Threat Fire

G

Guest

Dave i found a whole page on those files on google i've spelled them wrong:
Type Tffsmon in google. These are the files i deleted and would you give me
your best understanding of what you read here. I'm trying to figure out
if they are Treat Fire and why did i lose my keyboard drivers by deleting
them.
 
G

Guest

Here's the files that i deleted that screwed up my computer:
Tffsmon - Path found: C:\ WINDOWS\ system32\ drivers\ tffsmon.sys
Version: 3.7.8.16
Company: PC Tools
Productname: ThreatFire
Description: ThreatFire Filesystem Monitor

http://www.runscanner.net/getmd5.aspx?MD5=7D4BC17587C312074C063A751DF55703&process=tffsmon.sys

Tfsysmon -Path found: C:\ WINDOWS\ system32\ drivers\ tfsysmon.sys
Version: 3.7.8.16
Company: PC Tools
Productname: ThreatFire
Description: ThreatFire System Monitor

http://www.runscanner.net/getmd5.aspx?MD5=257AE07B70DA994AB1CDA8803B75EEDC&process=tfsysmon.sys

Tfnetmon -Path found: c:\ windows\ system32\ drivers\ tfnetmon.sys
Version: 3.7.8.16
Company: PC Tools
Productname: ThreatFire
Description: ThreatFire Network Monitor

http://www.runscanner.net/getmd5.aspx?MD5=996F07836D747AC769CC7C1F91BEA388&process=tfnetmon.sys

Tfkbmon - Path found: C:\ WINDOWS\ system32\ drivers\ tfkbmon.sys
Version: 3.7.8.16
Company: PC Tools
Productname: ThreatFire
Description: ThreatFire Keyboard Monitor

http://www.runscanner.net/getMD5.aspx?MD5=008E9D14A224C93F13A3DF3AC0CB433C&process=tfkbmon.sys

So by removing the - Tfkbmon file from Threat Fire it appears you will
lose the use of your keyboard.
 
R

Robinb

i will check those files tomorrow since i typed them the first way you put
it
interesting if you delete those files you loose use of your keyboard
real nice problem that threatfire is
I am glad i removed it but i will not take that out of system32 if i have
them because nothing is is wrong so it can sit there and hang out

I will let you know either tomorrow or Sunday if i have that file
robin
 
R

robinb

ok i checked and I do not have those files
robin
Robinb said:
i will check those files tomorrow since i typed them the first way you put
it
interesting if you delete those files you loose use of your keyboard
real nice problem that threatfire is
I am glad i removed it but i will not take that out of system32 if i have
them because nothing is is wrong so it can sit there and hang out

I will let you know either tomorrow or Sunday if i have that file
robin
 
G

Guest

Robinb, Thanks for looking - but very strange that i deleted this :
Tfkbmon - Path found: C:\ WINDOWS\ system32\ drivers\ tfkbmon.sys
and the three other files AFTER i removed TF using Add/Remove.
 
D

Dave M

Hi Ron H;

I found this article on the PCTools support site that might help. Remember
that ThreatFire was previously known by the name Cyberhawk, until PCTools
bought it. After you supplied the correct driver filenames, they all do
exist on my system, although with higher version levels than you show.

http://www.pctools.com/forum/showthread.php?s=28bfe7940e15ac95f83a893519f97601&t=47955

This case involved him doing an uninstall, a keyboard lockup like yours,
and then the need to do a registry recovery for those driver keys. I don't
believe he deleted the actual sys files however, and perhaps the problem
stemmed from doing the removal while cyberhawk was still running (??) If I
can give you any further help be sure to ask, perhaps it would be good to
use the PCTools forum for support as well.

I suppose I'd try to recover by reinstalling, then suspending ThreatFire,
and finally trying the un-install at that point... there is an unins000.exe
included with the package, but all the users guide says is to do the
standard add /remove:
Uninstalling ThreatFire
To uninstall ThreatFire:



1
Click the Start menu and highlight and click Control Panel.



2
Select Add or Remove Programs.



3
Under Currently Installed Programs, select ThreatFire.



4
Highlight it and click Remove. Windows removes ThreatFire.
 
D

Dave M

Ron,

On second thought, rather than suspend ThreatFire prior to uninstalling, if
you do manage to get it
reinstalled, you might try to stop it from starting in msconfig and disable
the
ThreatFire engine in system services then reboot and finally uninstall via
add/remove. Since Robin managed to get a clean uninstall of those drivers,
my
take on that would be that there's something about your system that has
those 4
drivers locked. I still think a post on the PCTools forum would be good
for you
as well as them too.
 
G

Guest

Dave, my TF has been removed a month ago and about a week later is
when i deleted those files so re-install is long gone. Dave there is so much
on Google about Kaspersky and other AV products saying that Tfkbmon is
detected on their scans as a keylogger and it's problematic the way that
driver
is written. Now i'm not saying it's a keylogger but i think TF alters the
original
keyboard drivers in a way to aid their program in the protection
of your computer. Now i'm wondering why Robinb is not showing those files
after deletion and i did ? I was hoping that she checked the propper path
because i posted the wrong path in my first post. But anyway removing
this file did me alot of damage and even though i got my drivers back
my computer is still acting very different.

Dave M, I truely value your advise, and i feel very comfortable using your
advise so i hope there is no problem picking your brain -OK.

If you Google things like "problems with Tfkbmon", Tfkbmon, there are pages
of discussions on these drivers and when you see things like : Did you
download ThreatFire? This may be interacting with AVG improperly - on the
Geeks to Go
forum there is more to this. Why don't we find out what TF does to this
driver together and post the results ? Talk to you again tomorrow. Ron
 
R

Robinb

Ron I did check the second time with the correct name
in fact i did the entire drive just in case i missed something and did not
find those files
I do remember to uninstall this program you had to stopp the realtime
protection first in services and make sure the icon it put in the right side
of the taskbar was existed and make sure the program was not running- i
killed the process first before i uninstalled it.
Maybe that is why i do not have those files once i uninstalled it?
Maybe it actually uninstalled properly doing it this way
robin
 
D

Dave M

To add to Robin's information;

I ran Kaspersky on-demand full scan on my system, nothing found. Then sent
all 4 of those driver files to Virus Total, and just for added measure I
forwarded Tfkbmon.sys to Jotti, with absolutely nothing reported by any of
the multiscanners. It does look like there was a Kaspersky FP in the past,
but no longer is being reported either in an on-demand scan or via the
multiscanners. Additionally, I run so many of those on-demand scanners
over the course of a month, something certainly should have picked up a
problem had there been one.

But more directly to your point, I think ThreatFire undoubtedly does use
hooks and/or code injectors in their product. What I'm not sure of is,
what the effect of a brute force removal of those modules would have on
anything they touched beforehand, or why they failed to be removed
surgically along with the standard uninstall, though obviously something
unusual has happened to both you and the Cyberhawk poster in that link I
sent. I also did notice that in one of the geeks to go threads (one that
we probably were both looking at), the problem was eventually resolved as a
dying keyboard battery.
 
G

Guest

Thank You Robinb and Dave M for all your help, i don't expect you to go
any further with this but if anything additional comes to light please keep
me posted. Thanks Again Ron
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top