Process Monitor Removal

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by mcertini, May 25, 2012.

  1. mcertini

    mcertini Private E-2

    I recently encountered problems with an application that contains Themida when I used Process Explorer. When I encountered this problem I proceeded to delete the program and figured I was hunkey dorey. What I discovered was that Process Monitor by design places hooks in the kernel and that my deleting the file would not clear these entries. In researching further I found GMER and identified the fragments and used "Restore SSDT" to get rid of them. I though have one additional entry that I cannot get rid of. The type is ?, the name is C:\Windows\System32\Drivers\PROCMON20.SYS, and the value is "The system cannot find the file specified !. Does anyone know how I can eliminate this? In GMER I do not have the option to "Restore SSDT".
     
    mcertini, May 25, 2012
    #1
  2. thisisu

    thisisu Malware Consultant

    Welcome to MajorGeeks, mcertini :)

    See if Autoruns detects it. Should be highlighted in yellow if "File not Found" as you describe.
     
    thisisu, May 26, 2012
    #2
  3. mcertini

    mcertini Private E-2

    thisisu,

    Thank you for your reply. The last entry disappeared. Apparently I did not reboot my computer.
     
    mcertini, May 26, 2012
    #3
  4. thisisu

    thisisu Malware Consultant

    Glad to hear it. Be safe :)
     
    thisisu, May 27, 2012
    #4

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds