Issue
- Your ESET product detects the infection Win32/TrojanDownloader.Retacino
Details
The Retacino infection is a trojan that attempts to write to the memory location of previously loaded programs, makes edits to registry entries and can affect network communications on infected computers. ESET software detects this infection, and you can use the decrypter tool provided in the article below to remove it from an infected computer.
Solution
-
Download the ESETRetacinoCleaner.exe tool and save the file to your Desktop.
-
Click Start → All Programs → Accessories, right-click Command prompt and then select Run as administrator from the context menu.
-
Windows 8 / 10 users: press the Windows key + Q to search for applications, type Command prompt into the Search field, right-click Command prompt and then select Run as administrator from the context menu.
-
Windows 8 / 10 users: press the Windows key + Q to search for applications, type Command prompt into the Search field, right-click Command prompt and then select Run as administrator from the context menu.
-
Type the command
cd %userprofile%desktop
(do not replace "userprofile" with your username–type the command exactly as shown) and then press Enter.
-
Type the command
esetretacinocleaner.exe
and press Enter.
-
Read and agree to the end-user license agreement.
-
Type
esetretacinocleaner.exe /s /C:
and press Enter to scan the C drive in silent mode. To scan a different drive replaceC:
with the appropriate drive letter.
You can also use any of the following switches in place of or in addition to/s
:- /s – Silent mode
- /f – Force cleaning
- /d – Debug mode
- /n – Only list files for cleaning (do not clean)
-
/h or /? – Show usage
- The Retacino cleaner tool will run and the message "Looking for infected files" will be displayed. If an infection is discovered, follow the prompts from the Retacino cleaner to clean your system.
Figure 1-1