Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > NZ Computing > Questionable file

Reply
Thread Tools

Questionable file

 
 
Seagull
Guest
Posts: n/a
 
      08-09-2005
I have a relatives machine here (XP Home) for disaffection and have run
AdAware, Spybot, Xcleaner and updated Zonealarm and AVG. It now seems clean
but something called
ZYwCA8LN.exe
is running and trying to access the net.
A search for folders finds nil and I find no references on google.
Anyone know what this file is or does.




 
Reply With Quote
 
 
 
 
frederick
Guest
Posts: n/a
 
      08-09-2005
Seagull wrote:
> I have a relatives machine here (XP Home) for disaffection and have run
> AdAware, Spybot, Xcleaner and updated Zonealarm and AVG. It now seems clean
> but something called
> ZYwCA8LN.exe
> is running and trying to access the net.
> A search for folders finds nil and I find no references on google.
> Anyone know what this file is or does.
>
>
>
>

It's probably spyware or worse.
Try downloading and using AntiVir from http://www.freeav.com/ . Free,
and effective for trojans, dialers, and viruses and worms that AVG misses.
If that doesn't work, then find out how it starts via a registry search
or through Spybot's system startup tool.
Disable it starting, reboot, and rename the file. (Don't delete it
straight away in the unlikely case it isn't malicious - and you might
need it).
After reboot, check to see if another similarly random named process is
now running - if so, you will need to check all startup entries with a
fine tooth comb.
Not uncommon for spyware / malware to run a process which drops a new
randomly named executable, modifies the registry so it starts on windows
startup, then terminates so you don't see the original offender in task
manager - making it harder to get rid of the infection.
 
Reply With Quote
 
 
 
 
gl
Guest
Posts: n/a
 
      08-09-2005
Maybe a trojan which alters its filename suffix randomly -

check google for ZYwCA and trojan and you will find plenty of matches!!



"Seagull" <(E-Mail Removed)> wrote in message
news:0zVJe.1413$(E-Mail Removed)...
> I have a relatives machine here (XP Home) for disaffection and have run
> AdAware, Spybot, Xcleaner and updated Zonealarm and AVG. It now seems

clean
> but something called
> ZYwCA8LN.exe
> is running and trying to access the net.
> A search for folders finds nil and I find no references on google.
> Anyone know what this file is or does.
>
>
>
>



 
Reply With Quote
 
Dave Taylor
Guest
Posts: n/a
 
      08-09-2005
"Seagull" <(E-Mail Removed)> wrote in
news:0zVJe.1413$(E-Mail Removed):

> I have a relatives machine here (XP Home) for disaffection and have
> run AdAware, Spybot, Xcleaner and updated Zonealarm and AVG. It now
> seems clean but something called


Should use spywareblaster by javacools, MS Antispyware beta, and maybe
chuck in a-squared for good measure.
http://www.emsisoft.com/en/


By the time you do this, you could have backed up, reformatted, reinstalled
and reimported, patched and immunized.
Usually...


--
Ciao, Dave
 
Reply With Quote
 
bambam
Guest
Posts: n/a
 
      08-09-2005
"Seagull" <(E-Mail Removed)> wrote in
news:0zVJe.1413$(E-Mail Removed):

> I have a relatives machine here (XP Home) for disaffection and have
> run AdAware, Spybot, Xcleaner and updated Zonealarm and AVG. It now
> seems clean but something called
> ZYwCA8LN.exe
> is running and trying to access the net.
> A search for folders finds nil and I find no references on google.
> Anyone know what this file is or does.


HijackThis should help you figure out where this program is starting from-

http://www.spywareinfo.com/%7Emerijn/downloads.html

The only problem is sorting the good from the bad, these sites should help
with that-

http://tomcoyote.com/hjt/

http://forums.majorgeeks.com/showthread.php?t=38752

http://hometown.aol.co.uk/jrmc137/hj...l/tutorial.htm

http://www.bleepingcomputer.com/foru...howtutorial=42

Good luck.
 
Reply With Quote
 
Tony
Guest
Posts: n/a
 
      08-09-2005
On Tue, 9 Aug 2005 15:38:35 +1200, "Seagull" <(E-Mail Removed)> wrote:

>I have a relatives machine here (XP Home) for disaffection and have run
>AdAware, Spybot, Xcleaner and updated Zonealarm and AVG. It now seems clean
>but something called
>ZYwCA8LN.exe




This File Name is now known, have you listed the Correct file name..?

Hidden & System files will not show up most of the time..

I use PowerDesk for searching for files or do a search in the Registry.

>is running and trying to access the net.
>A search for folders finds nil and I find no references on google.
>Anyone know what this file is or does.
>
>
>


 
Reply With Quote
 
Steve Marshall
Guest
Posts: n/a
 
      08-09-2005
Dave Taylor wrote:

>> I have a relatives machine here (XP Home) for disaffection


Yes, I get a little disaffected with my relatives when this keeps
happening, too.
 
Reply With Quote
 
Roger_Nickel
Guest
Posts: n/a
 
      08-09-2005
Tony wrote:
> On Tue, 9 Aug 2005 15:38:35 +1200, "Seagull" <(E-Mail Removed)> wrote:
>
>
>>I have a relatives machine here (XP Home) for disaffection and have run
>>AdAware, Spybot, Xcleaner and updated Zonealarm and AVG. It now seems clean
>>but something called
>>ZYwCA8LN.exe

>
>
>
>
> This File Name is now known, have you listed the Correct file name..?
>
> Hidden & System files will not show up most of the time..
>
> I use PowerDesk for searching for files or do a search in the Registry.
>

It's getting harder; some of the new scumware copies entries refering to itself
out of registry on startup and copies them back on shut down. The real preogram
spawns processes with ramdom names which do the dirty work and any attempt to
remove these processes alerts the scumware that you are on to it. I wasted a
morning dealing with this some of this muck on a computer a few months ago and
the solution for me was Hijack This. The latest wrinkle is to install a Linux
type rootkit, this subverts some of the windows system calls and means that
scumware will not necessarily show up in the services list or in task manager or
as results in a file system search if the search utility uses Windows system
libraries.
 
Reply With Quote
 
MarkH
Guest
Posts: n/a
 
      08-09-2005
"Seagull" <(E-Mail Removed)> wrote in
news:0zVJe.1413$(E-Mail Removed):

> I have a relatives machine here (XP Home) for disaffection and have
> run AdAware, Spybot, Xcleaner and updated Zonealarm and AVG. It now
> seems clean but something called
> ZYwCA8LN.exe
> is running and trying to access the net.
> A search for folders finds nil and I find no references on google.
> Anyone know what this file is or does.


Now is the right time to test different AV products to see how well they
do. This is how I came to be using Kaspersky AV, there is a trial version
available from their site and once installed and updated it should be able
to identify the Trojan if it is one.

I manage to get Kaspersky to ID and remove a Trojan which Norton didn't
know about, even 2 months later Norton was still not recognising the Trojan
(I kept a copy in a zip file to test different AV programs).


--
Mark Heyes (New Zealand)
See my pics at www.gigatech.co.nz (last updated 25-June-05)
"There are 10 types of people, those that
understand binary and those that don't"

 
Reply With Quote
 
GraB
Guest
Posts: n/a
 
      08-09-2005
On Tue, 09 Aug 2005 12:49:21 GMT, MarkH <(E-Mail Removed)> wrote:

>"Seagull" <(E-Mail Removed)> wrote in
>news:0zVJe.1413$(E-Mail Removed):
>
>> I have a relatives machine here (XP Home) for disaffection and have
>> run AdAware, Spybot, Xcleaner and updated Zonealarm and AVG. It now
>> seems clean but something called
>> ZYwCA8LN.exe
>> is running and trying to access the net.
>> A search for folders finds nil and I find no references on google.
>> Anyone know what this file is or does.

>
>Now is the right time to test different AV products to see how well they
>do. This is how I came to be using Kaspersky AV, there is a trial version
>available from their site and once installed and updated it should be able
>to identify the Trojan if it is one.
>
>I manage to get Kaspersky to ID and remove a Trojan which Norton didn't
>know about, even 2 months later Norton was still not recognising the Trojan
>(I kept a copy in a zip file to test different AV programs).


I had that with a new virus I found. Sent copies to AVG and Nortons.
Nortons said no malicious code, AVG said a definition was coming out
with the next update. It was more than two weeks later before Nortons
identified it as a virus.
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
multiple inheritance \ questionable design Andrew C++ 2 10-19-2007 11:17 AM
Re: Civil Law (Sale of Residential Property) Act 2003... a questionable piece of legislation Nemesis Computer Support 0 07-15-2004 08:49 AM
Questionable compiler warning Thomas Heinz C++ 12 07-09-2004 01:56 AM
questionable cast Rouben Rostamian C Programming 6 01-19-2004 11:27 PM
questionable file Lu Tze Computer Security 1 07-20-2003 07:12 AM



Advertisments