'Windows Monitor' spyware??

Discussion in 'Windows Vista Security' started by MC10, Sep 27, 2007.

  1. MC10

    MC10 Guest

    I have Windows Vista. Every now and then a very small window will pop up and
    it says 'Windows Monitor' on the top. If I try and click on it, it will go
    to the task bar and I can't bring it back up. If I roll my mouse on it, it
    will show what's on the screen, but the screen is blank. Is this Spyware? I
    did spyware and virus scans and nothing shows up, it is still coming up every
    now and then.
    Does anyone know what this can be?
     
    MC10, Sep 27, 2007
    #1
    1. Advertisements

  2. MC10

    Jesper Guest

    This could be any one of about a thousand things. Can you do this for us:

    1. Hit CTRL+SHIFT+ESC
    2. Find the window on the Applications tab
    3. Right-click it and select Go to process
    4. Hit "View|Select columns" and make sure the Command Line column is showing
    5. Copy down the entire text in the command line column and reply to this
    post with it.

    With that we should have a far better idea. Many management tools have a
    "Windows monitor" but there may be malware that does too.
     
    Jesper, Sep 28, 2007
    #2
    1. Advertisements

  3. MC10

    MC10 Guest

    I got to the process tab, select columns, but there is no command line
    column. It's just a list of things with boxes in front of the item, some are
    checked marked and some aren't.
     
    MC10, Sep 28, 2007
    #3
  4. MC10

    Jesper Guest

    Those "things with boxes in front of them" are the columns that you display
    in the main window. The fourth one from the bottom should say "Command Line".
    It tells us exactly what command was executed to create that window. Make
    sure it is checked. That gives you a column in the main window that says
    "Command Line". The information I need is in there.
     
    Jesper, Sep 28, 2007
    #4
  5. MC10

    MC10 Guest

    Ok got it. But what command line do you want me to copy down? There is a
    list of about 22 processes on there. Is there a way to copy and paste them?
    Or is there a certain one I'm looking for?
     
    MC10, Sep 28, 2007
    #5
  6. MC10

    Jesper Guest

    Yeah. :)

    That was the part about going to the Applications tab first, finding the
    window, right-clicking on it and selecting "go to process." That will take
    you to the process that represents that window.
     
    Jesper, Sep 28, 2007
    #6
  7. MC10

    MC10 Guest

    Ok I hope I'm not sounding stupd here, but went tp the applications tab and
    the only thing that's on there is aol. As far as the process tab there are
    22 pocesses listed there. don't know what to do now.
    But please don't give up on me here, I can't stay on here cuz it's been so
    hard keeping my eyes open here....really tired and need to get in bed so if
    you can write back, I will check first thing in the morning when I wake up
    and hopefullly understand more of what you're saying when I'm wide awake.
    I'd like to get this solved. I will check back to your response in the
    morning. I really appreciate your help. Hopefully I can get this resolved
    in the morning. thank you for helping me, but dont give up please. :)
    I'll check back in morning.
     
    MC10, Sep 28, 2007
    #7
  8. MC10

    Jesper Guest

    OK. In that case, I'm going to give you a better way to troubleshoot this:
    1. Go to
    http://www.microsoft.com/technet/sysinternals/ProcessesAndThreads/ProcessExplorer.mspx and download Process Explorer.
    2. Extract Process Explorer by right-clicking on the zip file and selecting
    "Extract all"
    3. Open the folder you extracted it into and run procexp.exe. It will likely
    ask you whether you want to do this.
    4. Right-click anywhere in the column headings, for example, on the one that
    says "Process"
    5. Select "Select columns..."
    6. Check the boxes for "Window Title"
    7. In the Window Title column, locate the window that you are concerned about.
    8. Right-click it and select "Properties"
    9. Select everything in the "Command line:" text box
    10. Hit CTRL+C
    11. Respond to this message and hit CTRL+V to paste the command line in.

    It is a far easier thing to do but relies on another piece of software,
    which is why I tried solving it with the built in tools to start out.
     
    Jesper, Sep 28, 2007
    #8
  9. MC10

    MC10 Guest

    Just now getting a chance to do this. Ok I did everything upto locating the
    window that I'm concerned about. There is nothing in there that says
    'Windows Monitor'. BTW right before I came to this site it came up again,
    then disappeared. Is there something else I should be looking for in there?
     
    MC10, Oct 3, 2007
    #9
  10. MC10

    Jesper Guest

    Yes, please tell us the exact command line for the executable that spawned
    that window.
     
    Jesper, Oct 3, 2007
    #10
  11. MC10

    WaltInCa Guest

    I get this monitor window too. I joined this site just to add to this
    posting. I've searched with google and this is the only reference i
    could find for this issue. It's a small window that appears by itself
    when using IE7 on Vista. I followed your instructions above and here's
    what i came up with: Image name: iexplore.exe command line: c:\program
    files\internet explorer\iexplore.exe. I have a screen capture of the
    processes tab in task manager showing all processes running at the time
    but cant attach it here (getting an error). Sorry, I'm new to this site.
    but i can send it in e-mail if you want to see it. Thanks! Walt
     
    WaltInCa, Oct 3, 2007
    #11
  12. MC10

    MC10 Guest

    That's the thing, I don't know which one of those on the list is the problem
    because none are saying 'Windows Monitor' on it.
     
    MC10, Oct 3, 2007
    #12
  13. MC10

    Jesper Guest

    If this is IE related it is probably an add-in. Can you please do this:
    1. Open IE and make sure the window is there
    2. Click the Tools drop down in the top right corner
    3. Select "Manage add-ons...|Enable or disable Add-ons"
    4. Copy down all the add-ons that are currently loaded and enabled.

    It may not show there, and if it does not, honestly, I think you need to
    call in for support so someone can do active troubleshooting on this. It
    seems likely to be a security issue, so you can call (866) PC-Safety
    (assuming you are in the US or Canada).
     
    Jesper, Oct 3, 2007
    #13
  14. MC10

    WaltInCa Guest

    OK, I will have to wait for the window to appear. It appears
    infrequently for me. I spent the last several minutes flipping through
    internet links to see if the window would appear. It did not. I can
    screen capture what add-ons are loaded in my IE session...what's the
    best way to get that screen shot to you?
     
    WaltInCa, Oct 4, 2007
    #14
  15. MC10

    Jesper Guest

    I'm not really sure I need a screenshot. It would be far more useful to know
    what executable spawned the window.
     
    Jesper, Oct 4, 2007
    #15
  16. MC10

    Mark Guest

    First of all... this is all over google.
    Try looking for some of the file names listed below on your hard drive and
    proceed with what you find..

    Possible programs:
    (Notice the trend here... they are all trojans/worms.)

    Windows Monitor
    Trojan description with removal instructions:
    http://www.boredguru.com/modules/newbb/viewtopic.php?topic_id=678&forum=24


    WIN-SPY WINDOWS MONITOR 9.0 download
    Win-Spy is a complete, Local and Remote PC, Monitoring utility that secretly
    captures anything the user sees or types on the keyboard. Win-Spy operates
    in stealth mode, users are unaware of its existence. Win-Spy also includes,
    Remote Deployment, Webcam, Folder Hider ect.

    arsetup.exe SPAZBOX.A Trojan
    winmonitor.exe RBOT-XX Worm
    winmon.exe SDBOT Worm
    Windows Monitor should not be running at startup. It is likely a virus,
    spyware, trojan, or some other sort of malicious program. Use a virus
    scanner, and/or spyware removal tool to remove it.

    [email protected]
    Removal instructions.
    http://www.symantec.com/security_response/writeup.jsp?docid=2006-032116-1031-99&tabid=3
     
    Mark, Oct 4, 2007
    #16
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.