Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: guiton2002 on January 12, 2006, 06:53:53 PM

Title: AVAST & NVIDIA
Post by: guiton2002 on January 12, 2006, 06:53:53 PM
My firewall gave me the following message :
Application Hijacking has been detected
The application: C:\WINDOWS\system32\nwiz.exe  try to launch another application: C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

Of course, I refused. What is the problem ?

Thanks
Title: Re: AVAST & NVIDIA
Post by: DavidR on January 12, 2006, 07:28:09 PM
What is your firewall?

I think this is some kind of foul-up, I can't see how this element of nvidia could launch avast's update process. However if nvidia's nwiz.exe was somehow establishing an internet connection then aswUpdSv.exe wight simply be checking for the presence of an internet connection at that time.

What were you ding when the warning was displayed?

I would think this is a one off, so just keep an eye on it and if it becomes a frequent occurrence it would warrant further investigation.
Title: Re: AVAST & NVIDIA
Post by: guiton2002 on January 12, 2006, 08:17:38 PM
Thanks for your answer and I am agree with you.

My firewall is Sygate, when I read the message I blocked the program to avoid it to connect to internet.

What do you mean by "foul-up" ?
Title: Re: AVAST & NVIDIA
Post by: don1p2 on January 12, 2006, 08:30:02 PM
Please be advised that nwiz.exe can also be a virus (Gaobot) disguised as a legitimate Nvida process. The same naming is done of course in an attempt to trick the user into thinking this is wanted process.

http://www.auditmypc.com/process/nwiz.asp

Gaobot can copy itself as your system folder as nwiz.exe
and may add "Norton Wizzard"="nwiz.exe" to these registry keys:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.zx.html

Just a little "HeadsUp" to be careful when dealing with nwiz.exe..




Title: Re: AVAST & NVIDIA
Post by: DavidR on January 12, 2006, 11:36:32 PM
My firewall is Sygate, when I read the message I blocked the program to avoid it to connect to internet.

What do you mean by "foul-up" ?

By foul-up I mean the firewall has incorrectly identified or detected an action, it happens occasionally.

Having said that Sygate does have a problem identifying programs that use localhost proxy, it only see the proxy not the program using the proxy. This is well reported in these forums.

Sygate has now been bought out by Symantec and is/has being/been discontinued, now would seem to be a good time to look for an alternative firewall.

I too have an nvidia graphics card and it has nwiz.exe in the system32 folder. I would like to hope that avast would detect the gaobot or agobot infection.
Title: Re: AVAST & NVIDIA
Post by: guiton2002 on January 13, 2006, 07:04:02 AM
I download and launch the gaobot and agobot symantec fixtool and nothing was found. What is your idea for an alternative firewall ?
Title: Re: AVAST & NVIDIA
Post by: DavidR on January 13, 2006, 01:07:39 PM
Depends on how you are with rule based or application based firewalls. Zone Alarm free is application based and has a friendly user interface. I use Outpost Pro (paid) which can be both Rule and Application based. Kerio and comodo are two others commonly used by members of the forums. a google search for freeware firewall should produce more.