cfsbho.dll
Trojan.W32.OurXin
Warning! Potential Security Hazard!
System process cfsbho.dll is reported as a virus and a trojan!
Brief description of process cfsbho.dll
cfsbho.dll
Additional information about cfsbho.dll
How to remove cfsbho.dll?
Delete following entries in Windows Registry by using regedit tool:
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"mscfs" = "RUNDLL32 %System%\msibm\cfsys.dll,cfs"
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\cfsbho.DLL
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{B46D3E4A-3F54-497D-AFFD-464AAE8098EF}
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{16A770A0-0E87-4278-B748-2460D64A8386}
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A4280AD-9B37-4922-A51D-73F3C3A32AF7}
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A4BC2506-C00C-4D2E-B47F-0BB4C2C74CCF}
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CE82AFC1-5E4B-4F19-A3E3-4FFF55F3D279}
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{2511DE40-34A3-4C6A-B1B2-C5C92A2F00BE}
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B46D3E4A-3F54-497D-AFFD-464AAE8098EF}
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\cfsbho.BHelper
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\cfsbho.BHelper.1
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IEHelper.MyIEHelper
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IEHelper.MyIEHelper.1
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
\CurrentVersion\Explorer\Browser Helper Objects\{16A770A0-0E87-4278-B748-2460D64A8386} - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
\CurrentVersion\Explorer\Browser Helper Objects\{8A4280AD-9B37-4922-A51D-73F3C3A32AF7} - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\cfs
- HKEY_USERS\S-1-5-21-1587740722-702901464-1649019846-500\Software\mscfs
External links
Reported as a virus
Yes, it is a virus!
Reported as a trojan horse
Yes, it is a trojan!
Reported as a spyware
No
Safe to end the process
Yes
Safe to disable the process
Yes
Safe to remove the process
Yes
Developer
Part of
Trojan.W32.OurXin
Related news
Showing news related to process “cfsbho.dll”
April 15, 2009 11:15:00 AM CEST
Backdoor.Win32.Agent.abgg – This Trojan provides a remote malicious user with access to the victim machine. It is a Windows PE EXE file. It is 22528 bytes in size. Installation Once launched, the Trojan copies its body to the Windows system directory as "digeste.dll": %System%\digeste.dll In order to ensure that the Trojan...
March 18, 2009 2:36:00 PM CET
Trojan-Downloader.Win32.Kido.a – This malicious program is a Windows DLL file. Installation The malware copies its executable file with random names to the following directories: %Program Files%\Internet Explorer\.dll %Program Files%\Windows Media Player\.dll %Program Files%\WindowsNT\.dll %Program...
August 14, 2010 4:57:58 AM CEST
New Wave of Zbot Trojan – McAfee Labs detected a new wave of the PWS-Zbot (a.k.a Zeus) spam campaign this week. Some common phrases used in the email subject headers: Subject: Sales Dept Subject: Another candidate brought to you Subject: Summary of payments These emails carried PWS-Zbot Trojan variants that are a part of the 2.x version of the Zeus botnet, and currently try to access [...]
March 18, 2009 2:36:00 PM CET
Trojan-Dropper.Win32.Kido.a – This malicious program is a Windows DLL file. Installation The malware copies its executable file with random names to the following directories: %Program Files%\Internet Explorer\
March 18, 2009 2:36:00 PM CET
Trojan-Downloader.Win32.Kido.a – This malicious program is a Windows DLL file. Installation The malware copies its executable file with random names to the following directories: %Program Files%\Internet Explorer\
May 8, 2010 3:08:14 AM CEST
Trojan:W32/Pakes – Trojan:W32/Packes is a detection name temporarily assigned to certain packed/compressed malicious programs that our unpacking engine cannot yet handle. When the unpacker code is created for that particular sample or file compressor, the malware will be renamed.
March 26, 2010 3:08:07 AM CET
Trojan-Dropper:W32/Peed.gen!A – A trojan that contains one or more malicious programs, which it will secretly install and execute.
August 25, 2010 3:08:09 AM CEST
Trojan-Dropper:W32/Agent.DKIT – A trojan that contains one or more malicious programs, which it will secretly install and execute.
November 5, 2009 8:59:52 PM CET
Trojan:W32/Trojan – A trojan, or trojan horse, is a seemingly legitimate program which secretly performs other, usually malicious, functions. It is usually user-initiated and does not replicate.
November 5, 2009 8:59:52 PM CET
Trojan:W32/Swisyn.CAV – A trojan, or trojan horse, is a seemingly legitimate program which secretly performs other, usually malicious, functions. It is usually user-initiated and does not replicate.

