Today my XP machine popped up with the following dialogue box:
WINSYSLDR.EXE
Unhandled exception in WINSYSLDR.EXE (0xCD003592) Division by zero.
Not knowing if it was a malicious thing, i.e., a fake pop-up box where if you click “OK” you’re actually launching some evil virus, I Googled WINSYSLDR.EXE. and got…
NOTHING.
Yes, that’s right- the Internet has NO knowledge of WINSYSLDR.EXE. Now, everybody knows that a Division by Zero error can happen from time to time if an application is written poorly. This pop-up dialogue box has all the marks of a legitimate error message… EXCEPT for the fact that nobody in the world ever seems to have heard of WINSYSLDR.EXE. That is impossible.
My next step to investigate this strange error is, obviously, to search my system for WINSYSLDR.EXE. It took a while, since I run a very bloated XP machine, loaded with crap, including drivers & extra programs for my Triple Monitor Setup. But, sadly, the little puppy found nothing. NOTHING!! The file does not EXIST on my machine!
Luckily, the dialogue was still on my desktop, so I used a little trick to find out exactly what process was feeding the dialogue box. By pressing CTRL+ALT+DEL, I brought up the Task Manager and sort by CPU. Then I drag the dialogue around the screen quickly by the title bar, and watch for some process to start taking more CPU power. The only process I could see that was accelerating when I did that was my “UltraMonTaskbar.exe”. I killed it, and the pop-up remained. Perhaps it was just too small to register on the top of the task list, but at this point I had to move on to other things and so I just “X”‘ed the dialogue, rebooted, and posted this blog.
shrug….
I work in IT and some of these winsysldr.exe windows popped up today on a workstation. I googled it and found this page. I ran a hijack this and found:
O2 – BHO: (no name) – {6B2432DA-E58D-4C9A-AE60-7C856A4E903F} – C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\lzole.dll
O20 – Winlogon Notify: lzole – C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\lzole.dll
I’m removing these now as they also don’t yield any google results for lzole.dll
I’m not sure what we are dealing with here. Its very mysterious…
I’ll post again if I get more popups.
It is good to see i am not alone. I am having very similar issues
here are some of the pop ups i have been getting:
SysFader: IE7XPLORER.EXE
Your system is unstable. a problem has been detected and windows has been shut down buggy application to prevent dmage to your computer (and yes it is worded like that) It also references COM port 1
Instead on the WINSYSLDR i am getting a DBULIGMA.EXE with the same message attached. This also shows up ONLY on Saliar.com.
Important – Errors found in the system. During scon of files which are start automatically at computer startup, a critical errors in system registry were found. and then there are som error codes.
i have been on the phone with Symantec for hours now and they also believe this to be a new virus. I just submitted new virus documentation to them in hopes that they can use there vase tresources to get rid of this thing.