If You Have a Lexmark Printer, You May Also Have Lexmark Lx_CATS Spyware 11/11/2004 - 16,244 views, 35 Comments
|
Previous Article « Gmail for Outlook and Other POP Clients
Read Next Article » Microsoft Claims Rights to All Internet Protocols
Do you have a Lexmark printer? If so, you could also have Lexmark’s Lx_CATS spyware — which Lexmark euphemistically calls “tracking software” for “reporting printer and cartridge use back to the company for survey purposes” — living on your computer, without your knowledge. A user calling himself “Commander” has posted to the printer-focused Usenet group, comp.periphs.printers, that:
“Just the other day I purchased a new Lexmark X5250 All-in-one printer. I installed it as per the instructions and monitored the install with Norton as I do with all new software. On reviewing the install log I noticed a program called Lx_CATS had been placed in the c:program files directory. I investigated and found a data log and an initialisation file called Lx_CATS.ini. Further investigation of this file showed that Lexmark had, without my permission, loaded a Trojan backdoor on to my computer. Furthermore, it is embedded into the system registry, so average users would likely never know it was there and active.”
Commander noticed that the spyware was programmed to surreptitiously report back to a URL, www.lxkcc1.com, every thirty days. lxkcc1.com is registered to Lexmark International, Inc.. When Commander called Lexmark to demand an explanation, the company first denied that they had installed any spyware at all. Ultimately the person with whom he spoke conceded that Lexmark installs “tracking software” on their users’ computers “to report back on printer and cartridge use for survey purposes.” While the Lexmark representative avowed that they did not transmit any personal information, they also admitted that the program does transmit the printer’s serial number, which of course is registered to the user. No personal information my foot! Rumours of the installation of spyware along with their printer software have swirled around Lexmark for several years, and posts to Usenet complaining of Lexmark spyware date from as early as 2001. Some users complain of their computer trying to connect to the Internet every time they print a document; others worry that the program is reporting not only their cartridge usage, but whether they are using non-Lexmark cartridges, or even refilling their own cartridges, thus possibly setting the stage for a denial of warranty service. According to “Commander”, the offending files include a program file called lx_CATS, and a related .ini file, lx_CATS.ini, as well as 2 DLL files in the c:program fileslexmark500 folder. In order to remove Lexmark’s spyware from your system, delete the file (probably in your c:program directory) called “lx_cats.exe”, and also search for and remove a file called “lx_cats.ini” (and, for that matter, any other file including the term “lx_cats”). Recommended reading:
Previous Article « Gmail for Outlook and Other POP Clients
Read Next Article » Microsoft Claims Rights to All Internet Protocols
|
|
Email the link for this page to a friend! |
Read more:
» Amazon’s New Video Download Service Amazon Unbox Hijacks Your Internet Connection
» EFF Proves Secret Embedding of Machine Identification Codes in Xerox Printer Output
» Printer Helps Catch Counterfeit Money Ring
» One Last Windows Security Patch for the Week
For additional similar stories check out our archives on Reviews, Scams, Security, Spyware & Adware
If You Have a Lexmark Printer, You May Also Have Lexmark Spyware
Do you have a Lexmark printer? If so, you could also have Lexmark spyware ? which Lexmark euphemistically calls ?tracking software? for ?reporting printer and cartridge use back to the company for survey purposes? ? living on your computer, without…
Trackback by Lockergnome's Windows Fanatics — 11/11/2004 @ 11:39 pm
I will not but Lexmark’s anymore. Let’s all *NOT* buy from those ARROGANT ASSHOLES again. How DARE they.
Comment by Peter — 11/12/2004 @ 7:58 pm
If this isn’t plainly spelled out in the End User’s License Agreement, then the practice is clearly contemptible. Not only that, just stupid, put it in the EULA and anything goes! Dumb. Dumb. Dumb.
Comment by SomeTwit — 11/12/2004 @ 9:28 pm
OK, so how do we get rid of it if we have it? Is simple deletion enough?
Comment by Brenda — 11/13/2004 @ 4:41 am
tell me how to delet this spyware in my Lexmark printer
Comment by Bob — 11/13/2004 @ 5:23 am
They’re not alone. Creative installs spyware when you load their driver software, and Kodak digital cameras load a little nasty one called BackWeb, which poses as an updater. You can get rid of this stuff with AdAware and Spybot, but I think it’s abit off when reputable companies from who you have bought hardware in good faith pulls this kind of stunt, whether notified in the EULA or not.
Comment by Bogwart — 11/13/2004 @ 5:46 am
Are they STILL at it? I bought a Z32 about 6 years ago and soon cottoned on to the syware content - that is what it is SPYWARE! My head hit the roof and to prove it the hole is still in the ceiling. I still have the Z32 but I wiped my hard drive clean of the filth Lexmark put there. Makes my Irish blood boil - and Irish blood boils at 30% celcius! &5##2!!x/(]+=5!!!
Comment by Bob Bowen — 11/13/2004 @ 6:06 am
Well, I guess I should thank my lucky stars that my Z42’s drivers were already built into Windows XP…
Comment by codeman38 — 11/13/2004 @ 10:09 am
I hate being one of Lexmark’s little test pigletts.
Rakdragon1941
Comment by Richard Kearney — 11/13/2004 @ 10:29 am
Does anybody know if the Dell printers made by lexmark has thi stuff installed?
Comment by loopdogg69 — 11/13/2004 @ 10:56 am
Ridiculous! When are these companies going to learn that they cannot just assume that they are free to do whatever they like with someone else’s computer. Installing printer software should not give them a right to conduct marketing research, especially without explicit user consent.
Comment by Cimarron — 11/13/2004 @ 4:40 pm
At least Kodak tells you about their Backweb and how to disable it — IF you read the EULA.
Comment by Anonymous — 11/14/2004 @ 5:23 am
I bought two years ago one Lexmarks Z55 but I don’t know if I have this perverse spyware that’s awful deshonest. I would like to know how can erase this spyware.
Comment by JOSE BARBOSA — 11/14/2004 @ 12:45 pm
To support the post by Bogwart as evidence that almost any software out there is liable to have “usage tracking utilities” involved:
Per the uk zdnet post:
HP has had their own version of “spyware” out there for some time now called myPrintMileage.
for example: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00033868
And as described in the driver installation process: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00034485
Also there is another response from someone that covers another good point:
Name: Thomas Meeker
Location: Kentucky
Occupation: Zeldaman
Comment: If I’m not mistaken the last time I installed Lexmark printers it does ask you if you want to participate in a program. By default it will be yes. This will install the alleged “SPYWARE” , if you would take the time in the installation process instead of clicking yes all the time you should see the question. Just click no and it will not install.
Comment by ChuckieZ — 11/15/2004 @ 1:10 pm
This IS despicable, but not as awful as it seems. Anyone who uses the internet without afirewall deservies what they get, and if you have a firewall simply set it to no if a piece of software you don’t know wants to use the internet.
Comment by Carl Price — 11/16/2004 @ 3:15 pm
What a disgrace who the hell do lexmark think they are it the last time I use any of there products, come back epson all is forgiven.
Comment by peter — 11/17/2004 @ 11:46 am
If you are upset about spyware, check your guarantee. My X63 guarantee states that the printer may have parts that have been refurbished to work like new.
Comment by Mike — 11/23/2004 @ 4:24 pm
So what.
Comment by Gary — 12/6/2004 @ 8:02 pm
This is typical government control to keep the corporate empires making more money through spying on the people. If our government does this without blinking an eye, what else have they done without our knowledge? See the video “911 IN Plane Site”. It will wake you up!
Comment by Bob — 10/21/2005 @ 5:05 am
This is disgusting.
It makes you wonder if it’s happening in this instance just how many suppliers of other devices are using similar tactics. The list is unending and could even extend to the Software we install on our puters. We know there’s money to be made in selling lists of data to unscrupulous traders so the possibilities of this happening to each of us is unending.
Since I’ve owned a puter the quantity of unsolicited mail in my home as increased to a level whereby we fill two “waste bins” each week. Could this be connected in any way to covert monitoring by other Hardware/Software providers? I’m probably over dramatising it here but if Lexmark have been proved to be doing it who knows who else has jumped on the bandwaggon.
It’s surely time now for ALL computer users to make life as difficult for these people as possible by e-mailing them and registering our feelings.
Comment by Rog — 11/10/2005 @ 5:36 am
Rog, wonder no more. You need look no further than this week’s news to see that Sony BMG has included software which installs a rootkit on your computer:
http://www.theinternetpatrol.com/sony-cds-install-rootkit-on-your-computer
Comment by Aunty Spam — 11/10/2005 @ 5:54 am
I’m outraged that Lexmark could do such a thing! You pay good money for product in trust that its going to serve you well. I doubt that any of my files would be of interest to the sticky beaks, but I am worried for the innocence of my friends and family, whom I have printed photos of. Many years ago I started locking my door at night and things progressed from there on. How can anyone expect me to show faith? I’m taking this up with the provider, lets see what they have to say about it. Furthermore I’m going to contact a lovely television program which will happily announce this. Boycott Lexmark and the rest of the ‘em.
Comment by Georgina — 12/25/2005 @ 3:26 am
Dell does it too! I just installed a Dell A944 printer (I think they are made by Lexmark) and in looking for something else, I discovered a directory called C:\Program Files\Dl_cats and it has an ini file (dlcdCATS.ini) that links to http://www.lxkcc1.com and includes the serial number of my printer.
Comment by Ellen — 2/22/2006 @ 1:48 pm
I was trying to make room on my system as I have very little memory, & decided to search this file. What shit heads. This is the crap that is helping eat up what little memory I have. I am pissed. what can one do to stop this shit? I can’t afford super special high tech anti asshole software.
Comment by kerri — 5/20/2006 @ 7:38 pm
in response to bob who said to see the 911 in plane site video, see the video “loose change” for a WAY MORE indepth look at the reality behind 911.
Comment by dennis — 9/10/2006 @ 1:00 pm
In the UK using anothers computer without permission is a consideration of the Computer Misuse Act 1990. It may be able to be used against those suppliers who have failed to notify and receive consent of the computer owner.
Class actions are becoming popular as they give impacts to get big corps attention. Downside is you need consumer organisation and a financial motive for the required lawyers
An EULA may notify users during install but given the length and complexity of these things they may not be recognised as fair means of getting implied consent.
UK has the Unfair Terms in Consumer Contracts Act which may aid arguments here.
However as we know to use any law you need energy. patience and legal support. (Some may have legal support services under your household insurance contracts)
Data Protection Act could even apply if the data captured can be shown to be ‘personal’. This could be true if the company collects registration data with owners details which could be matched with the log data from their corporate spyware.
Just a few top of head thoughts which may prompt others.
Is Lexmark still part of the IBM group?
Comment by David — 1/12/2007 @ 7:40 am
Wtf man not cool but oh well u guys u got a fast comp right so why does it matter if they know how much ink we have it’s not like they are taking our passwords and posting it online right so fuck let it be if they want to just see how much we use then let them i am not going though all that troulble to get rid of it or buy a printer the lexmark all in one is great
Comment by Frank — 1/20/2007 @ 7:26 am
It’s 2007 and this sort of thing is still happening - I’m cleaning up a computer at my university help desk where i work and it’s got the same darn thing on it.
It’s even sneakier because it doesn’t show up in the MSConfig menu where I disable startup programs - I only barely caught it by using CCleaner’s startup program utility. This sort of thing is reprehensible.
Comment by christine — 1/22/2007 @ 12:25 pm
This problem goes farther than the cats file. Two files on my win98se computer, one called lxcgsr9x.exe and the other lxcgsr9x.ex_ are installed with the Lexmark X2330 printer. Both files are picked up by 20 out of 32 antivirus vendors as a Trojan. I’m on dialup, lxcgmon keeps getting picked up by ZoneAlarm as wanting to connect to the internet. Does Lexmark deserve any part of my 4.2kbs connection? NO. By the way, even if you opt out of lexmarks little program during the install, you still get the trojan, you still get the lx_cats, and you still get an attempt to connect to the internet by lxcgmon. There is no opting out of having your printer data collected. By the way, you can find lxcgsr9x.ex_ on the install cd itself, in the drivers folder.
Comment by Greg — 11/15/2007 @ 5:09 am
Oh, by the way, I forgot to mention how I found these files. I ran fprot and it found the lxcgsr9x files. On deleting them my os became very unstable and the next time I restarted my computer it wouldn’t boot. On re-installing the printer (after a long re-install of the win 98se os) AVG picked up the attempt to install the lxcgsr9x files and killed the process. Interestingly your supposed to turn off any antivirus when installing software but I’m glad I didn’t because that’s how I found out it came from Lexmark itself. It seems that the printer software is designed only to work if those files are present. So you get the lx_cats, lxcgsr9x, whether or not you want them. In fact the printer doesn’t seem to work without them. In my personal opinion, that’s nothing short of an unfair business practice, its blackmail. I’d think twice before buying any product that behaves in this manner.
Comment by Greg — 11/15/2007 @ 5:28 am
[…] immediately tossed that URL in Google and found a number of hits regarding it. Here’s the top hit. Long story short, the nifty wireless printer I bought from Lexmark installs software along with it […]
Pingback by Bandemax DOT net » Beware CATS That Take Up Residence — 4/13/2008 @ 12:36 pm
Am I the only who likes this? It’s nice to have a program monitor my printer so I don’t have to. Plus, I can order the exact ink when mine is low, and I feel like I’m better prepared if I need technical service. It just makes things… more efficient. And unless if you have absolutely no spyware/malicious program/virus protection program(s), I doubt you are at ANY risk at all. I highly HIGHLY doubt that any of you are going to have your identity or passwords stolen because you installed a Lexmark printer. :P
Comment by Chris — 4/24/2008 @ 10:44 pm
[…] you have a Lexmark printer? If so, you could also have Lexmark’s Lx_CATS spyware — which Lexmark euphemistically calls […]
Pingback by First Sony installs spyware, now Lexmark does. « Oink Ink Store’s Weblog — 7/15/2008 @ 11:25 am
I have Vista installed and just noticed that a second Desktop, Documents, and Favorites files. The only event that occurred was a download of lx_CATS at exactly the same time that my computer went crazy.
Comment by Bob — 7/30/2008 @ 9:44 pm
I had Lx_cats spyware on my PC, and it was full of porn pictures, and pictures of me and my wife!!!!! AND she works for Lexmark!!!
Comment by JJ — 9/4/2008 @ 10:27 am