FILE.EXE, Prevx

Associated Malware Groups

The unsafe files using this name are associated with the malware groups:

System Back Door
Malicious Software

File Behavior

FILE.EXE has been seen to perform the following behavior:

The Process is packed and/or encrypted using a software packing process
The Process is polymorphic and can change its structure
Found on infected systems and resists interrogation by security products
Uses low level functions to hide itself from the user and from system/security processes
Adds products to the system registry
Modifies Windows Security Policies to restrict/expand User Privileges on the machine
Writes to another Process's Virtual Memory (Process Hijacking)
This process creates other processes on disk
This Process Deletes Other Processes From Disk
Executes a Process
Creates new folders on the system
Copies files
Injects code into other processes
Adds a Registry Key (RUN) to auto start Programs on system start up
Modifies System Runtime Policies to limit system usability
Adds a Registry Key (DXCOM) to auto start Programs on system start up
This Process looks to see what security products and services are running on the system
Looks at the contents of the autoexec.bat file
Reads email address and phone book details
Can communicate with other computer systems using HTTP protocols
Automatically changes your firewall settings to allow itself or other programs to communicate over the internet
Executes Processes stored in Temporary Folders
Registers a Dynamic Link Library File
Downloads program file(s) and other content from the web
Modifies firewall settings, without user permission so it is not blocked from accessing the Internet

FILE.EXE has been the subject of the following behavior:

Executed as a Process
Created as a process on disk
Deleted as a process from disk
Added as a Registry auto start to load Program on Boot up
Has code inserted into its Virtual Memory space by other programs
Terminated as a Process
Copied to multiple locations on the system
Added as a Registry Key (DXCOM) to auto start Programs on system start up
Registered as a Dynamic Link Library File
Executed by Internet Explorer

Country Of Origin

The filename FILE.EXE was first seen on May 21 2007 in the following geographical regions of the Webroot community:

The United States on May 21 2007
Canada on May 21 2007
Taiwan on Jun 15 2007
Korea, Republic of on Jun 15 2007
Spain on Apr 26 2009
Romania on Apr 26 2009
Europe on Sep 23 2009
Vietnam on Oct 30 2009
Italy on Dec 14 2009
The United Kingdom on Dec 14 2009
Chile on Dec 31 2009
Mexico on Jan 9 2010

File Name Aliases

FILE.EXE can also use the following file names:

SOFTINFO.EXE
UNIKEY.EXE
YAHOOM~1 .EXE
VIDEOACCELERATOR.EXE
AZMIXERSEL.EXE
LMANAGER.EXE
SYNTPENH.EXE
APOINT.EXE
DAP.EXE
POWERDVDPLAYER.EXE
LOAD[1].EXE
GOOGLEQUICKSEARCHBOX.EXE
YAHOOMESSENGER.EXE
GOOGLETOOLBARNOTIFIER.EXE
HERSS.EXE
PIKACHU.EXE
UNIKEYNT.EXE
B1VL5X1OA.COM
UNIKEYNT .EXE
QQQ1YOI.COM
YAHOOMESSENGER .EXE
LOAD_001.EXE
LOAD(1).EXE
BLUPRO.EXE
MSMSGS.EXE
UNIKEY .EXE
UNIKEY .EXE
V46SXF2.COM
CCAPP.EXE
VPTRAY.EXE
QTTASK .EXE
QTTASK .EXE
QTTASK.EXE
GPMK6DS.COM
GETEXE.EXE
FILVE.EXE
MALEKALSMALS (nnn).EXE
MALEKALSMALS (nn).EXE
GETEXE_001.EXE
GETEXE_005.EXE
GETEXE_015.EXE
GETEXE_002.EXE
GETEXE_003.EXE
GETEXE_004.EXE
GETEXE_006.EXE
GETEXE_007.EXE
GETEXE_008.EXE
GETEXE_009.EXE
GETEXE_010.EXE
GETEXE_011.EXE
GETEXE_012.EXE
GETEXE_013.EXE
GETEXE_014.EXE
GETEXE_016.EXE
GETEXE_017.EXE
GETEXE_018.EXE
GETEXE_019.EXE
GETEXE_020.EXE
GETEXE_021.EXE
GETEXE_022.EXE
GETEXE_023.EXE
GETEXE_028.EXE
GETEXE_038.EXE
GETEXE_024.EXE
GETEXE_025.EXE
GETEXE_026.EXE
GETEXE_027.EXE
GETEXE_029.EXE
GETEXE_030.EXE
GETEXE_031.EXE
GETEXE_032.EXE
GETEXE_033.EXE
GETEXE_034.EXE
GETEXE_035.EXE
GETEXE_036.EXE
GETEXE_037.EXE
GETEXE_039.EXE
ZFILE.EXE
GFGGFGFGFGF (n).EXE
GETEXE_042.EXE
GETEXE_040.EXE
GETEXE_041.EXE
FILE2.EXE
YTREWQ (nn).EXE
SUP.EXE
ZZFILE.EXE
MRG-0777.EXE
UPDREG.EXE
ITUNESHELPER.EXE
LOAD_003.EXE
SERES.EXE
UNIKEY .EXE
JUSCHED.EXE
USBMANAGER.EXE
UNIKEY .EXE
UNIKEY .EXE
UNIKEY .EXE
UNIKEY .EXE
NOD32KUI.EXE
DAEMON.EXE
NMINDEXSTORESVR.EXE
FLUX.EXE
CRAC.EXE
INSTALL_CRACK.EXE
WINUPGRO.EXE
SOFTAUTO.EXE
RUN.EXE
REALSCHED.EXE
SETREFRESH.EXE
MSNMSGR.EXE
UPDATEWIN32.EXE
FDM.EXE
INSTALL_FLASH_PLAYER[1].EXE
V.EXE
~.EXE
E.EXE
0.25364304536866067.EXE
XX1232255.EXE
PX7786.TMP
8WAG0N5TG.COM

Filesizes

The following file size has been seen:

36,864 bytes
78,336 bytes
10,752 bytes
813,568 bytes
237,161 bytes
27,648 bytes
860,160 bytes
65,057 bytes
45,056 bytes

File Type

The filename FILE.EXE is used by multiple object types including executable programs,objects.

File Activity

One or more files with the name FILE.EXE creates, deletes, copies or moves the following files and folders:

Creates c:\documents and settings\user\application data\drivers\11s11ro1s1a2.sys
Creates c:\documents and settings\user\application data\drivers\111wfs1intwq.sys
Opens/modifes c:\autoexec.bat

Help the Webroot Community to fight cyber crime

We are always looking for ways to improve the quality and speed of research to help us protect you from malicious software and cyber crime.

The filename referred to in this report is often associated with PC infections. If you have a program of this name on your PC and would like to help our research please tell us what you know in the form below:

I have this file on my PC and believe it is an infection
I have this file on my PC and think it has made my PC slower
My firewall asked if I wanted to let this file have access to the Internet
My PC will not work since I noticed this file on it
My antivirus detected this file but won't remove it
I know what this file is and believe it is a Safe program
I am the author of this file and would like to discuss how to have it reclassified as safe

Further Comments or information you'd like to share: (optional)

Your email address if you would like us to contact you about this file and any concerns you may have: (optional)

PCMag.com Editors' Choice Award Logo is a trademark of Ziff Davis Publishing Holdings Inc. Used under license.

FILE.EXE

Free PC Cleanup from Webroot