Live Chat & Podcast at 1:00PM Eastern on Sunday!
There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
Search
General Security
Go to first new post Neighbor Piggybacking
Go to first new post Security -Expert installed multiple remo ...
Go to first new post Solved: not sure?about site
Go to first new post Computer security, may have been hacked ...
Go to first new post Account Maintenance/Upgrade
Tag Cloud
access acer asus bios bsod computer crash desktop driver drivers error ethernet excel freeze gaming hard drive hardware hdmi internet laptop malware memory modem monitor motherboard network printer problem ram registry router security slow software sound toshiba trojan ubuntu 11.10 uninstall usb video virus vista wifi windows windows 7 windows 7 32 bit windows 7 64 bit windows xp wireless
Search
Search for:
Tech Support Guy Forums > Security & Malware Removal > General Security >
Solved: invalid ctfmon.exe and dmaupd32.exe

Reply  
Thread Tools
rainforest123's Avatar
Distinguished Member with 6,632 posts.
  
Join Date: Dec 2004
Experience: Advanced
10-Sep-2009, 12:16 AM #1
Solved: invalid ctfmon.exe and dmaupd32.exe
Windows XP Pro SP3

Today, I was helping a colleague with a computer.

Antimalware is Avanquest System Suite 9. ASS9 had reported a problem with c:\windows\system32\ctfmon.exe; reporting was infected. ASS9 also reported infection with braviax.exe .

After the desktop had finished loading, a Windows error report that dmaupd32.exe encountered a problem & needs to close.

I ran ComboFix, which took care of braviax.

I submitted c:\windows\system32\ctfmon.exe to http://virusscan.jotti.org/en . All AV engines reported nothing found.

I ran 3 rootkit revealers; F-Secure; BlackLight; RootRevealer; nothing found. GMER had found no rootkits when ComboFix was run.

I ran SDFix, which found somethings, but did not mention ctfmon.exe.

Cleanbooting, I determined that c:\windows\system32\ctfmon.exe caused dmaupd32.exe to re-appear in C:\docs & settings\user name\start menu\programs\startup.

I renamed c:\windows\system32\ctfmon.exe to c:\windows\system32\ctfmon.xex, rebooted.

Then, c:\windows\system32\ctfmon.exe and c:\windows\system32\ctfmon.xex were there.

The error report regarding dmaupd32.exe no longer appeared.

I report this incident because previously I had confidence in the Jotti Virus Scan process. From now on, I will try additional virus scans similar to Jotti. This, http://www.viruschief.com/?language=de_DE , has 2 scanners not used by Jotti.

Feel free to recommend other online scanners at which one can submit files, one at a time. I do not refer to online scanners such as Kaspersky http://www.kaspersky.com/virusscanner , which is included in Jotti's and VirusChief's scanners.

RF123
__________________
Give someone a fish and they eat for a day. Teach someone to fish and they eat for a lifetime.
Change is constant. Growth is optional.
Attributes. http://www.wayneburke.com/Changeqte.html
Register for free to hide this ad!
Phantom010's Avatar
Computer Specs
Trusted Advisor with 25,017 posts.
  
Join Date: Mar 2009
Location: Cyberspace
Experience: Advanced
10-Sep-2009, 12:28 AM #2
ComboFix should never be used without proper supervision.

From http://www.bleepingcomputer.com/comb...o-use-combofix:
Quote:
You should not run ComboFix unless you are specifically asked to by a helper. Also, due to the power of this tool it is strongly advised that you do not attempt to act upon any of the information displayed by ComboFix without supervision from someone who has been properly trained. If you do so, it may lead to problems with the normal functionality of your computer.
SDFix hasn't been updated since november 2008. It's useless and you're taking another risk by using it without proper supervision.

There's ThreatExpert.

If you need help with malware removal, please start a new thread in the Malware Removal forum.
__________________

• Our help is free 'cause we like what we do, so at least, please reply in a timely manner... Thank you.
• If we've solved your problem, please click on Mark Solved in the upper left corner of your thread.
How to Mark Your Own Thread as "Solved".
rainforest123's Avatar
Distinguished Member with 6,632 posts.
  
Join Date: Dec 2004
Experience: Advanced
10-Sep-2009, 12:43 AM #3
I am aware of the advisories. Some of us are more advanced than others.

I made a conscious decision to begin the thread in the general security forum.

The issue is resolved.

Thanks for the link to ThreatExpert.

RF123
Email This Email  Print This Print  Tweet This Send to Facebook Send to MySpace Send to StumbleUpon Digg This | More Services More
Reply

THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!

« Previous Thread | General Security | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
WELCOME TO TECH SUPPORT GUY! Are you looking for the solution to your computer problem? Join our site today to ask your question -- for free! Our site is run completely by volunteers who want to help you solve your computer problems. See our Welcome Guide to get started.
Thread Tools



Facebook Facebook Twitter Twitter TechGuy.tv TechGuy.tv Mobile TSG Mobile
Contact Us - HelpOnThe.Net - Archive - Terms of Service - Top
You Are Using:
Server ID
Advertisements do not imply our endorsement of that product or service.
All times are GMT -4. The time now is 11:22 PM.
Copyright © 1996 - 2011 TechGuy, Inc. All rights reserved.

 Powered by Cermak Technologies, Inc.