Solved: invalid ctfmon.exe and dmaupd32.exe

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

rainforest123

Thread Starter
Joined
Dec 28, 2004
Messages
8,256
Windows XP Pro SP3

Today, I was helping a colleague with a computer.

Antimalware is Avanquest System Suite 9. ASS9 had reported a problem with c:\windows\system32\ctfmon.exe; reporting was infected. ASS9 also reported infection with braviax.exe .

After the desktop had finished loading, a Windows error report that dmaupd32.exe encountered a problem & needs to close.

I ran ComboFix, which took care of braviax.

I submitted c:\windows\system32\ctfmon.exe to http://virusscan.jotti.org/en . All AV engines reported nothing found.

I ran 3 rootkit revealers; F-Secure; BlackLight; RootRevealer; nothing found. GMER had found no rootkits when ComboFix was run.

I ran SDFix, which found somethings, but did not mention ctfmon.exe.

Cleanbooting, I determined that c:\windows\system32\ctfmon.exe caused dmaupd32.exe to re-appear in C:\docs & settings\user name\start menu\programs\startup.

I renamed c:\windows\system32\ctfmon.exe to c:\windows\system32\ctfmon.xex, rebooted.

Then, c:\windows\system32\ctfmon.exe and c:\windows\system32\ctfmon.xex were there.

The error report regarding dmaupd32.exe no longer appeared.

I report this incident because previously I had confidence in the Jotti Virus Scan process. From now on, I will try additional virus scans similar to Jotti. This, http://www.viruschief.com/?language=de_DE , has 2 scanners not used by Jotti.

Feel free to recommend other online scanners at which one can submit files, one at a time. I do not refer to online scanners such as Kaspersky http://www.kaspersky.com/virusscanner , which is included in Jotti's and VirusChief's scanners.

RF123
 

Phantom010

Retired Trusted Advisor
Joined
Mar 9, 2009
Messages
34,801
ComboFix should never be used without proper supervision.

From http://www.bleepingcomputer.com/combofix/how-to-use-combofix:
You should not run ComboFix unless you are specifically asked to by a helper. Also, due to the power of this tool it is strongly advised that you do not attempt to act upon any of the information displayed by ComboFix without supervision from someone who has been properly trained. If you do so, it may lead to problems with the normal functionality of your computer.
SDFix hasn't been updated since november 2008. It's useless and you're taking another risk by using it without proper supervision.

There's ThreatExpert.

If you need help with malware removal, please start a new thread in the Malware Removal forum.
 

rainforest123

Thread Starter
Joined
Dec 28, 2004
Messages
8,256
I am aware of the advisories. Some of us are more advanced than others.

I made a conscious decision to begin the thread in the general security forum.

The issue is resolved.

Thanks for the link to ThreatExpert.

RF123
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

No members online now.
Top