Asus ships malware with Eee Boxes - bit-tech.net Forums

Tim S · 9th Oct 2008, 12:22

http://www.bit-tech.net/news/2008/10...th-eee-boxes/1

Certain revisions of Asus' well-regarded Eee Box ultra-small desktop PC have been accidentally distributed with a nasty worm forming part of the default install.

proxess · 9th Oct 2008, 12:25

No link from review to forums.

This is what, the second of third time Asus screwed up with weird files coming on CDs and HDDs? Its time their quality-control took some decent action.

ParaHelix.org · 9th Oct 2008, 13:31

This is one reason I do a clean install of an operating system every time I get a new system. I actually build my own but things such as the Eee PC should be clean installed, especially with the Asus reputation.

HourBeforeDawn · 9th Oct 2008, 20:50

wow really what is the deal, do they have an employee with a serious grudge and is trying to hurt the company or what????

Cupboard · 10th Oct 2008, 01:07

Even if they did have a virus that steals the log ins for online games I can't see that being a huge issue... but it is shocking that they could have let them through.

LordPyrinc · 10th Oct 2008, 02:22

Virus definitions are continually being updated by various anti-virus software companies to detect and presumably clean new infections. That being said, there is always a gap in time between when the new virus appears and the update. In that respect, any computer can become infected by a brand new virus that is not currently identified or tagged as a damaging program. Any computer connected online has the potential to be infected at any moment by some newly created virus. This sort of discovery should not surprise anyone.

Even those who do clean installs still run the risk of getting a computer virus. Do you not have to get online to update your OS and antivirus software? In that short amount of time your computer may be even more vulnerable to virus then the factory install, especially if you are installing from OEM disks that are woefully outdated. Even with high speed internet access it takes time to download updates and (in some cases) may involve several reboots and a new connection to the internet in between to get more updates.

leexgx · 10th Oct 2008, 04:40

This can happen very easy on HDD recovery due to the way asus and HP/compaq make sure product recovery on an d: drive that is norm setup so your cant access it norm pops up with an message but the inportant part is disk is still writable so if the pcs are been reviewed as it seems what has happened

there can be the problem when you do an Full product recover from the harddisk (format option or any option) the recovery drive is not wiped cleaned so once the pc has been fully recovered the virus.exe/autorun.ini is left as it is harmless untill you try and click on the d: drive and it is autorun

this problem can happen on acers as well as alot of them have them split 48:48:2 C: OS / D: Data that is not wiped on recover and an Hidden recover partition so it can put an auto run virus onto that drive

and to lordpyrinc comments, XP sp2/SP3 and vista OS 99% of the virus are user fault for running them and ignoring 2 warning on XP and 3 if your useing vista (UAC) asumeing IE7 used and not pressing Ctrl or popup blocker is not turned off
are not protected from anti virus software as thay cant realy be picked up by uptodate antivirus scanners as thay change to offen the problem above has happened most likey due to that the pcs have been passed around (as the news reports that not the same virus and been used by reviewers) Full recovery has been done But that does not reset the recovery drive if it is listed as an drive letter

gvsopic · 28th Oct 2008, 07:26

This product line seems to be loaded with malware for some odd reason. We have had it twice now happen at two random stores. We buy a EEE PC 900 and find that there is a worm (I believe the NOOH worm) sitting comfortably on the machine out-of-the-box! The worm's symptoms are as follows: Command prompt is disabled, task manager is disabled, registry editor is disabled, every time you choose to show the hidden files in view options it reverts back to the do not show setting. So far I have not yet completely neutralized the worm but I've been able to find some of it's tracks: an autorun.inf on the d: partition with a companion sys.exe file. A similar problem was reported with the Desktop version of the EEE machine. The guys at The Register and PC advisor resound the same findings. This is not just disconcerting, it is outrageous that ASUS should allow such incompetence to reach out and damage their customers' networked environments. Perhaps ASUS considers the Middle Eastern market a garbage disposal dump...

9th Oct 2008, 12:22	#1
Tim S Pewlius Caesar bit-tech Staff Join Date: Nov 2001 Location: Ascot, Berks Posts: 18,021	Asus ships malware with Eee Boxes http://www.bit-tech.net/news/2008/10...th-eee-boxes/1 Certain revisions of Asus' well-regarded Eee Box ultra-small desktop PC have been accidentally distributed with a nasty worm forming part of the default install. __________________ Tim on Twitter \| Tim's Blog \| Tim's Flickr The bit-tech Blog \| bit-tech on Twitter \| Join the bit-tech & Custom PC folding team (#35947)

9th Oct 2008, 12:25	#2
proxess Victim of AdvancedModernCapitalism Join Date: Nov 2006 Location: The town of Love, Funchal Posts: 601	No link from review to forums. This is what, the second of third time Asus screwed up with weird files coming on CDs and HDDs? Its time their quality-control took some decent action. __________________ Netbook: Asus eeePC 901; 12Gb SDD; Custom Ubuntu 9.04 Minimal Compiz Standalone. Laptop: Intel Centrino Duo T5500 1.66ghz; 2048mb RAM; ATI Mobility Radeon x2300; Hitachi 120gb iPod Classic 120GB; Maxtor 160GB External; Ubuntu 9.10 x64 and Windows 7 x64.

9th Oct 2008, 20:50	#4
HourBeforeDawn a.k.a KazeModz Join Date: Oct 2006 Location: Cali, USA Posts: 1,796	wow really what is the deal, do they have an employee with a serious grudge and is trying to hurt the company or what???? __________________ Current Rig: RubyRED • Lian-Li A05B • (2) Swiftech 220 Radiators • (2) D5 Variable Pumps • (2) Res • and a whole lot of modding • Retired Rig: Project F.E.A.R. • TT Lanbox Lite • Swiftech H2O-120 • Q6600 G0 OC@3.6ghz • 2900XT • 4gb SuperTalent Memory •

10th Oct 2008, 01:07	#5
Cupboard I'm not a modder. Join Date: Jan 2007 Location: Bury St Edmunds/Durham Uni Posts: 1,848	Even if they did have a virus that steals the log ins for online games I can't see that being a huge issue... but it is shocking that they could have let them through. __________________ i7 920, 8800GTS 512, 6GB Corsair all in an Intel DX58SO; 3*320GB RAID5; CM Stacker Samsung Q45.

10th Oct 2008, 02:22	#6
LordPyrinc Legomaniac Join Date: Mar 2008 Location: USA Posts: 256	Virus definitions are continually being updated by various anti-virus software companies to detect and presumably clean new infections. That being said, there is always a gap in time between when the new virus appears and the update. In that respect, any computer can become infected by a brand new virus that is not currently identified or tagged as a damaging program. Any computer connected online has the potential to be infected at any moment by some newly created virus. This sort of discovery should not surprise anyone. Even those who do clean installs still run the risk of getting a computer virus. Do you not have to get online to update your OS and antivirus software? In that short amount of time your computer may be even more vulnerable to virus then the factory install, especially if you are installing from OEM disks that are woefully outdated. Even with high speed internet access it takes time to download updates and (in some cases) may involve several reboots and a new connection to the internet in between to get more updates. __________________ HP Pavilion Elite m9040n PC - Vista Home Premium Intel Core 2 Quad Processor Q6600 @ 2.40ghz - 3G of RAM - Dual 320G HDs Upgrades/Add-ons: 22" Widescreen LCD, 700W RocketFish PSU, BFG GeForce 9800 GT 160G Ext USB HD, Logitech X-540 5.1 Surround Sound Speakers Last edited by LordPyrinc; 10th Oct 2008 at 02:31. Reason: Additional Content Added

9th Oct 2008, 13:31	#3
ParaHelix.org Supermodder Join Date: Jun 2008 Posts: 270	This is one reason I do a clean install of an operating system every time I get a new system. I actually build my own but things such as the Eee PC should be clean installed, especially with the Asus reputation.

10th Oct 2008, 04:40	#7
leexgx CPC hang out zone (i Fix pcs i do ) Join Date: Jun 2006 Location: uk Posts: 571	This can happen very easy on HDD recovery due to the way asus and HP/compaq make sure product recovery on an d: drive that is norm setup so your cant access it norm pops up with an message but the inportant part is disk is still writable so if the pcs are been reviewed as it seems what has happened there can be the problem when you do an Full product recover from the harddisk (format option or any option) the recovery drive is not wiped cleaned so once the pc has been fully recovered the virus.exe/autorun.ini is left as it is harmless untill you try and click on the d: drive and it is autorun this problem can happen on acers as well as alot of them have them split 48:48:2 C: OS / D: Data that is not wiped on recover and an Hidden recover partition so it can put an auto run virus onto that drive and to lordpyrinc comments, XP sp2/SP3 and vista OS 99% of the virus are user fault for running them and ignoring 2 warning on XP and 3 if your useing vista (UAC) asumeing IE7 used and not pressing Ctrl or popup blocker is not turned off are not protected from anti virus software as thay cant realy be picked up by uptodate antivirus scanners as thay change to offen the problem above has happened most likey due to that the pcs have been passed around (as the news reports that not the same virus and been used by reviewers) Full recovery has been done But that does not reset the recovery drive if it is listed as an drive letter __________________ Qx6850 (OC 3.3Ghz) <> 120 extreme<> rampage forumla <> 9800GX2 <> 8gb 4x2gb (2x gell / 2x adata)<> SSD powered Corsair S128 / WD Black 1TB <> Crative X-fi FalTy FPS <> TK 1000w Toughpower <win7 x64> Click me for folding stats greenfrog.biz / 35947

28th Oct 2008, 07:26	#8
gvsopic What's a Dremel? Join Date: Oct 2008 Posts: 2	This product line seems to be loaded with malware for some odd reason. We have had it twice now happen at two random stores. We buy a EEE PC 900 and find that there is a worm (I believe the NOOH worm) sitting comfortably on the machine out-of-the-box! The worm's symptoms are as follows: Command prompt is disabled, task manager is disabled, registry editor is disabled, every time you choose to show the hidden files in view options it reverts back to the do not show setting. So far I have not yet completely neutralized the worm but I've been able to find some of it's tracks: an autorun.inf on the d: partition with a companion sys.exe file. A similar problem was reported with the Desktop version of the EEE machine. The guys at The Register and PC advisor resound the same findings. This is not just disconcerting, it is outrageous that ASUS should allow such incompetence to reach out and damage their customers' networked environments. Perhaps ASUS considers the Middle Eastern market a garbage disposal dump...