I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:
Download UnHackMe
Fully Functional 30-day Trial. No credit card is required. Reviews. EULA. Privacy Policy.
CFTMON.EXE – Trojan Downloader removal
| File | MD5 | Virus Alias |
|---|---|---|
| CFTMON.EXE | 80766c54eb04f1c460891f48666db690 | Trojan Downloader |
| CFTMON.EXE | 80766c54eb04f1c460891f48666db690 | Trojan Adload |
| CFTMON.EXE | 80766c54eb04f1c460891f48666db690 | Trojan Agent |
| CFTMON.EXE | 80766c54eb04f1c460891f48666db690 | Trojan Small |
| CFTMON.EXE | 80766c54eb04f1c460891f48666db690 | Trojan ZBot |
| CFTMON.EXE | 80766c54eb04f1c460891f48666db690 | Trojan Crypt |
CFTMON.EXE size: 532638 bytes
CFTMON.EXE hash: 80766C54EB04F1C460891F48666DB690
Created files:
%UserProfile%\cftmon.exe
%SysDir%\drivers\spools.exe
Autostart registry keys:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ntuser: %WinDir%\System32\drivers\spools.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\autoload: %WinDir%\System32\config\Systemprofile\cftmon.exe
HKLM\System\CurrentControlSet\Services\Schedule\ImagePath: 43003A005C00570049004E0044004F00570053005C00730079007300740065006D00330032005C0064007200690076006500720073005C00730070006F006F006C0073002E006500780065000000
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ntuser: %WinDir%\System32\drivers\spools.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\autoload: %WinDir%\System32\config\Systemprofile\cftmon.exe
Detected by UnHackMe:
CFTMON.EXE
Default location: %USERPROFILE%\CFTMON.EXE
Dropper information:
MD5: 09ba161f528ebae9ec0f23d383dd5767
File size: 521224 bytes