Hello!
I have installed an application on this PC that will not run for the following reason:

"A monitor program has been found running in your system. Please unload it from memory and restart your program." The title of the error message is "Themida".

I can not find the application or file using Themida, nor how to delete or disable it. Accordingly I can't use this new software I have installed. The new software is licenced and not cracked etc so it's not an issue with the software.

http://img264.imageshack.us/img264/851/procexpcy1.jpg
This is how my procexp looks like (just in case it might help you to figure out the PROblem, it's half not-english ofcourse)

Could you please point me in the right direction as to how to fix it.


What I have already done and what did NOT work:
I checked the 'msconfig' thingie there's nothing about Themida there.
I have checked 'regedit' (just Find->Themida) and there is nothing there either.

I terminated different processes and tryed starting Glider in order to find out which of them has something to do with Themida.
Processes can be devided in two groups:
1. The ones which do nothing with Themida error.
2. The ones after disabling which Glider will show another terrible error...
So I didn't manage to find out which process has something to do with Themida...
There has already been made a thread about Themida but guy there described a bit another situation, so I decided to create a new one xD

Thanks

Welcome to PC Help Forum

Let's give the Security Team something to look at...complete the Pre-Work (link below) and post the resulting logs back here.

Here it is.
Thank you very much!
(I hope I had attached it properly xD)

Attached Files

	Report-Scan-20070224-151703.txt (20.7 KB, 1 views)
	Spy Sweeper Session Log.txt (8.1 KB, 1 views)
	hijackthis.log (12.8 KB, 2 views)

Hey Mental,

Good Job M8! I'll have a look at your logs and be back as soon as possible.

TTFN

LGW

Hey Mental,

This is going to take a while, you are very seriously infected. The themida issue is a completely different situation however, and can be easily dealt with. However, until this is cleaned up, I wouldn't bother worrying about it.

While I am researching the HijackThis issues, could you please download CCleaner from my signature. Reboot into Safe Mode, run CCleaner with all options selected, including Advanced, answer OK to all warnings. Click on Analyze, then Run Cleaner, repeat this proceedure until either no futher files appear or the same files appear and cannot be cleaned. If you have files that cannot be cleaned, please navigate to that file, right-click on it and choose Properties, Security, Advanced. Give yourself full ownership of the file, and manually delete.

Next rerun Spy Sweeper, under Options, Sweep tab, Custom Sweep, make sure all options are checked. Run a full system scan, and let it quarantine everything that it finds.
Save the log to post back here, then reboot into Normal Mode, and rerun HijackThis (HJT) to create a new log, and post both back here. Thanks,

TTFN

LGW

Hey Mental,

I have another question, and this one is extremely important. Is it your intention to have multiple files on your PC that are Russion language based? If not, it could be a symptom of a malware issue, if so, then those entries are OK.

Looking forward to your reply,

TTFN

LGW

Errr... Formulated a bit difficult for me...
Do you mean whether I am russian myself and (for obviouis reason) using Russian language based programs and my XP is translated to Russian?
Well YES. I am Russian and half of my programs are russian and in some menus you can see russian language.
Thank you very much! You help is pretty much appreciated!
I'm going to do that very long SpySweep scan now.

So here it is. xD Thank you!

Attached Files

	hijackthis second.log (13.0 KB, 1 views)
	Spy Sweeper Session Log second.txt (21.3 KB, 1 views)