Author Topic: AVAST & NVIDIA  (Read 3226 times)

0 Members and 1 Guest are viewing this topic.

Offline guiton2002

  • Newbie
  • *
  • Posts: 3
AVAST & NVIDIA
« on: January 12, 2006, 06:53:53 PM »
My firewall gave me the following message :
Application Hijacking has been detected
The application: C:\WINDOWS\system32\nwiz.exe  try to launch another application: C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

Of course, I refused. What is the problem ?

Thanks

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 83781
  • No support PMs thanks
Re: AVAST & NVIDIA
« Reply #1 on: January 12, 2006, 07:28:09 PM »
What is your firewall?

I think this is some kind of foul-up, I can't see how this element of nvidia could launch avast's update process. However if nvidia's nwiz.exe was somehow establishing an internet connection then aswUpdSv.exe wight simply be checking for the presence of an internet connection at that time.

What were you ding when the warning was displayed?

I would think this is a one off, so just keep an eye on it and if it becomes a frequent occurrence it would warrant further investigation.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 2004 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.7.2425 (build 20.7.5568.598) UI-1.0.558/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro

Offline guiton2002

  • Newbie
  • *
  • Posts: 3
Re: AVAST & NVIDIA
« Reply #2 on: January 12, 2006, 08:17:38 PM »
Thanks for your answer and I am agree with you.

My firewall is Sygate, when I read the message I blocked the program to avoid it to connect to internet.

What do you mean by "foul-up" ?

Offline don1p2

  • Newbie
  • *
  • Posts: 10
  • I'm NOT a llama!
Re: AVAST & NVIDIA
« Reply #3 on: January 12, 2006, 08:30:02 PM »
Please be advised that nwiz.exe can also be a virus (Gaobot) disguised as a legitimate Nvida process. The same naming is done of course in an attempt to trick the user into thinking this is wanted process.

http://www.auditmypc.com/process/nwiz.asp

Gaobot can copy itself as your system folder as nwiz.exe
and may add "Norton Wizzard"="nwiz.exe" to these registry keys:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.zx.html

Just a little "HeadsUp" to be careful when dealing with nwiz.exe..




XP-SP2   avast!   BitDefender8   Jetico   Spybot S+D   Spy Sweeper   SiteAdvisor   IE-Spyad   MVP Hosts   Adaware SE   Ewido   SpywareBlaster

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 83781
  • No support PMs thanks
Re: AVAST & NVIDIA
« Reply #4 on: January 12, 2006, 11:36:32 PM »
My firewall is Sygate, when I read the message I blocked the program to avoid it to connect to internet.

What do you mean by "foul-up" ?

By foul-up I mean the firewall has incorrectly identified or detected an action, it happens occasionally.

Having said that Sygate does have a problem identifying programs that use localhost proxy, it only see the proxy not the program using the proxy. This is well reported in these forums.

Sygate has now been bought out by Symantec and is/has being/been discontinued, now would seem to be a good time to look for an alternative firewall.

I too have an nvidia graphics card and it has nwiz.exe in the system32 folder. I would like to hope that avast would detect the gaobot or agobot infection.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 2004 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.7.2425 (build 20.7.5568.598) UI-1.0.558/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro

Offline guiton2002

  • Newbie
  • *
  • Posts: 3
Re: AVAST & NVIDIA
« Reply #5 on: January 13, 2006, 07:04:02 AM »
I download and launch the gaobot and agobot symantec fixtool and nothing was found. What is your idea for an alternative firewall ?

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 83781
  • No support PMs thanks
Re: AVAST & NVIDIA
« Reply #6 on: January 13, 2006, 01:07:39 PM »
Depends on how you are with rule based or application based firewalls. Zone Alarm free is application based and has a friendly user interface. I use Outpost Pro (paid) which can be both Rule and Application based. Kerio and comodo are two others commonly used by members of the forums. a google search for freeware firewall should produce more.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 2004 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.7.2425 (build 20.7.5568.598) UI-1.0.558/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro