Jump to content

Recommended Posts

  • Staff

What is COM Faster?

The Malwarebytes research team has determined that COM Faster is a fake anti-malware application. These so-called "rogues" use intentional false positives to convince users that their systems have been compromised. Then they try to sell you their software, claiming it will remove these threats. In extreme cases the false threats are actually the very trojans that advertise or even directly install the rogue. You are strongly advised to follow our removal instructions below.

How do I know if I am infected with COM Faster?

This is how the main screen of the rogue application looks:

main.png

You will see these warnings:

warning1.png

warning2.png

warning3.png

warning4.png

How did COM Faster get on my computer?

Rogue programs use different methods for spreading themselves. This particular one was downloaded from their site.

How do I remove COM Faster?

Our program Malwarebytes Anti-Malware can detect and remove this rogue application.

  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to the following:

    • Update Malwarebytes Anti-Malware
    • Launch Malwarebytes Anti-Malware


    [*]Then click Finish. [*]If an update is found, it will download and install the latest version. [*]Once the program has loaded, select Perform quick scan, then click Scan. [*]When the scan is complete, click OK, then Show Results to view the results. [*]Be sure that everything is checked, and click Remove Selected. Reboot your computer if prompted. [*]When completed, a log will open in Notepad. The rogue application should now be gone.



Is there anything else I need to do to get rid of COM Faster?

  • No, Malwarebytes' Anti-Malware removes COM Faster completely.


How would the full version of Malwarebytes Anti-Malware help protect me?

We hope our application has helped you eradicate this malicious software. If your current security solution let this infection through, you might please consider purchasing the FULL version of Malwarebytes Anti-Malware for additional protection.

As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the COM Faster rogue. It would have warned you before the rogue could install itself, giving you a chance to stop it before it became too late.


protection1.png


Technical details for experts

Signs in a HijackThis log:

C:\Program Files\comfaster\comfaster.exeO23 - Service: comfaster svc (comfaster) - Unknown owner - C:\Program Files\comfaster\comfastersvc.exe

Alterations made by the installer:
File System===============Adds the folder C:\Documents and Settings\{username}\Application Data\comfasterAdds the file comfastercnt.exe"="08:41 27/05/13 16384 bytesAdds the folder C:\Documents and Settings\{username}\Start Menu\Programs\���н���Adds the file ���н��ͻ���.lnk"="19:18 26/06/13 523 bytesAdds the file ���н���.lnk"="19:18 26/06/13 716 bytesAdds the folder C:\Program Files\comfasterAdds the file uninst.exe"="19:18 26/06/13 147169 bytesAdds the file comfastersvc.exe"="09:26 30/05/13 98370 bytesAdds the file comfaster.exe"="08:01 21/05/13 139264 bytesAdds the folder C:\Program Files\comfaster\imgAdds the file sub_button_setup_01.bmp"="08:18 06/02/13 2504 bytesAdds the file sub_button_mim_01.bmp"="08:18 06/02/13 940 bytesAdds the file sub_button_close_01.bmp"="08:18 06/02/13 940 bytesAdds the file set_btn2.bmp"="09:10 05/02/13 7808 bytesAdds the file set_btn1.bmp"="09:09 05/02/13 7808 bytesAdds the file setup_sub_bg.bmp"="07:14 26/02/13 660056 bytesAdds the file setup_button_02.bmp"="04:46 15/02/13 25808 bytesAdds the file setup_button_01.bmp"="04:46 15/02/13 25808 bytesAdds the file Prohgress_y02.bmp"="06:28 26/02/13 16716 bytesAdds the file Prohgress_y01.bmp"="09:03 06/02/13 16716 bytesAdds the file Prohgress_04gray.bmp"="09:05 06/02/13 13860 bytesAdds the file Prohgress_04.bmp"="06:28 26/02/13 13860 bytesAdds the file Prohgress_03.bmp"="08:57 06/02/13 13860 bytesAdds the file Prohgress_02.bmp"="06:28 26/02/13 4424 bytesAdds the file Prohgress_01.bmp"="06:28 26/02/13 16716 bytesAdds the file pop_button_03_01.bmp"="06:57 15/11/12 4156 bytesAdds the file pop_button_02_01.bmp"="06:55 15/11/12 4156 bytesAdds the file pop_button_01_01.bmp"="09:25 05/02/13 4156 bytesAdds the file pc_txt_01.bmp"="06:28 26/02/13 26936 bytesAdds the file pc_title_01.bmp"="12:02 06/02/13 25458 bytesAdds the file pc_sub_bg.bmp"="06:25 26/02/13 660056 bytesAdds the file pc_pop_02.bmp"="09:25 26/11/12 158776 bytesAdds the file pc_pop.bmp"="11:33 18/02/13 158774 bytesAdds the file pc_check_txt_03.bmp"="09:01 19/02/13 29256 bytesAdds the file pc_check_txt_02.bmp"="09:01 19/02/13 29256 bytesAdds the file pc_check_txt_01.bmp"="09:00 19/02/13 29256 bytesAdds the file pc_btn2.bmp"="06:15 26/02/13 12536 bytesAdds the file pc_btn1.bmp"="06:16 26/02/13 12536 bytesAdds the file pc_apply_button_02.bmp"="04:48 15/02/13 25808 bytesAdds the file pc_apply_button_01.bmp"="04:47 15/02/13 25808 bytesAdds the file pc_apply_button.bmp"="11:39 18/12/12 44120 bytesAdds the file main_bg.bmp"="06:19 26/02/13 360056 bytesAdds the file gauge_scan.gif"="03:55 15/02/13 7481 bytesAdds the file gauge_risk.gif"="03:55 15/02/13 7334 bytesAdds the file gauge_good.bmp"="03:54 15/02/13 29720 bytesAdds the file gauge_activeX.bmp"="03:54 15/02/13 29720 bytesAdds the file c_pc2.bmp"="07:00 14/02/13 14056 bytesAdds the file c_pc1.bmp"="07:00 14/02/13 14056 bytesAdds the file c_boot2.bmp"="06:59 14/02/13 14056 bytesAdds the file c_boot1.bmp"="06:59 14/02/13 14056 bytesAdds the file c_act2.bmp"="07:00 14/02/13 14056 bytesAdds the file c_act1.bmp"="06:59 14/02/13 14056 bytesAdds the file btn_u.bmp"="03:47 15/02/13 3448 bytesAdds the file btn_s.bmp"="08:17 01/11/12 3446 bytesAdds the file boot_txt_01.bmp"="07:32 26/11/12 16556 bytesAdds the file boot_title_01.bmp"="12:04 06/02/13 25458 bytesAdds the file boot_sub_bg.bmp"="06:23 26/02/13 660056 bytesAdds the file boot_restore_button_01_02.bmp"="04:52 15/02/13 31376 bytesAdds the file boot_restore_button_01_01.bmp"="04:51 15/02/13 31376 bytesAdds the file boot_pop_01.bmp"="11:29 11/12/12 158776 bytesAdds the file boot_icon_02.bmp"="11:28 11/12/12 2296 bytesAdds the file boot_icon_01.bmp"="11:28 11/12/12 2296 bytesAdds the file boot_check_txt_03.bmp"="09:00 19/02/13 29256 bytesAdds the file boot_check_txt_02.bmp"="09:00 19/02/13 29256 bytesAdds the file boot_check_txt_01.bmp"="08:59 19/02/13 29256 bytesAdds the file boot_btn2.bmp"="06:15 26/02/13 12536 bytesAdds the file boot_btn1.bmp"="06:15 26/02/13 12536 bytesAdds the file boot_apply_button_01_02.bmp"="04:53 15/02/13 31376 bytesAdds the file boot_apply_button_01_01.bmp"="04:52 15/02/13 31376 bytesAdds the file act_btn2.bmp"="06:16 26/02/13 12536 bytesAdds the file act_btn1.bmp"="06:17 26/02/13 12536 bytesAdds the file activeX_txt_01.bmp"="05:50 07/02/13 18982 bytesAdds the file activeX_title_01.bmp"="12:03 06/02/13 25458 bytesAdds the file activeX_sub_bg.bmp"="06:24 26/02/13 660056 bytesAdds the file ActiveX_pop.bmp"="09:24 21/02/13 158774 bytesAdds the file activeX_del_button_02.bmp"="04:47 15/02/13 25808 bytesAdds the file activeX_del_button_01.bmp"="04:47 15/02/13 25808 bytesAdds the file activeX_check_txt_02.bmp"="09:01 19/02/13 29256 bytesAdds the file activeX_check_txt_01.bmp"="09:01 19/02/13 29256 bytesAdds the folder C:\Program Files\comfaster\tempAdds the file ZTransferX.cab"="03:35 13/11/12 482716 bytesRegistry===============[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\comfastersvc.exe]"(Default)"="'C:\Program Files\comfaster\comfastersvc.exe'"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\comfaster]"Publisher"="'sksoftbank.'""URLInfoAbout"="'http://www.comfaster.com'""DisplayVersion"="""DisplayIcon"="'C:\Program Files\comfaster\comfastersvc.exe'""UninstallString"="'C:\Program Files\comfaster\uninst.exe'""DisplayName"="'comfaster '"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_COMFASTER]"NextInstance"="1"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_COMFASTER\0000]"DeviceDesc"="'comfaster svc'""ClassGUID"="'{8ECC055D-047F-11D1-A537-0000F8753ED1}'""Class"="'LegacyDriver'""ConfigFlags"="0""Legacy"="1""Service"="'comfaster'"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_COMFASTER\0000\Control]"ActiveService"="'comfaster'""*NewlyCreated*"="0"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\comfaster]"Description"="'comfaster launcher'""ObjectName"="'LocalSystem'""DisplayName"="'comfaster svc'""ImagePath"="C:\Program Files\comfaster\comfastersvc.exe.""ErrorControl"="1""Start"="2""Type"="16"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\comfaster\Enum]"NextInstance"="1""Count"="1""0"="'Root\LEGACY_COMFASTER\0000'"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\comfaster\Security]"Security"="................0.................................`......................................... ... .............."

Malwarebytes Anti-Malware log:
Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.orgDatabase version: v2013.06.26.04Windows XP Service Pack 3 x86 NTFSInternet Explorer 8.0.6001.18702{username} :: MBAM-D3E8C91ACC [administrator]6/26/2013 7:24:00 PMmbam-log-2013-06-26 (19-24-00).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 185783Time elapsed: 53 second(s)Memory Processes Detected: 1C:\Program Files\comfaster\comfaster.exe (Rogue.ComFaster) -> 1408 -> Delete on reboot.Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 3HKLM\SYSTEM\CurrentControlSet\Services\comfaster (Rogue.DualBooster) -> Quarantined and deleted successfully.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\comfastersvc.exe (Rogue.ComFaster) -> Quarantined and deleted successfully.HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\COMFASTER (Rogue.ComFaster) -> Quarantined and deleted successfully.Registry Values Detected: 2HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\comfaster|URLInfoAbout (Rogue.ComFaster) -> Data: http://www.comfaster.com -> Quarantined and deleted successfully.HKLM\SYSTEM\CurrentControlSet\Services\comfaster|ImagePath (Rogue.ComFaster) -> Data: C:\Program Files\comfaster\comfastersvc.exe -> Quarantined and deleted successfully.Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 3C:\Program Files\comfaster\comfaster.exe (Rogue.ComFaster) -> Delete on reboot.C:\Program Files\comfaster\comfastersvc.exe (Rogue.DualBooster) -> Quarantined and deleted successfully.C:\Documents and Settings\{username}\Application Data\comfaster\comfastercnt.exe (Adware.Kraddare) -> Quarantined and deleted successfully.(end)

As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.
We use different ways of protecting your computer(s):
  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention


Save yourself the hassle and get protected.

Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.