Solved

how can i determine if  ctfmon.exe is running as a trojan or a legitimate Windows process??

Posted on 2006-06-12
1
393 Views
Last Modified: 2013-12-04
hello,

i've noticed in one of our servers that ctfmon.exe is running, and i've read that it can be -beside being a legitimate Windows process - also a trojan that allows attackers to access your computer from remote locations, stealing passwords, Internet banking and personal data.  but we can Determine whether this process is a virus or a legitimate Windows process depends on the directory location it executes or runs from in WinTasks.

can anyone help me in this so i can find out if it is a trojan or not?

thanks
0
Comment
Question by:AZZA-KHAMEES
1 Comment
 
LVL 65

Accepted Solution

by:
SheharyaarSaahil earned 500 total points
ID: 16891734
Download hijackthis and tun it, save its log file, and open it, it will show that what are the processes running on your system and will show their path too, if ctfmon.exe is running from C:\Windows\System32 folder, then its the legitimate windows process, otherwise you can check out that where it is residing and can move furhter from there.

Download Hijackthis from here >> http://www.majorgeeks.com/download3155.html
0

Featured Post

Free Tool: Postgres Monitoring System

A PHP and Perl based system to collect and display usage statistics from PostgreSQL databases.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

No security measures warrant 100% as a "silver bullet". The truth is we also cannot assume anything but a defensive and vigilance posture. Adopt no trust by default and reveal in assumption. Only assume anonymity or invisibility in the reverse. Safe…
Users of Windows 10 Professional can disable automatic reboots using the policy editor. This tool is not included in the Windows home edition. But don't worry! Follow the instructions below to install (a Win7) policy editor on your Windows 10 Home e…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
I've attached the XLSM Excel spreadsheet I used in the video and also text files containing the macros used below. https://filedb.experts-exchange.com/incoming/2017/03_w12/1151775/Permutations.txt https://filedb.experts-exchange.com/incoming/201…

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question