Prevx Research Division
VW.EXE
WormFree PC Cleanup from Webroot
Use Webroot SecureAnywhere to remove VW.EXE.
"Just when you thought it couldn't get any better or faster. The Webroot scanning engine is 'high octane' with a hidden nitrous oxide system. Bravo!!!" W. Lodzinski, SecureAnywhere User
Associated Malware Groups
The unsafe files using this name are associated with the malware group:
- Worm
File Behavior
VW.EXE has been seen to perform the following behavior:
- The Process is packed and/or encrypted using a software packing process
- Executes a Process
- Writes to another Process's Virtual Memory (Process Hijacking)
- Terminates Processes
- This Process Deletes Other Processes From Disk
- This process creates other processes on disk
- Adds products to the system registry
- Creates a TCP port which listens and is available for communication initiated by other computers
- Enables a COM Object/Server on the Local Machine
- Enables an In Process Object/Server - Common with DLL Injections
- Can communicate with other computers using TCP protocols
- Automatically changes your firewall settings to allow itself or other programs to communicate over the internet
- Can communicate with other computer systems using HTTP protocols
- Makes outbound connections to other computers using NETBIOSOUT protocols
- This Process Contains User Mode Rootkit Functionality and can hide itself from the running process list
- Registers a Dynamic Link Library File
- Adds a Registry Key (RUN) to auto start Programs on system start up
VW.EXE has been the subject of the following behavior:
- Created as a process on disk
- Executed as a Process
- Has code inserted into its Virtual Memory space by other programs
- Terminated as a Process
- Created as a new Background Service on the machine
- Victim of a Heap Based Buffer Overflow Exploit
- Deleted as a process from disk
- Added as a Registry auto start to load Program on Boot up
Country Of Origin
The filename VW.EXE was first seen on Jul 13 2007 in the following geographical regions of the Webroot community:
- Russian Federation on Jul 13 2007
- Israel on Dec 24 2007
- Ukraine on Feb 4 2008
- Spain on Feb 4 2008
- Indonesia on Mar 23 2009
- The United States on Mar 23 2009
- South Africa on Jan 16 2012
File Name Aliases
VW.EXE can also use the following file names:
- MSDDLL.EXE
- WO.EXE.EXE
- OO.EXE.EXE
- MDKP[n].EXE
- RY.EXE.EXE
- AH.EXE.EXE
- RS.EXE.EXE
- QK.EXE.EXE
- ZH.EXE.EXE
- LO.EXE.EXE
- HW.EXE.EXE
- DB.EXE.EXE
- UW.EXE.EXE
- WW.EXE.EXE
- TK.EXE.EXE
- KT.EXE.EXE
- JV.EXE.EXE
- XG.EXE.EXE
- GZ.EXE.EXE
- PK.EXE.EXE
- VW[n].EXE
- Ўбои.EXE
- авто обои.EXE
- VETTON WALLPAPERS.EXE
- SMENCSHIK_OBOEV.EXE
- VETTON.EXE
- UO.EXE.EXE
- RD.EXE
- NO.EXE
- AH.EXE
- SK.EXE
- VZ.EXE
- TD.EXE
- VI.EXE
- PD.EXE
- UE.EXE
- AB.EXE
- IQ.EXE
- LM.EXE
- LU.EXE
- MM.EXE
- AZ.EXE
- CE.EXE
- BT.EXE
- DR.EXE
- BB.EXE
- FK.EXE
- SR.EXE
- PZ.EXE
- SV.EXE
- RV.EXE
- RR.EXE
- RU.EXE
- PU.EXE
- QH.EXE
- ME.EXE
- KT.EXE
- JX.EXE
- LI.EXE
- HQ.EXE
- EW.EXE
- GW.EXE
- CN.EXE
- LE.EXE
- WC.EXE
- VC.EXE
- TX.EXE
- NC.EXE
- QF.EXE
- NL.EXE
- ST.EXE
- KV.EXE
- RK.EXE
- TZ.EXE
- LF.EXE
- SA.EXE
- PE.EXE
- PQ.EXE
- KX.EXE
- LX.EXE
- OI.EXE
- KB.EXE
- NA.EXE
- HX.EXE
- JE.EXE
- WV.EXE
- AR.EXE
- TQ.EXE
- IA.EXE
- XK.EXE
- ET.EXE
- DE.EXE
- GH.EXE
- HU.EXE
- TG.EXE
- IM.EXE
- II.EXE
- GM.EXE
- NN.EXE
- CW.EXE
- EV.EXE
- AO.EXE
- WO.EXE
- ZV.EXE
- QJ.EXE
Filesizes
The following file size has been seen:
- 41,984 bytes
- 1,044,480 bytes
- 1,048,064 bytes
- 10,565,120 bytes
- 1,172,480 bytes
File Type
The filename VW.EXE refers to many versions of an executable program.
Help the Webroot Community to fight cyber crime
We are always looking for ways to improve the quality and speed of research to help us protect you from malicious software and cyber crime.
PCMag.com Editors' Choice Award Logo is a trademark of Ziff Davis Publishing Holdings Inc. Used under license.