CastleCops, Internet Crime Fighters
Need help? Click here to register for free! Absolutely zero advertisements on this site!

Donation/Premium
spacer
Donations. Become Premium Today! Premium Icon
block bottom
Security Central
spacer
· Home
· PIRT/Fried Phish
· MIRT
· SIRT
· Deutsch
· Wiki
· Newsletter
· O16/ActiveX
· CLSID List
· Contest2007
· Downloads
· Feedback (send)
· Forums
· HijackThis
· Hijacktrend
· LSPs
· My Downloads
· O18
· O20
· O21
· O22
· O23
· O9
· Premium
· Private Messages
· Proxomitron
· Reviews
· Search
· StartupList
· Stories Archive
· Submit News
· WsIRT
· Your Account
· Acceptable Use Policy
block bottom
spacer spacer
 Forum FAQForum FAQ   SearchSearch   UsergroupsUsergroups   ProfileProfile   Login to check your private messagesLogin to check your private messages   LoginLogin   Your Favorite ForumsSelect FavForums 

cat.exe

 
Post new topic   Reply to topic       All -> FavForums -> Trend Micro HijackThis Logs [del.icio.us!] [digg it!] [reddit!]
View previous topic :: View next topic  
Author Message
Resist

Cadet
Cadet


Joined: Dec 15, 2003
Posts: 2
Location: Denmark
PostPosted: Mon Dec 15, 2003 8:39 pm    Post subject: cat.exe
Reply with quote

To TonyKlein or others!

First sorry for my english, but im danish!!
Here : CastleCops Link/p37083-Startportal.html you (Tony) fix these two:

O4 - HKLM\..\Run: [Diskstart] C:\WINDOWS\System32\cat.exe

C:\WINDOWS\System32\cat.exe

Google.com gives something about a Canon driver????

In this logfile we dont know: http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=111 about the above.

What do you say??
Back to top
View users profile Send private message Visit posters website
TonyKlein

Site Moderator
Microsoft MVP

Joined: Oct 15, 2002
Posts: 13120
Location: Netherlands
MIRT Moderators MVP Premium Security Experts

PostPosted: Tue Dec 16, 2003 12:56 am    Post subject:
Reply with quote

Hi there,

We actually obtained a copy of this particular file a while ago, and I can tell you will 100% certainty that it's a p0rn dialer.

Go to Start > Run > Msconfig, and examine the Startup tab.

If you have this item:

Diskstart = (path to the file) cat.exe

It's the dialer.


_________________
Tony image CLSID List
Back to top
View users profile Send private message
Resist

Cadet
Cadet


Joined: Dec 15, 2003
Posts: 2
Location: Denmark
PostPosted: Tue Dec 16, 2003 7:28 am    Post subject:
Reply with quote

Thanks Tony – you are my hero!
Back to top
View users profile Send private message Visit posters website
TonyKlein

Site Moderator
Microsoft MVP

Joined: Oct 15, 2002
Posts: 13120
Location: Netherlands
MIRT Moderators MVP Premium Security Experts

PostPosted: Tue Dec 16, 2003 10:59 pm    Post subject:
Reply with quote

You're welcome; glad to help! Smile

NOTE: This thread is now closed. Should you need it reopened, please PM a mod.
Everyone else having a similar issue, please launch a new topic for yourselves.


_________________
Tony image CLSID List
Back to top
View users profile Send private message
Display posts from previous:   
Post new topic   Reply to topic       All -> FavForums -> Trend Micro HijackThis Logs All times are GMT
Page 1 of 1

 
 You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001 phpBB Group
2002-2008 © Computer Cops LLC dba CastleCops®. All rights reserved.
Acceptable Use Policy. Use signifies your agreement.
149ppm 0.277s (0.049s)
Making cybercriminals unhappy since 2002*
In Memory of Trpm
spacer spacer