|
23.08.2007., 11:42 | #1 |
Premium
Datum registracije: Mar 2006
Lokacija: Slavonski Brod
Postovi: 236
|
ctfmon trojan
imam problema sa ctfmon.exe datotekom, nod32 mi je cijelo vrijeme prijavljuje kao trojanca, a kad sam ga obrisao (ručno) onda mi se pri ulasku u disk d ili e pojavljuje poruka da je mjesto nedostupno, da ne može pristupiti disku, nego se mora ići desni klik pa na open. u autorun datoteci na diskovima ima sljedeći tekst, neznam jel to treba tako biti il ne, pa bi vas molio za pomoć jer me izluđuje. [autorun] shellexecute=Recycled\ctfmon.exe shell\Open(&0)\command=Recycled\ctfmon.exe shell=Open(&0)
__________________
Problem ignorirati dok se ne riješi sam od sebe. |
13.09.2007., 18:19 | #2 |
Premium
Datum registracije: Sep 2004
Postovi: 114
|
Ja imam isti problem i neznam ga kako rješiti, dajte pomagajte |
|
|
Oglas
|
|
13.09.2007., 19:35 | #3 | |||
EMP moderator
Datum registracije: Apr 2005
Lokacija: Osijek
Postovi: 18,504
|
Arrival and Installation This worm usually arrives on a system as a dropped file of other malware, or as a downloaded file from the Internet by an unsuspecting user when visiting malicious Web sites. Upon execution, it opens the root folder, which is usually C:\, and creates a folder named RECYCLED inside it. It then drops a copy of itself as CTFMON.EXE in the following folders: * C:\Recycled\Recycled * %User Startup% Note that a legitimate file also named CTFMON.EXE exists in the Windows system folder. It also creates its own AUTORUN.INF file in the root folder. The said file contains the following strings: Citiraj:
It also drops the following non-malicious files in the created RECYCLED folder: * desktop.ini * INFO2 DESKTOP.INI contains the following strings: Citiraj:
When DESKTOP.INI is deleted, the fake folder's icon changes back to the standard folder icon. The file INFO2 is a harmless data file. Propagation via Removable and Mapped Drives This worm drops copies of itself in removable drives and mapped drives as CTFMON.EXE. It also drops the same AUTORUN.INF file described above to automatically execute the mentioned dropped copies when the drives are accessed. Other Details On Windows XP systems, this worm creates the following registry keys and entries, which ensure the execution of the Context Menu Open(o): Citiraj:
This worm runs on Windows 98, ME, NT, 2000, XP, and Server 2003.
__________________ "Kako su krojači novog svjetskog poretka uspjeli u tako kratko vrijeme slomiti intelektualne sposobnosti društva, uništiti kritičku svijest i ljudima nametnuti izvrnutu logiku?"
|
|||
15.09.2007., 22:04 | #5 |
bycod
Datum registracije: May 2004
Lokacija: Zagreb / Dubrava
Postovi: 6,697
|
D ange uzmi nekoga tko zna engleski i dofuraj ga i reci da radi po uputama...
__________________
|
16.09.2007., 16:36 | #6 |
Premium
Datum registracije: Sep 2004
Postovi: 114
|
|
|
|
Oglas
|
|
|
|