Keep getting message to update graphics driver

[Yousuf Khan]

A message keeps popping up in one of my machines in an account running
in the background. It keeps saying, "warning: please update the display
driver and program". It looks like it's coming from Nvidia about the
graphics driver. So I updated to the latest 195.62 WHQL drivers from
Nvidia, the installation went fine, and the drivers are running fine,
but I still get the message! There's nothing newer out there, other than
maybe some beta drivers.

I'm running with an 8600GT video card from Palit.

I found one similar problem, posted on Nvidia's own forums:

Problems with 8800 GS drivers +IE scrolling - NVIDIA Forums
http://forums.nvidia.com/index.php?showtopic=73822

It's about an 8800GS rather than an 8600GT, but it seems rather similar.
But there didn't seem to be any answer to that one.

Yousuf Khan

 

[Lem]

A message keeps popping up in one of my machines in an account running
in the background. It keeps saying, "warning: please update the display
driver and program". It looks like it's coming from Nvidia about the
graphics driver. So I updated to the latest 195.62 WHQL drivers from
Nvidia, the installation went fine, and the drivers are running fine,
but I still get the message! There's nothing newer out there, other than
maybe some beta drivers.

I'm running with an 8600GT video card from Palit.

I found one similar problem, posted on Nvidia's own forums:

Problems with 8800 GS drivers +IE scrolling - NVIDIA Forums
http://forums.nvidia.com/index.php?showtopic=73822

It's about an 8800GS rather than an 8600GT, but it seems rather similar.
But there didn't seem to be any answer to that one.

Yousuf Khan

If the message pops up in a window, try looking in Task Manager the next
time the window opens to determine what application owns the window. If
the message is in a "balloon tip," what notification area icon is it
associated with?

 

[SC Tom]

A message keeps popping up in one of my machines in an account running in
the background. It keeps saying, "warning: please update the display driver
and program". It looks like it's coming from Nvidia about the graphics
driver. So I updated to the latest 195.62 WHQL drivers from Nvidia, the
installation went fine, and the drivers are running fine, but I still get
the message! There's nothing newer out there, other than maybe some beta
drivers.

I'm running with an 8600GT video card from Palit.

I found one similar problem, posted on Nvidia's own forums:

Problems with 8800 GS drivers +IE scrolling - NVIDIA Forums
http://forums.nvidia.com/index.php?showtopic=73822

It's about an 8800GS rather than an 8600GT, but it seems rather similar.
But there didn't seem to be any answer to that one.

Yousuf Khan

I've been using Nvidia video cards and drivers for 10+ years, and I have
never seen a reminder message to update my drivers.

If I were you, I'd scan for malware on the system. Try whatever you have
installed as long as the definitions are up to date. You might also try
MalwareBytes http://www.malwarebytes.org/mbam.php
and SuperAntiSpyware http://www.superantispyware.com/download.html .

 

[Yousuf Khan]

I've been using Nvidia video cards and drivers for 10+ years, and I have
never seen a reminder message to update my drivers.

If I were you, I'd scan for malware on the system. Try whatever you have
installed as long as the definitions are up to date. You might also try
MalwareBytes http://www.malwarebytes.org/mbam.php
and SuperAntiSpyware http://www.superantispyware.com/download.html .

Well, I do already scan with Ad-aware and Spybot S&D, semi-regularly.
Besides, these popups don't fit the profile of malware, as it's not
offering to take me to a website to update my drivers or something like
that.

Yousuf Khan

 

[Yousuf Khan]

If the message pops up in a window, try looking in Task Manager the next
time the window opens to determine what application owns the window. If
the message is in a "balloon tip," what notification area icon is it
associated with?

Good idea, I'll try to remember to do that next time.

It's not a balloon tip style popup, it's a regular dialog box style
popup, and all you can do is to click the "ok" button on it. It does
nothing else.

Yousuf Khan

 

[Peter Foldes]

Yousuf

This is a malware and you should use the 2 following free tools to get rid of it.
Ad-aware and Spybot S&D will NOT do the job on this one

Use the 2 following tools

MalwareBytes http://www.malwarebytes.org/mbam.php
and SuperAntiSpyware http://www.superantispyware.com/download.html .

 

[almostbob]

that prompt and a redirect to a spoofed nvidia.com site dumped into your
hosts file
Zap: youre a spambot

too easy

 

[smlunatick]

Yousuf

This is a malware and you should use the 2 following free tools to get rid of it.
Ad-aware and Spybot S&D will NOT do the job on this one

Use the 2 following tools

MalwareByteshttp://www.malwarebytes.org/mbam.php
and SuperAntiSpywarehttp://www.superantispyware.com/download.html .

--
Peter

Please Reply to Newsgroup for the benefit of others
Requests for assistance by email can not and will not be acknowledged.

This "message" can also from one of the "all in one" driver update
"crappy" tool. These, once install, monitor their own data base and
tell you these type of message when they have any update. These do
not "make sure" that they will work.

These tools might not be listed as "malware" but should be
"outlawed!!!!'

 

[Yousuf Khan]

that prompt and a redirect to a spoofed nvidia.com site dumped into your
hosts file
Zap: youre a spambot

too easy

Good point, I didn't remember that. Sure enough, I went into my hosts
file and saw the following lines inserted:

66.98.148.65 auto.search.msn.com
66.98.148.65 auto.search.msn.es

IP 66.98.148.65 corresponds to a site called ns1.funkstaserver.com.
Looking it up, there seems to be discussions about it being a site
infected with the "WIN.MSSQL.worm.helkern", whatever that is.

Don't know if my aforementioned "update your display drivers" alert
created this, or if it was something else, but obviously I'm starting a
scan with previously suggested tools, right now.

Yousuf Khan

 

[Yousuf Khan]

Yousuf

This is a malware and you should use the 2 following free tools to get
rid of it. Ad-aware and Spybot S&D will NOT do the job on this one

Use the 2 following tools

MalwareBytes http://www.malwarebytes.org/mbam.php
and SuperAntiSpyware http://www.superantispyware.com/download.html .

Okay, I've done that now, Malwarebytes found one which looks like it
might be the culprit. Malwarebytes simply categorized it as a
"Trojan.FakeAlert", and it was a file under the %appdata%\Google folder
called "updovl32.dll".

I'll see if the alert pops up again, otherwise hopefully this fixes it.
I wasn't even thinking along the lines of malware, it looked like a
normal message.

Yousuf Khan

 

[Yousuf Khan]

This "message" can also from one of the "all in one" driver update
"crappy" tool. These, once install, monitor their own data base and
tell you these type of message when they have any update. These do
not "make sure" that they will work.

These tools might not be listed as "malware" but should be
"outlawed!!!!'

Yeah, I once had one of those types of programs installed, called
DriverDetective that I tried for awhile. Didn't really find it too
useful, and then it started asking for registration fees, so I
uninstalled it. But the message looked quite a bit like something like
it, so I thought maybe some piece of it had not been uninstalled. But it
is looking like it may have actually been malware.

Yousuf Khan

 

[YKhan]

This "message" can also from one of the "all in one" driverupdate
"crappy" tool.  These, once install, monitor their own data base and
tell you these type of message when they have anyupdate.  These do
not "make sure" that they will work.

These tools might not be listed as "malware" but should be
"outlawed!!!!'

Looks like you win the prize on this one. Finally tracked down the
program and found out what it is. The program that is giving this
message is called Tbpanel.exe which is part of a package called
VDOtools, which is provided by Palit Corporations as part of their
Nvidia driver installation program. I had long since migrated over to
the reference drivers from Nvidia, but this part of the original Palit
drivers. I uninstalled the VDOtools package. Here's the description:

http://www.liutilities.com/products/wintaskspro/processlibrary/tbpanel/

Yousuf Khan

 

[YKhan]

Okay, I've done that now, Malwarebytes found one which looks like it
might be the culprit. Malwarebytes simply categorized it as a
"Trojan.FakeAlert", and it was a file under the %appdata%\Google folder
called "updovl32.dll".

I'll see if the alert pops up again, otherwise hopefully this fixes it.
I wasn't even thinking along the lines of malware, it looked like a
normal message.

        Yousuf Khan

Well, it turned out that this wasn't part of a malware program, it was
just an old OEM video driver installation program that was giving this
message. However accidentally, the anti-malware programs did find a
real live malware app sitting on the disk, so there was a side benefit
to this hunt.

Yousuf Khan