Fighting Spyware, Malware and Adware one File at a Time.
Navigation Links

Database of Spyware Home

About the Project

View the Database

Forums

Database of Spyware Site Map

Terms of Use

Cafeini

Overview

Summary

 

Small, fast trojan that can kill over 20 Windows AV products,doesn't install to registry, and provides remote control.One button click opens the CD-ROM door on 10 remote machinesat once. Can kill anti-virus tools. Telnet can be used asclient. Special features: notify, registry, keyboard, files,process, windows, mouse, FTP, redirector, cool screenfun,multitasking.

New features include uninstall, nopassword, cursorcircle,setpriority. Works in English or Polish. Detects Win ME. Killsnew anti-backdoors. (doesn't stop PestPatrol!).

Vendor Description

 From the doc: '1. Why CAFEiNi is better than other backdoors (like NetBus): -can kill more than 30 Windows antiviruses and antibackdoors from memory -automatic update of server by http -doesn't install itself into registry (when can or install under random name) -written in Visual C++ (smaller and faster than Delphi) -you can control remote computer by telnet (eg. from Unix) -works on Windows 95/98/ME and also Windows NT/2000 -with CAFEiNiclient you can control multiple computers (eg. open CD-ROM doors on 10 computers with one button click) -full multitasking (eg. you can upload and download files in one time from multiple computers) -some new backdoors commands (especially with desktop) -client is very easy to use, like old good Netbus 1.x -includes configurator for server (edit server)'

CAFEiNi 1.0: CAFEiNi server:
-you can change settings for CAFEiNi server before install (by "CAFEiNi configurator")
-new option: UNINSTALL - completly removes CAFEiNi server from system
-new option: CURSORCIRCLE - cursor makes circles with specified size
-new option: NOPASSWORD - removes password for access to server
-new option: SETPRIORITY - changes process priority
-new version of commands MONITOR ON,MONITOR OFF,ANNOYMONITOR (thanx to Ohmen)
-addition: command INFO detects also CPU speed in MHz (thanx to Ohmen)
-more information about victim (modem, keyboard)
-kills new antibackdoors: Trojan B' Gone, Protector2K, BackWork, Tauscan, AntiTrojan
-you can choose between english and polish language (commands ENG and PL)
-automatic detect of language
-command MAIL didn't work with some SMTP servers, fixed
-detects Windows Millennium Edition
-some bugs removed

CAFEiNi client:
-new option: Mouse manager/Make circles - cursor makes circles with specified size
-new option: Process manager/Change priority
-addition: Info manager shows also CPU speed in MHz (thanx to Ohmen)
-more information about victim (modem, keyboard)
-you can choose between english and polish language (in Config manager)
-automatic detect of language
-some bugs removed

CAFEiNi configurator:
-first public release

VERSION 1.1 (06.09.2000)
CAFEiNi server:
-new commands for chat with servers user: CHATSAY, CHATEND
-new commands for system access policy: DISPLAYAPPEARANCEPAGE, DISPLAYBACKGROUNDPAGE,DISPLAYPROPERTIES, DISPLAYSAVERPAGE, DISPLAYSETTINGSPAGE, DOSPROMPT, NETWORKPROPERTIES,PASSWORDPROPERTIES, REGISTRYTOOLS, STARTMENUFIND, STARTMENURUN, STARTMENUSETTINGS,SYSTEMCONFIGPAGE, SYSTEMDEVICEPAGE
-new command: HANGUP - disconnects all active modem connections
-new command: STARTPAGE - changes Explorers and Navigators start page to URL
-new command: RECYCLEBINNAME - changes Recycle Bins name (on desktop)
-new command: OPENMAILER - opens default mail program with receivers email and subject
-more information about victim (DirectX version, Internet Explorer version, UIN)
-command INFO ("installed on host:") tries show now full DNS (with domain)
-eliminated troubles when server installs self under "rundll32.exe"

CAFEiNi client:
-new manager: Chat window - chat with servers user (he can't end chat)
-new manager: Policy editor - manager for system access policy
-new commands: Fun manager/Dialog editor
-new commands: Fun manager/Get start page, Fun Manager/Set start page
-new commands: Fun manager/Get Recycle bins name, Fun Manager/Set Recycle bins name
-Fun Manager/Open mail program can specify receivers email
-more information about victim (DirectX version, Internet Explorer version, UIN)
-Info manager/"installed on host" tries show now full DNS (with domain)
CAFEiNi configurator:
-not changed

Alias

 Backdoor.Cafeini.08, Backdoor.Cafeini.09, Backdoor.Cafeini.10, Backdoor.Cafeini.11,

Category

 RAT: A Remote Administration Tool, or RAT, is a Trojan that when run, provides an attacker with the capability of remotely controlling a machine via a ""client"" in the attacker's machine, and a ""server"" in the victim's machine. Examples include Back Orifice, NetBus, SubSeven, and Hack'a'tack. What happens when a server is installed in a victim's machine depends on the capabilities of the trojan, the interests of the attacker, and whether or not control of the server is ever gained by another attacker -- who might have entirely different interests. Infections by remote administration Trojans on Windows machines are becoming as frequent as viruses. One common vector is through File and Print Sharing, when home users inadvertently open up their system to the rest of the world. If an attacker has access to the hard-drive, he/she can place the trojan in the startup folder. This will run the trojan the next time the user logs in. Another common vector is when the attacker simply e-mails the trojan to the user along with a social engineering hack that convinces the user to run it against their better judgment.

Variants

   Cafeini 0.8 ·  Cafeini 0.9 ·  Cafeini 1.0 ·  Cafeini 1.1 ·
 

Origins

 

Author

 Brain Storm

Others By This Author

  BrainSpy · BrainSpy Beta · Cafeini 0.8 · Cafeini 0.9 · Cafeini 1.0 · Cafeini 1.1 · CuteFTP Recovery · Fireball · Logged 1.0 ·

Group

 Electronic Souls

Others By This Group

 BrainSpy· BrainSpy Beta· Cafeini 0.8· Cafeini 0.9· Cafeini 1.0· Cafeini 1.1· CuteFTP Recovery· Fireball· Logged 1.0·

Programming Language

 C++

Date of Origin

 Variants from January, 2000 to November, 2001

Place of Origin

 Poland
 

Detection and Removal

Manual Removal

 Follow these steps to remove Cafeini from your machine. Begin by backing up your registry and your system, and/or setting a Restore Point, to prevent trouble if you make a mistake.

 Stop Running Processes:

Kill these running processes with Task Manager:



Remove Files:

Remove these files (if present) with Windows Explorer:



 
Cabronator3.Kill.beta3  Caca.390  CacheC  CachedPasswordandDialUpRipper  CaesarCrypt1.0  Cafeini  Cafeini0.8  Cafeini0.9  Cafeini1.0  Cafeini1.1  
 
Site Map 2006 © Copyright DatabaseofSpyware.com. All rights reserved. Terms of Use
Another Proud Thor Schrock Development