Results 1 to 10 of 20

Thread: Gibberish Filenames in Program Control! Multiple Trojans, Ghost processes -- this is a mess!

Hybrid View

  1. #1
    kmehtadc Guest

    Default Gibberish Filenames in Program Control! Multiple Trojans, Ghost processes -- this is a mess!

    I have over 30 entries in my Program Control where the program/file names are just gibberish characters. I cant even copy-paste them here. These entries appeared on their own and have given themselves permission to access the internet to act as servers, etc. Everytime I mark these things with "Kill" or "Restricted", new ones appear on their own. I have no idea what is going on.Last week, my computer got infected with a virus -- I had the following trojans that had infected my computer: Trojan-backdoor-lev, Trojan.Byteverify, Trojan.Repsamo, Trojan.KillAV, PWSteal.Trojan, Trojan.Anserin, Bloodhound.Exploit.6, SecurityRisk.Downldr, Downloader.Trojan.It took me two days to get rid of everything with Norton Antivirus, Spysweeper, Ad-ware, etc. I then downloaded ZA Pro and have it running since. While my AV and Spy detecting software is not catching anything new, I still have a feeling that my laptop is infected. There is a process called NCOELL32.EXE, that ZA alerts me about and blocks. I also have Security Task Manager which detects this process. This was one of the virus files that I had found and deleted. However, even after I kill it using Security task manager, it still shows up after a few hours, with a 100% threat rating. I cannot find this file anywhere on my harddrive and can't even find references to it in my registry.Anyone know what is going on?? I would greatly appreciate any help!!

    Operating System:Windows XP Pro
    Product Name:ZoneAlarm Pro
    Software Version:6.0


    Message Edited by kmehtadc on 12-01-2005 09:58 PM

  2. #2

    Default Re: Gibberish Filenames in Program Control! Multiple Trojans, Ghost processes -- this is a mess!

    Oh dear. What have you been doing to your computer? We will have to run some anti-trojan scans.For our purposes, we will be installing the stand-alone scanner portion of the program only, so that the guard (ewido's active protection component) will not interfere with the cleaning process.
    1. <LI>Please download the free ewido security suite <UL><LI>After the download is complete, double click on the file to launch the installation process. </LI>
    <UL><LI>During installation under the Additional Options menu, you will be asked if you want to "Install background guard (required for automatic updates)" and "Install scan via context menu". Please UNCHECK both of these options. </LI>[/list]<UL><LI>Launch ewido, there should be an big "E" icon on your desktop, double-click it, and you will see the ewido main screen. </LI>[/list]<LI>Next, you will need to update ewido to the latest definition files. <UL><LI>On the left hand side of the main screen click Update--&gt;Start Update </LI>[/list]The update will begin and a progress bar will show the updates being installed. Only, if you are having problems with the updater, you can manually update ewido. <LI>Once updating is 100% complete, setup ewido as follows, and then perform a scan: <UL><LI>Click on scanner <LI>Click on Settings <LI>For your first scan, please check the 'Scan every file' option. You can change this back to 'Choose files by Extensions' later if desired, for quicker scanning. <LI>Click on Complete System Scan and the scan will begin. <LI>While the scan is in progress, you will be prompted to clean the first infected file ewido finds. Select 'Remove', then put a check in the the box next to 'Perform action on all infections'. Doing this, enables the scan to proceed automatically until its completion. Click OK. </LI>[/list]<LI>Once the scan has completed, there will be a button located on the bottom of the screen named Save report <UL><LI>Click Save report and save the report .txt file to your desktop. <LI>Now close ewido security suite.

    </LI>[/list]For more detailed instructions regarding ewido setup and scanning features, please consult the ewido Quick Guide by DieHard.</LI>[/list]

    Remove everythingit finds. Reboot.



    Then download HijackThis.
    Save HijackThis in its own folder (i.e. C:\HJT). DO NOT run it from within a zip manager (Winzip), as no backups will be saved.

    Double-click Hijackthis.exe from the new folder and hit Scan.

    The Scan Button has a new Caption. Save Log. Click the Save Log button to create a file named Hijackthis.log. A dialog box will pop up. Use it to select the location where you will save the log. Close the program.


    Post your hijackthis log in:

    http://bfccomputerhelp.com/index.php?showforum=5

    You may have to register to post.



    Message Edited by chiawaikian on 12-02-2005 04:39 PM

  3. #3
    rablmsr Guest

    Default Re: Gibberish Filenames in Program Control! Multiple Trojans, Ghost processes -- this is a mess!

    I downloaded the ewido-setup, but, while it was unpacking I got an error message that said it needed Windows 2000 or higher to install. I have Windows 98. What are the requirements to install and run this security program?

  4. #4
    ad_hock Guest

    Default Re: Gibberish Filenames in Program Control! Multiple Trojans, Ghost processes -- this is a mess!

    Hi rablmsr
    Ewido only works in 2000 and XP. If you want a good anti trojan program that works with 98 the best is Trojan Hunter. It's paid more expensive then ewido ($49 I think) but has a 30 days trial with all features enabled.
    Best regards

  5. #5

    Default Re: Gibberish Filenames in Program Control! Multiple Trojans, Ghost processes -- this is a mess!


    <BLOCKQUOTE><HR>Ad-Hock wrote:
    Hi rablmsr
    Ewido only works in 2000 and XP. If you want a good anti trojan program that works with 98 the best is Trojan Hunter. It's paid more expensive then ewido ($49 I think) but has a 30 days trial with all features enabled.
    Best regards
    <HR></BLOCKQUOTE>
    Ad-hock is right, use Trojan Hunter Trial instead: It runs on Windows 95, 98, ME, NT, 2000 and XP.
    1. <LI>Download and Install the 30-day trial of TrojanHunter <LI>There is no updating feature available within the trial version of TrojanHunter itself, so you must download a compressed ruleset and unzip all the files within it to the TrojanHunter folder, as outlined in the Manual Update Instructions. <LI>To do a full scan be sure the boxes are checked (green) beside your main hard drive folders, then click on Full Scan. The program is fully functional and free to first time users for only 30 days.

      For more detailed instructions regarding TrojanHunter setup and scanning features, please consult the TrojanHunter Online Help Guide</LI>
    Forget Ewido, and run TrojanHunter. Then follow the rest of my instructions.

  6. #6
    rablmsr Guest

    Default Re: Gibberish Filenames in Program Control! Multiple Trojans, Ghost processes -- this is a mess!

    I just read some alerts from other security forums that there's been a problem with www.castlecops.comoffering some downloads that are very suspicious and regarded as malware or hijackers. I think I'll wait and check out others first.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •