ActMon Commander : What is ActMon Commander Software?

ActMon Commander (Also known as Spyware.ActMon) is a spyware, which you should remove from your computer immediately. It is a high risk program as it logs keystrokes, captures screenshots and does this all without the knowledge of the computer. Further, it can send the confidential information (such as credit card numbers and passwords) back to the spy who is spying on your computer. This makes it a high-risk threat and should be removed from the system as soon as possible to restore security.

Removal of the ActMon Commander requires the following steps:

1. Update your antivirus and antispyware software. Make sure you have good security software for this particular threat (recommended that you have McAfee, or Norton antivirus).
2. Turn off system restore in your Windows Operating System. Help for how to do this can be found in Start>Help and Support of your Windows.
3. Run a full system scan utilizing your antispyware and antivirus software and remove the threats detected. It is possible that you might have to run the scan in safe mode in order to detect and remove the threats
4. Edit the registry: You must edit the registry by first opening “regedit” using the Start>Run option. Then remove the following:

A] Navigate to and delete the following entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\”wskrnl” = “”%System%\wskrnl.exe” -at”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\”srvprc” = “”%System%\srvprc.exe” -at”
B] Navigate to and delete the following registry subkeys:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wskrnlc
HKEY_LOCAL_MACHINE\SOFTWARE\wskrnl
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wskrnlc
HKEY_LOCAL_MACHINE\SOFTWARE\srvprc
C] Restore the following registry entries to their original values, if required:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}\”UpperFilters” = “kbdclass[EXTENDED ASCII CHARACTER 191]wskrnlc”
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\ACPI\PNP0303\4&5289e18&0\Control\”ActiveService” = “wskrnlc”
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\ACPI\PNP0303\4&5289e18&0\Control\”ActiveService” = “wskrnlc”
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}\”UpperFilters” = “kbdclass[EXTENDED ASCII CHARACTER 191]wskrnlc”

Once this is done, your computer is secure but it is advisable in greater interest that you should change the password before proceeding further.