CastleCops® ctfmon.exe - legit or rouge?

Need help? Click here to register for free! Absolutely zero advertisements on this site!

**$9736.22 of $21422.68**

Help CastleCops serve the community on new servers, Donate Here to reach our goal.

	Donation/Premium

	Donations. Become Premium Today!

	Security Central

	· Home · PIRT/Fried Phish · MIRT · SIRT · Deutsch · Wiki · Newsletter · O16/ActiveX · CLSID List · Contest2007 · Downloads · Feedback (send) · Forums · HijackThis · Hijacktrend · LSPs · My Downloads · O18 · O20 · O21 · O22 · O23 · O9 · Premium · Private Messages · Proxomitron · Reviews · Search · StartupList · Stories Archive · Submit News · WsIRT · Your Account · Acceptable Use Policy

Survey

Forum FAQ

Usergroups

Profile

Select FavForums

ctfmon.exe - legit or rouge?

All -> FavForums -> Pacman

[del.icio.us!] [digg it!] [reddit!]

View previous topic :: View next topic

Author

Message

spoiltcheese

Guest
IP: 164.78.*.*

Posted: Tue Jul 12, 2005 4:30 am Post subject: ctfmon.exe - legit or rouge?

Hi, I was checking my system startup with Spybot S&D when I found this: The problem is that when I went to search for it, I found some infomation pertaining to Microsoft (under properties), making it appear legit. The problem is: is the ctfmon.exe legit, or rouge?

Robin

Site Admin
Phishing Squad Team Lead

Joined: Oct 15, 2003
Posts: 8924

Posted: Tue Jul 12, 2005 5:19 am Post subject:

It seems that there is possibly an error with SpyBot S&D. I'll alert the appropriate people. There are both legit and malware for ctfmon.exe, however the one which is listed in the right side of your screen shot is for ctfmon32.exe which is most definately a parasite. You haven't given us enough information to determine if the file is legit or not in your particular case. Here is why: /s795-ctfmon_exe.html /s9624-ctfmon_exe.html Ensure that your Anti-Virus product has the most current dat files and scan your system.

spoiltcheese

Guest
IP: 164.78.*.*

Posted: Tue Jul 12, 2005 5:23 am Post subject:

I'm going to download HijackThis and get the log. Where should I post the log?

spoiltcheese

Guest
IP: 164.78.*.*

Posted: Tue Jul 12, 2005 6:20 am Post subject:

Latest update: Did Live Update, scanned system using Norton AntiVirus, found no threat. I'm still disabling it though, since the legit version is not essential of system running.

TonyKlein

Site Moderator
Microsoft MVP

Joined: Oct 15, 2002
Posts: 13113
Location: Netherlands

Posted: Tue Jul 12, 2005 10:21 am Post subject:

This indeed seems to be a SpyBot error. It appends the wrong information... Your ctfmon.exe is MS Office related. Here's an article explaining how to disable it: OFFXP: What Is CTFMON and What Does It Do? (Q282599) _________________ Tony CLSID List

spoiltcheese

Guest
IP: 220.255.*.*

Posted: Wed Jul 13, 2005 10:04 am Post subject:

Thanks for the info, should I recheck the box since it is legit and I have no intention of removing it?

TonyKlein

Site Moderator
Microsoft MVP

Joined: Oct 15, 2002
Posts: 13113
Location: Netherlands

Posted: Wed Jul 13, 2005 5:13 pm Post subject:

Well, given the fact it's mainly a resource hog, I recommend you uninstall "Alternative User Input" as per the MS article. THat will remove ctfmon.exe from Msconfig as well. _________________ Tony CLSID List

	All -> FavForums -> Pacman	All times are GMT
Page 1 of 1

You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


	2002-2008 � Computer Cops LLC dba CastleCops®. All rights reserved. Acceptable Use Policy. Use signifies your agreement. 131ppm 0.417s (0.128s) Making cybercriminals unhappy since 2002*