ctin10.exe - Useless

Windows Programs - Useful, Useless or Malicious

Startupapps.com recommends you:

UnHackMe Warrior Removing rootkits is best done from the "clean" Windows!

Blog: New viruses/malware/rootkits. Everyday!

Blog: How to remove malware/Trojans/rootkits using UnHackMe or manually. We know how to remove malware.

Shortcut Antivirus protects against Microsoft LNK and PIF vulnerability, notify a user about found threats and give possibility to immediately remove threats.

StuxnetRemover - free of charge Stuxnet/Tmphider rootkit removal tool.

Blog: System Software Research. What is under the hood? Who is faster? Antiviral and system software under microscope...

ctin10.exe - Useless

ctin10.exe

PWSteal.Bancos.E.
Is a Trojan horse that imitates the online interfaces of certain Brazilian banks to try to steal account information.
It is a minor variant of PWSteal.Bancos.D.
Also known as PWSteal.Bancos, PWSteal.Bancos.B, PWSteal.Bancos.C, PWSteal.Bancos.D

Copies itself as itself to the %System%\Ctin10.exe.

Adds the value:
"CTin10"="%System%\CTin10.exe"
to the registry keys:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices
so that the Trojan runs when you start Windows.

If the file C:\BancoBrasil\officeIE\officeIE.CAB exists, the Trojan will move it to C:\officeIE.CAB.

Monitors the active Internet Explorer windows, waiting for you to open a Web page that matches the characteristics of certain banking sites.
Such as:
https:/ /www2.bancobrasil.com.br/aapf/aai/principal
https:/ /bankline.itau.com.br/GRIPNET/Montamenu.exe
https:/ /internetcaixa.caixa.gov.br/NASApp/SIIBC/Login_ok.processa
https:/ /wwwss.bradesco.com.br/scripts/ib2k1.dll/LOGINCHK#top

When such a site is opened, the Trojan displays one of several login screens, which are selected according to the URL.
The information entered on these screens may then be emailed to another computer.

Manual removal:
Navigate to the keys:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices
and delete the value:
"CTin10"="%System%\CTin10.exe"

Virus Problem? Google Redirects? Ads? Slow?

First download the latest version UnHackMe: Download UnHackMe.
Open the archive and start the unhackme_setup.exe.
When the installation is over you will see the main UnHackMe screen.
Click on the Advanced button and choose “Send report to the support center” in the popup menu. Follow the instructions. The report file (regrunlog.txt) will be saved on your Desktop.
Go to the Support Center. Attach it to your ticket and click on the Browse button and then to the regrunlog.txt file. Don’t insert the report text directly into the message text! We won’t be able to analyse such a report. Describe your problem in detail. Add the screenshot, your antivirus log or suspicious files.

Constantly updated. Last update: February 5 2012

Fix Windows PC's Fast! Automated Software Repairs damaged & slow windows systems in 1 click.

Quick Links: What's new?
RSS Feed
Add to AppDatabase
Ask Experts
Join forum
Links
Articles: Virus or not? SPTD####.sys
What is mc21.tmp, mc22.tmp, mc23.tmp?
Select: Necessary
Useless
At your option
Dangerous