Bits from Bill

Technology thoughts leaking from the brain of "Bill Pytlovany"

Monday, June 08, 2009

Mystery Filenames that Make No Sense

Have you ever notice a filename that is so bizarre you think it must be some kind of malware? Microsoft Windows has supported long filenames for years but most folks still haven’t caught on. Microsoft is especially guilty of using short useless filenames like lsass.exe, mdm.exe and the most infamous ctfmon.exe.


One of the features of WinPatrol PLUS is the ability to click on a filename and receive a human readable explanation. We try our best to let you know what a file does, if it’s safe and why you might need it. I keep track of all the requests to make sure I’ll can catch any new mystery files, good or bad.


I’ve taken a snapshot of all our PLUS Info from last month and thought I’d share some of the top requests with all my readers.


The number one mystery file that people want to know about continues to be “CTFMON.exe”. Here’s a little of what you’ll read in our PLUS databae.

CTFMON.exe

CTFMON.exe
Ctfmon.exe activates the Alternative User Input Text Input Processor (TIP) and the Microsoft Office Language Bar. It monitors the active windows and provides text input service support for speech recognition, handwriting recognition, keyboard, translation, and other alternative user input technologies. Initially it only installed with Microsoft Office 2002 and XP. Now it may be used by a number of Microsoft programs that supports alternative user input. When you run such a program, the file Ctfmon.exe runs in the background. It remains in memory even after you quit the program. More detail on what the program does can be found at http://support.microsoft.com/default.aspx?scid=kb;EN-US;q282599 and at http://support.microsoft.com/?kbid=823586.


While Microsoft typically holds the number one spot they aren’t the only one with startup programs with mystery filename.

Adobe Acrobat Speed Launch – READER_SL.EXE
Reader_sl.exe installs with Adobe Acrobat reader 7 or later as its "speed launch" utility. This file runs on system setup and pre-loads the acrobat reader so that it will launch more quickly when needed.

There are multiple versions of the speed launch feature available. Typically they install with different versions of Acrobat but they all do the same thing. You shouldn't need more than one of these files running on system startup in order to get the benefit of the faster launch: reader_sl.exe, sc_acrobat.exe, _sc_acrobat.exe, sc_reader.exe, and acrobat_sl.exe. You'll find more information on Speed Launch for Adobe Acrobat, Adobe Reader, and Acrobat 3D at http://www.adobe.com/cfusion/knowledgebase/index.cfm?id=331131.


Sun JAVA
Sun's Java BHO – SSV.DLL
Ssv.dll is a browser helper object that installs with the Sun Java Runtime Environment and Java 2 Platform Standard Edition 5.0 Update 6 or later. It will appear in your c:\Program Files\Java\jre_1.5.0 folder (name varies with version number). SSV stands for Secure Static Version. It is a feature that allows an HTML file to specify which JRE family to run.

For more information about this feature, please see the documents Deploying Java Applets With Family JRE Versions in Java Plug-in for Internet Explorer: http://java.sun.com/javase/6/webnotes/family-clsid.html and the alert Java Plug-in and Java Web Start May Allow Applets and Applications to Run With Unpatched JRE: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102557-1.


Other popular file searches this past month include many programs which aren’t necessary. Programs that run in the background just to see if you need an updated version are far too popular. As you can see, the filenames rarely give you a clue what these files do.

OSA.EXE, OSA9.EXE - Office Startup Assistant
MDNSRESPONDER.EXE - part of Apple Bonjour
JUSCHED.EXE - Sun's Java Plug-in Updater
NVSTARTUP, NVCPL.DLL - NVidia Graphics system tray applet
MSASCUI.EXE - Obviously is Windows Defender
QTTASK.EXE - Apple Quicktime Player always come back unless disabled with WinPatrol.
SMSS.EXE - Session Manager Subsystem of course


Google, Adobe and Apple are actually the ones using long filenames most often even though we don’t normally need their programs running in the background.


Google Updater
GOOGLETOOLBARNOTIFIER.exe
GOOGLEUPDATERSERVICE.exe - Not required programs but at least you get a clue to what they do.


Adobe Updater
ADOBEUPDATER.exeGiven how many vulnerabilities Adobe has been running into lately it might be worth running this one.


Apple Mobile Services
APPLEMOBILEDEVICESERVICE.exe - Apple iTunes Mobile Connection doesn’t need to be running all the time and will be installed with iTunes even if you have a regular iPod that doesn’t use mobile services of the iPhone or iTouch.


Labels: , , ,

Share on Facebook


5 Comments:

Anonymous JusJane said...

When I used WinPatrol and had a problem with something, I used your FAQ and usually got an answer. With WP Plus, It's like *MAGIC* I can search within the program and get a return on whatever the query is. Occasionally I can't find it so fire off an email and receive an answer.

I can read the latest News from BillP studios, too.

Twitter tells me when you've made a choice comment.

I've certainly found a jewel in Win Patrol Plus. Best investment I've made - and cheap at the price.

Thanks Bill, til you tweet again. :-)

7:55 PM  
Blogger nightsmusic said...

I've been using WinPatrol since forever now. It's the number one program I install on any new computer I buy or any reformat I do.

I would like to know though, on the programs you listed here, which ones can I disable from the startup list?

I often find odd programs on the list that, while they aren't harmful, take a lot of unnecessary room.

Thanks for an awesome program :)

10:22 AM  
Anonymous Error.EXE said...

Interesting - I'd guess it was from the times of DOS and 8.3 when no filename could be longer than 8 characters. A leftover to be sure. Nowadays there are no reasons as to why not have "readable" file names.

8:53 PM  
Blogger Giuseppe Iacobaci said...

I've always been curious about these strange short names used by programmers... by the way, could you tell me what does "wpsetup.exe" mean? :-))

4:08 PM  
Blogger Unknown said...

Looking at running processes, I often wondered if on internet (maybe WinPatrol?) I might find a list of the services that are useless. Since a few "popular" were listed here , maybe it's a good occasion to ask a list also the "rubish" that we really don't need and which are only taking memory space and swap file time.
What about a name like ccSvcHst.exe... not only mysterious, but also way too active to my taste.

Nightmusic, you are not alone (as M.Jackson was singing)

11:34 AM  

Post a Comment

<< Home