Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
- n3monap23.exe and j0z.biz - spyware found?
January 31, 2005, 7:37 pm
rate this thread
Win2K, IE6. I had a browser start itself and go to http://j0z.biz and
attempt to load a "screensaver.zip" or something. It was very
I also noticed that my Wifi card was spewing a lot of outbound data
with no other network processes running. I got alarmed and took a look
at my running processes.
I selectively killed off processes I didn't recognize until I killed
"n3monap23.exe" which I later found in C:\winnt\system32\
I had already run updated versions of AdAware and SpybotS&D, neither of
which found this application. There are ZERO references to this file
on microsoft.com, google.com or vivisimo.com.
I'm sorry that I did a terrible thing in killing off my only sample in
the wild but the spyware was tenacious and couldn't get any work done.
If I should report this elsewhere, please advise.
February 1, 2005, 10:22 am
Re: n3monap23.exe and j0z.biz - spyware found?
We are dealing with the same thing right now in our organization.
Symantec is working on a fix tool, but does not have one yet. If you
run NAV, it will find the file n3monap23.exe but it will not quaratine
or delete it.
- » SSRT5902 rev.0 Apache 1.3 on VirtualVault potential remote Denial of Service (DoS) and exe...
- — Previous thread in » General Computer Security