An invisible virus

**jholland1964** · 01-29-2007, 02:18 PM

ctfmon.exe-note that 'CTFMON.EXE' is the real Windows system file. Ctfmon.exe activates the Alternative User Input Text Input Processor (TIP) and the Microsoft Office Language Bar.
Removing the Ctfmon.exe might cause problematic behavior in your Office XP programs, so removing it is not recommended. To prevent Ctfmon.exe from running, follow these steps on this page;
What is ctfmon.exe

Obviously the parser here is wrong. This shows on NO other parsers and I ran it through 3 others and ALL three give the same info this is an Office related file...what you will find on the link I have given you.
As PP stated

If it were a CWS hijack, you wouldn't need any scan to tell you.....

IF you had this on your system your would SEE evidence of ctfmon32.exe in your log. It is NOT there.

IF you had this on your system these are the symptoms you would definitely be experiencing;
Start page and Search pages changed to www.slawsearch.com, 'Customize Search Assistant' closing after opening it, hijack coming back after a reboot.
Have you experienced any of these specific symptoms?

**mehndeke** · 01-29-2007, 02:33 PM

Nope, none of those.

So then, it seems that aside from the cookie cash, the new poly win32 is a false positive, the lesson being never run bit defender with McAfee running in the back ground, and the parser on IANAG is a little too picky and that I need not worry about that.

OK then. One other quick question then. Why would my ventrillo client not remember the password I've put into for my server (like it used to), and now it says "cannot write the INI file" whenever I put the pw in and when I close it? I was assuming that it was a symptom of whatever was on my comp.

**jholland1964** · 01-29-2007, 03:10 PM

While I am not familiar with this program everything I have found states you must have Administrator rights in order to write to the INI file are you operating as Administrator?

**mehndeke** · 01-29-2007, 03:37 PM

Not only am I the administrator, I'm the only account.
And I've noticed something else that may be related. When closing out Adobe Photoshop Elements, I get an error saying it could not save the preferences since the file was locked and that I would need to go into preferences in Windows Explorer to change this. Related?

**jholland1964** · 01-29-2007, 04:09 PM

Let's wait for PP to weigh in here. Your logs are showing NO malware, spyware, viruses or trojans so am not sure of the causes here. This IS a puzzlement for sure.

**PhilliePhan** · 01-29-2007, 04:38 PM

Originally Posted by mehndeke

Not only am I the administrator, I'm the only account.
And I've noticed something else that may be related. When closing out Adobe Photoshop Elements, I get an error saying it could not save the preferences since the file was locked and that I would need to go into preferences in Windows Explorer to change this. Related?

It sounds to me like some registry changes have occurred . . . . Possibly some altered policy keys?

-- Drawing on experience, this really doesn't sound like malware. Plus, all those logs look OK.

Rather than trying to dope it all out - and Turcoloco would be a faaaar better guy to to that than I - perhaps a System Restore would be a better option? We could do that + another Kaspersky & AVG Scan afterward to be sure no malware was restored (none showed in previous scans).

-- Maybe TL might have a bette ridea?

PP

**mehndeke** · 01-29-2007, 05:02 PM

Then I'll wait on hold till TL weighs in.

**jholland1964** · 01-29-2007, 05:03 PM

Here is something to try with Photoshop;
If Photoshop is acting weird, try resetting the preferences back to their default settings.

1) Save your work, and close the program.

2) Start the program, and press and hold Alt + Control + Shift immediately after the program begins to launch.

3) Click Yes to delete the preferences file.

**mehndeke** · 01-29-2007, 05:06 PM

deleted the preference file, loaded an image, closed the image, then closed the program. Same error still occurs.
On the brighter side, I found the Ventrilo file, un-read-only-d it, and now it works like it did before all this began, and Google desktop now loads fine as well after all the cleaning went on. So progress is being made =).

**jholland1964** · 01-29-2007, 05:08 PM

Give us the EXACT wording of the error and where you are receiving it from.

it could not save the preferences since the file was locked

What "it" could not save preferences and what "file was locked"?

Thread: An invisible virus

Thread Tools

Display

Thread Information

Users Browsing this Thread

Posting Permissions