Hello, I’m curious about a file that has been put in the sandbox in Avast… I’m running Avast Pro Antivirus and the file is c:\Windows\System32\ctfmon.exe
I’ve done some reading on this file and there are plenty of reports that this file may be a problem…my question is should I Terminate or just leave as is? :-\
What where you actually doing when the autosandbox did this as the user doesn’t run this file ?
So something doesn’t sit right with this interception.
What reason was given when intercepted by the autosandbox ?
The reason I ask for this information is that ctfmon.exe in the c:\Windows\System32 is a system file and if being detected the forums would be flooded with like topics and this isn’t the case.
Can you right click on this file and post its Properties, file version, creation, modification dates, etc.
I was just surfing the web earlier today…nothing serious, had started a quick scan and left the computer unattended and when I returned the scan had registered No Viruses…it was just by chance I had opened the sandbox and seen the file in the sandbox…there was no notification what so ever. I’ve included the files info you asked for…
That is strange as from that the file is old, hasn’t been modified and something that isn’t run by the user but by the system so I can’t understand why it would have been intercepted.
Mine certainly hasn’t.
Which is why nothing was found on the virustotal scan.
What OS and SP version are you using given that our file properties differ in date and file size ?
I’m running Windows 7 Ultimate Service Pack 1
Not sure how long the file was in the sandbox for or can I come close to remembering what I may have been doing at the time it was sandboxed.
Well that pretty much matches the one on my win7 SP1 netbook, it looks legit so I’m at a loss as to why it was ever intercepted by the autosandbox.
Personally I would remove the entry for it from the autosandbox settings, exclusions and see if it gets pinged again, it really shouldn’t. You might also try setting the autosandbox to Ask and see when/if it gets intercepted again, this may pin down why.
I don’t believe the updates would have triggered this as ctfmon.exe isn’t really involved in windows updates, see http://support.microsoft.com/kb/282599. If you look in task manager you will probably only see one entry for ctfmon.exe and that would be a User entry.