File Investigation Report
TEAMVIEWER_SETUP[1].EXE
Currently being reviewedThe filename TEAMVIEWER_SETUP[1].EXE is used by objects that are classified as safe. It has not yet been seen to be associated with malicious software.
If you are concerned that your PC might be infected why not try our Free Prevx Scanner. It will thoroughly check your PC for millions of active Spyware and malware infections and takes less than 2 minutes. Don't put your confidential data, or your identity at risk, check your PC now with Prevx.
File Behavior
TEAMVIEWER_SETUP[1].EXE has been seen to perform the following behavior:
- Executes a Process
- This process creates other processes on disk
- Registers a Dynamic Link Library File
- Creates new folders in the file system
- Uses rootkit techniques to conceal its presence, interrogation or removal
- Uses low level functions to hide itself from the user and from system/security processes
- The Process is packed and/or encrypted using a software packing process
- Writes to another Process's Virtual Memory (Process Hijacking)
- Found on infected systems and resists interrogation by security products
TEAMVIEWER_SETUP[1].EXE has been the subject of the following behavior:
- Deleted as a process from disk
- Created as a process on disk
- Executed as a Process
- Executed by Internet Explorer
- Has code inserted into its Virtual Memory space by other programs
- Executed from Temporary Folders
Country Of Origin
The filename TEAMVIEWER_SETUP[1].EXE was first seen on Mar 12 2008 in the following geographical regions of the Prevx community:
- Spain on Mar 12 2008
- Vietnam on Mar 12 2008
- Europe on Mar 13 2008
- India on Oct 1 2009
- Italy on Mar 20 2010
Filesizes
The following file size has been seen:
- 2,304,496 bytes
- 1,346,424 bytes
- 97,575 bytes
- 8,192 bytes
File Type
The filename TEAMVIEWER_SETUP[1].EXE refers to many versions of an executable program.
File Activity
One or more files with the name TEAMVIEWER_SETUP[1].EXE creates, deletes, copies or moves the following files and folders:
- Deletes c:\docume~1\user\locals~1\temp\nsl6.tmp
- Creates c:\documents and settings\user\desktop\..\temp\teamviewer\version4\TeamViewer_.exe
- Deletes c:\docume~1\user\locals~1\temp\nsjC.tmp
- Creates c:\docume~1\user\locals~1\temp\nsjE.tmp
- Deletes c:\docume~1\user\locals~1\temp\nsz10.tmp
- Creates c:\docume~1\user\locals~1\temp\nsz10.tmp\Lizenz_TeamViewer_EN.txt
- Creates c:\docume~1\user\locals~1\temp\nsz10.tmp\UAC.dll
- Creates c:\docume~1\user\locals~1\temp\nsz10.tmp\System.dll
- Creates c:\docume~1\user\locals~1\temp\nsz10.tmp\UserInfo.dll
- Creates c:\docume~1\user\locals~1\temp\nsz10.tmp\TvGetVersion.dll
- Creates c:\docume~1\user\locals~1\temp\nsz10.tmp\host.ini
- Creates c:\docume~1\user\locals~1\temp\nsz10.tmp\start.ini
- Creates c:\docume~1\user\locals~1\temp\nsz10.tmp\environment.ini
- Creates c:\docume~1\user\locals~1\temp\nsz10.tmp\vpn.ini
- Creates c:\docume~1\user\locals~1\temp\nsz10.tmp\license.ini
- Creates c:\docume~1\user\locals~1\temp\nsz10.tmp\security.ini
- Creates c:\docume~1\user\locals~1\temp\nsz10.tmp\ioSpecial.ini
- Creates c:\docume~1\user\locals~1\temp\nsz10.tmp\modern-wizard.bmp
- Creates c:\docume~1\user\locals~1\temp\nsz10.tmp\InstallOptions.dll
PCMag.com Editors' Choice Award Logo is a trademark of Ziff Davis Publishing Holdings Inc. Used under license.