HELP! Win32:Trojan-Gen virus detected

[DavidR]

I have the same problem with ctfmon.exe and cmdagent.exe.

After scaning my computer Avast report this:
''Process 516 [ctfmon.exe], memory block 0x0000000000400000, block size 24576 (ctfmon.exe) - High - Threat: Win32:Trojan-gen'' and
''Process 1388 [cmdagent.exe], memory block 0x0000000002260000, block size 471040 - High - Threat: Win32:FakeWimes-B [Trj]'' and
the same problem was with some proces of panda clound antivirus.

I'm from Serbia.
ctfmon.exe is for Language Bar: I use English, Russian, Serbian Cyrilic and Serbian (Latin).
cmdagent.exe is for Comodo Firewall.
I use costume scan: all harddisks, operating memory of the computer, auto-start programs(all users), rootkits (full scan) - Scan PUP: on.
I use this settings a long time ago, and there no any problem. But from some of last updates of avast there was this problem.

When I disable ctfmon.exe to start and load in to memory
http://weyland.be/wrdprss/index.php/2006/01/13/disable-ctfmonexe-in-xp/
there no more in scan results ctfmon.exe and cmdagent.exe at all.
And now I can't switch between languages through taskbar.

Best regards.

Comodo Firewall shouldn't need to load virus signatures into memory if you aren't running the AV function (which you shouldn't be, two resident AVs is a no, no), as a stand alone firewall shouldn't be scanning for viruses.

As you will have found from my previous posts, ctfmon.exe is involved in more than just one area (Language bar, etc.) and you have to pin down exactly which occurrence of ctfmon it is and what is running under that occurrence.

[ZPop]

Thank you, DavidR.

I just post in wish to help someone.
It's just my experience with this matter.

For me works only CFW, antivirus is not installed and defence+ is turned off.

After this

http://weyland.be/wrdprss/index.php/2006/01/13/disable-ctfmonexe-in-xp/

and after disabling ctfmon.exe to start with system any more
theres no ctfmon.exe working in my computer, theres no language bar in  taskbar,
and Avast in my custome scan not report this:

''Process 516 [ctfmon.exe], memory block 0x0000000000400000, block size 24576 (ctfmon.exe) - High - Threat: Win32:Trojan-gen''
''Process 1388 [cmdagent.exe], memory block 0x0000000002260000, block size 471040 - High - Threat: Win32:FakeWimes-B [Trj]''

I don't made any change with Comodo and cmdagent.exe, Avast or either file on my computer.

Regards from Serbia.

[DavidR]

This is something which we have asked before, why comodo is loading virus signatures into memory if the AV and or Defence+ isn't running. I believe it was even asked in the comodo forums by one avast user who also uses comodo. Though I don't believe there was any real answer as to why they do this if the virus signatures aren't being used.