False Positive?

Using Version 4.8 free and received following alert during start up scan…

File Name: c:\program files\broadjump\client foundation\cfd.exe

Malware Name: Win32: Cfd (adw)

Malware Type: Adware

VPS Version 080427-1

This file has been in my computer for three years and is part of the Bellsouth 2Wire DSL connection.

I can ignore it but no telling what will happen if the wife or daughter are using the computer and the siren sounds. ;D

Suggestions? :-\

Hi LeBoule,

Avast FP related to cfd.exe?

cfd.exe is a process belonging to a troubleshooting software from Motive Communications. It enables your broadband provider to offer easy installation and ongoing services to your computer.

Here you have further info on it:
http://www.neuber.com/taskmanager/process/cfd.exe.html
It is all considering if you trust your ISP and their ads-serving policy to consumers. There were some abuses lately, see my posting here: http://forum.avast.com/index.php?topic=34918.0

Now on to the verdict on the this executable:

Is cfd.exe spyware?

No.

Is this considered adware or popup related?

No.

Is this considered a virus or trojan?

No.

Would you recommend that I remove cfd.exe?

No, I would not remove this file,

You can put in to the exclusion list until it will be treated as a False Positive by avast in a next update,

polonus

a little more to Polonus’ advice about the exclutions lists

on demand

right click the “a” icon, select program settings, exclusions

on access (family won’t know :wink: ) left click the “a” icon, select standard shiel provider. Click customize button, exclution tab.

add to both lists

c:\program files\broadjump\client foundation\cfd.exe

Great replies and interesting reading. Since I have no issues (slowdown, CPU usage, etc. as were mentioned in the link) with the file on the computer I think I’ll keep it at least for now. Will move to exclusions list per Oldman’s directions.

If you can’t trust Bellsouth (now AT&T) who can you trust? ;D HAW! Yeah, sure!

Thanks much Polonus and Oldman… :slight_smile:

As they say is some of the other forums this question is resolved!

You’re welcome and welcome to the forum. I’ve got the same file, though from a different provider. I don’t loss any sleep over it.

C:\PROGRA~1\BROADJ~1\CLIENT~1\CFD.exe

Now avast! is sounding alarm on the above file during start-up.

I feel like it’s probably another false positive so I put it in exclusions for now…HJT log showed nothing suspicious.

Any ideas from Polonus or Oldman or anybody else? ???

Thanks…

http://www.auditmypc.com/process/cfd.asp
It is good!

It is the same file and location that is just the shortname notation for the same file, e.g. where the folder or file name exceeds 8 characters, it will show the first 6 characters of the folder followed by the ~1 characters (if there were two folders with the same name it would be ~2).

Is this the same malware name as the original detection ?

This is strange as avast should be able to detect that the two locations are the same shortname and longname location for the same physical location.

Using the likes of auditmypc or any other similar service is basing its decision on the file name and we all know that a) file names can be whatever they like and b) a file could be infected/injected. So the only way to confirm or deny the validity of the detection is by a physical scan of the suspect file at somewhere like virustotal and I haven’t sen anyone suggest that yet.

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here. I feel virustotal is the better option as it uses the windows version of avast (more packers supported) and there are currently over 30 different scanners.

If it is confirmed as an FP them the sample needs to be sent for analysis this is the only effective way to correct rather than simply exclude as was done for the previous detection reported in another post.

Send the sample to virus@avast.com zipped and password protected with the password in email body, a link to this topic might help and false positive in the subject.

Or you can also add the file to the User Files (File, Add) section of the avast chest where it can do no harm and send it from there (select the file, right click, email to Alwil Software). No need to zip and PW protect when the sample is sent from chest. A copy of the file/s will remain in the original location, so any further action you take can remove that.

Thanks, DavidR! :slight_smile:

You’re welcome.

:-X
Hi all; Although I am brand new to this forum I venture to chime in. The following is an edited quote from Wilderssecurity forum.
QUOTE (edited for brevity):

The program is not only not needed, it is probably unwanted. …
. . . gleaned from AnswersThatWork :
Bjcfd BJCFD.exe
BroadJump Foundation Client from BroadJump.com, now Motive. After reading the description of this product on the BroadJump website, it is clear that some of the functions of this software are what we call adware (software which collects information on your Internet activity and sends it to your ISP so that your ISP can serve you advertisements related to the type of sites you visit). This program typically gets installed when you install software from the Comcast ISP [edit: Almost any DSL or broadband provider!] . . .
Recommendation :
We are against this type of spyware/adware software… Additionally CFD creates conflicts on Windows XP which result in users experiencing problems or lack of Internet access when logging off and logging back on as a different user. Again on XP, CFD has been seen to slowly but surely gobble up resources and memory, ending up running at 95% of CPU resources and an impossibly slow PC. … de-install “Broadjump Client Foundation” through “Add/Remove Programs” in the Control Panel, and/or disable BJCFD, or its newer incarnation, CFD, … users who have done so have reported no ill-effects whatsoever. You can also run Ad-Aware or Spybot Search & Destroy who will both rid your PC of the Broadjump software.
ALL users who HAD this, then removed it, report NO connection problems.
Bottom line, it is NOT required, and MUST be removed !
END QUOTE

I am cleaning all sorts of malware from home computers as a full-time job. None of my customers has this program anymore and NO ill effect reported.
Experience teaches: Remove.

Thanks for the feedback, unfortunately as you say there are a number of ISP that have this supposed assistance in getting you connected only for their benefit (cash from ad revenue). There are some however that really do tie you up and if removed can stop you getting connected.

That is why I would first suggest the safer option of either fixing the entry in HJT, which allows for a restoration of the fix if you experience problems. Or disabling/unchecking from msconfig, startup tab, as that too can be reversed if you experience problems.

These I would suggest rather than use add remove programs only to find you have a problem which could be an issue if you have lost your internet connection. Whilst this may not be an issue with this particular cdf.exe issue, it is safer for the user to have a period of time with the startup command for cdf.exe disabled to ensure there are no problems before taking the ultimate step for uninstalling it with add remove programs.