SLBDMIME.EXE, CATSXS.EXE

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Does anyone know anything about either of these two exe's?
SLBDMIME.exe seems to call CATSXS.EXE, and they are starting when I
boot (slbdmime seems to be executing out of windows\system32 but
doesn't exist in that directory!).  I am running XP Pro with SP2,
Zonealarm and McAfee.  They seem to be trojans or worms.  How can I
get rid of them?   I have searched my hard drives but find nothing.
I've searched my registry and removed all references to them but to no
avail.

Thanks in advance,


Allan


Re: SLBDMIME.EXE, CATSXS.EXE


| Does anyone know anything about either of these two exe's?
| SLBDMIME.exe seems to call CATSXS.EXE, and they are starting when I
| boot (slbdmime seems to be executing out of windows\system32 but
| doesn't exist in that directory!).  I am running XP Pro with SP2,
| Zonealarm and McAfee.  They seem to be trojans or worms.  How can I
| get rid of them?   I have searched my hard drives but find nothing.
| I've searched my registry and removed all references to them but to no
| avail.
|
| Thanks in advance,
|
| Allan

Please submit samples of "SLBDMIME.exe" and "CATSXS.EXE" to Virus Total --
http://www.virustotal.com/flash/index_en.html
The submission will then be tested against many different AV vendor's scanners.
That will give you an idea what it is and who recognizes it.  In addition,
unless told
otherwise, Virus Total will provide the sample to all participating vendors.

You can also submit a suspect, one at a time, via the following email URL...
mailto:scan@virustotal.com?subject=SCAN

When you get the report, please post back the exact results.


--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Re: SLBDMIME.EXE, CATSXS.EXE

wrote:
Quoted text here. Click to load it
Davehttp://www.claymania.com/removal-trojan-adware.htmlhttp://www.ik-cs.com/got-a-virus.htm

Hi Dave,

Well...let me put it this way.  I cannot find any file on my system
called 'slbdmime.exe' nor 'catsxs.exe' or I would be happy to do what
you suggest.  However, I keep getting popup windows that list these
exe's in the window label.  They popup when I first boot, and they pop
up randomly (but maybe associated with the browser somehow?).  I have
a popup window on my screen now that says 'CATSXS.EXE - Bad Image' -
If I press the 'OK' button then I get a window which says 'Internet
Explorer has encountered a problem and needs to close'.  I also cannot
find anything in the task manager that I can correlate with either of
these exe's.  I cannot find anything in the registry with these
names.  However, I can find a reference to 'SLBDMIME.EXE' in one of my
ZoneAlarm log files, where access to the Internet was blocked.

Got any other suggestions?

Thanks,

Allan


Re: SLBDMIME.EXE, CATSXS.EXE



|
| Hi Dave,
|
| Well...let me put it this way.  I cannot find any file on my system
| called 'slbdmime.exe' nor 'catsxs.exe' or I would be happy to do what
| you suggest.  However, I keep getting popup windows that list these
| exe's in the window label.  They popup when I first boot, and they pop
| up randomly (but maybe associated with the browser somehow?).  I have
| a popup window on my screen now that says 'CATSXS.EXE - Bad Image' -
| If I press the 'OK' button then I get a window which says 'Internet
| Explorer has encountered a problem and needs to close'.  I also cannot
| find anything in the task manager that I can correlate with either of
| these exe's.  I cannot find anything in the registry with these
| names.  However, I can find a reference to 'SLBDMIME.EXE' in one of my
| ZoneAlarm log files, where access to the Internet was blocked.
|
| Got any other suggestions?
|
| Thanks,
|
| Allan

Make sure you search in ALL areas of the hard disk and include "Hidden" and
"System" files.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Re: SLBDMIME.EXE, CATSXS.EXE

wrote:
Quoted text here. Click to load it
Davehttp://www.claymania.com/removal-trojan-adware.htmlhttp://www.ik-cs.com/got-a-virus.htm

Already did that.  What I'd really like to do is search all of the
dll's to see if I could find a reference to either of these exe's -
can you tell me how to do that?

Allan


Re: SLBDMIME.EXE, CATSXS.EXE

posted on 27 Mar 2007 15:06:38 -0700, allanvalmck@yahoo.com wrote: Begin

Quoted text here. Click to load it

Try a grepper,
my favorite http://www.mythicsoft.com/agentransack /


--

Bart

Re: SLBDMIME.EXE, CATSXS.EXE

wrote:
Quoted text here. Click to load it
Davehttp://www.claymania.com/removal-trojan-adware.htmlhttp://www.ik-cs.com/got-a-virus.htm

Dave,

Sorry I'm an idiot - searching through the dll's now - wish me luck.

Allan


Re: SLBDMIME.EXE, CATSXS.EXE

On Mar 28, 1:33 am, allanval...@yahoo.com wrote:
Quoted text here. Click to load it

Use HiJackThis to track down or check for possible infections.
Here is all the the info needed to empower yourself, anything you are
not sure of, put into a search engine like Google.
Read this link 1st, it has step by step.
http://www.wilderssecurity.com/showthread.php?t=50662
Important: Create a specific folder on your hard drive called
HijackThis to keep its backups.
You can do this by going to My Computer (Windows key+e) then double
click on C: then right click and select New then Folder and name it
HijackThis. Download and unzip HijackThis.exe into this folder.
http://www.merijn.org/downloads.html Or, http://tomcoyote.com/hjt/ Or,
http://www.spywareinfo.com/~merijn/programs.php
If possible run HJT in Normal mode ( not Safe ) with all your normal
startup's working.
HijackThis Tutorial - How to Analyse your own log.
http://spywarewarrior.com/viewtopic.php?t=3624
http://hometown.aol.co.uk/jrmc137/hjttutorial/tutorial.htm
http://www.bleepingcomputer.com/tutorials/tutorial42.html
http://www.malwarehelp.org/understanding-and-interpreting-hjt1.html
HijackThis log file analysis ( online )
http://hijackthis.de/index.php?langselect=english
Or,
http://startup.networktechs.com/page-68.html
http://hjt.iamnotageek.com
Malware Prevention: Prevent Re-infection
http://wiki.castlecops.com/Malware_Prevention:_Prevent_Re-infection


Site Timeline