asam.exe
Tell you what is asam.exe? How to remove asam.exe?
asam.exe sample submitted on 2010-04-23 and identified as a threat.
Alias:
Threat File:asam.exe
Submit time:2010-04-23
Excute time:9 min 44 sec
Level of Spread:4
Level of Threat:6
type:Downloader.VB
Filesize:72K Bytes
9133K Bytes
Files type
asam.exe is Windows exe file.
MD5:6e1pPk6n7QGKtFoarLd88RrNv82lT27I
SHA1..:84KxxsS7DyhL0gw3amlGFT0v1HP6cNEjH7M2g0bD
Path:
C:\Documents and Settings\All Users\Application Data\asam.exe
c:\System Volume Information\ _restore…\asam.exe
Report Countries:
Hungary
Korea-South
Antivirus Program Report:
Rising:Backdoor.Win32.Agent.qoe
Avast! Antivirus :Backdoor.Win32.Agent.qnr
Prevx1:Backdoor.Win32.Agent.qoh
F-Prot6 :Backdoor.Win32.Agent.nxm
Need help? Post you problem on Free Malware Remove Help forum
asam.exe Summary
1.Temporarily Disable System Restore;2.Reboot computer in SafeMode;3.delte asam.exe virus files and kill asam.exe file task process(if have);4.Delete/Modify any values added to the registry by asam.exe ;5.delete IE temp files,restart the computer and run a whole scan with F-Secure, NOD32. asam.exe virus files as following:
This virus has hit my companies network, targeting computers that are still running IE6, XP Pro 32bit, and some IE7.
There are a couple of similar “tags” found on each infected computer.
1. The virus loads after MSN instant messenger, so if you can access the registry before MSN i.m. loads, you will be in good shape.
2. Similar paths found on each infected pc:
Kaka://C\Documents%and%Settings\user_name\local%settings\application20data\neftkamgk\kaveipdtssd.exe\htmlMain.htm
3. If you right click on any of the virus’s pop-ups, select properties, and view the full path. Write it down, because you won’t be able to access notepad or anything to paste it into.
3. Restart the computer, and again, before MSN IM loads, click Start, Run, ‘regedit’ and begin your search for everything that you found in the virus’s file path/name.
4. Remove all instances of ‘asam’ afterwards.
5. Once the registry is clean, run ‘msconfig’… and disable asam.exe (the .exe doesn’t always display)
5. Restart. If it’s like any of the PC’s ive worked on, you will not be able to use IE
6. Control Panel/Add Remove/ Windows Components
7. Disable/remove Internet Explorer and MSN instant Messenger etc..
8. Restart, repeat the above but this time install IE
9. Once you’ve done this, go into IE tools, Connections, LAN Settings, and disable the Proxy Server.. you’ll be right back at square one if not.
Some of the Areas in the registry I found infected (bare with me as I fit this on here):
HKEY_LOCAL_MACHINE > Software > Microsoft > SharedTools > Windows > CurrentVersion >Installer > UserData > S-1-5-18 > Products > Features:
also the reg. key looked like this: OAB29D79662E96F459E64F75FECE4FB3
HKEY_LOCAL_MACHINE >Software > Microsoft > SharedTools > Msconfig > startupreg > asam (lovely, it had it’s own folder)
SharedTools> Windows > CurrentVersion > Installer > UserData > S-1-5-18
Software > System > ControllSet001 > Services > SharedAccess > Parameters > FirewallPolicy > Domain Profile > Authorized Applications > list > c:\Documents and Settings\user_name\Local Settings\Application data\asam.exe:*:Enabled:enabled
Other things in the registry I searched for related to the same (or who knows, another virus):
*neftkamgk
*kaveipdtssd.exe
*kaka
Good Luck and I hope this helps… hope it’s some what easy to follow.