> Spyware Encyclopedia Page 35 > Cafeini

Cafeini removal

Spyware Cafeini Information
Name: Cafeini Category: RAT Author: Brain Storm Coded in: C++ Dangerous: Yes

Cafeini is RAT - spyware.
Small, fast trojan that can kill over 20 Windows AV products, doesn´t install to registry, & provides remote control. One button click opens the CD-ROM door on 10 remote machines at once. Can kill anti-virus tools. Telnet can be used as client. Special features: notify, registry, keyboard, files, process, windows, mouse, FTP, redirector, cool screenfun, multitasking. New features include uninstall, nopassword, cursorcircle, setpriority. Works in English or Polish. Recognizes Win ME. Kills new anti-backdoors. [doesn´t stop Anti-Spyware Software!]. You should remove it from your system as soon as possible.

Cafeini description by Brain Storm:

Vendor: ´1. Why CAFEiNi is better than other backdoors (like NetBus): -can kill more than 30 Windows antiviruses & antibackdoors from memory -automatic update of server by http -doesn´t install itself into registry (when can or install under random name) -written in Visual C++ (smaller & faster than Delphi) -you can control remote computer by telnet (eg. from Unix) -works on Windows 95/98/ME & also Windows NT/2000 -with CAFEiNiclient you can control multiple computers (eg. open CD-ROM doors on 10 computers with one button click) -full multitasking (eg. you can upload & download any file in one time from multiple computers) -some new backdoors commands (especially with desktop) -client is very easy to use, like old good Netbus 1.x -includes configurator for server (edit server)´ CAFEiNi 1.0: CAFEiNi server: -you can change settings for CAFEiNi server before install (by "CAFEiNi configurator") -new option: UNINSTALL - completly removes CAFEiNi server from system -new option: CURSORCIRCLE - cursor makes circles with specified size -new option: NOPASSWORD - removes password for access to server -new option: SETPRIORITY - changes process priority -new version of commands MONITOR ON,MONITOR OFF,ANNOYMONITOR (thanx to Ohmen) -addition: command INFO recognizes also CPU speed in MHz (thanx to Ohmen) -more data about victim (modem, keyboard) -kills new antibackdoors: Trojan B´ Gone, Protector2K, BackWork, Tauscan, AntiTrojan -you can choose between english & polish language (commands ENG & PL) -automatic detect of language -command MAIL didn´t work with some SMTP servers, fixed -recognizes Windows Millennium Edition -some bugs removed CAFEiNi client: -new option: Mouse manager/Make circles - cursor makes circles with specified size -new option: Process manager/Change priority -addition: Info manager shows also CPU speed in MHz (thanx to Ohmen) -more data about victim (modem, keyboard) -you can choose between english & polish language (in Config manager) -automatic detect of language -some bugs removed CAFEiNi configurator: -1st public release VERSION 1.1 (06.09.2000) CAFEiNi server: -new commands for chat with servers user: CHATSAY, CHATEND -new commands for system access policy: DISPLAYAPPEARANCEPAGE, DISPLAYBACKGROUNDPAGE, DISPLAYPROPERTIES, DISPLAYSAVERPAGE, DISPLAYSETTINGSPAGE, DOSPROMPT, NETWORKPROPERTIES, PASSWORDPROPERTIES, REGISTRYTOOLS, STARTMENUFIND, STARTMENURUN, STARTMENUSETTINGS, SYSTEMCONFIGPAGE, SYSTEMDEVICEPAGE -new command: HANGUP - disconnects all active modem connections -new command: STARTPAGE - changes Explorers & Navigators start page to URL -new command: RECYCLEBINNAME - changes Recycle Bins name (on desktop) -new command: OPENMAILER - opens default mail application with receivers email & subject -more data about victim (DirectX version, Internet Explorer version, UIN) -command INFO ("installed on host:") tries show now full DNS (with domain) -eliminated troubles when server installs self under "rundll32.exe" CAFEiNi client: -new manager: Chat window - chat with servers person (he can not end chat) -new manager: Policy editor - manager for system access policy -new commands: Fun manager/Dialog editor -new commands: Fun manager/Get start page, Fun Manager/Set start page -new commands: Fun manager/Get Recycle bins name, Fun Manager/Set Recycle bins name -Fun Manager/Open mail application can specify receivers email -more data about victim (DirectX version, Internet Explorer version, UIN) -Info manager/"installed on host" tries show now full DNS (with domain) CAFEiNi configurator: -not changed

This RAT is also known as:

•Backdoor.Cafeini.08.
• Backdoor.Cafeini.09.
• Backdoor.Cafeini.10.
• Backdoor.Cafeini.11.

>> Delete Cafeini automatically - Download Spyware Doctor

Cafeini Removal Instructions
Kill the following processes 196.exe, cafe08pl.exe, cafeclnt.exe, cafeini.exe, cafeiniclient.exe, cafeiniconfig.exe
Remove the following files 196.exe, achates.html, cafe08pl.exe, cafeclnt.exe, cafeini.exe, cafeiniclient.exe, cafeiniconfig.exe, file_id.diz, info.txt, info_pl.txt, whatsnew.txt.

Bookmark Cafeini page

Previous Spyware: Remove CaesarCrypt 1.0

Next Spyware: Remove Cafeini 0.8