Startup List Results
Startup Entry
Startup Entry
| Name | Filename | Description | Status |
| ctfmon | ctfmon.exe | Added by the Troj/SDBot-06 Trojan! which allows a remote user to access and control the computer via IRC channels. Note: Located in \%WINDIR%\ Note: Do not confuse with the MS Office file of the same name as described here | X |
| ctfmon | ctfmon.exe | Adware responsible for tenmonkey.com popups Note: Located in \%WINDIR%\ Note: do not confuse with the MS Office file of the same name as described here | X |
| CTFMon | ctfmon.exe | Added by the Family Kelogger program. Found at hxxp://www.spyarsenal.com/familykeylogger/ (DO NOT GO THERE). The program lets you record to a special file and then view all the keystrokes typed by everyone using your computer. Note: Remember if you did not put this on your computer then someone else did! Note: This Keylogging file is located in \%WINDIR%\%System%\CTF\ | X |
| ctfmon.exe | ctfmon.exe | CTFMon is involved with the language/alternative input services in Office XP. CTFMON.exe will continue to put itself back into MSConfig when you run the Office XP apps as long as the Text Services and Speech applets in the Control Panel are enabled. Not required if you don't need these features. For more info on ctfmon See_Here ;en-us;282599 . CTFMON can be disabled from Control Panel, Text & Speech Services. Note: The file will always be located in the \%WINDIR%\System32\ folder. Note: If it is located elsewhere, it will likely be a worm or trojan! | U |
| CTFMON.EXE | ctfmon.exe | Added by the Troj/Bckdr-QF TROJAN! Note: Located in \%WINDIR%\System\ Note: Do not confuse with the MS Office file of the same name as described here Note: Read the link, rootkit type stealth involved. | X |
O23 List Results
Windows Services
Windows Services
| Name | Filename | Description | Status |
| Alternative User Input Services (Ctfmon) | ctfmon.exe | Added by the W32/Tilebot-JR WORM! Note: This worm is located in C:\%WINDIR%\ Note: NoteThis is not the cftmon.exe normally found in C:\WINDOWS\System32\ | X |
| LPTRDC server (LPTRDCsrv) | ctfmon.exe | Identified as TrojanDownloader:Win32/Fourta.A Malware Note: located in \%WINDIR%\ Note: Use SDFix under supervision. | X |
| Microsoft CTF Loader | ctfmon.exe | CTF Loader | L |
| Windows CTF Loader | ctfmon.exe | W32/Sdbot-DFSCopies itself to %Windows% directory | X |
Drivers List Results
Driver Entry
Driver Entry
| Name | Filename | Description | Status |
| System Service | ctfmon.exe | Infostealer trojan, detected by ESET's Nod32 antivirus as a variant of Win32/PSW.OnLineGames.PSK | X |
Active Setup List Results
Active Setup - Installed Component
Active Setup - Installed Component
| CLSID | Name | Filename | Description | Status |
| {F5776D81-AE53-4935-8E84-B0B284D4BCEF} | (no name) | ctfmon.exe | Infostealer trojan, detected by Sophos as Troj/Insidoor-A | X |
| {003M185M-XA30-WYI2-3PNK-YXN35127018N} | (no name) | ctfmon.exe | Infostealer trojan, see here | X |
| {7N365172-32M6-8LL2-XRW7-EF733H5H8722} | (no name) | ctfmon.exe | Infostealer trojan, see here | X |
| {7A4Q2V25-7CXG-D2RT-6C77-166PLA7SA7Y7} | (no name) | ctfmon.exe | Infostealer trojan, detected by Kaspersky antivirus as Trojan.Win32.Jorik.Llac.ajd, see this ThreatExpert Report | X |
| {43GQRV6F-35TO-2VGB-GLJ7-L5LBTK7YQ187} | (no name) | ctfmon.exe | Infostealer trojan, detected by Microsoft as Backdoor:Win32/Xtrat.A - also see here | X |