Ctfmon.exe file description |
Ctfmon.exe with description CTF Loader is a process file from company Microsoft Corporation belonging to product Microsoft® Windows® Operating System.
In total there are 20 launchpoints for this file including "Running processes".
There are 15 different variations of the file in our database and the file is
digitally signed from Microsoft Windows - Microsoft Time-Stamp Service
We do not recommend removing digitally signed files from Microsoft Windows
What is ctfmon.exe?
Ctfmon.exe is the part of Microsoft Office XP and later that is responsible for activating the Alternative User Input Text Input Processor and the Microsoft Office Language Bar. Essentially, it provides support for speech recognition, handwriting recognition, and other types of alternative user input. It may start on system boot, even if no other Microsoft Office applications are running.
This is a nonessential process that can safely be terminated as long as there are no Microsoft Office programs running. It is not recommended to terminate it while a Microsoft Office application is running or if you are using handwriting recognition, speech recognition, the language bar, or any other type of alternative user input. If you do not need the functionality this process provides and wish to permanently eliminate it, you can remove Alternative User Input support from your installation of Microsoft Office via the Add/Remove Programs control panel.
Dangers of ctfmon
As this is a process that runs on most Windows systems that have Microsoft Office installed, it is common for virus writers and spyware vendors to disguise their malware as the genuine ctfmon.exe.
Some malicious files will have the same name as this process but will be stored somewhere other than in %SystemRoot%\System32. Other malware will use a name that appears similar to that of the legitimate process but with slight differences in spelling or with appended digits. The following malware is known to disguise itself as ctfmon.exe:
- SpyHoax-A
- This is a trojan horse that attempts to convince the user to download SpySheriff, which claims to be anti-spyware software.
- Infostealer.Raidys
- This is a trojan horse that attempts to steal confidential information from an infected system.
- CTFMONB (ctfmon.exe or ctfmonb.exe)
- CTFMONB is a trojan horse that displays a blue screen with a yellow warning. Soon after, roaches appear on the screen, appearing to eat it. Once the roaches finish eating the screen, the system may restart.
- Ctfmon32.exe
- This filename is used by various spyware applications and viruses. If you see this filename, run a full virus and spyware scan immediately.
There will typically be only one copy of this process running at a given time. If more copies than this are running, one of the instances may be malware.
Common problems
- Ctfmon.exe continues running after closing all Microsoft Office applications
- This normal behavior. If you wish to eliminate the process, follow the instructions above.
- The active window occasionally loses focus
- If you do not need ctfmon.exe, uninstalling Alternative User Input should correct this problem.
|
Automatic startup locations |
 |
001 Running Processes |
 |
002 Autorun registry entries local machine |
|
003 Autorun registry entries Current User |
 |
004 All users startup startmenu |
|
005 Current user startup startmenu |
|
007 Roaming Start Menu\Programs\Startup |
|
008 Autorun registry entries Default user |
|
009 Autorun registry entries SYSTEM user |
 |
010 Installed services |
|
012 Autorun registry entries S-1-5-XX users |
 |
034 Winlogon Shell |
|
035 Active Setup Installed Components |
|
050 Explorer ShellExecuteHooks |
|
052 Explorer Browser Helper Objects (BHO) |
|
065 Image File Execution Options (debugger) |
|
067 Winlogon notify |
|
073 %windir%\Tasks |
|
136 Local Machine Runonce (+subkeys) |
|
138 Local Machine RunonceEx (+subkeys) |
|
166 HKCU Policies\Explorer\Run |
|
File versions in our database |
| |
Company |
Version |
Size |
 |
n/a |
n/a |
4294967295 |
|
mIRC Co. Ltd. |
6.03 |
1790464 |
|
n/a |
n/a |
626688 |
|
BIOCAPSULACORP.3047.DC® |
6.0.5472.5 (winmain_beta2.060713-1455) |
509440 |
|
BIOCAPSULACORP.3047.DC® |
6.0.5472.5 (winmain_beta2.060713-1455) |
486912 |
|
n/a |
n/a |
378368 |
|
n/a |
n/a |
352256 |
|
n/a |
n/a |
350208 |
|
Microsoft Corporation |
5.1.2600.5512 (xpsp.080413-2105) |
325594 |
|
n/a |
n/a |
291908 |
|
n/a |
n/a |
251392 |
|
Microsoft Corporation |
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) |
196975 |
|
Microsoft Corporation |
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) |
192990 |
|
Microsoft Corporation |
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) |
189952 |
|
Microsoft Corporation |
5.1.2600.5512 (xpsp.080413-2105) |
185856 |
|
|
Digital signatures found for this file |
| |
Signer of certificate |
Issuer of certificate |
 |
Microsoft Windows |
Microsoft Time-Stamp Service |
|
Microsoft Windows |
VeriSign Time Stamping Services Signer |
|
Microsoft Windows Component Publisher |
Microsoft Timestamping Service |
|
Microsoft Windows Component Publisher |
VeriSign Time Stamping Services Signer |
|
Microsoft Windows Publisher |
VeriSign Time Stamping Service |
|
Microsoft Windows Publisher |
VeriSign Time Stamping Services Signer |
|
Microsoft Windows XP Publisher |
VeriSign Time Stamping Service |
|
Microsoft Windows XP Publisher |
VeriSign Time Stamping Services Signer |
|
Microsoft Windows XP Publisher (Europe) |
VeriSign Time Stamping Service |
|
Tencent Technology(Shenzhen) Company Limited |
VeriSign Time Stamping Services Signer - G2 |
|
|
MD5 security rating in our database |
 |
 |
|
806 |
files (Not yet rated
and
not
signed) |
|
|
2 |
files (Not yet rated
and
digitally
signed) |
 |
|
4 |
files (Safe
and
not
signed) |
|
|
176 |
files (Safe
and
digitally
signed) |
|
|
|
Some versions of this filename have not yet been checked for safety.
|
| Warning: Some malware might rename itself to ctfmon.exe. Always make sure that your file is from a verified publisher. |
|
Application errors |
|
| User comments for Ctfmon.exe |
 |
It's part of Microsoft's Office Suite. Google how to remove it permanently from your system - it's not mandatory |
|
|
Database statistics
Top process list
