Question:
pipmon.exe trojan in system32 folder HELP?
anonymous
2007-09-06 05:31:42 UTC
So I was searching for a Keyge....something on the internet, and I retardedly opened a file that requested an install which I did. It put a pipmon.exe corrupted file into my system32 Folder and it keeps popping itself in my systray with "Your computer is at risk and infected with a virus, would you like to update and install Live Virus Protection or something along those lines.

I didn't install anything after that, it keeps popping up every few minutes and I can runs programs, I just can't go into IE or pop-ups will spamm me forever. I've tried removing the file itself but its an access denied, write protecetd POS. I've done Ad-Aware, Spyware S&D, and a FULL PC Norton Anti-V Scan and I cannot remove this file. Ive specifically ran Norton scan on that file and no detections popped up. I then tried a System Restore for 2days, 5days, 2weeks and 1 month. None of those dates could be restored = F'd.

Question is, is there any last solution or something I can do to restore my PC/
Six answers:
anonymous
2007-09-06 05:57:27 UTC
PIPMON.EXE

http://www.prevx.com/filenames/X954997061151599365-0/PIPMON.EXE.html



Threat name

Win32.X

Filename

[System32Root]\pipmon.exe

Filesize

Unknown

Status

Known as dangerous.

pipmon.exe is a trojan trying to confuse you into thinking its the MS tcpipmon.exe which is a real program.



ProcessLibrary.

http://www.processlibrary.com/



To reformat is always the last option.



Try a online antivirus scanner and a online anti-adware/malware/spyware scanner in safe mode with network to clean up your computer BEFORE you download anything. This because the program you download can get infected.



Disable "System Restore" for Windows Me and XP, then restart your PC to clean your system restore points for viruses, spyware, adware etc.

http://www.microsoft.com/technet/community/en-us/management/sysrestore_faq.mspx



Now restart in safe mode.

To get in safe mode Press "F8" upon boot up.

Select "Safe mode with Network".

Go to Start – Run - type iexplore http://www.bitdefender.com/scan8/ie.html Enter(ok).

Do a full scan of all your drivers. If something is found, delete it, reboot and do the same again in safe mode with network.

When that scan does not find anything you reboot again in safe mode with network.

Go to Start – Run – type iexplore http://www.ewido.net/en/ Enter(ok).

Do a full scan of all your drivers. If something is found, delete it, reboot and do the same again in safe mode with network.



**NOTE**: Do NOT do anything else with your computer when scanning. This because you can start virus/adware/spyware/malware manually.



When no one of these scanners are showing anything you can reboot back to normal mode.

Turn on "System Restore".

---------------

Antivirus: BitDefender Online scanner - will scan and remove threats.

Anti adware/spyware: Ewido Online Scanner - will scan and remove threats.

---------------

You need to get one antivirus program, one firewall, pop up blocker and some spyware/adware/malware removers if you don't have it.



**NOTE**: Only have one antivirus program and one firewall installed on your computer.

Anti-adware/malware/spyware are ok to have more of.



Good Luck.
Marianne
2016-08-29 17:51:18 UTC
2
ParadiseLost
2007-09-06 10:22:07 UTC
I'm dealing with this same problem too. In my case there were 2 pipmon.exe's running in my processes. one was in the Windows/system32 folder and the other in the windows/prefatch folder. It's also in the windows Registry so open that up (Run... 'regedit') and search for pipmon and delete all the keys that it finds. You'll have to also uncheck it from the startup list "Run..'Msconfig.. startup tab). But before you do all of that try this.. like you said the process reloads itself when you try to kill it. I just found out of this command called taskkill.. Open up a dos prompt and type taskkill /F Pipmon.exe this will forcefully kill all processes named pipmon.exe then you can go ahead and start the delete process. This actually worked for me but when I rebooted i must not have cleaned it up good enough as it some how reinstalled itself.. once i get home im gonna do a more thorough check. Hope this helps
debipdeb
2007-09-06 12:34:16 UTC
Hi,

I don't know what operating system you use. I am only familiar with win98 and I use win98se.



I picked up this little bugger just this morning. My first infection ever.



It's self replicating and trying to stop it from loading at startup in sysconfig isn't going to work and you can't simply delete it, because it's running and you can't stop it from running --right



So....start your system in SAFEMODE by pressing the F8 key while booting; go into 'find a file' , find the rascal and you can delete it. I would just type in pipmon, cause it has a couple pals with it, which I previously deleted in regular mode.



Reboot and you should be all set. I went into systemconfig

when I was done and it no longer showed there and clearly wasn't running.



Good Luck
anonymous
2007-09-06 05:51:24 UTC
Follow the instructions here:http://forums.pcpitstop.com/lofiversion/index.php/t145427.html
Sly_Old_Mole
2007-09-06 06:06:00 UTC
This program will remove it:



http://www.nuker.com/info/evn/?hop=djdowd



Free superantispyware is said to remove it as well:



http://www.superantispyware.com/



Update:



Check this out:



https://answersrip.com/question/index?qid=20070805101704AA2BTTc&show=7#profile-info-G81RmdaEaa


This content was originally posted on Y! Answers, a Q&A website that shut down in 2021.
Loading...