SLBDMIME.EXE, CATSXS.EXE

[allanvalmck]

Does anyone know anything about either of these two exe's?
SLBDMIME.exe seems to call CATSXS.EXE, and they are starting when I
boot (slbdmime seems to be executing out of windows\system32 but
doesn't exist in that directory!). I am running XP Pro with SP2,
Zonealarm and McAfee. They seem to be trojans or worms. How can I
get rid of them? I have searched my hard drives but find nothing.
I've searched my registry and removed all references to them but to no
avail.

Thanks in advance,


Allan

 

[David H. Lipman]

From: <[email protected]>

| Does anyone know anything about either of these two exe's?
| SLBDMIME.exe seems to call CATSXS.EXE, and they are starting when I
| boot (slbdmime seems to be executing out of windows\system32 but
| doesn't exist in that directory!). I am running XP Pro with SP2,
| Zonealarm and McAfee. They seem to be trojans or worms. How can I
| get rid of them? I have searched my hard drives but find nothing.
| I've searched my registry and removed all references to them but to no
| avail.
|
| Thanks in advance,
|
| Allan

Please submit samples of "SLBDMIME.exe" and "CATSXS.EXE" to Virus Total --
http://www.virustotal.com/flash/index_en.html
The submission will then be tested against many different AV vendor's scanners.
That will give you an idea what it is and who recognizes it. In addition, unless told
otherwise, Virus Total will provide the sample to all participating vendors.

You can also submit a suspect, one at a time, via the following email URL...
mailto:[email protected]?subject=SCAN

When you get the report, please post back the exact results.

 

[allanvalmck]

From: <[email protected]>

| Does anyone know anything about either of these two exe's?
| SLBDMIME.exe seems to call CATSXS.EXE, and they are starting when I
| boot (slbdmime seems to be executing out of windows\system32 but
| doesn't exist in that directory!). I am running XP Pro with SP2,
| Zonealarm and McAfee. They seem to be trojans or worms. How can I
| get rid of them? I have searched my hard drives but find nothing.
| I've searched my registry and removed all references to them but to no
| avail.
|
| Thanks in advance,
|
| Allan

Please submit samples of "SLBDMIME.exe" and "CATSXS.EXE" to Virus Total --http://www.virustotal.com/flash/index_en.html
The submission will then be tested against many different AV vendor's scanners.
That will give you an idea what it is and who recognizes it. In addition, unless told
otherwise, Virus Total will provide the sample to all participating vendors.

You can also submit a suspect, one at a time, via the following email URL...
mailto:[email protected]?subject=SCAN

When you get the report, please post back the exact results.

Hi Dave,

Well...let me put it this way. I cannot find any file on my system
called 'slbdmime.exe' nor 'catsxs.exe' or I would be happy to do what
you suggest. However, I keep getting popup windows that list these
exe's in the window label. They popup when I first boot, and they pop
up randomly (but maybe associated with the browser somehow?). I have
a popup window on my screen now that says 'CATSXS.EXE - Bad Image' -
If I press the 'OK' button then I get a window which says 'Internet
Explorer has encountered a problem and needs to close'. I also cannot
find anything in the task manager that I can correlate with either of
these exe's. I cannot find anything in the registry with these
names. However, I can find a reference to 'SLBDMIME.EXE' in one of my
ZoneAlarm log files, where access to the Internet was blocked.

Got any other suggestions?

Thanks,

Allan

 

[David H. Lipman]

From: <[email protected]>


|
| Hi Dave,
|
| Well...let me put it this way. I cannot find any file on my system
| called 'slbdmime.exe' nor 'catsxs.exe' or I would be happy to do what
| you suggest. However, I keep getting popup windows that list these
| exe's in the window label. They popup when I first boot, and they pop
| up randomly (but maybe associated with the browser somehow?). I have
| a popup window on my screen now that says 'CATSXS.EXE - Bad Image' -
| If I press the 'OK' button then I get a window which says 'Internet
| Explorer has encountered a problem and needs to close'. I also cannot
| find anything in the task manager that I can correlate with either of
| these exe's. I cannot find anything in the registry with these
| names. However, I can find a reference to 'SLBDMIME.EXE' in one of my
| ZoneAlarm log files, where access to the Internet was blocked.
|
| Got any other suggestions?
|
| Thanks,
|
| Allan

Make sure you search in ALL areas of the hard disk and include "Hidden" and "System" files.

 

[allanvalmck]

From: <[email protected]>

|
| Hi Dave,
|
| Well...let me put it this way. I cannot find any file on my system
| called 'slbdmime.exe' nor 'catsxs.exe' or I would be happy to do what
| you suggest. However, I keep getting popup windows that list these
| exe's in the window label. They popup when I first boot, and they pop
| up randomly (but maybe associated with the browser somehow?). I have
| a popup window on my screen now that says 'CATSXS.EXE - Bad Image' -
| If I press the 'OK' button then I get a window which says 'Internet
| Explorer has encountered a problem and needs to close'. I also cannot
| find anything in the task manager that I can correlate with either of
| these exe's. I cannot find anything in the registry with these
| names. However, I can find a reference to 'SLBDMIME.EXE' in one of my
| ZoneAlarm log files, where access to the Internet was blocked.
|
| Got any other suggestions?
|
| Thanks,
|
| Allan

Make sure you search in ALL areas of the hard disk and include "Hidden" and "System" files.

Already did that. What I'd really like to do is search all of the
dll's to see if I could find a reference to either of these exe's -
can you tell me how to do that?

Allan

 

[allanvalmck]

From: <[email protected]>

|
| Hi Dave,
|
| Well...let me put it this way. I cannot find any file on my system
| called 'slbdmime.exe' nor 'catsxs.exe' or I would be happy to do what
| you suggest. However, I keep getting popup windows that list these
| exe's in the window label. They popup when I first boot, and they pop
| up randomly (but maybe associated with the browser somehow?). I have
| a popup window on my screen now that says 'CATSXS.EXE - Bad Image' -
| If I press the 'OK' button then I get a window which says 'Internet
| Explorer has encountered a problem and needs to close'. I also cannot
| find anything in the task manager that I can correlate with either of
| these exe's. I cannot find anything in the registry with these
| names. However, I can find a reference to 'SLBDMIME.EXE' in one of my
| ZoneAlarm log files, where access to the Internet was blocked.
|
| Got any other suggestions?
|
| Thanks,
|
| Allan

Make sure you search in ALL areas of the hard disk and include "Hidden" and "System" files.

Dave,

Sorry I'm an idiot - searching through the dll's now - wish me luck.

Allan

 

[Bart Bailey]

What I'd really like to do is search all of the
dll's to see if I could find a reference to either of these exe's -
can you tell me how to do that?

Try a grepper,
my favorite http://www.mythicsoft.com/agentransack/

 

[jmatt]

Does anyone know anything about either of these two exe's?

Use HiJackThis to track down or check for possible infections.
Here is all the the info needed to empower yourself, anything you are
not sure of, put into a search engine like Google.
Read this link 1st, it has step by step.
http://www.wilderssecurity.com/showthread.php?t=50662
Important: Create a specific folder on your hard drive called
HijackThis to keep its backups.
You can do this by going to My Computer (Windows key+e) then double
click on C: then right click and select New then Folder and name it
HijackThis. Download and unzip HijackThis.exe into this folder.
http://www.merijn.org/downloads.html Or, http://tomcoyote.com/hjt/ Or,
http://www.spywareinfo.com/~merijn/programs.php
If possible run HJT in Normal mode ( not Safe ) with all your normal
startup's working.
HijackThis Tutorial - How to Analyse your own log.
http://spywarewarrior.com/viewtopic.php?t=3624
http://hometown.aol.co.uk/jrmc137/hjttutorial/tutorial.htm
http://www.bleepingcomputer.com/tutorials/tutorial42.html
http://www.malwarehelp.org/understanding-and-interpreting-hjt1.html
HijackThis log file analysis ( online )
http://hijackthis.de/index.php?langselect=english
Or,
http://startup.networktechs.com/page-68.html
http://hjt.iamnotageek.com
Malware Prevention: Prevent Re-infection
http://wiki.castlecops.com/Malware_Prevention:_Prevent_Re-infection

 

[Virus Guy]

Already did that. What I'd really like to do is search all of the
dll's to see if I could find a reference to either of these exe's -
can you tell me how to do that?

Yea -

Get a real operating system that doesn't hide things from you (like
Windows 98).

NT-based operating systems just love to hide things from the user.

If you want to find this thing, you'd better remove the hard drive and
connect it as a slave to another machine, and then scan the drive that
way. You'll have better luck at least getting a hold of the actual
file and removing it.

Alternatively, the file in question is contained within a packed or
compressed file. I hate anti-virus programs that don't tell you
*where* the suspect file is (the full path) or tell you that it's
contained within an archive.