Results 1 to 15 of 16

Thread: cmd.exe windows on startup

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. October 13th, 2004, 22:07 PM #1
    rik
    rik is offline
    Old and Cranky Super Moderator rik's Avatar
    Join Date
    Aug 2003
    Location
    Watching Your every move...
    Posts
    4,303
    You are correct. It is still there. Now you'll need to run/rerun spyware scans...Update any of the scanners you have and run them. Then also try downloading Spybot Search and Destroy. You can get it here. Make sure that you update the scanners before you run them, even the new ones, and see what they find. Also it doesn't hurt going thru your Add/Remove Programs and uninstalling any apps that are easily identifiable as adware/malware/spyware.

    Spyware Removal Tips | Read the Forum Rules
    Reply With Quote Reply With Quote
  2. October 27th, 2004, 08:53 AM #2
    philodendron
    philodendron is offline
    Junior Member
    Join Date
    Oct 2004
    Posts
    1

    Ctfmon.exe

    I have the same problem. Also, neither spybot, adaware nor spyhunter finds anything, MacAfee doesn’t as well. I found out, that the starting point of CTFMON.EXE is in HKEY_Users\S-1-5-21...<myID>...\Software\Microsoft\Windows\CurrentVersion\run.
    If I delete this entry, starting InternetExplorer will set the entry there again. In my case after a reboot it will add at the same place in the registry the entry "wkdetect.exe" (probably because on my computer runs Works).

    About 4 weeks ago I restored my whole system from scratch, because I had a similar problem, also connected with "wkdetect" and "ctfmon". After some reboots I could not open the taskmanager and msconfig. Probably the author of the Trojan wanted to prevent a detection of the two processes. I had to go into secured mode to start windows and then to delete both files.

    This strange behaviour caused me to build up the whole system, but now I have a similar problem as described above. Probably a slightly changed new version of the same Trojan.

    I have read in several forums that there are users, who have problems with shut down of windows. I have problems to go in standby. Probably this is also a result of the virus to force reboots, which fits into the philosophy of "distributed trojaning".

    Out of this I have drawn the following hypothesis:
    1. We are confronted with a new type of stealth Trojan
    2. The Trojan uses names of well known MS programs to hide himself
    3. The Trojan uses probably parts of existing programs for his own purposes, therefore these programs must be running in the background

    At the moment I do not know, where is the Trojan really situated, where can I catch it. So I ask you, please, give me feedback, if you have some news.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules