We’d like to remind Forumites to please avoid political debate on the Forum.

This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.

📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
The Forum now has a brand new text editor, adding a bunch of handy features to use when creating posts. Read more in our how-to guide

Help removing virus/malware

2»

Comments

  • waddler_8
    waddler_8 Posts: 3,588 Forumite
    I take it you're not in front of the infected computer then now? PM me next time you are before running through these below.

    I'm pretty sure this is loading the culprit:
    StartupFolder: c:\docume~1\dgoodh~1\startm~1\programs\startup\ctfmon.lnk - c:\windows\system32\rundll32.exe
    Boot into safe mode, navigate to the startup folder (c:\documents and settings\dgoodhand\start menu\programs\startup) and delete ctfmon.lnk

    Then boot into normal mode and run combofix.

    Go here and read through the instructions for downloading and running ComboFix:

    Bleeping Computer ComboFix Tutorial
    • Ensure you temporarily turn off your antivirus (Avast) before running. Instructions here
    • Double click combofix.exe & follow the prompts closely.
    • When it's finished, it'll produce a log. Post the contents of that log.
    • It'll be found on your C:\ drive named combofix.txt
  • DaveG247
    DaveG247 Posts: 401 Forumite
    Part of the Furniture 100 Posts Combo Breaker
    Yeah I'm at home now so will do, thank you very much for your help I'll see if I can get it started in safe mode. Cheers Dave
  • waddler_8
    waddler_8 Posts: 3,588 Forumite
    Oh yeah - I forgot.

    Just boot into normal mode as you have been doing without connecting to internet and see if you can delete it - Then reboot & run combofix.
  • Dexters_Indignation
    Dexters_Indignation Posts: 474 Forumite
    The easy way....

    Get Revo.
    http://www.revouninstaller.com/

    It kicks a55
    :A:jLibertas Supra Omnia:j:A
  • waddler_8
    waddler_8 Posts: 3,588 Forumite
    Not sure how you think that will help...?

    Malware such as this doesn't install in the normal way - There's no uninstaller to run. It's files executed from load points from within the registry.
  • greenclaire
    greenclaire Posts: 5 Forumite
    Part of the Furniture Combo Breaker
    I had the exact same screen when I tried to access a webpage for a local festival.
    I switched it off and on, removing the internet connection (on laptop so just turned off the wireless button).
    Then did a system restore. That worked for me. You can access sytem restore through start - control panel - then search for 'system restore' in the search box cos it's different for each version of windows.
    Good luck.
    Claire
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 353.5K Banking & Borrowing
  • 254.1K Reduce Debt & Boost Income
  • 455K Spending & Discounts
  • 246.6K Work, Benefits & Business
  • 602.9K Mortgages, Homes & Bills
  • 178.1K Life & Family
  • 260.6K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16K Discuss & Feedback
  • 37.7K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.
Update Your Picture