Solved: Re: ASR.dat VOIP.dat on clean isntall win 10 - HP Support Community

andriuskarpas · ‎05-20-2017

Ok i will be quick. Did many tests did many scans used tons of tools to inpect asr.dat and voip ,dat files in my pc under public use folder.

To see then i get these files i have created new usb stick with win 10 1703 intsallation. Installed win 10 and got these files via microsoft update service.

Files could be related to microsoft or HP drivers or aditional software that is installed by Microsoft update on behalf of HP.

Does HP knows anything about these files what they are?????

Searching the net these files were riported as posible virus files. But no matter how many tools i have used to inspect them files are ok and legitimate created by local service.

I dont see those files on other machines wbased on win 10 1703.

Any help and infor is appreciated.

IT_WinSec · ‎05-21-2017

Hello @andriuskarpas

Thank you for posting in the HP Support forum.

1. Please, upload the files to VirusTotal >> www.virustotal.com

and let the service scan them.

Give me the 2 URLs to see the scan results (1 url per file) - upload them one by one.

I believe these files are legitimate (should be Microsoft stuff).

2. Let me see what starts-up with your PC.

Download Autoruns (from Microsoft) from this URL => http://live.sysinternals.com/autoruns.exe

Information about the product => http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx

- Save the file on your Desktop

- Run Microsoft Autoruns with Administrator rights (right click -> Run as Administrator).

Agree with the standard license agreement from Microsoft.

- Once Autoruns is started, it will need some seconds (could be a minute) to gather the snapshot, wait for it.

Once it is ready, you will see the word Ready in the lower left side.

Click on Options

Make sure that only the following are selected:

Hide Empty Locations
Hide Windows Entries

- Click on Rescan button or click on File -> Refresh to rescan the system.

It will need some seconds (could be a minute) to gather the snapshot, wait for it.

Once it is ready, you will see the word Ready in the lower left side.

- Finally, click on File -> Save

Save the snapshot on the desktop in .TXT file

Open the newly created TXT log file.

Mark and Select all of the text (e.g. CTR+A), copy it and

visit http://pastebin.com/ to paste it there

Create new paste and give me the URL to see the log file.

Looking forward to your reply.

Your FEEDBACK is important. Use the interactive buttons below and let me know if the post helps ;
*** HP employee *** I express personal opinion only *** Joined the Community in 2013

View solution in original post

IT_WinSec · ‎05-21-2017

Hello @andriuskarpas

Thank you for posting in the HP Support forum.

1. Please, upload the files to VirusTotal >> www.virustotal.com

and let the service scan them.

Give me the 2 URLs to see the scan results (1 url per file) - upload them one by one.

I believe these files are legitimate (should be Microsoft stuff).

2. Let me see what starts-up with your PC.

Download Autoruns (from Microsoft) from this URL => http://live.sysinternals.com/autoruns.exe

Information about the product => http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx

- Save the file on your Desktop

- Run Microsoft Autoruns with Administrator rights (right click -> Run as Administrator).

Agree with the standard license agreement from Microsoft.

- Once Autoruns is started, it will need some seconds (could be a minute) to gather the snapshot, wait for it.

Once it is ready, you will see the word Ready in the lower left side.

Click on Options

Make sure that only the following are selected:

Hide Empty Locations
Hide Windows Entries

- Click on Rescan button or click on File -> Refresh to rescan the system.

It will need some seconds (could be a minute) to gather the snapshot, wait for it.

Once it is ready, you will see the word Ready in the lower left side.

- Finally, click on File -> Save

Save the snapshot on the desktop in .TXT file

Open the newly created TXT log file.

Mark and Select all of the text (e.g. CTR+A), copy it and

visit http://pastebin.com/ to paste it there

Create new paste and give me the URL to see the log file.

Looking forward to your reply.

Your FEEDBACK is important. Use the interactive buttons below and let me know if the post helps ;
*** HP employee *** I express personal opinion only *** Joined the Community in 2013

andriuskarpas · ‎05-21-2017

Hi, I really appreaciate you will to help to analyse these files.

links to www.virustotal.com

1:) https://www.virustotal.com/en/file/778b5a9f42213dc112eb22813fb061a43a8ee7bad753ea4cfc1d0486d17754dc/...

2:) https://www.virustotal.com/en/file/e5d3fbb96e7cc0f6ecb22f58d87d556722b4d7e20214426837316bb05abb7841/...

link to: pastebin

https://pastebin.com/Rtkfy9dH

IT_WinSec · ‎05-21-2017

Hello,

Thank you for following the instructions carefully.

The files are DAT files (data files) and are not malicious. Probably these are Microsoft files - could be part of Office.

To be 100% sure you need to see what creates them. This can only be seen by file monitoring program such as the free Process Monitor >> https://technet.microsoft.com/en-us/sysinternals/processmonitor.aspx

Here are instructions (examples) how to use it >> https://community.sophos.com/kb/hu-hu/119038

>> https://www.howtogeek.com/school/sysinternals-pro/lesson5/all/

Once the log is captures and saved, you can search through the file (CTR+F) for anything related to ASR.dat and VOIP.dat

The file will tell you what/which process created the files or accessed it - sometimes you may ignore access by antivirus because its job it to access the file. This will be 100% to see what creates it . But it is not malicious in the generally accepted way

Your FEEDBACK is important. Use the interactive buttons below and let me know if the post helps ;
*** HP employee *** I express personal opinion only *** Joined the Community in 2013

andriuskarpas · ‎05-21-2017

Ill have a play with processmonitor.

Milion thanks mate.

andriuskarpas · ‎05-21-2017

want to thank you again and share info i got playing with process monitor tool. Files are not malicious and created by audiodg.exe app what id part of Windows 10.

Both files voip and asr is created by the same process.

Thank you again for help to investigate these files.

IT_WinSec · ‎05-21-2017

You are most welcome @andriuskarpas

Your FEEDBACK is important. Use the interactive buttons below and let me know if the post helps ;
*** HP employee *** I express personal opinion only *** Joined the Community in 2013

ASR.dat VOIP.dat on clean isntall win 10

Create an account on the HP Community to personalize your profile and ask a question