Trojan:W32/Reveton

CAUTION Manual removal is a risky process; it is recommended only for advanced users. Otherwise, please seek professional technical assistance.

• Boot the system into Safe Mode. To do so:
  • First, restart the system (ClickStart, then Shut Down, select Restartin the drop-down dialog box that appears, then clickOK).
  • As the computer restarts but before Windows launches, press F8.
  • Use the arrow keys to highlight 'Safe Mode' and then press Enter.
    
    

    Image 1 and 2: Enter 'Safe Mode'.

• In Safe Mode, find the file ctfmon.lnk in the Startup folder (C:\Users\Username\AppData\Roaming\Microsoft\Windows\Start Menu\Program\Startup\ctfmon.lnk) and delete it.
  

  Image 3: Find and delete ctfmon.lnk from the Startup folder (click image to enlarge).

• Reboot the system again, this time into Normal mode.
• Finally, run a full computer scan with F-Secure Anti-Virus. to repair any remaining files

A False Positive is when a file is incorrectly detected as harmful, usually because its code or behavior resembles known harmful programs. A False Positive will usually be fixed in a subsequent database update without any action needed on your part. If you wish, you may also:

• Check for the latest database updates

  First check if your F-Secure security program is using the latest updates, then try scanning the file again.

• Submit a sample

  After checking, if you still believe the file is incorrectly detected, you can submit a sample of it for re-analysis.

  Note: If the file was moved to quarantine, you need to collect the file from quarantine before you can submit it.

• Exclude a file from further scanning

  If you are certain that the file is safe and want to continue using it, you can exclude it from further scanning by the F-Secure security product.

  Note: You need administrative rights to change the settings.