ctfmon.exe-Is It Safe??

Discussion in 'ProcessGuard' started by boleyd, Aug 27, 2006.

Thread Status:
Not open for further replies.
  1. boleyd

    boleyd Registered Member

    Joined:
    Oct 14, 2005
    Posts:
    19
    I received a warning that system32/ctfmon.exe attempted to set a global hook and was blocked.

    My question is; How does the average person know what action to take in this event. There is no information to enable a Process Guard customer to make a judgement as to the safety of allowing this event to occur, or the consequences of preventing ito_O

    Dick Boley
    Process Guard 3.400
     
  2. dog

    dog Guest

    http://www.liutilities.com/products/wintaskspro/processlibrary/ctfmon/

     
  3. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    I can,t say much for global hook. I assume it to be OK if ur system is clean.
    BTW I have seen ctfmon.exe hookking keyboard if u install advanced keylogger( if my memory is OK) however the exact position of that ctfmon.exe was a bit different( though still in system 32 folder).
    May be some expert user can help u more in this regard.
     
  4. boleyd

    boleyd Registered Member

    Joined:
    Oct 14, 2005
    Posts:
    19
    ctfmon.exe is just an illustration of the real problem. How does the average user of a program like Process Guard determine the proper course of action when faced with a warning from the program? The afore cited site for advice turns out to be a commercial site selling software allegedly designed to deal with ctfmon.exe and similar issues.. However, how do we know it is not like some of the so-called spyware filtering programs that install their own malware. Paranoia or caution?

    The point is that for the technically inclined we can seek, and probably understand, options when warned by Process Guard. Those that do not devote some portion of their lives to PC environments are simply left with a dilemma.

    Many of these people turn to the only bastion of support they can trust and at least begin to understand - Microsoft. Here they are shown simple descriptions of arrays of evil things that can hurt their PC. Then they are offered an all-in-one program called Windows Live that will protect them. Unfortunately, Microsoft appears to "constrain" these programs so as not to infringe on some commercial entities. They err on the side of commerce rather than the consumer. They stay out of the courtroom while retaining their worldwide naive customer base.

    Microsoft cleverly has determined that it is cheaper to sell the medicine rather than cure the disease. That is, it is less costly to produce virus checkers and spyware eradicators than to try to fix a porous operating system. I have worked on OSs and they are like roadside IEDs. Fix one thing and something else blows up. The simple fix is almost never simple. Therefore, the vast average customer population will turn more and more to Microsoft for protection from the very disease (Windows) that Microsoft created.

    Dick near 5G8
     
  5. iNsuRRecTioN

    iNsuRRecTioN Registered Member

    Joined:
    Sep 5, 2003
    Posts:
    303
    Location:
    Germany
  6. Rico

    Rico Registered Member

    Joined:
    Aug 19, 2004
    Posts:
    1,699
    Location:
    Texas
    Hi Boleyd,

    1. You shoul've run everything on your machine after PG installs, in learning mode. Then anything new coming along, sans a new program install, would/should not have your permission. As you've told PG these are my application I want to work.

    2. If your expecting something to happen, & PG pops off with some cryptic message:

    a) You can say no & if the event you expected does not happen, it probably should've been allowed. Try again

    b) Don't do anything look at PG's message then, Google the file name, liutilities is one example - if its legit allow it.

    If its a legitmate software, I allow all that program wants. If i'm not installing & PG flashes a message its either no or google, for me.

    Take Care Hope this helps
    rico
     
  7. kr4ey

    kr4ey Registered Member

    Joined:
    Aug 13, 2006
    Posts:
    187
    Location:
    Florida USA
    You are so correct. I see to many people in forums installing programs that they have no idea how to use and they will not read a help file to learn.
    It's prettly sad to see, but they usually end up uninstalling a prefectly nice program just cause they can't use it. I get sick trying to look at some of these forums sometimes and have to go elseware.
     
  8. Rico

    Rico Registered Member

    Joined:
    Aug 19, 2004
    Posts:
    1,699
    Location:
    Texas
    Hello kr4ey,

    I don't think your post is helpful, in the learning experience! Perhaps you could answer, and we would all learn something!

    Take Care
    rico
     
  9. kr4ey

    kr4ey Registered Member

    Joined:
    Aug 13, 2006
    Posts:
    187
    Location:
    Florida USA
    No it is not very helpful. And I am sorry if offended anyone.
    But, It is true PG is not for the beginner user.
    Two apps come to my mind
    Process Guard and Jetico Firewall.
    BTW I use both.
    Process Guard: To many popups had to uninstall. Don't know how to use.
    Can't use everytime I start a program I get all these popups...Help...
    Jetico Firewall: This program is to hard to figure out. Very annoying with all
    the popups had to uninstall. Looking for another firewall... anybody have any suggestions.

    The truth hurts...
     
  10. SpikeyB

    SpikeyB Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    478
  11. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,042
    Hi Gang

    PG isn't that hard to learn, and pop up's don't have to be an issue. What a beginner can't do is try and manually configure it. You really have to know what you are doing. What a beginner needs to do is first of all is read and reread the help file. Then.....

    PG and SSM both have one thing in common. Learning mode. USE IT.

    What I would do is install PG, and reboot like the help file says. Then with learning mode on run all the programs you run. This might sound like a nuisance, but you should be able to do this in 15 minutes or less. Then do the reboots until PG turns learning mode off. You should now be set for most situations. Is this the maximum security you can get from PG. No. But, it will still protect you many times better than without it.

    Installs and Uninstalls. I sure don't want to clutter my program list with installers and temp files associated with installs and uninstalls, plus the pop up's are a real pain. What I do is:

    Uninstalls. Disable PG. Uninstall and reboot, and then turn PG back on.

    For installs, I would turn on learning mode, and then disable PG. Then I would do the install, BUT, before rebooting, I re enable PG, leaving it in learning mode. Then reboot, and once back up run the program. Then turn off learning mode. NOTE: I would only do this for programs I trust. Of course one should ask why you are installing someting you don't trust.

    This procedure has worked well with PG and other HIPS class programs.


    Hope it helps.

    Pete
     
  12. kr4ey

    kr4ey Registered Member

    Joined:
    Aug 13, 2006
    Posts:
    187
    Location:
    Florida USA
    Looks like a real nice program. But I seems like everytime you
    want to do new install or uninstall you will have to disable it.
    Windows XP is OK but I would go with something better.
    Everybody bragging about the new version of Comodo Personal
    Firewall and its free. I have had Jetico for along time so I don't
    want to change, its very light on system resources, (8.500k) for
    version 2 beta and about (3500k) for version 1.
    My only other realtime protection is Prevx1, I,m a safe surfer and have never
    got any spyware or virus infections. And there is no slowdown on your internet connection.
     
  13. Rico

    Rico Registered Member

    Joined:
    Aug 19, 2004
    Posts:
    1,699
    Location:
    Texas
    Hi Guys,

    The general rule is to install just after the OS or on a known CLEAN system. PG is supposed to stop malware, from infecting your programs. It's not difficult to install or uninstall (new/used progs.) when using PG, after PG learns the new program you can rest assured it will protect it.

    Nice Post Pete - I think one should take there time initially in learning mode, you don't have to hurry up & get out of LM.

    Also DiamondCS does not target advanced users, in fact the marketing seems to be aimed at all users. A little patience & a little help is all that one needs to have PG behave & be a valuable tool!

    Take Care
    rico
     
  14. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    As far as I know this company is out of bussiness but not sure. Can someone confirm it?
     
    Last edited: Sep 6, 2006
  15. Close_Hauled

    Close_Hauled Registered Member

    Joined:
    Apr 24, 2004
    Posts:
    1,015
    Location:
    California
  16. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Is it really safe to do that?
    BTW why one will wish to do that when it does not hurt?
     
  17. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,456
    I just delete it, and clean all the registry entries of it...

    Works fine...
     
  18. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    I contacted MS years ago on this one and they recommend disabling it rather than deleting it. Commercial reasons I suspect.
    Here is an (edited) email exchange I had with them. The procedure works.

    My advice, carefully follow the steps it is a 1 time process. If after a few weeks you have no ill effects, delete it. I used Spybot S&D to evalauate this you could also disable it in advanced mode this might be easier for you.

    Good luck. :)

    " After reading your email, I understand that you have tried steps
    provided by the previous technician, however the CTFMON.exe is still
    running.

    o_O??, Ctfmon.exe activates the Alternative User Input Text Input
    Processor (TIP) and the Microsoft Office Language Bar. It monitors the
    active windows and provides text input service support for speech
    recognition, handwriting recognition, keyboard, translation, and other
    alternative user input technologies.

    Removing the Ctfmon.exe might cause problematic behavior in your Office
    XP programs, so removing it is not recommended. To prevent Ctfmon.exe
    from running, follow these steps.

    Step 1: Uninstall Alternative User Input

    1. Quit all Office programs.
    2. Click Start, point to Settings, and then click Control Panel. NOTE:
    In Windows XP, click Start and then click Control Panel.

    3. In Control Panel, double-click Add/Remove Programs.NOTE: In Windows
    XP, click Add or Remove Programs.

    4. In the Currently installed programs list, click to select Microsoft
    Office XP product, where Office XP product is the name of the specific
    Office product being used. If you are using a standalone version of one
    of the Office programs, click to select the appropriate product in the
    list. Click Change.
    5. In the Maintenance Mode Options dialog box, select Add or Remove
    Features, and then click Next. This displays the Choose installation
    options for all Office applications and tools dialog box.
    6. Click the plus sign (+) next to Office Shared Features to expand it.
    7. Click the icon next to Alternative User Input, and then select Not
    Available.
    8. Click Update.

    NOTE: If you have multiple Office XP products installed, for example,
    Office XP Professional and Publisher 2002, you must repeat the preceding
    steps for each installed product.

    Step 2: Remove Alternative User Input Services from Text Services

    1. Click Start, point to Settings, and then click Control Panel.
    2. In the Control Panel, double-click Text Services.NOTE: In Windows XP,
    click Date, Time, Language, and Regional Options, and then click
    Regional and Language Options. On the Languages tab, click Details.

    3. Under Installed Services, select each input item that is listed, and
    then click Remove to remove the item. All items must be removed, one by
    one, except the following input service:

    English (United States)- default Keyboard United States 101

    Step 3: Run Regsvr32 /U on the Msimtf.dll and Msctf.dll Files

    1. Click Start and then click Run.
    2. In the Run dialog box, type the following command:
    Regsvr32.exe /u msimtf.dll
    3. Click OK.
    4. Repeat steps 1 through 3 for the Msctf.dll file.

    For additional information about how to remove CTFMon.exe, click the
    following Microsoft Knowledge Base link:

    http://support.microsoft.com/kb/313176/EN-US/

    I hope that this resolves the issue that you are facing. However if it
    persists, please email me with the result of the steps given above. I
    assure you that I would do my best to resolve the issue."
     
  19. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    Well i don't even have MS Office and i get this crap running on several occasions. It's not a trojan for sure but it's still running just like that.:rolleyes:
     
  20. Jarmo P

    Jarmo P Registered Member

    Joined:
    Aug 27, 2005
    Posts:
    1,186
    I do have that too.
    And I have currently only OpenOffice installed. In fact I think this install of windows has never seen Word or other MS office stuff.
    So I have no idea why ctfmon.exe should be a running process, but anyways PG is set to deny it always. Maybe cause my puter is some fujitsu-siemens with not so standard XP Home?
    Patched of course, but i was always worried why that process tries to run.
     
  21. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    We can all wonder and worry and complain and be no further ahead.

    Just follow the procedure to first stop it from starting and then later with no ill effects from that delete it.

    If you want to go for the gusto just delete it. Research on this thing is ancient history so just use the advice provided.

    Regards

    Escalader:rolleyes:
     
  22. Rico

    Rico Registered Member

    Joined:
    Aug 19, 2004
    Posts:
    1,699
    Location:
    Texas
    Hi Escalader,

    Thanks for the great info. on CTFMON.exe. I followed the 3 step procedure, rebooted & that old resource hog is now gone. Oh! One step I did prior to your instruction's is/was to remove ctfmon.exe from PG's protection.

    I guess if for some reason (future changes) you want ctfmon back, one would use step 2 & maintenance mode & re-tick or make available "Alternative User Imput" > choose update > then feed it the approiate disks?

    Big Thanks & Take Care
    rico
     
  23. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Rico:

    you are welcome, unless you might need alternate user input you shouldn't have to worry about it ever again.

    "Sufficient unto the day are the troubles thereof"

    Escalader
     
  24. Jarmo P

    Jarmo P Registered Member

    Joined:
    Aug 27, 2005
    Posts:
    1,186
    Well, I still have it. Happy that PG blocks it, but as RejZor, a bit worried why I have it cause no MS Office stuff installed? Did it came by OpenOffice instal?
    I am also pretty sure it is not a trojan. Having checked it in Jotti scan.
    Google tells it is something to do with MS Office package but not any other way I could have got it.
    So a mystery.
     
    Last edited: Sep 18, 2006
  25. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    It's no new mystery.

    Read down to my post showing not only what it is and how to rid yourself of it.

    Do you really care how you got it? it is made by Bill Gates and his clones

    Take it out of your start programs....
     
Thread Status:
Not open for further replies.