15[1].EXE - Dangerous

What you should do about 15[1].EXE:

Your PC may be infected. The presence of a file called 15[1].EXE is a possible sign of infection.

You should urgently check your PC to make sure it is not infected. The free version of Prevx CSI will scan your PC in less than two minutes and check for millions of spyware and malware infections including 15[1].EXE. Don't take the risk, check your PC now.

Download Prevx CSI Now

What we know about 15[1].EXE:

The filename 15[1].EXE was first seen on Sep 29 2007 in CHINA. It has also been seen in the following geographical regions of the Prevx community:

  • SPAIN on Mar 5 2008
  • The UNITED STATES on Jul 23 2008
The filename 15[1].EXE refers to many versions of an executable program.

The most common file size is 17,908 bytes. But the following file sizes have also been seen:

  • 24,753 bytes
  • 19,867 bytes
  • 272,803 bytes
  • 17,228 bytes
  • 110,080 bytes

The unsafe files using this name are associated with the malware group W32.Malware.gen.Some files using the name 15[1].EXE are also associated with the malware groups:
  • PSW.Legendmir.JXT
  • Worm.Looked
 These files have no vendor, product or version information specified in the file header.

15[1].EXE has been seen to perform the following behavior(s):

  • The Process is packed and/or encrypted using a software packing process
  • This Process Creates Other Processes On Disk
  • Injects code into other processes
  • Copies files
  • Executes a Process
  • Enables an In Process Object/Server - Common with DLL Injections
  • This Process uses Anti Dissasembly Tricks
  • Adds a Registry Key (RUN) to auto start Programs on system start up
  • This Process Deletes Other Processes From Disk
  • Writes to another Process's Virtual Memory (Process Hijacking)
  • Registers a Dynamic Link Library File
  • Modifies Windows Initialization And System Settings Used On Start up
  • Modifies the Systems Winsock LSP which could allow control over all communications of the system
  • The process hooks code into all running processes which could allow it to take control of the system or record keyboard input, mouse activity and screen contents
  • Modifies Windows Security Policies to restrict/expand User Privileges on the machine
  • Adds Products to the system registry
  • Modifies the Windows Built in Screen Saver
  • Can communicate with other computer systems using HTTP protocols
  • Executes Processes stored in Temporary Folders
  • This Process is a file infector which modifies program files to include a host a copy of the infection
  • Looks at the contents of the autoexec.bat file
  • Reads email address and phone book details
  • Visits web sites on your PC without you knowing
  • Modifies the Logon Screen Saver Settings

15[1].EXE has been the subject of the following behavior(s):

  • Executed as a Process
  • Created as a process on disk
  • Deleted as a process from disk
  • Added as a Registry auto start to load Program on Boot up
  • Executed from Temporary Folders
  • Copied to multiple locations on the system
  • Has code inserted into its Virtual Memory space by other programs

15[1].EXE can also use the following file names:

  • JSEB14.EXE
  • 15[1].EXE
  • 48983429.DAT
  • 15[2].EXE
  • 51046802.SVD
  • 00936677.DAT
  • 15.EXE
  • PTSSHELL.EXE
  • 32461799.SVD
  • DPTRWA~1.EXE
  • 62228368.DAT
  • 17[1].EXE
  • 8222.EXE
  • VISTASP1.EXE
  • LPHCEQ2J0EVC9.EXE
  • LPHC9Q8J0EACE.EXE
  • SAMPLE-EWEDTYO.TMP
  • 23053587.EXE
  • DPTRAAEDXG-53.PMS.EXE
  • LPHC1WLJ0EAF9.EXE
  • LPHC5H6J0E11C.EXE
  • A0000195.EXE

Virus, Spyware & Malware Center