MSFAV32.EXE - Dangerous

What you should do about MSFAV32.EXE:

Check Your PC Now
Your PC may be infected. The presence of a file called MSFAV32.EXE is a possible sign of infection.


You should urgently check your PC to make sure it is not infected. The free version of Prevx CSI will scan your PC in less than two minutes and check for millions of spyware and malware infections including MSFAV32.EXE. Don't take the risk, check your PC now by clicking the green button.

Download Prevx CSI Now

Who Uses Prevx CSI?

Prevx has been detecting the threats that others miss since 2004.

More than 2,050,515 people have scanned with Prevx CSI and between them have checked 29.1 billion files. 65% of the PCs scanned had malware present.

What we know about MSFAV32.EXE:

The filename MSFAV32.EXE was first seen on Nov 7 2007 in The EUROPEAN UNION. It has also been seen in the following geographical regions of the Prevx community:

  • SPAIN on Nov 17 2007
  • POLAND on Nov 17 2007
  • URUGUAY on Nov 7 2007
  • ITALY on Jan 16 2008
The filename MSFAV32.EXE refers to many versions of an executable program.

The most common file size is 386,560 bytes. But the following file sizes have also been seen:

  • 391,168 bytes
  • 392,192 bytes
  • 968,704 bytes

The unsafe files using this name are associated with the malware group LoveBoom:Worm-a.Some files using the name MSFAV32.EXE are also associated with the malware group:
  • BackDoor.RBot.AK
 These files have no vendor, product or version information specified in the file header.

MSFAV32.EXE has been seen to perform the following behavior(s):

  • The Process is packed and/or encrypted using a software packing process
  • The Process is polymorphic and can change its structure
  • Makes outbound connections to other computers using NETBIOSOUT protocols
  • Can communicate with other computers using TCP protocols
  • Registers a Dynamic Link Library File

MSFAV32.EXE has been the subject of the following behavior(s):

  • Executed as a Process
  • Created as a process on disk
  • Has code inserted into its Virtual Memory space by other programs
  • Terminated as a Process
  • Created as a new Background Service on the machine

MSFAV32.EXE can also use the following file names:

  • 43501126.DAT
  • MSFAV32.EXE__DELETE_ON_REBOOT
  • 38295082.DAT
  • GATHER.EXE
  • 67619188.SVD
  • 42099742.EXE
  • XXXXXXX.EXE
  • 78219117.SVD
  • 28088175.DAT
  • 03065406.DAT