a.exe, b.exe monopod virus

I am having troubles on my computer, It can’t boot normally and when I checked in safe mode I have this strings:
HKCU\..\Run: [Monopod] …a.exe
HKCU\..\Run: [Monopod] …b.exe

According to my research these are bad files that are related to virus and malware. How can I remove it?

2 Responses

  1. Carl says:

    I had the same problem, you’ll just have to backup what you can and format…

  2. Frank Conijn says:

    HOW TO REMOVE MONOPOD (A.EXE/B.EXE/C.EXE), AND HOW TO REPAIR WINDOWS DEFENDER, FIREWALL, SECURITY CENTRE AND BACK-UP (UNDER WINDOWS VISTA SP1, BUT PROBABLY ALSO WORKS UNDER OTHER WINDOWS VERSIONS)

    Monopod is a new malware (a Trojan), of which the following malicious actions have (already) been reported:

    • Semi-permanent deactivation of Windows Defender, Firewall, Security Centre and Windows Back-up
    • Redirection of browsers to unwanted sites
    • Facilitation of installation of other malware

    HOW TO REMOVE MONOPOD AND OTHER MALWARES:

    1. Windows key + R(un) > type in: msconfig > OK.
    2. In the appearing window, under the tab “Start-up”, de-tick all files with an undeclared/unknown manufacturer, and files that are otherwise clearly malware. Click OK.
    3. Reboot the computer.
    4. Update your virus scanner. If you don’t have one, install one. I would suggest AVG Anti-Virus Free (http://free.avg.com/). Reboot if necessary, and let the anti-virus program scan the computer completely (also scan external drives if they have been attached in the meantime). If it doesn’t find any malware files, keep it running because sometimes it recognizes files only when they become active.
    5. If MalwareBytes Antimalware does not find/remove all malwares, download and install the latest version of the Microsoft Malware Removal tool, available on http://www.microsoft.com/security/malwareremove/default.aspx. Disconnect from the internet. Let it do a complete scan as well, even though this can take several hours. It will automatically delete detected malware files.
    6. Any remaining computer booting problems under Vista can usually be fixed with Vista Recovery Disc (start here: http://neosmart.net/blog/2008/windows-vista-recovery-disc-download/).

    HOW TO REPAIR (REACTIVATE) WINDOWS SECURITY CENTRE, WINDOWS DEFENDER AND WINDOWS FIREWALL:

    1. Windows key + R(un) > type in: services.msc > OK.
    2. In the appearing window, scroll down to Security Centre. Unless the status reads “Started”, double-click it. In the new window, under the tab “General”, set the start-up type to Automatic. Also click the Start button, then OK.
    3. Scroll down to Windows Defender and do the same for it, as well for Windows Firewall.
    4. Reboot (only) if necessary.

    HOW TO REPAIR (REACTIVATE) WINDOWS BACK-UP:

    1. Right-click (This) Computer > Properties (> Change settings).
    2. In the appearing window, under the tab “System properties” (or a similar name), re-tick your normal drives [at least your main drive, generally “Local Drive (C:) (system)”]. De-tick the bogus main drive (also called C:, generally) that Monopod had wanted Windows to believe was present. You will see the difference between the two, and if not: the bogus drive is the last in the list. Click OK.
    3. Monopod also deletes already made back-ups. Only experts with special programs can get these back. Make a new back-up (on an external drive, of course) when you are satisfied that your computer is functioning normal again.

    Hope this helps. Please leave feedback if you have applied this instruction, including Windows version.