MSSE started finding a trojan on my computer every time I started up, and upon further investigation I found this suspicious "monmvr32.exe" in my startup programs. I tried disabling it in msconfig and it simply re-enabled itself.
It claims its location to be "C:\Users\blah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\monmvr32.exe", but as far as I can tell no such file exists. Here's the weird thing: if I try to run that exe from the command line it opens properly (I can see it in Process Explorer) but if I try to delete that same file it says it doesn't exist.
In Process Explorer, I can see that it opens its own svchost.exe process which then sucks up 50% of my CPU usage and its description is "NDIS VPN" by the manufacturer "SecureNet". So yeah, definitely a virus. I've tried googling it but not much turns up.
If it's a VPN then they are obviously trying to tunnel into your computer and steal files through a virtual network. That sounds like a tricky one. You may have to get an antivirus with a boot scan that you can run off a bootCD.
Well I booted into my thumbdrive Linux and found and deleted the "monmvr32.exe". I doubt that that will fix my problem, but I've got my fingers crossed.
[b]Edit:[/b]
The virus appears to be gone, but it broke Google Chrome. Even after uninstalling and reinstalling it doesn't work.
Reformatted. Fucking shit that was horrible.
[QUOTE=Larikang;24791716]
The virus appears to be gone, but it broke Google Chrome. Even after uninstalling and reinstalling it doesn't work.[/QUOTE]
Or you could have checked the Internet Options under IE, Chrome uses those too. Strangely, Firefox does not. :raise:
That's because Firefox is ported from Linux and FOSS idiots hate to use OS features that aren't from Linux.
[quote=bmb;24811019]that's because firefox is ported from linux and foss idiots hate to use os features that aren't from linux.[/quote]
foss? (why doesn't it stay caps'd?)
Free and Open Source Software
[QUOTE=starpoo90;24809115]Or you could have checked the Internet Options under IE, Chrome uses those too. Strangely, Firefox does not. :raise:[/QUOTE]
Trust me, I tried virtually every solution I could find online. Plus it had been a while since my last reformat and my computer had a bunch of weird unrelated quirks that I was getting sick of.
[QUOTE=Larikang;24821439]Trust me, I tried virtually every solution I could find online. Plus it had been a while since my last reformat and my computer had a bunch of weird unrelated quirks that I was getting sick of.[/QUOTE]
I would be sad to reformat, I keep all my downloads for a reason you know...(I'm suggesting I archive them.)
[QUOTE=BmB;24811019]That's because Firefox is ported from Linux and FOSS idiots hate to use OS features that aren't from Linux.[/QUOTE]
And thank god they don't. Windows internet settings is a fucking terrible mess.
Hello. I'm sorry fr bringing up this old thread. I made an account here to post this.
I had the same virus few days ago. Since i couldn't find anything goggling I had to take things on my own. I successfully removed it. Since there isn't anything useful on around internet I will post my solution here, so if anyone gets this virus in future he will know what to do.
First you have to identify where is the virus. I used Crap Cleaner for that task. Since I couldn't find it anywhere. So basically download crap cleaner, once you install it go to Tools => Startup. There should be a list of programs that start with your computer. You will see monmvr32.exe and next to it there will be his location. First step is over now. You have its location.
I had mine in C:\Documents and Settings\DSofa\Start Menu\Programs\Startup\monmvr32.exe
Now go to Start=>Run=>enter cmd and press enter. Next step is to make it visible and readable. In cmd enter attrib -s -r "Location of virus" and press enter. In my case it looked like this.
attrib -r -s "C:\Documents and Settings\DSofa\Start Menu\Programs\Startup\monmvr32.exe"
Now if you navigate on that address, you will see it there. If you try to delete it, it wont work because its currently being used. Next step is making a simple batch file. Open notepad and enter
@echo off
DEL "Location of file"
In my case it looks like this
@echo off
DEL "C:\Documents and Settings\DSofa\Start Menu\Programs\Startup\monmvr32.exe"
Now click File=>Save as=>delete *.txt and write Delete.bat => Save it on any location you want.
You should have a batch file now instead text file. Last step is to run this batch file before the virus starts.
Go to Start=>Run=>write regedit and press enter. Once it opens, navigate to HKEY LOCAL MACHINE > SOFTWARE > Microsoft > Windows > Current Version > RunOnce
Now right click on RunOnce > New > String Value. You will notice a new value appears on right side. Name it as you want. Press right click on it and click Modify. In Value Data enter the path to that batch file you made few secs ago.
Restart your computer. It should be deleted on next start. If you followed all steps, you successfully got rid of it. Just to make sure its gone, check in CCleaner if you still have him in startup. If you have then you did something wrong and you should start again.
Because I'm not a computer wiz, this is the only way i know how to delete it without using third party programs.
I hope someone will find this useful.
[QUOTE=DSofa;24976791]Hello. I'm sorry fr bringing up this old thread. I made an account here to post this.
I hope someone will find this useful.[/QUOTE]Thanks! This totally worked and my computer is back to normal.
...except for Chrome. I've had this issue with Chrome in the past and just need to remember how I fixed it.
Yeah, I deleted the instance of the virus by booting into a live linux distro. However it permanently broke Chrome and I couldn't figure out how to fix it. Hence reformatting.
[QUOTE=Larikang;24999850]However it permanently broke Chrome and I couldn't figure out how to fix it.[/QUOTE]My Chrome was fixed by magic. I followed online instructions that told me to run Chrome as a Win XP application with Admin privileges. Then set Chrome as the default browser. It already was, so I set IE8 as the default browser and tried again. Chrome didn't recognize IE8 was now the default, so I gave up. I removed the options to run Chrome as Win XP app and Admin privileges. When I started Chrome, it worked. WTH?! I'm telling you, it was magic!
Here is the thread on Google groups: [url]http://www.google.com/support/forum/p/Chrome/thread?tid=622673c3b4f155d7&hl=en[/url]
I use the Dr.Web's Antivirus bootable LiveCD. It's free and is my first line of defense in fixing a malware-engrossed PC.
Sorry, you need to Log In to post a reply to this thread.
