Discussion in 'General Chat' started by BeauChaotica, 16 Jun 2009.

  1. BeauChaotica bodyshot noob


    Just spent an hour and a half removing this damn thing off my mum's laptop.

    Anyhow. Virus, dunno what it does, dunno where it came from (or when, for that matter..it seemed to have modified its inception dates etc) but you can easily check whether you have it.

    Start > (All) Programs > Startup

    If there is a file in there called ctfmon, you got it. Ctfmon is a legitimate Microsoft Office file involved in configuring advanced user settings, like the language bar and writing tablet drivers, so you might already have it *somewhere* but if you have a copy in startup, it ain't supposed to be there, and it's not a legit copy.

    Anyway if you don't have it (most likely) then great. If you do, talk to me or more preferably go here:


    It sounds easy but I spend my time going round and triple-checking everything.

    Just thought I'd mention it on the offchance =)
  2. Reag My name is an anagram for a reason

    Re: ctfmon

    I'm so pro that I don't have a startup folder.
  3. BeauChaotica bodyshot noob

    Re: ctfmon


    dats 1337 reag.
  4. Reag My name is an anagram for a reason

    Re: ctfmon

    I know. [​IMG]
    Last edited by a moderator: 28 Dec 2016
  5. shadiku nyoro~n

    Re: ctfmon

  6. Re: ctfmon

    That's the real ctfmon.exe probably :P
  7. shadiku nyoro~n

    Re: ctfmon

  8. Reag My name is an anagram for a reason

    Re: ctfmon


    Yeah, we all have it.
    Dun dun.
  9. BeauChaotica bodyshot noob

    Re: ctfmon

    Well I dunno but I thought that was fairly straightforward =P

    Read it again..you only have a problem if there is a file called ctfmon in /startup. For clarification this is a file with the SAME NAME as the legit ctfmon, which you may or may not already have as a running process or in system32.

    It's a common technique virus scripters use; if their script has some of the same credentials as an already-existing legitimate system file, then there's less chance of detection for various reasons. However, this one is somewhere it's not supposed to be.

    Also, I don't have it already =P no process, no file. It just depends on what you do with word basically.

Users Viewing Thread (Users: 0, Guests: 0)