Netmon.exe removal

Bit Defender: Trojan.Buzus.CV:

The last update of this Trojan was seen in April 2009. As soon as it is executed, it creates another executable file in a random directory. With the help of the registry, this file is being executed at every startup. The name of this file is "netmon.exe". Another worm was previously detected with this name but it had a completely different functionality than this one. The Trojan also drops a .sys file in the "C:\WINDOWS\System\Drivers" folder which in turn adds to the list of Windows services. The Trojan may spread with the help of the Removable drives that are attached in order to share the information. Whenever a removable disk is inserted, the virus' process creates a copy of itself along with an "autorun.inf" file to enter the system where this USB drive is opened again. The virus takes up a lot of the processor's efficiency for these actions and as a result, the system becomes very slow. The .sys file that the virus drops into the Drivers folder is actually registered as a driver to fool the User. However, the Trojan manages to hide itself from the user to avoid its detection and deletion even by mistake. Now lets take a look at the instructions to delete this virus. 

Manual instructions to delete netmon.exe:

  1. The name of the process that is created by the Trojan can actually be anything. So lets obtain the path and then get to the removal of this one. So reboot your computer in the Safe mode and open the registry(Start-->Run and type "regedit").
  2. Navigate to the following key


    You'll find netmon.exe on your right-hand side. Delete the key but remember the path. Save it in Windows Notepad just in case you forget it.

  3. Search for the value "netmon.exe" in the registry by using the Ctrl+F button when the window is active and remove the path of it in any key that you find.
  4. While you're at it, also search for the file "sysdrv32.sys". Yes, that is the name of the .sys file which I found in my computer. Remove the path of this file from all the entries you find. You'll also need to remember the path of this file.
  5. You've finally deleted the Trojan from your registry. Now all that is left is deleting it completely from your computer Hard-disk. Restart your system again in the Safe mode and use the Command Prompt to delete the virus.
  6. Start-->Run and type "cmd". The Command Prompt opens in the %home% directory. Type "cd\" in order to go to the "C:" location. I hope you haven't forgot the path of the Trojan and its .sys file. Type "attrib -r -a -s -h {path of the file with extension}" in Command Prompt. This will remove the attributes of the files so that it can easily be deleted at the next step. 
  7. Once you do that, type "del {path of the file.extension}" to delete the file completely. We're doing this because the files that are dropped by the Trojan are hidden to the User in such a way that, it cannot be viewed or detected by the user.
  8. Now finally you're free from the worm. 

Caution: If you're looking for the worm consisting of this process name, you're in the wrong place. Please follow the instructions only if you are sure that this is the Trojan that is affecting your computer.

Posts that might help you:
Enable Safe mode booting, enable Registry, enabling Command Prompt.
Get the best security software for your compter here!

powered by Blogger | WordPress by Newwpthemes | Converted by BloggerTheme