Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware Removal?


  • Please log in to reply
5 replies to this topic

#1 mrchedda

mrchedda

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:52 PM

Posted 02 January 2008 - 08:53 AM

Hello there,

In the past week or two my computer has been getting slower and slower and slower. I have noticed a process named "ctalogd.exe", within the task manager window, googled it and found it to be some sort of malware. I noticed that HiJackThis is a common tool used for you to help us, so I have downloaded it and will be patiently waiting for instruction.

I have avg and counterspy but this process is left undetected. Help would be much appreciated with this removal process. Please advise. Thanks!

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,117 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:52 AM

Posted 02 January 2008 - 09:14 AM

Are you using Cisco Systems? ctalogd.exe is related to the Cisco certification agency agreements service process and installed in this path:

C:\Program Files\Cisco Systems\CiscoTrustAgent\ctalogd.exe

Anytime you come across a suspicious file, search the name using Google or the following links:
BC's File Database
BC's Startup Programs Database
File Research Center
ThreatExpert Malware Search
If no search results are found, you are given the option to "Submit a New Sample".

Determining whether a file is malware or a legitimate process sometimes depends on the location (path) it is running from. One of the ways that malware tries to hide is to give itself the same name as a critical system file. However, it then places itself in a different location on your computer. A file's properties may give a clue to identifying it. Right-click on the file, Properties and examine the General and Version tabs.

If you cannot find any information, the file has a legitimate name but is not located where it is supposed to be, or you want a second opinion, submit it to jotti's virusscan or virustotal.com. In the "File to upload & scan" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis.
Post back with the results of the file analysis.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 mrchedda

mrchedda
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:52 PM

Posted 02 January 2008 - 12:17 PM

Hello Quietman,

Thanks for the response. Yes I am using Cisco Systems. Upon right clicking on the file, and checking the general tab as instructed, the following shows:

File Version: 2.0.0.30

Description: Cisco Systems Trust Agent EventLog Service

Copyright: Copyrightę 2004-2005 Cisco Systems, Inc.


Is this process harmless if it is in fact Cisco?

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,117 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:52 AM

Posted 02 January 2008 - 01:23 PM

It is legit.

Cisco Security Agent
Cisco Security Agent Overview
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 mrchedda

mrchedda
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:52 PM

Posted 07 January 2008 - 09:23 AM

Thanks!

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,117 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:52 AM

Posted 07 January 2008 - 09:41 AM

Your welcome.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users