Cfdrive32.exe Removal [Virus/Worm/Backdoor Trojan]

• Avira: Worm/Kolab.lax
• Bitdefender: IRC-Worm.Generic.13836
• Panda: W32/IrcBot.CZM.worm
• Eset: IRC/SdBot

What is cfdrive32.exe?


If you found this process running in the processes tab of your task manager, then that should mean your computer is infected with a worm. This process is launched from the C:\Windows directory by an executable file which is the virus itself. During the execution of this process, the cfdrive32.exe worm is allowed to analyze the computer's settings and modify the registry suitably to make it ready for the operations it can perform in the future. Ending the process immediately may help you save your system for a while. Remember that any suspicious processes MUST be ended. This won't cause any damage to your computer. The worst that can happen would be a restart. Remove Cfdrive32.exe by following the instructions here if you don't want the process to trouble you further.

How did cfdrive32.exe virus enter my system?


Cfdrive32.exe is a worm that exhibits the characteristics of a backdoor at the same time. Backdoor is a malicious file that downloads other malware by connecting to a server. Hence there can be a possibility that the Cfdrive32.exe backdoor was also downloaded in the same way. Another possibility of this virus entering your system is through software like cracks or keygens. When you run the software, the cfdrive32.exe is executed along with the keygen. Remove cfdrive.exe if found in your temporary folder. If it doesn't work, follow the cfdrive removal instructions given.

What does Cfdrive.exe virus do?


When executed, the cfdrive32.exe virus spreads itself by creating a copy in the C:\WINDOWS directory. At the same time, cfdrive32.exe also modifies the registry such that it is allowed to pass through your Windows Firewall. It also creates an entry that executes cfdrive32.exe at every startup. The virus poses itself as a "Microsoft Driver setup" thus trying to fool the user. Once the virus has settled itself, it pings to certain servers and establishes a connection. This way, the computer can be easily controlled by the third party. Removal of Cfdrive32.exe would be the best action to prevent such problems.

How to remove Cfdrive32.exe?


  1. Reboot your computer in the Safe Mode just to be sure that the virus doesn't launch. Click here if you're finding trouble restarting in the Safe Mode.
  2. Go to Start --> Run and type regedit to open the Registry Editor. Here, you'll have to delete or modify a few entries to get your system back to its original form.

    Go to
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Delete the value

    • "Microsoft Driver Setup"="%WINDIR%\cfdrive32.exe"

    Also go to
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
    Look for the same value and delete the entry.
    Now navigate to the following location
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
    On your right side, open the key EnableFirewall and change its value to 0 if you want it disabled or 1 if you want to enable it.
  3. We're almost done. Restart your computer once again in the Safe Mode. Go to the directory C:\WINDOWS and delete the file cfdrive32.exe. You might not find it directly, so enabling the hidden files and folders option may come in handy here.
  4. Now sit back and relax. You've successfully deleted cfdrive32.exe.

Posts that might help you here:
Enabling Safe Mode booting, Enabling the Registry , Enable Hidden files and folders option and Enabling the Command Prompt.
VShop
Get the best security software for your compter here!

powered by Blogger | WordPress by Newwpthemes | Converted by BloggerTheme