It isn’t a typo if you got the info from the avast alert or log file, which I presume you did and copied it into your post ?
*PROCESS\678\cftmon.exe\400000\6000\cftmon.exe Severity High Threat: Win32:Trojan-gen…
I have to admit that I missed the incorrect spelling in that file name (when I submitted a report to check it as a possible FP), or I would have queried it in the forum first. That would also account for why I couldn’t replicate the alert in my memory scan as there is no cftmon.exe on my system.
The legit file, ctfmon.exe is only in my system32 folder, having done a search for c*mon.exe which would bring up all files beginning with c, ending with mon and .exe file type. This only returns the ctfmon.exe and one unrelated file, no cftmon.exe, see image.
So you have what appears to be a suspect file (cftmon.exe) on your system that is either hidden (see ~~~~ below) or undetected. Do a search for cftmon.exe and if found, submit it to avast for analysis as a possible undetected malware sample.
Send the sample/s to avast as a Undetected Malware:
Open the chest and right click in the Chest and select Add, navigate to where you have the sample and add it to the chest (see image). Once in the chest, right click on the file and select ‘Submit to virus lab…’ complete the form and submit, the file will be uploaded during the next update.
You could also check the offending/suspect file (assuming you find it) at: VirusTotal - Multi engine on-line virus scanner and report the findings here the URL in the Address bar of the VT results page. You can’t do this with the file securely in the chest, you need to extract it to a temporary (not original) location first.
- Ensure that you have hidden files and folders enabled and disable hide system files in Windows Explorer, Tools, Folder Options, Hidden files and folders, uncheck Hide extensions for known file types, etc. see image.