| View previous topic :: View next topic |
| Author |
Message |
Hero
I'm a spammer
 Reputation: 79
Joined: 16 Sep 2006
Posts: 7154
|
 Posted: Fri Dec 04, 2009 10:47 pm Post subject: CTFmon.exe virus. |
 |
|
My aunts friend got her yahoo haked and today sent a link to her and my aunt clicked it. The pc has not been rebooted, but i cannot find a solution to remove it. It is forcing hidden system files, and a fake ctfmon.exe in the msconfig.
If you would like to post some stupid comment just because in the past my netbook had compatibility issues with w7, then just dont. Its serious and the thing turned off system restore. Is there anything to do or is everyone gonna give me the idiot answer to reformat it?
|
|
| Back to top |
|
 |
Haswell
Grandmaster Cheater
![]() Reputation: 10
Joined: 24 Nov 2007
Posts: 703
|
| Posted: Fri Dec 04, 2009 11:12 pm Post subject: |
|
|
| Force-terminate + manual removal. Or just run a virus scan.
|
|
| Back to top |
|
|
Hero
I'm a spammer
Reputation: 79
Joined: 16 Sep 2006
Posts: 7154
|
| Posted: Fri Dec 04, 2009 11:24 pm Post subject: |
|
|
| I cannot find this shit on the hard drive, and it will crash any av. I got it in safe mode though and it is scanning. I'd love to reformat this thing, I really would, but for the sake of my aunts schooling, I'm trying to save it. Shes got tons of shit id rather not have to move off.
|
|
| Back to top |
|
|
Fap2Admin
Master Cheater
 Reputation: -1
Joined: 10 Feb 2008
Posts: 483
Location: Somewhere down the Road
|
| Posted: Sat Dec 05, 2009 4:07 am Post subject: |
|
|
Try to download Autoruns (http://sysinternals.com). You can find there where the virus auto-runs, where it's located and what files are associated with it.
Sounds like a daemon.exe inside System.
_________________
Best AR-TITS on CEF |
|
| Back to top |
|
|
K, Alcohol
Expert Cheater
![]() Reputation: 0
Joined: 25 Mar 2009
Posts: 184
|
| Posted: Sat Dec 05, 2009 9:44 am Post subject: |
|
|
| Download gmer (google it), the virus won't crash it since it uses random characters in its name. Then use Autoruns and hijackthis, as suggested. Try Mbam also (if you can run it). Google all of those.
|
|
| Back to top |
|
|
Hero
I'm a spammer
Reputation: 79
Joined: 16 Sep 2006
Posts: 7154
|
| Posted: Sat Dec 05, 2009 11:09 am Post subject: |
|
|
Its gone. Must give the creator props, he tried hard to make it unable to be removed. He blocked sites using the host file, used a disable on registries for system restore. He used something to make the folder options reset a certain way, and the screen saver unable to be changed. I backed the shit up to a partition and decided to reboot for lols, and eset blocked all its processes, but it couldnt find it. Used malwarebytes while in safemode and it was able to clean all but the host and the registry disabling system restore.
All is fixed now.
|
|
| Back to top |
|
|
K, Alcohol
Expert Cheater
![]() Reputation: 0
Joined: 25 Mar 2009
Posts: 184
|
| Posted: Sun Dec 06, 2009 3:47 am Post subject: |
|
|
The hosts files can be cleaned manually, and the regedit to enable system restore is easy to find in google. Good that you cleaned it 
|
|
| Back to top |
|
|
Hero
I'm a spammer
Reputation: 79
Joined: 16 Sep 2006
Posts: 7154
|
| Posted: Sun Dec 06, 2009 12:48 pm Post subject: |
|
|
| K, Randomness wrote: | | The hosts files can be cleaned manually, and the regedit to enable system restore is easy to find in google. Good that you cleaned it :) |
Host file, I've known how to clean that since mαplefag days when nex0n fucked something up. As for the reg, I just went to the place the scanner showed and deleted it.
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
