We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
Urgent Help Please
Pasty
Posts: 33 Forumite
in Techie Stuff
This might be the wrong place to post this message, but hopefully someone on here can help.
My laptop has been infected with a virus that i have got from a site called Win24.
I had no idea it had been infected (virus protection did not stop it) until i turned my laptop on yesterday. I was able to put my password in and see my desktop, but as it loaded up it froze. I was unable to do anythiny with it other than switching the power off.
Anyway, i started the laptop in safemode and was able to run a virus scan which picked up an infected file from Win24 (i think). After playing around and following some instructions from windows help i am now able to use my laptop. However, the performance is slower and i'm sure it is still infected. Evertime i load it up and run a virus scan it picks up the same virus and deletes it, but then then next time i re-start the laptop and scan the virus is there again. Also, a "thing" keeps trying to add itself to the start up programme: c:\windows\system32\drivers\ctfmun.exe which of course i block.
Can someone in the know give me some advise please. I really don't want to spend my matched betting profit on a new laptop!
Edit - it may be Win32 and not Win24
My laptop has been infected with a virus that i have got from a site called Win24.
I had no idea it had been infected (virus protection did not stop it) until i turned my laptop on yesterday. I was able to put my password in and see my desktop, but as it loaded up it froze. I was unable to do anythiny with it other than switching the power off.
Anyway, i started the laptop in safemode and was able to run a virus scan which picked up an infected file from Win24 (i think). After playing around and following some instructions from windows help i am now able to use my laptop. However, the performance is slower and i'm sure it is still infected. Evertime i load it up and run a virus scan it picks up the same virus and deletes it, but then then next time i re-start the laptop and scan the virus is there again. Also, a "thing" keeps trying to add itself to the start up programme: c:\windows\system32\drivers\ctfmun.exe which of course i block.
Can someone in the know give me some advise please. I really don't want to spend my matched betting profit on a new laptop!
Edit - it may be Win32 and not Win24
0
Comments
-
format drive and re-install operating system - it is the only way in my opinion.
second best is to restore to factory setting if you have the option
third choice use system restore to a known good setting"The Holy Writ of Gloucester Rugby Club demands: first, that the forwards shall win the ball; second, that the forwards shall keep the ball; and third, the backs shall buy the beer." - Doug Ibbotson0 -
Surely, this question would be better placed in Techie Stuff ???
ctfmun.exe - if you type this into google, there are several sites to explain how to remove this.0 -
One of the best sights to ask these sort of questions is TekTips (do a Google). Tbh the advice a couple of posts above is OTT. I'm no IT expert, but a lot of viruses hide in system restore. In fact it's generally accepted that system restore should be turned off before doing a virus scan and removal. This does remove all your system restore settings when you switch it back on again and I know this seems a bit scary, but unless you do that viruses can just hide in there and come back to bite you.
Try turning off system restore and then run your virus scan and try to remove or quarantine it. Then turn system restore back on and re-boot. If that doesn't work ask your question at TekTips
By the way the real ctfmon.exe is a file used by windows office, but this might be a virus pretending to be that.
Bill0 -
nothing OTT about formatting and re-installing operating system. it can be done in a couple of hours, clears out all the rubbish and laptop will run like new again. should be done at least once a year IMO"The Holy Writ of Gloucester Rugby Club demands: first, that the forwards shall win the ball; second, that the forwards shall keep the ball; and third, the backs shall buy the beer." - Doug Ibbotson0
-
Thanks for your replies - looks like the thread has been moved to the right place now.
Some more info on the virus:
Original file name: droute.dll
Original folder: C:\WINDOWS\System32
Size of file: 23364
Description: Win32:Goldun-MA(Spy)0 -
It is a trojan. This FREEWARE will remove it for you. http://www.comodo.com/boclean/boclean.html0
-
dipsomaniac wrote: »format drive and re-install operating system - it is the only way in my opinion and I am an expert.
second best is to restore to factory setting if you have the option if you don't then don't do it.
third choice use system restore to a known good setting or not
Great advice! :T0 -
bioboybill wrote: »By the way the real ctfmon.exe is a file used by windows office, but this might be a virus pretending to be that.
Billc:\windows\system32\drivers\ctfmun.exe
craftily disguised (nearly) ...mun.exe rather than ...mon.exe
just to add, download and run ccleaner, run it, also run the 'issues' module and fix all errors, you should notice an instant, free, speed boost
.
Utinam logica falsa tuam philosophiam totam suffodiant.0 -
"craftily disguised (nearly) ...mun.exe rather than ...mon.exe"... and protected by a rootkit.0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 350.2K Banking & Borrowing
- 252.8K Reduce Debt & Boost Income
- 453.2K Spending & Discounts
- 243.2K Work, Benefits & Business
- 597.6K Mortgages, Homes & Bills
- 176.5K Life & Family
- 256.2K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards