Safezone issue PLEASE HELP/RESPOND!!!!!

[mchain]

Glad to help.

Behavior you now see is to be expected now that you've set the main tick box to run all elements of your browser to be virtualized.

Re the second issue, ("c:\windows\SysWOW64\ctfmon.exe is always sandboxed automatically when my sys is running") you've to check to see if this file is clean or not first.  Avast! sandboxing is done on the premise that a file, when scanned, is not well-known, or is not the correct actual file it should be.  Hence, under this scenario, sandboxing is actually protecting you from harm. 

One of the criteria used is "Reputation Services".

ctfmon.exe is used by:  http://support.microsoft.com/kb/282599 but there are known trojans masquerading as ctfmon.exe also.  http://systemexplorer.net/file-database/file/ctfmon-exe as an example.

For now, we'll stop here until you've submitted your file to virus total dot com and pasted the resulting url of the scan in your next reply.  Should there be more than, say, two detections, then would be best to have a certified malware expert have a look at your system, as I am not qualified to go any further than that.  Motto here is 'do no harm to a victim's system' and I certainly do not wish to cause harm here.

https://www.virustotal.com/
http://r.virscan.org/

Hopefully you do not fall into this category.  And we then will be able to troubleshoot your issues further without harm.

[kevbeck]

How do I locate he file to submit to virus total? I'm hoping troubleshooting this issue will fix the sound to work when I run my browsers sandboxed as that is my focus. If I'm looking at YouTube videos for an example and my browser is sandboxed, the sound will not work. I have to close and reopen regularly. I have no plugins or 3rd party extensions. I run stock browsers and have tried uninstalling reinstalling

[Asyn]

How do I locate he file to submit to virus total?

c:\windows\SysWOW64\ctfmon.exe

[kevbeck]

The Scan on VT  was clean. It seems to be a legit file. What are my next steps?


File name:   CTFMON
Detection ratio:    0 / 48
Analysis date:    2013-10-09 04:01:34 UTC ( 1 day ago )

The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.

Microsoft Corporation. All rights reserved.
Publisher Microsoft Windows
Product Microsoft® Windows® Operating System
Version 6.1.7600.16385
Original name CTFMON.EXE
Internal name CTFMON
File version 6.1.7600.16385 (win7_rtm.090713-1255)
Description CTF Loader
Signature verification  Signed file, verified signature
Signing date 4:17 AM 7/14/2009
Signers   

• Microsoft Windows
• Microsoft Windows Verification PCA
• Microsoft Root Certificate Authority

Counter signers   

• Microsoft Time-Stamp Service
• Microsoft Time-Stamp PCA
• Microsoft Root Certificate Authority

[Asyn]

What are my next steps?

Do you think you're infected or what is the problem exactly..??

[mchain]

Thanks, Asyn, for the help so far.

@ kevbeck,

Could you copy/paste the resubmitted vt scan in your next reply? 

I have no way of knowing if the vt scan I found was your vt report as the original url was not pasted in your prior reply, so I submitted a new fresh scan from my Win 7 system; this resulted in the prior scan being lost at the moment.  I am sure that report can be recovered, but have not yet been successful in doing so.

Even tho the scan came out clean, there was a suspicious element in that the file submitted performed two operations while analyzed it maybe should not have:  xcopy, and another operation I forgot to write down.

What now is there @ vt is the most recent analysis; it is the same file but it is submitted from my Win 7 system.  It did not show these two operations, or any, occurring at all. 

So, the current report is different from yours, this is assuming you were the last one to submit that file for analysis.

You may need to resubmit your file for analysis as I am not able to recover the prior report from here. 

Sorry about that, but this is one of the reasons why I do not propose running certain programs that can possibly damage an user's system and running subsequent fixes based on the logs from them.  Do not wish to cause harm here.

I do think the two operations discovered may well be suspicious if the the prior report was submitted by you, especially if. as you say, avast! is sandboxing your ctfmon.exe file every time it runs. 

We need to find out why that is happening.

Awaiting your reply with the resubmitted pasted vt url link.

[EDIT:]  Never mind, I think I've found it using Google:  https://www.virustotal.com/en/file/6bb5f3a7147660db416b838893c7d0734872ada9f7db68b1d019043a1cb89397/analysis/      Look into the 'Relationships' Tab to see what is there under CarbonBlack.

[kevbeck]

@ mchain, My apologies for leaving out the url. Thanks for finding it. That is mine. I was assuming since there was a 0% detection ration the file was clean. But im guessing VT is hinting the file is suspicious. Im still not leaning toward thinking my system is infected since running mbam finds nothing. It would make more since for my system to have corrupted files relating to my issues. Can you please direct me to taking the next steps to solving the issues noted below?

@asyn, The issues im having are 1. my ctfmon.exe file is always sandboxed and im concerned as to why 2. When running my browser sandboxed, my audio/sound does not work. 3. My pc has a slow abnormal startup/lag . 4. I was receiving a plugin crash notification while using safezone but after following mchains instructions noted earlier in this post, it seemed to have solved the issue for now. thnx

Ive recently tried ms fixit to see if that solved it but it didnt work.

Not to sound bombastic, but i am certain avast plays a role in these issues and im looking to fix them. I am willing to follow any help i can get.

[Asyn]

Not to sound bombastic, but i am certain avast plays a role in these issues and im looking to fix them. I am willing to follow any help i can get.

- Which avast!..?? (Free/Pro/IS/Premier)
- Which version..??
- OS..?? (32/64 Bit..? - which SP..?)
- Other security related software installed..??
- Which AV(s) did you use before avast!..??

[kevbeck]

@ asyn, I've had avast for longer than I can remember. I have the latest and most updated ver of AIS. Win 7 64 bit - latest and most updated ver of win os. Mbam pro running alongside. When I first bought my sys it had norton but I uninstalled it during the time I bought avast.

[Asyn]

1. Download avast! Internet Security: http://files.avast.com/iavs5x/avast_internet_security_setup.exe
2. Follow instructions: http://www.avast.com/uninstall-utility (Run this tool for all prior installed avast! versions..!!)
3. Reinstall avast! with the downloaded installer from point 1.
4. Reboot.

Better now..?

[mchain]

Not to sound bombastic, but i am certain avast plays a role in these issues and im looking to fix them. I am willing to follow any help i can get.

- Which avast!..?? (Free/Pro/IS/Premier)
- Which version..??
- OS..?? (32/64 Bit..? - which SP..?)
- Other security related software installed..??
- Which AV(s) did you use before avast!..??

I'm with Asyn.  We need to rule out any possible issues with avast! so the above actions in his second post following I concur with.  I've noted a certain reticence with some of your replies [possibly due to a certainty that avast! is to blame for your issue(s)] in that info asked for is not directly answered in your next post, but, really, without that info, we're left to guess as we're not in front of your system. 

Maybe it is privacy issues you're concerned with, hard to tell from here.  We're both here to help out just so you know.

You could try running the removal tool for symantec once again as they tend to get updated from time to time once again:  http://www.avast.com/faq.php?article=AVKB11#artTitle

Reboot after running this tool.  Whether you run the tool before or after a clean install of avast! should not matter that much; point is to remove any left over drivers from the OEM installation as it came with your system when new.

[kevbeck]

I will follow your instructions to reinstall even though I have done this before. I'm not trying to sound rude but I've had to do this aleast 3 times now. Im willing to provide any info u need. I've also noticed  other posts related to ctfmon being auto sandboxed etc... for ex.    http://forum.avast.com/index.php?topic=79649.msg654452#msg654452

Thanks for the support

[kevbeck]

What is the default path when AIS is installed. The uninstall utility requires me to choose a path.. I dont know where to search. I do see other folders - one says sandbox, another says safezone (c:\) . Im not sure why these files are still there after i just uninstalled via control panel. Im assuming im suppose to select those folders using the uninstall utility..... Please direct me

[kevbeck]

Can someone explain to me why these folders are still there after i uninstalled via control panel and also i used the uninstall utility on the sandbox folder but it did not delete/remove. I would like to re-install but because these folders have temp files in them i am assuming this will preserve or cause the same issues i noted in the beginning/middle of this post.... very frustrating.

[kevbeck]

**My Issue is noted below my rant.

I feel that my plea for assistance is becoming a rant and a pathetic journey. I waited 30+ minutes to reach avast customer service by phone 1866-951-7679 to get assistance with uninstalling avast properly only to be told that the fact that there are files/folders left over after uninstalling  AIS,  there is a problem with my OS and they want me to pay $170 for total support to speak to a Microsoft certified tech to help me. I assumed there would be no cost support by phone to assist with uninstalling/reinstalling the software i paid for since it is however causing issues. I should have known avast would work to blame and divide problems on my system and want me to pay $170 to be told how to fully uninstall avast and left over folders/files. Have i considered that my system might be the culprit ? Yes. But seeing that the only issues are with avast and knowing that i am very meticulous on how how use my system, it is reasonable to say the issue is not my system. The customer support spectrum and responsibilities of the agents needs to increase without requiring users to pay a leg for help. I mean honestly, i need help uninstalling and re-installing the product and if that requires extra tools then help me do it for free since i paid for 2 years for this service and it does not work properly. If i have a problem with my phone, i call my provider and they help me troubleshoot and do not charge me an arm and a leg, if i have issues with satellite, they help me troubleshoot at no cost because i have a paid subscription.  I don't care what anyone's opinion about this is because the truth is, this is no way to treat a customer.  Yes its nice that i can get free help on the forums but i have a life outside using my computer, i cant just hop on and type away and wait for responses whenever i want. I am very disappointed on the lack of true support from agents by phone. Vincent Steckler, Do something about that!! Yes the marketing and appearance of avast is nice now concentrate on the customer service side of the business because it needs improvement.

**I uninstalled avast through control panel and it left behind folders that have related files. I need to reinstall avast on my system so i can exhaust my subscription that i paid for.  I do not want to reinstall avast with still having these files as it will most likely cause the same issues i have been having.

1. is it safe to just delete the left over folders ? Will that clear all traces of avast on my system.

2. would someone be so kind as to do instruct me how to clear all traces of avast before i re install.