Results 1 to 10 of 39

Thread: cftmon.exe ...the undead (Resolved)

Hybrid View

  1. 06-13-2007, 08:48 AM #1
    spaileen
    spaileen is offline Junior Member
    Join Date
    Jun 2007
    Location
    Dublin,Ireland
    Posts
    21
    I created a folder HiJackthis in Program Files and downloaded it to there but each time it is a temporary file? I disabled the Windows firewall as per the instructions in the link (I am not sure how to re-enable it!)
    I previousley disabled cftmon.exe as you suggested but it made no difference. I believe cftmon.exe can be used as a back door thing for trojan hijack. After the first couple of clicks on search results the re-direction stops but I am afraid that this could be some keystroke monitoring thing which obviousley is dangerous.
    Below are some of the sites I am sent too.

    http://www.camouflageclothingonline....t=2&rpt=1&kt=1
    http://www.velvetic.com/cfc.cfm?pt=2&rpt=1&kt=1
    http://aicse.com/cfc.cfm?pt=2&rpt=1&kt=1
    These come with a yellow bar saying a pop up has been blocked
    Reply With Quote Reply With Quote
  2. 06-13-2007, 09:32 AM #2
    jholland1964's Avatar
    jholland1964
    jholland1964 is offline Administrator
    Join Date
    Aug 2006
    Location
    The Middle
    Age
    80
    Posts
    4,079
    cftmon.exe is a perfectly legitimate file. You have Word on the machine, and even though you said you don't have Microsoft Office you do as shown by the entry in your HiJackThis log
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    As long as Office loads at start up, which this shows that it does, then the cftmon.exe will load also.
    If you are getting a pop-up bar then this shows the pop-up blocker is doing it's work, it is blocking pop-ups.
    There is another copy of HiJackThis on the machine which is the beta version and it is running from it's own folder as shown in your original scan but this one IS running from here;
    C:\DOCUME~1\GERRYB~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe
    Go in there and remove the beta version. Then move this one.
    To re-enable Windows Firewall you just do the same instructions you followed to turn it off, only do them in reverse, put the dot it turn it on.

    Obviously there is "something" on the machine because if you are still getting these re-directs then all has not been removed.

    Go in and rename HiJackThis to analyze.exe. and physically MOVE this file from the Temp folder it is in to it's own folder.
    You need to go back to the beginning of PP's sticky and do the steps again. He does NOT say turn off Windows Firewall. He explains that AFTER the computer is clean then you turn off System Restore, that is NOT the Firewall.
    I need you to follow his steps exactly. Especially the enabling of hidden files and folder.
    When you have completed those steps, EXACTLY, then post back here with the AVG LOG, the HJT log and the Kaspersky log.
    Reply With Quote Reply With Quote
  3. 06-13-2007, 11:19 AM #3
    spaileen
    spaileen is offline Junior Member
    Join Date
    Jun 2007
    Location
    Dublin,Ireland
    Posts
    21
    Obviousley as you say my problem is not cftmon.exe but lies elsewhere. I will redo the steps as you suggest. I had a problem with Kaspersky which would not install with AVG detected on my machine..I might have to uninstall it.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules