Prevx Research Division
"AQOEERW.EXE"
WormFree PC Cleanup from Webroot
Use Webroot SecureAnywhere to remove AQOEERW.EXE.
"Just when you thought it couldn't get any better or faster. The Webroot scanning engine is 'high octane' with a hidden nitrous oxide system. Bravo!!!" W. Lodzinski, SecureAnywhere User
Associated Malware Groups
The unsafe files using this name are associated with the malware group:
- Worm
File Behavior
AQOEERW.EXE has been seen to perform the following behavior:
- The Process is packed and/or encrypted using a software packing process
- This process creates other processes on disk
- Violates Windows/Vista Physical Memory Protection allowing it to look inside the data areas of other programs
- This Process Deletes Other Processes From Disk
- Writes to another Process's Virtual Memory (Process Hijacking)
- Found on infected systems and resists interrogation by security products
- Uses low level functions to hide itself from the user and from system/security processes
- Adds a Registry Key (RUN) to auto start Programs on system start up
- Executes a Process
- Copies files
- Injects code into other processes
- Registers a Dynamic Link Library File
AQOEERW.EXE has been the subject of the following behavior:
- Added as a Registry auto start to load Program on Boot up
- Created as a process on disk
- Executed from Temporary Folders
- Deleted as a process from disk
- Executed as a Process
- Has code inserted into its Virtual Memory space by other programs
- Copied to multiple locations on the system
- Terminated as a Process
- Registered as a Dynamic Link Library File
Country Of Origin
The filename AQOEERW.EXE was first seen on Oct 14 2009 in the following geographical regions of the Webroot community:
- Taiwan on Oct 14 2009
- Hong Kong on Nov 10 2009
- Poland on Feb 20 2010
- China on Feb 24 2010
File Name Aliases
AQOEERW.EXE can also use the following file names:
- JKXROX.EXE
- HYJ2GUNW.EXE
- W32TATERF!I117.EXE
- N89F1D1W.EXE
- EADF6S.EXE
- SIE2V8.EXE
- C__DOCUME~1_ADMINI~1_LOCALS~1_TEMP_K2E~0_SUSPECT_SOS_C__DOCUME~1_ADMINI~1_LOCALS~1_TEMP_K2E~0_SUSPECT_SOS_C__SIE2V8.EXE
- C__DOCUME~1_ADMINI~1_LOCALS~1_TEMP_K2E~0_SUSPECT_SOS_C__DOCUME~1_ADMINI~1_LOCALS~1_TEMP_K2E~0_SUSPECT_SOS_C__WINDOWS_SYSTEM32_AQOEERW.EXE
- C__DOCUME~1_ADMINI~1_LOCALS~1_TEMP_K2E~0_SUSPECT_SOS_C__SIE2V8.EXE
- C__DOCUME~1_ADMINI~1_LOCALS~1_TEMP_K2E~0_SUSPECT_SOS_C__WINDOWS_SYSTEM32_AQOEERW.EXE
- C__DOCUME~1_ADMINI~1_LOCALS~1_TEMP_K2E~285719_SUSPECT_SOS_C__DOCUME~1_ADMINI~1_LOCALS~1_TEMP_K2E~0_SUSPECT_SOS_C__SIE2V8.EXE
- C__DOCUME~1_ADMINI~1_LOCALS~1_TEMP_K2E~285719_SUSPECT_SOS_C__DOCUME~1_ADMINI~1_LOCALS~1_TEMP_K2E~0_SUSPECT_SOS_C__WINDOWS_SYSTEM32_AQOEERW.EXE
- C__DOCUME~1_ADMINI~1_LOCALS~1_TEMP_K2E~285719_SUSPECT_SOS_C__SIE2V8.EXE
- C__SIE2V8.EXE
- JKXROX-1.EXE
- WDM.EXE
- YMXF3Q.EXE
- DI3SU.EXE
- K9CUOS2Q.EXE
- AUTORUN.INF
- Q.EXE
- A1.EXE
- AT.EXE
- S1K.EXE
- 57400227.EXE
Filesizes
The following file size has been seen:
- 129,536 bytes
- 140,800 bytes
- 125,302 bytes
- 104,960 bytes
- 121,344 bytes
- 126,656 bytes
- 129,886 bytes
- 105,472 bytes
File Type
The filename AQOEERW.EXE refers to many versions of an executable program.
Help the Webroot Community to fight cyber crime
We are always looking for ways to improve the quality and speed of research to help us protect you from malicious software and cyber crime.
PCMag.com Editors' Choice Award Logo is a trademark of Ziff Davis Publishing Holdings Inc. Used under license.