Prevx Research Division
SYLINKREPLACER.EXE
VirusFree PC Cleanup from Webroot
Use Webroot SecureAnywhere to remove SYLINKREPLACER.EXE.
"Just when you thought it couldn't get any better or faster. The Webroot scanning engine is 'high octane' with a hidden nitrous oxide system. Bravo!!!" W. Lodzinski, SecureAnywhere User
Associated Malware Groups
The unsafe files using this name are associated with the malware group:
- Virus
File Behavior
SYLINKREPLACER.EXE has been seen to perform the following behavior:
- Creates system tray popups, messages, errors and security warnings
SYLINKREPLACER.EXE has been the subject of the following behavior:
- Executed as a Process
Country Of Origin
The filename SYLINKREPLACER.EXE was first seen on Jul 30 2008 in the following geographical regions of the Webroot community:
- Spain on Jul 30 2008
- Russian Federation on Jul 30 2008
- South Africa on Sep 7 2010
Filesizes
The following file size has been seen:
- 1,193,794 bytes
- 1,112,662 bytes
File Type
The filename SYLINKREPLACER.EXE is used by multiple object types including objects,executable programs.
File Activity
One or more files with the name SYLINKREPLACER.EXE creates, deletes, copies or moves the following files and folders:
- Creates c:\docume~1\jim\locals~1\temp\~sfx4a42b2ae\autorun.iff
- Creates c:\docume~1\jim\locals~1\temp\~sfx4a42b2ae\TestSec.exe
- Creates c:\docume~1\jim\locals~1\temp\~sfx4a42b2ae\ESUGUnEn.exe
- Creates c:\docume~1\jim\locals~1\temp\~sfx4a42b2ae\ESUGSleep.exe
- Creates c:\docume~1\jim\locals~1\temp\~sfx4a42b2ae\ESUGReg.exe
- Creates c:\docume~1\jim\locals~1\temp\~sfx4a42b2ae\ESUGDlgControl.exe
- Creates c:\docume~1\jim\locals~1\temp\~sfx4a42b2ae\ESUGRegEx.exe
- Creates c:\docume~1\jim\locals~1\temp\~sfx4a42b2ae\subdropsilent.bat
- Creates c:\docume~1\jim\locals~1\temp\~sfx4a42b2ae\subdiscoversilent.bat
- Creates c:\docume~1\jim\locals~1\temp\~sfx4a42b2ae\dropsilent.bat
- Creates c:\docume~1\jim\locals~1\temp\~sfx4a42b2ae\discoversilent.bat
- Creates c:\docume~1\jim\locals~1\temp\~sfx4a42b2ae\gathersilent.bat
- Creates c:\docume~1\jim\locals~1\temp\~sfx4a42b2ae\sylinkReplacermain.bat
- Creates c:\docume~1\jim\locals~1\temp\~sfx4a42b2ae\SylinkReplacer.txt
- Creates c:\docume~1\jim\locals~1\temp\~sfx4a42b2ae\kill.bat
- Creates c:\docume~1\jim\locals~1\temp\~sfx4a42b2ae\app2.bat
- Creates c:\docume~1\jim\locals~1\temp\~sfx4a42b2ae\app3.bat
- Creates c:\docume~1\jim\locals~1\temp\~sfx4a42b2ae\app5.bat
- Creates c:\docume~1\jim\locals~1\temp\~sfx4a42b2ae\app6.bat
- Creates c:\docume~1\jim\locals~1\temp\~sfx4a42b2ae\app.bat
- Creates c:\docume~1\jim\locals~1\temp\~sfx4a42b2ae\call.bat
- Creates c:\docume~1\jim\locals~1\temp\~sfx4a42b2ae\app1.bat
- Creates c:\docume~1\jim\locals~1\temp\~sfx4a42b2ae\sylinkreplacer.bat
- Creates c:\docume~1\jim\locals~1\temp\~sfx4a42b2ae\sylinkreplacersilent.bat
- Creates c:\docume~1\jim\locals~1\temp\~sfx4a42b2ae\SylinkReplacer.pdf
- Moves c:\docume~1\jim\locals~1\temp\~sfx4a42b2ae\app.bat to c:\sylinkreplacer\app.bat
- Moves c:\docume~1\jim\locals~1\temp\~sfx4a42b2ae\app1.bat to c:\sylinkreplacer\app1.bat
- Moves c:\docume~1\jim\locals~1\temp\~sfx4a42b2ae\app2.bat to c:\sylinkreplacer\app2.bat
- Moves c:\docume~1\jim\locals~1\temp\~sfx4a42b2ae\app3.bat to c:\sylinkreplacer\app3.bat
- Moves c:\docume~1\jim\locals~1\temp\~sfx4a42b2ae\app5.bat to c:\sylinkreplacer\app5.bat
- Moves c:\docume~1\jim\locals~1\temp\~sfx4a42b2ae\app6.bat to c:\sylinkreplacer\app6.bat
- Moves c:\docume~1\jim\locals~1\temp\~sfx4a42b2ae\call.bat to c:\sylinkreplacer\call.bat
- Moves c:\docume~1\jim\locals~1\temp\~sfx4a42b2ae\discoversilent.bat to c:\sylinkreplacer\discoversilent.bat
- Moves c:\docume~1\jim\locals~1\temp\~sfx4a42b2ae\dropsilent.bat to c:\sylinkreplacer\dropsilent.bat
- Moves c:\docume~1\jim\locals~1\temp\~sfx4a42b2ae\ESUGDlgControl.exe to c:\sylinkreplacer\ESUGDlgControl.exe
- Moves c:\docume~1\jim\locals~1\temp\~sfx4a42b2ae\ESUGReg.exe to c:\sylinkreplacer\ESUGReg.exe
- Moves c:\docume~1\jim\locals~1\temp\~sfx4a42b2ae\ESUGRegEx.exe to c:\sylinkreplacer\ESUGRegEx.exe
- Moves c:\docume~1\jim\locals~1\temp\~sfx4a42b2ae\ESUGSleep.exe to c:\sylinkreplacer\ESUGSleep.exe
- Moves c:\docume~1\jim\locals~1\temp\~sfx4a42b2ae\ESUGUnEn.exe to c:\sylinkreplacer\ESUGUnEn.exe
- Moves c:\docume~1\jim\locals~1\temp\~sfx4a42b2ae\gathersilent.bat to c:\sylinkreplacer\gathersilent.bat
- Moves c:\docume~1\jim\locals~1\temp\~sfx4a42b2ae\kill.bat to c:\sylinkreplacer\kill.bat
- Moves c:\docume~1\jim\locals~1\temp\~sfx4a42b2ae\subdiscoversilent.bat to c:\sylinkreplacer\subdiscoversilent.bat
- Moves c:\docume~1\jim\locals~1\temp\~sfx4a42b2ae\subdropsilent.bat to c:\sylinkreplacer\subdropsilent.bat
- Moves c:\docume~1\jim\locals~1\temp\~sfx4a42b2ae\sylinkreplacer.bat to c:\sylinkreplacer\sylinkreplacer.bat
- Moves c:\docume~1\jim\locals~1\temp\~sfx4a42b2ae\SylinkReplacer.pdf to c:\sylinkreplacer\SylinkReplacer.pdf
- Moves c:\docume~1\jim\locals~1\temp\~sfx4a42b2ae\SylinkReplacer.txt to c:\sylinkreplacer\SylinkReplacer.txt
- Moves c:\docume~1\jim\locals~1\temp\~sfx4a42b2ae\sylinkReplacermain.bat to c:\sylinkreplacer\sylinkReplacermain.bat
- Moves c:\docume~1\jim\locals~1\temp\~sfx4a42b2ae\sylinkreplacersilent.bat to c:\sylinkreplacer\sylinkreplacersilent.bat
- Moves c:\docume~1\jim\locals~1\temp\~sfx4a42b2ae\TestSec.exe to c:\sylinkreplacer\TestSec.exe
- Creates c:\sylinkreplacer\ESUGDlgControl.exe
Help the Webroot Community to fight cyber crime
We are always looking for ways to improve the quality and speed of research to help us protect you from malicious software and cyber crime.
PCMag.com Editors' Choice Award Logo is a trademark of Ziff Davis Publishing Holdings Inc. Used under license.