PUP.Optional.EmployeeMonitor is Malwarebytes’ generic detection name for commercial system monitor applications branded as tools to be used as monitoring agents for employee activity. PUP.Optional.EmployeeMonitor may covertly monitor user behavior and harvest personally identifiable information including: usernames & passwords, keystrokes from emails, chat programs, websites visited, and financial activity.
PUP.Optional.EmployeeMonitor may be capable of the covert collection of screenshots, video recordings, or the ability to activate any connected camera or microphone. Collected information may be stored locally and later retrieved, or may be transmitted to an online service or location.
PUP.Optional.EmployeeMonitor may run as a start-up entry and may be visible as running processes on compromised machines. PUP.Optional.EmployeeMonitor may also be configured in a manner which prevents visible processes, and start-up entries.
PUP.Optional.EmployeeMonitor could be distributed using various methods and may be packaged free software or other online software, or may be installed by an individual with physical or remote access to the computer. PUP.Optional.EmployeeMonitor may be installed with or without user consent.
Malwarebytes can detect and remove many PUP.Optional.EmployeeMonitor infections without further user interaction.
Should users wish to keep this program and exclude it from being detected in future scans, they can add the program to the exclusions list. Here’s how to do it.
If you want to allow the program to connect to the Internet, for example to fetch updates, also add an exclusion of the type Allow an application to connect to the internet and use the Browse button to select the file you wish to grant access.
You may see these entries in FRST logs:
() C:\Program Files (x86)\Net Monitor for Employees Pro\bin\nmep_ctrlagentsvc.exe
() C:\Program Files (x86)\Net Monitor for Employees Pro\bin\nmep_ctrlagent.exe
(IMonitor Software Ltd) C:\Program Files\EAM Professional\IMonitorMng.exe
(iMonitor Software) C:\Program Files\EAM Professional\eamserver.exe
(iMonitor Software) C:\Program Files\EAM Professional\IMonLogCmd.exe
() C:\Program Files\EAM Professional\eamlogrec.exe
() C:\Program Files\EAM Professional\eamrdpsrv.exe
() C:\Program Files (x86)\Net Monitor for Employees Pro\bin\nmep_console.exe