AVmon.exe – Dangerous if in your task manager …….
May 9, 2008
If AVmon.exe found in your task manager then read below :
AVmon.exe – Dangerous if in your task manager
avmon.exe AVmon.exe is a mass-mailing worm W32.Kedebe@mm.
AVmon.exe tries to terminate antiviral programs installed on a user computer.
AVmon.exe spreads by e-mail and via open network shares.
Adds the value:
“Windows Console Monitor” = “%System%\[path to the worm]”
“load” = “%Userprofile%\LOCALS~1\Applic~1\MICROS~1\Windows\[path to the worm]”
to the Windows startup registry keys.
- AVMON.EXE has been seen to perform the following behaviors
- Adds a Registry Key (RUN) to auto start Programs on system start up
Source : http://www.greatis.com/appdata/d/a/avmon.exe.htm
AVMON.EXE has been the subject of the following behavior(s)
- Added as a Registry auto start to load Program on Boot up
- Created as a new Background Service on the machine
- AVMON.EXE can also use the following file names
Infection through USB PEN DRIVES, autorun drives, email
- Use run>>regedit and delete run process of avmon.exe try using find command and type AVmon.exe
- Connect your hardisk to any other operating system other than windows
- Delete all root drive autorun.inf from your hardisk
- Reboot your system do not open any drive and download any root kit removal tool scan with your antivirus and root kit removal tool such as RegRun
- Delete 88515326.EXE,73416031.SVD, avmon.exe using search option
You can try the above process at your own risk.
if Windows folder options missing
Folder Options Is Missing
- Click Start
- Click Run
- When the Registry Edit windows open scroll down to the following key
- In the right pane look for “NoFolderOptions“
- Make sure the “NoFolderOptions” is set to 0
- If there is “NoFolderOption” click Edit on the toolbar
- Click New
- Click DWORD Value
- Name it “NoFolderOption” (without the quotes)
- The value should be set to 0 if not double click on the “NoFolderOption” and a window will open, type in 0
- When double cilcked on the drive “open with” window is opening ? Also try