VSMON.EXE is a process named Zone Labs True Vector Internet Monitor. It is an essential component of the third-party ZoneAlarm firewall software. It should always be present for the successful operation of the firewall. It is used to monitor Internet traffic and generate alerts depending on the security rules configured by the user. This program is important for the stable and secure running of your computer and should not be terminated. However this program is installed on your computer when ZoneAlarm firewall is installed and is not essential for the continued smooth operation and running of the computer. This process is self-starting meaning that every time you load your computer it will start up with Windows. The process might have been already installed on your PC when you bought it, since most of the times when you buy a PC/Laptop they give you an already functioning PC system with all drivers, security settings and additional features configured and set up for immediate use. This third party firewall software is developed by Zone Labs.

If you wish to disable it, you should uninstall ZoneAlarm, else if you need to disable it temporarily, you should exit ZoneAlarm properly. Terminating the process may leave you without a network connection until your next reboot. This is a common feature of many firewall software applications, since the firewall is filtering every packet of data incoming and outgoing from your PC over the Internet, so if you kill the task, the Internet Connection will temporarily go down until your disable the firewall software and uninstall it, or remove it from the startup folder, and rebooting your computer for changes to take effect.

Virus and spyware writers try to disguise their malware as the genuine process in order to fool the user into believing that what he is seeing in his Task Manager is the actual legitimate process running on his computer.

Some malicious files may have the same name but be stored somewhere other than in %SystemRoot%zonelabs. SystemRoot is usually the Windows folder. Also if you go to Start in the taskbar and click on Run and type in %SystemRoot% in the Open field, it will take you to the current Operating System’s actual system root file which stores the configuration files and dynamic link libraries. In Windows XP and Vista it can usually be found at C:Windows. Other malware may use a name that appears similar to it but with slight differences in spelling typos like for example swapping two letters in the process name or appending digits to it. The following malware is known to disguise itself as vsmon.exe:

  • W32/Rbot-FB: This is a backdoor Trojan that can spread over network shares. Its location on disk is most often found in %SystemRoot%System32.

There should be typically only one instance of this process running at any given time on a computer system. The presence of multiple instances of vsmon.exe may be an indicator of a malware infection.