Solved! Use CTFMON.EXE (Worm Vobfus) Removal Guide

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews
. EULA. Privacy Policy. Uninstall.

CTFMON.EXE – Worm Vobfus removal

FileMD5Virus Alias
CTFMON.EXE b040f01ff30d670b6a8701a10cfb535b Worm Vobfus
CTFMON.EXE b040f01ff30d670b6a8701a10cfb535b Trojan Hllw
CTFMON.EXE b040f01ff30d670b6a8701a10cfb535b Trojan Agent

CTFMON.EXE size: 46592 bytes
CTFMON.EXE hash: B040F01FF30D670B6A8701A10CFB535B

Created files:

C:\Recycled\CTFMON.EXE
C:\Recycled\SMSS.EXE
C:\Recycled\SPOOLSV.EXE
C:\Recycled\SVCHOST.EXE

Autostart registry keys:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit: C:\recycled\SVCHOST.exe,
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell: Explorer.exe “C:\recycled\SVCHOST.exe”

Detected by UnHackMe:

CTFMON.EXE
Default location: C:\RECYCLED\CTFMON.EXE

Dropper information:
MD5: 6b1a7c59f3f0443eead7d0862c60b901
File size: 46592 bytes

Leave a Reply