[German]ASUS tried to surprise its users and sent them a special Christmas greeting with the file name christmas.exe. Of course, it has been known for years that .exe Christmas greetings should not be sent for security reasons. ASUS managed to scare the hell out of its users in 2024. Let them thinking that a virus was running rampant on their Windows systems. Now many users are really pissed of.
I came across this unpleasant surprise via tweets on X on December 21, 2024 (but had "left it lying around"). The following tweet from December 22, 2024 shows what's going on.
The user switches on their Windows computer and, after logging in under Windows 11, finds a banner at the bottom of the desktop (see image in the tweet above). Of course, the user immediately thinks that he has caught a virus – but eventually realizes that it was a "goody" from ASUS as an unwanted "by-catch".
The user wrote: "Time to uninstall all ASUS-related software". And he puts it that he can't believe that the strategists at ASUS thought that rolling out this "promotional story" would be met with cheers from people. The following tweet discusses the whole thing in more detail.
The user believed he had picked up malware because a full-screen application called christmas.exe took total control of the computer at boot time. The associated process was called "custom shape" and the process, which was traced back to the christmas.exe program file, was causing significant memory usage. After looking into it, he realized that this file was a "Christmas greeting" from ASUS that was pulled onto the computer by some ASUS software.
In the ASUS Republic of Games (ROG) forum someone complained in the post Festive Effects – 2 Hrs figuring out what malware was wishing me merry christmas (there are more details on reddit.com). Again, the process happened after turning on the PC. After logging on to the Windows desktop, the victim saw a "weird, neon-colored Christmas 'game'" on the desktop (the article also contains a photo of the monitor display).
The user immediately thinks that they have caught ransomware. An ASUS logo was probably not displayed. The man opens the task manager and sees that the program is running under the name "Custom Shape". This is definitely a generic name that malware would use, the user wrote. But this overlay display on the desktop closed automatically before the user could find out under which exe file the process was called.
The suspicion of malware was now "confirmed" for the user. He began a web search for "Christmas Custom Shape malware" and came across a number of hits about Christmas pop-ups. The threads all had content about people struggling to figure out what was going on while you were confronted with ransomware in the background.
In the end, however, it turned out for the person concerned in December 2024 that it was something like an accidental Christmas greeting from ASUS, which left those affected quite stunned. How can a company come up with the idea of displaying a splash screen on someone's desktop when they start Windows without any branding, or a warning or anything in the name of the application that indicates its origin? That's madness, they say.
The rant ends with "If you're going to force us to install buggy, intrusive bloatware that demands an update to the latest Addressable LED Strip software before I can change the fan settings, at least don't make it look like more malware."
The thread has 28 reactions from other affected people, all of which were extremely negative. On reddit.com, this post also contains some clues about the process – the process consumed 14 GB of RAM. The christmas.exe was installed by Armoury Crate. This is your central app for connecting, configuring and controlling a variety of ROG gaming products.
ASUS has received extremely negative publicity for this lapse, which is being reported in all the media, but shows how messed up the entire software industry has become. Well, hemp was released in Germany this year. But who could have guessed that this would spread to Taiwan (ASUS) or the USA (Redmond & Co.) because the software developers smoke weed all the time.
Windows Latest took up the topic here in a timely manner. There are also tips on how to put an end to the spook.
The first mentioned reddit post (with "HA PY EW EA" screenshot) is one year old.
So ASUS have done it at least twice already.