Trojan cfsbho.dll downloads and displays advertisement on the compromised computer. It also may track and log web browser activities and history and send it back to the author's servers.
Operating System's Processes > Processes beginning with letter c > cfsbho.dll

cfsbho.dll

Trojan.W32.OurXin

Warning! Potential Security Hazard!

System process cfsbho.dll is reported as a virus and a trojan!

Brief description of process cfsbho.dll

Process cfsbho.dll named “Trojan.W32.OurXin” is hazardous DLL library of Trojan.W32.OurXin software. Process cfsbho.dll is reported as a virus and trojan horse. This variant of cfsbho.dll is very harmful and should be removed from operating system as soon as possible.

cfsbho.dll

Additional information about cfsbho.dll

Trojan cfsbho.dll downloads and displays advertisement on the compromised computer. It also may track and log web browser activities and history and send it back to the author's servers.

How to remove cfsbho.dll?

Delete following entries in Windows Registry by using regedit tool:

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"mscfs" = "RUNDLL32 %System%\msibm\cfsys.dll,cfs"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\cfsbho.DLL
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{B46D3E4A-3F54-497D-AFFD-464AAE8098EF}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{16A770A0-0E87-4278-B748-2460D64A8386}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A4280AD-9B37-4922-A51D-73F3C3A32AF7}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A4BC2506-C00C-4D2E-B47F-0BB4C2C74CCF}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CE82AFC1-5E4B-4F19-A3E3-4FFF55F3D279}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{2511DE40-34A3-4C6A-B1B2-C5C92A2F00BE}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B46D3E4A-3F54-497D-AFFD-464AAE8098EF}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\cfsbho.BHelper
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\cfsbho.BHelper.1
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IEHelper.MyIEHelper
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IEHelper.MyIEHelper.1
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
    \CurrentVersion\Explorer\Browser Helper Objects\{16A770A0-0E87-4278-B748-2460D64A8386}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
    \CurrentVersion\Explorer\Browser Helper Objects\{8A4280AD-9B37-4922-A51D-73F3C3A32AF7}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\cfs
  • HKEY_USERS\S-1-5-21-1587740722-702901464-1649019846-500\Software\mscfs

Reported as a virus

Yes, it is a virus!

Reported as a trojan horse

Yes, it is a trojan!

Reported as a spyware

No

Safe to end the process

Yes

Safe to disable the process

Yes

Safe to remove the process

Yes

Developer

Information isn't available

Part of

Trojan.W32.OurXin

Share |
 

Previous process
cfregexp.dll

Next process
cfsserv.exe

 
 
 

Related news

Showing news related to process “cfsbho.dll”

April 15, 2009 11:15:00 AM CEST

Backdoor.Win32.Agent.abgg – This Trojan provides a remote malicious user with access to the victim machine. It is a Windows PE EXE file. It is 22528 bytes in size. Installation Once launched, the Trojan copies its body to the Windows system directory as "digeste.dll": %System%\digeste.dll In order to ensure that the Trojan...

 

March 18, 2009 2:36:00 PM CET

Trojan-Downloader.Win32.Kido.a – This malicious program is a Windows DLL file. Installation The malware copies its executable file with random names to the following directories: %Program Files%\Internet Explorer\.dll %Program Files%\Windows Media Player\.dll %Program Files%\WindowsNT\.dll %Program...

 

August 14, 2010 4:57:58 AM CEST

New Wave of Zbot Trojan – McAfee Labs detected a new wave of the PWS-Zbot (a.k.a Zeus) spam campaign this week. Some common phrases used in the email subject headers: Subject: Sales Dept Subject: Another candidate brought to you Subject: Summary of payments These emails carried PWS-Zbot Trojan variants that are a part of the 2.x version of the Zeus botnet, and currently try to access [...]

 

March 18, 2009 2:36:00 PM CET

Trojan-Dropper.Win32.Kido.a – This malicious program is a Windows DLL file. Installation The malware copies its executable file with random names to the following directories: %Program Files%\Internet Explorer\

 

March 18, 2009 2:36:00 PM CET

Trojan-Downloader.Win32.Kido.a – This malicious program is a Windows DLL file. Installation The malware copies its executable file with random names to the following directories: %Program Files%\Internet Explorer\

 

May 8, 2010 3:08:14 AM CEST

Trojan:W32/Pakes – Trojan:W32/Packes is a detection name temporarily assigned to certain packed/compressed malicious programs that our unpacking engine cannot yet handle. When the unpacker code is created for that particular sample or file compressor, the malware will be renamed.

 

March 26, 2010 3:08:07 AM CET

Trojan-Dropper:W32/Peed.gen!A – A trojan that contains one or more malicious programs, which it will secretly install and execute.

 

August 25, 2010 3:08:09 AM CEST

Trojan-Dropper:W32/Agent.DKIT – A trojan that contains one or more malicious programs, which it will secretly install and execute.

 

November 5, 2009 8:59:52 PM CET

Trojan:W32/Trojan – A trojan, or trojan horse, is a seemingly legitimate program which secretly performs other, usually malicious, functions. It is usually user-initiated and does not replicate.

 

November 5, 2009 8:59:52 PM CET

Trojan:W32/Swisyn.CAV – A trojan, or trojan horse, is a seemingly legitimate program which secretly performs other, usually malicious, functions. It is usually user-initiated and does not replicate.

 

» The Latest Computer Security News

 
 

Navigate through library of processes alphabeticaly by first letter:

abcdefghijklmnopqrstuvwxyzother