:bounce: thank you
thank you jekkoy
i wanted to thank you. the first message was the first one i replied to but i found the taskcntr.exe on the server and i removed the file and the problem seemed solved
i wanted to thank you
I am wondering is anyone can help me. I am not good with these system files at all. First,
What is a HJT file?
I tried to delete the remon.sys file and i did on safe mode but it just comes back.
Can someone please explain to me how to fix in like easy computer language please?
THANK YOU SO MUCH!!
symantec now detects that virus with the update from 20th of september.
also rename the file taskcntr.exe to taskcntr.xxx and then scan your machine with a virus definition update from today and it should detect the virus.
I got remon.sys too.. I tried to delete the file but it keeps coming back...
I tried to follow the instruction above with regards to sysmanager.exe file and taskcntr.exe file.. but these files does not exist in my PC...
any help would be greatly appreciated.. Thanks in advance...
After going thru live update and scanning windows directory, NAV does detect the virus ( remon.sys ) but still cannot clean it...
BTW,, here is my HJT log file. :angel:
Logfile of HijackThis v1.99.1
Follow these instructions EXACTLY
How to remove Begin2Search/Coolwebsearch and Other Nasties
Then see How to post your Hijackthis log-files as an attachment.
And read a few of the other Rootkit posts!
This is what I want to know. :giddy:
Thanks Mate!!!! -> RealBlackStuff
I'll try it later... :chef: cheers! (this smiley looks like a beer in a mug doesn't it)
Hello, I am having the same problems with remon.sys.
Thanks for the help in advance.
Also had this just pop up. taskcntr.exe W32.spybot.worm
This thread helped me get rid of that stupid remon.sys virus. Thank you guys so much. I had been fighting with Gateway and Verizon the last 3 days.
After I learned Verizon's DSL is just a wide open, unprotected network that anyone can send data to whoever, I bought a router and 3 different virus, spyware, and adware programs.
It is not all Verizon's fault though. Microsoft had better do something quick.
I felt :dead: for a week. Now I am going to go puke: .
Fogelhund (I hope you are not DOING that)
C:\Documents and Settings\Brett\Local Settings\Temp\HijackThis.exe
put HijackThis in e.g C:\Program Files\HJT and NOT in Temp or on the Desktop!.
Boot in Safe Mode, see how here.
In Windows Explorer, turn on "show all files and folders, including hidden and system". See how here.
Next, open Windows Task Manager by pressing CTRL+ALT+DELETE.
Click the Processes tab, select the process (if there) and click End Process for:
Next, click Start/Control Panel/Add/Remove Programs. If there, UNinstall anything to do with:
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
Next, click Start/Run and type services.msc and click OK. Look for the service:
Doubleclick it, click Stop if it's running, and change the Startup type to Disabled.
Next, run a HJT scan and (if still there) place a tick-mark in the little square before:
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKCU\..\Run: [UnHackMe Monitor] C:\Program Files\UnHackMe\hackmon.exe
Fix ALL O16 - DPF: entries
O23 - Service: TASKESV (TESV) - Unknown owner - C:\WINNT\taskcntr.exe
Now click on the Fix Checked button in HJT. Exit HJT.
When done, from between the above dotted lines, delete the highlighted bold files.
When a \directory-name\ is bold, delete everything in it, including that directory itself.
Delete all files and directories from: C:\Documents and Settings\[username]\Local Settings\Temp
Repeat this for ALL [usernames].
Rightclick IE on the desktop, select Properties, click on Delete Cookies, and Delete Files.
Delete ALL files and directories from: C:\WINDOWS\Temp (except files dated from TODAY).
Boot normal. When all OK, switch System Restore back on.
It worked! Thanks a whole lot.
that stupid remon file is gone, im not getting the virus message anymore either.
Im not sure what "O23 - Service: ECA (cpanel) - Unknown owner - C:\WINDOWS\javapanel.exe (file missing)" is but i cant get it to go away.. but its not bothering so i dont really mind.
heres my latest hijack
and thanks again.
You need to try again (in Safe Mode) to get rid of this, using HJT:
O23 - Service: ECA (cpanel) - Unknown owner - C:\WINDOWS\javapanel.exe (file missing)
The rest is clean.
If you can't, click on Start/Run and type in regedit and click OK
In regedit click on Edit/Find and type in javapanel.exe and press F3
If found rightclick the entry in the right hand side panel, and select Delete. Fress F3 again and repeat until end of Registry. Then Exit registry.