Please help with HJT log-I'm a beginner!

Unknown

This is the log number: log=241530
Shortcut: http://hjt.iamnotageek.com/parse.php?log=241530
Could someone please analyze it for me? My computer is pretty new and It's a little slow...

Also, could I maybe get some suggestions of good adware/spyware/virus etc. software programs to download?

Every time I have used HJT it has advised me to remove this line from the log:
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeCtfmon.exe

"CoolWebSearch Ctfmon32 parasite variant"

I have "fixed" it through HJT several times and turned the computer off and on and it is still there. Any thoughts?

Your help is much appreciated. Thank you!
Melissa

chiaz

I have taken a look at the log, and I believe that to be a false positive (not rare with automatic HJT analysers).

However, to be sure, please go to http://virusscan.jotti.org , click on Browse, and upload the following file for analysis:

C:\WINDOWS\system32\ctfmon.exe

Then click Submit. Allow the file to be scanned, and then please copy and paste the results here for me to see.

berneym77

chiawaikian wrote:

I have taken a look at the log, and I believe that to be a false positive (not rare with automatic HJT analysers).

However, to be sure, please go to http://virusscan.jotti.org , click on Browse, and upload the following file for analysis:

C:\WINDOWS\system32\ctfmon.exe

Then click Submit. Allow the file to be scanned, and then please copy and paste the results here for me to see.

Thank you so much for your reply! Here are the results:

Service load: 0% 100%

File: ctfmon.exe
Status: OK (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5 24232996a38c0b0cf151c2140ae29fc8
Packers detected: -
Scanner results
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
UNA Found nothing
VirusBuster Found nothing
VBA32 Found nothing


Does Everything else in the log look ok?
Thanks again,
Melissa

berneym77

Actually, I had googled the "problem" program before, but I just tried it again and adjusted my search by just looking up ctfmon.exe-This is directly from microsoft support:

What Is the Ctfmon.exe (Ctfmon.exe) File?
Ctfmon.exe activates the Alternative User Input Text Input Processor (TIP) and the Microsoft Office Language Bar.

What Does the Ctfmon.exe File Do?
Ctfmon.exe monitors the active windows and provides text input service support for speech recognition, handwriting recognition, keyboard, translation, and other alternative user input technologies.

Can I Remove the Ctfmon.exe File?
Removing the Ctfmon.exe might cause problematic behavior in your Office XP programs, so removing it is not recommended. To prevent Ctfmon.exe from running, follow these steps.

So, it looks like it's ok
My question is then how does the rest of the log look? Do you want me to cut and paste it?
I have CC Cleaner, Win Patrol, Hijack this, and Norton.
What other programs would you recommend? I do use Limewire for downloads-so far just music-but I know this can cause issues. I had Spybot but it was a little buggy, so I removed it- do you think I should readd it ? Should I get a firewall-will that effect downloading music?

chiaz

Nice research berneym77! The real ctfmon.exe is indeed safe (albeit a little buggy), but there are some malicious programs that do attempt to deceive users by using otherwise legitimate filenames. That's why I got you to check the said file with Jotti's Online Scanner.

I checked your log, and all appears fine.



Here are a number of recommendations for additional protection to help prevent any malware infections in the future. These few simple steps can stave off the vast majority of spyware problems. They include some of the answers to your questions, so please consider them carefully.

You may have already taken some of these steps:
1. Watch what you download!
Do not download just anything you see on the web. Some may have spyware bundled into them.

2. Try not to use peer-to-peer programs.
P2P programs like Grokster, Imesh, Kazaa and others are amongst the most notorious, come with an enormous amount of bundled spyware that will eat system resources, slow down your system, clash with other installed software, or just plain crash your browser or even Windows itself. If you insist on using a P2P program, please read this article written by Mike Healan of Spywareinfo.com fame. It is an updated and comprehensive article that gives in-depth detail about which P2P programs are "safe" to use.

3. Visit Windows Update:
Make sure that you have all the Critical Updates recommended for your operating system and IE. The first defense against infection is a properly patched OS.
Windows Update: http://v4.windowsupdate.microsoft.com/en/default.asp
We recommend checking for Windows updates monthly.

4. Adjust your security settings for ActiveX:
Go to Internet Options/Security/Internet, press 'default level', then OK.
Now press "Custom Level."
In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to 'prompt', and 'Initialize and Script ActiveX controls not marked as safe" to 'disable'.

So why is ActiveX so dangerous that you have to increase the security for it?
When your browser runs an activex control, it is running an executable program. It's no different from doubleclicking an exe file on your hard drive.
Would you run just any random file downloaded off a web site without knowing what it is and what it does?

5. Download and install the following free programs:
a. SpywareBlaster: http://www.javacoolsoftware.com/spywareblaster.html
b. SpywareGuard: http://www.javacoolsoftware.com/spywareguard.html
Periodically check for updates.

6. Keep your antivirus software up to date. If you don't have one, I recommend the free AVG.

7. Use a firewall. If you don't have a firewall, I recommend the free version of ZoneAlarm
A tutorial on understanding and using firewalls may be found here

8. IE-SPYAD puts over 5000 sites in your restricted zone, so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all. Another good hosts program is mvpshosts. This little program packs a powerful punch as it block ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial.


9. You might consider installing Mozilla / Firefox, which is much safer than Internet Explorer.
http://www.mozilla.org/

10. Install spyware detection and removal programs:
Ad-aware: http://www.snapfiles.com/get/adaware.html
Spybot S&D:
http://www.safer-networking.org
Use these programs to regularly scan your system for and remove many forms of spyware/malware.

11. Microsoft now offers their own anti-spyware product. Windows® Defender (Beta 2) improves Internet browsing safety by guarding over fifty (50) ways spyware can enter your PC. This is a BETA for XP/2000 only.

12. Before using or purchasing any Spyware/Malware protection/removal program, always check the Rogue/Suspect Spyware List. It will save you a lot of grief, as well as money if you are thinking of purchasing. Here is the link: http://www.spywarewarrior.com/rogue_anti-spyware.htm
If you want to know just how effective your anti-spyware program is, or how well any of the "rogue" programs listed at the above link work, check this for an independent comparison of several anti-spyware programs: http://www.spywarewarrior.com/asw-test-guide.htm

Let us know if we have not resolved your problem. Otherwise, you are good to go.
Happy and Safe Surfing!