Help! Spyware on boot up

[Guest]

When I start up Windows XP Pro the program umonit.exe tries to open. Have
used msconfig to examine boot.ini , start up etc but can see the file listed.
When I do a search there are two entries, one in Windows Prefetch, the other
in Windows System 32. Since the file umonit.exe has an unknown publisher is
it safe to assume that I can just delete the two entries?

 

[Guest]

When I start up Windows XP Pro the program umonit.exe tries to open. Have
used msconfig to examine boot.ini , start up etc but can see the file listed.
When I do a search there are two entries, one in Windows Prefetch, the other
in Windows System 32. Since the file umonit.exe has an unknown publisher is
it safe to assume that I can just delete the two entries?

USB Monitor, it will alert you if there is a USB devices detected on your
system to install it.
Try to Remove it from start up or check your USB devices none of them is
Malfunctioning and causing this issue.
=How to perform a clean boot procedure to prevent background programs from
interfering with a game or a program that you currently use
http://support.microsoft.com/kb/331796
HTH.
nass

 

[Richard]

I don't know the answer to your specific question. I avoid problems
like this by running:

AVG Free (which is free), an anti-virus program,
Start-up Cop ($10 PC Mag), to protect against spurious Registry mods
PrevX (about $40 annually) to prevent startup of any "unknown"
program.

Good luck!

HTH,
Richard

 

[Claymore]

When I start up Windows XP Pro the program umonit.exe tries to open. Have
used msconfig to examine boot.ini , start up etc but can see the file listed.
When I do a search there are two entries, one in Windows Prefetch, the other
in Windows System 32. Since the file umonit.exe has an unknown publisher is
it safe to assume that I can just delete the two entries?

Hi,

Possibly a trojan masquerading as a USB hardware insert monitor,
especially if you notice a performance slowdown if you insert a USB
device. May have been innocently installed by a USB installation CD.
Suggest you move it to another location and then remove it from the
startup entries. If all is OK after a while, delete it.
And run a virus and spyware scan as already suggested.

 

[Guest]

Thanks for reply. What puzzles me about the reply you recommend a clean boot
as though the PC has been used to play games online but this has not
happened, so although I will do the clean boot I'm left wondering what has
caused it?

 

[Holz]

When I start up Windows XP Pro the program umonit.exe

Try this.
http://www.ubuntu.com

 

[Guest]

Thanks everyone !!! From nass's reply I reasoned that the file must be a
Windows file and therefore needed to detect for USB connection. I'm now happy
that I can understand the resolution and what has caused it

Thanks nass

 

[Claymore]

Thanks everyone !!! From nass's reply I reasoned that the file must be a
Windows file and therefore needed to detect for USB connection. I'm now happy
that I can understand the resolution and what has caused it

Thanks nass





- Show quoted text -

Hello again,

This is NOT a Windows file. I have several installations of XP and
this file does not appear anywhere. Probably OK if you can be bothered
with it, but read this:

http://www.castlecops.com/s4002-UMonit.html

and this (scroll down to umonit.exe):

http://www.answersthatwork.com/Tasklist_pages/tasklist_u.htm

Your call.

 

[Rock]

When I start up Windows XP Pro the program umonit.exe tries to open. Have
used msconfig to examine boot.ini , start up etc but can see the file
listed.
When I do a search there are two entries, one in Windows Prefetch, the
other
in Windows System 32. Since the file umonit.exe has an unknown publisher
is
it safe to assume that I can just delete the two entries?

Umonit.exe is _not_ a windows file. It could be legitimate, installed by a
3rd party app, or it could be malware masquerading as a legit file. You
should know if you installed anything right before this problem started.
It's interesting that you can't find it on msconfig, since when legit it
should appear there. Download Autoruns for MS to see if you can find where
it's loading from.

http://www.microsoft.com/technet/sysinternals/utilities/Autoruns.mspx

In any event I would not just let it be. Even if legit it's not needed.
Here are some links for dealing with malware. I suggest you do a thorough
scan for malware.

Malware Removal
http://www.elephantboycomputers.com/page2.html#Removing_Malware

THE PARASITE FIGHT
Finding, Removing & Protecting Yourself From Scumware
http://aumha.org/a/parasite.htm

Richard Harper’s Guide to Cleaning Pests
http://rgharper.mvps.org/cleanit.htm

 

[Plato]

When I start up Windows XP Pro the program umonit.exe tries to open. Have
used msconfig to examine boot.ini , start up etc but can see the file listed.
When I do a search there are two entries, one in Windows Prefetch, the other
in Windows System 32. Since the file umonit.exe has an unknown publisher is
it safe to assume that I can just delete the two entries?

I'ts always best to rename and see the results before deleting and "odd"
file(s).

 

[Ron Badour]

What I do when I find an unknown program or file being opened at boot is use
Google.com to find out what it is. In this case, I got a hit here:

http://www.answersthatwork.com/Tasklist_pages/tasklist_u.htm which said:

Trojan virus program which masquerades as a supposed "USB Monitor"
program. The deception has been so successful that many sources on the web
genuinely believe that this task alerts the user when a USB device has been
plugged in. It does nothing of the sort : in fact, one of its unwanted
side-effects on many PCs that we have found the program on, is that it
actually makes the PC unbearably slow as soon as specific types of USB
devices are plugged in. There are different versions of this program, some
of them clearly communicating with some servers out on the Internet, and we
have found one or two to download other Trojans and viruses. Crazily, in
our experience this program seems to come on the [usually not required]
installation CDs of generic brands of card readers. Before you get worried
about the card reader you have just bought, this is in no way an indication
that you have bought a bad card reader, but it is an indication that the
manufacturers of the card reader did not do a good quality assurance check
on the software which comes on the included CD (and which they in most
cases will have sourced rather than written themselves).

If the file is being started at boot, you will probably have trouble
deleting it unless you do a selective startup. I'd also wonder why your AV
program is not identifying the Trojan.