sysWoW64

[dan2229]

The last three times I have booted my computer, I have seen something strange appear on the desktop. At first it appeared and disappeared so suddenly I couldn't tell what it was. Then the last several times I boot up, a Dos type window appears with sysWow64 as the window title. There is no text or script that runs in the "black" area of the window, it just disappears.

I did a search and found that several sites are calling it a Trojan. But the Wikipedia site says it is part of the system and cannot be removed. I believe it "is designed to take care of many of the differences between 32-bit Windows and 64-bit Windows, particularly involving structural changes to Windows itself."

Why have I not seen it before?

The last three weeks I have had a popup showup on the desktop that is the same ad over and over, a cop sitting in the car telling me I can save on car insurance. I ran SpyBot and found several malwares. All could be removed except one. I ran it several times with no luck removing it.

It was at this point I began noticing the sysWow64 window.

So I downloaded AdAware and ran it several times. It found nothing.

Why is this happening? Should I be worried?

Thanks, Daniel

 

[goombawaho]

SysWow64 is a legitimate windows process but it could be being used to launch malware.

Try cleaning out temp files with CCleaner or other first.
Run MalwareByte's anti-malware, TDSSKiller, Rogue Killer, Emsisoft Emergency Kit and then you could post a HijackThis log here if you like.

 

[cdogg]

If multiple anti-malware apps aren't able to clean out the system, then I suggest trying to create a new user in Windows. Log in under the new user and see if the problem persists.

There are quite a few annoying malware infections that are just profile specific, meaning they won't cross over. If it works, then just move documents, music, videos, etc. over to the new profile before deleting the old. In fact, you may want to wait a few weeks before deleting the old to make sure you didn't miss anything.



-Carl
"The glass is neither half-full nor half-empty: it's twice as big as it needs to be."

[tab][navy]For this site's posting policies, click [/navy]here.

 

[linney]

Try your Malware scanning from Safe Mode too. This will produce a more thorough scan.

Advanced startup options (including safe mode)

http://windows.microsoft.com/en-US/windows7/Advanced-startup-options-including-safe-mode

You can even scan outside of the Windows Environment if you want.

What is Windows Defender Offline?

http://windows.microsoft.com/en-AU/windows/what-is-windows-defender-offline

I see lots of recommendations here for programs like -

Malwarebytes' Anti-Malware

http://www.malwarebytes.org/products/malwarebytes_free

SuperAntispyware

http://superantispyware.com/

Is this the windows that you are seeing and that is being opened by cmd.exe in C:\Windows\SysWOW64?

See if you can pick up the process that might be opening such a window?

How to perform a clean boot to troubleshoot a problem in Windows Vista, Windows 7, or Windows 8

http://support.microsoft.com/default.aspx/kb/929135

 

[dan2229]

Tried using MalwareByte and TDSKiller, but when they downloaded from CNet, they brought a lot of junk with them. One is 24-7 and another was some PC performance program. I deleted both of the add-ons when I downloaded MalwareByte, and then had to do it again with TDSKiller. What a pain!

So, I went to a System restore instead! It worked for the SysWow64. I do, however, still get a the popup from

http://serve.bannersdontwork.com/serve?size=800x600&ch=search&m=false

It is a cop eating a donut and asking to the user to go to another web site to use a tool that my insurance agent doesn't want me to use. I did not use the link as I feared even more nasty stuff getting on my computer.

I was only able to go back to April 15, 2013 for my Restore. I was hoping to back to January when the computer was clean and working well.

I guess I will have to learn to live with the popup.

Thoughts?

Daniel

 

[linney]

http://www.malwarebytes.org/mbam-download-exe.php

perhaps this is a better link for Malwarebytes' Anti-Malware?

Most new machines come with a recovery partition allowing you to go back to the time of purchase, you will have to check your user guides for instructions. Choosing that path requires you to save all valuable data first.

 

[dan2229]

I have been able to use my computer without seeing the sysWow64 window, but I still get a server.bannersdontwork.com popup especially when I click in a comments box in Facebook.

I have gone through all the programs and removed suspicious programs, One I removed last night was BeFrugal.com. However, when I looked again today, it was in the populated list. The icon for it is still there, but when I try to unistall, I get the message

"File "C:\\Program Files (x86)\Common
Files\BeFrugal.com\Toolbar\unins000.dat" does not exist.
Cannot uninstall.

I do remember removing the toolbar from the browser, but nothing more stands out in my memory.

Thanks,

Daniel

 

[linney]

How to Remove the BeFrugal.com Add-On or Toolbar (Internet Explorer)

http://www.befrugal.com/articles/be...e-the-befrugal-com-toolbar-internet-explorer/

http://www.google.com.au/search?q=B...&ie=&oe=&redir_esc=&ei=HFKcUZ6cMKTxiAen5ICQDQ

How to use Reset Internet Explorer Settings (RIES)

http://support.microsoft.com/kb/923737#appliesto

Internet Explorer add-ons: frequently asked questions

http://windows.microsoft.com/en-us/windows7/Internet-Explorer-add-ons-frequently-asked-questions