TV.EXE, Prevx

Associated Malware Groups

The unsafe files using this name are associated with the malware groups:

Cloaked Malware
Worm
Malware Dropper

File Behavior

TV.EXE has been seen to perform the following behavior:

Can Send email using SMTP protocols
This Process sends MIME Email
This Process Contains User Mode Rootkit Functionality and can hide itself from the running process list
Adds a Registry Key (RUN) to auto start Programs on system start up
This process creates other processes on disk
Enables an In Process Object/Server - Common with DLL Injections
Looks at the contents of the autoexec.bat file
Reads email address and phone book details
Uses DNS to retrieve the IP address for web sites
The Process is polymorphic and can change its structure
Sends mail without telling you
Found on infected systems and resists interrogation by security products
Executes Processes stored in Temporary Folders
Executes a Process
This Process Deletes Other Processes From Disk
Uses rootkit techniques to conceal its presence, interrogation or removal
Creates new folders on the system
Uses a Registered MAPI
Enables a COM Object/Server on the Local Machine
Adds products to the system registry
Can communicate with other computer systems using HTTP protocols
The process hooks code into all running processes which could allow it to take control of the system or record keyboard input, mouse activity and screen contents
Creates new file extentions so that Internet Explorer will automatically open and potentially execute additional file types
Makes outbound connections to other computers using NETBIOSOUT protocols
Writes to another Process's Virtual Memory (Process Hijacking)
Creates system tray popups, messages, errors and security warnings
Opens browser pop ups
Runs Javascript code

TV.EXE has been the subject of the following behavior:

Executed as a Process
Created as a process on disk
Added as a Registry auto start to load Program on Boot up
Created by processes which appear to be checking for interception by security products
Created as a new Background Service on the machine
Deleted as a process from disk
Registered as a Dynamic Link Library File
This program is often downloaded from the web
Enabled as a COM Object/Server on the Local Machine
Has code inserted into its Virtual Memory space by other programs
Terminated as a Process

Country Of Origin

The filename TV.EXE was first seen on May 16 2007 in the following geographical regions of the Webroot community:

The United States on May 16 2007
Peru on May 16 2007
Argentina on Oct 14 2007
Slovenia on Jan 9 2008
Spain on Apr 5 2009
Turkey on Aug 18 2009

File Name Aliases

TV.EXE can also use the following file names:

NEO.EXE
PFF.EXE
PARADOX.EXE
TIBIA.EXE
OT BUG ABUSER.EXE
BPK.EXE
MSDDLL.EXE
WE.EXE.EXE
VO.EXE.EXE
RV.EXE.EXE
WS.EXE.EXE
UD.EXE.EXE
YX.EXE.EXE
TG.EXE.EXE
BO.EXE.EXE
WM.EXE.EXE
JP.EXE.EXE
CR.EXE.EXE
QB.EXE.EXE
KM.EXE.EXE
CD.EXE.EXE
XI.EXE.EXE
JC.EXE.EXE
MY.EXE.EXE
MB.EXE.EXE
FA.EXE.EXE
TV.EXE.EXE
AW.EXE.EXE
GD.EXE.EXE
KB.EXE.EXE
PP.EXE.EXE
PLAYER.EXE
CFG.EXE
GOOGLE.EXE
SMSS.EXE
WINGO4.EXE
VW.EXE.EXE
XO.EXE.EXE
TV 2.1 Ƕ�ȷ�ɛ�Ȧ�Ǝ�Ɣ�ř�.EXE
TV[n].EXE
GO[1].EXE
YO.EXE
GO.EXE
QA.EXE
CQ.EXE
KK.EXE
QZ.EXE
RB.EXE
FB.EXE
AN.EXE
YL.EXE
OZ.EXE
KS.EXE
IN.EXE
GW.EXE
ZY.EXE
BI.EXE
YG.EXE
VG.EXE
CM.EXE
PR.EXE
XV.EXE
EI.EXE
NZ.EXE
VM.EXE
NX.EXE
AJ.EXE
TV_1.EXE
TV110.EXE
DD97.EXE
TV2.EXE
TV21.EXE

Filesizes

The following file size has been seen:

397,312 bytes
1,806,158 bytes
91,136 bytes
1,529,312 bytes
1,116,396 bytes
2,315,280 bytes

File Type

The filename TV.EXE is used by multiple object types including executable programs,objects.

Help the Webroot Community to fight cyber crime

We are always looking for ways to improve the quality and speed of research to help us protect you from malicious software and cyber crime.

The filename referred to in this report is often associated with PC infections. If you have a program of this name on your PC and would like to help our research please tell us what you know in the form below:

I have this file on my PC and believe it is an infection
I have this file on my PC and think it has made my PC slower
My firewall asked if I wanted to let this file have access to the Internet
My PC will not work since I noticed this file on it
My antivirus detected this file but won't remove it
I know what this file is and believe it is a Safe program
I am the author of this file and would like to discuss how to have it reclassified as safe

Further Comments or information you'd like to share: (optional)

Your email address if you would like us to contact you about this file and any concerns you may have: (optional)

PCMag.com Editors' Choice Award Logo is a trademark of Ziff Davis Publishing Holdings Inc. Used under license.

TV.EXE