Prevx Research Division
DIVXINSTALLER.EXE
Cloaked MalwareIt is possible that your PC could be infected. The file name DIVXINSTALLER.EXE is used by both safe and unsafe programs.
You should urgently check your PC to make sure it is not infected. The free version of Webroot Cloud AntiVirus Beta will scan your PC in less than two minutes and check for millions of spyware and malware infections including DIVXINSTALLER.EXE. Don't put your confidential data, or your identity at risk, check your PC now with Webroot Cloud AntiVirus Beta.
Associated Malware Groups
The unsafe files using this name are associated with the malware group:
- Cloaked Malware
File Behavior
DIVXINSTALLER.EXE has been seen to perform the following behavior:
- This process creates other processes on disk
- Executes Processes stored in Temporary Folders
- Executes a Process
- This Process Deletes Other Processes From Disk
- Enables an In Process Object/Server - Common with DLL Injections
- Adds products to the system registry
- Writes to another Process's Virtual Memory (Process Hijacking)
- Changes to the file command map within the registry
- Adds a Registry Key (RUNONCE) to auto start Programs on system start up
- Hooks the WININET.DLL function allowing it to read or copy Http and Https web page content and session information
- Registers a Dynamic Link Library File
- Creates new folders on the system
- Injects code into other processes
- Found on infected systems and resists interrogation by security products
- Terminates Processes
- Can communicate with other computer systems using HTTP protocols
- Uses low level functions to hide itself from the user and from system/security processes
- Uses rootkit techniques to conceal its presence, interrogation or removal
DIVXINSTALLER.EXE has been the subject of the following behavior:
- Created as a process on disk
- Executed from Temporary Folders
- Deleted as a process from disk
- Executed as a Process
- Has code inserted into its Virtual Memory space by other programs
- Executed by Internet Explorer
- Registered as a Dynamic Link Library File
- Terminated as a Process
- Added as a Registry auto start to load Program on Boot up
Country Of Origin
The filename DIVXINSTALLER.EXE was first seen on Dec 19 2007 in the following geographical regions of the Webroot community:
- The United States on Dec 19 2007
- Europe on Aug 6 2008
- Spain on Aug 6 2008
- Bulgaria on Sep 25 2008
- Algeria on Jan 6 2009
- Switzerland on Jan 6 2009
- The United Kingdom on Oct 4 2010
- South Africa on Apr 27 2011
- Colombia on Apr 27 2011
- Turkey on May 24 2012
File Name Aliases
DIVXINSTALLER.EXE can also use the following file names:
- SCPMPE.EXE
- RWNENV.EXE
- HJLVLC.EXE
- AIPSPS.EXE
- BSMOMP.EXE
- ETJOJS.EXE
- NJQCQP.EXE
- HVKGKN.EXE
- IPVEVM.EXE
- YKQGQE.EXE
- HYEIEP.EXE
- ZAEWEV.EXE
- ZDVAVZ.EXE
- JGKUKD.EXE
- ZBRGRF.EXE
- FFEQEV.EXE
- GGTKTQ.EXE
- RYYSYJ.EXE
- PQHAHP.EXE
- DTSKSN.EXE
- FNSCSH.EXE
- DIVXWEBPLAYERINSTALLER (n).EXE
- DIVXWEBPLAYERINSTALLER.EXE
- DIVXWEBPLAYERINSTALLER[n].EXE
- DWPUPGRADEINSTALLER.EXE
- LATESTDIVXINSTALLER.EXE
- DIVXWEBPLAYERINSTALLER(n).EXE
- DIVXINSTALLER.EXE.PER
- DWPINSTALLER.EXE
- DIVX WEB PLAYER.EXE
- DIVXINSTALLER[1].EXE
- BINARY.AICUSTACT.DLL
- AICUSTACT.DLL
- NG[1].EXE
- ƷŌŸɂĿļĸĿƁƊƌƌəŅŏ
- 001C7501.EXE
- DC48.EXE
- DC32.EXE
Filesizes
The following file size has been seen:
- 3,813,472 bytes
- 783,851 bytes
- 14,336 bytes
- 20,730,648 bytes
- 1,484,616 bytes
- 149,504 bytes
- 1,117,140 bytes
- 8,228,464 bytes
File Type
The filename DIVXINSTALLER.EXE is used by multiple object types including executable programs,Dynamic Link LIbraries.
Help the Webroot Community to fight cyber crime
We are always looking for ways to improve the quality and speed of research to help us protect you from malicious software and cyber crime.
PCMag.com Editors' Choice Award Logo is a trademark of Ziff Davis Publishing Holdings Inc. Used under license.