is a file that installs with Windows when you configure the language options. Ctfmon is installed with Office applications and activates the "Alternative User Input Text Input Processor
" as well as the "Language Bar
". It is also installed with IE7's Language Tool Bar which forces the use of this file to start at boot whether you want it or not. This process monitors the active windows and provides text input service support for speech recognition, handwriting recognition, keyboard, translation, and other alternative user input technologies. If you do not use these features, then Ctfmon.exe does not need to be running. However, if disabled in MSConfig or with a startup manager, Ctfmon.exe will re-appear on the next bootup. In order to prevent it from running, follow the steps provided in "What is ctfmon.exe And Why Is It Running?
". Also see "How to turn off the speech recognition in Office
Anytime you come across a suspicious file or one that you do not recognize, search the name using Google or the following databases:
Determining whether a file is malware or a legitimate process sometimes depends on the location (path) it is running from. One of the ways that malware tries to hide is to give itself the same name as a critical system file. However, it then places itself in a different location on your computer. Another techinique is for the process to alter the registry and add itself as a Startup program
so that it can run automatically each time the computer is booted. A file's properties may give a clue to identifying it. Right-click
on the file, choose Properties
and examine the General and Version tabs.
Tools to investigate running processes and gather additional information to identify them and resolve problems:These tools will provide information about each process, CPU usage, file description and its path location If you right-click on a file and select properties, you will see more details.
Anytime you come across a suspicious file which you cannot find any information, the file has a legitimate name but is not located where it is supposed to be, or you want a second opinion, submit it to Jotti's virusscan
. In the "File to upload & scan
" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis.