(#@&$@# Ghostwall.....

Discuss anything related to portable freeware here.
Post Reply
Message
Author
Erind
Posts: 75
Joined: Thu Jul 13, 2006 7:11 pm

(#@&$@# Ghostwall.....

#1 Post by Erind »

Ok, so I tried this because it looked like it was suggested somewhere over in the portable freeware program. Here's my take...

IT BLOWS. I have removed it from the hidden devices in the device manager, I've removed every trace of the file I could find, I made sure that Spybot has banned it from being placed anywhere... BUT THE DAMN THING STILL RUNS. I just spent 2 days (right after rebooting) blaming people at Qwest saying that they were blocking my inbound ports because I KNEW that I had removed GW. Bull@#$%. It was still rearing its ugly head. After breaking down, opening GW, clicking "Allow All" (which doesn't work once you reboot), my servers all started receiving connections again. Not only that, but somehow since opening it (first tried it at work) there are a few remote desktop destinations that I can no longer access, no matter how hard I try. Please PLEASE somebody tell me how to remove every tiny little aspect of this #$@&(@&. Ghost Security (the programmers who created this) do not respond to anything that's emailed to them or posted to their forums.

User avatar
Fluffy
Posts: 457
Joined: Sat Apr 15, 2006 6:37 pm

#2 Post by Fluffy »

So... I should add it to the rejection list with the reason "@!#$" ?

User avatar
Firewrath
Posts: 321
Joined: Mon Aug 28, 2006 2:36 pm

#3 Post by Firewrath »

I had this program long ago, and tryed it again when i saw it here on the forums, and i never had those kind of problems, O_o

i got rid of it because i dont like the 'by rules' bit,
<3 Sygate Personal Firewall, but alas, its not portable and damn hard to find now, >.<

...but your describing almost virus-like problems which is really odd, unless it got infected on your machine somehow.
(but considering your post, i wouldnt think so,)

try deleting all the 'rules' to it, i think that should default it into not blocking any IP/Ports, kinda like 'allow all' but not, :P

if anything else, id use RegSeeker and go through your Registry, and remove all references to Ghostwall,
(back your Registry up first, ofcourse, ;))
you could also try redownloading it, installing and uninstalling it just for kicks, :P

also try a virus scan or two "just in case"


anyways,
From what i see, Ghostwall leaves the following when used:

C:\WINDOWS\system32\ghstwall.fir
C:\WINDOWS\system32\drivers\ghstwall.sys

and these Reg. Entries:

Code: Select all

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\GhostWall=1
HKEY_LOCAL_MACHINE\SOFTWARE\Ghost Security\GhostWall\@=1
HKEY_LOCAL_MACHINE\SOFTWARE\Ghost Security\GhostWall\RuleList_cw0=4
HKEY_LOCAL_MACHINE\SOFTWARE\Ghost Security\GhostWall\RuleList_co0=4
HKEY_LOCAL_MACHINE\SOFTWARE\Ghost Security\GhostWall\RuleList_cw1=4
HKEY_LOCAL_MACHINE\SOFTWARE\Ghost Security\GhostWall\RuleList_co1=4
HKEY_LOCAL_MACHINE\SOFTWARE\Ghost Security\GhostWall\RuleList_cw2=4
HKEY_LOCAL_MACHINE\SOFTWARE\Ghost Security\GhostWall\RuleList_co2=4
HKEY_LOCAL_MACHINE\SOFTWARE\Ghost Security\GhostWall\RuleList_cw3=4
HKEY_LOCAL_MACHINE\SOFTWARE\Ghost Security\GhostWall\RuleList_co3=4
HKEY_LOCAL_MACHINE\SOFTWARE\Ghost Security\GhostWall\RuleList_cw4=4
HKEY_LOCAL_MACHINE\SOFTWARE\Ghost Security\GhostWall\RuleList_co4=4
HKEY_LOCAL_MACHINE\SOFTWARE\Ghost Security\GhostWall\RuleList_cw5=4
HKEY_LOCAL_MACHINE\SOFTWARE\Ghost Security\GhostWall\RuleList_co5=4
HKEY_LOCAL_MACHINE\SOFTWARE\Ghost Security\GhostWall\RuleList_sc6=4
HKEY_LOCAL_MACHINE\SOFTWARE\Ghost Security\GhostWall\RuleList_sa6=4
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
GhostWall=22 00 46 00 3a 00 5c 00 4d 00 69 00 73 00 63 00 5c 00 67 00 68 00 6f 00 73 00 74 00 77 00 61 00 6c 00 6c 00 5c 00 67 00 68 00 6f 00 73 00 74 00 77 00 61 00 6c 00 6c 00 2e 00 65 00 78 00 65 00 22 00 20 00 2d 00 6d 00 69 00 6e 00 69 00 6d 00 69 00 7a 00 65 00
[HKEY_LOCAL_MACHINE\SOFTWARE\Ghost Security\GhostWall]
@=00 00
RuleList_cw0=c8 00 00 00
RuleList_co0=00 00 00 00
RuleList_cw1=c8 00 00 00
RuleList_co1=01 00 00 00
RuleList_cw2=64 00 00 00
RuleList_co2=02 00 00 00
RuleList_cw3=64 00 00 00
RuleList_co3=03 00 00 00
RuleList_cw4=64 00 00 00
RuleList_co4=04 00 00 00
RuleList_cw5=64 00 00 00
RuleList_co5=05 00 00 00
RuleList_sc6=00 00 00 00
RuleList_sa6=00 00 00 00
i see nothing in there thatd make it reinstall itself, but, never know,
and none of my anti-virus / spyware scanners picked up anything,

(though leaving the files in the Windows folder is a good reason to reject it, ;)
*BUT, i used that 'now being re-writen' program (;)) to get this, so theres a chance that it deletes those when it closes and 'it' missed that happening, but i find that unlikely.)

*/sneaky


Anyways dude, hope this helps,

User avatar
gp_hbk
Posts: 73
Joined: Sun Jun 18, 2006 5:21 am
Location: India

#4 Post by gp_hbk »

Firewrath wrote:Sygate Personal Firewall, but alas, its not portable and damn hard to find now
You can find it on FileHippo

User avatar
Firewrath
Posts: 321
Joined: Mon Aug 28, 2006 2:36 pm

#5 Post by Firewrath »

long time, but, ;)
Thanks gb. I actually keep a copy of the install on my USB drive, ^-^

anyways, i found more ghostwall stuff to help removal,
all this is also in the registry:
(i think this/the created files, and all the ppl that have problems with it is More then enough to deny adding it, :P)

Code: Select all

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ghstwall]
"Type"=dword:00000001
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"="\\??\\C:\\WINDOWS\\system32\\drivers\\ghstwall.sys"
"DisplayName"="ghstwall"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ghstwall\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9C,00,00,00,14,00,00,00,30,00,00,00,02,00,1C,00,01,00,\
00,00,02,80,14,00,FF,01,0F,00,01,01,00,00,00,00,00,01,00,00,00,00,02,00,60,\
00,04,00,00,00,00,00,14,00,FD,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,\
00,00,18,00,FF,01,0F,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,00,\
00,14,00,8D,01,02,00,01,01,00,00,00,00,00,05,0B,00,00,00,00,00,18,00,FD,01,\
02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,00,00,00,00,00,\
05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ghstwall\Enum]
"Count"=dword:00000000
"NextInstance"=dword:00000000
"INITSTARTFAILED"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ghstwall]
"ImagePath"="\\??\\C:\\WINDOWS\\system32\\drivers\\ghstwall.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ghstwall\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ghstwall\Enum]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ghstwall]
"DisplayName"="ghstwall"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ghstwall\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ghstwall\Enum]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\PCI\VEN_8086&DEV_2580&SUBSYS_00000000&REV_0E\3&61aaa01&0&00\ghstwall]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\V1394\NIC1394\90ee28002856\ghstwall]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ghstwall]
"Type"=dword:00000001
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"="\\??\\C:\\WINDOWS\\system32\\drivers\\ghstwall.sys"
"DisplayName"="ghstwall"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ghstwall\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9C,00,00,00,14,00,00,00,30,00,00,00,02,00,1C,00,01,00,\
00,00,02,80,14,00,FF,01,0F,00,01,01,00,00,00,00,00,01,00,00,00,00,02,00,60,\
00,04,00,00,00,00,00,14,00,FD,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,\
00,00,18,00,FF,01,0F,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,00,\
00,14,00,8D,01,02,00,01,01,00,00,00,00,00,05,0B,00,00,00,00,00,18,00,FD,01,\
02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,00,00,00,00,00,\
05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ghstwall]
"ImagePath"="\\??\\C:\\WINDOWS\\system32\\drivers\\ghstwall.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ghstwall\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ghstwall]
"DisplayName"="ghstwall"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ghstwall\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Teefer\ghstwall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ghstwall]
"Type"=dword:00000001
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"="\\??\\C:\\WINDOWS\\system32\\drivers\\ghstwall.sys"
"DisplayName"="ghstwall"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ghstwall\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9C,00,00,00,14,00,00,00,30,00,00,00,02,00,1C,00,01,00,\
00,00,02,80,14,00,FF,01,0F,00,01,01,00,00,00,00,00,01,00,00,00,00,02,00,60,\
00,04,00,00,00,00,00,14,00,FD,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,\
00,00,18,00,FF,01,0F,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,00,\
00,14,00,8D,01,02,00,01,01,00,00,00,00,00,05,0B,00,00,00,00,00,18,00,FD,01,\
02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,00,00,00,00,00,\
05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ghstwall\Enum]
"Count"=dword:00000000
"NextInstance"=dword:00000000
"INITSTARTFAILED"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ghstwall]
"ImagePath"="\\??\\C:\\WINDOWS\\system32\\drivers\\ghstwall.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ghstwall\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ghstwall\Enum]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ghstwall]
"DisplayName"="ghstwall"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ghstwall\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ghstwall\Enum]

Post Reply