Killreg Trojan Found

You need to run the current version of the READ ME. You must not work from something you have saved locally. You are way out of date using Ad-Aware SE 1.05 and your versions of GetRunKey and ShowNew are way out of date too. Please work thry the below procedure.

Note: ctfmon.exe is not malware. It is from MS Office. See: http://support.microsoft.com/kb/282599


Questions:

1. How do you know you have the Killreg Trojan? Did a scanner detect it? If so, which scanner? Do you have a log showing it?
2. Are your copies of Spy Sweeper and Spyware Doctor paid versions or free trials?

Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, renaming, running, and posting HijackThis logs as attachments.

• Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
• Make sure you check version numbers and get all updates.
• Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

• After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:

Downloading, Installing, and Running HijackThis​

Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around.​

• When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:
  • CounterSpy - only for Windows XP, 2K, & NT users
  • AVG Antispyware log - ONLY IF NEEDED you were not able to run CounterSpy. - only for Windows XP, 2K, & NT users
  • Bitdefender - from step 6
  • Panda Scan - from step 6
  • runkeys.txt - the log from GetRunKey.bat
  • newfiles.txt - the log from ShowNew.bat
  • HijackThis

NOTE: You can only attach 3 files in a single message so it will require that you use two messages to attach all of these logs!

 

Sorry missed it. However it quarantined it anyway and I'm also not sure that it was really a problem. There are valid forms of autoclk.exe. One was a Sagem Modem driver. Another one is a utility to do automatic mouse clicks. And there were other valid uses. I doubt it was a problem but it is possible.

 

Your logs are clean but I still see things from Spyware Doctor in your HJT log. Did you uninstall it like you said you were going to do.

You did not have a Killreg Trojan. As I stated in message # 5, it could have been a file for a Sagem Modem and you do have SAGEM F@st 800-840 software installed.

 

Why? This is not malware as I have already stated. It is for your Sagem Modem.

Also already stated. It did not find a Killreg trojan. It falsely said a file for your modem was this trojan due to the filename being the same as one associated with that trojan.

 

You're welcome.