CFTMON.EXE – Trojan Downloader

Trojan No Comments

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews. EULA. Privacy Policy. Uninstall.

CFTMON.EXE – Trojan Downloader removal

FileMD5Virus Alias
CFTMON.EXE f61f4adeffe5e96bf757b11108f997ad Trojan Downloader
CFTMON.EXE f61f4adeffe5e96bf757b11108f997ad Trojan Adload
CFTMON.EXE f61f4adeffe5e96bf757b11108f997ad Trojan Agent
CFTMON.EXE f61f4adeffe5e96bf757b11108f997ad Trojan Small
CFTMON.EXE f61f4adeffe5e96bf757b11108f997ad Trojan ZBot
CFTMON.EXE f61f4adeffe5e96bf757b11108f997ad Trojan Crypt

CFTMON.EXE size: 213576 bytes
CFTMON.EXE hash: F61F4ADEFFE5E96BF757B11108F997AD

Created files:

%UserProfile%\cftmon.exe
%SysDir%\drivers\spools.exe

Autostart registry keys:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ntuser: %WinDir%\System32\drivers\spools.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\autoload: %WinDir%\System32\config\Systemprofile\cftmon.exe
HKLM\System\CurrentControlSet\Services\Schedule\ImagePath: 43003A005C00570049004E0044004F00570053005C00730079007300740065006D00330032005C0064007200690076006500720073005C00730070006F006F006C0073002E006500780065000000
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ntuser: %WinDir%\System32\drivers\spools.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\autoload: %WinDir%\System32\config\Systemprofile\cftmon.exe

Detected by UnHackMe:

CFTMON.EXE
Default location: %USERPROFILE%\CFTMON.EXE

Dropper information:
MD5: 025ccf6e44819fe51244df2b7709509a
File size: 202162 bytes

Leave a Reply

Privacy Policy      Terms and Conditions

Thank you for theme by IdeaBox       Credits: Thank you to www.icons8.com for Icons and Images