File Investigation Report
VAV.EXEFraudulent Security Program
Your PC is infected. The file called VAV.EXE is considered unsafe and there may be other infections on your PC.
You should urgently check your PC and remove any malicious software including VAV.EXE as soon as possible. The free version of Prevx CSI will scan your PC for millions of spyware and malware infections in less than 2 minutes. Don't put your confidential data, or your identity at risk, check your PC now with Prevx CSI.
Associated Malware Groups
The filename is associated with the malware group:
- Fraudulent Security Program
File Behavior
VAV.EXE has been seen to perform the following behavior:
- The Process is packed and/or encrypted using a software packing process
- Adds Products to the system registry
- Adds a Registry Key (RUN) to auto start Programs on system start up
- Executes a Process
- Uses hidden browser windows to connect to web sites without telling you
- Creates system tray popups, messages, errors and security warnings
- Opens browser pop ups
- Runs Javascript code
- This Process Creates Other Processes On Disk
- This Process is a file infector which modifies program files to include a host a copy of the infection
- Copies files
- This Process Deletes Other Processes From Disk
- Registers a Dynamic Link Library File
- Can communicate with other computer systems using HTTP protocols
VAV.EXE has been the subject of the following behavior:
- Created as a process on disk
- Executed as a Process
- Has code inserted into its Virtual Memory space by other programs
- Added as a Registry auto start to load Program on Boot up
- Registered as a Dynamic Link Library File
- Terminated as a Process
Country Of Origin
The filename VAV.EXE was first seen on Jun 5 2008 in the following geographical regions of the Prevx community:
- The UNITED KINGDOM on Jun 5 2008
- GERMANY on Jun 9 2008
- SWITZERLAND on Jun 19 2008
File Name Aliases
VAV.EXE can also use the following file names:
- 69477396.SVD
- UKREWIZ.TMP
- 01506195.SVD
- 70859435.SVD
- DPTRKRLKET-50.PMS .EXE
- FUOWIOF.TMP
- 13016263.EXE
- 18779558.EXE
- 64691629.EXE
Filesizes
The following file size has been seen:
- 326,144 bytes
- 325,632 bytes
- 410,112 bytes
Vendor, Product and Version Information
Files with the name VAV.EXE have been seen to have the following Vendor, Product and Version Information in the file header:
- ; Vista Antivirus 2008; 1, 0, 0, 1
File Type
The filename VAV.EXE refers to many versions of an executable program.
File Activity
One or more files with the name VAV.EXE creates, deletes, copies or moves the following files and folders:
- Creates c:\documents and settings\user\local settings\temporary internet files\content.ie5\67acpgmg\135[1]
- Creates c:\documents and settings\user\local settings\temporary internet files\content.ie5\7gddxlhz\lb[1]
- Creates c:\documents and settings\user\local settings\temporary internet files\content.ie5\67acpgmg\l[1]
- Creates c:\documents and settings\user\local settings\temporary internet files\content.ie5\2lcwzf76\s[1]
- Creates c:\documents and settings\user\local settings\temporary internet files\content.ie5\7gddxlhz\y2[1]
- Creates c:\documents and settings\user\local settings\temporary internet files\content.ie5\67acpgmg\y1[1]
- Creates c:\documents and settings\user\local settings\temporary internet files\content.ie5\2lcwzf76\v1[1]
- Creates c:\documents and settings\user\local settings\temporary internet files\content.ie5\7gddxlhz\y3[1]
- Creates c:\documents and settings\user\local settings\temporary internet files\content.ie5\67acpgmg\r[1]
- Creates c:\documents and settings\user\local settings\temporary internet files\content.ie5\2lcwzf76\tb1[1]
- Creates c:\documents and settings\user\local settings\temporary internet files\content.ie5\7gddxlhz\tb2[1]
- Creates c:\documents and settings\user\local settings\temporary internet files\content.ie5\67acpgmg\sp[1]
- Creates c:\documents and settings\user\local settings\temporary internet files\content.ie5\2lcwzf76\pb2[1]
- Creates c:\documents and settings\user\local settings\temporary internet files\content.ie5\7gddxlhz\pb1[1]
- Creates c:\documents and settings\user\local settings\temporary internet files\content.ie5\67acpgmg\pb4[1]
- Creates c:\documents and settings\user\local settings\temporary internet files\content.ie5\2lcwzf76\pb3[1]
- Creates c:\documents and settings\user\local settings\temporary internet files\content.ie5\7gddxlhz\pr[1]
- Creates c:\documents and settings\user\local settings\temporary internet files\content.ie5\67acpgmg\l1[1]
- Creates c:\documents and settings\user\local settings\temporary internet files\content.ie5\2lcwzf76\l11[1]
- Creates c:\documents and settings\user\local settings\temporary internet files\content.ie5\7gddxlhz\l2[1]
- Creates c:\documents and settings\user\local settings\temporary internet files\content.ie5\67acpgmg\l3[1]
- Creates c:\documents and settings\user\local settings\temporary internet files\content.ie5\2lcwzf76\b1[1]
- Creates c:\documents and settings\user\local settings\temporary internet files\content.ie5\7gddxlhz\b2[1]
- Creates c:\documents and settings\user\local settings\temporary internet files\content.ie5\67acpgmg\b3[1]
- Creates c:\documents and settings\user\local settings\temporary internet files\content.ie5\2lcwzf76\b4[1]
- Creates c:\documents and settings\user\local settings\temporary internet files\content.ie5\7gddxlhz\a[1]
- Creates c:\documents and settings\user\local settings\temporary internet files\content.ie5\67acpgmg\133[1]
- Creates c:\documents and settings\user\local settings\temporary internet files\content.ie5\2lcwzf76\w1[1]
- Creates c:\documents and settings\user\local settings\temporary internet files\content.ie5\7gddxlhz\w2[1]
Registry Activity
One or more files with the name VAV.EXE creates or modifies the following registry keys and values:
- HKEY_CURRENT_USER\Software\VAV 004 value:
- HKEY_CURRENT_USER\Software\VAV 111 [REG_DWORD, value: 0095218F]
- HKEY_CURRENT_USER\Software\VAV 546 0