Author Topic: AVAST & NVIDIA  (Read 4518 times)

0 Members and 1 Guest are viewing this topic.

guiton2002

  • Guest
AVAST & NVIDIA
« on: January 12, 2006, 06:53:53 PM »
My firewall gave me the following message :
Application Hijacking has been detected
The application: C:\WINDOWS\system32\nwiz.exe  try to launch another application: C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

Of course, I refused. What is the problem ?

Thanks

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88900
  • No support PMs thanks
Re: AVAST & NVIDIA
« Reply #1 on: January 12, 2006, 07:28:09 PM »
What is your firewall?

I think this is some kind of foul-up, I can't see how this element of nvidia could launch avast's update process. However if nvidia's nwiz.exe was somehow establishing an internet connection then aswUpdSv.exe wight simply be checking for the presence of an internet connection at that time.

What were you ding when the warning was displayed?

I would think this is a one off, so just keep an eye on it and if it becomes a frequent occurrence it would warrant further investigation.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

guiton2002

  • Guest
Re: AVAST & NVIDIA
« Reply #2 on: January 12, 2006, 08:17:38 PM »
Thanks for your answer and I am agree with you.

My firewall is Sygate, when I read the message I blocked the program to avoid it to connect to internet.

What do you mean by "foul-up" ?

don1p2

  • Guest
Re: AVAST & NVIDIA
« Reply #3 on: January 12, 2006, 08:30:02 PM »
Please be advised that nwiz.exe can also be a virus (Gaobot) disguised as a legitimate Nvida process. The same naming is done of course in an attempt to trick the user into thinking this is wanted process.

http://www.auditmypc.com/process/nwiz.asp

Gaobot can copy itself as your system folder as nwiz.exe
and may add "Norton Wizzard"="nwiz.exe" to these registry keys:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.zx.html

Just a little "HeadsUp" to be careful when dealing with nwiz.exe..





Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88900
  • No support PMs thanks
Re: AVAST & NVIDIA
« Reply #4 on: January 12, 2006, 11:36:32 PM »
My firewall is Sygate, when I read the message I blocked the program to avoid it to connect to internet.

What do you mean by "foul-up" ?

By foul-up I mean the firewall has incorrectly identified or detected an action, it happens occasionally.

Having said that Sygate does have a problem identifying programs that use localhost proxy, it only see the proxy not the program using the proxy. This is well reported in these forums.

Sygate has now been bought out by Symantec and is/has being/been discontinued, now would seem to be a good time to look for an alternative firewall.

I too have an nvidia graphics card and it has nwiz.exe in the system32 folder. I would like to hope that avast would detect the gaobot or agobot infection.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

guiton2002

  • Guest
Re: AVAST & NVIDIA
« Reply #5 on: January 13, 2006, 07:04:02 AM »
I download and launch the gaobot and agobot symantec fixtool and nothing was found. What is your idea for an alternative firewall ?

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88900
  • No support PMs thanks
Re: AVAST & NVIDIA
« Reply #6 on: January 13, 2006, 01:07:39 PM »
Depends on how you are with rule based or application based firewalls. Zone Alarm free is application based and has a friendly user interface. I use Outpost Pro (paid) which can be both Rule and Application based. Kerio and comodo are two others commonly used by members of the forums. a google search for freeware firewall should produce more.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security