1 reply to this topic

[Brian Surratt]

Last night my wife contract the Antivirus Soft malware on her computer. I tried all of the usual tools, MalwareBytes, Clamwin, Spybot, but none of them seemed to remove it. Looking at all of the instructions on how to remove it, I couldn't find any of the registry entries that were indicated as being symptoms.

Finally, I ran HijackThis and started going through the log manually and found the little stinker. Here's the line item from the log.

C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\itbotr\cmqfsftav.exe

Had HijackThis take that entry out of the registry, rebooted and all is well.

So, it looks like this is a brand new name for the executable. I'm not a regular in the malware community, so I don't know the "official" channels for sharing this info. Just spreading the word, to help support the folks that make these great tools.

Edited by Brian Surratt, 06 March 2010 - 05:39 PM.

[Budfred]

Many infections out there use random naming for their files, so this is probably one of the random names for this one... However, removing an executable is unlikely to resolve the actual problem, it simply makes it harder to see for a while... I suggest that you read the FAQ and post a log in Malware Removal... I am moving this topic to a more appropriate subforum...