BTDNA.EXE

What you should do about BTDNA.EXE:

Check Your PC Now
It is possible that your PC could be infected. The file name BTDNA.EXE is used by both safe and unsafe programs.


You should urgently check your PC to make sure it is not infected. The free version of Prevx CSI will scan your PC in less than two minutes and check for millions of spyware and malware infections including BTDNA.EXE. Don't take the risk, check your PC now by clicking the green button.

Download Prevx CSI Now

Who Uses Prevx CSI?

Prevx has been detecting the threats that others miss since 2004.

More than 2,056,030 people have scanned with Prevx CSI and between them have checked 29.4 billion files. 66% of the PCs scanned had malware present.

What we know about BTDNA.EXE:

The filename BTDNA.EXE was first seen on Nov 1 2007 in The EUROPEAN UNION. It has also been seen in the following geographical regions of the Prevx community:

  • POLAND on May 9 2008
  • HONG KONG on Jan 19 2008
  • The UNITED STATES on Feb 6 2008
  • SPAIN on Mar 13 2008
The filename BTDNA.EXE is used by multiple object types including executable programs,objects.

The most common file size is 288,576 bytes. But the following file sizes have also been seen:

  • 247,104 bytes
  • 286,528 bytes
  • 14,348 bytes
  • 291,136 bytes

The unsafe files using this name are associated with the malware group KillAV.II.Some files using the name BTDNA.EXE are also associated with the malware group:
  • Trojan.Delf.AF
 These files have no vendor, product or version information specified in the file header.

BTDNA.EXE has been seen to perform the following behavior(s):

  • Adds Products to the system registry
  • Changes to the file command map within the registry
  • Changes Windows Firewall Control Settings to allow itself to communicate with other computers
  • Adds a Registry Key (RUN) to auto start Programs on system start up
  • This Process Creates Other Processes On Disk
  • Executes a Process
  • Creates a TCP port which listens and is available for communication initiated by other computers
  • Can communicate with other computer systems using HTTP protocols
  • The Process is packed and/or encrypted using a software packing process
  • This Process sends MIME Email
  • This Process Deletes Other Processes From Disk
  • Writes to another Process's Virtual Memory (Process Hijacking)
  • Registers a Dynamic Link Library File
  • Can communicate with other computers using TCP protocols
  • Opens pop up browser windows
  • Uses DNS to retrieve the IP address for web sites
  • Creates potentially fake system tray messages and error warnings

BTDNA.EXE has been the subject of the following behavior(s):

  • Added as a Registry auto start to load Program on Boot up
  • Executed as a Process
  • Created as a process on disk
  • Changes to the file command map within the registry
  • Deleted as a process from disk
  • Has code inserted into its Virtual Memory space by other programs
  • Executed from Temporary Folders
  • Terminated as a Process
  • Created as a new Background Service on the machine

BTDNA.EXE can also use the following file names:

  • YHRVWOUIU.EXE
  • 54833939.EXE
  • TMPDB82.TMP
  • 96314631.SVD
  • 50547687.EXE
  • 24265715.EXE
  • UTT2.TMP.EXE
  • UTTA.TMP.EXE
  • UTT7.TMP.EXE
  • UTTE2E.TMP.EXE
  • UTT4.TMP.EXE
  • UTT5.TMP.EXE
  • UTT13.TMP.EXE
  • 29052048.EXE
  • UTT1.TMP.EXE
  • 45086565.DAT
  • UTT5BE.TMP.EXE
  • UTT119.TMP.EXE
  • DNA.EXE
  • UTT4E40.TMP.EXE
  • UTT48.TMP.EXE
  • UTT3.TMP.EXE
  • UTT58D.TMP.EXE
  • UTT1F.TMP.EXE
  • UTT8.TMP.EXE
  • UTT205.TMP.EXE
  • UTTD5.TMP.EXE
  • UTT2319.TMP.EXE
  • UTT30.TMP.EXE
  • UTTB.TMP.EXE
  • UTT35.TMP.EXE
  • UTT9.TMP.EXE
  • UTT6.TMP.EXE
  • UTTAC29.TMP.EXE
  • UTTC.TMP.EXE
  • UTTD2.TMP.EXE
  • UTT166.TMP.EXE
  • UTT14FC.TMP.EXE
  • UTTD.TMP.EXE
  • UTTF.TMP.EXE
  • UTTDF.TMP.EXE
  • UTT51.TMP.EXE
  • UTT6506.TMP.EXE
  • UTT28.TMP.EXE
  • Ó
  • UTT5E.TMP.EXE
  • UTTA60.TMP.EXE
  • UTTA237.TMP.EXE
  • UTTBE2.TMP.EXE
  • UTT10.TMP.EXE
  • UTT23C3.TMP.EXE
  • UTT66.TMP.EXE
  • UTT4B.TMP.EXE
  • &
  • UTT178.TMP.EXE
  • UTT4D5.TMP.EXE
  • UTT4A4.TMP.EXE
  • UTT2E.TMP.EXE
  • UTT5E69.TMP.EXE
  • 52617613.SVD
  • UTT11.TMP.EXE
  • UTT13D.TMP.EXE
  • UTTCBE5.TMP.EXE
  • UTTB77.TMP.EXE
  • UTT2B.TMP.EXE
  • UTTBA62.TMP.EXE
  • UTT27B.TMP.EXE
  • UTT16A.TMP.EXE
  • 35445955.EXE
  • 36403297.EXE
  • UTT34.TMP.EXE
  • UTT2B1B.TMP.EXE
  • UTT24D.TMP.EXE
  • UTTE8.TMP.EXE
  • UTT23.TMP.EXE
  • UTTA1.TMP.EXE
  • UTT10B6.TMP.EXE
  • UTT25.TMP.EXE
  • UTT5B.TMP.EXE
  • UTTE.TMP.EXE
  • DEVICE
  • UTT1F3.TMP.EXE
  • UTT79E.TMP.EXE
  • UTT56.TMP.EXE
  • UTT25F.TMP.EXE
  • UTT211.TMP.EXE
  • 46447784.EXE
  • 91432315.DAT
  • UTT5843.TMP.EXE
  • UTTA53F.TMP.EXE
  • UTT29C.TMP.EXE
  • UTT101.TMP.EXE
  • UTT11DA.TMP.EXE
  • UTT16.TMP.EXE
  • UTT22.TMP.EXE
  • UTT1B.TMP.EXE
  • UTT412.TMP.EXE
  • UTT94.TMP.EXE
  • 23942196.EXE
  • UTT167.TMP.EXE
  • UTTB2.TMP.EXE
  • UTT15.TMP.EXE
  • UTT5F1.TMP.EXE
  • UTT14.TMP.EXE
  • UTT69.TMP.EXE
  • UTT2F.TMP.EXE
  • UTT14F.TMP.EXE
  • UTT2D7.TMP.EXE
  • UTTA40B.TMP.EXE
  • 37864951.SVD
  • UTT97DB.TMP.EXE
  • 97135802.EXE
  • UTT70C.TMP.EXE
  • UTTCF.TMP.EXE
  • BT
  • UTT112.TMP.EXE
  • UTT7B.TMP.EXE
  • UTT30C3.TMP.EXE
  • UTTD400.TMP.EXE
  • UTT9B.TMP.EXE
  • UTT19B.TMP.EXE
  • UTT91A4.TMP.EXE
  • UTTFD.TMP.EXE
  • UTT53.TMP.EXE
  • UTT4A0.TMP.EXE
  • UTT1D5.TMP.EXE
  • UTT21.TMP.EXE
  • UTT16D.TMP.EXE
  • 81917814.SVD
  • VM_STI.EXE