Results 1 to 7 of 7

Thread: Zero length 'files/program' in Program Control Programs list

  1. #1
    fjordanrr Guest

    Default Zero length 'files/program' in Program Control Programs list

    People,

    I'm using ZASS 7.0.362.000 on WinXP Pro with SP2.

    Recently, I've been seeing 'zero-length' files/programs/dlls in the programs list. When I tried deleting some of them from the list, they came back! So what I've done is use the 'Kill' status option and left them in the list.

    What I would like to know is where these files are coming, what I can do to prevent them from showing up. Are they results of viral/spyware infection? I have a few spyware removal tools and the only virus removal tool I have at the moment is ZoneAlarm. I had been using Norton's antivirus program, but I had issues with their Systemworks and remove everything I had from Symantec from my system r at least tried.

    So, if anyone has any ideas about the 'zero-length' files and where they might coming from would be helpful!

    Frank Jordan

    Operating System:Windows XP Pro
    Software Version:7.0
    Product Name:ZoneAlarm Internet Security Suite

  2. #2
    naivemelody Guest

    Default Re: Zero length 'files/program' in Program Control Programs list

    I used a google search and found this - http://www.daube.ch/share/win06.html
    . you may want to investigate further for more info.
    I used siteadvisor with my search; beware some of the sites/results should be avoided - get the free
    www.siteadvisor.com if you don't already have it.<hr>:8}NaiveMelody NYC 7-28-07 - The Horse - Cliff Nobles &amp; Co.

  3. #3
    fjordanrr Guest

    Default Re: Zero length 'files/program' in Program Control Programs list

    Thanks for that info.

    I should have given or try to give the names of some of the file I was referring to.

    Some of the names I can't type here since they are not in the normal ASCII set of the font used in the Programs list. one just show a '(square)' for the name, another a '0(square)'. Another is just '.com' and another is just the word 'acion'. There is also '_RegDLL.tmp' and 'koos.exe'. There are some others that might from activity as suggested by the site you referred me to such as 'oleacc.dll' and ' rasadlhlp.dll'. Two others are 'winmm.dll' and 'wldap32.dll'

    It just worries me since recently I had to remove ZoneAlarm to check on a problem I was having and after I reinstalled it these zero-length files reappeared after a few days. I'm just wondering if anyone out there might be aware of activity such as this!

    Thanks for any help,

    Frank Jordan

  4. #4
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: Zero length 'files/program' in Program Control Programs list

    koos.exe is malware.

    I suggest you scan the PC with the AV and the AS ASAP.

    The download and update and run all of these freeware versions to help clean the PC:

    http://www.superantispyware.com/

    http://www.emsisoft.com/en/software/free/

    http://www.majorgeeks.com/RogueRemover_Free_d5360.html

    There maybe a rootkit involved. This means trouble.

    You could try some freeware rootkit scanners.

    http://www.f-secure.com/blacklight/

    http://free.grisoft.com/doc/download...otkit/us/frt/0

    Further more. Please save all scan results. After each scan and clean is done, then start in the safe mode and rescan again. Save all scan results once again.

    Then immediately go to castlecops and post the HJT (hijack this) scan results at here>

    http://www.castlecops.com/f67-Hijack...ans_Oh_My.html

    The HJT and saved scan results will be helpful to them. They will more than likely have another scanner to install and again you will post the scan's results.

    The HJT is free. They are trained experts in the area of all malware removal. Excellent results for the user community by the volunteers.

    Oldsod
    Best regards.
    oldsod

  5. #5
    fjordanrr Guest

    Default Re: Zero length 'files/program' in Program Control Programs list

    Sorry, it'd takedn me so long to get back to this.

    I had before reading your message had purchased XoftSpySE and it found some Trojan spyware, specifically Trojan BHO NTLDR and one called Wopla Trojan. I keep my system running 24/7; I check a day or so later with XoftSpySE, it doesn't find anything. However, if I have to reboot and rescan, the Trojan BHO NTLDR reappears.

    I have downloaded and used the other programs you suggested and only the AVG rootkit program found anything which has not reappeared as of yet.

    I eventually am going to 'clean' my system by doing a fresh install of WinXP, but until then the programs you suggested will be a stop-gap process.

    As of yet, I haven't uploaded he logs of my scans to castlecop, but will.

    Anyway, thanks for the suggestions!

    Frank Jordan


    <blockquote><hr>Oldsod wrote:
    koos.exe is malware.

    I suggest you scan the PC with the AV and the AS ASAP.

    The download and update and run all of these freeware versions to help clean the PC:

    http://www.superantispyware.com/

    http://www.emsisoft.com/en/software/free/

    http://www.majorgeeks.com/RogueRemover_Free_d5360.html

    There maybe a rootkit involved. This means trouble.

    You could try some freeware rootkit scanners.

    http://www.f-secure.com/blacklight/

    http://free.grisoft.com/doc/download...otkit/us/frt/0

    Further more. Please save all scan results. After each scan and clean is done, then start in the safe mode and rescan again. Save all scan results once again.

    Then immediately go to castlecops and post the HJT (hijack this) scan results at here&gt;

    http://www.castlecops.com/f67-Hijack...ans_Oh_My.html

    The HJT and saved scan results will be helpful to them. They will more than likely have another scanner to install and again you will post the scan's results.

    The HJT is free. They are trained experts in the area of all malware removal. Excellent results for the user community by the volunteers.

    Oldsod
    <hr></blockquote>

  6. #6
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: Zero length 'files/program' in Program Control Programs list

    Wolpa trojan is serious just as the BHO NTLDR troyan is.

    Try the F-Secure Blacklight tool for the Wolpa trojan...

    http://www.f-secure.com/blacklight/

    The Wolpa is a rootkit and it's removal is important in removing any further infections or reinfections.



    The BHO NTLDR is possiblely reinstalling as a driver file. Check the file location indicated in the scan result. Possibly in the Doc and Settings. Remove any mention of the NTLDR.SYS file.

    Also check the WINDOWS\Downloaded Program Files and remove any rogues.

    Remove this CLSID key in the registry:

    {E30C4730-15DD-11DB-9613-00E08161165F}

    Do a further clean after the scan and removal, with a registery cleaners such as CCleaner.

    http://www.majorgeeks.com/CCleaner_S...ish_d4191.html

    Also when doing the reformat and reinstall, do complete wipe of the HDD with a proper disk eraser first.
    Something like DBAN or Dereks Boot and Nuke...

    http://dban.sourceforge.net/

    After the drive is wiped, pull the power plug. This kills anything resident in the PC memory, such as a rootkit or troajn. Then flash the BIOS to kill any rootkits hiding in there. Now it is OK to reformat and reinstall.


    Cheers,

    Oldsod
    Best regards.
    oldsod

  7. #7
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,287

    Default Re: Zero length 'files/program' in Program Control Programs list

    Hi!please note that XoftSpySE has a bad history of false detections and questionable marketing strategy...I have seen many cases of false detection by XoftSpySE. Its not a fully trustable antispyware application and I would personally not running it.There are better and more robust application on the net, some of them even free.Try for example superantispyware free, its solid and specialised on nasty infections (as already suggested by oldsod).http://www.superantispyware.com/down...NTISPYWAREFREEAlso you can get your system scanner by professionals here:http://www.castlecops.com/f67-Hijack...ans_Oh_My.htmlPlease read mandatory steps before posting:http://www.castlecops.com/t102301-Hi...e_Posting.htmlCheers,Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •