Results 1 to 3 of 3

Thread: My DocumentsUmn8J7_cfdg

  1. #1
    Senior Member
    Join Date
    Oct 2005
    Posts
    144

    Default My DocumentsUmn8J7_cfdg

    Hey guys, I think I may have some bugs here. Not sure, but they are new and I didnt install them on purpose. They were HIDDEN as a system file. I took note of them when I found lots of file in the PREFETCH folder (C:\WINDOWS\Prefetch) which had many many entries named "MY DOCUMENTSXLY2KR_CFDG.EXE-2BDFA463.pf". The numbers always change, but its always a My DOCUMENTSxxxxxx.cfdg.exe-xxxxxx file. Each time these original program starts, it makes a new one, with a differant number to it.

    Currently in prefetch folder there are only three. I clean it out last night, so 3 today.

    MY DOCUMENTSXLY2KR_CFDG.EXE-2BDFA463.pf
    MY DOCUMENTSUMN8J7_CFDG.EXE-3B316A4B.pf
    MY DOCUMENTSRGR41L_CFDG.EXE-0AF86652.pf

    When going into CrapCleaners registry integrity part, cleans registry some. It was allowe me to clean something regarding them. Cleaned HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICashe. It was allow it to be cleaned here, calling it "Missing MUI Reference". It also gave me the path to look at the program that started it. Being C:\Documents and Settings\USERNAME\My DocumentsXly2kr-cfgd.exe and My DocumentsRgR41|_cfdg.exe. I looked, but was hidden as a system file, till I choose to unhide stuff in folder options. Once everything was unhidden, I could see two exe files there.

    1) My DocumentsUmn8J7_cfdg
    1.52mb size, created yesterday - 16Nov07
    MD5 Hash - 2BF8CB02E4DC4CBD6A46DEB9168340D7
    SHA1 Hash - 3727347DF4755B218A4D5D6A9FD375207ABE30A8
    CRC 32 - 9EF55CB6

    2) My DocumentsXpd8Iv_cfdg
    1.52mb size, created sunday - 11Nov07
    MD5 Hash - 2BF8CB02E4DC4CBD6A46DEB9168340D7
    SHA1 Hash - 3727347DF4755B218A4D5D6A9FD375207ABE30A8
    CRC 32 - 9EF55CB6

    Not sure if these are legitimate programs or not, they appear to not be and when I run my programs that I normally run, they dont cause it to run these two. So not sure at all about them.

    Running WinXP Pro, SP2, AVG Free 7.5.503 updated, Spybot 1.5.1.17 updated+beta, SpyWareBlaster 3.5.1 (database 13Nov07), Sophos Antirootkit 1.3.1(data 1.07), BugHunter 2.2d (database 08Nov07), Comodo firewall 2.4.18.184 updated

    Sorry if this is legit software, but looks funny to me!
    Last edited by wk357mag; 2007-11-17 at 12:05.

  2. #2
    Senior Member
    Join Date
    Oct 2005
    Posts
    144

    Default

    OK, I now have a THIRD hidden file in same place.

    3) My DocumentsFqb3Gt_cfdg
    1.52mb size, Created yesterday - 17Nov07
    MD5 Hash - 2BF8CB02E4DC4CBD6A46DEB9168340D7
    SHA1 Hash - 3727347DF4755B218A4D5D6A9FD375207ABE30A8
    CRC 32 - 9EF55CB6

    Seems to run itself when I run SPYBOT!!! Hmmmm!!!

  3. #3
    Senior Member
    Join Date
    Oct 2005
    Posts
    144

    Default Cancel this one

    Sorry, as I continued to watch this, I found it to be associated with a program "save2pc Light", which is a YouTube downloader!

    SOrry!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •