Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


What is this? c:\windows\CSC\d6

  • Please log in to reply
3 replies to this topic

#1 Daffy1


  • Members
  • 2 posts
  • Local time:08:48 AM

Posted 09 December 2011 - 03:14 AM


I've been using Combofix for years and have been finding this file pop up a lot lately at different sites, different clients too. One computer had uploaded over 25gig to the internet

Ive found a lot of removal instructions but not any actual info on what it is/does etc. Is this actually a trojan??


Edited by Orange Blossom, 09 December 2011 - 03:59 PM.
Moved to AV forum. ~ OB

BC AdBot (Login to Remove)



#2 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,632 posts
  • Gender:Male
  • Local time:06:48 AM

Posted 11 December 2011 - 06:45 AM

CSC stands for Client Side Caching and is the folder where Windows stores Offline Files (used with shares).

C:\Windows\CSC is not a trojan, this folder is part of the Windows OS.

d6 is one of the files or directories stored as an Offline File. What shares do you use?

Didier Stevens

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018


If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.


Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"

#3 Daffy1

  • Topic Starter

  • Members
  • 2 posts
  • Local time:08:48 AM

Posted 13 December 2011 - 05:14 AM

oh ok many thanks, thought it was something more sinister.

Regular user shares and some database driven stuff

#4 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 50,747 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:48 AM

Posted 17 December 2011 - 08:29 PM

That folder was targeted by name and sUBs has corrected this in the latest version so it no longer should be detected.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users