Motherboard Forums


Reply
Thread Tools Display Modes

Can't get rid of "AsusSetup.exe" startup nags (Older Win-based BIOStool) on startup. (M4A78T-E if that even matters?)

 
 
Nobody > (Revisited)
Guest
Posts: n/a
 
      09-30-2011, 06:30 PM
It was my bad to start with, I installed this hoping to avoid coming up
with a bootable USB BIOS updatete solution. I didn't research it well
enough to find out that it won't run on Win 7.

I found *that* out the hard way, so proceeded to work a little harder
and did get a working DOS-boot USB BIOS setup and got the mobo bumped up
to 3406.

Meanwhile, I'm stuck with with 2 (?) consecutive "failed to install"
startup nag balloons on every startup on an admin login, or "install
as admin" balloons (which fail) for non-admin users.

I can't get rid of these turds!

None of the usual Windows tricks have helped.
It's not in Startups.
There are NO registry keys with "AsusSetup.exe" in them anywhere.
I've searched every file/directory on this computer, even with various
LiveCD-type bootable tools (including HiRen's and various Linux-based
file utilities). No "AsusSetup.exe"!

I d/l'ed this "AsusSetup.exe" directly from ASUS (don't remember if it
was the US, TW or "Global" site) so it should be valid (if flawed).

But having seen how messed up the ASUS support sites have been at times,
I suspected that what I actually got was a root-kitting trojan. I've run
numerous rootkit detector apps as well. (I do that anyway as
preventative maintenance, bit once and learned the hard way!)

It's not a major problem, just an irritant, but it bugs the crap out of me!

Could I be "not seeing the forest for the trees" here and missed an
obvious item or trick? (I do dat at times)

Any ideas are welcome, even off-the wall ones. The only one unacceptable
is the "Dan C >> Format C:" crapline.








--
"**** this is it, all the pieces do fit.
We're like that crazy old man jumping
out of the alleyway with a baseball bat,
saying, "Remember me mother****er?"
Jim “Dandy” Mangrum
 
Reply With Quote
 
 
 
 
BS
Guest
Posts: n/a
 
      09-30-2011, 06:59 PM
On 09/30/2011 02:30 PM, Nobody > (Revisited) wrote:
> It was my bad to start with, I installed this hoping to avoid coming up
> with a bootable USB BIOS updatete solution. I didn't research it well
> enough to find out that it won't run on Win 7.
>
> I found *that* out the hard way, so proceeded to work a little harder
> and did get a working DOS-boot USB BIOS setup and got the mobo bumped up
> to 3406.
>
> Meanwhile, I'm stuck with with 2 (?) consecutive "failed to install"
> startup nag balloons on every startup on an admin login, or "install as
> admin" balloons (which fail) for non-admin users.
>
> I can't get rid of these turds!
>
> None of the usual Windows tricks have helped.
> It's not in Startups.
> There are NO registry keys with "AsusSetup.exe" in them anywhere.
> I've searched every file/directory on this computer, even with various
> LiveCD-type bootable tools (including HiRen's and various Linux-based
> file utilities). No "AsusSetup.exe"!
>
> I d/l'ed this "AsusSetup.exe" directly from ASUS (don't remember if it
> was the US, TW or "Global" site) so it should be valid (if flawed).
>
> But having seen how messed up the ASUS support sites have been at times,
> I suspected that what I actually got was a root-kitting trojan. I've run
> numerous rootkit detector apps as well. (I do that anyway as
> preventative maintenance, bit once and learned the hard way!)
>
> It's not a major problem, just an irritant, but it bugs the crap out of me!
>
> Could I be "not seeing the forest for the trees" here and missed an
> obvious item or trick? (I do dat at times)
>
> Any ideas are welcome, even off-the wall ones. The only one unacceptable
> is the "Dan C >> Format C:" crapline.
>
>
>
>
>
>
>
>

If it is really that embedded then run HijackThis. It will find all
entries of ASUSSETUP.EXE and perhaps any other suspicious processes. You
have checked to see if you can un-install it from what is now called
programs and features in the control panel?
The program sounds half-installed but I don't think it's a rootkit.
I have windows 7 (on the other harddrive, I'm in Linux at the moment)
and the computer has an Asus motherboard and also starts up some program
called AI manager that is supposed to run the four cores in the cpu more
efficiently or something. There is also an asus update program included
in the package but it has always failed to download any BIOS updates. It
will, however, make it easier to install one but you must download it
separately on your own, the download mirrors the program uses are no
longer valid. I have installed one BIOS update for my motherboard since
2009 when I got the computer. You may want to check out this page
http://www.computerhope.com/forum/in...?topic=94335.0



Good Luck,
BS
 
Reply With Quote
 
 
 
 
Paul
Guest
Posts: n/a
 
      09-30-2011, 07:32 PM
Nobody > (Revisited) wrote:
> It was my bad to start with, I installed this hoping to avoid coming up
> with a bootable USB BIOS updatete solution. I didn't research it well
> enough to find out that it won't run on Win 7.
>
> I found *that* out the hard way, so proceeded to work a little harder
> and did get a working DOS-boot USB BIOS setup and got the mobo bumped up
> to 3406.
>
> Meanwhile, I'm stuck with with 2 (?) consecutive "failed to install"
> startup nag balloons on every startup on an admin login, or "install
> as admin" balloons (which fail) for non-admin users.
>
> I can't get rid of these turds!
>
> None of the usual Windows tricks have helped.
> It's not in Startups.
> There are NO registry keys with "AsusSetup.exe" in them anywhere.
> I've searched every file/directory on this computer, even with various
> LiveCD-type bootable tools (including HiRen's and various Linux-based
> file utilities). No "AsusSetup.exe"!
>
> I d/l'ed this "AsusSetup.exe" directly from ASUS (don't remember if it
> was the US, TW or "Global" site) so it should be valid (if flawed).
>
> But having seen how messed up the ASUS support sites have been at times,
> I suspected that what I actually got was a root-kitting trojan. I've run
> numerous rootkit detector apps as well. (I do that anyway as
> preventative maintenance, bit once and learned the hard way!)
>
> It's not a major problem, just an irritant, but it bugs the crap out of me!
>
> Could I be "not seeing the forest for the trees" here and missed an
> obvious item or trick? (I do dat at times)
>
> Any ideas are welcome, even off-the wall ones. The only one unacceptable
> is the "Dan C >> Format C:" crapline.


If you downloaded these, is there a chance there is a record of the download
in your browser ? I download using Firefox, and at some point, must have
set the expiry to be a very long time. You might be able to figure it out
that way. In the Firefox download dialog box, if I type in "asus.com" as a
search term, it lists only the downloads from asus for me.

You could also download all the packages for your board from the Asus site,
until you find the one in question.

An example is this one, which has an AsusSetup inside. Now, this uses
InstallShield, so I can't look inside the two cab files.

http://dlcdnet.asus.com/pub/ASUS/mis...PVistaWin7.zip

There is nothing in what I can see of the installer, which suggests
it's designed to lay in wait. That one loads some drivers (in plain sight),
as well as having a utility (hidden in the cabs, don't know what's there).

It could be, that some script is launching, and one line of that is
calling AsusSetup.

Or it could be, you have some storage device, which has an autorun, and
the storage device looks like a CDROM, and the software on it launches each
time the computer starts. So you may have to examine the *contents* of each
file on the machine, looking for the AsusSetup.exe or AsusSetup string.

Also note that, due to the invention of Unicode strings, you can
easily miss the presence of such a string, inside an executable. In
one experiment I did here, I had to search for the letters, but with
0x00 intermingled ( 0x00 "A" 0x00 "s" 0x00 "u" 0x00 "s" ...), and that
is caused by the usage of a double byte representation for ordinary
ASCII character values. I actually wrote a piece of C code to look
for sequences like that, and scanned a 10GB image of a file system,
looking for it. It's now much more difficult to search for crap like
that, due to the possibility it's in Unicode, buried in some other
executable. Even the Registry does that - sometimes, you can see what
looks like a binary sequence in a registry entry, when in fact it is
a file path in Unicode.

In some cases, I've run Ubuntu in a virtual machine, then used WINE
to run some windows installer, and then examined the fake "C:" drive
kept in .wine directory, to figure out what a package "drops" in the
file system. But it can be tricky figuring out what has changed.
The last one I tried, the installer didn't run to completion, but
it did finish the file copying phase. The Registry updates partially
ran, but then something failed and it didn't finish. WINE has "regedit",
so you can look in the fake registry for changes.

The Sysinternals "autoruns" program, provides a way to search for
startup items, and you should also give that a try, to avoid any of
the "more unlikely to succeed" research methods. You won't necessarily
be looking for "AsusSetup", as it might be some other innocent sounding
string like "setup.exe" which in turn calls AsusSetup. It'll require
the process of elimination, as much as a direct frontal assault.

Paul
 
Reply With Quote
 
 
 
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Re: "Are You Sure" nags? Marc Heusser Apple 18 01-25-2009 02:38 PM
"Are You Sure" nags? Mike Dee Apple 20 01-18-2009 11:36 PM
Annoying "Do you want to execute ASUS startup program" prompt. How do I get rid of this? ridergroov Asus 7 03-09-2007 06:10 AM
Can't get rid of Nvidia startup items after switching to ATI- XP Pro wreckwriter@comcast.net ATI 6 03-30-2006 03:54 PM
"Unlock Keychain" screen on startup -- how to get rid of it Alex Apple 1 11-03-2005 11:12 PM


All times are GMT. The time now is 10:16 AM.


Welcome!
Welcome to Motherboard Point
 

Advertisment