Yesterday something very odd happened.
I entered a chat room (a familiar one) and when I entered "hi" end pressed enter 2 more lines appeared - the first one was some offending scentence and the second was an URL. I was quite surprised with this, so I went to this address and there was no page , just a file that the page wanted me to download. Of course I didn't downloaded it. At the same time I found out that the speed of my machine had turn down very much. So I pressed Ctrl+Alt+Del to find out what's going on and in the Task manager - Applications there was an unknown program running called "Ashtree". I clicked on "End Task" button and my PC blocked. I reset the PC and again looked at the task manager - the program was there again. I went with the right mouse button - "go to process" to the Process menu and there was an .exe file called msapl32.exe which seemes to use 99% of the CPU. I tried to find this ashtree in my PC and I found only a .txt file in the root of my C: partition. It was called Ashtree.txt and in it there was only the sentence: "Ashtree is sexy".
I tried to Google this Ashtree and also this msapl32.exe but there was nothing. I searched for viruses and spam but there were none. Everytime I delete this "Ahstree.txt" and restart the file is still there. And also when I click on "end process" in the task manager for this "msapl.exe" it stops for about 20 minutes and after then this Ashtree application and the corresponding "msapl32.exe" are running again....

I don't know what to do about this problem because I couldn't find any information about it on the net. Please help me.

Thank you in advance: Eva

0. Turn off system restore.
1. Download MoveOnBoot.
2. Use the downloaded program to delete the file(s).
3. Run RAV scan.
4. Reenable system restore last.

Do not type anything in this space.

Thanks but above a wrote that I can't find files with that name anywhere in my computer. Not Ashtree nor msapl32.exe. I can see them running in the taskmanager, but if I perform a search there are no such files. So this MoveOnBoot cannot help me.

hi eva,
try this,
disable your system restore
download latest virus def's, trojan def's, adware def's, spybot def's. if you do not have an anti-trojan go to www.thepublicworks.com, find on side panel the trojan hunter link, and download free 30 day trial, get the latest defs.
reboot into safe mode
hit start, then run, then type in regedit once there do a search or find file for the 2 offending files you mention. once found delete the entries only.
then get out of the registry and scan your machine with your anti virus and anti trojan, adaware and spybot.
delete all files found.
then clean your temp folder, temporary internet folder, recent folder, history folder, and recycle bin.
also remove these files from task list and processes if found.
reboot your computer into regular mode and do a search again for those files and if found delete them.
re enable your system restore.
all the best,
murve

I use a program called TaskInfo2003, and it let's you know where any task originates from. Those errant files are probably hidden.

Unhide you folders including system files and run RAV scan, it should help find them.

‹•¿•›.......Do not type anything in this space.......‹•¿•›

Take a look from dos, go Start Run CMD then
CD\
attrib msapl32.exe /s
if you find it, go to the folder where it is.
example CD C:\Windows\system32
then do attrib -s -r -h msapl32.exe
then del msaple32.exe
I don't know if rootkit can hide from attrib you could google for rootkitrevealer if all else fails.

Hi, my dad and I have now, at last, gotten rid of Ashtree and it components. Do like this:

1. Boot your computer in safety mode (F8), by doing this you make sure that Ashtree doesn't start.

2.Run the registry editor (regedit)

3. Search and remove all occations named or containing msapl32 and mswindrv

4. Search for hidden system files containing msapl32 and mswindrv in the file names on all hard drives.

5. Delete all found files!!

6. Reboot in normal way.

This should solve the problem.