Thursday, June 04, 2009

My PC has been attacked by Trojan

I noticed that my Laptop has been quite slow. Then it started to behave in a strange manner. I knew that my Messenger was hijacked. So, I consulted Ah Jon and he helped me to do a quick diagnosis and concluded that the "hijacking" is probably annoying and is not harmful. Then he left the System Configuration on. Just out of curiosity, I went to "Startup" and look through any item that looks alien.... I searched all the executables on google just to be sure.
Then ctfmon is found to be a trojan horse. This executable copies all my keystrokes and send it off to someone. Therefore, it steals confidential (eg. password) information from me!! Thanks God that I don't use this computer to do bank transaction.
After I removed this executable, my PC becomes faster instantly.
So, please do check your PC for trojan horse even when you have a anti virus software installed.

To run the System Configuration Utility, do the following: Start->Run->msconfig
To erase the file, you start up the computer in safe mode with command. This is done by pressing repeatably F8 when the computer just completed the BIOS startup. Select the appropriate startup option. When the Command window appears type:

Extracted from Neuber:
When you run a Microsoft Office XP program, the file Ctfmon.exe (Ctfmon) runs in the background, even after you quit all Office programs.
Ctfmon.exe monitors active windows and provides text input service support for speech recognition, handwriting recognition, keyboard translation, and other alternate user input forms. See How to uninstall CTFMON.EXE

Note: The ctfmon.exe file is located in the folder C:\Windows\System32. In other cases, ctfmon.exe is a virus, spyware, trojan or worm! Check this with Security Task Manager.


^SpRInG^ said...

ctfmon may not necessarily be a trojan horse. Legitimately, it is used for alternative text input.

Kong said...

That is why I used a virtual machine to do all my banking stuff. That VMWare virtual machine does nothing else but banking stuff so should be relatively safe. For watching movies online, I use another separate virtual machine.

flower said...

wah, Jon is so capable of doing this stuffs. Next time I hired him. So now your pc ok already?

^SpRInG^ said...

Interestingly, we have done a research project using exactly virtual machine technology to prevent malware from stealing private and sensitive information. Those interested can check out this paper at