Home Support

<  Back to Homepage

AVG Support Community

Share tips and solutions on AVG Products

Have a question?

Community topics

Browse by categories

AVG Gurus

These community experts are here to help

  • (AB) Alan Binch
  • (BA) Borislav Angelov
  • (VB) Vladimir Bartl
  • (SK) Subhadeep Kanungo
  • (MS) Miloslav Serba
ShowAll Questionssorted byRecent Activity
Jonathan JerezanoJonathan Jerezano 

Suspicious process or am I just paranoid?

Hello AVG Community. I recently bought AVG protection but I think I have a malware. A few days ago I reformatted my hardrive by conducting a factory reset on my windows 7 PC. I ran a full scan recently and no threats were detected. I then proceeded to start a scan in safe mode and everything is fine according to the recults. However, whenever I look at my Task Manager, theres this suspicious process that runs on startup. This process is called "ctfmon.exe". I researched this process and according to http://www.howtogeek.com/howto/windows-vista/what-is-ctfmonexe-and-why-is-it-running/, this process is only used as "Microsoft process that controls Alternative User Input and the Office Language bar. It’s how you can control the computer via speech or a pen tablet, or using the onscreen keyboard inputs for asian languages." I am NOT using the computer via speech, pen tablet, or for keyboard input for asian languages. Also, when I open the file location via the Task Manager, the file path is C:\Windows\SysWOW64 instead of C:\WINDOWS\system32\ctfmon.exe. Is this a Tilebot-JR or IRC backdoor?(http://www.bleepingcomputer.com/startups/ctfmon.exe-18326.html) Here are 2 photos showing I did full system scans in normal mode and safe mode. Both pictures displaying scan results in URL
So the arising question, is this process legit or some type of malware? If so, how can I remove it?
AvinashAvinash (Avast) 
Hello Jonathan.
Ctfmon.exe is a legitimate windows process. And for the SysWOW64 folder structure, this is where 32-bit applications are supported on a system running a 64-bit version of Windows. If it is a 64 bit version of Windows you are using, there is nothing unusual happening with this process. To determine whether your OS is a 32-bit or 64-bit, please click on this link. http://support.microsoft.com/en-us/kb/827218 .
Please contact us back should you need any further assistance. Thank you.
Jonathan JerezanoJonathan Jerezano
Yes my system is 64 bit. Thanks for the response.
AvinashAvinash (Avast) 
You are most welcome, Jonathan. Please contact us back should you need any further assistance. Thank you.
Ask a question
Struggling with non-AVG technology? We can fix that, too!