I have at the moment have skipped the deleteion of same as I am not sure if it is a problem?
I did a quick search using goggle and appears the file could be related to the Free Threatfire program I am using
Please advise
[Using Widows XP SP2 Sp3 with all MS updates installed = Comodo 2.4 Firewall = Windows Defender = Avast Free Home 4.8 with all updates installed]
When it next pops-up there is a submission link, I would do that.
avast by all account isn’t the only thing that detects this threatfire driver, Kaspersky for one as your google search will no doubt have shown. The PC Tools forum pretty much dismisses the detection out of hand, http://www.pctools.com/forum/showthread.php?t=48678. It would have been nice if they provided an MD5 number for the file so that people could compare to see their file hadn’t been modified.
The 64,000 dollar question would have to be do you have threatfire installed ?
You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here. You can’t do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.
Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect* That will stop the standard shield scanning any file you put in that folder. You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.
The workings of the threatfire module can be interpreted as the workings of a keylogger, in that case it is a false positive. But again I would go to virustotal and see what flags it. It could also be a find after Threatfire (because by some it does more than the HIPS should) has been uninstalled, and then tfkbmon.sys can be a left-over of a not fully completed uninstall. I have noticed that TfKbMon.sys sometimes does not always uninstall. After uninstalling, you usually check for left overs with autoruns and a couple of other tools…
I have uninstalled fully "Threatfire using the “Free Revo Uninstaller” prgm [used the REVO No4 to fully remove it.]
I rechecked for files still left behind and by using “Search” [Showing "Hiden Files] the search found the file of “c:\windows\system32\drivers\tfkbmon.sys”
I renamed it to oldtfkbmon and used my computer to check if computer still was OK.
Used my computer with no probems so I deleted it
After this I did do a “Avast Full Boot Scan” and it returned a report with no errors
By using my computer over 3 hrs I am not having any problems at all
Please download HijackThis from the link below. Do not download HJT to the desktop but instead download it into it’s own folder on the hard drive.
Run the program but do not make any fixes and then post the log results using the “copy & paste” method. It will probably take more than one post to be able to get the complete log posted.
OR, you can post it as an attachment to your post by clicking on “Additional Options…” below left of the posting box. Someone will review your log and then offer help.
I have created the HiJack Log file from my computer and have added same to my reply.
There seems onlt a few items that I can see which may need attention
Will await someones reply
Regards Colin
xxxxxxxxxxxxxxxxxx
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:07:16 AM, on 31/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal