1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Help Needed

Discussion in 'Computer Security' started by damienj3, Apr 7, 2006.

  1. damienj3

    damienj3 Byte Poster

    191
    2
    34
    Has anyone any idea what Gh0stl.exe is. I keep getting a security notice asking me if I want to permit or block but no matter what I do the notice keeps popping up. I'm using Norton Internet Security 2005 and Systemworks 2004. I've looked up on google but nothing came up.
     
    Certifications: mcse
    WIP: MCSE 2003
  2. hbroomhall

    hbroomhall Petabyte Poster Gold Member

    6,623
    115
    224
    Er - ghostl.exe or ghost1.exe? There is a difference....

    And the random digit replacement - is that exact? Because if so it is something nasty...

    Harry.
     
    Certifications: ECDL A+ Network+ i-Net+
    WIP: Server+
  3. damienj3

    damienj3 Byte Poster

    191
    2
    34
    The way it is coming up in the security alert is Gh0stl.exe (ghostl)
     
    Certifications: mcse
    WIP: MCSE 2003
  4. hbroomhall

    hbroomhall Petabyte Poster Gold Member

    6,623
    115
    224
    That is most confusing. Does it really spell it in two different ways like that? How about a cut'n'paste of the whole message?

    If it is really like that then I suspect some trojan.

    Harry.
     
    Certifications: ECDL A+ Network+ i-Net+
    WIP: Server+
  5. damienj3

    damienj3 Byte Poster

    191
    2
    34
    it's just spelt Gh0stl.exe. (excuse the colour, saved it this way to save on space)
     

    Attached Files:

    Certifications: mcse
    WIP: MCSE 2003
  6. damienj3

    damienj3 Byte Poster

    191
    2
    34
    I think I've fixed it. I was looking through Add Remove programs and some idiot had installed mirc (IRC). The Gh0stl thing disappeared once I had uninstalled it. Thanks Anyway.
     
    Certifications: mcse
    WIP: MCSE 2003
  7. hbroomhall

    hbroomhall Petabyte Poster Gold Member

    6,623
    115
    224
    OK - I see what you mean. I suspect this is a trojan. Search for it first in msconfig->startup. If not there try the registry. Also search in the file-system.

    Report the path to it. The path may give a clue as it its provenance.

    Harry.
     
    Certifications: ECDL A+ Network+ i-Net+
    WIP: Server+
  8. Bluerinse
    Honorary Member

    Bluerinse Exabyte Poster

    8,871
    167
    256
    Do you notice anything happen if you end that process?
     
    Certifications: C&G Electronics - MCSA (W2K) MCSE (W2K)
  9. hbroomhall

    hbroomhall Petabyte Poster Gold Member

    6,623
    115
    224

    Great! It was possibly a mIRC script or similar - that app attracts a lot of nasties unfortunately.

    Harry.
     
    Certifications: ECDL A+ Network+ i-Net+
    WIP: Server+
  10. damienj3

    damienj3 Byte Poster

    191
    2
    34
    The computer didn't act any different once I ended that process. All seems fine now. Cheers
     
    Certifications: mcse
    WIP: MCSE 2003

Share This Page

Loading...