The truth about the automated process of running CTFMON.EXE
Many computer users have "scratched their heads" with the process of automatically running the name "ctfmon.exe". What is that?
Searching Google with the keyword "ctfmon.exe", you will get hundreds of results with different opinions about the process. The opinions are focused on two directions explaining that this is a process of Office software or a trojan. Indeed, there are up to two "type" ctfmon.exe that all have the same file icon.
Type 1 : This is an Office suite service that launches Alternative User Input Text Input Processor and Office Language Bar . This service monitors user input to provide appropriate input methods such as voice, handwriting, and keyboard. The ctfmon.exe process will be installed with the Office suite when you choose Alternative User Input in Office Shared Features . To disable this process, do the following (apply to Windows XP Professional): Go to Start -> Control Panel -> Add or Remove Programs , click Microsoft Office and select Change , in the window that appears, you highlight Go to the Choose advanced optimization of applications box and click Next . In the next window, navigate to the Alternative User Input section of Office Shared Features, click and change the icon to an X (Not available) and then select Update .
Then go back to Control Panel, select Date, Time, Language and Regional Options -> Regional and Language Options , click on the Languages tab and click Details , in the Text Services and Input Languages window, click the Advanced tab and highlight Select the Turn off advanced text services box , click OK . So ctfmon.exe "type 1" is gone!
Type 2 : This is Vb.AQT trojan (some other names like FakeRecycled.AQT! Tr , Recycled.20480 ). After being activated on the computer, it will perform the following "nefarious behaviors":
- Create the following folders and files on storage devices such as floppy disks, usb, hard disks:
[Drive name]: autorun.inf
[Drive Name]: Recycleddesktop.ini
[Drive name]: RecycledINFO2
- Create a copy of itself in [Drive Name]: RecycledRecycledctfmon.exe
- Create ctfmon.exe and desktop.ini files in the Windows Startup folder
- Perform the same actions as above but with another folder name is RECYCLER
This Trojan is extremely intriguing in that if you double-click the fake Recycled folder, you will be directed to the real Recycled folder right away. To see the "inner nature" of this directory, you have to use another trick: install compression software like Winrar, Winzip, open the corresponding drive, right-click on the Recycled folder (you must choose Show hidden files and folders and uncheck Hide protected operating system files in Folder Options to see this folder), use the command Compress to . on the context menu to create a compressed file from the Recycled folder above, at the end open the zipped file and "admire" the contents.
These trojan-infected storage devices will encounter a status that cannot be accessed directly by double-clicking and you must right-click and select Explore . More dangerous, according to information on some informative forums, Vb.AQT trojans can act as a spyware or keylogger to steal personal information of users.
Do not worry! You can easily kill this trojan with three steps :
Step 1 : Use the Windows Search feature with the keywords "Recycled", "RECYCLER", "INFO2", "ctfmon" to determine the path of folders and files created by trojans (remember to check Select the Search hidden files and folders section before searching). The path will be similar to the one described above, you may also find some paths to Windows cache directories like Prefetch, dllcache .
Step 2 : Delete all found files and folders. If an error message cannot be deleted, do the following: Download the iso image file of the boot disk Acronis Disk Director Suite at http://www.fileden.com/files/2007/5/5/1051345 /AcronisDiskDiretorSuite.iso then burn it to a CD, then boot the computer using this disc. In the interface of the program, double-click the drive name and move to the files and folders to be deleted, select and click the X-shaped icon to delete, you can rest assured that there will be no error message at all
Step 3 (optional): Although the above two steps are enough to get rid of the Vb.AQT trojan, you should use antivirus software like Bitdefender or Kaspersky to check again for sure.
(Note, if you remove the above two steps and only use antivirus software to kill, it will not succeed, because often this software only scans and detects, not "handles" the Trojan).
The experience shared above will hopefully help you. If you still have questions, you can email phuc_asimo@yahoo.com , I will be ready to answer.
You should read it
- Learn about the Program files folder in Windows
- Delete the SkyDrive Pro command in the right-click menu
- 6 ways to rename files and folders in Windows 10
- How to Open Zip Files
- How to Password Protect Files on a Mac
- How to Move the Copy Folder in Windows
- Open the file, open the folder with a mouse click
- How to Delete DLL Files
May be interested
- How to scan viruses on Windows with Process Explorerprocess explorer is a tool for managing processes running on windows and scanning for processes running by the famous virustotal virus scanning service.
- Truth Arena: Top 5 strong teams in the Ranking Mode you should trysome of the truth arena rankings teams, including how to build formations and some notes when building a squad
- 9 secrets of filmmakers that the audience does not knowin the process of making a film, the directors and producers faced many problems to ensure that the finished product was perfect. and sometimes solving them can change the entire film industry.
- A summary of 7 tips or Truth Arena may not be knownsome tips in the truth arena will help your match to be less difficult but much easier to win.
- Truth Arena: TOP 5 generals 1 strong gold you should usethese are some golden generals who can carry the team in the beginning of the battle, or you can use these generals about the following time in dtcl lmht
- What is the Host Process for Windows Tasks and why does it run much on the computer?if you've ever taken the time to look into the task manager window, you'll see a process called 'host process for windows tasks'. in fact you may have seen many instances of this process running at the same time. this article will explain to you what the host process for windows tasks process is and why it runs a lot on such computers.
- Instructions for using pstree command on Linuxpstree is a powerful and useful command to display processes running in linux. like the ps command, it shows all the processes that are currently active on your login system. the main difference is that when running the pstree command, processes are organized into tree sorting instead of lists like using the ps command.
- Truth League League of Legends: Strategy to help you have the fastest 3-star championthese two tactics will help you find the three star general in the truth arena the fastest
- How to download, install and play PBE TFT betawant to experience new features of dtcl before the official release? join the pbe server. taimienphi will guide you how to install and play the truth arena pbe test server, to become one of the first to experience and contribute ideas to the game development process.
- Notes for new players Truth Arena League of Legendsthese notes are small but also a notable factor in the league of truth league to help you win