Author Topic: Ghost ???  (Read 13603 times)

0 Members and 1 Guest are viewing this topic.

handcuff36

  • Guest
Ghost ???
« on: December 24, 2008, 10:40:56 PM »
Hello, this is my first post here, thank you. First a Merry Christmas to all.

I have been on Avast for ions and quite happy with it. Lately, I get a funny little icon that shows up near the My Computor ( Vista HB ), it does not seem to hinder the system at all, at least, nothing noted. It flashes on the screen for a flick of an eyelid.  It looks like a small ghost. I have some PRn/Scrn of it, if I could find where to attach them here.  I will try the +Additional Options. Stand-by. Hey, I think that I did it.  If you are looking at the -4.jpg, reduce it to 5% to fill your screen.

Anybody with any idea of what this is, would earn my thankyou for sure. I wonder if it is a key-loger of sort ?

Have a nice day and thanks for the opportunity to make new friends.         JP aka handcuff36

Offline YLAP

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2118
Re: Ghost ???
« Reply #1 on: December 24, 2008, 10:47:30 PM »
Do you have something like Spybot S&D or someting similar to analyze programs loaded on startup?

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: Ghost ???
« Reply #2 on: December 24, 2008, 10:50:31 PM »
You can test your monitor with dead pixels testers.
And you can follow the general cleaning procedure:

1. Clean your temporary files.
2. Schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! instead.
3. Use SUPERantispyware, MBAM or Spyware Terminator to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete them.
4. Test your machine with anti-rootkit applications. I suggest avast! antirootkit or Trend Micro RootkitBuster.
5. Make a HijackThis log to post here or this analysis site. Or even submit the RunScanner log to to on-line analysis.
6. Disable System Restore and then reenable it again.
7. Immunize your system with SpywareBlaster.
8. Check if you have insecure applications with Secunia Software Inspector.
The best things in life are free.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89002
  • No support PMs thanks
Re: Ghost ???
« Reply #3 on: December 25, 2008, 12:47:30 AM »
I doubt it is a dead pixel, not half the size of an icon, not one that flickers on just for a blink of an eye.

I really don't have any idea what it might be, if it remains there, right click and select properties and see what information can be gleaned.

Or check out Task Manager to see if there are any unknown processes running, etc. or the Windows Start, Run and type msconfig, this should open a window of various windows settings, etc. click on the Startup tab and se if there is anything there that you aren't aware of.

There are some diagnostic/analysis tools here, http://technet.microsoft.com/en-us/sysinternals/default.aspx, the System Internals section and Process Explorer in particular (also Autoruns) is one that gives information on running processes. Whilst these do require a degree of knowledge of what would normally be running on your system.
« Last Edit: December 25, 2008, 12:49:45 AM by DavidR »
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.3.6108 (build 24.3.8975.762) UI 1.0.801/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline George Yves

  • Avast Überevangelist
  • Massive Poster
  • *****
  • Posts: 4095
  • Help you I can
Re: Ghost ???
« Reply #4 on: December 25, 2008, 08:53:26 AM »
I just thought about some people I know. They adore practical jokes. What do you think about the people who has access to your PC?
May the FOSS be with you!

Offline SpeedyPC

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3398
  • Avast shall conquer the whole world
Re: Ghost ???
« Reply #5 on: December 25, 2008, 12:25:41 PM »
I just thought about some people I know. They adore practical jokes. What do you think about the people who has access to your PC?


Yep this remind me when I load a screen saver onto a friend computer at work called the MS blue screen of error death messages on April fools day, god I'm so cruel and this makes me feel great when I had to pay him back big times when he got me on April fools day.
« Last Edit: December 25, 2008, 12:31:23 PM by SpeedyPC »
Gigabyte 670 LGA1200 Full ATX MB | Intel Core i9-13900 CPU/LGA 1700 | GeForce Nvidia RTX-4070/12GB | 32GB DDR4 | 2 x 1TB Samsung SSD | W11 Home 64bit | Avast Premium v24.3.6108 | Avast SecureLine VPN | Avast Secure Browser | Avast Driver Updater | Avast BreachGuard | Firefox 64bit | MalwareBytes Premium | Adguard Premium | CCleaner Portable | Macrium Reflect | 7-Zip

handcuff36

  • Guest
Ghost ???
« Reply #6 on: December 25, 2008, 02:17:21 PM »
A large thankyou to all who took time to reply/react to my posts.  I have noted all suggestions.
Nobody else uses my computor, it is password protected on booting, so nobody can play a joke on me. The MBR is also locked in BIOS, ie: no rootkit.

I have just in the last week, restored the OS to factory default and this showed up again, the ghost !  A friend and I bought the same Acer about 1 week apart, the very same Acer and he does not get this ghost.

Really baffling, is it not ?   After some more tests, as suggested here, I will get back to you. Again, thanks.   JP.

handcuff36

  • Guest
Ghost ???
« Reply #7 on: December 26, 2008, 03:58:35 PM »
Good  morning DavidR.
I had tried the right click and also the left click of the mouse on that Ghost before. No reaction at all, it is a real ghost ! :-)  It does not stay on the screen very long and it makes it tough to even just get the mouse on it.
If I have time today, I will run a full scan again on the Vista box. At the moment, I am typing at you on an Ubuntu box, via Firefox. I might remove Avast from that Vista box, install Norton, just to see. I would re-install Avast after the scan. I have to try many options to see what this is.

In case that this is a key-loger, how can I search it ?

Have a great day and thanks for your attention.                      JP.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: Ghost ???
« Reply #8 on: December 26, 2008, 05:18:37 PM »
If you set a wallpaper, does it continues there?
The best things in life are free.

handcuff36

  • Guest
Again, Ghost ???
« Reply #9 on: December 27, 2008, 06:00:48 PM »
Hello Tech and DavidR, the whole bunch too.

I have run all the suggested tests, nothing. I just got Avast back installed after running Norton that found nothing. Now, this last run of Avast again as for Norton, found nothing.  Avast went through 45 Gigs of data on my HD and took 52 minutes for this.

Am I chasing a wild goose here ? Is this Ghost really nothing ? Should I ignore the aggravation ? It does not seem to do anything at all, the aggravation is not knowing what it is. Who/what could be generating this ?

Fun anyway.  A nice 09 to all.           JP aka handcuff36

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89002
  • No support PMs thanks
Re: Ghost ???
« Reply #10 on: December 27, 2008, 06:23:36 PM »
I really don't know as there isn't enough information to say what it is so we can't say one way or the other if it is a wild goose chase.

Adding Norton to the mix is potential for other issues possibly more painful than what you have.

A link worth looking at, which is a program removal tool that can remove the remnants of a number of different Norton Programs:
Removing your Norton program using SymNRT

All I can suggest is getting google on the case, http://www.google.co.uk/search?q=mystery+icon+on+desktop, if nothing there try a different search string that is closer to your issue. Try and keep the search string simple (like my example search) or it will greatly reduce the results.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.3.6108 (build 24.3.8975.762) UI 1.0.801/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

handcuff36

  • Guest
Ghost elucided.
« Reply #11 on: December 29, 2008, 10:28:24 PM »
Good afternoon, David R.

Remember these Ghost .jpg that I posted here ?  Well, I believe that I found out the solution. Brace yourself.

This shows up when the MBR is locked in the BIOS. This is the selection where a warning is sounded and activity is stopped if anything/anybody ( rootkit ) is trying to write to that sector. Who would have thought of this.

Would you try it on your system and let me know as a confirmation of sort, please.  I have toggled this protection ON and OFF a few times and this seems to confirm what I just typed, it would be great to have it also confirmed by an expert.

I am on an Acer-Vista system, if you ask, I would come back with a BIOS version and name. I do not think that Vista has anything to do with it, this BIOS would work the same regardless of the OS, methinks.

Have a great 2009, to Tech too.                    JP.   aka handcuff36

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: Ghost ???
« Reply #12 on: December 29, 2008, 11:10:16 PM »
Man... how could we correlate the ghost with a rootkit and the MBR locked by the BIOS? ??? ???
Do you mean you unlocked the MBR in the BIOS and now the ghost disappear? ???
The best things in life are free.

handcuff36

  • Guest
Re: Ghost ???
« Reply #13 on: December 29, 2008, 11:28:22 PM »
Tech, hello.

>>Man... how could we correlate the ghost with a rootkit and the MBR locked by the BIOS? ??? ???
>>Do you mean you unlocked the MBR in the BIOS and now the ghost disappear? ???

      Yes !

    I am sure that this ghost is manifested as the MBR is locked. Your statement above seem to imply the opposite. There is no rootkit so no need to correlate the ghost to one. The MBR is ALWAYS locked on all my systems that allow this in BIOS, therefore, I have not rootkit, if this is the way it works. I will have to look into the Award site to see if they have anything to say in this regard.

    Thanks for your attention and a Happy 09 to you.           JP.    aka handcuff36.

handcuff36

  • Guest
Ghost elucided.
« Reply #14 on: December 29, 2008, 11:46:15 PM »

   Tech, me again.   This is what I found on the Award site, in this regard but no reference to the Ghost.

   Anti-Virus
When this icon is selected from the Security section of the WINBIOS Setup main menu, AMIBIOS issues a warning when any program (or virus) issues a Disk Format command or attempts to write to the boot sector of the hard disk drive. The settings are Enabled or Disabled. If enabled, the following appears when a write is attempted to the boot sector. You may have to type N several times to prevent the boot sector write. Boot Sector Write!!!Possible VIRUS: Continue (Y/N)? _
The following appears after any attempt to format any cylinder, head, or sector of any hard disk drive via the BIOS INT 13 Hard Disk Drive Service: Format!!!Possible VIRUS: Continue (Y/N)? _

    What do you make of this ?                        JP.             aka handcuff36