i caught you out TweaksRUS!

[skool h8r]

hi all,
i've found something which i'm quite concerned about that seems may have affected a lot of people here. When i was scanning my system with ad-aware, i found something (see the attached image). Now i don't know how or why, but XG appear to have been putting ServerLogic.Hyperlinker adware into their drivers! The proof is in the picture my friends.

Any thoughts on this my friends?

[Favu]

Thats on the murky side of uncool

[Gizmo]

Which version of drivers? Also, have you tried another malware tool like SpyBot to see what it says? Before we go jumping to conclusions here, let's get all of the facts.

[Pitch]

Which driver version?

[Samuknow]

FYI

Threat risk: Low Risk
Low risk threats should not harm your machine or compromise your privacy and security unless they have been installed without your knowledge and consent. A low risk threat may be a program, network tool, or system utility that you knowingly and deliberately installed and that you wish to keep. Although some low risk programs may track online habits -- as provided for in a privacy policy or End User License Agreement (EULA) -- or display advertising within the applications themselves, these programs have only vague, minimal or negligible effects on your privacy. Low risk threats may also be cookies, which can be used to track your online activities, though without identifying you personally.

Description: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.

[Pitch]

A scan of the same folder with the lastest version on Adaware and the lastest driver versions.

I can find nothing wrong.

[Gizmo]

Pitch, are those the nVidia drivers, or the XG drivers?

[Pitch]

XG.

The path scanned was C:\nVidia Forceware\XTreme-G 91.28.v2

[skool h8r]

These are, although old, could still be in the newer releases, the 77.76 XG drivers.

[Pitch]

Downloading and Scanning now.

[skool h8r]

I did think it was a bit strange that XG's would be like this. I'm not saying it's on purpose, but i've got to assume that.

[Áedán]

I suspect that AdAware's signature matching on uninst.exe might be a little out... Unless someone can prove otherwise that is.

[Pitch]

Adaware shows the file as infected, Spybot however registers it clean. I think Áedán is right.

[Gizmo]

Quote:

Originally Posted by skool h8r

I did think it was a bit strange that XG's would be like this. I'm not saying it's on purpose, but i've got to assume that.

When dealing with malware and spyware, it is never safe to assume anything.

In this particular case, I am suspicious that you are infected by a piece of spyware that is hiding itself as an uninstaller. I have scanned the 91.31 drivers (both XG and nVidia) and there is no uninst.exe file contained in either of them. The XG packager DOES contain a file called uninst0001.exe, but it appears to be benign.

[Gizmo]

He's got the ServerLogic.HyperLink spyware installed, or has had it installed; if you look at the report, AdAware shows that the registry entry is there. The question we need to answer is, did it come from the drivers or something else?

[Pitch]

Worth noting is that although the file is idendified as infected by Adaware, it's not showing my system as being infected.

[Gizmo]

Quote:

Originally Posted by Pitch

Adaware shows the file as infected, Spybot however registers it clean. I think Áedán is right.

Oh really?!

You've got the uninst.exe file?