Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

What Is Ctfmon.exe


  • Please log in to reply
11 replies to this topic

#1 JeanRich

JeanRich

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:08 AM

Posted 23 May 2007 - 08:25 PM

Spyware Terminator detected CTFMON.exe and said it is a threat so I told it to remove it which is supposedly did. I then ran a search on my computer to see if any such file turned up. No. I Googled for info on this file and it said it's used by MS Office (which I don't use) or it could be a virus. I ran Startup Inspector and discovered that a file named CTFMON.exe is checked to run on startup. I unchecked it of course. I have run Ad-aware, Spyware Dr. , Spy-Bot , and SpywareBlaster, and haven't come up with anything.

I'm wondering what my situation actually is. What is this file? Has my security been compromised seriously?

BC AdBot (Login to Remove)

 


#2 oldf@rt

oldf@rt

  • Members
  • 2,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Avondale, Arizona USA
  • Local time:06:08 AM

Posted 23 May 2007 - 08:40 PM

Not sure at one time your anti spyware was listed as a rogue/suspect program, but has since been de llisted: http://www.spywarewarrior.com/rogue_anti-spyware.htm

I would suggest that you run SuperAntiSpyware, http://www.superantispyware.com/ run all updates and do a full system scan there seems to be a case sensitivity issue as to the file that your program found. here is a link to M$ that shows how to disable ctfmon.exe. http://support.microsoft.com/default.aspx?...kb;en-us;282599
The name says it all -- 59 and holding permanently

**WARNING** Links I provide might cause brain damage

#3 JeanRich

JeanRich
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:08 AM

Posted 23 May 2007 - 08:57 PM

Thank you. I downloaded SuperAntiSpyware.exe and will give it a run. You mentioned the case issue. I put it in caps but it is actually in lower case.

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,122 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:08 AM

Posted 23 May 2007 - 08:57 PM

Ctfmon.exe is installed by Microsoft Office and provides alternative user input features. If you do not use speech or handwriting recognition features in Office. See "Frequently asked questions about Ctfmon.exe".

Ctfmon.exe is a legitimate file but some malware can also use that name. Determining whether it is legit or not depends on the location it executes or runs from. Ctfmon.exe should only appear in the following folders:
C:\Windows\system32
C:\Windows\Prefetch\CTFMON.EXE-0E17969B.pf

You may also find copies in i386 folders.
C:\i386\CTFMON.EXE
C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
The one in C:\i386 is the original from XP SP1a.
The one in C:\WINDOWS\ServicePackFiles\i386 is a newer version that was installed with XP SP2.

If ctfmon.exe is found elsewhere, then it is likely to be malware and you should submit the suspect file for analysis at jotti's virusscan or virustotal.com.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 JeanRich

JeanRich
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:08 AM

Posted 23 May 2007 - 09:11 PM

The file is located in C:\WINDOWS\system32\ctfmon.exe The fact that this file suddenly appeared and spywareterminator just found it and considered it a threat had me concerned because I don't have Microsoft Office.

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,122 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:08 AM

Posted 23 May 2007 - 09:45 PM

IE7 also installs the Language Tool Bar which requires ctfmon.exe to start at boot. IE7 installer forces the use of this file and the Language Toolbar in the Task Bar to start whether you want it or not.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 JeanRich

JeanRich
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:08 AM

Posted 23 May 2007 - 10:17 PM

Thank you so much for your help and time. I feel better about this now. Everything you said fits. I recently went to IE 7, although I only use IE when absolutely necessary. I have been using Firefox for a few years. The only time anything bad has come into my computer has been through IE.
thanks again!

#8 Commander Gman

Commander Gman

  • Members
  • 1,214 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:08 PM

Posted 24 May 2007 - 12:52 AM

Oh btw,Spyware Terminator comes with the "Crawler Toolbar" which is adware
If you have that installed on your computer,then you may be infected
Im not sure if the toolbar was mentioned in the setup installation but if you can't find it in the Add/Remove programs,then Spyware Terminator may be as well uninstalled
here is a review on McAfee: http://www.siteadvisor.com/sites/spywarete...ch&aff_id=0
Scroll down to see the reviews

I too almost thought of Spyware Terminator as safe but since i ran across this review,i refrained from using it ever again

For ctfmon.exe,:here is a link for more info

Edited by Commander Gman, 24 May 2007 - 12:57 AM.

Motherboard: MSI P35 Neo-F (Socket 775 LGA) Processor: Intel Core 2 Quad Q6600 @ 2.40 Ghz Kentsfield Chipset: Intel P35 Graphics Card: Nvidia Geforce GT 440 Memory: 2x 2GB DDR2 800 RAM Storage: 1x IDE 80GB, 1x SATA II 500 GB, 1x External 500GB HD Power Supply: 600W Power supply Monitor: Dual screen set-up Casing: Mini-ATX Fan(s): 1x 80mm silent fan OS: Windows XP SP3


#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,122 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:08 AM

Posted 24 May 2007 - 06:28 AM

...At the end of the three month probation period we re-tested Spyware Terminator, again finding no problems serious enough to justify listing the program on this page. As the vendor involved has not been involved in the distribution of adware for many months, and as the program itself exhibits no problems serious enough to warrant mention on this page, we have decided to de-list Spyware Terminator from the Rogue/Suspect list and can no longer regard the program to be "rogue/suspect."

Note on SpywareTerminator

Further, any program can be susceptible to a false positive from time to time. I have seen FPs from Ad-Aware, Spybot, SuperAntispyware and others. That in itself should not be a reason to remove the program.

See False positive ctfmon.exe.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#10 verycarolina

verycarolina

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:08 AM

Posted 26 August 2007 - 12:12 PM

I went to system32 and found the file but it is all lower case and does not say .exe, it just says cftmon in all lower cases....does this matter?

#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,122 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:08 AM

Posted 26 August 2007 - 12:21 PM

To see a file's extension, you need to Reconfigure Windows XP to show hidden files, folders. Double-click on My Computer, go to Tools > Folder Options and click on the View tab and uncheck "Hide file extensions for known file types", and hit Apply > OK.

All lower case is fine.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#12 verycarolina

verycarolina

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:08 AM

Posted 26 August 2007 - 12:38 PM

i found the extension it is .exe but i dont know if its a virus or not its signed by micrsoft corp. something is stopping me from sending or deleting my emails and the programs in my comp will either give a white screen or not come up at all.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users