So, I log on, boot up, and two pop-ups appear on my desktop. The first one is UltraMon.exe crashing. Probably / Maybe legitimate; Ultramon is the program I use to control my Awesome Triple Monitor setup. But the Other, Oh, the OTHER message…. Well, have a look:
SysFader: IE7XPLORER.EXE – Application Fatal Error
The instruction at 0x0f634739 referenced memory at 0x03ac4e50. The memory could not be read. Click on OK to terminate
[ OK ]
Now, although SysFader is a legitimate thing that I’ve heard of (It’s what windows uses to make your background fade to dark greyscale when logging out, etc.), The executable “IE7XPLORER.EXE” does *not* exist. And even if it were a legitimate IE7, I DID NOT LAUNCH it. Nor was it in my startup. So, why would sysfader / IE7 get an “Application Fatal Error”? Answer: IT WON’T.
Note: This message ALSO appeared as a little warning bubble in the SysTray, you know, those
For laughs, I googled “IE7XPLORER.EXE”…
DUH! Big surprise there. Still… it’s amazing that NO HITS occurred. (By the time you read this, Google will have already picked up my Blog.)
Also interesting of note is that no other antivirus companies other than the one mentioned yesterday (SaliarAR) have identified it. It reminds me of the ages old theory about how Antivirus companies would create the viruses, release them into the wild, and then, Voila! Here’s a cure… for $60! Not that I’m accusing this SaliarAR of doing such things… but it just reminds me of that old joke / conspiracy theory.
Since this occurred at boot-up, Noel suggested I try this program called RunAnalyzer, available from the folks who do Spybot Search & Destroy. I downloaded it, installed it, and it appears to be taking a while. I’ll take this opportunity to post this page, for the benefit of White Hatted Admins.
I would like you to know that I have the same problem.
Some weeks ago, I received these pop-ups to download ‘SaliarAR[…].exe’ Now, I’m receiving both the error you refer to and and pop-up in the traybar every now and then miming the security alerts from the Windows XP security center. If I click it, I get to be asked to download this ‘SaliarAR[…].exe’.
I feel my whole system is compromised, because after having AVG (root-kit, anti-virus and anti-spyware free) ran, nothing was found.
And then I tried to run Spybot-SD. The process run at 99% of the CPU and it didn’t open. I uninstalled it and installed it again, and it run, but I guess the Spybot process was altered so that it acts like a dummy program.
Now, I’m sending this message from Linux (I have dual-boot).
Shouldn’t we make a complaint to http://www.saliar.com?
Maybe send this to the FBI?
Actually…I WILL go so far as to accuse Saliar of malicious intent. Ever since I scanned with it, I have had the same problem as yours as well as a DBULIGMA.exe error and the only place they point back to is Saliar. I have not been able to get my system clean.
I am in the same boat as you I have also tried to use windows process checker of tye Spy type to see if I could see which process is launching these error popups. I am also getting a shorcut on my desktop that keeps recreating itself even though I delete it. And while I can’t swear to it. The trojan is specifically created to get me to install SaliarAR. Is there something specific that you installed recently? Or something that you have installed that I might also have installed. For instance are you running yahoo widgets? Or do you have snagit installed? Anything you can think of, let me know.
Well, I guess I’m not the only person on the planet having the same issues with this so-called Saliar.com mess. I noticed it on my pc right after downloading the latest version of itunes. I have my desktop setup with no icons on ( it distracts from the wallpapeer, LOL ). I noticed an icon for help and support center. When I clicked on propterties, I noticed it had an address for Saliar.com. So I put the address in another browser and found out the this site was supposedly for this virus scanner. I then noticed my pc acting real slow and got a popup with windows security shield about having buggy programs. I am also getting warning messages about services stopping, fatal errors etc. Of course Windows event nothing wrong. I checked on that osca.dll file but dont have that; I do have a file called fciusrhd.exe with the windows security shield icon. And surprise surpise, it has the same date that all this started as its creation date. I use Trend- Micro Pc-cillin and sent them the file to look at… no answer yet of course. My partner has been after me to format and install windows again. I dont want to do that, but may have to. Incidently, on my pc, after getting the so-called Winlogon.exe error message, i left it up amd did not click the ok button. So far, its been 2 hours and no more bogus error messages. Maybe it can only do one at a time. I would really like to get my hands on this person.