If You Have a Lexmark Printer, You May Also Have Lexmark Lx_CATS Spyware

The Internet Patrol default featured image
Share the knowledge

Do you have a Lexmark printer? If so, you could also have Lexmark’s Lx_CATS spyware — which Lexmark euphemistically calls “tracking software” for “reporting printer and cartridge use back to the company for survey purposes” — living on your computer, without your knowledge.

A user calling himself “Commander” has posted to the printer-focused Usenet group, comp.periphs.printers, that:

“Just the other day I purchased a new Lexmark X5250 All-in-one printer. I installed it as per the instructions and monitored the install with Norton as I do with all new software.

On reviewing the install log I noticed a program called Lx_CATS had been placed in the c:program files directory. I investigated and found a data log and an initialisation file called Lx_CATS.ini. Further investigation of this file showed that Lexmark had, without my permission, loaded a Trojan backdoor on to my computer. Furthermore, it is embedded into the system registry, so average users would likely never know it was there and active.”

Commander noticed that the spyware was programmed to surreptitiously report back to a URL, www.lxkcc1.com, every thirty days. lxkcc1.com is registered to Lexmark International, Inc..

The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.

CashApp us Square Cash app link

Venmo us Venmo link

Paypal us Paypal link

When Commander called Lexmark to demand an explanation, the company first denied that they had installed any spyware at all. Ultimately the person with whom he spoke conceded that Lexmark installs “tracking software” on their users’ computers “to report back on printer and cartridge use for survey purposes.” While the Lexmark representative avowed that they did not transmit any personal information, they also admitted that the program does transmit the printer’s serial number, which of course is registered to the user. No personal information my foot!

Rumours of the installation of spyware along with their printer software have swirled around Lexmark for several years, and posts to Usenet complaining of Lexmark spyware date from as early as 2001. Some users complain of their computer trying to connect to the Internet every time they print a document; others worry that the program is reporting not only their cartridge usage, but whether they are using non-Lexmark cartridges, or even refilling their own cartridges, thus possibly setting the stage for a denial of warranty service.

According to “Commander”, the offending files include a program file called lx_CATS, and a related .ini file, lx_CATS.ini, as well as 2 DLL files in the c:program fileslexmark500 folder.

In order to remove Lexmark’s spyware from your system, delete the file (probably in your c:program directory) called “lx_cats.exe”, and also search for and remove a file called “lx_cats.ini” (and, for that matter, any other file including the term “lx_cats”).

Get New Internet Patrol Articles by Email!

The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.

CashApp us Square Cash app link

Venmo us Venmo link

Paypal us Paypal link

 


Share the knowledge

46 thoughts on “If You Have a Lexmark Printer, You May Also Have Lexmark Lx_CATS Spyware

  1. Is it really? are they tracking the troubleshooting devices also? I have an issue with the framework and did get help from https://printerssupport.co/fix-lexmark-900-firmware-error/, however, I had to troubleshoot to do the steps, does this store any personal information in the Lexmark spyware, This really does affect the privacy and the personal identity and I really appreciate for sharing this information and making sure people are aware of it.

  2. Thanks! Great article! Out of nowhere Lexmark started pushing a web survey every time I print something. I deleted lx_cats and now I’m free at last.

  3. i was looking at the lxdicats.cfg file and i thinking if you wanted to see exactaly what they were uploading you could change the uploadurl= to a custom site and whatever the program is trying to take will be shown to you via being uploaded to the site you configured it to…idk im not very good with software but from the little i know this seems to make sense to me

  4. What the world needs is a group of white knights who, just as surreptiously as Lexmark, spread viruses that target the Lexmark programs by getting them to upload messages to Lexmark, overloading their sites, and give them such a headache that they never again contemplate of doing any such thing.

  5. hey.i dont have a lexmark printer but i still have the lx cats program file on my computer.
    my question is what is it?
    and is it good or bad to have?

    i tried 5 diff. seach eng. and all gave me crap that has nothing to do with the damn thing. i even tried bing.com…crap!

    so plz help me! your my only hope….hehehe…. plz email me punka55 at hotmail.com

  6. I have a Dell Photo 964 All-In-One and I just loaded the driver yesterday (10-23-2009) and GUESS WHAT I FOUND!? A folder called: C:Program FilesDl_cats containing two files, 8###L91.A00 which matches the Dell service tag# and dlcjCATS.INI. Inside the INI file I found UploadURL=https://www.lxkcc1.com
    When I searched the Web for this domain name I found your post.

    Thank you for helping us stay informed.

    Sincerely,
    Rex
    Zombie Wolf

  7. It is the era of informatiion gathering.
    Who do these people think they are?
    Exactly who they portray themselves to be.
    Information gatherers.

  8. Wow Anne thanks heaps.
    I came across this as I cleaned the Cdrive.Went through all the folders and there it was. I use Secunia to identify problems and on checking found the lx cats. seen it before and did not understand how it could still be there as i have removed printer.
    great article, big help cheers, have a good day

  9. So what about the dll files? which ones are they an do you get rid of them or not? I found this by accident and let me tell you I am not happy about this. I though i was buying from a reputable company and find out they are liars

  10. i have a lexmark x5495 printer, and i just had it refilled, and it wouldn’t let me print, so i read this, but i cant find any lx_cat files, i’ve checked inside the Lexmark X5400 series folder and nothing… help pleaseee….

  11. I have had problems because of this file for a long time but couldn’t figure out where it was, what it was for, or why it kept slowing my PC down. I became really concerned when McAfee kept warning me that something was connecting to the internet and that it had been allowed because it was in my “trusted” sites at about the same time that a McAfee warning kept coming on that my SystemGuard had been disabled. It happened at least six times every 5 minutes and I wasn’t doing anything to cause it. Today I carefully single clicked on the big e in the start- up menu (to make sure I didn’t accidentally start more than one connection with a double click) I got THREE Internet windows. I did it the long way because this has happened repeatedly, bogging my PC down, and I kept assuming I must have caused it by clicking more than once. Then when trying to close 2 of the IE windows down, I got the dialog box that a problem had been encountered and “whatever” had to shut down with the option to “end now”. That’s where I got the file names. Decided to do an internet search this time and so glad I found this site. Now I can get rid of the files that have been giving me and my PC fits for ages. Thank you!

  12. I had Lx_cats spyware on my PC, and it was full of porn pictures, and pictures of me and my wife!!!!! AND she works for Lexmark!!!

  13. I have Vista installed and just noticed that a second Desktop, Documents, and Favorites files. The only event that occurred was a download of lx_CATS at exactly the same time that my computer went crazy.

  14. Am I the only who likes this? It’s nice to have a program monitor my printer so I don’t have to. Plus, I can order the exact ink when mine is low, and I feel like I’m better prepared if I need technical service. It just makes things… more efficient. And unless if you have absolutely no spyware/malicious program/virus protection program(s), I doubt you are at ANY risk at all. I highly HIGHLY doubt that any of you are going to have your identity or passwords stolen because you installed a Lexmark printer. :P

  15. Oh, by the way, I forgot to mention how I found these files. I ran fprot and it found the lxcgsr9x files. On deleting them my os became very unstable and the next time I restarted my computer it wouldn’t boot. On re-installing the printer (after a long re-install of the win 98se os) AVG picked up the attempt to install the lxcgsr9x files and killed the process. Interestingly your supposed to turn off any antivirus when installing software but I’m glad I didn’t because that’s how I found out it came from Lexmark itself. It seems that the printer software is designed only to work if those files are present. So you get the lx_cats, lxcgsr9x, whether or not you want them. In fact the printer doesn’t seem to work without them. In my personal opinion, that’s nothing short of an unfair business practice, its blackmail. I’d think twice before buying any product that behaves in this manner.

  16. This problem goes farther than the cats file. Two files on my win98se computer, one called lxcgsr9x.exe and the other lxcgsr9x.ex_ are installed with the Lexmark X2330 printer. Both files are picked up by 20 out of 32 antivirus vendors as a Trojan. I’m on dialup, lxcgmon keeps getting picked up by ZoneAlarm as wanting to connect to the internet. Does Lexmark deserve any part of my 4.2kbs connection? NO. By the way, even if you opt out of lexmarks little program during the install, you still get the trojan, you still get the lx_cats, and you still get an attempt to connect to the internet by lxcgmon. There is no opting out of having your printer data collected. By the way, you can find lxcgsr9x.ex_ on the install cd itself, in the drivers folder.

  17. It’s 2007 and this sort of thing is still happening – I’m cleaning up a computer at my university help desk where i work and it’s got the same darn thing on it.

    It’s even sneakier because it doesn’t show up in the MSConfig menu where I disable startup programs – I only barely caught it by using CCleaner’s startup program utility. This sort of thing is reprehensible.

  18. Wtf man not cool but oh well u guys u got a fast comp right so why does it matter if they know how much ink we have it’s not like they are taking our passwords and posting it online right so fuck let it be if they want to just see how much we use then let them i am not going though all that troulble to get rid of it or buy a printer the lexmark all in one is great

  19. In the UK using anothers computer without permission is a consideration of the Computer Misuse Act 1990. It may be able to be used against those suppliers who have failed to notify and receive consent of the computer owner.
    Class actions are becoming popular as they give impacts to get big corps attention. Downside is you need consumer organisation and a financial motive for the required lawyers

    An EULA may notify users during install but given the length and complexity of these things they may not be recognised as fair means of getting implied consent.
    UK has the Unfair Terms in Consumer Contracts Act which may aid arguments here.

    However as we know to use any law you need energy. patience and legal support. (Some may have legal support services under your household insurance contracts)

    Data Protection Act could even apply if the data captured can be shown to be ‘personal’. This could be true if the company collects registration data with owners details which could be matched with the log data from their corporate spyware.

    Just a few top of head thoughts which may prompt others.

    Is Lexmark still part of the IBM group?

  20. in response to bob who said to see the 911 in plane site video, see the video “loose change” for a WAY MORE indepth look at the reality behind 911.

  21. I was trying to make room on my system as I have very little memory, & decided to search this file. What shit heads. This is the crap that is helping eat up what little memory I have. I am pissed. what can one do to stop this shit? I can’t afford super special high tech anti asshole software.

  22. Dell does it too! I just installed a Dell A944 printer (I think they are made by Lexmark) and in looking for something else, I discovered a directory called C:\Program Files\Dl_cats and it has an ini file (dlcdCATS.ini) that links to www.lxkcc1.com and includes the serial number of my printer.

  23. I’m outraged that Lexmark could do such a thing! You pay good money for product in trust that its going to serve you well. I doubt that any of my files would be of interest to the sticky beaks, but I am worried for the innocence of my friends and family, whom I have printed photos of. Many years ago I started locking my door at night and things progressed from there on. How can anyone expect me to show faith? I’m taking this up with the provider, lets see what they have to say about it. Furthermore I’m going to contact a lovely television program which will happily announce this. Boycott Lexmark and the rest of the ’em.

  24. Rog, wonder no more. You need look no further than this week’s news to see that Sony BMG has included software which installs a rootkit on your computer:
    https://www.theinternetpatrol.com/sony-cds-install-rootkit-on-your-computer

  25. This is disgusting.

    It makes you wonder if it’s happening in this instance just how many suppliers of other devices are using similar tactics. The list is unending and could even extend to the Software we install on our puters. We know there’s money to be made in selling lists of data to unscrupulous traders so the possibilities of this happening to each of us is unending.

    Since I’ve owned a puter the quantity of unsolicited mail in my home as increased to a level whereby we fill two “waste bins” each week. Could this be connected in any way to covert monitoring by other Hardware/Software providers? I’m probably over dramatising it here but if Lexmark have been proved to be doing it who knows who else has jumped on the bandwaggon.

    It’s surely time now for ALL computer users to make life as difficult for these people as possible by e-mailing them and registering our feelings.

  26. This is typical government control to keep the corporate empires making more money through spying on the people. If our government does this without blinking an eye, what else have they done without our knowledge? See the video “911 IN Plane Site”. It will wake you up!

  27. If you are upset about spyware, check your guarantee. My X63 guarantee states that the printer may have parts that have been refurbished to work like new.

  28. What a disgrace who the hell do lexmark think they are it the last time I use any of there products, come back epson all is forgiven.

  29. This IS despicable, but not as awful as it seems. Anyone who uses the internet without afirewall deservies what they get, and if you have a firewall simply set it to no if a piece of software you don’t know wants to use the internet.

  30. To support the post by Bogwart as evidence that almost any software out there is liable to have “usage tracking utilities” involved:
    Per the uk zdnet post:
    HP has had their own version of “spyware” out there for some time now called myPrintMileage.
    for example:
    And as described in the driver installation process:

    Also there is another response from someone that covers another good point:
    Name: Thomas Meeker
    Location: Kentucky
    Occupation: Zeldaman
    Comment: If I’m not mistaken the last time I installed Lexmark printers it does ask you if you want to participate in a program. By default it will be yes. This will install the alleged “SPYWARE” , if you would take the time in the installation process instead of clicking yes all the time you should see the question. Just click no and it will not install.

  31. I bought two years ago one Lexmarks Z55 but I don’t know if I have this perverse spyware that’s awful deshonest. I would like to know how can erase this spyware.

  32. At least Kodak tells you about their Backweb and how to disable it — IF you read the EULA.

  33. Ridiculous! When are these companies going to learn that they cannot just assume that they are free to do whatever they like with someone else’s computer. Installing printer software should not give them a right to conduct marketing research, especially without explicit user consent.

  34. Well, I guess I should thank my lucky stars that my Z42’s drivers were already built into Windows XP…

  35. Are they STILL at it? I bought a Z32 about 6 years ago and soon cottoned on to the syware content – that is what it is SPYWARE! My head hit the roof and to prove it the hole is still in the ceiling. I still have the Z32 but I wiped my hard drive clean of the filth Lexmark put there. Makes my Irish blood boil – and Irish blood boils at 30% celcius! &5##2!!x/(]+=5!!!

  36. They’re not alone. Creative installs spyware when you load their driver software, and Kodak digital cameras load a little nasty one called BackWeb, which poses as an updater. You can get rid of this stuff with AdAware and Spybot, but I think it’s abit off when reputable companies from who you have bought hardware in good faith pulls this kind of stunt, whether notified in the EULA or not.

  37. If this isn’t plainly spelled out in the End User’s License Agreement, then the practice is clearly contemptible. Not only that, just stupid, put it in the EULA and anything goes! Dumb. Dumb. Dumb.

  38. I will not but Lexmark’s anymore. Let’s all *NOT* buy from those ARROGANT ASSHOLES again. How DARE they.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.