Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ctfmon_tk.exe(Trojan.FakeAlert)


  • Please log in to reply
1 reply to this topic

#1 Doofenschmirtz

Doofenschmirtz

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:28 PM

Posted 03 January 2010 - 02:47 PM

Hi all,

Running Vista Home Premium SP2 w/Norton 360 Premier Edition
I ran Panda Activescan 2.0 this am which returned a few cookies
I then updated and ran Malwarebytes which returned:
Files infected:
C:\windows\system32\ctfmon_tk.exe (Trojan.FakeAlert)

However, Microsoft seems to state that ctfmon_tk.exe is a necessary component of Office
Microsoft

However, Malwarebytes states to delete it
Malwarebytes

Am I ok to delete it?
I am running Norton 360, SuperAntiSpyware, AdAware, Spybot-SD Resident

If this is a real trojan, how did I get it if I have all of this protection?

Thanks,
Doof

BC AdBot (Login to Remove)

 


#2 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:10:28 PM

Posted 03 January 2010 - 10:20 PM

There's a subtle difference in the file referred to by Microsoft and the file you mention

When you run a Microsoft Office XP program, the file Ctfmon.exe (Ctfmon) runs in the background, even after you quit all Office programs.


and

C:\windows\system32\ctfmon_tk.exe (Trojan.FakeAlert)


Malware often uses filenames similar to those of legitimate system files to hide more effectively. The file that MBAM has detected is indeed a trojan; you should allow its removal.

If this is a real trojan, how did I get it if I have all of this protection?

That's a difficult question to answer precisely. There are countless possible ways that such a trojan could end up on your machine. Perhaps the best answer I can give is that no amount of security software will guarantee your immunity from malware infections. Malware writers are constantly devising new ways to slip past security software. The best defense against malware is to make sure all software stays up to date, and practice safe surfing habits. :thumbsup:

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users