CTFMONA Computer Virus

Command, ctfmona.exe. Status, X. Description, Identified as a variant of the W32 / Smalltroj.CJDX malware, Generic PWS.y Trojan. Ctfmona.exe is also classified as Trojan / Backdoor Virus.

The filename CTFMONA.EXE was first seen on Oct 4 2007 in Nethelands.
CTFMONA.EXE was then seen in the United States on Nov 14 2007.
CTFMONA.EXE was seen in Spain on Oct 4 2007 BELGIUM.
CTFMONA.EXE was seen in United Kingdom on 22 March 2008.
CTFMONA.EXE was seen in Singapore on 3 April 2008.
CTFMONA.EXE was seen in Thailand on 9 April 2008.

The filename is associated with the malware group Trojan.Nudos. Some files using the name CTFMONA.EXE are also associated with the malware groups. Trojan.Zlob SHeur.ADEV These files have no vendor, product or version information specified in the file header.

On the CTFMONA infected machine, it would pop up "spools.exe" on multiple windows.  And most of the links to the application is all damaged - not allowing me to launch most programs.  Even double click on the Windows Explorer will give me all kinds of error.

So here is how I attempted to fix the problem.

On the infected machine, it did not allow me to run "Regedit".  I had to start the computer in "Safe Mode - command prompt" by pressing F8 at startup.  At the command prompt, I then type "REGEDIT".  Go to Run Key to remove unwanted started program.

Restart Windows.  Now able to run "Command".  Type "cd c:windows system32 restore" and then type "RSTRUI".  Use the System Restore to find the appropriate restore check point and perform the actual system restore.