Prevx Research Division
DC38.EXE
Fraudulent Security ProgramFree PC Cleanup from Webroot
Use Webroot SecureAnywhere to remove DC38.EXE.
"Just when you thought it couldn't get any better or faster. The Webroot scanning engine is 'high octane' with a hidden nitrous oxide system. Bravo!!!" W. Lodzinski, SecureAnywhere User
Associated Malware Groups
The unsafe files using this name are associated with the malware groups:
- Fraudulent Security Program
- Malware Downloader
File Behavior
DC38.EXE has been seen to perform the following behavior:
- Executes a Process
- This Process Deletes Other Processes From Disk
- This process creates other processes on disk
- Adds products to the system registry
- Adds a Registry Key (RUN) to auto start Programs on system start up
- Can communicate with other computer systems using HTTP protocols
- Executes Processes stored in Temporary Folders
- Writes to another Process's Virtual Memory (Process Hijacking)
- Enables the system to use a Communications Proxy Server
- Registers a Dynamic Link Library File
- This Process sends MIME Email
- Creates system tray popups, messages, errors and security warnings
- Opens browser pop ups
- Visits web sites on your PC without you knowing
DC38.EXE has been the subject of the following behavior:
- Created as a process on disk
- Executed as a Process
- Deleted as a process from disk
- Executed by Internet Explorer
- Has code inserted into its Virtual Memory space by other programs
- Added as a Registry auto start to load Program on Boot up
- Terminated as a Process
- Executed from Temporary Folders
Country Of Origin
The filename DC38.EXE was first seen on May 31 2007 in the following geographical regions of the Webroot community:
- The United States on May 31 2007
- Spain on Jul 19 2007
- Europe on Oct 8 2007
File Name Aliases
DC38.EXE can also use the following file names:
- INSTALL_EN.EXE
- INSTALL_EN[1].EXE
- INSTALL_EN[2].EXE
- INSTALL_EN_2.EXE
- FOR ST DATACENTER TEAM SUPPORT/1/ANTIWORM2008.EXE
- ANTIVIRUSINSTALLFREE_EN[1](2).EXE
- ANTIVIRUSINSTALLFREE_EN.EXE
- ANTIVIRUSINSTALLFREE_EN[1].EXE
- H4GR55J1.EXE
- ANTIVIRUSINSTALLFREE_EN[2].EXE
- INSTALL_EN/INSTALL_EN.EXE
- INSTALL_ENTROGAN.EXE
- CWVC7NOM.EXE
- IABIAL9Y.EXE
- W9413BVQ.EXE
- INSTALL_EN[3].EXE
- HYTJF3AU.EXE
- EIGAI5QS.EXE
- IYNVA21P.EXE
- J9QYSJ3M.EXE
- INSTALL_EN[n].EXE
- CAQLYUVV.EXE
- DSWTMHMJ.EXE
- EFCGXLVU.EXE
- EXJEGPQB.EXE
- HQHMHMDI.EXE
- HKNBRHHH.EXE
- GXWBVYHB.EXE
- GLCJWFDV.EXE
- GFNSAQMF.EXE
- GCAAQYQF.EXE
- AFJYQMUK.EXE
- YWUECXWM.EXE
- AGRRWLOA.EXE
- KJYMXIUQ.EXE
- PYNNPBME.EXE
- WTC5RXJF.EXE
- NGPROXVF.EXE
- 1B094EA0D01
- 5OH409LF.EXE
- 8IHO1SVK.EXE
- DC1118.EXE
- DC16.EXE
- 0H3K1MTK.EXE
- 89CE3HVC.EXE
- DC395.EXE
- DC23.EXE
- DC33.EXE
- 2MUJEKO1.EXE
- DC68.EXE
- 3GNZHDMD.EXE
- E627BA4BD01
- 7MTUNZLK.EXE
- 30 7 2007 23-40-55[ANTIVIRUSINSTALLFREE_EN[1].EXE].DAT
- DC6.EXE
- DC3.EXE
- B4DB644CD01
- DC1.EXE
- E09A47F0D01
Filesizes
The following file size has been seen:
- 90,140 bytes
- 177,741 bytes
- 158,752 bytes
- 158,952 bytes
- 159,264 bytes
File Type
The filename DC38.EXE refers to many versions of an executable program.
File Activity
One or more files with the name DC38.EXE creates, deletes, copies or moves the following files and folders:
- Opens/modifes c:\autoexec.bat
Website Activity
One or more files with the name DC38.EXE interacts with the following web sites and pages. Web addresses have been deliberately modified to prevent unintentional use.
- Remote server connection to ykeeper .avsystemcare .co
- Remote server connection to gn .web-fastserve .co
- Port 80 IP:85.17.4.104
Help the Webroot Community to fight cyber crime
We are always looking for ways to improve the quality and speed of research to help us protect you from malicious software and cyber crime.
PCMag.com Editors' Choice Award Logo is a trademark of Ziff Davis Publishing Holdings Inc. Used under license.