Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cli.exe


  • Please log in to reply
7 replies to this topic

#1 Screeam

Screeam

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:01:36 AM

Posted 28 May 2007 - 02:25 PM

Dear friends

Can someone tell me how to remove cli.exe malware?

Regards

BC AdBot (Login to Remove)

 


#2 oldf@rt

oldf@rt

  • Members
  • 2,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Avondale, Arizona USA
  • Local time:11:36 PM

Posted 28 May 2007 - 02:32 PM

Are you sure that this is malware? the cli process shows up in my machine as part of the ATI video card drivers.
The name says it all -- 59 and holding permanently

**WARNING** Links I provide might cause brain damage

#3 Screeam

Screeam
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:01:36 AM

Posted 28 May 2007 - 02:39 PM

Mine is in the %system% directory.

Than is why i am relativelly positive.

#4 oldf@rt

oldf@rt

  • Members
  • 2,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Avondale, Arizona USA
  • Local time:11:36 PM

Posted 28 May 2007 - 02:45 PM

r click on the file, click properties, click the version tab, make sure that it is not an ATI file. the one that I have has clear information labelling as ATI.
The name says it all -- 59 and holding permanently

**WARNING** Links I provide might cause brain damage

#5 TMacK

TMacK

  • Members
  • 4,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:B.C. Canada
  • Local time:11:36 PM

Posted 28 May 2007 - 02:55 PM

In the Startup List scroll down to the third entry.
Is this the culprit Screeam?
Chaos reigns within.
Reflect, repent, and reboot.
Order shall return.

aaaaaaaa a~Suzie Wagner

#6 Screeam

Screeam
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:01:36 AM

Posted 28 May 2007 - 04:24 PM

TMack, can you please explain me what to do?

I do not understand.

Regards

#7 TMacK

TMacK

  • Members
  • 4,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:B.C. Canada
  • Local time:11:36 PM

Posted 28 May 2007 - 05:10 PM

Sorry Screeam, wrong link.
This is the correct one.
When the link comes up, it is not the third entry.
Scroll down to where the entry says ATICCC and you will see the corresponding entries for Cli.exe.
Chaos reigns within.
Reflect, repent, and reboot.
Order shall return.

aaaaaaaa a~Suzie Wagner

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,126 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:36 AM

Posted 29 May 2007 - 10:15 AM

Startup info on cli.exe.

Anytime you come across a suspicious file, search the name using Google, The File Database, File Research Center or the Process ID Database.

Determining whether a file is malware or a legitimate process depends on the location (path) it is running from. You can download and use Process Explorer or Glarysoft Process Manager to investigate all running processes and gather additional information to identify and resolve problems. These tools will show the process CPU usage, a description and its path location.

The Process Explorer window shows two panes by default: the upper pane is always a process list and the bottom either shows the list of DLLs loaded into the process selected in the upper pane, or the list of operating system resource handles (files, Registry keys, synchronization objects) the process has open. In the menu at the top select View > Lower Pane View to change between DLLs and Handles.

If you cannot find any information or if the file has a legitimate name but is not located where it is supposed to be, then submit it to jotti's virusscan or virustotal.com. In the "File to upload & scan" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users