ZHPDiag – O43 module – (Common File Directory) (CFD)

O43 of ZHPDiag module is related to the CFD module (Common File Directory). It allows you to list some common folders (public) and individuals to all users of a computer.

ZHPDiag search the qualification of a line by analyzing the executable files that are present in the affected folder. This action allows to detect if a malware spoofs not a legitimate directory name.

Overview ZHPDiag

—\\ Content of the programs files (288) – 7s
O43 – CFD: 22/03/2017 – [] AD — C:\Program Files7-Zip =>.Igor Pavlov
O43 – CFD: 25/10/2017 – [] AD — C:\Program Files (x86)\Apoint2K =>.ALPS ELECTRIC CO., LTD.®
O43 – CFD: 14/12/2016 – [] AD — C:\Program FilesBonjour =>.Apple Inc.

Examples of detection

—\\ AppData/ProgramData/ProgramFiles folder content (O43)
O43 – CFD: 07/01/2011 – 22:36:30 —-D- C:\UsersCoolmanAppDataRoamingOfferBox =>PUP. Optional.OfferBox
O43 – CFD: 08/01/2011 – 15:29:46 —-D- C:\UsersCoolmanAppDataRoamingDrivers =>Worm.Bagle

O43 – CFD: 25/01/2010 – 20:21:48 —-D- c:\WINDOWSsystem32configsystemprofilestart menuProgramstotal security =>SUP. TotalSecurity

Action ZHPFix

– The tool deletes file.

Report ZHPFix (Example)

Line seizure :
O43 – CFD:Common File Directory —-D- C:\Program FilesTrymedia

Report of ZHPFix v1.12.3118 by Nicolas Coolman, Update of the 07/07/2010

= File =.
C:\FilesTrymedia = program> Deleted and quarantined

= Summary =.
1 : Folder


Total views 825 (Today 1 )