Threat Fire

Discussion in 'Spyware Discussion' started by Guest, Nov 16, 2007.

  1. Guest

    Guest Guest

    Dave i found a whole page on those files on google i've spelled them wrong:
    Type Tffsmon in google. These are the files i deleted and would you give me
    your best understanding of what you read here. I'm trying to figure out
    if they are Treat Fire and why did i lose my keyboard drivers by deleting
    them.
     
    Guest, Nov 16, 2007
    #1
    1. Advertisements

  2. Guest

    Guest Guest

    Here's the files that i deleted that screwed up my computer:
    Tffsmon - Path found: C:\ WINDOWS\ system32\ drivers\ tffsmon.sys
    Version: 3.7.8.16
    Company: PC Tools
    Productname: ThreatFire
    Description: ThreatFire Filesystem Monitor

    http://www.runscanner.net/getmd5.aspx?MD5=7D4BC17587C312074C063A751DF55703&process=tffsmon.sys

    Tfsysmon -Path found: C:\ WINDOWS\ system32\ drivers\ tfsysmon.sys
    Version: 3.7.8.16
    Company: PC Tools
    Productname: ThreatFire
    Description: ThreatFire System Monitor

    http://www.runscanner.net/getmd5.aspx?MD5=257AE07B70DA994AB1CDA8803B75EEDC&process=tfsysmon.sys

    Tfnetmon -Path found: c:\ windows\ system32\ drivers\ tfnetmon.sys
    Version: 3.7.8.16
    Company: PC Tools
    Productname: ThreatFire
    Description: ThreatFire Network Monitor

    http://www.runscanner.net/getmd5.aspx?MD5=996F07836D747AC769CC7C1F91BEA388&process=tfnetmon.sys

    Tfkbmon - Path found: C:\ WINDOWS\ system32\ drivers\ tfkbmon.sys
    Version: 3.7.8.16
    Company: PC Tools
    Productname: ThreatFire
    Description: ThreatFire Keyboard Monitor

    http://www.runscanner.net/getMD5.aspx?MD5=008E9D14A224C93F13A3DF3AC0CB433C&process=tfkbmon.sys

    So by removing the - Tfkbmon file from Threat Fire it appears you will
    lose the use of your keyboard.





    "Ron H" wrote:

    > Dave i found a whole page on those files on google i've spelled them wrong:
    > Type Tffsmon in google. These are the files i deleted and would you give me
    > your best understanding of what you read here. I'm trying to figure out
    > if they are Treat Fire and why did i lose my keyboard drivers by deleting
    > them.
    >
    >
     
    Guest, Nov 16, 2007
    #2
    1. Advertisements

  3. Guest

    Robinb Guest

    i will check those files tomorrow since i typed them the first way you put
    it
    interesting if you delete those files you loose use of your keyboard
    real nice problem that threatfire is
    I am glad i removed it but i will not take that out of system32 if i have
    them because nothing is is wrong so it can sit there and hang out

    I will let you know either tomorrow or Sunday if i have that file
    robin
    "Ron H" <> wrote in message
    news:...
    > Here's the files that i deleted that screwed up my computer:
    > Tffsmon - Path found: C:\ WINDOWS\ system32\ drivers\ tffsmon.sys
    > Version: 3.7.8.16
    > Company: PC Tools
    > Productname: ThreatFire
    > Description: ThreatFire Filesystem Monitor
    >
    > http://www.runscanner.net/getmd5.aspx?MD5=7D4BC17587C312074C063A751DF55703&process=tffsmon.sys
    >
    > Tfsysmon -Path found: C:\ WINDOWS\ system32\ drivers\ tfsysmon.sys
    > Version: 3.7.8.16
    > Company: PC Tools
    > Productname: ThreatFire
    > Description: ThreatFire System Monitor
    >
    > http://www.runscanner.net/getmd5.aspx?MD5=257AE07B70DA994AB1CDA8803B75EEDC&process=tfsysmon.sys
    >
    > Tfnetmon -Path found: c:\ windows\ system32\ drivers\ tfnetmon.sys
    > Version: 3.7.8.16
    > Company: PC Tools
    > Productname: ThreatFire
    > Description: ThreatFire Network Monitor
    >
    > http://www.runscanner.net/getmd5.aspx?MD5=996F07836D747AC769CC7C1F91BEA388&process=tfnetmon.sys
    >
    > Tfkbmon - Path found: C:\ WINDOWS\ system32\ drivers\ tfkbmon.sys
    > Version: 3.7.8.16
    > Company: PC Tools
    > Productname: ThreatFire
    > Description: ThreatFire Keyboard Monitor
    >
    > http://www.runscanner.net/getMD5.aspx?MD5=008E9D14A224C93F13A3DF3AC0CB433C&process=tfkbmon.sys
    >
    > So by removing the - Tfkbmon file from Threat Fire it appears you will
    > lose the use of your keyboard.
    >
    >
    >
    >
    >
    > "Ron H" wrote:
    >
    >> Dave i found a whole page on those files on google i've spelled them
    >> wrong:
    >> Type Tffsmon in google. These are the files i deleted and would you give
    >> me
    >> your best understanding of what you read here. I'm trying to figure out
    >> if they are Treat Fire and why did i lose my keyboard drivers by
    >> deleting
    >> them.
    >>
    >>
     
    Robinb, Nov 17, 2007
    #3
  4. Guest

    robinb Guest

    ok i checked and I do not have those files
    robin
    "Robinb" <> wrote in message
    news:...
    >i will check those files tomorrow since i typed them the first way you put
    >it
    > interesting if you delete those files you loose use of your keyboard
    > real nice problem that threatfire is
    > I am glad i removed it but i will not take that out of system32 if i have
    > them because nothing is is wrong so it can sit there and hang out
    >
    > I will let you know either tomorrow or Sunday if i have that file
    > robin
    > "Ron H" <> wrote in message
    > news:...
    >> Here's the files that i deleted that screwed up my computer:
    >> Tffsmon - Path found: C:\ WINDOWS\ system32\ drivers\ tffsmon.sys
    >> Version: 3.7.8.16
    >> Company: PC Tools
    >> Productname: ThreatFire
    >> Description: ThreatFire Filesystem Monitor
    >>
    >> http://www.runscanner.net/getmd5.aspx?MD5=7D4BC17587C312074C063A751DF55703&process=tffsmon.sys
    >>
    >> Tfsysmon -Path found: C:\ WINDOWS\ system32\ drivers\ tfsysmon.sys
    >> Version: 3.7.8.16
    >> Company: PC Tools
    >> Productname: ThreatFire
    >> Description: ThreatFire System Monitor
    >>
    >> http://www.runscanner.net/getmd5.aspx?MD5=257AE07B70DA994AB1CDA8803B75EEDC&process=tfsysmon.sys
    >>
    >> Tfnetmon -Path found: c:\ windows\ system32\ drivers\ tfnetmon.sys
    >> Version: 3.7.8.16
    >> Company: PC Tools
    >> Productname: ThreatFire
    >> Description: ThreatFire Network Monitor
    >>
    >> http://www.runscanner.net/getmd5.aspx?MD5=996F07836D747AC769CC7C1F91BEA388&process=tfnetmon.sys
    >>
    >> Tfkbmon - Path found: C:\ WINDOWS\ system32\ drivers\ tfkbmon.sys
    >> Version: 3.7.8.16
    >> Company: PC Tools
    >> Productname: ThreatFire
    >> Description: ThreatFire Keyboard Monitor
    >>
    >> http://www.runscanner.net/getMD5.aspx?MD5=008E9D14A224C93F13A3DF3AC0CB433C&process=tfkbmon.sys
    >>
    >> So by removing the - Tfkbmon file from Threat Fire it appears you will
    >> lose the use of your keyboard.
    >>
    >>
    >>
    >>
    >>
    >> "Ron H" wrote:
    >>
    >>> Dave i found a whole page on those files on google i've spelled them
    >>> wrong:
    >>> Type Tffsmon in google. These are the files i deleted and would you
    >>> give me
    >>> your best understanding of what you read here. I'm trying to figure out
    >>> if they are Treat Fire and why did i lose my keyboard drivers by
    >>> deleting
    >>> them.
    >>>
    >>>

    >
    >
     
    robinb, Nov 17, 2007
    #4
  5. Guest

    Guest Guest

    Robinb, Thanks for looking - but very strange that i deleted this :
    Tfkbmon - Path found: C:\ WINDOWS\ system32\ drivers\ tfkbmon.sys
    and the three other files AFTER i removed TF using Add/Remove.


    "Ron H" wrote:

    > Here's the files that i deleted that screwed up my computer:
    > Tffsmon - Path found: C:\ WINDOWS\ system32\ drivers\ tffsmon.sys
    > Version: 3.7.8.16
    > Company: PC Tools
    > Productname: ThreatFire
    > Description: ThreatFire Filesystem Monitor
    >
    > http://www.runscanner.net/getmd5.aspx?MD5=7D4BC17587C312074C063A751DF55703&process=tffsmon.sys
    >
    > Tfsysmon -Path found: C:\ WINDOWS\ system32\ drivers\ tfsysmon.sys
    > Version: 3.7.8.16
    > Company: PC Tools
    > Productname: ThreatFire
    > Description: ThreatFire System Monitor
    >
    > http://www.runscanner.net/getmd5.aspx?MD5=257AE07B70DA994AB1CDA8803B75EEDC&process=tfsysmon.sys
    >
    > Tfnetmon -Path found: c:\ windows\ system32\ drivers\ tfnetmon.sys
    > Version: 3.7.8.16
    > Company: PC Tools
    > Productname: ThreatFire
    > Description: ThreatFire Network Monitor
    >
    > http://www.runscanner.net/getmd5.aspx?MD5=996F07836D747AC769CC7C1F91BEA388&process=tfnetmon.sys
    >
    > Tfkbmon - Path found: C:\ WINDOWS\ system32\ drivers\ tfkbmon.sys
    > Version: 3.7.8.16
    > Company: PC Tools
    > Productname: ThreatFire
    > Description: ThreatFire Keyboard Monitor
    >
    > http://www.runscanner.net/getMD5.aspx?MD5=008E9D14A224C93F13A3DF3AC0CB433C&process=tfkbmon.sys
    >
    > So by removing the - Tfkbmon file from Threat Fire it appears you will
    > lose the use of your keyboard.
    >
    >
    >
    >
    >
    > "Ron H" wrote:
    >
    > > Dave i found a whole page on those files on google i've spelled them wrong:
    > > Type Tffsmon in google. These are the files i deleted and would you give me
    > > your best understanding of what you read here. I'm trying to figure out
    > > if they are Treat Fire and why did i lose my keyboard drivers by deleting
    > > them.
    > >
    > >
     
    Guest, Nov 17, 2007
    #5
  6. Guest

    Dave M Guest

    Hi Ron H;

    I found this article on the PCTools support site that might help. Remember
    that ThreatFire was previously known by the name Cyberhawk, until PCTools
    bought it. After you supplied the correct driver filenames, they all do
    exist on my system, although with higher version levels than you show.

    http://www.pctools.com/forum/showthread.php?s=28bfe7940e15ac95f83a893519f97601&t=47955

    This case involved him doing an uninstall, a keyboard lockup like yours,
    and then the need to do a registry recovery for those driver keys. I don't
    believe he deleted the actual sys files however, and perhaps the problem
    stemmed from doing the removal while cyberhawk was still running (??) If I
    can give you any further help be sure to ask, perhaps it would be good to
    use the PCTools forum for support as well.

    I suppose I'd try to recover by reinstalling, then suspending ThreatFire,
    and finally trying the un-install at that point... there is an unins000.exe
    included with the package, but all the users guide says is to do the
    standard add /remove:
    Uninstalling ThreatFire
    To uninstall ThreatFire:



    1
    Click the Start menu and highlight and click Control Panel.



    2
    Select Add or Remove Programs.



    3
    Under Currently Installed Programs, select ThreatFire.



    4
    Highlight it and click Remove. Windows removes ThreatFire.


    --

    Regards, Dave


    Ron H wrote:
    > Here's the files that i deleted that screwed up my computer:
    > Tffsmon - Path found: C:\ WINDOWS\ system32\ drivers\ tffsmon.sys
    > Version: 3.7.8.16
    > Company: PC Tools
    > Productname: ThreatFire
    > Description: ThreatFire Filesystem Monitor
    >
    > http://www.runscanner.net/getmd5.aspx?MD5=7D4BC17587C312074C063A751DF55703&process=tffsmon.sys
    >
    > Tfsysmon -Path found: C:\ WINDOWS\ system32\ drivers\ tfsysmon.sys
    > Version: 3.7.8.16
    > Company: PC Tools
    > Productname: ThreatFire
    > Description: ThreatFire System Monitor
    >
    > http://www.runscanner.net/getmd5.aspx?MD5=257AE07B70DA994AB1CDA8803B75EEDC&process=tfsysmon.sys
    >
    > Tfnetmon -Path found: c:\ windows\ system32\ drivers\ tfnetmon.sys
    > Version: 3.7.8.16
    > Company: PC Tools
    > Productname: ThreatFire
    > Description: ThreatFire Network Monitor
    >
    > http://www.runscanner.net/getmd5.aspx?MD5=996F07836D747AC769CC7C1F91BEA388&process=tfnetmon.sys
    >
    > Tfkbmon - Path found: C:\ WINDOWS\ system32\ drivers\ tfkbmon.sys
    > Version: 3.7.8.16
    > Company: PC Tools
    > Productname: ThreatFire
    > Description: ThreatFire Keyboard Monitor
    >
    > http://www.runscanner.net/getMD5.aspx?MD5=008E9D14A224C93F13A3DF3AC0CB433C&process=tfkbmon.sys
    >
    > So by removing the - Tfkbmon file from Threat Fire it appears you will
    > lose the use of your keyboard.
    >
    >
    >
    >
    >
    > "Ron H" wrote:
    >
    >> Dave i found a whole page on those files on google i've spelled them
    >> wrong:
    >> Type Tffsmon in google. These are the files i deleted and would you
    >> give me
    >> your best understanding of what you read here. I'm trying to figure out
    >> if they are Treat Fire and why did i lose my keyboard drivers by
    >> deleting
    >> them.
     
    Dave M, Nov 17, 2007
    #6
  7. Guest

    Dave M Guest

    Ron,

    On second thought, rather than suspend ThreatFire prior to uninstalling, if
    you do manage to get it
    reinstalled, you might try to stop it from starting in msconfig and disable
    the
    ThreatFire engine in system services then reboot and finally uninstall via
    add/remove. Since Robin managed to get a clean uninstall of those drivers,
    my
    take on that would be that there's something about your system that has
    those 4
    drivers locked. I still think a post on the PCTools forum would be good
    for you
    as well as them too.
    --

    Regards, Dave


    Dave M wrote:
    > Hi Ron H;
    >
    > I found this article on the PCTools support site that might help.
    > Remember
    > that ThreatFire was previously known by the name Cyberhawk, until PCTools
    > bought it. After you supplied the correct driver filenames, they all do
    > exist on my system, although with higher version levels than you show.
    >
    > http://www.pctools.com/forum/showthread.php?s=28bfe7940e15ac95f83a893519f97601&t=47955
    >
    > This case involved him doing an uninstall, a keyboard lockup like yours,
    > and then the need to do a registry recovery for those driver keys. I
    > don't
    > believe he deleted the actual sys files however, and perhaps the problem
    > stemmed from doing the removal while cyberhawk was still running (??) If
    > I
    > can give you any further help be sure to ask, perhaps it would be good to
    > use the PCTools forum for support as well.
    >
    > I suppose I'd try to recover by reinstalling, then suspending ThreatFire,
    > and finally trying the un-install at that point... there is an
    > unins000.exe
    > included with the package, but all the users guide says is to do the
    > standard add /remove:
    > Uninstalling ThreatFire
    > To uninstall ThreatFire:
    >
    >
    >
    > 1
    > Click the Start menu and highlight and click Control Panel.
    >
    >
    >
    > 2
    > Select Add or Remove Programs.
    >
    >
    >
    > 3
    > Under Currently Installed Programs, select ThreatFire.
    >
    >
    >
    > 4
    > Highlight it and click Remove. Windows removes ThreatFire.
    >
    >
    >
    > Ron H wrote:
    >> Here's the files that i deleted that screwed up my computer:
    >> Tffsmon - Path found: C:\ WINDOWS\ system32\ drivers\ tffsmon.sys
    >> Version: 3.7.8.16
    >> Company: PC Tools
    >> Productname: ThreatFire
    >> Description: ThreatFire Filesystem Monitor
    >>
    >> http://www.runscanner.net/getmd5.aspx?MD5=7D4BC17587C312074C063A751DF55703&process=tffsmon.sys
    >>
    >> Tfsysmon -Path found: C:\ WINDOWS\ system32\ drivers\ tfsysmon.sys
    >> Version: 3.7.8.16
    >> Company: PC Tools
    >> Productname: ThreatFire
    >> Description: ThreatFire System Monitor
    >>
    >> http://www.runscanner.net/getmd5.aspx?MD5=257AE07B70DA994AB1CDA8803B75EEDC&process=tfsysmon.sys
    >>
    >> Tfnetmon -Path found: c:\ windows\ system32\ drivers\ tfnetmon.sys
    >> Version: 3.7.8.16
    >> Company: PC Tools
    >> Productname: ThreatFire
    >> Description: ThreatFire Network Monitor
    >>
    >> http://www.runscanner.net/getmd5.aspx?MD5=996F07836D747AC769CC7C1F91BEA388&process=tfnetmon.sys
    >>
    >> Tfkbmon - Path found: C:\ WINDOWS\ system32\ drivers\ tfkbmon.sys
    >> Version: 3.7.8.16
    >> Company: PC Tools
    >> Productname: ThreatFire
    >> Description: ThreatFire Keyboard Monitor
    >>
    >> http://www.runscanner.net/getMD5.aspx?MD5=008E9D14A224C93F13A3DF3AC0CB433C&process=tfkbmon.sys
    >>
    >> So by removing the - Tfkbmon file from Threat Fire it appears you will
    >> lose the use of your keyboard.
    >>
    >>
    >>
    >>
    >>
    >> "Ron H" wrote:
    >>
    >>> Dave i found a whole page on those files on google i've spelled them
    >>> wrong:
    >>> Type Tffsmon in google. These are the files i deleted and would you
    >>> give me
    >>> your best understanding of what you read here. I'm trying to figure
    >>> out
    >>> if they are Treat Fire and why did i lose my keyboard drivers by
    >>> deleting
    >>> them.
     
    Dave M, Nov 17, 2007
    #7
  8. Guest

    Guest Guest

    Dave, my TF has been removed a month ago and about a week later is
    when i deleted those files so re-install is long gone. Dave there is so much
    on Google about Kaspersky and other AV products saying that Tfkbmon is
    detected on their scans as a keylogger and it's problematic the way that
    driver
    is written. Now i'm not saying it's a keylogger but i think TF alters the
    original
    keyboard drivers in a way to aid their program in the protection
    of your computer. Now i'm wondering why Robinb is not showing those files
    after deletion and i did ? I was hoping that she checked the propper path
    because i posted the wrong path in my first post. But anyway removing
    this file did me alot of damage and even though i got my drivers back
    my computer is still acting very different.

    Dave M, I truely value your advise, and i feel very comfortable using your
    advise so i hope there is no problem picking your brain -OK.

    If you Google things like "problems with Tfkbmon", Tfkbmon, there are pages
    of discussions on these drivers and when you see things like : Did you
    download ThreatFire? This may be interacting with AVG improperly - on the
    Geeks to Go
    forum there is more to this. Why don't we find out what TF does to this
    driver together and post the results ? Talk to you again tomorrow. Ron


    "Dave M" wrote:

    > Ron,
    >
    > On second thought, rather than suspend ThreatFire prior to uninstalling, if
    > you do manage to get it
    > reinstalled, you might try to stop it from starting in msconfig and disable
    > the
    > ThreatFire engine in system services then reboot and finally uninstall via
    > add/remove. Since Robin managed to get a clean uninstall of those drivers,
    > my
    > take on that would be that there's something about your system that has
    > those 4
    > drivers locked. I still think a post on the PCTools forum would be good
    > for you
    > as well as them too.
    > --
    >
    > Regards, Dave
    >
    >
    > Dave M wrote:
    > > Hi Ron H;
    > >
    > > I found this article on the PCTools support site that might help.
    > > Remember
    > > that ThreatFire was previously known by the name Cyberhawk, until PCTools
    > > bought it. After you supplied the correct driver filenames, they all do
    > > exist on my system, although with higher version levels than you show.
    > >
    > > http://www.pctools.com/forum/showthread.php?s=28bfe7940e15ac95f83a893519f97601&t=47955
    > >
    > > This case involved him doing an uninstall, a keyboard lockup like yours,
    > > and then the need to do a registry recovery for those driver keys. I
    > > don't
    > > believe he deleted the actual sys files however, and perhaps the problem
    > > stemmed from doing the removal while cyberhawk was still running (??) If
    > > I
    > > can give you any further help be sure to ask, perhaps it would be good to
    > > use the PCTools forum for support as well.
    > >
    > > I suppose I'd try to recover by reinstalling, then suspending ThreatFire,
    > > and finally trying the un-install at that point... there is an
    > > unins000.exe
    > > included with the package, but all the users guide says is to do the
    > > standard add /remove:
    > > Uninstalling ThreatFire
    > > To uninstall ThreatFire:
    > >
    > >
    > >
    > > 1
    > > Click the Start menu and highlight and click Control Panel.
    > >
    > >
    > >
    > > 2
    > > Select Add or Remove Programs.
    > >
    > >
    > >
    > > 3
    > > Under Currently Installed Programs, select ThreatFire.
    > >
    > >
    > >
    > > 4
    > > Highlight it and click Remove. Windows removes ThreatFire.
    > >
    > >
    > >
    > > Ron H wrote:
    > >> Here's the files that i deleted that screwed up my computer:
    > >> Tffsmon - Path found: C:\ WINDOWS\ system32\ drivers\ tffsmon.sys
    > >> Version: 3.7.8.16
    > >> Company: PC Tools
    > >> Productname: ThreatFire
    > >> Description: ThreatFire Filesystem Monitor
    > >>
    > >> http://www.runscanner.net/getmd5.aspx?MD5=7D4BC17587C312074C063A751DF55703&process=tffsmon.sys
    > >>
    > >> Tfsysmon -Path found: C:\ WINDOWS\ system32\ drivers\ tfsysmon.sys
    > >> Version: 3.7.8.16
    > >> Company: PC Tools
    > >> Productname: ThreatFire
    > >> Description: ThreatFire System Monitor
    > >>
    > >> http://www.runscanner.net/getmd5.aspx?MD5=257AE07B70DA994AB1CDA8803B75EEDC&process=tfsysmon.sys
    > >>
    > >> Tfnetmon -Path found: c:\ windows\ system32\ drivers\ tfnetmon.sys
    > >> Version: 3.7.8.16
    > >> Company: PC Tools
    > >> Productname: ThreatFire
    > >> Description: ThreatFire Network Monitor
    > >>
    > >> http://www.runscanner.net/getmd5.aspx?MD5=996F07836D747AC769CC7C1F91BEA388&process=tfnetmon.sys
    > >>
    > >> Tfkbmon - Path found: C:\ WINDOWS\ system32\ drivers\ tfkbmon.sys
    > >> Version: 3.7.8.16
    > >> Company: PC Tools
    > >> Productname: ThreatFire
    > >> Description: ThreatFire Keyboard Monitor
    > >>
    > >> http://www.runscanner.net/getMD5.aspx?MD5=008E9D14A224C93F13A3DF3AC0CB433C&process=tfkbmon.sys
    > >>
    > >> So by removing the - Tfkbmon file from Threat Fire it appears you will
    > >> lose the use of your keyboard.
    > >>
    > >>
    > >>
    > >>
    > >>
    > >> "Ron H" wrote:
    > >>
    > >>> Dave i found a whole page on those files on google i've spelled them
    > >>> wrong:
    > >>> Type Tffsmon in google. These are the files i deleted and would you
    > >>> give me
    > >>> your best understanding of what you read here. I'm trying to figure
    > >>> out
    > >>> if they are Treat Fire and why did i lose my keyboard drivers by
    > >>> deleting
    > >>> them.

    >
    >
    >
     
    Guest, Nov 18, 2007
    #8
  9. Guest

    Robinb Guest

    Ron I did check the second time with the correct name
    in fact i did the entire drive just in case i missed something and did not
    find those files
    I do remember to uninstall this program you had to stopp the realtime
    protection first in services and make sure the icon it put in the right side
    of the taskbar was existed and make sure the program was not running- i
    killed the process first before i uninstalled it.
    Maybe that is why i do not have those files once i uninstalled it?
    Maybe it actually uninstalled properly doing it this way
    robin
    "Ron H" <> wrote in message
    news:...
    > Dave, my TF has been removed a month ago and about a week later is
    > when i deleted those files so re-install is long gone. Dave there is so
    > much
    > on Google about Kaspersky and other AV products saying that Tfkbmon is
    > detected on their scans as a keylogger and it's problematic the way that
    > driver
    > is written. Now i'm not saying it's a keylogger but i think TF alters the
    > original
    > keyboard drivers in a way to aid their program in the protection
    > of your computer. Now i'm wondering why Robinb is not showing those files
    > after deletion and i did ? I was hoping that she checked the propper path
    > because i posted the wrong path in my first post. But anyway removing
    > this file did me alot of damage and even though i got my drivers back
    > my computer is still acting very different.
    >
    > Dave M, I truely value your advise, and i feel very comfortable using your
    > advise so i hope there is no problem picking your brain -OK.
    >
    > If you Google things like "problems with Tfkbmon", Tfkbmon, there are
    > pages
    > of discussions on these drivers and when you see things like : Did you
    > download ThreatFire? This may be interacting with AVG improperly - on the
    > Geeks to Go
    > forum there is more to this. Why don't we find out what TF does to this
    > driver together and post the results ? Talk to you again tomorrow. Ron
    >
    >
    > "Dave M" wrote:
    >
    >> Ron,
    >>
    >> On second thought, rather than suspend ThreatFire prior to uninstalling,
    >> if
    >> you do manage to get it
    >> reinstalled, you might try to stop it from starting in msconfig and
    >> disable
    >> the
    >> ThreatFire engine in system services then reboot and finally uninstall
    >> via
    >> add/remove. Since Robin managed to get a clean uninstall of those
    >> drivers,
    >> my
    >> take on that would be that there's something about your system that has
    >> those 4
    >> drivers locked. I still think a post on the PCTools forum would be good
    >> for you
    >> as well as them too.
    >> --
    >>
    >> Regards, Dave
    >>
    >>
    >> Dave M wrote:
    >> > Hi Ron H;
    >> >
    >> > I found this article on the PCTools support site that might help.
    >> > Remember
    >> > that ThreatFire was previously known by the name Cyberhawk, until
    >> > PCTools
    >> > bought it. After you supplied the correct driver filenames, they all
    >> > do
    >> > exist on my system, although with higher version levels than you show.
    >> >
    >> > http://www.pctools.com/forum/showthread.php?s=28bfe7940e15ac95f83a893519f97601&t=47955
    >> >
    >> > This case involved him doing an uninstall, a keyboard lockup like
    >> > yours,
    >> > and then the need to do a registry recovery for those driver keys. I
    >> > don't
    >> > believe he deleted the actual sys files however, and perhaps the
    >> > problem
    >> > stemmed from doing the removal while cyberhawk was still running (??)
    >> > If
    >> > I
    >> > can give you any further help be sure to ask, perhaps it would be good
    >> > to
    >> > use the PCTools forum for support as well.
    >> >
    >> > I suppose I'd try to recover by reinstalling, then suspending
    >> > ThreatFire,
    >> > and finally trying the un-install at that point... there is an
    >> > unins000.exe
    >> > included with the package, but all the users guide says is to do the
    >> > standard add /remove:
    >> > Uninstalling ThreatFire
    >> > To uninstall ThreatFire:
    >> >
    >> >
    >> >
    >> > 1
    >> > Click the Start menu and highlight and click Control Panel.
    >> >
    >> >
    >> >
    >> > 2
    >> > Select Add or Remove Programs.
    >> >
    >> >
    >> >
    >> > 3
    >> > Under Currently Installed Programs, select ThreatFire.
    >> >
    >> >
    >> >
    >> > 4
    >> > Highlight it and click Remove. Windows removes ThreatFire.
    >> >
    >> >
    >> >
    >> > Ron H wrote:
    >> >> Here's the files that i deleted that screwed up my computer:
    >> >> Tffsmon - Path found: C:\ WINDOWS\ system32\ drivers\ tffsmon.sys
    >> >> Version: 3.7.8.16
    >> >> Company: PC Tools
    >> >> Productname: ThreatFire
    >> >> Description: ThreatFire Filesystem Monitor
    >> >>
    >> >> http://www.runscanner.net/getmd5.aspx?MD5=7D4BC17587C312074C063A751DF55703&process=tffsmon.sys
    >> >>
    >> >> Tfsysmon -Path found: C:\ WINDOWS\ system32\ drivers\ tfsysmon.sys
    >> >> Version: 3.7.8.16
    >> >> Company: PC Tools
    >> >> Productname: ThreatFire
    >> >> Description: ThreatFire System Monitor
    >> >>
    >> >> http://www.runscanner.net/getmd5.aspx?MD5=257AE07B70DA994AB1CDA8803B75EEDC&process=tfsysmon.sys
    >> >>
    >> >> Tfnetmon -Path found: c:\ windows\ system32\ drivers\ tfnetmon.sys
    >> >> Version: 3.7.8.16
    >> >> Company: PC Tools
    >> >> Productname: ThreatFire
    >> >> Description: ThreatFire Network Monitor
    >> >>
    >> >> http://www.runscanner.net/getmd5.aspx?MD5=996F07836D747AC769CC7C1F91BEA388&process=tfnetmon.sys
    >> >>
    >> >> Tfkbmon - Path found: C:\ WINDOWS\ system32\ drivers\ tfkbmon.sys
    >> >> Version: 3.7.8.16
    >> >> Company: PC Tools
    >> >> Productname: ThreatFire
    >> >> Description: ThreatFire Keyboard Monitor
    >> >>
    >> >> http://www.runscanner.net/getMD5.aspx?MD5=008E9D14A224C93F13A3DF3AC0CB433C&process=tfkbmon.sys
    >> >>
    >> >> So by removing the - Tfkbmon file from Threat Fire it appears you will
    >> >> lose the use of your keyboard.
    >> >>
    >> >>
    >> >>
    >> >>
    >> >>
    >> >> "Ron H" wrote:
    >> >>
    >> >>> Dave i found a whole page on those files on google i've spelled them
    >> >>> wrong:
    >> >>> Type Tffsmon in google. These are the files i deleted and would you
    >> >>> give me
    >> >>> your best understanding of what you read here. I'm trying to figure
    >> >>> out
    >> >>> if they are Treat Fire and why did i lose my keyboard drivers by
    >> >>> deleting
    >> >>> them.

    >>
    >>
    >>
     
    Robinb, Nov 18, 2007
    #9
  10. Guest

    Dave M Guest

    To add to Robin's information;

    I ran Kaspersky on-demand full scan on my system, nothing found. Then sent
    all 4 of those driver files to Virus Total, and just for added measure I
    forwarded Tfkbmon.sys to Jotti, with absolutely nothing reported by any of
    the multiscanners. It does look like there was a Kaspersky FP in the past,
    but no longer is being reported either in an on-demand scan or via the
    multiscanners. Additionally, I run so many of those on-demand scanners
    over the course of a month, something certainly should have picked up a
    problem had there been one.

    But more directly to your point, I think ThreatFire undoubtedly does use
    hooks and/or code injectors in their product. What I'm not sure of is,
    what the effect of a brute force removal of those modules would have on
    anything they touched beforehand, or why they failed to be removed
    surgically along with the standard uninstall, though obviously something
    unusual has happened to both you and the Cyberhawk poster in that link I
    sent. I also did notice that in one of the geeks to go threads (one that
    we probably were both looking at), the problem was eventually resolved as a
    dying keyboard battery.

    --

    Regards, Dave


    Ron H wrote:
    > Dave, my TF has been removed a month ago and about a week later is
    > when i deleted those files so re-install is long gone. Dave there is so
    > much
    > on Google about Kaspersky and other AV products saying that Tfkbmon is
    > detected on their scans as a keylogger and it's problematic the way that
    > driver
    > is written. Now i'm not saying it's a keylogger but i think TF alters the
    > original
    > keyboard drivers in a way to aid their program in the protection
    > of your computer. Now i'm wondering why Robinb is not showing those files
    > after deletion and i did ? I was hoping that she checked the propper path
    > because i posted the wrong path in my first post. But anyway removing
    > this file did me alot of damage and even though i got my drivers back
    > my computer is still acting very different.
    >
    > Dave M, I truely value your advise, and i feel very comfortable using
    > your
    > advise so i hope there is no problem picking your brain -OK.
    >
    > If you Google things like "problems with Tfkbmon", Tfkbmon, there are
    > pages
    > of discussions on these drivers and when you see things like : Did you
    > download ThreatFire? This may be interacting with AVG improperly - on the
    > Geeks to Go
    > forum there is more to this. Why don't we find out what TF does to this
    > driver together and post the results ? Talk to you again tomorrow.
    > Ron
    >
    >
    > "Dave M" wrote:
    >
    >> Ron,
    >>
    >> On second thought, rather than suspend ThreatFire prior to uninstalling,
    >> if
    >> you do manage to get it
    >> reinstalled, you might try to stop it from starting in msconfig and
    >> disable
    >> the
    >> ThreatFire engine in system services then reboot and finally uninstall
    >> via
    >> add/remove. Since Robin managed to get a clean uninstall of those
    >> drivers,
    >> my
    >> take on that would be that there's something about your system that has
    >> those 4
    >> drivers locked. I still think a post on the PCTools forum would be good
    >> for you
    >> as well as them too.
    >> --
    >>
    >> Regards, Dave
    >>
    >>
    >> Dave M wrote:
    >>> Hi Ron H;
    >>>
    >>> I found this article on the PCTools support site that might help.
    >>> Remember
    >>> that ThreatFire was previously known by the name Cyberhawk, until
    >>> PCTools
    >>> bought it. After you supplied the correct driver filenames, they all
    >>> do
    >>> exist on my system, although with higher version levels than you show.
    >>>
    >>> http://www.pctools.com/forum/showthread.php?s=28bfe7940e15ac95f83a893519f97601&t=47955
    >>>
    >>> This case involved him doing an uninstall, a keyboard lockup like
    >>> yours,
    >>> and then the need to do a registry recovery for those driver keys. I
    >>> don't
    >>> believe he deleted the actual sys files however, and perhaps the
    >>> problem
    >>> stemmed from doing the removal while cyberhawk was still running (??)
    >>> If
    >>> I
    >>> can give you any further help be sure to ask, perhaps it would be good
    >>> to
    >>> use the PCTools forum for support as well.
    >>>
    >>> I suppose I'd try to recover by reinstalling, then suspending
    >>> ThreatFire,
    >>> and finally trying the un-install at that point... there is an
    >>> unins000.exe
    >>> included with the package, but all the users guide says is to do the
    >>> standard add /remove:
    >>> Uninstalling ThreatFire
    >>> To uninstall ThreatFire:
    >>>
    >>>
    >>>
    >>> 1
    >>> Click the Start menu and highlight and click Control Panel.
    >>>
    >>>
    >>>
    >>> 2
    >>> Select Add or Remove Programs.
    >>>
    >>>
    >>>
    >>> 3
    >>> Under Currently Installed Programs, select ThreatFire.
    >>>
    >>>
    >>>
    >>> 4
    >>> Highlight it and click Remove. Windows removes ThreatFire.
    >>>
    >>>
    >>>
    >>> Ron H wrote:
    >>>> Here's the files that i deleted that screwed up my computer:
    >>>> Tffsmon - Path found: C:\ WINDOWS\ system32\ drivers\ tffsmon.sys
    >>>> Version: 3.7.8.16
    >>>> Company: PC Tools
    >>>> Productname: ThreatFire
    >>>> Description: ThreatFire Filesystem Monitor
    >>>>
    >>>> http://www.runscanner.net/getmd5.aspx?MD5=7D4BC17587C312074C063A751DF55703&process=tffsmon.sys
    >>>>
    >>>> Tfsysmon -Path found: C:\ WINDOWS\ system32\ drivers\ tfsysmon.sys
    >>>> Version: 3.7.8.16
    >>>> Company: PC Tools
    >>>> Productname: ThreatFire
    >>>> Description: ThreatFire System Monitor
    >>>>
    >>>> http://www.runscanner.net/getmd5.aspx?MD5=257AE07B70DA994AB1CDA8803B75EEDC&process=tfsysmon.sys
    >>>>
    >>>> Tfnetmon -Path found: c:\ windows\ system32\ drivers\ tfnetmon.sys
    >>>> Version: 3.7.8.16
    >>>> Company: PC Tools
    >>>> Productname: ThreatFire
    >>>> Description: ThreatFire Network Monitor
    >>>>
    >>>> http://www.runscanner.net/getmd5.aspx?MD5=996F07836D747AC769CC7C1F91BEA388&process=tfnetmon.sys
    >>>>
    >>>> Tfkbmon - Path found: C:\ WINDOWS\ system32\ drivers\ tfkbmon.sys
    >>>> Version: 3.7.8.16
    >>>> Company: PC Tools
    >>>> Productname: ThreatFire
    >>>> Description: ThreatFire Keyboard Monitor
    >>>>
    >>>> http://www.runscanner.net/getMD5.aspx?MD5=008E9D14A224C93F13A3DF3AC0CB433C&process=tfkbmon.sys
    >>>>
    >>>> So by removing the - Tfkbmon file from Threat Fire it appears you will
    >>>> lose the use of your keyboard.
    >>>>
    >>>>
    >>>>
    >>>>
    >>>>
    >>>> "Ron H" wrote:
    >>>>
    >>>>> Dave i found a whole page on those files on google i've spelled them
    >>>>> wrong:
    >>>>> Type Tffsmon in google. These are the files i deleted and would you
    >>>>> give me
    >>>>> your best understanding of what you read here. I'm trying to figure
    >>>>> out
    >>>>> if they are Treat Fire and why did i lose my keyboard drivers by
    >>>>> deleting
    >>>>> them.
     
    Dave M, Nov 18, 2007
    #10
  11. Guest

    Guest Guest

    Thank You Robinb and Dave M for all your help, i don't expect you to go
    any further with this but if anything additional comes to light please keep
    me posted. Thanks Again Ron

    "Dave M" wrote:

    > To add to Robin's information;
    >
    > I ran Kaspersky on-demand full scan on my system, nothing found. Then sent
    > all 4 of those driver files to Virus Total, and just for added measure I
    > forwarded Tfkbmon.sys to Jotti, with absolutely nothing reported by any of
    > the multiscanners. It does look like there was a Kaspersky FP in the past,
    > but no longer is being reported either in an on-demand scan or via the
    > multiscanners. Additionally, I run so many of those on-demand scanners
    > over the course of a month, something certainly should have picked up a
    > problem had there been one.
    >
    > But more directly to your point, I think ThreatFire undoubtedly does use
    > hooks and/or code injectors in their product. What I'm not sure of is,
    > what the effect of a brute force removal of those modules would have on
    > anything they touched beforehand, or why they failed to be removed
    > surgically along with the standard uninstall, though obviously something
    > unusual has happened to both you and the Cyberhawk poster in that link I
    > sent. I also did notice that in one of the geeks to go threads (one that
    > we probably were both looking at), the problem was eventually resolved as a
    > dying keyboard battery.
    >
    > --
    >
    > Regards, Dave
    >
    >
    > Ron H wrote:
    > > Dave, my TF has been removed a month ago and about a week later is
    > > when i deleted those files so re-install is long gone. Dave there is so
    > > much
    > > on Google about Kaspersky and other AV products saying that Tfkbmon is
    > > detected on their scans as a keylogger and it's problematic the way that
    > > driver
    > > is written. Now i'm not saying it's a keylogger but i think TF alters the
    > > original
    > > keyboard drivers in a way to aid their program in the protection
    > > of your computer. Now i'm wondering why Robinb is not showing those files
    > > after deletion and i did ? I was hoping that she checked the propper path
    > > because i posted the wrong path in my first post. But anyway removing
    > > this file did me alot of damage and even though i got my drivers back
    > > my computer is still acting very different.
    > >
    > > Dave M, I truely value your advise, and i feel very comfortable using
    > > your
    > > advise so i hope there is no problem picking your brain -OK.
    > >
    > > If you Google things like "problems with Tfkbmon", Tfkbmon, there are
    > > pages
    > > of discussions on these drivers and when you see things like : Did you
    > > download ThreatFire? This may be interacting with AVG improperly - on the
    > > Geeks to Go
    > > forum there is more to this. Why don't we find out what TF does to this
    > > driver together and post the results ? Talk to you again tomorrow.
    > > Ron
    > >
    > >
    > > "Dave M" wrote:
    > >
    > >> Ron,
    > >>
    > >> On second thought, rather than suspend ThreatFire prior to uninstalling,
    > >> if
    > >> you do manage to get it
    > >> reinstalled, you might try to stop it from starting in msconfig and
    > >> disable
    > >> the
    > >> ThreatFire engine in system services then reboot and finally uninstall
    > >> via
    > >> add/remove. Since Robin managed to get a clean uninstall of those
    > >> drivers,
    > >> my
    > >> take on that would be that there's something about your system that has
    > >> those 4
    > >> drivers locked. I still think a post on the PCTools forum would be good
    > >> for you
    > >> as well as them too.
    > >> --
    > >>
    > >> Regards, Dave
    > >>
    > >>
    > >> Dave M wrote:
    > >>> Hi Ron H;
    > >>>
    > >>> I found this article on the PCTools support site that might help.
    > >>> Remember
    > >>> that ThreatFire was previously known by the name Cyberhawk, until
    > >>> PCTools
    > >>> bought it. After you supplied the correct driver filenames, they all
    > >>> do
    > >>> exist on my system, although with higher version levels than you show.
    > >>>
    > >>> http://www.pctools.com/forum/showthread.php?s=28bfe7940e15ac95f83a893519f97601&t=47955
    > >>>
    > >>> This case involved him doing an uninstall, a keyboard lockup like
    > >>> yours,
    > >>> and then the need to do a registry recovery for those driver keys. I
    > >>> don't
    > >>> believe he deleted the actual sys files however, and perhaps the
    > >>> problem
    > >>> stemmed from doing the removal while cyberhawk was still running (??)
    > >>> If
    > >>> I
    > >>> can give you any further help be sure to ask, perhaps it would be good
    > >>> to
    > >>> use the PCTools forum for support as well.
    > >>>
    > >>> I suppose I'd try to recover by reinstalling, then suspending
    > >>> ThreatFire,
    > >>> and finally trying the un-install at that point... there is an
    > >>> unins000.exe
    > >>> included with the package, but all the users guide says is to do the
    > >>> standard add /remove:
    > >>> Uninstalling ThreatFire
    > >>> To uninstall ThreatFire:
    > >>>
    > >>>
    > >>>
    > >>> 1
    > >>> Click the Start menu and highlight and click Control Panel.
    > >>>
    > >>>
    > >>>
    > >>> 2
    > >>> Select Add or Remove Programs.
    > >>>
    > >>>
    > >>>
    > >>> 3
    > >>> Under Currently Installed Programs, select ThreatFire.
    > >>>
    > >>>
    > >>>
    > >>> 4
    > >>> Highlight it and click Remove. Windows removes ThreatFire.
    > >>>
    > >>>
    > >>>
    > >>> Ron H wrote:
    > >>>> Here's the files that i deleted that screwed up my computer:
    > >>>> Tffsmon - Path found: C:\ WINDOWS\ system32\ drivers\ tffsmon.sys
    > >>>> Version: 3.7.8.16
    > >>>> Company: PC Tools
    > >>>> Productname: ThreatFire
    > >>>> Description: ThreatFire Filesystem Monitor
    > >>>>
    > >>>> http://www.runscanner.net/getmd5.aspx?MD5=7D4BC17587C312074C063A751DF55703&process=tffsmon.sys
    > >>>>
    > >>>> Tfsysmon -Path found: C:\ WINDOWS\ system32\ drivers\ tfsysmon.sys
    > >>>> Version: 3.7.8.16
    > >>>> Company: PC Tools
    > >>>> Productname: ThreatFire
    > >>>> Description: ThreatFire System Monitor
    > >>>>
    > >>>> http://www.runscanner.net/getmd5.aspx?MD5=257AE07B70DA994AB1CDA8803B75EEDC&process=tfsysmon.sys
    > >>>>
    > >>>> Tfnetmon -Path found: c:\ windows\ system32\ drivers\ tfnetmon.sys
    > >>>> Version: 3.7.8.16
    > >>>> Company: PC Tools
    > >>>> Productname: ThreatFire
    > >>>> Description: ThreatFire Network Monitor
    > >>>>
    > >>>> http://www.runscanner.net/getmd5.aspx?MD5=996F07836D747AC769CC7C1F91BEA388&process=tfnetmon.sys
    > >>>>
    > >>>> Tfkbmon - Path found: C:\ WINDOWS\ system32\ drivers\ tfkbmon.sys
    > >>>> Version: 3.7.8.16
    > >>>> Company: PC Tools
    > >>>> Productname: ThreatFire
    > >>>> Description: ThreatFire Keyboard Monitor
    > >>>>
    > >>>> http://www.runscanner.net/getMD5.aspx?MD5=008E9D14A224C93F13A3DF3AC0CB433C&process=tfkbmon.sys
    > >>>>
    > >>>> So by removing the - Tfkbmon file from Threat Fire it appears you will
    > >>>> lose the use of your keyboard.
    > >>>>
    > >>>>
    > >>>>
    > >>>>
    > >>>>
    > >>>> "Ron H" wrote:
    > >>>>
    > >>>>> Dave i found a whole page on those files on google i've spelled them
    > >>>>> wrong:
    > >>>>> Type Tffsmon in google. These are the files i deleted and would you
    > >>>>> give me
    > >>>>> your best understanding of what you read here. I'm trying to figure
    > >>>>> out
    > >>>>> if they are Treat Fire and why did i lose my keyboard drivers by
    > >>>>> deleting
    > >>>>> them.

    >
    >
    >
     
    Guest, Nov 18, 2007
    #11
    1. Advertisements

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Richard [46628]

    "Learn more about threat feature" nonfunctional

    Richard [46628], Jan 7, 2005, in forum: Spyware Discussion
    Replies:
    0
    Views:
    413
    Richard [46628]
    Jan 7, 2005
  2. Jay Libove
    Replies:
    1
    Views:
    516
    JohnB
    Jan 10, 2005
  3. SteveH

    Recurring Threat

    SteveH, Jan 20, 2005, in forum: Spyware Discussion
    Replies:
    7
    Views:
    161
    Bill Sanderson
    Jan 21, 2005
  4. Robert

    new antispyware - sees Windows as threat....

    Robert, Jan 21, 2005, in forum: Spyware Discussion
    Replies:
    3
    Views:
    181
    Andre Da Costa
    Jan 21, 2005
  5. Guest
    Replies:
    3
    Views:
    331
    Frank Saunders, MS-MVP, IE/OE
    Aug 16, 2005
Loading...

Share This Page