Possible keylogger;;

Discussion in 'other security issues & news' started by spartak, Jan 10, 2006.

Thread Status:
Not open for further replies.
  1. spartak

    spartak Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    21
    Greetings to all in this helpful forum!

    Recently I have updated zone alarm pro to version 6 and I am seeing a few alerts about applications attempting to monitor keystrokes or general user behaviour. For example every time I turn the pc on I get this alert about ctfmon. I have read that this is normaly a legitimate windows programme. I was wondering why it would ask permission about such monitoring. This is something I have also notoced with other programmes, one example being Dvd region (used to un lock dvds). One of the .exe applications ask for permission to monitor keystrokes (at least this info I get from zone alarm alert).

    Any ideas about these;

    I am not sure about what to do. I have scanned my pc with nod32 and other antispyware but they seem to find nothing.....
     
  2. Tassie_Devils

    Tassie_Devils Global Moderator

    Joined:
    May 8, 2002
    Posts:
    2,514
    Location:
    State Queensland, Australia
    A bit of info here... cftmon *can* be malware, just like it could be legit, usually used in MS Office XP with the speech/Text applets turned on in the control panel.

    http://www.sysinfo.org/startuplist.php?filter=ctfmon

    Note: The file will always be located in the System32 folder, if it is located elsewhere it will likely be a worm or trojan, if it's in sys32 folder, and you have OfficeXp and the Speech/Text applets are activated, then nothing to worry about.

    More: http://www.processlibrary.com/directory/files/ctfmon/index.php

    As to the other .exe asking to monitor keystrokes, which exe is that. In the first link I gave you, copy that .exe into the field you see the ctfmon file I typed in, hit 'Search' and see if you get any information on it.

    To be totally sure, you could also try an online scan, click on one of the links in my sig [Kaspersky; TrendMirco Housecall or Symantec] and do a full online system scan. :)
    TAS
     
  3. spartak

    spartak Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    21
    Tassie_Devils thanks for the info and the reply.

    As regards the second file the name is dvd43.exe and is part of dvd region application. I have used Kaspersky online scan and it did not identify this nor ctfmon.exe as threats of any kind.
     
  4. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    What you are describing I'm pretty sure is ZoneAlarm's OSFirewall "Suspicious\Dangerous Behavior" alert system. Zonealarm is basically depending on you to determine whether the application is safe to run. Some programs monitor keystrokes and mouse movements as part of their normal activity. Your dvd region application(dvd43.exe) is undoubtedly one of those type applications.

    I suggest you open ZoneAlarm and then select it's Help function. While there type in keywords such as OSFirewall or keyboard. You can then read a little more about what these alerts mean.

    The key to some of it is that if you execute your dvd region application you would then know that the Suspicious behavior alert was caused by your action. If however you are just sitting there and program XYZ popped up that you weren't familar with that's when the concern should come concerning Suspicious behavior.
     
  5. spartak

    spartak Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    21
    Thank yoy for your very helpfull post!

    The problem is that I could not be sure of whether this programme (dvd region) is one that is generally considered as safe.

    The alert comes as a result of my own actions but I was wondering of the purpose behind such an action (system monitoring) from such an application .
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.