ctfmon Just spent an hour and a half removing this damn thing off my mum's laptop. Anyhow. Virus, dunno what it does, dunno where it came from (or when, for that matter..it seemed to have modified its inception dates etc) but you can easily check whether you have it. Start > (All) Programs > Startup If there is a file in there called ctfmon, you got it. Ctfmon is a legitimate Microsoft Office file involved in configuring advanced user settings, like the language bar and writing tablet drivers, so you might already have it *somewhere* but if you have a copy in startup, it ain't supposed to be there, and it's not a legit copy. Anyway if you don't have it (most likely) then great. If you do, talk to me or more preferably go here: http://www.bullguard.com/support/tech-guides/how-to-remove-trojanvbaqt.aspx It sounds easy but I spend my time going round and triple-checking everything. Just thought I'd mention it on the offchance =)
Re: ctfmon Well I dunno but I thought that was fairly straightforward =P Read it again..you only have a problem if there is a file called ctfmon in /startup. For clarification this is a file with the SAME NAME as the legit ctfmon, which you may or may not already have as a running process or in system32. It's a common technique virus scripters use; if their script has some of the same credentials as an already-existing legitimate system file, then there's less chance of detection for various reasons. However, this one is somewhere it's not supposed to be. Also, I don't have it already =P no process, no file. It just depends on what you do with word basically.
