bit-tech.net

Asus ships malware with Eee Boxes

Asus ships malware with Eee Boxes

Purchasers of Asus' Eee Box mini-desktop systems got more than they bargained for thanks to a worm living on the D: drive.

Asus has officially confirmed that certain versions of its pint-sized Eee Box desktop PC shipped with a virus on the hard drive's second partition.

The Windows XP-based computers came with a copy of the W32/Usbalex worm according to an article over on The Register. By placing an autorun.inf file on the D: drive, the worm – disguised under the filename of recycled.exe – is able to get itself automatically executed when a user double-clicks the second partition in My Computer. Once the program is run, it attempts to copy itself to the main system partition and any removable drives currently attached to the system.

While Asus has admitted the existence of the malware-infected units – as confirmed over on PC Advisor – the problem might not end there. In the Register article, writer Tony Smith goes on to state that a review version of the Eee Box he was sent came with a different virus – W32/Taterf, a.k.a. W32.Gammima.AG – which attempts to steal username and password combinations for popular online games.

Although the possibility exists that the review version held by The Register was infected when in the hands of a previous reviewer – single boxes are often shipped from place to place without being properly cleaned – when taken with the above news that retail versions were distributed with viruses, it certainly begs the question of what exactly is going on over at Asus HQ.

Have you ever received a nasty surprise on a brand-new piece of computing equipment, or do you wipe new systems clean just to be on the safe side? Share your thoughts over in the forums.

7 Comments

Discuss in the forums Reply
proxess 9th October 2008, 13:25 Quote
No link from review to forums.

This is what, the second of third time Asus screwed up with weird files coming on CDs and HDDs? Its time their quality-control took some decent action.
ParaHelix.org 9th October 2008, 14:31 Quote
This is one reason I do a clean install of an operating system every time I get a new system. I actually build my own but things such as the Eee PC should be clean installed, especially with the Asus reputation.
HourBeforeDawn 9th October 2008, 21:50 Quote
wow really what is the deal, do they have an employee with a serious grudge and is trying to hurt the company or what????
Cupboard 10th October 2008, 02:07 Quote
Even if they did have a virus that steals the log ins for online games I can't see that being a huge issue... but it is shocking that they could have let them through.
LordPyrinc 10th October 2008, 03:22 Quote
Virus definitions are continually being updated by various anti-virus software companies to detect and presumably clean new infections. That being said, there is always a gap in time between when the new virus appears and the update. In that respect, any computer can become infected by a brand new virus that is not currently identified or tagged as a damaging program. Any computer connected online has the potential to be infected at any moment by some newly created virus. This sort of discovery should not surprise anyone.

Even those who do clean installs still run the risk of getting a computer virus. Do you not have to get online to update your OS and antivirus software? In that short amount of time your computer may be even more vulnerable to virus then the factory install, especially if you are installing from OEM disks that are woefully outdated. Even with high speed internet access it takes time to download updates and (in some cases) may involve several reboots and a new connection to the internet in between to get more updates.
leexgx 10th October 2008, 05:40 Quote
This can happen very easy on HDD recovery due to the way asus and HP/compaq make sure product recovery on an d: drive that is norm setup so your cant access it norm pops up with an message but the inportant part is disk is still writable so if the pcs are been reviewed as it seems what has happened

there can be the problem when you do an Full product recover from the harddisk (format option or any option) the recovery drive is not wiped cleaned so once the pc has been fully recovered the virus.exe/autorun.ini is left as it is harmless untill you try and click on the d: drive and it is autorun

this problem can happen on acers as well as alot of them have them split 48:48:2 C: OS / D: Data that is not wiped on recover and an Hidden recover partition so it can put an auto run virus onto that drive

and to lordpyrinc comments, XP sp2/SP3 and vista OS 99% of the virus are user fault for running them and ignoring 2 warning on XP and 3 if your useing vista (UAC) asumeing IE7 used and not pressing Ctrl or popup blocker is not turned off
are not protected from anti virus software as thay cant realy be picked up by uptodate antivirus scanners as thay change to offen the problem above has happened most likey due to that the pcs have been passed around (as the news reports that not the same virus and been used by reviewers) Full recovery has been done But that does not reset the recovery drive if it is listed as an drive letter
gvsopic 28th October 2008, 08:26 Quote
This product line seems to be loaded with malware for some odd reason. We have had it twice now happen at two random stores. We buy a EEE PC 900 and find that there is a worm (I believe the NOOH worm) sitting comfortably on the machine out-of-the-box! The worm's symptoms are as follows: Command prompt is disabled, task manager is disabled, registry editor is disabled, every time you choose to show the hidden files in view options it reverts back to the do not show setting. So far I have not yet completely neutralized the worm but I've been able to find some of it's tracks: an autorun.inf on the d: partition with a companion sys.exe file. A similar problem was reported with the Desktop version of the EEE machine. The guys at The Register and PC advisor resound the same findings. This is not just disconcerting, it is outrageous that ASUS should allow such incompetence to reach out and damage their customers' networked environments. Perhaps ASUS considers the Middle Eastern market a garbage disposal dump...
Log in

You are not logged in, please login with your forum account below. If you don't already have an account please register to start contributing.



Discuss in the forums