msctf.dll, SSM and SnoopFree

Discussion in 'other anti-malware software' started by Jarmo P, Oct 26, 2006.

Thread Status:
Not open for further replies.
  1. Jarmo P

    Jarmo P Registered Member

    Joined:
    Aug 27, 2005
    Posts:
    1,186
    Snoopfree detects a keyboard hook when I run some instant messengers like Skype or Trillian. SSM never does, a possible imcompatibility or already taken care by Snoopfree?

    Instead I get in SSM free log always with many programs starting this windows hook from msctf.dll you can see in the picture. I have everything logged since i am new to SSM.
    And always it gets logged twice o_O
    In some post i searched from google i saw this might be related to 'ctfmon.exe'. That I had allowed :p
     

    Attached Files:

    Last edited: Oct 26, 2006
  2. zcv

    zcv Registered Member

    Joined:
    Dec 11, 2002
    Posts:
    355
    Take a look at this thread https://www.wilderssecurity.com/showthread.php?t=151471&highlight=ctfmon - ctfmon is a process used for MS Office and IE7 for their language bars. MS loves to autostart it.

    Chances are you don't need it.
     
  3. Jarmo P

    Jarmo P Registered Member

    Joined:
    Aug 27, 2005
    Posts:
    1,186
    Thanks for your reply. I am quite unreluctant to do anything to ctfmon at this moment. I know I have no MS Office programs or even Works installed in this puter unless my memory fails, though I have Open Office.



    ****************************************
    Does anyone else get msctf.dll in their SSM logs ? ? ?
    ****************************************

    Starting to wonder if it is some baddie I have installed somewhere.
     
  4. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Have a look at the rules for msctf.dll,... the windows library files are normally set to "allow injection" by default to save on the popups. (I am using W2K, so cannot check on this dll default rules)
     
  5. Tommy

    Tommy Registered Member

    Joined:
    Dec 24, 2002
    Posts:
    1,169
    Location:
    Buenos Aires - Munic
    Stem, under Win XP the default rules are as you say.
     
  6. Jarmo P

    Jarmo P Registered Member

    Joined:
    Aug 27, 2005
    Posts:
    1,186
    I have in SSM Application Rules blocked ctfmon.exe and also very happy to tell that now I don't get any msctf.dll log entries. :D
    No one could tell me why there was every time when a program started 2 entries and whether it was an indication of some keylogger?

    Now it is not happening anymore and also when looking in windows Task Manager for SysSafe.exe CPU usage, it is diminished! Only very rarely it is something else than zero.
     
Thread Status:
Not open for further replies.