PC Review


Reply
Thread Tools Rating: Thread Rating: 5 votes, 3.40 average.

Threat Fire

 
 
=?Utf-8?B?Um9uIEg=?=
Guest
Posts: n/a
 
      16th Nov 2007
Dave i found a whole page on those files on google i've spelled them wrong:
Type Tffsmon in google. These are the files i deleted and would you give me
your best understanding of what you read here. I'm trying to figure out
if they are Treat Fire and why did i lose my keyboard drivers by deleting
them.


 
Reply With Quote
 
 
 
 
=?Utf-8?B?Um9uIEg=?=
Guest
Posts: n/a
 
      16th Nov 2007
Here's the files that i deleted that screwed up my computer:
Tffsmon - Path found: C:\ WINDOWS\ system32\ drivers\ tffsmon.sys
Version: 3.7.8.16
Company: PC Tools
Productname: ThreatFire
Description: ThreatFire Filesystem Monitor

http://www.runscanner.net/getmd5.asp...ss=tffsmon.sys

Tfsysmon -Path found: C:\ WINDOWS\ system32\ drivers\ tfsysmon.sys
Version: 3.7.8.16
Company: PC Tools
Productname: ThreatFire
Description: ThreatFire System Monitor

http://www.runscanner.net/getmd5.asp...s=tfsysmon.sys

Tfnetmon -Path found: c:\ windows\ system32\ drivers\ tfnetmon.sys
Version: 3.7.8.16
Company: PC Tools
Productname: ThreatFire
Description: ThreatFire Network Monitor

http://www.runscanner.net/getmd5.asp...s=tfnetmon.sys

Tfkbmon - Path found: C:\ WINDOWS\ system32\ drivers\ tfkbmon.sys
Version: 3.7.8.16
Company: PC Tools
Productname: ThreatFire
Description: ThreatFire Keyboard Monitor

http://www.runscanner.net/getMD5.asp...ss=tfkbmon.sys

So by removing the - Tfkbmon file from Threat Fire it appears you will
lose the use of your keyboard.





"Ron H" wrote:

> Dave i found a whole page on those files on google i've spelled them wrong:
> Type Tffsmon in google. These are the files i deleted and would you give me
> your best understanding of what you read here. I'm trying to figure out
> if they are Treat Fire and why did i lose my keyboard drivers by deleting
> them.
>
>

 
Reply With Quote
 
 
 
 
Robinb
Guest
Posts: n/a
 
      17th Nov 2007
i will check those files tomorrow since i typed them the first way you put
it
interesting if you delete those files you loose use of your keyboard
real nice problem that threatfire is
I am glad i removed it but i will not take that out of system32 if i have
them because nothing is is wrong so it can sit there and hang out

I will let you know either tomorrow or Sunday if i have that file
robin
"Ron H" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Here's the files that i deleted that screwed up my computer:
> Tffsmon - Path found: C:\ WINDOWS\ system32\ drivers\ tffsmon.sys
> Version: 3.7.8.16
> Company: PC Tools
> Productname: ThreatFire
> Description: ThreatFire Filesystem Monitor
>
> http://www.runscanner.net/getmd5.asp...ss=tffsmon.sys
>
> Tfsysmon -Path found: C:\ WINDOWS\ system32\ drivers\ tfsysmon.sys
> Version: 3.7.8.16
> Company: PC Tools
> Productname: ThreatFire
> Description: ThreatFire System Monitor
>
> http://www.runscanner.net/getmd5.asp...s=tfsysmon.sys
>
> Tfnetmon -Path found: c:\ windows\ system32\ drivers\ tfnetmon.sys
> Version: 3.7.8.16
> Company: PC Tools
> Productname: ThreatFire
> Description: ThreatFire Network Monitor
>
> http://www.runscanner.net/getmd5.asp...s=tfnetmon.sys
>
> Tfkbmon - Path found: C:\ WINDOWS\ system32\ drivers\ tfkbmon.sys
> Version: 3.7.8.16
> Company: PC Tools
> Productname: ThreatFire
> Description: ThreatFire Keyboard Monitor
>
> http://www.runscanner.net/getMD5.asp...ss=tfkbmon.sys
>
> So by removing the - Tfkbmon file from Threat Fire it appears you will
> lose the use of your keyboard.
>
>
>
>
>
> "Ron H" wrote:
>
>> Dave i found a whole page on those files on google i've spelled them
>> wrong:
>> Type Tffsmon in google. These are the files i deleted and would you give
>> me
>> your best understanding of what you read here. I'm trying to figure out
>> if they are Treat Fire and why did i lose my keyboard drivers by
>> deleting
>> them.
>>
>>



 
Reply With Quote
 
robinb
Guest
Posts: n/a
 
      17th Nov 2007
ok i checked and I do not have those files
robin
"Robinb" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
>i will check those files tomorrow since i typed them the first way you put
>it
> interesting if you delete those files you loose use of your keyboard
> real nice problem that threatfire is
> I am glad i removed it but i will not take that out of system32 if i have
> them because nothing is is wrong so it can sit there and hang out
>
> I will let you know either tomorrow or Sunday if i have that file
> robin
> "Ron H" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> Here's the files that i deleted that screwed up my computer:
>> Tffsmon - Path found: C:\ WINDOWS\ system32\ drivers\ tffsmon.sys
>> Version: 3.7.8.16
>> Company: PC Tools
>> Productname: ThreatFire
>> Description: ThreatFire Filesystem Monitor
>>
>> http://www.runscanner.net/getmd5.asp...ss=tffsmon.sys
>>
>> Tfsysmon -Path found: C:\ WINDOWS\ system32\ drivers\ tfsysmon.sys
>> Version: 3.7.8.16
>> Company: PC Tools
>> Productname: ThreatFire
>> Description: ThreatFire System Monitor
>>
>> http://www.runscanner.net/getmd5.asp...s=tfsysmon.sys
>>
>> Tfnetmon -Path found: c:\ windows\ system32\ drivers\ tfnetmon.sys
>> Version: 3.7.8.16
>> Company: PC Tools
>> Productname: ThreatFire
>> Description: ThreatFire Network Monitor
>>
>> http://www.runscanner.net/getmd5.asp...s=tfnetmon.sys
>>
>> Tfkbmon - Path found: C:\ WINDOWS\ system32\ drivers\ tfkbmon.sys
>> Version: 3.7.8.16
>> Company: PC Tools
>> Productname: ThreatFire
>> Description: ThreatFire Keyboard Monitor
>>
>> http://www.runscanner.net/getMD5.asp...ss=tfkbmon.sys
>>
>> So by removing the - Tfkbmon file from Threat Fire it appears you will
>> lose the use of your keyboard.
>>
>>
>>
>>
>>
>> "Ron H" wrote:
>>
>>> Dave i found a whole page on those files on google i've spelled them
>>> wrong:
>>> Type Tffsmon in google. These are the files i deleted and would you
>>> give me
>>> your best understanding of what you read here. I'm trying to figure out
>>> if they are Treat Fire and why did i lose my keyboard drivers by
>>> deleting
>>> them.
>>>
>>>

>
>



 
Reply With Quote
 
=?Utf-8?B?Um9uIEg=?=
Guest
Posts: n/a
 
      17th Nov 2007
Robinb, Thanks for looking - but very strange that i deleted this :
Tfkbmon - Path found: C:\ WINDOWS\ system32\ drivers\ tfkbmon.sys
and the three other files AFTER i removed TF using Add/Remove.


"Ron H" wrote:

> Here's the files that i deleted that screwed up my computer:
> Tffsmon - Path found: C:\ WINDOWS\ system32\ drivers\ tffsmon.sys
> Version: 3.7.8.16
> Company: PC Tools
> Productname: ThreatFire
> Description: ThreatFire Filesystem Monitor
>
> http://www.runscanner.net/getmd5.asp...ss=tffsmon.sys
>
> Tfsysmon -Path found: C:\ WINDOWS\ system32\ drivers\ tfsysmon.sys
> Version: 3.7.8.16
> Company: PC Tools
> Productname: ThreatFire
> Description: ThreatFire System Monitor
>
> http://www.runscanner.net/getmd5.asp...s=tfsysmon.sys
>
> Tfnetmon -Path found: c:\ windows\ system32\ drivers\ tfnetmon.sys
> Version: 3.7.8.16
> Company: PC Tools
> Productname: ThreatFire
> Description: ThreatFire Network Monitor
>
> http://www.runscanner.net/getmd5.asp...s=tfnetmon.sys
>
> Tfkbmon - Path found: C:\ WINDOWS\ system32\ drivers\ tfkbmon.sys
> Version: 3.7.8.16
> Company: PC Tools
> Productname: ThreatFire
> Description: ThreatFire Keyboard Monitor
>
> http://www.runscanner.net/getMD5.asp...ss=tfkbmon.sys
>
> So by removing the - Tfkbmon file from Threat Fire it appears you will
> lose the use of your keyboard.
>
>
>
>
>
> "Ron H" wrote:
>
> > Dave i found a whole page on those files on google i've spelled them wrong:
> > Type Tffsmon in google. These are the files i deleted and would you give me
> > your best understanding of what you read here. I'm trying to figure out
> > if they are Treat Fire and why did i lose my keyboard drivers by deleting
> > them.
> >
> >

 
Reply With Quote
 
Dave M
Guest
Posts: n/a
 
      17th Nov 2007
Hi Ron H;

I found this article on the PCTools support site that might help. Remember
that ThreatFire was previously known by the name Cyberhawk, until PCTools
bought it. After you supplied the correct driver filenames, they all do
exist on my system, although with higher version levels than you show.

http://www.pctools.com/forum/showthr...f97601&t=47955

This case involved him doing an uninstall, a keyboard lockup like yours,
and then the need to do a registry recovery for those driver keys. I don't
believe he deleted the actual sys files however, and perhaps the problem
stemmed from doing the removal while cyberhawk was still running (??) If I
can give you any further help be sure to ask, perhaps it would be good to
use the PCTools forum for support as well.

I suppose I'd try to recover by reinstalling, then suspending ThreatFire,
and finally trying the un-install at that point... there is an unins000.exe
included with the package, but all the users guide says is to do the
standard add /remove:
Uninstalling ThreatFire
To uninstall ThreatFire:



1
Click the Start menu and highlight and click Control Panel.



2
Select Add or Remove Programs.



3
Under Currently Installed Programs, select ThreatFire.



4
Highlight it and click Remove. Windows removes ThreatFire.


--

Regards, Dave


Ron H wrote:
> Here's the files that i deleted that screwed up my computer:
> Tffsmon - Path found: C:\ WINDOWS\ system32\ drivers\ tffsmon.sys
> Version: 3.7.8.16
> Company: PC Tools
> Productname: ThreatFire
> Description: ThreatFire Filesystem Monitor
>
> http://www.runscanner.net/getmd5.asp...ss=tffsmon.sys
>
> Tfsysmon -Path found: C:\ WINDOWS\ system32\ drivers\ tfsysmon.sys
> Version: 3.7.8.16
> Company: PC Tools
> Productname: ThreatFire
> Description: ThreatFire System Monitor
>
> http://www.runscanner.net/getmd5.asp...s=tfsysmon.sys
>
> Tfnetmon -Path found: c:\ windows\ system32\ drivers\ tfnetmon.sys
> Version: 3.7.8.16
> Company: PC Tools
> Productname: ThreatFire
> Description: ThreatFire Network Monitor
>
> http://www.runscanner.net/getmd5.asp...s=tfnetmon.sys
>
> Tfkbmon - Path found: C:\ WINDOWS\ system32\ drivers\ tfkbmon.sys
> Version: 3.7.8.16
> Company: PC Tools
> Productname: ThreatFire
> Description: ThreatFire Keyboard Monitor
>
> http://www.runscanner.net/getMD5.asp...ss=tfkbmon.sys
>
> So by removing the - Tfkbmon file from Threat Fire it appears you will
> lose the use of your keyboard.
>
>
>
>
>
> "Ron H" wrote:
>
>> Dave i found a whole page on those files on google i've spelled them
>> wrong:
>> Type Tffsmon in google. These are the files i deleted and would you
>> give me
>> your best understanding of what you read here. I'm trying to figure out
>> if they are Treat Fire and why did i lose my keyboard drivers by
>> deleting
>> them.



 
Reply With Quote
 
Dave M
Guest
Posts: n/a
 
      18th Nov 2007
Ron,

On second thought, rather than suspend ThreatFire prior to uninstalling, if
you do manage to get it
reinstalled, you might try to stop it from starting in msconfig and disable
the
ThreatFire engine in system services then reboot and finally uninstall via
add/remove. Since Robin managed to get a clean uninstall of those drivers,
my
take on that would be that there's something about your system that has
those 4
drivers locked. I still think a post on the PCTools forum would be good
for you
as well as them too.
--

Regards, Dave


Dave M wrote:
> Hi Ron H;
>
> I found this article on the PCTools support site that might help.
> Remember
> that ThreatFire was previously known by the name Cyberhawk, until PCTools
> bought it. After you supplied the correct driver filenames, they all do
> exist on my system, although with higher version levels than you show.
>
> http://www.pctools.com/forum/showthr...f97601&t=47955
>
> This case involved him doing an uninstall, a keyboard lockup like yours,
> and then the need to do a registry recovery for those driver keys. I
> don't
> believe he deleted the actual sys files however, and perhaps the problem
> stemmed from doing the removal while cyberhawk was still running (??) If
> I
> can give you any further help be sure to ask, perhaps it would be good to
> use the PCTools forum for support as well.
>
> I suppose I'd try to recover by reinstalling, then suspending ThreatFire,
> and finally trying the un-install at that point... there is an
> unins000.exe
> included with the package, but all the users guide says is to do the
> standard add /remove:
> Uninstalling ThreatFire
> To uninstall ThreatFire:
>
>
>
> 1
> Click the Start menu and highlight and click Control Panel.
>
>
>
> 2
> Select Add or Remove Programs.
>
>
>
> 3
> Under Currently Installed Programs, select ThreatFire.
>
>
>
> 4
> Highlight it and click Remove. Windows removes ThreatFire.
>
>
>
> Ron H wrote:
>> Here's the files that i deleted that screwed up my computer:
>> Tffsmon - Path found: C:\ WINDOWS\ system32\ drivers\ tffsmon.sys
>> Version: 3.7.8.16
>> Company: PC Tools
>> Productname: ThreatFire
>> Description: ThreatFire Filesystem Monitor
>>
>> http://www.runscanner.net/getmd5.asp...ss=tffsmon.sys
>>
>> Tfsysmon -Path found: C:\ WINDOWS\ system32\ drivers\ tfsysmon.sys
>> Version: 3.7.8.16
>> Company: PC Tools
>> Productname: ThreatFire
>> Description: ThreatFire System Monitor
>>
>> http://www.runscanner.net/getmd5.asp...s=tfsysmon.sys
>>
>> Tfnetmon -Path found: c:\ windows\ system32\ drivers\ tfnetmon.sys
>> Version: 3.7.8.16
>> Company: PC Tools
>> Productname: ThreatFire
>> Description: ThreatFire Network Monitor
>>
>> http://www.runscanner.net/getmd5.asp...s=tfnetmon.sys
>>
>> Tfkbmon - Path found: C:\ WINDOWS\ system32\ drivers\ tfkbmon.sys
>> Version: 3.7.8.16
>> Company: PC Tools
>> Productname: ThreatFire
>> Description: ThreatFire Keyboard Monitor
>>
>> http://www.runscanner.net/getMD5.asp...ss=tfkbmon.sys
>>
>> So by removing the - Tfkbmon file from Threat Fire it appears you will
>> lose the use of your keyboard.
>>
>>
>>
>>
>>
>> "Ron H" wrote:
>>
>>> Dave i found a whole page on those files on google i've spelled them
>>> wrong:
>>> Type Tffsmon in google. These are the files i deleted and would you
>>> give me
>>> your best understanding of what you read here. I'm trying to figure
>>> out
>>> if they are Treat Fire and why did i lose my keyboard drivers by
>>> deleting
>>> them.



 
Reply With Quote
 
=?Utf-8?B?Um9uIEg=?=
Guest
Posts: n/a
 
      18th Nov 2007
Dave, my TF has been removed a month ago and about a week later is
when i deleted those files so re-install is long gone. Dave there is so much
on Google about Kaspersky and other AV products saying that Tfkbmon is
detected on their scans as a keylogger and it's problematic the way that
driver
is written. Now i'm not saying it's a keylogger but i think TF alters the
original
keyboard drivers in a way to aid their program in the protection
of your computer. Now i'm wondering why Robinb is not showing those files
after deletion and i did ? I was hoping that she checked the propper path
because i posted the wrong path in my first post. But anyway removing
this file did me alot of damage and even though i got my drivers back
my computer is still acting very different.

Dave M, I truely value your advise, and i feel very comfortable using your
advise so i hope there is no problem picking your brain -OK.

If you Google things like "problems with Tfkbmon", Tfkbmon, there are pages
of discussions on these drivers and when you see things like : Did you
download ThreatFire? This may be interacting with AVG improperly - on the
Geeks to Go
forum there is more to this. Why don't we find out what TF does to this
driver together and post the results ? Talk to you again tomorrow. Ron


"Dave M" wrote:

> Ron,
>
> On second thought, rather than suspend ThreatFire prior to uninstalling, if
> you do manage to get it
> reinstalled, you might try to stop it from starting in msconfig and disable
> the
> ThreatFire engine in system services then reboot and finally uninstall via
> add/remove. Since Robin managed to get a clean uninstall of those drivers,
> my
> take on that would be that there's something about your system that has
> those 4
> drivers locked. I still think a post on the PCTools forum would be good
> for you
> as well as them too.
> --
>
> Regards, Dave
>
>
> Dave M wrote:
> > Hi Ron H;
> >
> > I found this article on the PCTools support site that might help.
> > Remember
> > that ThreatFire was previously known by the name Cyberhawk, until PCTools
> > bought it. After you supplied the correct driver filenames, they all do
> > exist on my system, although with higher version levels than you show.
> >
> > http://www.pctools.com/forum/showthr...f97601&t=47955
> >
> > This case involved him doing an uninstall, a keyboard lockup like yours,
> > and then the need to do a registry recovery for those driver keys. I
> > don't
> > believe he deleted the actual sys files however, and perhaps the problem
> > stemmed from doing the removal while cyberhawk was still running (??) If
> > I
> > can give you any further help be sure to ask, perhaps it would be good to
> > use the PCTools forum for support as well.
> >
> > I suppose I'd try to recover by reinstalling, then suspending ThreatFire,
> > and finally trying the un-install at that point... there is an
> > unins000.exe
> > included with the package, but all the users guide says is to do the
> > standard add /remove:
> > Uninstalling ThreatFire
> > To uninstall ThreatFire:
> >
> >
> >
> > 1
> > Click the Start menu and highlight and click Control Panel.
> >
> >
> >
> > 2
> > Select Add or Remove Programs.
> >
> >
> >
> > 3
> > Under Currently Installed Programs, select ThreatFire.
> >
> >
> >
> > 4
> > Highlight it and click Remove. Windows removes ThreatFire.
> >
> >
> >
> > Ron H wrote:
> >> Here's the files that i deleted that screwed up my computer:
> >> Tffsmon - Path found: C:\ WINDOWS\ system32\ drivers\ tffsmon.sys
> >> Version: 3.7.8.16
> >> Company: PC Tools
> >> Productname: ThreatFire
> >> Description: ThreatFire Filesystem Monitor
> >>
> >> http://www.runscanner.net/getmd5.asp...ss=tffsmon.sys
> >>
> >> Tfsysmon -Path found: C:\ WINDOWS\ system32\ drivers\ tfsysmon.sys
> >> Version: 3.7.8.16
> >> Company: PC Tools
> >> Productname: ThreatFire
> >> Description: ThreatFire System Monitor
> >>
> >> http://www.runscanner.net/getmd5.asp...s=tfsysmon.sys
> >>
> >> Tfnetmon -Path found: c:\ windows\ system32\ drivers\ tfnetmon.sys
> >> Version: 3.7.8.16
> >> Company: PC Tools
> >> Productname: ThreatFire
> >> Description: ThreatFire Network Monitor
> >>
> >> http://www.runscanner.net/getmd5.asp...s=tfnetmon.sys
> >>
> >> Tfkbmon - Path found: C:\ WINDOWS\ system32\ drivers\ tfkbmon.sys
> >> Version: 3.7.8.16
> >> Company: PC Tools
> >> Productname: ThreatFire
> >> Description: ThreatFire Keyboard Monitor
> >>
> >> http://www.runscanner.net/getMD5.asp...ss=tfkbmon.sys
> >>
> >> So by removing the - Tfkbmon file from Threat Fire it appears you will
> >> lose the use of your keyboard.
> >>
> >>
> >>
> >>
> >>
> >> "Ron H" wrote:
> >>
> >>> Dave i found a whole page on those files on google i've spelled them
> >>> wrong:
> >>> Type Tffsmon in google. These are the files i deleted and would you
> >>> give me
> >>> your best understanding of what you read here. I'm trying to figure
> >>> out
> >>> if they are Treat Fire and why did i lose my keyboard drivers by
> >>> deleting
> >>> them.

>
>
>

 
Reply With Quote
 
Robinb
Guest
Posts: n/a
 
      18th Nov 2007
Ron I did check the second time with the correct name
in fact i did the entire drive just in case i missed something and did not
find those files
I do remember to uninstall this program you had to stopp the realtime
protection first in services and make sure the icon it put in the right side
of the taskbar was existed and make sure the program was not running- i
killed the process first before i uninstalled it.
Maybe that is why i do not have those files once i uninstalled it?
Maybe it actually uninstalled properly doing it this way
robin
"Ron H" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Dave, my TF has been removed a month ago and about a week later is
> when i deleted those files so re-install is long gone. Dave there is so
> much
> on Google about Kaspersky and other AV products saying that Tfkbmon is
> detected on their scans as a keylogger and it's problematic the way that
> driver
> is written. Now i'm not saying it's a keylogger but i think TF alters the
> original
> keyboard drivers in a way to aid their program in the protection
> of your computer. Now i'm wondering why Robinb is not showing those files
> after deletion and i did ? I was hoping that she checked the propper path
> because i posted the wrong path in my first post. But anyway removing
> this file did me alot of damage and even though i got my drivers back
> my computer is still acting very different.
>
> Dave M, I truely value your advise, and i feel very comfortable using your
> advise so i hope there is no problem picking your brain -OK.
>
> If you Google things like "problems with Tfkbmon", Tfkbmon, there are
> pages
> of discussions on these drivers and when you see things like : Did you
> download ThreatFire? This may be interacting with AVG improperly - on the
> Geeks to Go
> forum there is more to this. Why don't we find out what TF does to this
> driver together and post the results ? Talk to you again tomorrow. Ron
>
>
> "Dave M" wrote:
>
>> Ron,
>>
>> On second thought, rather than suspend ThreatFire prior to uninstalling,
>> if
>> you do manage to get it
>> reinstalled, you might try to stop it from starting in msconfig and
>> disable
>> the
>> ThreatFire engine in system services then reboot and finally uninstall
>> via
>> add/remove. Since Robin managed to get a clean uninstall of those
>> drivers,
>> my
>> take on that would be that there's something about your system that has
>> those 4
>> drivers locked. I still think a post on the PCTools forum would be good
>> for you
>> as well as them too.
>> --
>>
>> Regards, Dave
>>
>>
>> Dave M wrote:
>> > Hi Ron H;
>> >
>> > I found this article on the PCTools support site that might help.
>> > Remember
>> > that ThreatFire was previously known by the name Cyberhawk, until
>> > PCTools
>> > bought it. After you supplied the correct driver filenames, they all
>> > do
>> > exist on my system, although with higher version levels than you show.
>> >
>> > http://www.pctools.com/forum/showthr...f97601&t=47955
>> >
>> > This case involved him doing an uninstall, a keyboard lockup like
>> > yours,
>> > and then the need to do a registry recovery for those driver keys. I
>> > don't
>> > believe he deleted the actual sys files however, and perhaps the
>> > problem
>> > stemmed from doing the removal while cyberhawk was still running (??)
>> > If
>> > I
>> > can give you any further help be sure to ask, perhaps it would be good
>> > to
>> > use the PCTools forum for support as well.
>> >
>> > I suppose I'd try to recover by reinstalling, then suspending
>> > ThreatFire,
>> > and finally trying the un-install at that point... there is an
>> > unins000.exe
>> > included with the package, but all the users guide says is to do the
>> > standard add /remove:
>> > Uninstalling ThreatFire
>> > To uninstall ThreatFire:
>> >
>> >
>> >
>> > 1
>> > Click the Start menu and highlight and click Control Panel.
>> >
>> >
>> >
>> > 2
>> > Select Add or Remove Programs.
>> >
>> >
>> >
>> > 3
>> > Under Currently Installed Programs, select ThreatFire.
>> >
>> >
>> >
>> > 4
>> > Highlight it and click Remove. Windows removes ThreatFire.
>> >
>> >
>> >
>> > Ron H wrote:
>> >> Here's the files that i deleted that screwed up my computer:
>> >> Tffsmon - Path found: C:\ WINDOWS\ system32\ drivers\ tffsmon.sys
>> >> Version: 3.7.8.16
>> >> Company: PC Tools
>> >> Productname: ThreatFire
>> >> Description: ThreatFire Filesystem Monitor
>> >>
>> >> http://www.runscanner.net/getmd5.asp...ss=tffsmon.sys
>> >>
>> >> Tfsysmon -Path found: C:\ WINDOWS\ system32\ drivers\ tfsysmon.sys
>> >> Version: 3.7.8.16
>> >> Company: PC Tools
>> >> Productname: ThreatFire
>> >> Description: ThreatFire System Monitor
>> >>
>> >> http://www.runscanner.net/getmd5.asp...s=tfsysmon.sys
>> >>
>> >> Tfnetmon -Path found: c:\ windows\ system32\ drivers\ tfnetmon.sys
>> >> Version: 3.7.8.16
>> >> Company: PC Tools
>> >> Productname: ThreatFire
>> >> Description: ThreatFire Network Monitor
>> >>
>> >> http://www.runscanner.net/getmd5.asp...s=tfnetmon.sys
>> >>
>> >> Tfkbmon - Path found: C:\ WINDOWS\ system32\ drivers\ tfkbmon.sys
>> >> Version: 3.7.8.16
>> >> Company: PC Tools
>> >> Productname: ThreatFire
>> >> Description: ThreatFire Keyboard Monitor
>> >>
>> >> http://www.runscanner.net/getMD5.asp...ss=tfkbmon.sys
>> >>
>> >> So by removing the - Tfkbmon file from Threat Fire it appears you will
>> >> lose the use of your keyboard.
>> >>
>> >>
>> >>
>> >>
>> >>
>> >> "Ron H" wrote:
>> >>
>> >>> Dave i found a whole page on those files on google i've spelled them
>> >>> wrong:
>> >>> Type Tffsmon in google. These are the files i deleted and would you
>> >>> give me
>> >>> your best understanding of what you read here. I'm trying to figure
>> >>> out
>> >>> if they are Treat Fire and why did i lose my keyboard drivers by
>> >>> deleting
>> >>> them.

>>
>>
>>



 
Reply With Quote
 
Dave M
Guest
Posts: n/a
 
      18th Nov 2007
To add to Robin's information;

I ran Kaspersky on-demand full scan on my system, nothing found. Then sent
all 4 of those driver files to Virus Total, and just for added measure I
forwarded Tfkbmon.sys to Jotti, with absolutely nothing reported by any of
the multiscanners. It does look like there was a Kaspersky FP in the past,
but no longer is being reported either in an on-demand scan or via the
multiscanners. Additionally, I run so many of those on-demand scanners
over the course of a month, something certainly should have picked up a
problem had there been one.

But more directly to your point, I think ThreatFire undoubtedly does use
hooks and/or code injectors in their product. What I'm not sure of is,
what the effect of a brute force removal of those modules would have on
anything they touched beforehand, or why they failed to be removed
surgically along with the standard uninstall, though obviously something
unusual has happened to both you and the Cyberhawk poster in that link I
sent. I also did notice that in one of the geeks to go threads (one that
we probably were both looking at), the problem was eventually resolved as a
dying keyboard battery.

--

Regards, Dave


Ron H wrote:
> Dave, my TF has been removed a month ago and about a week later is
> when i deleted those files so re-install is long gone. Dave there is so
> much
> on Google about Kaspersky and other AV products saying that Tfkbmon is
> detected on their scans as a keylogger and it's problematic the way that
> driver
> is written. Now i'm not saying it's a keylogger but i think TF alters the
> original
> keyboard drivers in a way to aid their program in the protection
> of your computer. Now i'm wondering why Robinb is not showing those files
> after deletion and i did ? I was hoping that she checked the propper path
> because i posted the wrong path in my first post. But anyway removing
> this file did me alot of damage and even though i got my drivers back
> my computer is still acting very different.
>
> Dave M, I truely value your advise, and i feel very comfortable using
> your
> advise so i hope there is no problem picking your brain -OK.
>
> If you Google things like "problems with Tfkbmon", Tfkbmon, there are
> pages
> of discussions on these drivers and when you see things like : Did you
> download ThreatFire? This may be interacting with AVG improperly - on the
> Geeks to Go
> forum there is more to this. Why don't we find out what TF does to this
> driver together and post the results ? Talk to you again tomorrow.
> Ron
>
>
> "Dave M" wrote:
>
>> Ron,
>>
>> On second thought, rather than suspend ThreatFire prior to uninstalling,
>> if
>> you do manage to get it
>> reinstalled, you might try to stop it from starting in msconfig and
>> disable
>> the
>> ThreatFire engine in system services then reboot and finally uninstall
>> via
>> add/remove. Since Robin managed to get a clean uninstall of those
>> drivers,
>> my
>> take on that would be that there's something about your system that has
>> those 4
>> drivers locked. I still think a post on the PCTools forum would be good
>> for you
>> as well as them too.
>> --
>>
>> Regards, Dave
>>
>>
>> Dave M wrote:
>>> Hi Ron H;
>>>
>>> I found this article on the PCTools support site that might help.
>>> Remember
>>> that ThreatFire was previously known by the name Cyberhawk, until
>>> PCTools
>>> bought it. After you supplied the correct driver filenames, they all
>>> do
>>> exist on my system, although with higher version levels than you show.
>>>
>>> http://www.pctools.com/forum/showthr...f97601&t=47955
>>>
>>> This case involved him doing an uninstall, a keyboard lockup like
>>> yours,
>>> and then the need to do a registry recovery for those driver keys. I
>>> don't
>>> believe he deleted the actual sys files however, and perhaps the
>>> problem
>>> stemmed from doing the removal while cyberhawk was still running (??)
>>> If
>>> I
>>> can give you any further help be sure to ask, perhaps it would be good
>>> to
>>> use the PCTools forum for support as well.
>>>
>>> I suppose I'd try to recover by reinstalling, then suspending
>>> ThreatFire,
>>> and finally trying the un-install at that point... there is an
>>> unins000.exe
>>> included with the package, but all the users guide says is to do the
>>> standard add /remove:
>>> Uninstalling ThreatFire
>>> To uninstall ThreatFire:
>>>
>>>
>>>
>>> 1
>>> Click the Start menu and highlight and click Control Panel.
>>>
>>>
>>>
>>> 2
>>> Select Add or Remove Programs.
>>>
>>>
>>>
>>> 3
>>> Under Currently Installed Programs, select ThreatFire.
>>>
>>>
>>>
>>> 4
>>> Highlight it and click Remove. Windows removes ThreatFire.
>>>
>>>
>>>
>>> Ron H wrote:
>>>> Here's the files that i deleted that screwed up my computer:
>>>> Tffsmon - Path found: C:\ WINDOWS\ system32\ drivers\ tffsmon.sys
>>>> Version: 3.7.8.16
>>>> Company: PC Tools
>>>> Productname: ThreatFire
>>>> Description: ThreatFire Filesystem Monitor
>>>>
>>>> http://www.runscanner.net/getmd5.asp...ss=tffsmon.sys
>>>>
>>>> Tfsysmon -Path found: C:\ WINDOWS\ system32\ drivers\ tfsysmon.sys
>>>> Version: 3.7.8.16
>>>> Company: PC Tools
>>>> Productname: ThreatFire
>>>> Description: ThreatFire System Monitor
>>>>
>>>> http://www.runscanner.net/getmd5.asp...s=tfsysmon.sys
>>>>
>>>> Tfnetmon -Path found: c:\ windows\ system32\ drivers\ tfnetmon.sys
>>>> Version: 3.7.8.16
>>>> Company: PC Tools
>>>> Productname: ThreatFire
>>>> Description: ThreatFire Network Monitor
>>>>
>>>> http://www.runscanner.net/getmd5.asp...s=tfnetmon.sys
>>>>
>>>> Tfkbmon - Path found: C:\ WINDOWS\ system32\ drivers\ tfkbmon.sys
>>>> Version: 3.7.8.16
>>>> Company: PC Tools
>>>> Productname: ThreatFire
>>>> Description: ThreatFire Keyboard Monitor
>>>>
>>>> http://www.runscanner.net/getMD5.asp...ss=tfkbmon.sys
>>>>
>>>> So by removing the - Tfkbmon file from Threat Fire it appears you will
>>>> lose the use of your keyboard.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> "Ron H" wrote:
>>>>
>>>>> Dave i found a whole page on those files on google i've spelled them
>>>>> wrong:
>>>>> Type Tffsmon in google. These are the files i deleted and would you
>>>>> give me
>>>>> your best understanding of what you read here. I'm trying to figure
>>>>> out
>>>>> if they are Treat Fire and why did i lose my keyboard drivers by
>>>>> deleting
>>>>> them.



 
Reply With Quote
 
 
 
Reply

Thread Tools
Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
events that fire events that fire events....a bad thing? Daniel Microsoft C# .NET 3 1st Feb 2007 02:55 AM
cookie a threat /not a threat? need some answer on this Spyware Discussion 3 16th Aug 2005 12:59 PM
FIRE! FIRE! HELP!!!!!!!!!!!! Waltc Windows XP Security 4 15th Jul 2004 09:58 PM
events do not fire from exe but fire from vb6 ide yetty soft via .NET 247 Microsoft VB .NET 3 29th Apr 2004 03:00 PM


Features
 

Advertising
 

Newsgroups
 


All times are GMT +1. The time now is 03:42 AM.