TrojWare.Win32.TrojanDropper.Paradrop.t... is this a fp ?!

More than an hour and a half ago I’ve received this alert from CIS when I’ve turned on my pc (see attached pic). I’ve hit Quarrantine but when I tried to submit it, I saw that was already submitted. I’ve restored the file back from Quarrantine, reseted my pc and again the alert popped up but this time I’ve hit Disinfect. I’ve reseted again but this time the alert didn’t popped up.

I didn’t installed any software this passed week, my last installed software was Need For Speed World but I’ve uninstalled it. I didn’t had this alert when I’ve turned on my pc earlier today or until now but almost two hours ago when I’ve turned on the pc again, I’ve received this alert.
This makes me think that it could be a fp caused by today’s db update but if it’s really a malware than I will restore my system…

Anyone else had this or knows something bout it ? Thx

[attachment deleted by admin]

I have not gotten that alert. What windows are you using?

win xp pro sp3 32bit admin account

here is some info about it. PC Hell: What is CTFMON.EXE and How Can I Remove It and here ctfmon.exe Windows process - What is it?.

I hope this will help.


I received this identical warning as I powered-up my Win XP 32 bit SP3 pc. I was not connected to the network at that point (I do this manually).

I quarantined the file, but the file still exists at the reported location [C:\WINDOWS\system32\ctfmon.exe] and still appears in the process list.

I manually scanned the file at C:\WINDOWS\system32\ctfmon.exe. The outcome was no infection.

Is this a false positive?

It seems that even if I manually add the file to quarrantine, at the next reboot I still get the pop-up. If I put the file back, reboot and do a full pc scan with everything set to max, CIS doesn’t detect any threat. I guess this av alert is only present when I reboot and ctfmon.exe process starts…

I initially received Antivirus Alert 'trojware.win32.trojandropper.paradrop.t[at]14120 at 12.50 (BST) on 5 December.
Infected file is c\windows\system32\ctfmon.exe
I have tried Clean,Disinfect and quarantine but the alert occurs each time I reboot.
Scans with Comodo and Malwarebytes do not show anything.
I have WinXP 32 bit Comodo Internet Security Premium.
The Antivirus Event log reports status: success each time
Can this trojan be removed with Comodo ?

someon just submit that file here Comodo Antivirus Database | Submit Files for Malware Analysis as a false positive and they should fix it really fast.

I think this is a genuine file related to MS Office. I guess if it is removed or disabled it is automatically created or enabled after restart. By the way Win XP SP3 no detection here.


I’ve submitted the file as a false-positive to the link provided by languy99. I hope it’s a fp for my pc’s sake but I’m sure the devs will figure it out.

Hi Folks,I’ve gotten this alert twice,both times the AV was updating. Cleaned both times. XP running with SP3 Thanks

Hello guys,

This False Positive has been fixed. You can updated to Virus Signature Database version 6970 and confirm it.

Best regards,

Yep, updated to 6970, rebooted twice to be sure and I can confirm that the alert doesn’t pop-up anymore !
Thanks to Comodo devs for their promptitude and good work, we really appreciate it !

I’m happy it was just a fp !

I begin to love FP ;D