File Investigation Report
AV[n].EXE
Cloaked MalwarePC Cleanup in 3 Easy Steps
Use Prevx 3.0 to remove AV[n].EXE, along with any other viruses, spyware, adware, trojans, rootkits, worms, information stealers, keyloggers, bots, and other form of malicious threat that may reside on your PC.
- Think your PC might be Infected? Scan Now Prevx 3.0 will scan your PC in seconds to inform you whether your PC is clean or infected.
- Malware Removal Prevx 3.0 removes adware infections for free. More complicated infections require purchase of a malware removal license.
- Expert Assistance In the rare occurence that Prevx 3.0 malware removal fails - a Prevx Engineer will connect to your PC and manually disinfect.
- Money Back Guarantee for Individual Users If within the first 14 days, the Prevx Engineer finds it impossible to clean an infection from your PC, we give you your money back.
Associated Malware Groups
The unsafe files using this name are associated with the malware groups:
- Cloaked Malware
- Worm
File Behavior
AV[n].EXE has been seen to perform the following behavior:
- Executes a Process
- This process creates other processes on disk
- Opens browser pop ups
- Found on infected systems and resists interrogation by security products
- Registers a Dynamic Link Library File
- Looks at the contents of the autoexec.bat file
- Reads email address and phone book details
- Visits web sites on your PC without you knowing
- The Process is packed and/or encrypted using a software packing process
- The Process is polymorphic and can change its structure
AV[n].EXE has been the subject of the following behavior:
- Executed as a Process
- Copied to multiple locations on the system
- Added as a Registry auto start to load Program on Boot up
- Created as a process on disk
- Registered as a Dynamic Link Library File
Country Of Origin
The filename AV[n].EXE was first seen on Jul 15 2007 in the following geographical regions of the Prevx community:
- Singapore on Jul 15 2007
- Spain on Jul 15 2007
- Canada on Jan 26 2009
- Germany on May 15 2009
- Europe on Sep 21 2009
File Name Aliases
AV[n].EXE can also use the following file names:
- AVALL[n].EXE
- SRFNSFGBSVDSAFGGRTYMUJTGB43.EXE
- LISER.EXE
- MGYJ6HESJE4SGHSRGSNDSDHUJJA43.EXE
- FYJHE4RHTSERJRTJAEGWVV43.EXE
- DTHSERKY4Y5HAEEBGJNEW43.EXE
- NGMMNBHFSSEREJKTYISTE4DEH43.EXE
- JKIO965HGWT43QAWHGEFHAEWQQF43.EXE
- VRT9.TMP
- VRT2.TMP
- VRT1.TMP
- VRT131.TMP
- PASSCMD[1].EXE
- RDL50.TMP
- RDL1D6.TMP
- RDL3C.TMP
- LDR.EXE
- AV[1].EXE
- 22[n].EXE
- AV.EXE
- 730970.EXE
- 35550.EXE
- 1180177356.EXE
Filesizes
The following file size has been seen:
- 4,664,073 bytes
- 61,440 bytes
- 77,323 bytes
- 101,700 bytes
- 269,824 bytes
- 57,344 bytes
- 69,632 bytes
- 49,102 bytes
File Type
The filename AV[n].EXE is used by multiple object types including executable programs,objects.
File Activity
One or more files with the name AV[n].EXE creates, deletes, copies or moves the following files and folders:
- Opens/modifes c:\autoexec.bat
- Creates c:\documents and settings\all users\application data\crucialsoft ltd\ms antispyware 2009\msas2009.exe
- Creates c:\documents and settings\user\start menu\programs\ms antispyware 2009\MS AntiSpyware 2009.lnk
Website Activity
One or more files with the name AV[n].EXE interacts with the following web sites and pages. Web addresses have been deliberately modified to prevent unintentional use.
- int .proreportms1 .com / stat .php?func=installrun&id=200091&landing=-1&lang=EN&sub=0
- dl .ms-scan-antiviral .com / get / ?pin=200091&lnd=-1&type=main
- Remote server connection to dl .ms-scan-antiviral .co
- Port 80 IP:94.247.2.133
- Port 80 IP:78.26.179.239
PCMag.com Editors' Choice Award Logo is a trademark of Ziff Davis Publishing Holdings Inc. Used under license.