I am convinced that some viral / spyware is knocking on my door. This morning, Monday, January 28th, 2008, I came in to my office and my machine had been logged in all weekend (Locked, of course). Well, well, well, what did we have here: TWO instances of “WINSYSLDR.EXE” on my desktop.
Sigh. Well, at least I’m able to gather additional information about this very possible threat. First, I noticed that the icon for it in the taskbar are the icon for Folders, as shown in this image:
Second, in the Windows Task Manager, under the “Applications” tag, are two ACTUAL EXECUTABLE APPS, blatantly shown on the task manager. Note, people: A legitimate error message popped up by a legitimate application will NOT show up as a unique APPLICATION.
Thirdly: Under “Processes”, I now see a Process called “System”,
PEOPLE, THERE IS NO LEGITIMATE PROCESS CALLED “SYSTEM”.
No doubt my system is infected, after googling “winsysldr.exe”. as of last week, this very blog is the #1 hit; but many more hits have been added under some lesser-known virus pages; something called “SaliarAR”. I’ve never heard of it.
I don’t even trust THOSE sites, though. I must get to the BOTTOM of which EXECUTABLE this shit is running under!! How can I possibly do this? While searching for the answer, Noel suggested that I head over to Spybot Search & Destroy, install it, run it, love it. Well… I didn’t wanna admit defeat, but as I scanned the impossibly long list of services running on my machine, trying to locate WHAT EXE was actually SPAWNING these dialogues,
A NEW MESSAGE APPEARED RIGHT BEFORE MY EYES.
And sure enough, showed up as “Critical error occured”. SPELLING ERROR! BLATANT SIGN OF ADWARE/SPYWARE! Some foreigner obviously cooked up this malicious bullshit. (Can you tell i’m getting impatient?) Yeah, yeah… I could reinstall everything and be done with it, but that wouldn’t be very fun, now, would it?
I wonder if they have a keylogger installed and are, at this very moment, watching me type in this Blog update.
“Critical error occured.exe”? RIIIIiiight. Downloaded & installed SBS&D immediately. It’s running a scan now… it’s gonna take a while, so I’ll post this up on teh innernets for immediate consumption.
I’ve been hit with this as well and it seems like its just you and I. Have you learned anymore? I’m getting a critical system error popup that seems to be fake because it prompts me to download SalairAR’s scanner.
-V