954,260 Members — Technology Publication meets Social Media
Username:
Password:
Lost login information?
Have something to say? Contribute New Article Reply to this Article
1 Year Ago
0

Catchme.tmp, ctfmom.exe, and RECYCLER!!

i recently found out i had the virus called RECYCLER, and that it had infected my usb and hard drive. So the first thing i did was end the process called ctfmon.exe, as i read it was part of the virus. I also ran a program called combofix with a script that was supposed to kill the virus completely from my usb and my harddrive. However i went to check my processes again and found a few peculiar processes - csrss.exe, smss.exe, lsass.exe, slserv.exe, catchme.tmp, x2 dllhost.exe, plugin-container.exe, msdtc.exe, jqs.exe, sched.exe, and finally the ctfmon.exe had returned. How do i resolve this issue?

Not sure if all of them are virus related, but its better to be safe.

Thanks in advance

SSSD
Light Poster
37 posts since Jan 2010
Reputation Points: 10
Solved Threads: 0
 
1 Year Ago
0

slserv.exe is for your smartlink modem? You can see that catchme.tmp is in combofix. ctfmon.exe runs because you have MS Office? The remainder are [normally] standard processes to be seen on any machine. Any chance of seeing your combofix logs?
To remove combofix, go Start, in the run box, type combofix /u and press enter.

gerbil
Industrious Poster
4,206 posts since May 2005
Reputation Points: 239
Solved Threads: 300
 
1 Year Ago
0

Sorry, not sure if i still have them, i might have deleted them. Anyway i still have the hidden folder called RECYCLER in my harddrive C:\, isnt that supposed to be a virus? And i also read that ctfmon.exe was part of the virus aswelll. I tried to delete the RECYCLER folder, as it also spread to my usb, i think its gone frm my USB, but i cant seem to delete it from my harddrive. I even tried to use a program called unlocker to delete it but still no luck. I also read that the virus copies itself onto a file called autorun.inf if thats any help

SSSD
Light Poster
37 posts since Jan 2010
Reputation Points: 10
Solved Threads: 0
 
1 Year Ago
0

If you are worried that you have a virus go here http://www.daniweb.com/forums/thread134865.html follow instructions then post requested logs in that fourm. Some one will be along and look at the logs please be patient as we are short on volunteers due to vacations and out door activities. Later---

Biker920
Posting Whiz
308 posts since Feb 2010
Reputation Points: 10
Solved Threads: 16
 
1 Year Ago
0

RECYCLER is your recycle bin. Delete someting.... it will pop there. Empty the bin.. it will go from RECYCLER [or one of its subfolders].
To check if a file is valid open its properties... see if it is signed.

gerbil
Industrious Poster
4,206 posts since May 2005
Reputation Points: 239
Solved Threads: 300
 

This question has already been solved

Post: Markdown Syntax: Formatting Help
You
View similar articles that have also been tagged:
 
© 2012 DaniWeb® LLC
Home | About Us | Contact Us | Terms of Service | Advertising Opportunities
RSS Feed RSS Feed