CTFMON.EXE coming up as infection on PC#1 but not on PC#2.....

@ Nesivos
You are losing the point avast isn’t alerting on ctfmon.exe (so file signature, etc. are irrelevant), this is an anomaly of having created a custom scan and electing to scan memory.

Hi everybody

Thanks again for all of your help. It is very much appreciated.

Bob3160, you need to understand that we have been hit twice with the same issue and have had more than $6,000 taken from our bank accounts so you might appreciate that I am somewhat nervous about ensuring that the problem has been fixed . :slight_smile:

Essexboy, I have run combofix and have attached the log file. I reinstalled Windows XP and Office 2003 Small Business from the original CD’s and simply copied the PST file and other documents from the old PC to the new PC (PC1)

Thanks again
Regards
Greg

It is always better to be sure than sorry

As it stands at the moment I can see no evidence of a keylogger or malware

Is the computer behaving properly with no weird happenings

Hi Essexboy

Thanks for taking the time to help me.

The PC (PC1) is behaving properly with no “weird” things happening…so I guess we close this issue and move on!

Thanks again for everybody’s help and input.

My last question relates to protecting us as much as possible whilst we are banking online. As we do a lot of online banking, is there anything that I need to “turn on” or configure in Avast to make our protection as strong as possible??? Is Safezone the answer and do I need to do anything to set it up???

Regards
Greg

Safezone is only available with the Pro and AIS versions

Using that will isolate all banking data from the rest of your system

I am using Avast Internet Security so therefore we should do the following?:

  1. Configure AIS so that all of the installed browsers (IE, Firefox etc) are started in their own Sandbox
  2. If we do #1, do we still need to use Safezone???

Thanks
Regards
Greg

I would recommend that you use safezone, as sandboxing is more for stopping stuff getting on to your system

Sandboxing is designed to be run when you suspect something suspicious and you want to be sure
there’s nothing in that new program to ham your system.
Running something sandboxed isn’t designed for everything. It does slow things down, sometimes considerably.
If it had no drawbacks, we would all be using it all the time. :wink:

Thanks Guys

I’ll try both Sandbox and Safezone and see what happens.

Regards
Greg

Are you saying the Custom Scan is running on one of the computers and not both? If so I guess I missed that

I do know that Memory Scans tend to ID a lot of stuff as Malware eg SAS processes.

Well that doesn’t matter as my comment was directly to yours.

You were talking about the detection being on ctfmon.exe and it never was on that file. not the scan type or if a custom scan undertaken.

Reread the topic the OP makes that point detection on one not on the other, so a deal of reading between the lines is required to make the assumption.

However, I wasn’t bothered about why it wasn’t detected on the one system, only why there was a detection on the other and that was because it was a custom scan with a memory scan also selected as shown in the image posted by the OP in Reply #4.

The identical Custom scan was run on both PC1 and PC2.

Regards
Greg

As David has already mentioned on a few occasions, the results when doing that type of scan
are Unpredictable.
Which is the reason for it showing up infected on one computer but not on the other.