Solved! Use CTFMON.EXE (Trojan Binder) Removal Guide

Trojan No Comments

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews. EULA. Privacy Policy. Uninstall.

CTFMON.EXE – Trojan Binder removal

FileMD5Virus Alias
CTFMON.EXE a0ec79a1587fe03d97e507cdddef47ed Trojan Binder
CTFMON.EXE a0ec79a1587fe03d97e507cdddef47ed Trojan SuspiciousFile
CTFMON.EXE a0ec79a1587fe03d97e507cdddef47ed Trojan Artemis
CTFMON.EXE a0ec79a1587fe03d97e507cdddef47ed Trojan Generic
CTFMON.EXE a0ec79a1587fe03d97e507cdddef47ed Trojan Click
CTFMON.EXE a0ec79a1587fe03d97e507cdddef47ed Trojan Eldorado

CTFMON.EXE size: 976396 bytes
CTFMON.EXE hash: A0EC79A1587FE03D97E507CDDDEF47ED

Created files:

%WinDir%\ctfmon.exe
%WinDir%\Drv12\svchost.exe
%WinDir%\RLT6987\services.exe
%AppData%\Opera\Opera\operaprefs.-ni
%Local AppData%\Google\Chrome\User Data\Default\Preferen-es
%Temp%\md.exe
%Temp%\tmpt.exe

Autostart registry keys:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\UI: %WinDir%\ctfmon.exe
HKLM\System\CurrentControlSet\Services\RLN06523\Type: 10000000
HKLM\System\CurrentControlSet\Services\RLN06523\Start: 02000000
HKLM\System\CurrentControlSet\Services\RLN06523\DisplayName: RLN06523
HKLM\System\CurrentControlSet\Services\RLN06523\ImagePath: %WinDir%\RLT6987\services.exe

Detected by UnHackMe:

CTFMON.EXE
Default location: %WinDir%\CTFMON.EXE

Dropper information:
MD5: a0ec79a1587fe03d97e507cdddef47ed
File size: 976396 bytes

Leave a Reply

Privacy Policy      Terms and Conditions

Thank you for theme by IdeaBox       Credits: Thank you to www.icons8.com for Icons and Images