recreates itself after deletion. So far these advertisers are not breaking the law doing this.
--Catman




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users