Author Topic: Ctfhost.exe in avast appdata dir (Read 3683 times)

REDACTED · « **on:** November 16, 2015, 12:26:02 AM »

I recently noticed that I had unusually high memory usage and checked task manager to find a process called Ctfhost.exe running with description "Microsoft operating system" this is not normal for my machine so I killed the process and investigated to find that the process was running from "C:\Users\Ciaran\AppData\Roaming\AVAST Software" directory. I looked up the process and could not find much information on it except that it was a malicious process. I also found a scheduled task to run it at login of any user. Has my install been hijacked.

I am running windows 7 x64 with avast premier.

Eddy · « **Reply #1 on:** November 16, 2015, 12:29:17 AM »

https://forum.avast.com/index.php?topic=53253.0

Pondus · « **Reply #2 on:** November 16, 2015, 12:41:32 AM »

upload and test Ctfhost.exe to www.virustotal.com if tested before, click rescan for a fresh result

Post link to scan result here

REDACTED · « **Reply #3 on:** November 16, 2015, 01:01:39 AM »

As I was investigating I deleted everything I found but all files point to it being installed on the 12-11-15 I didn't install anything on that date and had normal idle memory usage up until this evening. A malwarebytes scan shows that the system is clean. I'm going to change all my passwords now to be safe.

Could anybody check their %appdata% dir to see is ctfloader.exe there?

Eddy · « **Reply #4 on:** November 16, 2015, 01:05:28 AM »

Please follow the instructions in the link that I gave you.

Author Topic: Ctfhost.exe in avast appdata dir (Read 3683 times)

REDACTED

Ctfhost.exe in avast appdata dir

Eddy

Re: Ctfhost.exe in avast appdata dir

Pondus

Re: Ctfhost.exe in avast appdata dir

REDACTED

Re: Ctfhost.exe in avast appdata dir

Eddy

Re: Ctfhost.exe in avast appdata dir