| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 70530 | 2006-07-06 11:39:00 | ctfmon.exe - keylogger?? | Agent_24 (57) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 469032 | 2006-07-06 11:39:00 | Was just doing a scan with A-Squared when I happened to find something I had never seen before (apart from the usual advertisement cookies): Object Diagnosis Value: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Te rminal Server\SysProcs --> ctfmon.exe Trace.Registry.FamilyKeylogger Value: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Te rminal Server\SysProcs --> ctfmon.exe Trace.Registry.FamilyKeylogger Value: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Terminal Server\SysProcs --> ctfmon.exe Trace.Registry.FamilyKeylogger Apparently ctfmon.exe is part of office XP, but I only have office 2000. Also, ctfmon.exe is not listed in any startup field (checked with msconfig and starter), and it isn't a running process either (in taskmanager or process viewer or anything else) So why are these registry entries there? and should I delete them?? |
Agent_24 (57) | ||
| 469033 | 2006-07-06 12:12:00 | hmmmmmm (www.hijackfree.com) FamilyKeylogger can hide itself from the windows process viewer.... look for a CTF folder in C:\WINDOWS\SYSTEM32 |
gibler (49) | ||
| 469034 | 2006-07-06 12:12:00 | Normally ctfmon.exe is an MS program that is used to scan your computer files to index them for fast searching. I always disable it because it slows the computer down and starts when you are burning important DVD's etc, ie runs just when you don't want it to. Disable it in services. |
zqwerty (97) | ||
| 469035 | 2006-07-06 12:22:00 | I found a CTFMON.EXE in system32, no CTF folder, file properties says 'CTF Loader', made by Microsoft Corporation, seems all legit etc Can't find anything to do with CTF in services, and the indexing service points to C:\WINDOWS\system32\cisvc.exe |
Agent_24 (57) | ||
| 469036 | 2006-07-06 12:39:00 | Yes I had this on Win2K as well, that is when I learnt about it. I might be confused about Services but I was sure that I disabled it in Services on XP then removed it altogether. You can tell when it is running, your computer slows a bit and you can hear it racing through the HDD checking for changes to already indexed and new files etc. May be a component of XP 2003 Small Business Suite or something like that name, can't recall the exact wording. "When you run a Microsoft Office XP program, the file Ctfmon.exe (Ctfmon) runs in the background, even after you quit all Office programs." from here: www.neuber.com More here: support.microsoft.com Notice that if it is not in the correct folder then it could be a worm!!!! |
zqwerty (97) | ||
| 469037 | 2006-07-07 02:16:00 | Hi, you will find this process in office 2003 as well. Probably not a good idea to turn it off , it uses little processing power, and seems to start no matter how you try to disable it (even following MS instructions in the above link). Only concern would be it's location should be in windows system 32 and system32 dll cache. | jenae (254) | ||
| 1 | |||||