Results 1 to 10 of 10

Thread: cftmon.exe

  1. #1
    jpg Guest

    Default cftmon.exe

    "Microsoft Word is trying to launch C:\Windows\System32\ctfmon.exe, or use another program t gain access to privileged resources."
    This alert appears every time I boot to XP.
    What is ctfmon.exe? Why does Word want to launce it? What if I deny access?
    jp

    Operating System:Windows XP Home Edition
    Product Name:ZoneAlarm Internet Security Suite
    Software Version:6.5

  2. #2
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: cftmon.exe

    Hi

    ctfmon.exe is a process belonging to Microsoft Office Suite. It activates the Alternative User Input Text Input Processor (TIP) and the
    Microsoft Office XP Language Bar. This program is a non-essential system process, but should not be terminated unless suspected to be causing problems.

    Note: ctfmon.execould also be a process which is registered as a trojan. This Trojan allows attackers to access your computer from remote locations, stealing passwords, Internet banking and personal data. This process is a security risk and should be removed from your system.

    http://www.liutilities.com/products/...ibrary/ctfmon/

    Oldsod
    Best regards.
    oldsod

  3. #3
    jpg Guest

    Default Re: cftmon.exe

    Thanks, Oldsod.
    How do I distinguish between cftmon.exe the Office
    process that I shoud not terminate and cftmon.exe the trojan that Ishould terminate?
    jp

  4. #4
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: cftmon.exe

    Easy.

    1) Check the Properties of the declared cftmon.exe. The version, time and date of the install, and maker are all listed. When it is declared or listed in the Zone Alarm, it should show it is located in the C\WINDOWS\system32 folder. Or just look there and see for yourself. If there are two, then there is foulplay. But the tim and date should match the time of the Windows install and activation. The version tab shows the exact number and supplier> something like this > 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158 and Microsoft Corp.

    2) Scan for trojans using your antivirus and the free online scanners.
    Bitdefender and TrendMicro's Housecalls are good, because they both will repair and remove as oppossed to just find and declare the problem for a manual removal. Also the Ewido online scan from ewido.net/ is an excellent malware and antitrojan scanner. Also worthy of mention is the Asquared free scanner from emsisioft.com for a download/install and manual update/manual scanner. Just use the IE for the online scans since they require ActiveX to be accomplished. These will reaffirm the purity of the PC and are very good for general checking on a monthly basis.

    Oldsod
    Best regards.
    oldsod

  5. #5
    jpg Guest

    Default Re: cftmon.exe

    I have only one ctfmon.exe, and it is where it should be. But it was created on 2002 and modified in 2004, whereas Properties for both the WINDOWS folder and the SYSTEM32 folder show that the folders were created in 2003. Is the date and time that the WINDOWS folder was created the same as time of the Windows install and activation -- or should I look somehere else for this info?jp

  6. #6
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: cftmon.exe

    One is the actual time of creation - when Windows XP itself was made by Microsoft. One is modified either by SP1 or SP2. The other is the actual time when the OS was installed/activated on the PC.

    Version tab should show Microsoft in this case and that alone should be assuring that it is genuine. When it says malware,com, that when there is a true problem.

    Malware makers try to copy the genuine windows applications and often try to mimic them- examples would be cftrmon or cftlmon or csftmon. They try to place them in the Windows directory, but make mistakes. Cftmon should be found in the system32 folder, but sometimes they make the mistake and put it in the C\WINDOWS folder or the C\WINDOWS\system instead.

    Just go by the Properties itself.
    Created: The time/date created means when installed on PC.
    Modified Date modified means when made or changed by update/SP.
    Accessed Should show the exact time/date by your opening

    Version tab should show the Company such as Microsoft or genuine security application company or hardware that is present or PC manufacture itself of the PC brand or third party software (MS has purchased and uses other applications and their software to be used in the Windows OS). Version should show Product and File versions and Product name. All of these can be googled to find out if they are legit and what they actually do and if the File/Product versions are correct.

    A great freeware tool is the Process Explorer. Very similar to the Task Manager itself, but lots of extras. Download it from sysinternals.com. A great tool for comphrehensive checking on the processes on the PC, both the .exes and the .dlls. Many details and info can be found by using it, plus it has a google search option included. great for seeing what is happening and how it's done and what is involved. Maybe it is information overload in the beginning, but is a very nifty tool to keep using to check the PC for any malware. Besides a great tool to learn things about the Windows OS itself.



    The cftmon on your PC is okay. No nefarious action is occuring. It is legitimate by your indications. So all is good.Take care,

    Oldsod
    Best regards.
    oldsod

  7. #7
    jpg Guest

    Default Re: cftmon.exe

    You have been most helpful with all this informantion, Oldsod. Thank you very much.jpg

  8. #8
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: cftmon.exe

    You are very welcome! Nice to see your are picking a few things up and that you are concerned very much about the security of your machine

    Oldsod
    Best regards.
    oldsod

  9. #9
    popsickill Guest

    Default Re: cftmon.exe

    I've also noticed that while this program has been sitting on my computer for a while it never seemed to be in use. It seems that when you install IE7, this starts getting used.

  10. #10
    Join Date
    Jun 2004
    Posts
    320

    Default Re: cftmon.exe

    If you want to stop cftmon from loading at startup: Control panel, Regional and languages, Languages tab, click details, advanced tab, check Turn off advanced text services, click apply, OK. You should only do that if you never use advanced text service (speech to text, for exammple) and don't use the language bar.
    The trojan cftmon.exe
    installs itself in C:\Windows, not C:\Windows\system32.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •