n3monap23.exe and j0z.biz - spyware found?

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
I don't know if this is the appropriate group to report this...

Win2K, IE6.  I had a browser start itself and go to http://j0z.biz and
attempt to load a "screensaver.zip" or something.  It was very

I also noticed that my Wifi card was spewing a lot of outbound data
with no other network processes running.  I got alarmed and took a look
at my running processes.

I selectively killed off processes I didn't recognize until I killed
"n3monap23.exe" which I later found in C:\winnt\system32\

I had already run updated versions of AdAware and SpybotS&D, neither of
which found this application.  There are ZERO references to this file
on microsoft.com, google.com or vivisimo.com.

I'm sorry that I did a terrible thing in killing off my only sample in
the wild but the spyware was tenacious and couldn't get any work done.
If I should report this elsewhere, please advise.

Re: n3monap23.exe and j0z.biz - spyware found?

I believe what you are experiencing is in fact a virus and not spyware.
We are dealing with the same thing right now in our organization.

Symantec is working on a fix tool, but does not have one yet.  If you
run NAV, it will find the file n3monap23.exe but it will not quaratine
or delete it.


Site Timeline