Neomonap23.exe

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

i found Neomonap23.exe in my registry
( at the moment not remember precisely where but it was in the same folder
as ctfom.exe and wuampd.exe) ...this is malware but i have not found any
neomonap23.exe file in the system32 folder,what
i have searched for ax executable file name neomonap23.exe but i have not
found any,
what is the name of the virus? how can i delete it completely?
searching on the internet i have read that it may possibile be a boot sector
virus ?
 
i found Neomonap23.exe in my registry
( at the moment not remember precisely where but it was in the same
folder as ctfom.exe and wuampd.exe) ...this is malware but i have not
found any neomonap23.exe file in the system32 folder,what
i have searched for ax executable file name neomonap23.exe but i have
not found any,
what is the name of the virus? how can i delete it completely?
searching on the internet i have read that it may possibile be a boot
sector virus ?
Click to expand...

It is not a boot sector virus, but it is malware:
http://www.google.com/search?hl=en&lr=&q=Neomonap23.exe&btnG=Search

You need to clean up your computer:
http://www.elephantboycomputers.com/page2.html#Removing_Malware

Malke
 
Neomonap23.exe could be in your registry from doing a search for it. It
could be in an MRU key. You need to copy the registry key name and paste it
into a message. Just because something is in your registry does not
necessarily mean it is a bad thing.

I just did a Search for files or folders for Neomonap23.exe on my machine.
I then searched my registry and found...
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer
Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}\FilesNamedMRU
000 REG_SZ Neomonap23.exe

{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} is the File Search Explorer Band. In
other words Search for files or folders.

To copy a registry key name

1. In the registry tree (on the left), click a registry key.
2. On the Edit menu, click Copy Key Name.
3. Paste the name of the registry key into another program or document.

Or...

1. In the registry tree (on the left), right click a registry key.
2. Select Copy Key Name.
3. Paste the name of the registry key into another program or document.

However...
wuampd.exe is Added by the RBOT.UM WORM!
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.UM

Neomonap23.exe is added by a variant of the W32/SDBOT WORM!
http://vil.nai.com/vil/content/v_100454.htm

ctfom.exe? Did you mean ctfmon.exe?

ctfmon.exe = CTF Loader. Part of Microsoft Office. It activates
the Alternative User Input Text Input Processor (TIP) and the Microsoft
Office XP Language Bar.

When you run a Microsoft Office XP program, the file Ctfmon.exe (Ctfmon)
runs in the background, even after you quit all Office programs.

Ctfmon.exe monitors the active windows and provides text input service
support for speech recognition, handwriting recognition, keyboard,
translation, and other alternative user input technologies.

To prevent Ctfmon.exe from running, follow these steps.
OFFXP: What Is CTFMON and What Does It Do?
http://support.microsoft.com/default.aspx?scid=kb;en-us;28259
--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In
 
From: "(e-mail address removed)" <[email protected]@discussions.microsoft.com>

| i found Neomonap23.exe in my registry
| ( at the moment not remember precisely where but it was in the same folder
| as ctfom.exe and wuampd.exe) ...this is malware but i have not found any
| neomonap23.exe file in the system32 folder,what
| i have searched for ax executable file name neomonap23.exe but i have not
| found any,
| what is the name of the virus? how can i delete it completely?
| searching on the internet i have read that it may possibile be a boot sector
| virus ?

It could be a w32/SDbot Internet worm variant !

The following can be used to clean your PC.


Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

It is a self-extracting ZIP file that contains the Kixtart Script Interpreter {
http://kixtart.org Kixtart is CareWare } three batch files, five Kixtart scripts, one Link
(.LNK) file, this PDF instruction file and two utilities; UNZIP.EXE and WGET.EXE. It will
simplify the process of using; Sophos, Trend and McAfee Anti Virus Command Line Scanners to
remove
viruses and various other malware.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode. This
way all the components can be downloaded from each AV vendor’s web site.
The choices are; Sophos, Trend, McAfee, Exit the menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file.

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.

* * * Please report back your results * * *
 
Back
Top