[KB3348] How do I clean a Retacino infection using the ESET Retacino decrypter?

Issue

 

Details

The Retacino infection is a trojan that attempts to write to the memory location of previously loaded programs, makes edits to registry entries and can affect network communications on infected computers. ESET software detects this infection, and you can use the decrypter tool provided in the article below to remove it from an infected computer.

Solution

  1. Download the ESETRetacinoCleaner.exe tool and save the file to your Desktop.
     
  2. Click StartAll Programs Accessories, right-click Command prompt and then select Run as administrator from the context menu.
    • Windows 8 / 10 users: press the Windows key + Q to search for applications, type Command prompt into the Search field, right-click Command prompt and then select Run as administrator from the context menu.
       
  3. Type the command cd %userprofile%desktop (do not replace "userprofile" with your username–type the command exactly as shown) and then press Enter.
     
  4. Type the command esetretacinocleaner.exe and press Enter.
     
  5. Read and agree to the end-user license agreement.
     
  6. Type esetretacinocleaner.exe /s /C: and press Enter to scan the C drive in silent mode. To scan a different drive replace C: with the appropriate drive letter.

    You can also use any of the following switches in place of or in addition to /s :
    • /s – Silent mode
    • /f – Force cleaning
    • /d – Debug mode
    • /n – Only list files for cleaning (do not clean)
    • /h or /? – Show usage
       
  7. The Retacino cleaner tool will run and the message "Looking for infected files" will be displayed. If an infection is discovered, follow the prompts from the Retacino cleaner to clean your system.

Figure 1-1
 

 

Need Assistance in North America?

If you are a North American ESET customer and need assistance, view product documentation or visit helpus.eset.com to chat with a live technician.