1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Is my graphics card spyware?

Discussion in 'Graphics Cards' started by Dennisthemenace, 17 Jan 2006.

  1. Dennisthemenace

    Gangster

    Joined: 30 Nov 2005

    Posts: 160

    I just updated all the software and drivers for my ATI graphics card, and i'm puzzled.

    Why is it every time i fire up the new catalyst software for a tinkering it does an ET and calls 194.74.65.68

    Every time i fire it up, poof, off it goes calling home again. I can rule out any auto updating because you have to go and get the Catalyst software from them, it don't come to you. It seems to be one way traffic.

    Can someone with better knowledge of ATI and the Catalyst software please explain why it needs to ring home via a third party website every time i open up.
     
  2. v0n

    Sgarrista

    Joined: 18 Oct 2002

    Posts: 8,047

    Location: The Great Lines Of Defence

    Isn't there like news headlines or a banner in catalyst software?
     
  3. Xplo

    Wise Guy

    Joined: 20 Nov 2004

    Posts: 1,648

    Location: UK

    Try and use spybot that should get rid of any spyware try a few lesser Catalyst versions
     
  4. Dennisthemenace

    Gangster

    Joined: 30 Nov 2005

    Posts: 160

    Nope, no banners or spyware. Run Adaware, Spybot, and norton, and visited Housecall for luck.

    This is my ATI graphics card driver software, and ATI have a bloody cheek. The only thing i can think of is spyware in the drivers. The worst thing is there is no way to switch the attempted connections off except by the firewall.

    Category: Firewall
    Date,User,Message,Details
    17/01/2006 18:45:42,Supervisor,"Rule ""ATI Technologies Catalyst Control Centre"" permitted (194.74.65.68,domain(53)).","Rule ""ATI Technologies Catalyst Control Centre"" permitted (194.74.65.68,domain(53)). Outbound UDP packet. Local address,service is (DENNIS(86.137.91.241),0). Remote address,service is (194.74.65.68,domain(53)). Process name is ""C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe""."
    17/01/2006 18:45:42,Supervisor,An instance of "C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe" is preparing to access the Internet.,An instance of "C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe" is preparing to access the Internet.
    17/01/2006 18:45:33,Supervisor,"Rule ""Default Block Microsoft Windows 2000 SMB"" blocked (86.137.5.217,microsoft-ds(445)).","Rule ""Default Block Microsoft Windows 2000 SMB"" blocked (86.137.5.217,microsoft-ds(445)). Inbound TCP connection. Local address,service is (DENNIS(86.137.91.241),microsoft-ds(445)). Remote address,service is (86.137.5.217,1251). Process name is ""System""."
    17/01/2006 18:45:30,Supervisor,"Rule ""Default Block Microsoft Windows 2000 SMB"" blocked (86.137.5.217,microsoft-ds(445)).","Rule ""Default Block Microsoft Windows 2000 SMB"" blocked (86.137.5.217,microsoft-ds(445)). Inbound TCP connection. Local address,service is (DENNIS(86.137.91.241),microsoft-ds(445)). Remote address,service is (86.137.5.217,1251). Process name is ""System""."


    Lively little gits whatever they're up to
     
  5. TheLudeButler

    Associate

    Joined: 27 Oct 2005

    Posts: 37

    That IP is a BT DNS Server. Is BT your ISP?
     
  6. Boogle

    Mobster

    Joined: 17 Oct 2002

    Posts: 4,505

    Location: GREAT Britain

    These are the two lines that are important:

    17/01/2006 18:45:42,Supervisor,"Rule ""ATI Technologies Catalyst Control Centre"" permitted (194.74.65.68,domain(53)).","Rule ""ATI Technologies Catalyst Control Centre"" permitted (194.74.65.68,domain(53)). Outbound UDP packet. Local address,service is (DENNIS(86.137.91.241),0). Remote address,service is (194.74.65.68,domain(53)). Process name is ""C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe""."
    17/01/2006 18:45:42,Supervisor,An instance of "C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe" is preparing to access the Internet.,An instance of "C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe" is preparing to access the Internet.

    The other two are standard Windows filesharing, another computer was trying to access your shares (if any) and was rightfully blocked by your firewall. As for the ATI thing, I don't know. It could be trying to check if you have the latest drivers, or it could be more sinister and sending usage data.

    No spyware apps will pick this up btw - the file thats doing the work is the .NET version of the Java Virtual Machine. Basically its a legit file, and Internet access is a standard capability. How that Internet access is used is the potentially dangerous part.
     
  7. Dennisthemenace

    Gangster

    Joined: 30 Nov 2005

    Posts: 160

    It gets more sinister. The whole firewall log is down to one action, firing up ATI's Catalyst Control Centre, even the incoming stuff. I cleared the log three times and repeated it. I'm building two systems at the moment, and boy am i glad the firewall alarmed out before i went shopping for a couple of cards.

    Untill ATI can come up with a reasonable excuse i think i'll treat their products like i would the lurgy, and avoid them at all costs. Pitty about that, i think their latest cards are awsome.
     
  8. ns400r

    Mobster

    Joined: 23 Apr 2004

    Posts: 3,577

    Location: UK, Near the middle......

    It's a DNS server it's trying to contact. A BT one.

    **Ooops, beaten to it.**

    Nothing "sinister" though.
     
  9. Hades

    Capodecina

    Joined: 19 Oct 2002

    Posts: 24,966

    Location: Surrey

    Found this on ATI's site:

    http://www.ati.com/products/catalystcontrolcenter/faq.html#10

    Although hat seems to indicate that it doesn't try to communicate outside of your network.
     
  10. Dennisthemenace

    Gangster

    Joined: 30 Nov 2005

    Posts: 160

    194.74.65.68 is well outside my stand alone computer, and CLI.exe tried to jump ship more than once.
     
  11. ns400r

    Mobster

    Joined: 23 Apr 2004

    Posts: 3,577

    Location: UK, Near the middle......

    If your PC is on the internet it's far from a "standalone" system. It's part of the worlds largest network.
    It's a 'network' (.net) application and as such it's querying your DNS server to lookup the IP address of your system. ( (DENNIS(86.137.91.241),0). )