COM Surrogate Infection

Description:

Lately there have been reports of viruses that do not infect the file system except by dumping huge amounts of files in the %temp% directory. Follow these steps to remove the infection. Initial complaints from end users will be that the computer is so slow they cannot open anything.

To Resolve:

1. Find out if you have this particular infection by running taskmgr.msc. Processes running will look like legitimate processes but will not be. Examples include: COM Surrogate, CTF Loader, Windows Picture Acquision Wizard, etc. (see screenshot below).

1. After doing a bit of searching, I found that if you run ESET Poweliks Cleaner (found here), it will target this infection and remove it. You just need to reboot afterwards.