NEWS
PARASITES
SOFTWARE
FORUM
DIRECTORY

 
 
 
 
 
 
  

Remove ActMon. Description and removal instructions

 
Title: ActMon
Type: Keyloggers
Severity scale:ActMon severity is 75  (75 / 100)
 
ActMon is a computer monitoring program that tracks user activity, logs all keystrokes, takes screenshots, captures online chat conversations and e-mail messages, records login names, passwords and addresses of visited web sites. Gathered data can be sent to a configurable e-mail address or transferred to a predefined remote host. ActMon is able to hide its running processes. The threat must be manually installed. It automatically runs on every Windows startup.

FORUM:
Discuss ActMon in
spyware removal forum

ActMon properties:
• Connects itself to the internet
• Hides from the user
• Stays resident in background

Automatic ActMon removal:

remover for ActMon

ActMon manual removal:

Kill processes:
acmcc.exe, srvprc.exe, wskrnl.exe, wskrnlb.exe
HELP:
how to kill malicious processes

Delete registry values:
HKEY_LOCAL_MACHINE\SOFTWARE\srvprc
HKEY_LOCAL_MACHINE\SOFTWARE\wskrnl
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\srvprc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wskrnl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wskrnlc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wskrnlc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\ACPI\PNP0303\4&5289e18&0\Control\ActiveService=wskrnlc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\ACPI\PNP0303\4&5289e18&0\Control\ActiveService=wskrnlc
HELP:
how to remove registry entries

Delete files:
acmcc.exe, srvprc.exe, wskrnl.exe, wskrnlb.exe, rbwinx1.dll, wskrnlc.dll, wskrnld.dll, wskrnle.dll, wskrnlc.sys
HELP:
how to remove harmful files

Delete directories:
C:\Documents and Settings\[Current User]\Application Data\syswin
Misc:
Exact file location:
wskrnlc.sys - C:\Windows\System\Drivers, C:\Windows\System32\Drivers or C:\Winnt\System32\Drivers
other files - C:\Windows\System, C:\Windows\System32 or C:\Winnt\System32

Other programs to remove ActMon:

• Malwarebytes Anti Malware - Review - Download
• Malwarebytes Anti Malware - Review - Download
• Windows Defender - Review - Download

Information added: 02/10/05
Information updated: 02/10/05

Additional resources related to ActMon:

Attention: If you know or you have a website or page about ActMon removal, feel free to add a link to this list: add url



more resources

Post Comment:

Attention: Use this form only if you have additional information about ActMon parasite, its removal instructions, additional resources or behavior. By clicking "post comment" button you agree not to post any copyrighted, unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, profane, hateful, racially, ethnically or otherwise objectionable material of any kind.



Enter security code:

Latest spyware news:
Similar parasites:
Latest Spyware Threats: VirusProtect Pro | VirusLocker | SpyCrush | ContraVirus | SpyLocked | SpyDawn | AntiVerminser | SpywareQuake | VirusBurst | AntiVermins | AntiVermeans | Zlob | PopCorn.net | MovieLand | TagASaurus | BraveSentry | VirusBurster | SystemDoctor | VirusRescue | MalwareWipe | SpySheriff | CmdService | Smitfraud | SpywareStrike | WinFixer | WinHound | PestTrap | UnSpyPC
Agreement of Use | Privacy policy | Webmasters | Contact us | RSS Feeds
© 2001-2008 2-spyware.com All Rights Reserved. Reproduction in part or whole without written permission is prohibited. Powered by: eSolutions.