ThreatExpert's awareness of the file "ctfmon.exe":

Across all ThreatExpert reports, the file "ctfmon.exe" was mostly identified as a threat.

File "ctfmon.exe" has the following statistics:

Total number of reports analysed	611,932
Number of cases that involved the file "ctfmon.exe"	1,442
Number of incidents when this file was found to be a threat	1,209
Statistical volume of cases when "ctfmon.exe" was a threat	84%

Please enable javascript to display the chart.

Notes:

Please note that the name of the file should NOT be used to define if it is legitimate or not. Such determination can only be made by observing its dynamic behaviour.
In order to check a file, please submit it to ThreatExpert.
For a comprehensive pro-active protection against threats, please consider ThreatFire - our behavioral antivirus solution.

The file "ctfmon.exe" is known to be created under the following filenames:

%AppData%\{187412dd-6f8d-45a5-a1f6-e7b6fe193f5b}\ctfmon.exe

%AppData%\{bfb5f154-9212-46f3-b547-ac6106030a54}\ctfmon.exe

%AppData%\ctfmon.exe

%AppData%\spool.exe

%CommonAppData%\ctfmon.exe

%CommonAppData%\microsoft\comon\ctfmon.exe

%CommonAppData%\microsoft\ctfmon.exe

%CommonPrograms%\startup\adobe.com

%CommonPrograms%\startup\ctfmon.exe

%Favorites%\salamkenal.exe

%Profiles%\default user\templates\winword.com

%Profiles%\win321.exe

%ProgramFiles%\common files\system\lsass.exe

%ProgramFiles%\compmgmt.exe

%ProgramFiles%\internet explorer\ctfmon.exe

%ProgramFiles%\internet explorer\svchost.exe

%ProgramFiles%\ivst manager\ctfmon.exe

%ProgramFiles%\maps\ctfmon.exe

%ProgramFiles%\movie maker\moviemk.exe

%ProgramFiles%\system\ctfmon.exe

%ProgramFiles%\windows media player\ctfmon.exe

%ProgramFiles%\windows nt\ctfmon.exe

%Programs%\ctfmon.exe

%Programs%\startup\ctfmon.exe

%Programs%\startup\winlogon.exe

%System%\1046\ctfmon.exe

%System%\1055\svchost.exe

%System%\1126\ctfmon.exe

%System%\2009cn.exe

%System%\cftmon.exe

%System%\com\ie.exe

%System%\com\iexplore.exe

%System%\ctf\ctfmon.exe

%System%\ctfmen.exe

%System%\ctfmon.sys

%System%\ctmon.exe

%System%\dllcache\agentsvr.exe

%System%\dllcache\calc.exe

%System%\dllcache\charmap.exe

%System%\dllcache\cleanmgr.exe

%System%\dllcache\cmd.exe

%System%\dllcache\conf.exe

%System%\dllcache\ctfmon.exe

%System%\dllcache\drwatson.exe

%System%\dllcache\drwtsn32.exe

%System%\dllcache\dxdiag.exe

%System%\dllcache\explorer.exe

%System%\dllcache\freecell.exe

%System%\dllcache\mmc.exe

%System%\dllcache\moviemk.exe

%System%\dllcache\msconfig.exe

%System%\dllcache\mshearts.exe

%System%\dllcache\msiexec.exe

%System%\dllcache\msimn.exe

%System%\dllcache\msinfo32.exe

%System%\dllcache\mspaint.exe

%System%\dllcache\narrator.exe

%System%\dllcache\notepad.exe

%System%\dllcache\osk.exe

%System%\dllcache\packager.exe

%System%\dllcache\perfmon.exe

%System%\dllcache\pinball.exe

%System%\dllcache\recover.exe

%System%\dllcache\redir.exe

%System%\dllcache\regapi.dll

%System%\dllcache\regedit.exe

%System%\dllcache\regedt32.exe

%System%\dllcache\regini.exe

%System%\dllcache\register.exe

%System%\dllcache\sigverif.exe

%System%\dllcache\sol.exe

%System%\dllcache\spider.exe

%System%\dllcache\sysedit.exe

%System%\dllcache\syskey.exe

%System%\dllcache\taskkill.exe

%System%\dllcache\tasklist.exe

%System%\dllcache\taskman.exe

%System%\dllcache\taskmgr.exe

%System%\dllcache\twunk_16.exe

%System%\dllcache\twunk_32.exe

%System%\dllcache\utilman.exe

%System%\dllcache\verifier.exe

%System%\dllcache\wab.exe

%System%\dllcache\winlogon.exe

%System%\dllcache\winver.exe

%System%\dllcache\wordpad.exe

%System%\dllcache\wowexec.exe

%System%\dllcache\wpabaln.exe

%System%\dllcache\write.exe

%System%\dllcache\wuauclt.exe

%System%\dllcache\wuauclt1.exe

%System%\dllcache\wupdmgr.exe

%System%\drivers\ctfmon.exe

%System%\drivers\etc\networks.exe

%System%\drivers\mouseclass.sys

%System%\family keylogger v2.80 with crack\ctf\ctfmon.exe

%System%\macromed\flash\npswf32_flashutil.exe

%System%\macromed\flash\uninstall_plugin.exe

%System%\maxbsload.exe

%System%\microsoft\ctfmon.exe

Notes:

%AppData% is a variable that refers to the file system directory that serves as a common repository for application-specific data. A typical path is C:\Documents and Settings\[UserName]\Application Data.
%CommonAppData% is a variable that refers to the file system directory containing application data for all users. A typical path is C:\Documents and Settings\All Users\Application Data.
%CommonPrograms% is a variable that refers to the file system directory that contains the directories for the common program groups that appear on the Start menu for all users. A typical path is C:\Documents and Settings\All Users\Start Menu\Programs (Windows NT/2000/XP).
%Favorites% is a variable that refers to the file system directory that serves as a common repository for the user's favorite items. A typical path is C:\Documents and Settings\[UserName]\Favorites.
%Profiles% is a variable that refers to the file system directory containing user profile folders. A typical path is C:\Documents and Settings.
%ProgramFiles% is a variable that refers to the Program Files folder. A typical path is C:\Program Files.
%Programs% is a variable that refers to the file system directory that contains the user's program groups. A typical path is C:\Documents and Settings\[UserName]\Start Menu\Programs.
%System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).

The file "ctfmon.exe" has the following possible countries of origin:

Origin		Number of Incidents
	China	193
	Russian Federation	23
	Brazil	8
	Ukraine	6
	United Kingdom	5
	Spain	4
	Saudi Arabia	3
	Egypt	2
	Israel	2
	Sweden	2
	Germany	1

The following threats are known to be associated with the file "ctfmon.exe":

Threat Alias	Number of Incidents
Worm.Rungbu.B [PC Tools]	1,453
PE_RUNGBU.C-O [Trend Micro]	1,418
Virus.Win32.VB.cc [Kaspersky Lab]	1,142
W32.Rungbu [Symantec]	958
Generic VB.c [McAfee]	805
Worm.Win32.VB.du [Kaspersky Lab]	801
PE_RUNGBU.B-O [Trend Micro]	796
Worm.VB.YVF [PC Tools]	795
Bloodhound.Unknown [Symantec]	192
Worm.VB.ZVX [PC Tools]	185
Trojan.Win32.VB.aqt [Kaspersky Lab]	175
WORM_VB.BDN [Trend Micro]	171
PE_RUNGBU.A-O [Trend Micro]	163
W32.Fakerecy [Symantec]	148
FakeRecycled [McAfee]	120
W32/Rungbu-C [Sophos]	77
Worm.Win32.VB.du [Ikarus]	65
W32.Dizan.D [Symantec]	58
W32/Sality.ac [McAfee]	48
Win32.Sality.AA [PC Tools]	46
W32/VB-CTQ [Sophos]	43
Trojan Horse [Symantec]	41
Virus:Win32/Rungbu.C [Microsoft]	39
W32.Sality.X [Symantec]	34
Trojan.Win32.VB [Ikarus]	32
Worm.Autorun.DU [PC Tools]	30
W32/Rungbu-A [Sophos]	27
Trojan.VB.XFZ [PC Tools]	23
W32.SillyFDC [Symantec]	22
Downloader [Symantec]	21
Mal/Packer [Sophos]	19
PE_TENGA.A [Trend Micro]	19
Virus.Win32.Tenga.a [Kaspersky Lab]	19
W32.Rontokbro.AN@mm [Symantec]	19
W32/Gael.worm.a [McAfee]	19
W32/Virut.gen [McAfee]	19
PE_DZAN.A [Trend Micro]	18
Trojan.VB!sd5 [PC Tools]	18
Virus.Win32.Virut.q [Kaspersky Lab]	18
W32.Licum [Symantec]	18
W32/Vetor-A [Sophos]	18
W32/Dzan.b [McAfee]	17
Generic.dx [McAfee]	16
Mal/EncPk-GC, Mal/Packer [Sophos]	16
Trojan-Dropper.Agent [Ikarus]	16
Infostealer [Symantec]	15
Virus.Win32.Dzan.a [Kaspersky Lab]	15
Win-Trojan/Recycled.20480 [AhnLab]	15
Application.Family_Keylogger [PC Tools]	14
Keylog-Family [McAfee]	14
TrojanDownloader:Win32/Renos.FJ [Microsoft]	14
W32.Virut.U [Symantec]	14
Backdoor:Win32/Koceg.gen!A [Microsoft]	13
PE_AGENT.ZAE-O [Trend Micro]	13
Win32.AutoRun.H [PC Tools]	13
Backdoor.Win32.Poison.cpb [Kaspersky Lab]	12
Mal/Generic-A [Sophos]	12
Mal/Koceg-A [Sophos]	12
PE_RUNGBU.C [Trend Micro]	12
Troj/Poison-AE [Sophos]	12
Worm:Win32/Fakerecy.A [Microsoft]	12
WORM_SOCKS.BL [Trend Micro]	12
BackDoor-DRW [McAfee]	11
Win32/Xema.worm.103424.B [AhnLab]	11
PE_VIRUT.XP [Trend Micro]	10
Suspicious.MH690 [Symantec]	10
Troj/VB-CSA [Sophos]	10
TrojanDownloader:Win32/Small.gen!H [Microsoft]	10
Generic Downloader.x [McAfee]	9
Trojan.Generic [PC Tools]	9
Trojan-Downloader.Win32.Agent.llo [Kaspersky Lab]	9
Virus:Win32/Sality.T [Microsoft]	9
W32/Sality-AD [Sophos]	9
Worm.Win32.VB.mz [Ikarus]	9
Worm:Win32/Autorun.OX [Microsoft]	9
Backdoor.Trojan [Symantec]	8
Backdoor:Win32/Poisonivy.E [Microsoft]	8
Mal/Fakecor-B, Mal/Behav-314 [Sophos]	8
New Malware.n [McAfee]	8
not-a-virus:Monitor.Win32.FamilyKeyLogger.280 [Kaspersky Lab]	8
not-a-virus:Monitor.Win32.FamilyKeyLogger.283 [Kaspersky Lab]	8
PE_DROWOR.A [Trend Micro]	8
Spyware.FamilyKeylog [Symantec]	8
Trojan-Downloader.Win32.Delf.def [Kaspersky Lab]	8
Virus:Win32/Sality.AM [Microsoft]	8
Virus:Win32/Virut.AE [Microsoft]	8
W32/Cekar [McAfee]	8
Win-Trojan/Xema.variant [AhnLab]	8
Backdoor.Bifrose [Symantec]	7
Backdoor:Win32/Poisonivy.H [Microsoft]	7
Packed.Generic.233 [Symantec]	7
Trojan.Win32.Agent [Ikarus]	7
Trojan-Downloader.Win32.Renos [Ikarus]	7
W32.Mandaph [Symantec]	7
W32.Spybot.Worm [Symantec]	7
W32/Sality-AM [Sophos]	7
W32/SillyFD-AE [Sophos]	7
W32/Virut.gen.a [McAfee]	7
Win32/Xema.worm.76288.B [AhnLab]	7
Backdoor.IRCBot!sd6 [PC Tools]	6