We use cookies to ensure that we give you the best experience on our website. By continuing to browse, we are assuming that you have no objection in accepting cookies. You can change your cookie settings at any time.

BullGuard Support

Vi er her for å hjelpe deg døgnet rundt


Send epost til vår support og vi vil komme tilbake til deg innen 24 timer.


 

 

How to remove Trojan.VB.AQT



THREAT NAME

Trojan.VB.AQT

 

CLEAN INSTRUCTION

1. Restart the computer in Safe mode.

 

2. Open Windows Explorer, go to Tools > FolderOptions.

 

3. Click on the View tab and select Show hidden files and folder.

 

4. Uncheck Hide protected operating system files and click OK.

 

5. With Windows Explorer, locate and delete the following files:


C:\autorun.inf
C:\Recycled\destop.ini
C:\Recycled\info2
C:\Recycled\Recycled\ctfmon.exe

6. Click on Start > Programs > Startup, then right click on ctfmon.exe and select Delete.
(Attention, do NOT left-click on it!)

7. After that, empty the Recycle Bin.


SYMPTOMS
1. Presence of the autorun.inf file in the root of the C drive.

2. Presence of the ctfmon.exe in the Startup folder.

 

3. Your computer may work slower.


DESCRIPTION
1. This is a trojan, written in Visual Basic that is designed to spread via USB cards, flashes etc.

2. When it is run, it creates a directory called Recycled in the root of the drive.

 

3. Creates and a file called info2 and one called desktop.ini that has the following contents:


[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}

4. In the C:\Recycled folder it will create a subfolder called Recycled.

 

5. In there, it will create an own copy with the name ctfmon.exe

6. Creates the file C:\autorun.inf with the following contents:


[autorun]
shellexecute=Recycled\Recycled\ctfmon.exe
shell\Open(&O)\command=Recycled\Recycled\ctfmon.exe
shell=Open(&0)

Those files will also be created in the infected removable drives.

 

7. It gets the path of the Startup folder of the current user and puts there a copy of the ctfmon.exe.


Author:
The BullGuard Team