BleepingComputer.com: I Have 2 Ctfmon.exe Files In Startup! And A Security Question!

I people! I'm new.

Question 1:

Here the problem. I have 2 ctfmon.exe files in startup!!!

But on MSCONFIG I can only see one of them! I use ewido spyware free edition and in it there's a tool that detects startup programs. In ewido I can see that there are 2 programs with the same name at stratup!

The first one has a file name CTFMON.EXE and it's path is C:\WINDOWS\System32\ctfmon.exe and it's location is Registry\HKCU\RUN

The second one has the same name CTFMON.EXE and it's path is C:\WINDOWS\System32\CTFMON.EXE (all capital letters see) and it's location is Registry\HKU\.Default\...

Sorry I can post the whole location as ewido doesn't show it all.

On MSCONFIG the location for the one and only ctfmon file is HKCU\SOFTWARE\Microsoft\Windows\CurrentVer...

Why do I have 2 ctfmon.exe files in startup? I've read the explanation on this forum and I know that ctfmon.exe can be a worm or malware too.

Is it normal to have 2 ctfmon.exe files or one of them has to be a worm or malware?

Question 2:

Also I've recently come under heavy attack by all sorts of things: viruses, trojans, worms. I seem to find one of them every day!

I use evido spyware free edition ( it has no shield ) and AVG free edition for viruses. But I still use XP service pack one. They say that one is full of holes.

Any suggestions how to increase my security and stop this daily attacks? My opinion is there must be some back door or smth that this hacker is using to constantly attack me. Being attack every day simply defies the odds! There must be smth I can do to stop this!

This is fine and normal. The HKEY_USERS\.DEFAULT is a template which is used to contain the default settings that will be added to a new users registry. Thus seeing it in both the .Default location and the users registry section is perfectly normal and safe. Do not be concerned about that.

Upgrade to service pack 2 immediately. You really should be at that service pack level. Also are you using a firewall?

Grinler, on Sep 17 2006, 03:46 PM, said:

I don't think I have a firewall. I use ewido free ( no shield ) and AVG free (also no firewall). Do you know of a free product that can give good pretection?

I've read your blog entry, good job. But I didn't see you recommned any software

Grinler, on Sep 17 2006, 03:46 PM, said:

Thanks for the help.

After looking around the forum I noticed that you do recoomend 3 free firewalls: kerio, zone alarm and another one.

Which is best to do the job in your experience?

I have a few questions about windows update. Sorry they may sound weird but I'm totally ignorant when it comes to computers.

1. I don't trust windows update at all. I've been having horrible problems with IE 6, and I switced to mozilla a year ago and never looked back. My question is does Windows Update use IE when it does it's update? Cause mine IE is corrupted, whenever I surf with it I have security problems. If it uses Internet Explorer that would probably invite some more viruses in my system.

2. Another Q about windows update. I have around 1 gb of updates ( I didn't have internet in a while so I couldn't do updates) and I can't do it all at once, slow connection. So can windows partially download files? I think it can do that, but I didn't pay much attention then. Let's say I have a 10 mb file. Say I log in now, download a half of a 10 mb file and lof off. Will it contunue where it left off the last time, or do I have to download the whole file again from the start?

3. A final Q about windows update - I use service pack 1 now. Do I have to uninstall service pack 1 before I can install service pack 2? How would this work? Do I have to back up my files before I download service pack 2? Or will it just be installed like any other update?

A friend of mine said that I had to uninstall Windows before I install service pack 2. He said all the programs I installed would not work anymore. I have important files on my computer and I'm afraid I may lose them if I install service pack 2.

Thanks for the help. This Q's may sound stupid, but I really know little about computers. Thanks. waiting for your reply.

This post has been edited by fxkingg: 23 September 2006 - 06:13 AM

If you start IE and exclusively use it for WIndows updates then you should have no problems.

Hmm..tough question. I dont believe it does partial transfers unfortunately.

For service pack 2, you would just install SP2 directly over SP1. What your friend said is entirely incorrect. You wil be fine just installing the patch. As for the free firewalls, sunbelt software has a free personal firewall that is very good. A t the least your Windows XP firewall that comes with SP2 is much much better than none at all.

If you have an older version of XP with SP1, you can order an SP2 CD. I had to do that for my oldest XP computer as I'm on dial up.

Quote

Once you click on Windows updates, click on 'custom install'. It will show all you need, but you can do as many as you can handle with a slow connection. Once you've downloaded and installed...rebooted; you can go back and pick up some more

Jacee,

That allows you to download the individual security updates, but do you know if it will resume a download if you stop it in the middle?

Grinler, on Sep 23 2006, 08:58 PM, said:

Thanks, a great help, and I'm learning a lot here people!

I have just 1 more question. If I don't start IE at all, but use just the windows update feature will IE start too?

I'm asking this cause a lot of programs like paltalk or some messengers utilize IE allthough I don't start it.
I just don't trust IE at all.

I use version 6, I'm thinking about getting the new one, but as any microsoft product, I'm afraid that the new will be full of bugs.

If there's any way to avoid using internet explorer to do the windows update to tell.

Also, if I have to use it, how can I make it more secure? My IE got hijacted a year ago, then I switched to mozilla cause it's way safer. I think the IE is clean now, but how can I be sure? Whenever I turn it on, after a while it starts to bombard me with pop-ups even when I'm not visiting sites... I keep finding trojans or trojan downloaders in IE folders. Even tough I'm not using it, cause some other programs use it, I get in trouble. I don't trust it at all.

Can I avoid using Inetrnet Explorer?

If you turn on automatic updates in the control panel this should download the updates to your computer without using IE. It may take a couple of days to download all the updates and when it is done, it will popup a message stating new updates are ready to install. You can speed this up by turning on the windows firewall and then leaving your computer on for an entire day to let it download.

To harden IE, and your computer in general, you can read this:

http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

Grinler, on Sep 25 2006, 04:34 PM, said:

How can I turn on windows firewall? I thought service pack 1 doesn't have a firewall?

It does but its a very basic one. Xp SP 2 is a better one.

View this link:

http://www.bleepingcomputer.com/tutorials/how-to-configure-windows-xp-firewall/

Grinler, on Sep 25 2006, 07:49 PM, said:

Thanks I already have that firewall up a long time ago, since I first started surfing. I firewall every connection.

But in the settings/ services tab I noticed several programs that have been checked (not by me). They were 2 from emule and 2 from bitcomet. I have installed this programs a while ago, but have removed them. Weird how these settings weren't changed.

I also found another service that I can't identify here it is: dplaysvr(bunch of numbers after that)
Any idea what this is?

Unfortunately not...you can delete the services by click on start, run, typing cmd and press enter. At the cmd prompt type:

sc delete <name of service> and press enter. The service will be deleted

For example sc delete emule if emule was the name of the service.

I dont know what the other one is ...what file does it use?

Grinler, on Sep 25 2006, 08:21 PM, said:

I don't know what does it use. How do I see that?

Also I unchecked all 5 services, doesn't that stop them from showing?

Thanks for the help so far, I'm learing a lot.

If you double-click on the service name it should tell you the filename associated with it.

Disabling the service will stop them from running..but to completely remove them you need to delete them using the method above. You can get the service name by clicking on start, then run, and typing services.msc and pressing the OK button.

Then double-click on the service in question and the information that pops up will contain the service name.