Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malicious Spyware


  • Please log in to reply
7 replies to this topic

#1 rlight

rlight

  • Members
  • 256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Washington State
  • Local time:11:21 PM

Posted 29 June 2006 - 11:37 PM

So, I downloaded Ewido onto my computer and ran a scan. It turned up 30 medium risk spyware.

It also detected a malicious item called 'Backdoor.Ncx.a'. I quarintined all of these and then deleted them.

What is Backdoor.Ncx.a? Is there any reason to be concerned with this being on my computer for who knows how long?

rlight

BC AdBot (Login to Remove)

 


m

#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:21 PM

Posted 30 June 2006 - 06:08 AM

Backdoor.Ncx.a appears to be ncp.exe (NetCat program), which can be used as a hacking tool. It's also part of W32/IrcBounce-A's collection of programs that are distributed together and used as an IRC backdoor Trojan.

See here and here.

Since there are numerous other files (clean & bad) related to this I suggest you investigate further per the instructions at Sophos and Symantec. I also recommend you perform at least two of these online Virus scans:
[Watch the Address bar in IE. You may receive alerts that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then Click Install ActiveX component.]
Trend Micro Housecall Scan
Panda ActiveScan [ActiveScan Panda does not remove adware/spyware but will autoclean for viruses & worms.]
a-squared Web Malware Scanner
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 rlight

rlight
  • Topic Starter

  • Members
  • 256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Washington State
  • Local time:11:21 PM

Posted 30 June 2006 - 10:50 PM

QUIETMAN7,

I appreciate all your information, however I have a question regarding 'installing Active X'. It is my understanding that Active X is a 'bad' thing. Am I wrong? Please explain this to an admitted novice.

rlight

#4 tg1911

tg1911

    Lord Spam Magnet


  • Members
  • 19,274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SW Louisiana
  • Local time:10:21 PM

Posted 30 June 2006 - 11:10 PM

Most of the online scans require an ActiveX control to work, that's why most of them will only work using Internet Explorer.
Just because it says ActiveX, doesn't necessarily mean it's a bad thing, it's just that writers of malicious code will sometimes use it in the garbage they write.
ActiveX can be used for good, and evil. :thumbsup:

If you want to use a scanner that doesn't use ActiveX, Trend Micro has an online scan that doesn't require it.
You can run this scanner using Firefox, which doesn't use ActiveX.
Here's the link:
HouseCall - Europe
MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook

#5 rlight

rlight
  • Topic Starter

  • Members
  • 256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Washington State
  • Local time:11:21 PM

Posted 30 June 2006 - 11:35 PM

I sure appreciate your imput.

However, I'm still a little confused regarding running several anti-virus programs on my computer. Can I use several different AV programs and not have any conflicts? Currently I have AVG Anti Virus program on my computer.

rlight

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:21 PM

Posted 01 July 2006 - 05:36 AM

ActiveX Controls: Overviews/Tutorials
ActiveX Control Tutorial - Part 1
ActiveX Control Tutorial - Part 2

Can I use several different AV programs and not have any conflicts?

You can have more than one anti-virus program installed on your system as long as only one of them is actively running and providing real time protection. The other should only be used as an on demand scanner. However, even when one of them is not running, problems can still arise when the active anti-virus detects the non-active one's definitions or quarantined files.

The concern with using more than one anti-virus program is due to conflicts that can arise from them both running together at the same time in real-time protection mode. Anti-virus software componets insert themselves into the operating systems core and using more than one can cause instability, crash your computer, slow performance and waste system resources. When actively running in the background while connected to the Internet, they both may try to update their defintion databases are the same time. As the programs compete for resources required to download the necessary files this often can result in sluggish system performance.

While operating in real-time mode, each program will often interpret the activity of the other as a virus and there is a greater chance of them alerting you to "False Positives". Further, if one Av finds a virus and then the other also finds the same virus, then both programs will be competing over exclusive rights on dealing with that virus. Each piece of AV software will attempt to seize the offending file and quarantine it. If one AV finds and quarantines the file before the other one does, then you encounter the problem of both AV's wanting to scan each other's zipped or archived files and each reporting the other's quarantined contents. This can lead to a repetivite cycle of endless alerts that continually warn you that a virus has been found.

In contrast, using more than one anti-spyware program running in real-time mode simultaneously increases your protection coverage without causing the same kind of conflicts or affecting the stability of your system.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 rlight

rlight
  • Topic Starter

  • Members
  • 256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Washington State
  • Local time:11:21 PM

Posted 02 July 2006 - 12:01 AM

So, should I go ahead and scan my computer withTrend Housecall and Panda ActiveScan? If I should, how do I set my current AV program to be a demand scanner? Or can I run a log and submit it to to be analyzed by some of the great people at Bleeping Computer?

rlight

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:21 PM

Posted 02 July 2006 - 07:44 AM

Yes go ahead and scan with Housecall and ActiveScan. There is no need to set the AV installed your computer as an on demand scanner. What are you going to use for protection if you do that? And you can post your scan logs if you need help with them.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users