[Moo]

Last night Spy Bot Found (& other programs confirmed) an ads attached to the C:\Windows folder. It's named BAD62133E0206B3B
The MD5 Hash is D41D8CD98F00B204E9800998ECF8427E which per Google is a hash for an empty file. This one is 24k. I was able to view the file contents with Adsspy, it's All computer code, no text.

The other XP SP3 pc in my network does NOT have the ads (or the Catalyst driver/control center). I have scanned with Pavark, Reg Run Partisan & Avast; none of which notify me of this ads. Spybot, Adsspy, Highjack this & Rootaliser all see it, but are not able to state if it is malicious or not.

It's date stamp is identical to the recent install of the Catalyst 9.5 update, & while i don't know the exact time of the Catalyst install, it's at minimum within an hour; I'm starting to assume it's likely the same time.

I dl'd the Catalyst update directly from AMD's site & scanned it for virus. I did turn off Reg Run's protection during the install so the driver could modify registry keys & not cause the install to fail.

I would love to ask AMD this question, but every attempt to register on there site errors out on both FF & Opera.

Question is: does anyone know if Catalyst comes with this ADS & if the ADS is necessary? I have several programs that state they can remove the ADS, but they all say to make sure it's malicious before removal or removal could hose my system.

The only sign of any potential problem on this system is about a month ago, logging into Pay pal started causing browser crashes on all 3 browsers unless cookies are first deleted, but that precedes this by several weeks. There are NO other signs of virus. I scan often & am a pretty safe surfer.

Oh, & the card is a Radeon 3450.

Thanks for any suggestions........

[Edward6287]

I haven't seen anything about it, and a quick search didn't find anything. I can't tell from your post if you're trying to register for the AMD forum. If you haven't already, you can try the customer service email form: http://emailcustomercare.amd.com/

If you can't email it, let us know if it's ok to copy and paste your forum post and link. One or more of us will try to get word to AMD.

[Moo]

[Edward6287]

I submitted the following using the email form from the previously posted link. I added the 4890 as a placeholder. I'll post the reply if it hits my email.

...

I am submitting this information on behalf of, and with permission from, a MaximumPC magazine forum user who is receiving errors while attempting to submit this this email form. Product model was not specified. I will forward the reply, or you may reply directly to the forum. Thank you.

The forum link and a copy/paste of the member's question follows:

http://www.maximumpc.com/forums/viewtopic.php?p=970534#970534

Last night Spy Bot Found (& other programs confirmed) an ads attached to the C:\Windows folder. It's named BAD62133E0206B3B
The MD5 Hash is D41D8CD98F00B204E9800998ECF8427E which per Google is a hash for an empty file. This one is 24k. I was able to view the file contents with Adsspy, it's All computer code, no text.

The other XP SP3 pc in my network does NOT have the ads (or the Catalyst driver/control center). I have scanned with Pavark, Reg Run Partisan & Avast; none of which notify me of this ads. Spybot, Adsspy, Highjack this & Rootaliser all see it, but are not able to state if it is malicious or not.

It's date stamp is identical to the recent install of the Catalyst 9.5 update, & while i don't know the exact time of the Catalyst install, it's at minimum within an hour; I'm starting to assume it's likely the same time.

I dl'd the Catalyst update directly from AMD's site & scanned it for virus. I did turn off Reg Run's protection during the install so the driver could modify registry keys & not cause the install to fail.

I would love to ask AMD this question, but every attempt to register on there site errors out on both FF & Opera.

Question is: does anyone know if Catalyst comes with this ADS & if the ADS is necessary? I have several programs that state they can remove the ADS, but they all say to make sure it's malicious before removal or removal could hose my system.

The only sign of any potential problem on this system is about a month ago, logging into Pay pal started causing browser crashes on all 3 browsers unless cookies are first deleted, but that precedes this by several weeks. There are NO other signs of virus. I scan often & am a pretty safe surfer.

Thanks for any suggestions........

[Edward6287]

What a PITA. Sorry, I got this a couple minutes after I hit send. You may have to register your product and email and whatever else before you can ask a support question.

***

AMD Service notice: Email Blocked‏

Dear Customer,

You submitted your Service Request from an email address that has not been registered in our Services Portal.

In order to process your inquiry, we require you to register and submit your query via our services portal.

http://www.amd.com/onlineservicesen/partner

[Moo]

[Moo]

If there are no more thoughts on this, can anyone direct me to a site that focuses on ADS, where someone may know just what I'm dealing with? I was hoping Maximum PC staff monitored these forums........

[Moo]

I have also posted this at Windows BBS. Their rules require me to state that here.

[Moo]

As an fyi, i ended up having a gamer's password stealing trojan called inst.exe More info: http://www.threatexpert.com/files/inst.exe.html

Since I'm not a gamer, & I have believed from the start that the issues started when I installed the Catalyst 9.5 center & driver; I currently believe that the trojan tagged along with the Catalyst 9.5 download from AMD's OFFICIAL site on 5/29/09.

Anyone who dl'd Catalyst 9.5 on or near that date may want to check your pc with a fine tooth comb. Avast did NOT catch the infection. full file name is "9-5_xp32_dd_ccc_wdm_enu.exe"

I am so done with AMD; I'm not happy to have ATI cards on 2 of my 3 machines.