I faced this virus recently and beat it. Here's how:

There is a red shield in your taskbar with an X through it that says Your Computer is infected ! Then a popup box comes up that says Windows has detected spyware infection . click here to resolve this problem . When you click on the balloon, it says Question do you want to install registry cleaner ? And then it has two Yes and No buttons . When you click Yes on it, it downloads registry cleaner 3.1 which prompty does some scanning and then asks you to pay for it services. This is a huge scam. I think this "virus" was invented by their company to make some quick profits.

I tried using lavasoft's adaware with the latest updates (Feb 2007) and that didn't work. I tired using Spybot Search and Destroy with the latest updates and that didn't work. I even ran both of these with the administrator account in safemode and still nothing.

Finally I figured out that when I went into the task manager and stop the service ctpmon.exe it duplicates itself and then you'll have several red shields with X's through them. I did a google search on ctpmon.exe and you need to reboot in safemode, then go to

C:\windows\system32\ctpmon.exe

And delete the file. Then, you can go to http://www.ccleaner.com/ and download the latest version of ccleaner. I believe this is freeware. Install the program and run it. Click on the tabs until you see a box for startup programs. Located the startup for ctpmon and delete it. That's it! I also noticed several startup items for programs I deleted years back, so I cleaned those up as well. I noticed how quickly my computer started up after deleting those references that no longer existed.

The best solution is to never respond positively to a pop-up and authorize/LET the bad guy to get you!

This post is around the time it came out.
http://computing.net/windowsxp/wwwb...
Now there is a removal tool updated for the threat, because there may something else downloaded.

Glad you fixed it, but the answer everyone
would like to know is.

What did you do to get it?

Help. I have the exact same problem only my download is to registry cleaner 3.2. There is no ctpmon.exe in my system32 folder or running in task manager. Have they changed the executable name? IF so how can I delete this????

Hi workjock, i had the same problem. they have changed the file name to "tcpipmon.exe"

moreover, the name might be random, so just go to ..windows\system32\..
arrange the files by types and look for an "exe" file with this annoying icon you see on your taskbar.... from there do what jaykallen suggested

good luck

Here's how I got rid of it without safe mode:

Running vista 64bit ultimate, got the tcpipmon.exe respawning on ending process.

task manager showed 2 processes of tcpipmon *32 and the files were in \windows\SysWOW64
tcpipmon.exe, a .dll file and a .nt file

First I deleted the exe file, windows responded with file in use 'retry'/'cancel'

then in taskman right click both processes set priority to lowest, kill them and hit 'retry' to delete the exe, then delete the .dll and .nt with same date/time created.

You are now free from this crap.

tcpipmon trojan is really annoying and should be removed from computer to make sure your system is secure: how to remove tcpipmon