Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Asdf.exe And More Problems


  • Please log in to reply
9 replies to this topic

#1 livelychati

livelychati

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:51 PM

Posted 18 December 2006 - 02:39 PM

Hello everyone,

I'm new here, and I'm new to problems of this sort. I've had a virus on my computer only once before - about a year ago. Any help will be much appreciated!

Now, just looking through my Windows explorer in order to determine the size of some files I noticed two things that I never saw before (both on C:\):
1 - an executable file asdf.exe with a creation date of Nov. 14, 2006 and
2 - a file-folder that contained one text file only, but quite large for a txt file - 284kb. Both the txt file and the folder it's in are named 43f01b56c3a4b5becc7eb561 with the creadtion date of No. 17, 2006. I read that the asdf thingie is actually a virus, but when I right-clicked on it and chose "scan with Norton" it returned a clean bill - no virus!!! The same with the funny-name file folder and the txt file. I do believe both are "evil entities" and my first instinct was just to delete them. However, I thought better of it and decided to get help first.

3 - In addition, when turning off the computer the following happens: as it is preparing to shut off, the computer gives a warning "shutting down the ... program" for which I didn't even know existed. One is identified as ccApp, the other one only as -sw

4 - Another problem that appeared a few days ago: in the taskbar used to have little visual "dividers" between shortcuts to programs, and icons for open programs and it disappeared ....

and finally,
5 - my laptop has slowed down to a crawl! It takes forever to boot up, and when it does it takes additional time to load Norton. All in all, I wait about 5 minutes before it's fully booted and loaded. My start menu is pretty slim so it shouldn't affect the speed of booting up the computer. The laptop is 4 years old and it's loaded with just 12% of free space, and I know that will slow it up, but it's been like that for a year now and it hasn't been THIS slow.

OK, I know this is a lot of questions - but all these things happened in short succession. Please help any way you can. Thanks a million.

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,122 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:51 PM

Posted 18 December 2006 - 02:47 PM

Anytime you come across a suspicious file for which you cannot find any information about, you can submit it to jotti's virusscan or virustotal.com.
In the "File to upload & scan" box, browse to the location of the suspicious file and submit [upload] it for scanning/analysis.
Then post back with the results of the file analysis.

You can also download and use Process Explorer to investigate all processes and gather additional information to identify and resolve problems. This tool will show the process CPU useage, a description and its path.

Although Norton is as good as any other well known anti-virus program, it is known to be a resource hog that slows down your system especially if on dial-up or if installed on older systems without much RAM/slow CPU. NAV requires numerous services and running processes that use a lot of memory. Further Norton products can be difficult to remove.

You may want to consider a replacing Norton with another anti-virus program.
See BC's List of Virus & Malware Resources.
See BC's Freeware Replacements For Common Commercial Apps.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 livelychati

livelychati
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:51 PM

Posted 18 December 2006 - 02:52 PM

Thanks. I will do as advised and post back. :thumbsup:

#4 gdhopcroft

gdhopcroft

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Location:Beacon Hill, Sydney, New Soth Wales
  • Local time:05:51 AM

Posted 18 December 2006 - 03:13 PM

Hope some of this stuff may help too.

I'm new here, and I'm new to problems of this sort. I've had a virus on my computer only once before - about a year ago.

Now, just looking through my Windows explorer in order to determine the size of some files I noticed two things that I never saw before (both on C:\):
1 - an executable file asdf.exe with a creation date of Nov. 14, 2006 and
2 - a file-folder that contained one text file only, but quite large for a txt file - 284kb. Both the txt file and the folder it's in are named 43f01b56c3a4b5becc7eb561 with the creadtion date of No. 17, 2006. I read that the asdf thingie is actually a virus, but when I right-clicked on it and chose "scan with Norton" it returned a clean bill - no virus!!! The same with the funny-name file folder and the txt file. I do believe both are "evil entities" and my first instinct was just to delete them. However, I thought better of it and decided to get help first.

This is what BillPstudios' WinPatrol PLUS has to say about it:

Virus Alert ASDF.EXE

Asdf.exe will be found in your c:\ root folder. This yet-to-be named downloader Trojan will download and install other malicious files. Some report that it installed files called 1.exe and w.exe while others report that WinFixer was installed. This file may take advantage of a vulnerability in older version of the Firefox web browser.

We'd recommend removing this file using WinPatrol. First, kill it under Active Tasks then remove it from your Startup Programs. If running WinPatrol 8.x or later, right click the file then select Delete file on Reboot. We'd also recommend a full system scan with an up to date antivirus program.

Hope that might help you to decide what to do with it.

3 - In addition, when turning off the computer the following happens: as it is preparing to shut off, the computer gives a warning "shutting down the ... program" for which I didn't even know existed. One is identified as ccApp, the other one only as -sw

ccApp is Norton's normal Auto-Protect; I wouldn't delete that. :inlove: :thumbsup:

Looking at the stuff Bill P says, the other one might have something to do with asdf.exe, perhaps?

4 - Another problem that appeared a few days ago: in the taskbar used to have little visual "dividers" between shortcuts to programs, and icons for open programs and it disappeared ....

Sounds like you, or something else, has "locked" the Taskbar. Unlock it again, and you should have the little "dividers" back again (right click on the Taskbar and untick Lock the Taskbar).

and finally,
5 - my laptop has slowed down to a crawl! It takes forever to boot up, and when it does it takes additional time to load Norton. All in all, I wait about 5 minutes before it's fully booted and loaded. My start menu is pretty slim so it shouldn't affect the speed of booting up the computer. The laptop is 4 years old and it's loaded with just 12% of free space, and I know that will slow it up, but it's been like that for a year now and it hasn't been THIS slow. :flowers:

Quite likely associated with asdf.exe; if you can clear that up, hopefully you'll be back to normal operations, I'd guess.

OK, I know this is a lot of questions - but all these things happened in short succession. Please help any way you can. Thanks a million. :huh:

Leave the million on top of the fridge!!! :trumpet:
Graeme -- Beacon Hill, Sydney, NSW, Australia
Board Admin:
Calendar of Updates Forums & Calendar

Remember: Security Software must be kept current to be of any use!!!

Quis custodiet ipsos Custodes???

Like software code, I just ain't perfect ... but we both sure oughta be!!!

We have NO plan ... so, nothing can POSSIBLY go wrong!!!
After things go from bad to worse, the cycle will immediately repeat itself!!!

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,122 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:51 PM

Posted 18 December 2006 - 03:39 PM

From my research, asdf.exe is trojan related. I want livelychati to submit it for analysis so I can see what anti-virus programs are currently detecting it and what they are detecting it as. Knowing more about a piece a malware helps you determine the best way to remove it and keep from getting re-infected again.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 gdhopcroft

gdhopcroft

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Location:Beacon Hill, Sydney, New Soth Wales
  • Local time:05:51 AM

Posted 18 December 2006 - 04:01 PM

From my research, asdf.exe is trojan-related. I want livelychati to submit it for analysis so I can see what anti-virus programs are currently detecting it and what they are detecting it as. Knowing more about a piece of malware helps you determine the best way to remove it and keep from getting re-infected again.

Yes, of course.

Thanks. I will do as advised and post back. :thumbsup:

Which, of course, he/she is currently off doing.

My comments aren't intended to negate that, merely to suggest some things that may prove helpful in an ultimate resolution.
Graeme -- Beacon Hill, Sydney, NSW, Australia
Board Admin:
Calendar of Updates Forums & Calendar

Remember: Security Software must be kept current to be of any use!!!

Quis custodiet ipsos Custodes???

Like software code, I just ain't perfect ... but we both sure oughta be!!!

We have NO plan ... so, nothing can POSSIBLY go wrong!!!
After things go from bad to worse, the cycle will immediately repeat itself!!!

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,122 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:51 PM

Posted 18 December 2006 - 06:42 PM

My comments aren't intended to negate that, merely to suggest some things that may prove helpful in an ultimate resolution

Didn't take your response as negating anything. I appreciate your input. Just wanted to make sure livelychati understood what we are doing here by investigating the file further. BTW welcome to BC. :thumbsup:
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 gdhopcroft

gdhopcroft

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Location:Beacon Hill, Sydney, New Soth Wales
  • Local time:05:51 AM

Posted 18 December 2006 - 07:34 PM

Didn't take your response as negating anything. I appreciate your input. Just wanted to make sure livelychati understood what we are doing here by investigating the file further.

No problems. :thumbsup:

Hope to see livelychati squared away with this soon.

BTW welcome to BC. :flowers:

Thanks for the Welcome!!! :trumpet:

Edited by gdhopcroft, 18 December 2006 - 07:35 PM.

Graeme -- Beacon Hill, Sydney, NSW, Australia
Board Admin:
Calendar of Updates Forums & Calendar

Remember: Security Software must be kept current to be of any use!!!

Quis custodiet ipsos Custodes???

Like software code, I just ain't perfect ... but we both sure oughta be!!!

We have NO plan ... so, nothing can POSSIBLY go wrong!!!
After things go from bad to worse, the cycle will immediately repeat itself!!!

#9 livelychati

livelychati
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:51 PM

Posted 18 December 2006 - 08:09 PM

Hi nice helpful people. :-) Yeah, it a nasty thing this asdf.exe!!!!!! It already downloaded lots of crap from the looks of the scans - even as a total ignoramus I can see it. What now? Ouch ... :-(

Here are the results from two scans, one from jotti.org and the other HJT - I used this one with my first virus last year. So here they go:

Jotti scan:
AntiVir Found TR/Dldr.ConHook.Q.2
ArcaVir Found Heur.W32
Avast Found nothing
AVG Antivirus Found Downloader.Generic.MNJ
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found Trojan.DownLoader.4412
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found Trojan-Downloader.Win32.ConHook.n
Fortinet Found Adware/ConHook
Kaspersky Anti-Virus Found Trojan-Downloader.Win32.ConHook.n
NOD32 Found a variant of Win32/TrojanDownloader.ConHook
Norman Virus Control Found Sandbox: W32/ConHook.AJ.dropper; [ General information ]

* File length: 34317 bytes.

[ Changes to filesystem ]
* Creates file C:\WINDOWS\SYSTEM32\geefg.dll.
* Creates file C:\WINDOWS\TEMP\removalfile.bat.

[ Changes to system settings ]
* Creates WindowsHook monitoring messages activity.

[ Process/window information ]
* Creates an event called 8032A61F.

[ Signature Scanning ]
* C:\WINDOWS\SYSTEM32\geefg.dll (28173 bytes) : W32/ConHook.AJ.
VirusBuster Found nothing
VBA32 Found Trojan-Downloader.Win32.ConHook.m
====================================
HJT scan results:

#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,122 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:51 PM

Posted 19 December 2006 - 06:54 AM

I have split your HJT log away from this thread and moved it into the HJT forum.

You can find it here: http://www.bleepingcomputer.com/forums/t/75623/asdfexe-and-more-problems/

Now that your log is posted there, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files on your own, etc.) unless advised by a HJT Team member. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make may cause confusion for the member assisting you and complicate the malware removal process.

Please be patient and wait for a response from an HJT Team member. It may take a while to get a response because team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. While waiting, please DO NOT make another reply to your log until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have no replies as this makes it easier for them to identify those who have not been helped. If you post another response, a team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users