I have a Trojan.Media-Codec/isamonitor.exe/pmmon.exe problem

statelines · Nov 28, 2006

I have read and completed all of the steps in 'READ & RUN ME FIRST'.

Okay, there's a little button in my taskbar/tray that constantly tells me it's detected 'critical errors' and tells me to click that 'baloon' to download anti-virus software, which is called VirusBurster, which is a VIRUS ITSELF I've learned. I'm also getting notifications that I don't have a firewall enabled. Sometimes it messes with google, but this hasn't happened to me.

I have deleted isamonitor.exe, pmmon.exe (which has shown up again even though I've deleted it while in Safe Mode) and pmsngr.exe, which seem to be part of Trojan.Media-Codec? Yet still the problem persists.

I am running Winborg XP, which is basically a clone of Windows XP, 512 MB of ram, with SP2.

Attached is my HiJack This log.

All help is appreciated, thank you.

DavidGP · Nov 28, 2006

statelines said:

I have read and completed all of the steps in 'READ & RUN ME FIRST'.
Click to expand...

However you have only posted 1 log in Hijackthis, there are the below ones, too, skipping straight to hijackthis will not help find and help us remove any malware thats on your PC, hijackthis should be the last step and scan run.

When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:

CounterSpy

AVG Antispyware log - ONLY IF NEEDED you were not able to run CounterSpy

Bitdefender - from step 6

Panda Scan - from step 6

runkeys.txt - the log from GetRunKey.bat

newfiles.txt - the log from ShowNew.bat

statelines · Nov 28, 2006

Sorry =/ It was late and I was totally exhausted, lol.

I zipped all of the logs, since I can only add three attachments per post.

chaslang · Nov 29, 2006

Uninstall the below software:
Internet Explorer Security Plugin 2006 <--- should have been uninstalled in step 0 of the READ & RUN ME
Internet Security Add-On <--- should have been uninstalled in step 0 of the READ & RUN ME
J2SE Runtime Environment 5.0 Update 3
Mozilla Firefox (1.5.0.8)
Viewpoint Media Player <--- should have been uninstalled in step 0 of the READ & RUN ME

Now install the current version of Sun Java from: Sun Java Runtime Environment

Then install the current version of FireFox from: Mozilla Firefox

Now I'm going to post two sets of instructions below. Each will be enclosed in separate Quote boxes. Make sure to complete the first one 100% before moving on to the second one.

STEP 1: Complete this procedure completely including attaching the requested log before doing the second procedure.

Download SmitfraudFix (by S!Ri) to your Desktop.

Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press Enter
This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please attach that log in your next reply.

Note:process.exe ( which is used my SmitFraudFIx ) is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user. The below is a link to what process.exe is.

http://www.beyondlogic.org/consulting/proc...processutil.htm

IMPORTANT: Do NOT run any other options until you are asked to do so!
Click to expand...

STEP 2: PLEASE READ ALL OF THESE INSTRUCTIONS FIRST BEFORE DOING ANYTHING. Ask any questions that you may have before starting.

Please print out or copy these instructions to Notepad as the internet will not be (while in Safe Mode) available to you at certain points of the removal process. Make sure to work through all the Steps in the exact order in which they are listed below. Again, if there's anything that you don't understand, ask your question(s) before moving on with the fixes.

Reboot your computer into Safe Mode : Starting your computer in Safe mode

Open the SmitfraudFix Folder of your Desktop, then double-click smitfraudfix.cmd file to start the tool.

Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.

The tool will also check if wininet.dll is infected. If it is infected and a clean version is found, you will be prompted to replace the infected wininet.dll with the clean file. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.

A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. BUT Reboot in Safe Mode.

The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed.

Now reboot into normal mode and attach this new rapport.txt log here.
Click to expand...

Now attach new logs from:

GetRunKey

ShowNew

HJT

How are things working now?

statelines · Dec 1, 2006

Thank you! The problem is fixed.

chaslang · Dec 2, 2006

You're welcome but it would be wise to post the all the logs that were requested so we can be sure you are clean.

Log in or Sign up

I have a Trojan.Media-Codec/isamonitor.exe/pmmon.exe problem

statelines Private E-2

Attached Files:

hijackthis.log

DavidGP MajorGeeks Forum Administrator - Grand Pooh-Bah Staff Member

statelines Private E-2

Attached Files:

logs.zip

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

statelines Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member