Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

nwiz.exe - Virus or not?


  • Please log in to reply
5 replies to this topic

#1 Eric RBA

Eric RBA

  • Members
  • 252 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:State College, PA
  • Local time:01:21 AM

Posted 16 February 2009 - 10:16 PM

I have an Nvidia video card, but how do I know if the nwiz.exe process is related to that or is a virus?
I would never ask a person to do something that I wouldn't do myself.

BC AdBot (Login to Remove)

 


#2 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 35,775 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:11:21 PM

Posted 16 February 2009 - 10:43 PM

It could be valid, or it could be a worm. You need to research what path the executable has to determine if it is valid entry or not. As well as run some malware scans if in doubt, to the validity.

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+

#3 Eric RBA

Eric RBA
  • Topic Starter

  • Members
  • 252 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:State College, PA
  • Local time:01:21 AM

Posted 25 February 2009 - 10:29 AM

Thanks for the help. I already know that it could potentially be valid, I just am not sure how I can determine the validity based on the path. Do you know what I would need to look for when I trace it?
I would never ask a person to do something that I wouldn't do myself.

#4 FiOS Dan

FiOS Dan

  • Members
  • 80 posts
  • OFFLINE
  •  
  • Location:Redondo Beach, CA
  • Local time:10:21 PM

Posted 25 February 2009 - 11:29 PM

1) Right-click on the file and scan it with your AV and AS.

2) Upload the file to VirusTotal for a scan at http://www.virustotal.com/.
Courage is being scared to death but saddling up anyway.

#5 tg1911

tg1911

    Lord Spam Magnet


  • Members
  • 19,274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SW Louisiana
  • Local time:12:21 AM

Posted 26 February 2009 - 01:30 AM

If it's located in the System folder, for your particular Operating System, then it is a legitimate file:

C:\Windows\System - Windows 95/98/ME
C:\Winnt\System32 - Windows NT/2000
C:\Windows\System32 - Windows XP and Vista

If it's located anywhere else, it's likely an infection.
MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook

#6 Eric RBA

Eric RBA
  • Topic Starter

  • Members
  • 252 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:State College, PA
  • Local time:01:21 AM

Posted 26 February 2009 - 08:42 AM

Thanks guys, I appreciate the tips. I'll give em' a try.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users