Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

What is this? c:\windows\CSC\d6


  • Please log in to reply
3 replies to this topic

#1 Daffy1

Daffy1

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 09 December 2011 - 03:14 AM

Hi,

I've been using Combofix for years and have been finding this file pop up a lot lately at different sites, different clients too. One computer had uploaded over 25gig to the internet

Ive found a lot of removal instructions but not any actual info on what it is/does etc. Is this actually a trojan??

c:\windows\CSC\d6

Edited by Orange Blossom, 09 December 2011 - 03:59 PM.
Moved to AV forum. ~ OB


BC AdBot (Login to Remove)

 


#2 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,717 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:37 AM

Posted 11 December 2011 - 06:45 AM

CSC stands for Client Side Caching and is the folder where Windows stores Offline Files (used with shares).

C:\Windows\CSC is not a trojan, this folder is part of the Windows OS.

d6 is one of the files or directories stored as an Offline File. What shares do you use?

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#3 Daffy1

Daffy1
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 13 December 2011 - 05:14 AM

oh ok many thanks, thought it was something more sinister.

Regular user shares and some database driven stuff

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,751 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:37 PM

Posted 17 December 2011 - 08:29 PM

That folder was targeted by name and sUBs has corrected this in the latest version so it no longer should be detected.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users