sysmonxp.exe - Dangerous
sysmonxp.exe
Jeff's Story:
My PC had gotten a bad rootkit that my ISP antivirus software (powered by McAfee) could not detect, nor could fix.
I sought a solution on the Internet and discovered your product and tried out the trial.
You quickly found the rootkit and SAVED my PC!
I haven't had any problems since, and I'm extremely grateful.
Manual removal instructions:
It is a mass-mailing worm that arrives as an attachment.
The email has the following characteristics:
Subject: is different.
Body: spoofed.
Attachment: randomly generated using next phrases - data, mail, message, msg with random extension.
Creates the following files:
SysMonXP.exe
firewalllogger.txt
Adds the value: "SysMonXP"="%windir%\SysMonXP.exe"
In the system registry key: [HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
Collects the email addresses from the files with predefined extensions.
Deletes some keys from the system registry.
In according the system date the worm will launch a DoS attack on the following sites:
www.cracks.am
www.cracks.st
www.edonkey2000.com
www.emule-project.net
www.kazaa.com
Use RegRun Startup Optimizer to automatically remove this worm.