ctfmon.exe / win32/Hide.Drv.gen!sys HELP!

[pxyfox2000]

First of all please excuse my lack of computer terminology, I am ver
inexperienced with all of this and this is my first experience with
virus or anything of this kind, and apparently it one is a doozy...
First what happens is in my toolbar in the bottom right hand corne
there is a fake windows red shield with a white cross in it and a bo
pops up that says: Windows has detected spyware infection whic
corrpted the registry. It is recommended to load update to preven dat
loss. Windows will now download and install the most up to dat
software for you click here to protect your computer.
And naturally when I click on it, it tries to scan my computer with
Registry Cleaner 3.2 which then tells me I have to install an upgrad
which costs me about $40.
I have run Ad-aware, AVG, Windows Defender and Spybot. Window
defender came the closest to identifying it as a Win32/Hide.Drv.gen!sy
but it says that it does not have enough information to completely ge
rid of it and to send a report to windows, which has yielded no result
thus far.
A friend of mine found the file ctfmon.exe and he went in and delete
it from the registy but it keeps duplicating itself somehow makes i
impossible to get rid of comepletely since it just restarts itself a
startup. I have also noticed that after I try to delete it it usin
the programs or deleting it manually from the registry, I then restar
the computer and right before it shuts down there is a pop up erro
message saying that an application failed or something.
If you need any additional information let me know but I have tried t
include everything here.
PLEASE HELP!!


--
pxyfox2000

[Adam Piggott]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

pxyfox2000 wrote:
> First of all please excuse my lack of computer terminology, I am very
> inexperienced with all of this and this is my first experience with a
> virus or anything of this kind, and apparently it one is a doozy...
> First what happens is in my toolbar in the bottom right hand corner
> there is a fake windows red shield with a white cross in it and a box
> pops up that says: Windows has detected spyware infection which
> corrpted the registry.
<snip>
> I have run Ad-aware, AVG, Windows Defender and Spybot. Windows
> defender came the closest to identifying it as a Win32/Hide.Drv.gen!sys
> but it says that it does not have enough information to completely get
> rid of it and to send a report to windows, which has yielded no results
> thus far.

I'm fairly sure that Eset's NOD32 can get rid of these types of infections.
I've tested similar malware which tries to goad you into paying for stuff
and it can prevent and remove them.

Uninstall AVG, reboot and install the free 30-day trial for NOD32[1] and
after updating it, see if a Local scan cleans you up. SUPERAntiSpyware[2]
should also have the grunt to take care of it.


[1] http://www.eset.com/download/index.php#home
[2] http://www.superantispyware.com/supe...freevspro.html

If either/both do end up saving your bacon do return the favour by shelling
out a few bucks and purchase a license!

Do you have any idea where the infection came from?

Adam Piggott, Proprietor, Proactive Services (Computing).
http://www.proactiveservices.co.uk/

Please replace dot invalid with dot uk to email me.
Apply personally for PGP public key.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (MingW32)

iD8DBQFF0eCq7uRVdtPsXDkRAhn5AJ9gI9BtevuEoUFS8s2HOQ eVC33/gACeNyOI
Ve1BfczjUdverm6PbV6igIM=
=2Bbi
-----END PGP SIGNATURE-----

[pxyfox2000]

Well I know what I was doing when I got the virus but I forgot where i
was since I panicked and deleted the website from my fav list once
saw what it did. It was a total amature move I was trying to get a
code for nero from some website called crack something (lesson 1. sta
away from sites with the word crack in the title) and was too stupid t
scan the file first....I totally deserve it, I shouldn't be so trustin
of people. Its just I don't understand what people gain by infectin
total strangers with a virus that just annoys people...they are lik
date rapists that give you an STD, no better. Seriously... but I wa
hanging out in places I shouldn't have and doing things I should no
have been doing so I have no one to blame but myself. The best thing
can say is I learned a valuable lesson.

Thanks for your advice !!




Adam Piggott Wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> pxyfox2000 wrote:-
> First of all please excuse my lack of computer terminology, I am very
> inexperienced with all of this and this is my first experience with a
> virus or anything of this kind, and apparently it one is a doozy...
> First what happens is in my toolbar in the bottom right hand corner
> there is a fake windows red shield with a white cross in it and a box
> pops up that says: Windows has detected spyware infection which
> corrpted the registry.-
> snip-
> I have run Ad-aware, AVG, Windows Defender and Spybot. Windows
> defender came the closest to identifying it as
> Win32/Hide.Drv.gen!sys
> but it says that it does not have enough information to completel
> get
> rid of it and to send a report to windows, which has yielded n
> results
> thus far. -
>
> I'm fairly sure that Eset's NOD32 can get rid of these types o
> infections.
> I've tested similar malware which tries to goad you into paying fo
> stuff
> and it can prevent and remove them.
>
> Uninstall AVG, reboot and install the free 30-day trial for NOD32[1
> and
> after updating it, see if a Local scan cleans you up
> SUPERAntiSpyware[2]
> should also have the grunt to take care of it.
>
>
> [1] 'Free Spyware Removal - Free Antivirus software and antiviru
> download from ESET' (http://www.eset.com/download/index.php#home)
> [2] 'SUPERAntiSpyware.com - AntiAdware. AntiSpyware. AntiMalware.
> (http://www.superantispyware.com/supe...freevspro.html)
>
> If either/both do end up saving your bacon do return the favour b
> shelling
> out a few bucks and purchase a license!
>
> Do you have any idea where the infection came from?
>
> Adam Piggott, Proprietor, Proactive Services (Computing).
> 'Proactive Services (Computing) - Home Page
> (http://www.proactiveservices.co.uk/)
>
> Please replace dot invalid with dot uk to email me.
> Apply personally for PGP public key.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (MingW32)
>
> iD8DBQFF0eCq7uRVdtPsXDkRAhn5AJ9gI9BtevuEoUFS8s2HOQ eVC33/gACeNyOI
> Ve1BfczjUdverm6PbV6igIM=
> =2Bbi
> -----END PGP SIGNATURE----


--
pxyfox2000

[David H. Lipman]

From: "pxyfox2000" <pxyfox2000.2lzz0n@spywarebanter.co.uk>

| Well I know what I was doing when I got the virus but I forgot where it
| was since I panicked and deleted the website from my fav list once I
| saw what it did. It was a total amature move I was trying to get an
| code for nero from some website called crack something (lesson 1. stay
| away from sites with the word crack in the title) and was too stupid to
| scan the file first....I totally deserve it, I shouldn't be so trusting
| of people. Its just I don't understand what people gain by infecting
| total strangers with a virus that just annoys people...they are like
| date rapists that give you an STD, no better. Seriously... but I was
| hanging out in places I shouldn't have and doing things I should not
| have been doing so I have no one to blame but myself. The best thing I
| can say is I learned a valuable lesson.
|
| Thanks for your advice !!
|

Right now the major motivation is money. Organized crime such as the Russian Mob is
actively using malware as a new way to bring in revenue.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

[Erik]

>
> Right now the major motivation is money. Organized crime such as the Russian Mob is
> actively using malware as a new way to bring in revenue.
>

And what to think of the American Mob?

Isn't the USA the biggest spammer in the world?

Erik.

[David H. Lipman]

From: "Erik" <anonymous@discussions.microsoft.com>


| And what to think of the American Mob?
|
| Isn't the USA the biggest spammer in the world?
|
| Erik.

Actually, no.

Brazil may be the largest source.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

[pcbutts1]

Thanks for the feedback.

--

Newsgroup Trolls. Read about mine here http://www.pcbutts1.com/downloads
The list grows. Leythos the stalker http://www.leythosthestalker.com, David
H. Lipman, Max M Wachtell III aka What's in a Name?, Fitz,
Rhonda Lea Kirk, Meat Plow, F Kwatu F, George Orwell



"pxyfox2000" <pxyfox2000.2lzz0n@spywarebanter.co.uk> wrote in message
newsxyfox2000.2lzz0n@spywarebanter.co.uk...
>
> Well I know what I was doing when I got the virus but I forgot where it
> was since I panicked and deleted the website from my fav list once I
> saw what it did. It was a total amature move I was trying to get an
> code for nero from some website called crack something (lesson 1. stay
> away from sites with the word crack in the title) and was too stupid to
> scan the file first....I totally deserve it, I shouldn't be so trusting
> of people. Its just I don't understand what people gain by infecting
> total strangers with a virus that just annoys people...they are like
> date rapists that give you an STD, no better. Seriously... but I was
> hanging out in places I shouldn't have and doing things I should not
> have been doing so I have no one to blame but myself. The best thing I
> can say is I learned a valuable lesson.
>
> Thanks for your advice !!
>
>
>
>
> Adam Piggott Wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> pxyfox2000 wrote:-
>> First of all please excuse my lack of computer terminology, I am very
>> inexperienced with all of this and this is my first experience with a
>> virus or anything of this kind, and apparently it one is a doozy...
>> First what happens is in my toolbar in the bottom right hand corner
>> there is a fake windows red shield with a white cross in it and a box
>> pops up that says: Windows has detected spyware infection which
>> corrpted the registry.-
>> snip-
>> I have run Ad-aware, AVG, Windows Defender and Spybot. Windows
>> defender came the closest to identifying it as a
>> Win32/Hide.Drv.gen!sys
>> but it says that it does not have enough information to completely
>> get
>> rid of it and to send a report to windows, which has yielded no
>> results
>> thus far. -
>>
>> I'm fairly sure that Eset's NOD32 can get rid of these types of
>> infections.
>> I've tested similar malware which tries to goad you into paying for
>> stuff
>> and it can prevent and remove them.
>>
>> Uninstall AVG, reboot and install the free 30-day trial for NOD32[1]
>> and
>> after updating it, see if a Local scan cleans you up.
>> SUPERAntiSpyware[2]
>> should also have the grunt to take care of it.
>>
>>
>> [1] 'Free Spyware Removal - Free Antivirus software and antivirus
>> download from ESET' (http://www.eset.com/download/index.php#home)
>> [2] 'SUPERAntiSpyware.com - AntiAdware. AntiSpyware. AntiMalware.'
>> (http://www.superantispyware.com/supe...freevspro.html)
>>
>> If either/both do end up saving your bacon do return the favour by
>> shelling
>> out a few bucks and purchase a license!
>>
>> Do you have any idea where the infection came from?
>>
>> Adam Piggott, Proprietor, Proactive Services (Computing).
>> 'Proactive Services (Computing) - Home Page'
>> (http://www.proactiveservices.co.uk/)
>>
>> Please replace dot invalid with dot uk to email me.
>> Apply personally for PGP public key.
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1.4.6 (MingW32)
>>
>> iD8DBQFF0eCq7uRVdtPsXDkRAhn5AJ9gI9BtevuEoUFS8s2HOQ eVC33/gACeNyOI
>> Ve1BfczjUdverm6PbV6igIM=
>> =2Bbi
>> -----END PGP SIGNATURE-----
>
>
>
>
> --
> pxyfox2000