Hardware Analysis - Real Suspicious possibility from, Mirosoft!!!!(CTFMON.EXE as an example).

Re: Real Suspicious possibility from, Mirosoft!!!!(CTFMON.EXE as an example).

Chad Mcaculay — 2008-04-22T13:58:54-05:00

Wow, I'm posting to a 5 year old topic. Man, I'm really up to date I just wanted to share an experience I had with this ctfmon.exe. When I would quickly close a program, be it DVD Fab, Sound Forge 6.0, Nuendo 2, etc., there would be an unexplainable lag of about two seconds. Nothing would respond. For instance, if I would close a folder in explorer and then quickly right click on the desktop, there would be a two second delay before my right click options would appear.

As far as program performance and gaming, no lag during operation, only after closing a program or folder. Once I ended the task ctfmon.exe, the lag problem went away. As I'm sure most people in here know, you can permanently end this task under control panel, regional and language options, languages tab, details, advanced and check the box "Turn off advanced text services." It's just funny how a process that's taking up about 4MB can cause an entire system hang

Re: Real Suspicious possibility from, Mirosoft!!!!(CTFMON.EXE as an example).

Kris Diggy — 2004-03-19T02:57:44-05:00

I use windows XP and that has the regenerate function for all files in the C:windows/system32 folder, even screen savers regenerate when deleted!
So it seems clever? and u want all files to regenerate? well they do!
But if u look in C:windows/system32/dllcache folder, you will find a copy of every file in the system32 folder, so basically if windows detects that u deleted a file from the sys32 folder it just puts it back again, (u have to empty the recycle bin before it does this).

So all you have to do is delete it from both of these directories, then empty the recycle bin, then Windows will tell you that you have deleted system files and need to insert your operating system CD, just click cancel and there u have it, no more annoying file!

Re: Real Suspicious possibility from, Mirosoft!!!!(CTFMON.EXE as an example).

Corvus Raven — 2003-10-19T17:57:39-05:00

It should be under %root%\system32

Re: Real Suspicious possibility from, Mirosoft!!!!(CTFMON.EXE as an example).

Ecosse — 2003-10-19T09:53:58-05:00

Try = START - RUN msconfig - OK Go to startup tab.

Re: Real Suspicious possibility from, Mirosoft!!!!(CTFMON.EXE as an example).

John Doe — 2003-10-19T01:49:58-05:00

Okay... I've looked for that page to disable executions of listed files... and it wasn't there. I used a run command to get it, like you said, and it couldn't find it. Is there a shortcut/directory for accessing that page?

Re: Real Suspicious possibility from, Mirosoft!!!!(CTFMON.EXE as an example).

Corvus Raven — 2003-08-13T20:10:25-05:00

I just had a thought about something very recent.

If it weren't for REMOTE Process Calls being enabled by default - Who would have kown about Blaster worm?

-Corvus

Re: Real Suspicious possibility from, Mirosoft!!!!(CTFMON.EXE as an example).

Corvus Raven — 2003-08-13T20:07:59-05:00

I am a self proclaimed paranoid schizophrinac..and so am I

(I never said anything about spelunz)

Disabling unneeded programs.

software-analysis — 2003-08-13T18:12:07-05:00

Nothing to do with paranoia for me. It has everything to do with memory and resource consumption. This was especially true on Win98/ME, but bottom line is why do I want to run processes that I don't use? Same goes for Linux -- fully open source...no "paranoia" involved. Simple common sense dictates one shouldn't run processes that one doesn't need. It reduces the complexity of the overall system and lowers the risk of software failures (or security holes). If I am not hosting a web site, why would I want to run MS personal web-site server or apache?

Would you vote for everyone running apache on their system if it was included and turned on by default?
Why or why not? Does the choice have paranoia as a motivating factor (other than paranoia about unfound security holes). Besides -- it's often said that the best security experts are always at least a bit paranoid. Good security is based on the premise that something will go wrong -- and when it does, how will you detect and/or mitigate the damage? How can you lessen _risk_? Disabling
unnecessary processes should, in general, lower potential causes for failure. It's just good sense.
If that = paranoia...well, so be it.

SA

Re: Real Suspicious possibility from, Mirosoft!!!!(CTFMON.EXE as an example).

Corvus Raven — 2003-08-13T17:30:01-05:00

try ..umm how to say..

"http://www.puckmicrosopt.com"

..You know what letter to reflace the p's with?
I am sure you can Pigure it out.

humm.. seems that my tyfing has been misconstrued.. some letters are being re fositioned. hehe

Re: Real Suspicious possibility from, Mirosoft!!!!(CTFMON.EXE as an example).

Wildwood — 2003-08-13T14:44:40-05:00

Mine was bitterness.

I save paranoia for holidays and family gatherings.

Re: Real Suspicious possibility from, Mirosoft!!!!(CTFMON.EXE as an example).

Andy Parker — 2003-08-13T06:47:26-05:00

Damn, have we all taken a paranoid pill today?

Andy

Re: Real Suspicious possibility from, Mirosoft!!!!(CTFMON.EXE as an example).

software-analysis — 2003-08-13T02:08:28-05:00

Harris Walktin writes...
CTFMon...
yes, you can disable it, but various programs will reinstall and re-enable it -- like if you run any of the 'repair' options or reinstall options. In find it more permanent to disable the program's execution -- then if it is releaded and reneabled later on, it still won't run.,

Same goes for LoadQM -- but this one is in 98 and such. Best advice there is to create a directory in the same location. Standard open/delete calls won't delete a directory so it's not so easy for
a program to recreate /reinstall/re-enable the file.
The programs have to know enough to examine the error code and risk removing an unexpected directory. Most programs just give up when they can't create the file. To be extra obstinate, you can set the hidden, system and read-only bits on the dir. So any program that might delete might at least check permissions before just upping and deleting the name entry.

Mobsync...Well...Again -- you can *try* to disable Mobsync, but I found it kept getting reinstalled.

Ups and downs to every technique and often many ways to do the same thing.

SA

Re: Real Suspicious possibility from, Mirosoft!!!!(CTFMON.EXE as an example).

software-analysis — 2003-08-13T02:08:03-05:00

Re: Real Suspicious possibility from, Mirosoft!!!!(CTFMON.EXE as an example).

Harris Walktin — 2003-08-13T01:45:43-05:00

CTFMon.exe

(Microsoft) CTFMon comes with Microsoft Office XP and Windows XP � it activates the Alternative User Input Text Input Processor (TIP) and the Microsoft Office XP Language Bar. As long as the Text Services & Speech are enabled in the Control Panel, this program will force itself back into your list of background programs.

Recommendation :
Disable "Text Services & Speech" in the Control Panel if you are not using them. Then, disable CTFMon using Startup Manager. (Note that if you use Word, Excel or PowerPoint to write in different languages, eg. English and Arabic, then you will be using "Text Services & Speech" facilities).

LoadQM.exe

(Microsoft) This task loads the MSN Queue Manager and is installed when you install MSN Explorer or MSN Messenger. LOADQM gobbles up system resources and appears on most end-users� Task Lists who come to us complaining of low System & User Resources or very slow, "crawling", PCs. In January 2003 this is still one of the worst behaved Microsoft programs !

Recommendation :
Disable immediately, or Delete using Starter. Next, reboot your PC and find LOADQM in the C:\WINDOWS folder. Rename it to LOADQM.EXE.OLD as if you do not it will otherwise get put back in your Task List at some stage or other (on some PCs you may need to boot into Safe Mode before you are able to rename LOADQM).

MobSync.exe

(Microsoft)
Microsoft Synchronization Manager. This program, which is part of Internet Explorer 5.x/6, runs in the background when you are using the "View pages offline" feature of Internet Explorer, and you have set parameters for when your pages should be automatically synchronised, or you decide to manually synchronise your offline content with the web through the "Start \ Programs \ Accessories \ Synchronize" function. This program will also run if you are doing development using Microsoft SQL 7 and using SQL 7 replication.

Recommendation :
Harmless. If you never use the "Synchronize" function, then disable it with Startup Manager.

Re: Real Suspicious possibility from, Mirosoft!!!!(CTFMON.EXE as an example).

software-analysis — 2003-08-13T00:41:39-05:00

Got to run a program (windows-R), type "secpol.msc"
to modify local security policy.

Select Software Restriction Policies, Additional Rules, then in right panel, right click (menu), and
Add new path rule. Type in the path of the
executable you want to disable.

Choose the disable option.

It takes effect when anything tries to load the program using that path. It won't stop a currently
running copy (use task manager and kill process for
that).

Learn to take control of you computer....learn how to pull the plug!

Of course the new MS updates have disabled my ability to use font smoothing or clear type...and haven't figured out how to fix that one yet....have a feeling it's another MS bug in directX, since it's the onlything I've installed recently that should be affecting the display. But text displays at the speed of drying mud...

If someone has any ideas there, that'd be cool!

SA