Re: New one on the market (BlueMountain Card hook)

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Quoted text here. Click to load it

Why the heck did you open it and then click and give permission for
the executable to download and run?

It's a keylogger, password and other information stealer. There are
two main components, cftmon.exe and mshyta16.dll, which are started
from these registry keys:

DllName - [windows]\System32\mshyta16.dll

cftmon  - [windows]\System32\cftmon.exe

Delete the "__A" key (and all the values under it) and remove the
"cftmon" value from the "Run" key. Delete the two files cftmon.exe and
mshyta16.dll from the [windows]\System32 directory.

There will also be some related files in [windows]\System32. Look for
mshntfy16.dat, mshddtrack16.dat, mshdtxt32.dat, possibly GbpSv.exe and
a subdirectory named msconfig32 containing more directories and files.

Site Timeline