E
Edna Boxe
Addendum: looking in the correct place (using msconfig rather than regedit)
I find 1 (one) entry for ctfmon.exe
Edna.
I find 1 (one) entry for ctfmon.exe
Edna.
Edna Boxe said:Checking the registry there's no entries for ctfmon.exe, there's one in
HKEY_LOCAL_MACHINE\system\control\terminal server\SysProc though.
History & cookies are deleted every time my computer starts - using
CCleaner.
Edna.
nass said:Yes, but you can have 6 instances of svchost.exe running in the task
manager? did you searched for it (Ctfmon.exe)?
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run = how
many
entries there for the ctfmon.exe here?
The svchost.exe is a security process and can be used by many running
services, also you can experiencing a memory leak.
Process located here:
C:\WINDOWS\system32\svchost.exe size: 14336
Use this tool to see what taken the most usage of the CPU on your
machine.
ShellExView v1.19 - Shell Extensions Manager
http://www.nirsoft.net/utils/shexview.html
Go through these cleaning steps:
1... Click start >> Control Panel >> Double Click Network and Internet
Connections >> Double click Internet Options, on the IE Properties window
you will see these Options:
General | Security | Privacy | Content | Connections | Programs
| Advanced .
Click on General Tab (1st Tab on the left) and you will see a Button
called
[ Clear History ..] click on it to clear your History caches, then click
on
[Delete Files..] to delete Internet Files created over the time, click on
[
Delete Cookies...] to delete your cookies left by visiting websites.
Then click on Advanced tab and scroll down to under the Browsing Option:
[&] Browsing
[ ] Enable Third-Party browser extensions (Req Rest) uncheck this box.
= Then try to Disable the Add-Ons on your Browser somehow installed on
your
browser, On how to disable the Add-ons follow this:
Click on Programs Tab and then click the Manage Add-Ons Button there
Disable
the None/Not Verified Plug-ins/Add-ons ( you need to Renable them
one-by-one
later and see which is the culprit .
How to manage Add-Ons:
http://support.microsoft.com/kb/883256
Scan for malware from here:
SuperAntispyware - Free
http://www.superantispyware.com/superantispywarefreevspro.html
http://onecare.live.com/site/en-gb/default.htm?s_cid=sah
http://onecare.live.com/standard/en-gb/default.htm
RootkitRevealer v1.71
By Bryce Cogswell and Mark Russinovich
http://www.microsoft.com/technet/sysinternals/Security/RootkitRevealer.mspx
Run a scan from here on-line:
http://security.symantec.com/sscv6/default.asp?langid=ie&venid=sym
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx
Download Avast Cleaner (off-line scanner) from here:
http://www.avast.com/eng/avast-virus-cleaner.html
Lots of tools to download and disinfect your machine (off-line scanner):
http://www.bitdefender.co.uk/site/Downloads/browseFreeRemovalTool/
How to speed your PC:
http://www.blackviper.com/WinXP/supertweaks.htm
Run disk clean up and then run this command:
sfc /scannow
How To: troubleshoot svchost.exe:
http://blogs.technet.com/askperf/ar...started-with-svchost-exe-troubleshooting.aspx
Download the Hijackthis and send the report to one of
many
forums for analysis and troubleshooting:
When all else fails, HijackThis v2.0.2
(http://www.trendsecure.com/portal/en-US/threat_analytics/hijackthis.php)
is
the preferred tool to use.
It will help you to both identify and remove any hijackware/spyware. Post
your log to:
http://aumha.net/viewforum.php?f=30,
http://castlecops.com/forum67.html,
http://forums.subratam.org/index.php?showforum=7
http://www.bleepingcomputer.com/tutorials/tutorial42.html
http://www.bleepingcomputer.com/forums/
Or other appropriate
forums for expert analysis, not here.
Let us know your progress.
nass
----
http://www.nasstec.co.uk
Edna Boxe said:From what I hear if the svchost is in the system 32 folder then it's ok,
anywhere else & it's definitely a virus, is this correct?
Edna.
but this process can be infected R.McCarty with a virus or keyloggers?
Not because of the updates but it could be the updates revealed the
infection and the OP need to check further.
Like the Svchost.exe can be embedded with a Troj?
FileMon for Windows v7.04
http://technet.microsoft.com/en-us/sysinternals/bb896642.aspx
Have a look here for windows Sysinternals
http://technet.microsoft.com/en-us/sysinternals/default.aspx
Use this tool to see what taken the most usage of the CPU on your
machine.
ShellExView v1.19 - Shell Extensions Manager
http://www.nirsoft.net/utils/shexview.html
To the OP please upload this file ( ctfmon.exe) to this link for scan:
http://www.virustotal.com
:
Yes because NIS = Not Intelligent Software
Really gives a good sense of security when it indicts a Microsoft
Office component as a keylogger.
Since I've downloaded sp 3 Norton Internet Security says that
c:\\windows\system32\ctfmon.exe has a keylogger, is this a false
positive?
If I remove sp 3 the keylogger also goes so I know it's nothing
else.
Edna.