Help Needed

Discussion in 'Computer Security' started by damienj3, Apr 7, 2006.

  1. damienj3

    damienj3 Byte Poster

    191
    2
    34
    Apr 7, 2006 #1
    Remove Advertisement - Premium Membership
    Has anyone any idea what Gh0stl.exe is. I keep getting a security notice asking me if I want to permit or block but no matter what I do the notice keeps popping up. I'm using Norton Internet Security 2005 and Systemworks 2004. I've looked up on google but nothing came up.
     
    Certifications: mcse
    WIP: MCSE 2003
  2. hbroomhall

    hbroomhall Petabyte Poster Gold Member

    6,624
    117
    224
    Apr 7, 2006 #2
    Remove Advertisement - Premium Membership
    Er - ghostl.exe or ghost1.exe? There is a difference....

    And the random digit replacement - is that exact? Because if so it is something nasty...

    Harry.
     
    Certifications: ECDL A+ Network+ i-Net+
    WIP: Server+
  3. damienj3

    damienj3 Byte Poster

    191
    2
    34
    Apr 7, 2006 #3
    The way it is coming up in the security alert is Gh0stl.exe (ghostl)
     
    Certifications: mcse
    WIP: MCSE 2003
  4. hbroomhall

    hbroomhall Petabyte Poster Gold Member

    6,624
    117
    224
    Apr 7, 2006 #4
    That is most confusing. Does it really spell it in two different ways like that? How about a cut'n'paste of the whole message?

    If it is really like that then I suspect some trojan.

    Harry.
     
    Certifications: ECDL A+ Network+ i-Net+
    WIP: Server+
  5. damienj3

    damienj3 Byte Poster

    191
    2
    34
    Apr 7, 2006 #5
    it's just spelt Gh0stl.exe. (excuse the colour, saved it this way to save on space)
     

    Attached Files:

    Certifications: mcse
    WIP: MCSE 2003
  6. damienj3

    damienj3 Byte Poster

    191
    2
    34
    Apr 7, 2006 #6
    I think I've fixed it. I was looking through Add Remove programs and some idiot had installed mirc (IRC). The Gh0stl thing disappeared once I had uninstalled it. Thanks Anyway.
     
    Certifications: mcse
    WIP: MCSE 2003
  7. hbroomhall

    hbroomhall Petabyte Poster Gold Member

    6,624
    117
    224
    Apr 7, 2006 #7
    OK - I see what you mean. I suspect this is a trojan. Search for it first in msconfig->startup. If not there try the registry. Also search in the file-system.

    Report the path to it. The path may give a clue as it its provenance.

    Harry.
     
    Certifications: ECDL A+ Network+ i-Net+
    WIP: Server+
  8. Bluerinse
    Honorary Member

    Bluerinse Exabyte Poster

    8,878
    181
    256
    Apr 7, 2006 #8
    Do you notice anything happen if you end that process?
     
    Certifications: C&G Electronics - MCSA (W2K) MCSE (W2K)
  9. hbroomhall

    hbroomhall Petabyte Poster Gold Member

    6,624
    117
    224
    Apr 7, 2006 #9

    Great! It was possibly a mIRC script or similar - that app attracts a lot of nasties unfortunately.

    Harry.
     
    Certifications: ECDL A+ Network+ i-Net+
    WIP: Server+
  10. damienj3

    damienj3 Byte Poster

    191
    2
    34
    Apr 8, 2006 #10
    The computer didn't act any different once I ended that process. All seems fine now. Cheers
     
    Certifications: mcse
    WIP: MCSE 2003

Share This Page

Loading...
Remove Advertisement - Premium Membership
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...