i recently found out i had the virus called RECYCLER, and that it had infected my usb and hard drive. So the first thing i did was end the process called ctfmon.exe, as i read it was part of the virus. I also ran a program called combofix with a script that was supposed to kill the virus completely from my usb and my harddrive. However i went to check my processes again and found a few peculiar processes - csrss.exe, smss.exe, lsass.exe, slserv.exe, catchme.tmp, x2 dllhost.exe, plugin-container.exe, msdtc.exe, jqs.exe, sched.exe, and finally the ctfmon.exe had returned. How do i resolve this issue?

Not sure if all of them are virus related, but its better to be safe.

Thanks in advance

Edited by SSSD: more processes added

7 Years
Discussion Span
Last Post by gerbil

slserv.exe is for your smartlink modem? You can see that catchme.tmp is in combofix. ctfmon.exe runs because you have MS Office? The remainder are [normally] standard processes to be seen on any machine. Any chance of seeing your combofix logs?
To remove combofix, go Start, in the run box, type combofix /u and press enter.

Edited by gerbil: n/a


Sorry, not sure if i still have them, i might have deleted them. Anyway i still have the hidden folder called RECYCLER in my harddrive C:\, isnt that supposed to be a virus? And i also read that ctfmon.exe was part of the virus aswelll. I tried to delete the RECYCLER folder, as it also spread to my usb, i think its gone frm my USB, but i cant seem to delete it from my harddrive. I even tried to use a program called unlocker to delete it but still no luck. I also read that the virus copies itself onto a file called autorun.inf if thats any help


RECYCLER is your recycle bin. Delete someting.... it will pop there. Empty the bin.. it will go from RECYCLER [or one of its subfolders].
To check if a file is valid open its properties... see if it is signed.

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.