OK, so, here’s an update on the strange pop-ups.
When googling these problems, the immediate response was no hits. Then, suddenly, this blog appeared; as well as multiple hits from a company called “Saliar.com”. They claim to be a big important professional organization with some anti-malware software, complete with testimonials from such individuals as “Alferd”, and “Fritz”.
They claim to have been in business for years, yet the domain saliar.com was recently registered in September:
http://www.networksolutions.com/whois/results.jsp?domain=saliar.com
…But check this out. in the Google GROUPS forums, which are actually Usenet posts, some individual named “dodo” posts that they are having the same messages as I have experienced. Then, within 15 minutes, somebody else, FROM THE SAME IP, posts a response, “Yeah, you have malware, you need this program from saliar.com”.
Right. It seems as though the conspiracy theory might be correct after all. In fact, right in the posts, it is revealed by other posters that it’s obviously a “Spammer” (as they called him).
The thing is, this guy / group of individuals are probably in Russia, and not in the cubicle next to me so that I can strangle them. I don’t know how much trouble it’s worth to go after them. Probably not worth it.
It’s only a matter of time before it is revealed by those more skilled than I, how these pop-ups are generated. It’s a very imbedded, well hidden method; I’ll give it that. But ultimately, it is made of 100% FAIL.
I’ve encountered the same Virus(?) with this message popping at the start, everytime the computer is turned on.
Important: Errors found in the system. During the scan .. (and bunch of numbers and letters) SYSVER NT_Kernel error 1276 (exception not handled)
I was a bit puzzled by the bad English on this comment, too.
Every now and then, (just now) IE7Explorer? or something to that effect pops up asking to click “ok”.
What the heck is this!?
I tried re-installing my Windows XP Home edition CD-ROM but didn’t that didn’t cure anything. As you mentioned that it has something to do with the Internet Explorer program, I’m thinking of deleting every program that I think may be suspicious and hoping the reinstalling of the Windows CD-ROM might help. However, I’m afraid that everytime I do the long and tedious process of installing, nothing really seem to change including my screen wall-paper image, or the files and programs previous on the desktop screen.
I’m going to continue trying to figure out a way to get rid of this thing!
Hello Tung Sai,
Try to shot down explorer in task manager. After run explorer again in task manager (file/new task), and popup will appear immediately. The virus is in the explorer.exe (com?), or I dont know, what will run together explorer, when start it.
Gabor
SO i have been following your saga and it seems I am having the same issues. The only variation is that my initial error message window states “DBULIGMA.EXE” rather than “WINSYSLDR.EXE†I have thrown every spyware and AV application at the problem.
This is obviously some spyware/removal software scam.
I believe I have traced the culprit file down to “VSRJAVA.DLL” locate @ c:\windows\msagent\chars\”
The dll is tied to winlogin so it is very difficult to unload and remove. After removing all the registry entries they magically appear after a reboot.
I have just turned up zonealarm to see if this this is trying to phone home.
Please keep us updated with your saga and I will do the same
I have your same problem… amazing. I’ve tried to search some solution using google but the only answers I’ve found are these posts in google groups and your blog.
I’ve done a complete scan with
AVG: nothing.
ad-aware: nothing.
hijackthis: nothing.
anyway,
“It seems as though the conspiracy theory might be correct after all.”
I think so.
keep me informed.
Hi there.
I’ve been getting exactly the same shit, over the last month or two. The first few were “MS Heath Agent” recommending I install SaliarAR – googling only brought up their site and a couple of dubious download pages. Next were a few of the division by zero ones you mentioned. Then I got something claiming I had a specific trojan – of course the only places I could find a reference to this trojan were “SaliarAR now detects…” posts. Then I got some similar to the last few you mentioned.
Deleted a few suspect registry keys and immediately got a ballon tip with a kitchen sinkload of junk about how my computer was unstable and full of virii and the registry was trashed. So I click it thinking maybe it’ll run a process I can spot, and all it does is download SaliarARScannerAF05.exe through my browser.
For such an agressive “advertising” campaign there’s nothing on Google. I’m so glad I found your blog : )
Since I’ve been typing I’ve had another “critical” baloon tip. Someone will die for this.
Sorry for the double post. I’m getting increasingly paranoid so I did a whois on your domain, as well as saliar.com. networksolutions.com worked but my usual first try, whois.net, told me I’d “exceeded my IPs 100 query per day limit.”
Could be totally coincidental (there are a couple of other boxes on my IP) but if you have the same problem I think we should both be worried.
If you don’t mind, I’m going to link your blog from my PR4 site. The top hit when googling Saliar is PR0, according to the toolbar at least, so we should get on top with any luck. I really want to fuck these guys up. I’m also reporting their site for false whois info, which could get it pulled if we’re lucky.
Any more ideas?
I got hit with this too and its rather annoying. It’s non-existent on google, the only thing that comes up is SalairAR’s downloads.