Posted 17 September 2006 - 04:11 AM
Hi I posted this in the startup forum cause I think the 2 topics may be related, maybe the hacker is using this ctfmon.exe file as a back door to attack me! Recently I've come under heavy attack by all sorts of things: viruses, trojans, worms. I seem to find one of them every day, literally!
Here the problem. I have 2 ctfmon.exe files in startup!!!
But on MSCONFIG I can only see one of them! I use ewido spyware free edition and in it there's a tool that detects startup programs. In ewido I can see that there are 2 programs with the same name at stratup!
The first one has a file name CTFMON.EXE and it's path is C:\WINDOWS\System32\ctfmon.exe and it's location is Registry\HKCU\RUN
The second one has the same name CTFMON.EXE and it's path is C:\WINDOWS\System32\CTFMON.EXE (all capital letters see) and it's location is Registry\HKU\.Default\...
Sorry I can post the whole location as ewido doesn't show it all.
On MSCONFIG the location for the one and only ctfmon file is HKCU\SOFTWARE\Microsoft\Windows\CurrentVer...
Why do I have 2 ctfmon.exe files in startup? I've read the explanation on this forum and I know that ctfmon.exe can be a worm or malware too.
Is it normal to have 2 ctfmon.exe files or one of them has to be a worm or malware?
Also I've recently come under heavy attack by all sorts of things: viruses, trojans, worms. I seem to find one of them every day!
I use evido spyware free edition ( it has no shield ) and AVG free edition for viruses. But I still use XP service pack one. They say that one is full of holes.
Any suggestions how to increase my security and stop this daily attacks? My opinion is there must be some back door or smth that this hacker is using to constantly attack me. Being attack every day simply defies the odds! Someone is doing this on purpose! There must be smth I can do to stop this!