SOCORRO !!! VIRUSS
Pergunta
Respostas
-
A/C
ITusrTerminating the Malware Program
Since this malware uses a file name that is also the file name of a legitimate process, it is necessary to use third party process viewers such as Process Explorer, to isolate the malware process itself.
If the process you are looking for is not in the list displayed by Process Explorer, proceed to the succeeding solution set.
- Download Process Explorer.
- Extract the contents of the compressed (ZIP) file to a location of your choice.
- Execute Process Explorer by double-clicking procexp.exe.
- In the Process Explorer window, locate the process:
CTFMON.EXE - Right-click the malware process, and choose Properties.
- Check if the value for the Current Directory is any of the following:
- C:\Recycled\Recycled
- %My Startup%
(Note: %Start Menu% is the current user's Start Menu folder, which is usually C:\Windows\Profiles\{user name}\Start Menu on Windows 98 and ME, C:\WINNT\Profiles\{user name}\Start Menu on Windows NT and C:\Windows\Start Menu or C:\Documents and Settings\{User name}\Start Menu on Windows 2000, XP, and Server 2003.)
- If yes, then right-click on the malware process, and click Kill Process Tree.
- Close Process Explorer.
*NOTE: On computers running all Windows platforms, if the process you are looking for is not in the list displayed by Process Explorer, continue with the next solution procedure, noting additional instructions. If the malware process is in the list displayed by Process Explorer, but you are unable to terminate it, restart your computer in safe mode.Restoring AUTORUN.INF and DESKTOP.INI
- Right-click Start then click Search... or Find..., depending on the version of Windows you are running.
- In the Named input box, type:
AUTORUN.INF - In the Look In drop-down list, select a drive, then press Enter.
- Select the file, then open using Notepad.
- Check if the following lines are present in the file:
[AutoRun]
shellexecute=Recycled\Recycled\ctfmon.exe
shell\Open(O)\command=Recycled\Recycled\ctfmon.exe
shell=Open(0). - Select the file then press SHIFT+DELETE.
- Again, in the Named input box, type:
DESKTOP.INI - In the Look In drop-down list, select My Computer, then press Enter.
- Once located, check that the content is the same as the following:
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E} - If yes, select the file then press SHIFT+DELETE.
Important Windows ME/XP Cleaning Instructions
Users running Windows ME and XP must disable System Restore to allow full scanning of infected computers.
Users running other Windows versions can proceed with the succeeding solution set(s).
Running Trend Micro Antivirus
If you are currently running in safe mode, please restart your computer normally before performing the following solution.
Scan your computer with Trend Micro antivirus and delete files detected as WORM_VB.CQE. To do this, Trend Micro customers must download the latest virus pattern file and scan their computer. Other Internet users can use HouseCall, the Trend Micro online virus scanner.
Obs.: Essa é uma solução da Trend Micro, pois os foruns ainda não tem um diagnostico muito preciso para a solução.
Busca da ajuda em portugues não te caso alguem queira eu tenho a tradução.
Verificar.: Quando um virus dessa magnetude se instalar em SERVIDORES também olhar os CLIENTES os mesmos podem estar contaminado e com isso repassam o virus para o servidor. IMPORTANTE!!!!!!!!
Rodrigo Soares
Suporte Técnico Informática e Redes
Suporte Técnico Telecomunicações fixa
Skype rodrigotecnico
mail rodrigowebmaster@ibest.com.br
mail rodrigodptotecnico@msn.com
Home http://atcdsa.spaces.live.com
Help 55 + 11-9677 6504
SP Acesso Remoto RJ
Conectando...
Todas as Respostas
-
A/C
ITusr Boa Noite.
Caro amigo como você pode ver esse é um arquivo sistemico, ou seja por mais que você tente apagalo será impossivel, mas sempre tem um jeito, é como um arquivo "date" do sistema que é responsavel pela monitoração de verificação de Windows Original, sempre que você apaga ele volta se renomear também, ja nesse caso ai siga o procedimento e verifique se da certo. Também trago para você a solução da MICROSOFT caso ajude.
1a. Para a Desabilitação do arquivo.
CTFMON.exe é um processo do Microsoft Office, relacionado a algo de linguagem, idioma, realmente não faz diferença, para detona-lo faça o seguinte.
- Vá no Menu Iniciar
- Executar
- Digite : C:\WINDOWS\system32\dllcache
- Dê ENTER
- Procure por ele e apague ou renomeie
- Depois vá em C:\WINDOWS\system32 e apague ou renomeie de lá tbmCaso não de certo aqui esta um guia de ajuda da Microsoft programadora do sistema.
2b. Como desativar os recursos de reconhecimento de fala e de reconhecimento de manuscrito no Office
http://support.microsoft.com/kb/823586/pt-br Leia com atençao Faça o Backup e o Ponto de Restauro.
Obs.: Caso tenha ajudado Marque como Respondido.: ou post no site
Rodrigo Soares
Suporte Técnico Informática e Redes
Suporte Técnico Telecomunicações fixa
Skype rodrigotecnico
mail rodrigowebmaster@ibest.com.br
mail rodrigodptotecnico@msn.com
Home http://atcdsa.spaces.live.com
Help 55 + 11-9677 6504
Conectando...
-
A/C
ITusrTerminating the Malware Program
Since this malware uses a file name that is also the file name of a legitimate process, it is necessary to use third party process viewers such as Process Explorer, to isolate the malware process itself.
If the process you are looking for is not in the list displayed by Process Explorer, proceed to the succeeding solution set.
- Download Process Explorer.
- Extract the contents of the compressed (ZIP) file to a location of your choice.
- Execute Process Explorer by double-clicking procexp.exe.
- In the Process Explorer window, locate the process:
CTFMON.EXE - Right-click the malware process, and choose Properties.
- Check if the value for the Current Directory is any of the following:
- C:\Recycled\Recycled
- %My Startup%
(Note: %Start Menu% is the current user's Start Menu folder, which is usually C:\Windows\Profiles\{user name}\Start Menu on Windows 98 and ME, C:\WINNT\Profiles\{user name}\Start Menu on Windows NT and C:\Windows\Start Menu or C:\Documents and Settings\{User name}\Start Menu on Windows 2000, XP, and Server 2003.)
- If yes, then right-click on the malware process, and click Kill Process Tree.
- Close Process Explorer.
*NOTE: On computers running all Windows platforms, if the process you are looking for is not in the list displayed by Process Explorer, continue with the next solution procedure, noting additional instructions. If the malware process is in the list displayed by Process Explorer, but you are unable to terminate it, restart your computer in safe mode.Restoring AUTORUN.INF and DESKTOP.INI
- Right-click Start then click Search... or Find..., depending on the version of Windows you are running.
- In the Named input box, type:
AUTORUN.INF - In the Look In drop-down list, select a drive, then press Enter.
- Select the file, then open using Notepad.
- Check if the following lines are present in the file:
[AutoRun]
shellexecute=Recycled\Recycled\ctfmon.exe
shell\Open(O)\command=Recycled\Recycled\ctfmon.exe
shell=Open(0). - Select the file then press SHIFT+DELETE.
- Again, in the Named input box, type:
DESKTOP.INI - In the Look In drop-down list, select My Computer, then press Enter.
- Once located, check that the content is the same as the following:
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E} - If yes, select the file then press SHIFT+DELETE.
Important Windows ME/XP Cleaning Instructions
Users running Windows ME and XP must disable System Restore to allow full scanning of infected computers.
Users running other Windows versions can proceed with the succeeding solution set(s).
Running Trend Micro Antivirus
If you are currently running in safe mode, please restart your computer normally before performing the following solution.
Scan your computer with Trend Micro antivirus and delete files detected as WORM_VB.CQE. To do this, Trend Micro customers must download the latest virus pattern file and scan their computer. Other Internet users can use HouseCall, the Trend Micro online virus scanner.
Obs.: Essa é uma solução da Trend Micro, pois os foruns ainda não tem um diagnostico muito preciso para a solução.
Busca da ajuda em portugues não te caso alguem queira eu tenho a tradução.
Verificar.: Quando um virus dessa magnetude se instalar em SERVIDORES também olhar os CLIENTES os mesmos podem estar contaminado e com isso repassam o virus para o servidor. IMPORTANTE!!!!!!!!
Rodrigo Soares
Suporte Técnico Informática e Redes
Suporte Técnico Telecomunicações fixa
Skype rodrigotecnico
mail rodrigowebmaster@ibest.com.br
mail rodrigodptotecnico@msn.com
Home http://atcdsa.spaces.live.com
Help 55 + 11-9677 6504
Conectando...
