PDA

View Full Version : Help with ctfmon.exe please!


cphsrsh
2006-08-05, 06:23
Hello everyone. I must say Spybot S&D is truly a great tool to get rid of annoying and dangerous malware. I have used it with great effect. :)

However, I still don't know how to get rid of ctfmon.exe from running on my desktop PC. My PC is Windows XP Home Edition, SP2, and it is Korean Windows.

After I run Spybot, in Tools -> System Startup, I uncheck ctfmon.exe which is located in C:\WINDOWS\System32. And when the pop-up dialog shows up, I tick "Remember decision" and click on "Allow Change."

When I restart my computer, it displays the notification pop-up saying that the registry has been changed. And when I check Task Manager, there is no ctfmon.exe running. However, when I open an Internet Explorer window, the notification pop-up shows up saying that ctfmon.exe has been added to my startup list. And when I check the Task Manager, the ctfmon.exe is running.

It would be great if I can get help getting rid of ctfmon.exe from running on my computer at all times. It worked for my notebook (which is English Windows), but doesn't work for my desktop. I thank you all in advance.
md usa spybot fan
2006-08-05, 07:17
The following article may help you understand what causes Ctfmon.exe to run:
Frequently asked questions about Ctfmon.exe
http://support.microsoft.com/default.aspx?scid=kb;en-us;282599
cphsrsh
2006-08-05, 18:40
Hey, thanks for the quick reply, usa spybot fan.

I should have researched this matter more thoroughly, but thanks for the great link. It has everything I ever wanted to know about ctfmon.exe and how I can get rid of it.

Just to be sure.. If ctfmon.exe is in C:\WINDOWS\System32, it is not a malware, right?

Once again, thanks for your swift help and advice.

Peter.
md usa spybot fan
2006-08-05, 20:26
Right.

Ctfmon.exe can also be associated with viruses, spyware, Trojans or worms usually when executed from a directory other than C:\WINDOWS\system32\.

This is why scanning for malware is not done just by names alone but usually done by what are referred to as signatures which can include content, hash values, etc. so that a valid copy of Ctfmon.exe can distinguish from a malignant copy of Ctfmon.exe.