CHENZI.EXE - Dangerous

What you should do about CHENZI.EXE:

Check Your PC Now
Your PC is infected. The file called CHENZI.EXE is considered unsafe and there may be other infections on your PC.


You should urgently check your PC and remove any malicious software including CHENZI.EXE as soon as possible. The free version of Prevx CSI will scan your PC for millions of spyware and malware infections in less than 2 minutes. Don't take the risk, check your PC now by clicking the green button.

Download Prevx CSI Now

Who Uses Prevx CSI?

Prevx has been detecting the threats that others miss since 2004.

More than 2,061,752 people have scanned with Prevx CSI and between them have checked 29.7 billion files. 66% of the PCs scanned had malware present.

What we know about CHENZI.EXE:

The filename CHENZI.EXE was first seen on Feb 17 2008 in SPAIN. It has also been seen in the following geographical regions of the Prevx community:

  • CHINA on Feb 17 2008
  • URUGUAY on Apr 21 2008
The filename CHENZI.EXE is used by multiple object types including objects,executable programs.

The most common file size is 12,288 bytes. But the following file size has also been seen:

  • 25,235 bytes

The filename is associated with the malware group Generic9.AKNO.Some files using the name CHENZI.EXE are also associated with the malware group:
  • Trojan.EmailSpy
 These files have no vendor, product or version information specified in the file header.

CHENZI.EXE has been seen to perform the following behavior(s):

  • Adds a Registry Key (RUN) to auto start Programs on system start up
  • This Process Deletes Other Processes From Disk
  • Writes to another Process's Virtual Memory (Process Hijacking)
  • This Process Creates Other Processes On Disk
  • Executes a Process
  • Downloads hidden code from covert web sites
  • Registers a Dynamic Link Library File
  • Copies files
  • Looks at the contents of the autoexec.bat file
  • Reads email address and phone book details
  • Visits web sites without the user knowing
  • This Process can access Web Mail Servers

CHENZI.EXE has been the subject of the following behavior(s):

  • Created as a process on disk
  • Executed as a Process
  • Added as a Registry auto start to load Program on Boot up
  • Has code inserted into its Virtual Memory space by other programs
  • Deleted as a process from disk
  • Copied to multiple locations on the system
  • Executed by Internet Explorer

CHENZI.EXE can also use the following file names:

  • 38535121.EXE
  • 51320767.EXE
  • SVCHOST.EXE
  • G0LD.COM
  • ZHU3.COM
  • DOWN.EXE
  • DPTRERSWQI-933.PMS.EXE
  • WEIYUAN.EXE
  • DOWN[1].EXE
  • DOWN[2].EXE
  • DSADA.EXE
  • XZX.EXE
  • 34948506.TMP
  • 99797899.SVD