rainforest123
Thread Starter
- Joined
- Dec 28, 2004
- Messages
- 8,256
Windows XP Pro SP3
Today, I was helping a colleague with a computer.
Antimalware is Avanquest System Suite 9. ASS9 had reported a problem with c:\windows\system32\ctfmon.exe; reporting was infected. ASS9 also reported infection with braviax.exe .
After the desktop had finished loading, a Windows error report that dmaupd32.exe encountered a problem & needs to close.
I ran ComboFix, which took care of braviax.
I submitted c:\windows\system32\ctfmon.exe to http://virusscan.jotti.org/en . All AV engines reported nothing found.
I ran 3 rootkit revealers; F-Secure; BlackLight; RootRevealer; nothing found. GMER had found no rootkits when ComboFix was run.
I ran SDFix, which found somethings, but did not mention ctfmon.exe.
Cleanbooting, I determined that c:\windows\system32\ctfmon.exe caused dmaupd32.exe to re-appear in C:\docs & settings\user name\start menu\programs\startup.
I renamed c:\windows\system32\ctfmon.exe to c:\windows\system32\ctfmon.xex, rebooted.
Then, c:\windows\system32\ctfmon.exe and c:\windows\system32\ctfmon.xex were there.
The error report regarding dmaupd32.exe no longer appeared.
I report this incident because previously I had confidence in the Jotti Virus Scan process. From now on, I will try additional virus scans similar to Jotti. This, http://www.viruschief.com/?language=de_DE , has 2 scanners not used by Jotti.
Feel free to recommend other online scanners at which one can submit files, one at a time. I do not refer to online scanners such as Kaspersky http://www.kaspersky.com/virusscanner , which is included in Jotti's and VirusChief's scanners.
RF123
Today, I was helping a colleague with a computer.
Antimalware is Avanquest System Suite 9. ASS9 had reported a problem with c:\windows\system32\ctfmon.exe; reporting was infected. ASS9 also reported infection with braviax.exe .
After the desktop had finished loading, a Windows error report that dmaupd32.exe encountered a problem & needs to close.
I ran ComboFix, which took care of braviax.
I submitted c:\windows\system32\ctfmon.exe to http://virusscan.jotti.org/en . All AV engines reported nothing found.
I ran 3 rootkit revealers; F-Secure; BlackLight; RootRevealer; nothing found. GMER had found no rootkits when ComboFix was run.
I ran SDFix, which found somethings, but did not mention ctfmon.exe.
Cleanbooting, I determined that c:\windows\system32\ctfmon.exe caused dmaupd32.exe to re-appear in C:\docs & settings\user name\start menu\programs\startup.
I renamed c:\windows\system32\ctfmon.exe to c:\windows\system32\ctfmon.xex, rebooted.
Then, c:\windows\system32\ctfmon.exe and c:\windows\system32\ctfmon.xex were there.
The error report regarding dmaupd32.exe no longer appeared.
I report this incident because previously I had confidence in the Jotti Virus Scan process. From now on, I will try additional virus scans similar to Jotti. This, http://www.viruschief.com/?language=de_DE , has 2 scanners not used by Jotti.
Feel free to recommend other online scanners at which one can submit files, one at a time. I do not refer to online scanners such as Kaspersky http://www.kaspersky.com/virusscanner , which is included in Jotti's and VirusChief's scanners.
RF123