ctfmon.exe not detected as a trojan by NOD32

Discussion in 'NOD32 version 2 Forum' started by Anusha, Mar 16, 2007.

Thread Status:
Not open for further replies.
  1. Anusha

    Anusha Registered Member

    Joined:
    Mar 16, 2007
    Posts:
    12
  2. ASpace

    ASpace Guest

    Hello and Welcome to Wilders!

    If you have sent the file to samples or support @eset.com they will add detection for it if necessary
     
  3. JRCATES

    JRCATES Registered Member

    Joined:
    Apr 7, 2005
    Posts:
    1,203
    Location:
    USA
    Info on CTFMON.EXE

    Courtesy of WinPatrol PLUS database:

     
  4. ASpace

    ASpace Guest

    The VirusTotal report can no longer be accessed but it showed the file is flagged as trojan by some vendors which means it is probably malicious
     
  5. Anusha

    Anusha Registered Member

    Joined:
    Mar 16, 2007
    Posts:
    12
    Thanks for the welcome.

    Anyways, this file is not the original cftmon.exe in the system32 folder.

    I uploaded the original ctfmon.exe in system32 folder and this is what virustotal reported: http://www.virustotal.com/vt/en/resultadox?20369024f53b81318e5f1b0b303a395a

    Definitely there's something in the first file I submitted.
     
  6. Anusha

    Anusha Registered Member

    Joined:
    Mar 16, 2007
    Posts:
    12
    Oh damn! I didn't know that they remove it this soon.
    Anyway , I got a screenie of the legit one.
    ~Online virus scan results removed. Send any samples to the respective antivirus vendors. - Ron~
    Will post the other file's stats in a sec.
     
    Last edited by a moderator: Mar 16, 2007
  7. Anusha

    Anusha Registered Member

    Joined:
    Mar 16, 2007
    Posts:
    12
    Here's the report on the infected or suspicious file:

    ~Online virus scan results removed. Send any samples to the respective antivirus vendors. - Ron~
     
    Last edited by a moderator: Mar 16, 2007
  8. rothko

    rothko Registered Member

    Joined:
    Jan 12, 2005
    Posts:
    579
    Location:
    UK
    Hi Anusha, could you scan it again at VT please? Eset have added a definition in the latest signature release (2119) that i think will now detect it :)

    (so long as VT have updated to 2119)
     
  9. rothko

    rothko Registered Member

    Joined:
    Jan 12, 2005
    Posts:
    579
    Location:
    UK
  10. Anusha

    Anusha Registered Member

    Joined:
    Mar 16, 2007
    Posts:
    12
    Oh yeah!!! NOD32 detects it now. Happy happy happy
     
  11. ASpace

    ASpace Guest

    Hi . Thanks for letting us know .

    Jsut for the record , can you tell us the name , how NOD32 detect it ;)
     
  12. Anusha

    Anusha Registered Member

    Joined:
    Mar 16, 2007
    Posts:
    12
    Win32/VB.AQT trojan
     
  13. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,497
    A classic "same name" poser. ctfmon is actually a perfectly legit program, or should I say... the "REAL" ctfmon.
     
  14. Anusha

    Anusha Registered Member

    Joined:
    Mar 16, 2007
    Posts:
    12
    Yes, yes. ctfmon.exe is a legit exe associated with Windows text services (language bar etc.). Either this was a poser or an infected ctfmon.exe.
     
Thread Status:
Not open for further replies.