Prevx Research Division
63.TMP
Cloaked MalwareFree PC Cleanup from Webroot
Use Webroot SecureAnywhere to remove 63.TMP.
"Just when you thought it couldn't get any better or faster. The Webroot scanning engine is 'high octane' with a hidden nitrous oxide system. Bravo!!!" W. Lodzinski, SecureAnywhere User
Associated Malware Groups
The filename is associated with the malware groups:
- Cloaked Malware
- Malicious Software
- Malware Downloader
- Malware Dropper
File Behavior
63.TMP has been seen to perform the following behavior:
- The Process is packed and/or encrypted using a software packing process
- Uses hidden browser windows to connect to web sites without telling you
- Runs Javascript code
- Visits web sites on your PC without you knowing
- Adds products to the system registry
- This process creates other processes on disk
63.TMP has been the subject of the following behavior:
- Created as a process on disk
- Registered as a Dynamic Link Library File
- Executed as a Process
- Copied to multiple locations on the system
- Added as a Registry auto start to load Program on Boot up
- Executed from Temporary Folders
Country Of Origin
The filename 63.TMP was first seen on Sep 24 2007 in the following geographical regions of the Webroot community:
- Canada on Sep 24 2007
- on Oct 15 2007
- Spain on Jul 10 2009
- Brazil on May 6 2010
- Italy on May 6 2010
- Turkey on May 15 2012
File Name Aliases
63.TMP can also use the following file names:
- 2.EXE
- C.TMP
- 5.TMP
- 65.TMP
- 6D.TMP
- 63.TMP.EXE
Filesizes
The following file size has been seen:
- 2,920 bytes
- 78,848 bytes
- 4,088 bytes
- 153,088 bytes
- 33,177 bytes
- 287,158 bytes
File Type
The filename 63.TMP refers to many versions of an executable program.
File Activity
One or more files with the name 63.TMP creates, deletes, copies or moves the following files and folders:
- Creates c:\windows\tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job
Website Activity
One or more files with the name 63.TMP interacts with the following web sites and pages. Web addresses have been deliberately modified to prevent unintentional use.
- m .gif?utmwv=4 .3 .1&utmn=236772293&utmhn=www .bigshoppingdeals .co .uk&utmcs=iso-8859-1&utmsr=1024x768&utmsc=16-bit&utmul=en-us&utmje=1&utmfl=6 .0%20r79&utmcn=1&utmdt=Big%20Shopping%20Deals%20UK&utmhid=208711524&utmr=http:3151 .93432 .simonsearch .c
- Remote server connection to imagesrepository .co
- Remote server connection to delphiner .co
- Remote server connection to philipining .co
- Remote server connection to images-base .co
- Remote server connection to 206 .161 .121 .11
- Remote server connection to 3151 .93432 .simonsearch .co
- Remote server connection to www .bigshoppingdeals .co .u
- Remote server connection to 7734 .45128 .primosearch .co
- Remote server connection to img .kelkoo .co
- Remote server connection to www .google-analytics .co
- Remote server connection to www .abcjmp .co
- Remote server connection to 439582 .pub .ezanga .co
- Remote server connection to www .dsidemarketing .co
- Remote server connection to www .avsmile .co
- Remote server connection to 66 .230 .188 .6
- Remote server connection to www .blinkx .co
- Remote server connection to www .voyeurteentube .co
- TCP:127.0.0.1:1098 Port:22
- Port 80 IP:216.240.157.91
- Port 80 IP:94.75.207.219
- Port 80 IP:64.69.32.220
- Port 80 IP:216.240.143.20
- Port 80 IP:206.161.121.115
- Port 80 IP:67.29.139.153
- Port 80 IP:64.241.242.90
- Port 80 IP:74.208.60.12
- Port 80 IP:88.221.26.34
- Port 80 IP:74.125.79.113
- Port 80 IP:76.12.125.61
- Port 80 IP:78.108.178.65
- Port 80 IP:195.224.176.7
- Port 80 IP:66.230.188.67
Help the Webroot Community to fight cyber crime
We are always looking for ways to improve the quality and speed of research to help us protect you from malicious software and cyber crime.
PCMag.com Editors' Choice Award Logo is a trademark of Ziff Davis Publishing Holdings Inc. Used under license.