What is Ctfmon.exe

CTFMON.EXE - Microsoft® Windows® Operating System - Microsoft Corporation

File description

Ctfmon.exe with description CTFMON.EXE is a process file from company Microsoft Corporation belonging to product Microsoft® Windows® Operating System.
The file is digitally signed from Microsoft Windows Component Publisher - Microsoft Timestamping Service
We do not recommend removing digitally signed files from Microsoft Windows Component Publisher

What is ctfmon.exe?
Ctfmon.exe is the part of Microsoft Office XP and later that is responsible for activating the Alternative User Input Text Input Processor and the Microsoft Office Language Bar. Essentially, it provides support for speech recognition, handwriting recognition, and other types of alternative user input. It may start on system boot, even if no other Microsoft Office applications are running.

This is a nonessential process that can safely be terminated as long as there are no Microsoft Office programs running. It is not recommended to terminate it while a Microsoft Office application is running or if you are using handwriting recognition, speech recognition, the language bar, or any other type of alternative user input. If you do not need the functionality this process provides and wish to permanently eliminate it, you can remove Alternative User Input support from your installation of Microsoft Office via the Add/Remove Programs control panel.

Dangers of ctfmon
As this is a process that runs on most Windows systems that have Microsoft Office installed, it is common for virus writers and spyware vendors to disguise their malware as the genuine ctfmon.exe.

Some malicious files will have the same name as this process but will be stored somewhere other than in %SystemRoot%\System32. Other malware will use a name that appears similar to that of the legitimate process but with slight differences in spelling or with appended digits. The following malware is known to disguise itself as ctfmon.exe:
  • SpyHoax-A
    • This is a trojan horse that attempts to convince the user to download SpySheriff, which claims to be anti-spyware software.
  • Infostealer.Raidys
    • This is a trojan horse that attempts to steal confidential information from an infected system.
  • CTFMONB (ctfmon.exe or ctfmonb.exe)
    • CTFMONB is a trojan horse that displays a blue screen with a yellow warning. Soon after, roaches appear on the screen, appearing to eat it. Once the roaches finish eating the screen, the system may restart.
  • Ctfmon32.exe
    • This filename is used by various spyware applications and viruses. If you see this filename, run a full virus and spyware scan immediately.
There will typically be only one copy of this process running at a given time. If more copies than this are running, one of the instances may be malware.

Common problems
  • Ctfmon.exe continues running after closing all Microsoft Office applications
    • This normal behavior. If you wish to eliminate the process, follow the instructions above.
  • The active window occasionally loses focus
    • If you do not need ctfmon.exe, uninstalling Alternative User Input should correct this problem.

Automatic startup locations

001 Running Processes
002 Autorun registry entries local machine
003 Autorun registry entries Current User
004 All users startup startmenu
005 Current user startup startmenu
006 Start Menu\Programs\Startup
007 Roaming Start Menu\Programs\Startup
008 Autorun registry entries Default user
009 Autorun registry entries SYSTEM user
010 Installed services
012 Autorun registry entries S-1-5-XX users
013 RunOnce registry entries S-1-5-XX users
034 Winlogon Shell
035 Active Setup Installed Components
050 Explorer ShellExecuteHooks
052 Explorer Browser Helper Objects (BHO)
065 Image File Execution Options (debugger)
067 Winlogon notify
073 %windir%\Tasks
135 Current User Runonce (+ subkeys)
136 Local Machine Runonce (+subkeys)
138 Local Machine RunonceEx (+subkeys)
166 HKCU Policies\Explorer\Run
167 HKLM Policies\Explorer\Run
191 Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run

Digital signatures found for this file

    Certificate 
62 Microsoft Windows Component Publisher - Microsoft Timestamping Service
37 Microsoft Windows Publisher - VeriSign Time Stamping Services Signer
28 Microsoft Windows XP Publisher - VeriSign Time Stamping Service
13 Microsoft Windows XP Publisher (Europe) - VeriSign Time Stamping Service
7 Microsoft Windows Publisher - VeriSign Time Stamping Service
6 Microsoft Windows - Microsoft Time-Stamp Service
2 Microsoft Windows Component Publisher - VeriSign Time Stamping Services Signer
2 Microsoft Windows - VeriSign Time Stamping Services Signer
1 Tencent Technology(Shenzhen) Company Limited - VeriSign Time Stamping Services Signer - G2
1 Microsoft Windows XP Publisher - VeriSign Time Stamping Services Signer

MD5 security rating in our database

1207 files (Not yet rated and not signed)
2 files (Not yet rated and digitally signed)
7 files (Safe and not signed)
178 files (Safe and digitally signed)
Some versions of this filename have not yet been checked for safety.
Warning: Some malware might rename itself to ctfmon.exe. Always make sure that your file is from a verified publisher.

User ratings for this file

File rating: Average rating of ctfmon.exe: by 1394 files and users.

Application errors

Fix ctfmon.exe application error:  Run a FREE registry scan

User comments

It's part of Microsoft's Office Suite. Google how to remove it permanently from your system - it's not mandatory
Disable it very easy and premenently using control panel.
In XP:
control panel - International and language options;
Languages tab; Details -> opens:
Text services and input languages;
tab Advanced -> click on DISABLE advanced text services.
That is the windows official setting that controls Ctfmon.exe and prevents it from running.
The process is defined as the program CTF Loader.


Please add your comments if you have more information about this file or if you know how to solve ctfmon.exe application errors.


File safety :

File security rating :

Are you human? How much is 0+22:


Like this page?

Please support this free service by giving us a Google+1


Browse files by letter

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

More system processes

ctfmon_aj.exe ctfmon_kz.exe ctfmon_lh.exe
ctfmon_lm.exe ctfmon_lr.exe ctfmon_mc.exe
ctfmon_qj.exe ctfmon_su.exe ctfmon0.exe
ctfmona.exe ctfmonnpe.exe ctfmun.exe

Lansweeper computer inventory From the creator of Runscanner:

Lansweeper
is an automated IT asset management tool. It can quickly scan your computers and has over 250 default reports available.

There is no need to install any agents on the scanned computers, all hardware and software inventory scanning is done by standard build-in functionality.