Hi There,
If the spelling is 'ctfmon.exe' its a genuine file but if
its the spelling you gave 'cfmon.exe' is correct then i
think its connected to the Sdbot Virus !
Looking at cfmon.exe using Hijack this shows its running
as a windows service as well as having a file in the
system32 folder,These are the entries:
C:\WINDOWS\System32\cfmon.exe
O23 - Service: Sound Sservice Driver (Sound Service) -
Unknown owner - C:\WINDOWS\System32\cfmon.exe
Looks very suspicious ,I checked the filenames for the
Randex/Sdbot & Mydoom worm but cannot find cfmon.exe so
if its related to these it must be new.A program called
Cyber defender has it listed its linking it to Sdbot
This is the file :
This file is generated by AppHunter
; Please contact (e-mail address removed) for more
details
[Summary]
Discovered=05/31/2005 12:32:00
ID=163A49C50C8EF44F410A4FEA0BDF1C87
ID2=50688,872C9D3B22DCA3BD9A34B199259E701D
ID3=49580,F84F2227D9DA3C92B0AD6F72A2680A7F
MD5=2440AC4E40AD52B294C871FB363E82DF
Size=50688
Filename=cfmon.exe.up
Company=N/A
Virus=Sdbot.worm.gen.w ***
W32/Sdbot.worm.gen.w ***
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Soun
d Service]
ImagePath=C:\WINDOWS\system32\cfmon.exe
[FileCreated]
c:\windows\system32\cfmon.exe=1
c:\docume~1\apphun~1\locals~1\temp\del.bat=1
I think your best getting checked like Bill says.Another
good site for that if you can find the file is
http://virusscan.jotti.org/
It uses 13 virus scanners and could help you find out
where its from,i suspect its a Virus .The online scans
will show you if its infected though
If it is turn off your system restore > goto start >
right click my computer > then goto properties > then
system restore > check the box ' turn off system
restore ' then press apply (you can re-enable it again
when you are clean by following the above and
unchecking 'turn off system restore' then press apply.
Reboot to clear the restore points and then run a online
scan at any of these sites :
Trend Micro
http://housecall.antivirus.com/
Panda
http://www.pandasoftware.com/activescan/
If it is malware and you have problems deleting it goto
start > then run > and type
services.msc
press ok,then press name to sort them into order and find
Sound Sservice Driver (Sound Service),right click and
choose properties,then stop it and change the start up to
disabled then press apply.Goto task manager(control,alt &
delete together) and check the processes tab for
cfmon.exe.End process if found then delete the file.But
see if you can get a malware reading first at jotti's
site or the site Bill mentioned.
Hope This Helps
Andy
----------------------------------------------------------
The original ctfmon.exe is a genuine file
ctfmon.exe :
Ctfmon.exe runs in the background if you use a Microsoft
Office XP program,
You can find a full description of that file at this
address :
http://support.microsoft.com/?kbid=282599