DXWEBSETUP[1].EXE

Currently being reviewed

The filename DXWEBSETUP[1].EXE is used by objects that are classified as safe. It has not yet been seen to be associated with malicious software.

If you are concerned that your PC might be infected why not try our Free Webroot Cloud AntiVirus Beta. It will thoroughly check your PC for millions of active Spyware and malware infections and takes less than 2 minutes. Don't put your confidential data, or your identity at risk, check your PC now with Webroot Cloud AntiVirus Beta.

Download Now »

File Behavior

DXWEBSETUP[1].EXE has been seen to perform the following behavior:

Adds a Registry Key (RUNONCE) to auto start Programs on system start up
Executes Processes stored in Temporary Folders
This process creates other processes on disk
Executes a Process
This Process Deletes Other Processes From Disk
Registers a Dynamic Link Library File
Creates new folders in the file system
Writes to another Process's Virtual Memory (Process Hijacking)
Adds a Registry Key (RUN) to auto start Programs on system start up
Uses rootkit techniques to conceal its presence, interrogation or removal

DXWEBSETUP[1].EXE has been the subject of the following behavior:

Deleted as a process from disk
Created as a process on disk
Executed as a Process
Has code inserted into its Virtual Memory space by other programs
Terminated as a Process
Executed by Internet Explorer
Executed from Temporary Folders

Country Of Origin

The filename DXWEBSETUP[1].EXE was first seen on Jun 2 2008 in the following geographical regions of the Webroot community:

The United States on Jun 2 2008
on Jun 2 2008
South Africa on Dec 4 2010

File Name Aliases

DXWEBSETUP[1].EXE can also use the following file names:

DXWEBSETUP[n].EXE
DXWEBSETUP.EXE
DXWEBSETUPEN.EXE
TGPOWH4Y.EXE
K4RH177S.EXE
P3A1O4I9.EXE
DXWEBSETUP_001.EXE
DXWEBSETUP0808[n].EXE
M4QS1XMR.EXE
DXWEBSETUP-001.EXE
DXWEBSETUPUPDATE.EXE

Filesizes

The following file size has been seen:

305,672 bytes
5,515 bytes
3,459 bytes
2,774 bytes

File Type

The filename DXWEBSETUP[1].EXE is used by multiple object types including objects,executable programs.

File Activity

One or more files with the name DXWEBSETUP[1].EXE creates, deletes, copies or moves the following files and folders:

Creates c:\docume~1\user\locals~1\temp\ixp000.tmp\TMP4351$.TMP
Creates c:\docume~1\user\locals~1\temp\ixp000.tmp\dsetup.dll
Creates c:\docume~1\user\locals~1\temp\ixp000.tmp\dsetup32.dll
Creates c:\docume~1\user\locals~1\temp\ixp000.tmp\dxwsetup.exe
Creates c:\docume~1\user\locals~1\temp\ixp000.tmp\dxwsetup.cif
Creates c:\docume~1\user\locals~1\temp\ixp000.tmp\dxwsetup.inf
Deletes c:\docume~1\user\locals~1\temp\ixp000.tmp\dxwsetup.inf
Deletes c:\docume~1\user\locals~1\temp\ixp000.tmp\dxwsetup.cif
Deletes c:\docume~1\user\locals~1\temp\ixp000.tmp\dxwsetup.exe
Deletes c:\docume~1\user\locals~1\temp\ixp000.tmp\dsetup32.dll
Deletes c:\docume~1\user\locals~1\temp\ixp000.tmp\dsetup.dll
create folder C:\WINDOWS\LastGood\INF
create folder C:\WINDOWS\system32\directx\websetup
Moves c:\windows\lastgood\TMP1D.tmp to c:\windows\lastgood\inf\oem9.inf
Moves c:\windows\lastgood\TMP1F.tmp to c:\windows\lastgood\inf\oem9.PNF
Deletes c:\windows\inf\oem9.inf
Deletes c:\windows\system32\directx\websetup\SET27.tmp
Copies filec:\docume~1\user\locals~1\temp\ixp000.tmp\dsetup.dll to c:\windows\system32\directx\websetup\SET27.tmp
Deletes c:\windows\system32\directx\websetup\dsetup.dll
Moves c:\windows\system32\directx\websetup\SET27.tmp to c:\windows\system32\directx\websetup\dsetup.dll
Deletes c:\windows\system32\directx\websetup\SET2C.tmp
Copies filec:\docume~1\user\locals~1\temp\ixp000.tmp\dsetup32.dll to c:\windows\system32\directx\websetup\SET2C.tmp
Deletes c:\windows\system32\directx\websetup\dsetup32.dll
Moves c:\windows\system32\directx\websetup\SET2C.tmp to c:\windows\system32\directx\websetup\dsetup32.dll

Help the Webroot Community to fight cyber crime

We are always looking for ways to improve the quality and speed of research to help us protect you from malicious software and cyber crime.

Virus, Spyware & Malware Center »