Uh-oh Malware was Found

I made a post before saying I thought I was infected because my computer was slowing down…

So I started up my computer and avast! says It could not update so I opening Avast! 4.8 and I got a pop up saying Malware was found. I forgot to write it down so I just looked at it in the vault for the info.

Virus: Win32 Rootkit-gen [Rtk]
Name: cfd.exe
Original Location: c:\program files\broadjump\client foundation

It said I didn’t have admin rights to access the file so I just ran avast! 4.8 as admin.

It said it was in the memory so it had to restart my computer.

It’s in the vault right now and my computers faster ^^

Does anyone know what I should do now?

Does it contain keylogger I did online bannking a few days back? :o

Is it a false positive because it said the file was changed before I got my computer!!! :-\

Any info about what it does would be greatly appreciated

Hi alexthegreat,

Consider this info to verify:
http://www.file.net/process/cfd.exe.html
You could also upload the file in question to virustotal to see what results you get from there.
Check the file in question here:
http://online.drweb.com/

polonus

where are chest files located?

\Data\Chest\ folder. They’re encrypted for security reasons.

Scanned every file in the chest… with Dr.Web all files are clean.

Files will always be clean as they’re encrypted and Dr. Web can’t decrypt them and scan.
Into Chest, right clicking the file, you can only scan them with avast itself.

I moved the file to another location and scanned it with dr.web it said it was infected with adware.cfd

VBA32 called it adware.cfd
Bitdefender calls it adware.CFD
Mcafee called it potentially unwanted program Adware-BJCFD
Fortinet calls it Adware/BJCFD
Ikarus calls it adware.Cfd
21.88% of scanners on virus total call it malware.

It’s not enough… it’s encrypted. The results could be inacurate.
Or, on contrary, you’re saying you’ve ‘extracted’ the file from Chest and then scan it?

I extracted it to my desktop… then scanned it.

Should I worry, because I online banked recently?

Is it a keylogger?

Seems an adware and not a keylogger.
But if avast detected it and you’ve sent it to Chest, why are you worried about being clean?

I just was scared because I did online banking before it detected it… the new update let’s that piece of adware be detected.

To be sure you’re clean, I suggest:

  1. Disable System Restore and reenable it after step 3.
  2. Clean your temporary files.
  3. Schedule a boot time scanning with avast with archive scanning turned on.
  4. Use SUPERantispyware and/or Spyware Terminator to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.
  5. Test your machine with anti-rootkit applications. I suggest avast! antirootkit or Trend Micro RootkitBuster.
  6. Make a HijackThis log to post here or, better, submit the RunScanner log to to on-line analysis.
  7. Immunize your system with SpywareBlaster or Windows Advanced Care.
  8. Check if you have insecure applications with Secunia Software Inspector.

I know it’s clean I was just worried that it might of been in my computer for a while and it was a keylogger, I know it’s clean.

So, let’s be happy :wink:
Anyway, the steps above are for your security and not only for cleaning.

Thx for the help :slight_smile:

You’re welcome. Feel free to come back any time you need help or just to change experiences 8)

Hi alexthegreat and Tech,

CFD.exe is a part of Motive usually installed by your ISP, see:
http://www.neuber.com/taskmanager/process/cfd.exe.html
You can remove anything to do with Motive or Broadjump Client Foundation for that matter, while it is not needed, I think with this you have all the information you need to have,

polonus