SdBot fix for ctfmonn.exe


	Patchs for virus
	Tutorials
	Tips
	Forum
	Windows Optimum
	USB FireWall
	Boost Google Search

	Alias

	Information

	File
	This virus puts only one file in your system <Windows>\ctfmonn.exe and two other files in each root directory of all your system's partition. autorun.inf ctfmonn.exe
	Registry
	Creates registry keys: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NETWORK_SERVICE HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NETWORK_SERVICE\0000 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NETWORK_SERVICE\0000\Control HKEY_LOCAL_MACHINE\SOFTWARE\ProductName HKEY_LOCAL_MACHINE\SOFTWARE\ProductName\ProductID HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NETWORK SERVICE HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NETWORK SERVICE\Security HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NETWORK SERVICE\Enum HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NETWORK SERVICE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NETWORK SERVICE\Security HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NETWORK SERVICE\Enum HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_SERVICE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_SERVICE\0000 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_SERVICE\0000\Control Created values: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate DoNotAllowXPSP2 = 0x00000001 HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile EnableFirewall = 0x00000000 HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile EnableFirewall = 0x00000000 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NETWORK_SERVICE\0000\Control NewlyCreated = 0x00000000 ActiveService = "NETWORK SERVICE" HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NETWORK_SERVICE\0000 Service = "NETWORK SERVICE" Legacy = 0x00000001 ConfigFlags = 0x00000000 Class = "LegacyDriver" ClassGUID = "{8ECC055D-047F-11D1-A537-0000F8753ED1}" DeviceDesc = "NETWORK SERVICE" HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NETWORK_SERVICE NextInstance = 0x00000001 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NETWORK SERVICE\Enum 0 = "Root\LEGACY_NETWORK_SERVICE\0000" Count = 0x00000001 NextInstance = 0x00000001 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NETWORK SERVICE\Security Security = 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 0 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NETWORK SERVICE Type = 0x00000110 Start = 0x00000002 ErrorControl = 0x00000000 ImagePath = "<Windows>\ctfmonn.exe" DisplayName = "NETWORK SERVICE" ObjectName = "LocalSystem" FailureActions = 0A 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 B8 0B 00 00 Description = "NETWORK SERVICE" HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_SERVICE\0000\Control NewlyCreated = 0x00000000 ActiveService = "NETWORK SERVICE" HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_SERVICE\0000 Service = "NETWORK SERVICE" Legacy = 0x00000001 ConfigFlags = 0x00000000 Class = "LegacyDriver" ClassGUID = "{8ECC055D-047F-11D1-A537-0000F8753ED1}" DeviceDesc = "NETWORK SERVICE" HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_SERVICE NextInstance = 0x00000001 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NETWORK SERVICE\Enum 0 = "Root\LEGACY_NETWORK_SERVICE\0000" Count = 0x00000001 NextInstance = 0x00000001 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NETWORK SERVICE\Security Security = 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 0 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NETWORK SERVICE Type = 0x00000110 Start = 0x00000002 ErrorControl = 0x00000000 ImagePath = <Windows>\ctfmonn.exe" DisplayName = "NETWORK SERVICE" ObjectName = "LocalSystem" FailureActions = 0A 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 B8 0B 00 00 Description = "NETWORK SERVICE" Changed values: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole EnableDCOM = "N" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center AntiVirusOverride = 0x00000001 FirewallOverride = 0x00000001 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths Directory = "%user%\LocalService\Local Settings\Temporary Internet Files\Content.IE5" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1 CachePath = "%user%\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache1" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2 CachePath = "%user%\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache2" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3 CachePath = "%user%\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache3" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4 CachePath = "%user%\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache4" HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control WaitToKillServiceTimeout = "7000" HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa restrictanonymous = 0x00000001 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\ServiceCurrent (Default) = 0x00000015 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control WaitToKillServiceTimeout = "7000" HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa restrictanonymous = 0x00000001 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ServiceCurrent (Default) = 0x00000015 HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders Cookies = "%user%\LocalService\Cookies" Cache = "%user%\LocalService\Local Settings\Temporary Internet Files" History = "%user%\LocalService\Local Settings\History"
	ATTENTION
	This virus launches out automatically to each time you open or explore a partition or a removable disk, it is thus preferable to download this patch and to decompress it on the desktop, to start your machine in safe mode and of launching the patch, always in safe mode. Instruction on how to restart your computer in safe mode.

	Link

Latest fixs:

cftmonn.exe (ksven, Autorun.dhl)
sbsm.exe, softhomepage.com (sbsm.dll,sbmdl.dll)
Virtual Made (Virtual Maid.dll, http://www.searchmaid.com)
VirusHeat (VirusHeat 4.3.exe, VirusHeat.exe)
MonaRonaDona (srvspool.exe, registrycleaner2008.exe)
Noooh (Sys.exe, ComSys.dll)
NetSky (FVProtect.exe,FirewallSvr.exe,netstats.exe) and all its variants
Tavo.exe (tavo0.dll, tavo1.dll) and all its variants
Patty.exe (S0UNDMANS.EXE,1sasrv.dll,adsldps.dll,twain.dll,realsched.exe)
Kxvo.exe and all its variants
Kavo.exe and all its variants
VirtuMonde (VirtuMondo, Vundo, TROJ_VUNDO, TROJ_MEREDROP,DL.Small.ADIB)
Sohanad fix (SCVVHSOT.exe, svchost.exe) (W32.Imaut.A, TROJ_AUTORUN.AH, Worm.Sohanad)
SdBot fix (ctfmonn.exe) (Backdoor.SdBot, Sdbot.worm.gen.a)
Amvo.exe (3o.exe, y82td3td.com, i.cmd, fppg1.exe, ekugb3.bat...) and its variants other than already proposed here