1
0
Anybody has an idea what is this file?
ctapi_out_gr.txt
I found this on my C:\ and it has 0b size. Not sure what it is, as it was been created last 6.1.2011
Is this spyware?
tintincutes
Posted 2011-01-17T00:24:18.357
Reputation: 1 087
what is this file: ctapi_out_gr.txt
Answers
1
First of all it's just a text file, and a text file wouldn't be dangerous by it self. We can't say (for sure) how this file has been created by just knowing its name. Anyways, here are a few suggestions to make sure that the file is not dangerous:
Check Alternate Data Streams(ADS):
In ntfs file system, forks are known as Alternate Data Streams. ADS's are often used to store things such as Author Info, Title, Image Thumbnails, etc. Microsoft introduced the Attachment Execution Service with Service Pack 2 for Windows XP. It uses ADS's to store and retrieve information related to the origin of downloaded files, in an effort to protect users from downloaded files that may present a risk. It has also been seen that viruses and other types of malware are being placed there as well. The crux of the matter is that these streams will not be revealed using normal viewing methods.
So chances are that a malware is hidden behind this file even though the file size is 0KB. You can use this application to view ADS's. Fortunately most anti-malware software packages check ADS's and detect known malware hidden beneath those files.
Check handles:
It's a good idea to check handles to that file to know which program has opened this file. ProcessExplorer can show what file handles each process has opened.
Check file system activities related to this file:
Process Monitor is an advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity.
Check your system with an Anti-Malware application.
Leave it be :)
Perhaps the file is just a left over or a temporary file created by other applications. After the checks above, you should be able to decide more confidently.
I my self would just delete the file and carry on living until the file is recreated or I see something strange about it.
fardjad
Posted 2011-01-17T00:24:18.357
Reputation: 289
2
Do you have a smart card reader, SIM card reader or similar installed? If you do, the file is probably related to a driver for this.
CTAPI is a standard for smart cards.
Colin Pickard
Posted 2011-01-17T00:24:18.357
Reputation: 6 774
Not that I know of. I guess I don't have – tintincutes – 2011-02-09T20:33:45.517
1
I get this when updating Ad-Aware. I have erased it to no effect.
Not sure if it is a Lavasoft or merely Ad-Aware issue.
Here is someone else with the same file. LINK
Stanley Williams
Posted 2011-01-17T00:24:18.357
Reputation: 4 324
what is ad-aware? – tintincutes – 2011-01-17T01:20:17.247
Anti-Spyware software from Lavasoft. – Stanley Williams – 2011-01-17T01:22:21.177
hmm i am not sure if i have lavasoft. i think i don't have. what does this software do? – tintincutes – 2011-01-17T03:01:25.037
@tintincute Ad-Aware is name of the program, Lavasoft is the company. The program looks for spyware/arware on the computer and deletes it. If you don't have it, it could be that some spyware is trying to pass itself as Ad-Aware. – AndrejaKo – 2011-01-17T03:38:46.150
@AndrejaKo: Does that means someone install something on my laptop? is this some kind of keylogger? – tintincutes – 2011-01-25T09:04:17.123
@tintincute Here's an article on the program. As for the second part, I can't know that. If you didn't install it, then probably someone else did.
– AndrejaKo – 2011-01-25T13:14:11.3201
According to this Italian thread file ctapi_out_gr.txt 0 bytes in C:, the translated text says :
I confirm, it is the Thesaurus of Office.
I tried to look up a word in the thesaurus in Word 2007 and the file has come back right at that moment.
harrymc
Posted 2011-01-17T00:24:18.357
Reputation: 306 093
so what does that mean? So this is an association of Word 2007? So this is not a virus or keylogger or whatever? – tintincutes – 2011-01-25T10:13:02.387
4Better test this answer by deleting the file, using Word's Thesaurus, and seeing if it comes back. If that's the case, then this is not a virus or any danger : Just Word creating an unused temporary file and forgetting to delete it. – harrymc – 2011-01-25T10:17:30.043
Something it's very good at :) – Tobias Plutat – 2011-01-28T08:42:09.410
I deleted the file then it didn't go back. Does that mean it was a virus? I also did some check in my system, virus scan kaspersky and so far no record of dangers. – tintincutes – 2011-02-22T09:04:32.980
I don't believe this is a virus. Did you go into Word and try to use the Thesaurus ? Because this is what is supposed to cause this file. – harrymc – 2011-02-22T09:12:19.583
Thanks so much for this advice. I will try to do this and let you know how it goes. Thanks :-) – tintincutes – 2011-02-09T15:56:05.603
Hi just quick question, what is ADS for? – tintincutes – 2011-02-13T21:37:30.343
For example
Alternate Data Streamscan be used to store thumbnails for some file types byWindowsinNTFSfile systems. – fardjad – 2011-02-14T09:36:00.793