What is nogvyyoe.exe in task manager ? (2nd posting)

  • Thread starter Thread starter Shahab
  • Start date Start date
S

Shahab

Hi,
first of all, thanks to Mike Bright and Dug Knox who
responded to my first posting yesterday.

I have XP Pro running on a Dell Latitude laptop.
I have McAffee running with latest updates and did
thorough checks.
I have Ad-Aware of Lavasoft and did multiple checks.

nogvyyoe.exe is unbothered by either ad-aware or McAfee.
In fact ad-aware acknowleges the process as running.
Google and other searches have not brought any hit
searching for this name.

An eMail request to MS support yesterday was responded
with a suggestion how to disable nogvyyoe.exe - which
worked and so the process is not running anymore.

BUT:
would anyone have a clue, what this process is / was ?
In the end I have just switched off something without
having a clue what it was....

Thanks for any response,
Shahab
 
Shahab,

I have done a really big search for you on this one, and
cannot find a reference to this process anywhere.
However, this maybe because it is spyware / some kind of
ware that Ad-Aware doesnt know about, also you have to
bear in mind that SpyWare, tends to have a random process
name generation process in it, so the reason your search
draws a blank is because the process name was generated,
and probably hasnt been generated anywhere else :d

I'll keep looking, you can always e-mail me the exe and
ill take a look at it if you REALLY want to know :d

Regards

Mike Bright MCP, MSP

e:[email protected]
 
Hi Mike,
thanks for the response and efforts.

Understand what you mean by "random" naming of the file -
so I guess I will try to calm my unsatisfiable hunger for
info on this bug ;-)

Again thanks for the help.

Regards,
Shahab
 
Shahab ,

It is a Cool Web Search variant referred to as
res://<random>.dll/sp.html#96676 for the original variant .
Unfortunately it has evolved and is a bear to remove. Now that
you've identified the process and stopped it hopefully it will not
generate any more random name .dll files.

If it's the original variant then you may have some luck removing it
doing this : http://forum.aumha.org/viewtopic.php?t=6207
Also, you can attempt to edit the registry IF you know the CLSID of
the <random name>.dll in question :
http://www.kephyr.com/spywarescanner/library/msopt/index.phtml

If it's a newer variant you will have to obtain CWShredder and
Spybot. Update both AdAware and Spybot prior to using.
Links to programs can be found here --
http://www.siena.edu/antivirus/Spyware/default.html

See this thread from windowsxp.security_admin for more detailed
steps - Subject : spy ware Posted by : mike ghobadi 7/6/2004


MowGreen [MVP]
===============
*-343-* FDNY
Never Forgotten
===============
 
Back
Top