I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:
Free DownloadFully Functional 30-day Trial. No credit card is required.
Reviews. EULA. Privacy Policy. Uninstall.
CTFMON.FET – Virus Sality removal
File | MD5 | Virus Alias |
---|---|---|
CTFMON.FET | 7a6d4d23ed5f5355c4694b63df4c134e | Virus Sality |
CTFMON.FET | 7a6d4d23ed5f5355c4694b63df4c134e | Trojan Generic |
CTFMON.FET | 7a6d4d23ed5f5355c4694b63df4c134e | Trojan Agent |
CTFMON.FET size: 46058 bytes
CTFMON.FET hash: 7A6D4D23ED5F5355C4694B63DF4C134E
Created files:
%SysDir%\ctfmon.exe
%SysDir%\CTFMON.FET
%SysDir%\SYSLIB32.DLL
%AppData%\msup1.exe
%AppData%\msup10.exe
%AppData%\msup11.exe
%AppData%\msup12.exe
%AppData%\msup13.exe
%AppData%\msup14.exe
%AppData%\msup15.exe
%AppData%\msup16.exe
%AppData%\msup17.exe
%AppData%\msup18.exe
%AppData%\msup19.exe
%AppData%\msup2.exe
%AppData%\msup20.exe
%AppData%\msup3.exe
%AppData%\msup4.exe
%AppData%\msup5.exe
%AppData%\msup6.exe
%AppData%\msup7.exe
%AppData%\msup8.exe
%AppData%\msup9.exe
Autostart registry keys:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\lyt: %AppData%\msup1.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\lytcgj: %AppData%\msup2.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\lytcgjvxj: %AppData%\msup3.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\lytcgjvxjbbh: %AppData%\msup4.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\lytcgjvxjbbhhfm: %AppData%\msup5.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\lytcgjvxjbbhhfmpkh: %AppData%\msup6.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\lytcgjvxjbbhhfmpkhgfz: %AppData%\msup7.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\lytcgjvxjbbhhfmpkhgfzklb: %AppData%\msup8.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\lytcgjvxjbbhhfmpkhgfzklbncl: %AppData%\msup9.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\lytcgjvxjbbhhfmpkhgfzklbncldok: %AppData%\msup10.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\lytcgjvxjbbhhfmpkhgfzklbncldokzvt: %AppData%\msup11.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\lytcgjvxjbbhhfmpkhgfzklbncldokzvtthn: %AppData%\msup12.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\lytcgjvxjbbhhfmpkhgfzklbncldokzvtthnmfs: %AppData%\msup13.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\lytcgjvxjbbhhfmpkhgfzklbncldokzvtthnmfsotu: %AppData%\msup14.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\lytcgjvxjbbhhfmpkhgfzklbncldokzvtthnmfsoturwd: %AppData%\msup15.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\lytcgjvxjbbhhfmpkhgfzklbncldokzvtthnmfsoturwdcmt: %AppData%\msup16.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\lytcgjvxjbbhhfmpkhgfzklbncldokzvtthnmfsoturwdcmtkgx: %AppData%\msup17.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\lytcgjvxjbbhhfmpkhgfzklbncldokzvtthnmfsoturwdcmtkgxozb: %AppData%\msup18.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\lytcgjvxjbbhhfmpkhgfzklbncldokzvtthnmfsoturwdcmtkgxozbiuw: %AppData%\msup19.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\lytcgjvxjbbhhfmpkhgfzklbncldokzvtthnmfsoturwdcmtkgxozbiuwezb: %AppData%\msup20.exe
Detected by UnHackMe:
CTFMON.FET
Default location: %SYSDIR%\CTFMON.FET
Dropper information:
MD5: 1b298d7c02652d7b6be18e2812df9a91
File size: 156259 bytes