Jump to content


Photo

new executable for antivirus soft malware


  • Please log in to reply
1 reply to this topic

#1 Brian Surratt

Brian Surratt

    Member

  • New Member
  • Pip
  • 1 posts

Posted 06 March 2010 - 05:36 PM

Last night my wife contract the Antivirus Soft malware on her computer. I tried all of the usual tools, MalwareBytes, Clamwin, Spybot, but none of them seemed to remove it. Looking at all of the instructions on how to remove it, I couldn't find any of the registry entries that were indicated as being symptoms.

Finally, I ran HijackThis and started going through the log manually and found the little stinker. Here's the line item from the log.

C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\itbotr\cmqfsftav.exe

Had HijackThis take that entry out of the registry, rebooted and all is well.

So, it looks like this is a brand new name for the executable. I'm not a regular in the malware community, so I don't know the "official" channels for sharing this info. Just spreading the word, to help support the folks that make these great tools.

Edited by Brian Surratt, 06 March 2010 - 05:39 PM.


#2 Budfred

Budfred

    Malware Hound

  • Administrators
  • PipPipPipPipPip
  • 21,523 posts

Posted 06 March 2010 - 06:34 PM

Many infections out there use random naming for their files, so this is probably one of the random names for this one... However, removing an executable is unlikely to resolve the actual problem, it simply makes it harder to see for a while... I suggest that you read the FAQ and post a log in Malware Removal... I am moving this topic to a more appropriate subforum...
Budfred

Helpful link: SpywareBlaster...

MS MVP 2006 and ASAP Member since 2004

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"




Member of UNITE
Support SpywareInfo Forum - click the button