0

i recently found out i had the virus called RECYCLER, and that it had infected my usb and hard drive. So the first thing i did was end the process called ctfmon.exe, as i read it was part of the virus. I also ran a program called combofix with a script that was supposed to kill the virus completely from my usb and my harddrive. However i went to check my processes again and found a few peculiar processes - csrss.exe, smss.exe, lsass.exe, slserv.exe, catchme.tmp, x2 dllhost.exe, plugin-container.exe, msdtc.exe, jqs.exe, sched.exe, and finally the ctfmon.exe had returned. How do i resolve this issue?

Not sure if all of them are virus related, but its better to be safe.

Thanks in advance

Edited by SSSD: more processes added

3
Contributors
4
Replies
5
Views
7 Years
Discussion Span
Last Post by gerbil
0

slserv.exe is for your smartlink modem? You can see that catchme.tmp is in combofix. ctfmon.exe runs because you have MS Office? The remainder are [normally] standard processes to be seen on any machine. Any chance of seeing your combofix logs?
To remove combofix, go Start, in the run box, type combofix /u and press enter.

Edited by gerbil: n/a

0

Sorry, not sure if i still have them, i might have deleted them. Anyway i still have the hidden folder called RECYCLER in my harddrive C:\, isnt that supposed to be a virus? And i also read that ctfmon.exe was part of the virus aswelll. I tried to delete the RECYCLER folder, as it also spread to my usb, i think its gone frm my USB, but i cant seem to delete it from my harddrive. I even tried to use a program called unlocker to delete it but still no luck. I also read that the virus copies itself onto a file called autorun.inf if thats any help

0

RECYCLER is your recycle bin. Delete someting.... it will pop there. Empty the bin.. it will go from RECYCLER [or one of its subfolders].
To check if a file is valid open its properties... see if it is signed.

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.