Prevx Research Division
FINDYKILL.EXE
Malicious SoftwareFree PC Cleanup from Webroot
Use Webroot SecureAnywhere to remove FINDYKILL.EXE.
"Just when you thought it couldn't get any better or faster. The Webroot scanning engine is 'high octane' with a hidden nitrous oxide system. Bravo!!!" W. Lodzinski, SecureAnywhere User
Associated Malware Groups
The unsafe files using this name are associated with the malware groups:
- Malicious Software
- Worm
File Behavior
FINDYKILL.EXE has been seen to perform the following behavior:
- This process creates other processes on disk
- Executes a Process
- Writes to another Process's Virtual Memory (Process Hijacking)
- Registers a Dynamic Link Library File
- Creates new folders on the system
- This Process Deletes Other Processes From Disk
- The Process is packed and/or encrypted using a software packing process
- Adds a Registry Key (RUN) to auto start Programs on system start up
- Adds a Registry Key (RUNONCE) to auto start Programs on system start up
- Creates system tray popups, messages, errors and security warnings
FINDYKILL.EXE has been the subject of the following behavior:
- Has code inserted into its Virtual Memory space by other programs
- Created as a process on disk
- Executed as a Process
Country Of Origin
The filename FINDYKILL.EXE was first seen on Oct 4 2008 in the following geographical regions of the Webroot community:
- France on Oct 4 2008
- Italy on Jan 20 2009
- Europe on Apr 20 2009
- Brazil on Nov 17 2009
- Algeria on May 18 2012
File Name Aliases
FINDYKILL.EXE can also use the following file names:
- SETUP.EXE
- FINDYKILL-V5.019-SETUP.EXE
- FINDYKILL[n].EXE
- FINDYKILL(n).EXE
- FINDYKILL[1].EXE
- COPIA DI FINDYKILL.EXE
- FINDYKILL(1).EXE
- FINDYKILL (1).EXE
- FINDYKILL1.EXE
- MITEMASI.EXE
- PROVAFINDYKILL.EXE
- FINDYKILL_1.EXE
- LC8+B8YV.SCR.PART
- 80888699.EXE
- 79287295.EXE
Filesizes
The following file size has been seen:
- 1,065,740 bytes
- 1,699,548 bytes
- 515,851 bytes
- 474,844 bytes
- 695,501 bytes
File Type
The filename FINDYKILL.EXE refers to many versions of an executable program.
File Activity
One or more files with the name FINDYKILL.EXE creates, deletes, copies or moves the following files and folders:
- Creates c:\findykill\Uninstal.$$A
- Deletes c:\findykill\Uninstal.exe
- Moves c:\findykill\Uninstal.$$A to c:\findykill\Uninstal.exe
- Creates c:\findykill\FindyKill.$$A
- Deletes c:\findykill\FindyKill.cmd
- Moves c:\findykill\FindyKill.$$A to c:\findykill\FindyKill.cmd
- Creates c:\findykill\tools\7-zip32.$$A
- Deletes c:\findykill\tools\7-zip32.dll
- Moves c:\findykill\tools\7-zip32.$$A to c:\findykill\tools\7-zip32.dll
- Creates c:\findykill\tools\7z.$$A
- Deletes c:\findykill\tools\7z.exe
- Moves c:\findykill\tools\7z.$$A to c:\findykill\tools\7z.exe
- Creates c:\findykill\tools\Avert_C.$$A
- Deletes c:\findykill\tools\Avert_C.vbs
- Moves c:\findykill\tools\Avert_C.$$A to c:\findykill\tools\Avert_C.vbs
- Creates c:\findykill\tools\Avert_E.$$A
- Deletes c:\findykill\tools\Avert_E.vbs
- Moves c:\findykill\tools\Avert_E.$$A to c:\findykill\tools\Avert_E.vbs
- Creates c:\findykill\tools\Avert_F.$$A
- Deletes c:\findykill\tools\Avert_F.vbs
- Moves c:\findykill\tools\Avert_F.$$A to c:\findykill\tools\Avert_F.vbs
- Creates c:\findykill\tools\Fdc.$$A
- Deletes c:\findykill\tools\Fdc.reg
- Moves c:\findykill\tools\Fdc.$$A to c:\findykill\tools\Fdc.reg
- Creates c:\findykill\tools\fsum.$$A
- Deletes c:\findykill\tools\fsum.exe
- Moves c:\findykill\tools\fsum.$$A to c:\findykill\tools\fsum.exe
- Creates c:\findykill\tools\FyK.$$A
- Deletes c:\findykill\tools\FyK.ico
- Moves c:\findykill\tools\FyK.$$A to c:\findykill\tools\FyK.ico
- Creates c:\findykill\tools\FYKS.$$A
- Deletes c:\findykill\tools\FYKS.exe
- Moves c:\findykill\tools\FYKS.$$A to c:\findykill\tools\FYKS.exe
- Creates c:\findykill\tools\GREP.$$A
- Deletes c:\findykill\tools\GREP.EXE
- Moves c:\findykill\tools\GREP.$$A to c:\findykill\tools\GREP.EXE
- Creates c:\findykill\tools\Header.$$A
- Deletes c:\findykill\tools\Header.vbs
- Moves c:\findykill\tools\Header.$$A to c:\findykill\tools\Header.vbs
- Creates c:\findykill\tools\IZARCE.$$A
- Deletes c:\findykill\tools\IZARCE.exe
- Moves c:\findykill\tools\IZARCE.$$A to c:\findykill\tools\IZARCE.exe
- Creates c:\findykill\tools\Limpia.$$A
- Deletes c:\findykill\tools\Limpia
- Moves c:\findykill\tools\Limpia.$$A to c:\findykill\tools\Limpia
- Creates c:\findykill\tools\Process.$$A
- Deletes c:\findykill\tools\Process.exe
- Moves c:\findykill\tools\Process.$$A to c:\findykill\tools\Process.exe
- Creates c:\findykill\tools\REFMD5.$$A
- Deletes c:\findykill\tools\REFMD5.def
Help the Webroot Community to fight cyber crime
We are always looking for ways to improve the quality and speed of research to help us protect you from malicious software and cyber crime.
PCMag.com Editors' Choice Award Logo is a trademark of Ziff Davis Publishing Holdings Inc. Used under license.