CTFMUN.EXE - Dangerous

What you should do about CTFMUN.EXE:

Check Your PC Now
Your PC is infected. The file called CTFMUN.EXE is considered unsafe and there may be other infections on your PC.


You should urgently check your PC and remove any malicious software including CTFMUN.EXE as soon as possible. The free version of Prevx CSI will scan your PC for millions of spyware and malware infections in less than 2 minutes. Don't take the risk, check your PC now by clicking the green button.

Download Prevx CSI Now

Who Uses Prevx CSI?

Prevx has been detecting the threats that others miss since 2004.

More than 2,061,595 people have scanned with Prevx CSI and between them have checked 29.7 billion files. 66% of the PCs scanned had malware present.

What we know about CTFMUN.EXE:

The filename CTFMUN.EXE was first seen on Mar 28 2008 in AUSTRALIA. It has also been seen in the following geographical regions of the Prevx community:

  • SPAIN on May 8 2008
  • The UNITED KINGDOM on May 8 2008
The filename CTFMUN.EXE refers to many versions of an executable program.

The most common file size is 96,573 bytes. But the following file sizes have also been seen:

  • 37,784 bytes
  • 34,153 bytes
  • 34,200 bytes

The filename is associated with the malware group Rootkit.Gen.Some files using the name CTFMUN.EXE are also associated with the malware groups:
  • Dbase
  • Munter:Trojan-CTF
 These files have no vendor, product or version information specified in the file header.

CTFMUN.EXE has been seen to perform the following behavior(s):

  • The Process is packed and/or encrypted using a software packing process
  • This Process Creates Other Processes On Disk
  • Copies files
  • Looks at the contents of the autoexec.bat file
  • Reads email address and phone book details
  • Visits web sites without the user knowing
  • Adds a Registry Key (RUN) to auto start Programs on system start up
  • Creates a new Background Service on the machine
  • This Process Deletes Other Processes From Disk
  • Can communicate with other computer systems using HTTP protocols
  • Writes to another Process's Virtual Memory (Process Hijacking)

CTFMUN.EXE has been the subject of the following behavior(s):

  • Created as a new Background Service on the machine
  • Added as a Registry auto start to load Program on Boot up
  • Copied to multiple locations on the system
  • Executed as a Process
  • Created as a process on disk
  • Has code inserted into its Virtual Memory space by other programs

CTFMUN.EXE can also use the following file names:

  • 89734471.SVD
  • 6C718ECF1575F12B5C7E4D1BEBA285DC.EXE