help please. possible keylogging infection?

LGG_2

yes i did that. i turned it off as u show above.in the availalble drives i just have the first one C i guess that doesnt matter? then ive clicked back on it and it asked me if i wanted to turn it back on and i said yes

posted_2

Ok, the stuff kaspersky found should be gone, you could do an overnight scan to check, also if you wanted to, you could uninstall norton, install the kaspersky 30 day trial from their website, update it, and do a scan - (Norton has let you down) - this will give you a months protection, and give you time to decide what to do about your antivirus

LGG_2

ok thanks ill do that. and post in the morning. thanks for your help

posted_2

Also avast and avira are free, if you wanted to install them and let them do a scan - you'd have to do this one at a time - no virus scanner finds everything, so trying alternatives, and then uninstalling them would give you some confidence that everything is clean (if you want to try these, do it before installing kaspersky because you can only install the kaspersky trial once), whereas the free ones can be installed numerous times

Then when everything is clean, change you banking passwords

posted_2

going back to ctfmon, upload the c:\windows\system32\ctfmon.exe here

http://virusscan.jotti.org/

to check that it is clean

LGG_2

Ok, the stuff kaspersky found should be gone, you could do an overnight scan to check,

just done an overnight scan and yes its all gone. the scan comes up as clear so what exactly was in my previous scan the one with all the adware.what exactly is it? serious and any connections to keylogging.

and just done the scan with the above and its clean aswell so i guess im ok??? whats the next step sorting out a decent anti V

LGG_2

c:\windows\system32\ctfmon.exe

the above has just showed up again in my transaction protection as a blocked keylogging attempt during a transaction even though i havnt tried to do any. do u think this is a norton issue as everything has been scanned abd cleaned now. kinda back to square one. help!

the file comes up as ctfomn c windowssystem32 15kb application 14.04.2008 when i do a search for it on my system

LGG_2

the above has only showed up once. at 0.730 .nothing else has showed up when ive gone onto other sites as it was doing yesterday. vertually ever time i went on a different site even non banking i was getting the above message b4


now it seems the reason i wasnt getting any blocked messages last night,if there was any to have had was because it wasnt enabled afteri reinstalled it *sigh* saw it wasnt on this morning. i guess u had to turn it on manually and it didnt come on as u installed the AV

aliEnRIK

Send the file to the link that 'posted'...erm...posted
And send here to ~
http://www.virustotal.com/en/indexf.html
On top you'll find 'Browse'
Click the browse button and browse to next file:

c:\windows\system32\ctfmon.exe

Click open.
Then click the 'Send' button next to it.
This will scan the file. Please be patient.
Save the results in notepad.
Once scanned, copy and paste the results also in your next reply.

Either its a false positive (What id guess it is), or its been overwritten

posted_2

Assuming it is legit/false positive - it's a poor false positive if it is, this will be running on 99.9% of systems out there.

Go into task manager, processes, look for ctfmon.exe

Then start, control panel, regional, languages, details, advanced, tick turn off advanced text services, ok

Reboot, and look in task manager to see if it is gone from processes - If it's still there you may have to uninstall a component of office if you have it.