Hi David
Virustotal IS detecting that ctfmon.exe contains the Win32.Banker virus......it is saying that Esafe is detecting it.
Regards
Greg
When only 1 of the VT scanners detects anything it is highly likely that it is an FP, given that this detection is by esafe, which appears to have a high degree of FPs I would ignore its detection when the better known AV scanners find nothing.
There exceptions to this rule of thumb, but I don't think that is the case here.
@@@@
As I have said
the alert in avast isn't on ctfmon.exe but a memory block that it loaded into memory and you can't upload a memory block to VT to be scanned. So effectively any scan on ctfmon.exe is invalid as that isn't what avast is alerting on.
Save yourself a boatload of grief and do as suggested don't scan memory on a custom scan.