File Investigation Report
SMART ANTIVIRUS-2009.EXEFraudulent Security Program
Your PC may be infected. The presence of a file called SMART ANTIVIRUS-2009.EXE is a possible sign of infection.
You should urgently check your PC to make sure it is not infected. The free version of Prevx CSI will scan your PC in less than two minutes and check for millions of spyware and malware infections including SMART ANTIVIRUS-2009.EXE. Don't put your confidential data, or your identity at risk, check your PC now with Prevx CSI.
Associated Malware Groups
The unsafe files using this name are associated with the malware group:
- Fraudulent Security Program
File Behavior
SMART ANTIVIRUS-2009.EXE has been seen to perform the following behavior:
- The Process is packed and/or encrypted using a software packing process
- This Process Creates Other Processes On Disk
- This Process Deletes Other Processes From Disk
- Registers a Dynamic Link Library File
- This Process Disables Other Security Products
- Adds a Registry Key (RUN) to auto start Programs on system start up
- Adds Products to the system registry
- Changes the Internet Explorer Home Page Settings
- Creates system tray popups, messages, errors and security warnings
- Can communicate with other computer systems using HTTP protocols
- Modifies the Active Desktop Background
- Modifies Windows Security Policies to restrict/expand User Privileges on the machine
- Terminates Processes
- Writes to another Process's Virtual Memory (Process Hijacking)
- Visits web sites on your PC without you knowing
- Executes a Process
SMART ANTIVIRUS-2009.EXE has been the subject of the following behavior:
- Added as a Registry auto start to load Program on Boot up
- Created as a process on disk
- Executed as a Process
- Has code inserted into its Virtual Memory space by other programs
- Copied to multiple locations on the system
- Executed from Temporary Folders
- Terminated as a Process
- Deleted as a process from disk
Country Of Origin
The filename SMART ANTIVIRUS-2009.EXE was first seen on Sep 3 2008 in the following geographical regions of the Prevx community:
- SPAIN on Sep 3 2008
- AUSTRIA on Sep 4 2008
- The UNITED KINGDOM on Sep 7 2008
- The UNITED STATES on Oct 11 2008
File Name Aliases
SMART ANTIVIRUS-2009.EXE can also use the following file names:
- SFSRV.EXE
- SA2009[1].EXE
- 74795992.EXE
- 30628208.EXE
- 87695032.EXE
- 51776199.EXE
- XBDZUOV.TMP
Filesizes
The following file size has been seen:
- 968,704 bytes
- 1,188,352 bytes
- 1,193,984 bytes
Vendor, Product and Version Information
Files with the name SMART ANTIVIRUS-2009.EXE have been seen to have the following Vendor, Product and Version Information in the file header:
- Smart Antivirus Software; Smart Antivirus 2009; 1.0.0.1
File Type
The filename SMART ANTIVIRUS-2009.EXE refers to many versions of an executable program.
File Activity
One or more files with the name SMART ANTIVIRUS-2009.EXE creates, deletes, copies or moves the following files and folders:
- create folder C:\Program Files\Smart Antivirus 2009\
- create folder C:\Program Files\Smart Antivirus 2009\Suspicious
- create folder C:\Program Files\Smart Antivirus 2009\Infected
- Creates c:\program files\smart antivirus 2009\zlib.dll
- Creates c:\program files\smart antivirus 2009\vscan.tsi
- Creates c:\documents and settings\user\desktop\Smart Antivirus-2009.lnk
- Creates c:\documents and settings\user\start menu\programs\smart antivirus 2009\Smart Antivirus-2009.lnk
- Creates c:\documents and settings\user\application data\microsoft\internet explorer\quick launch\Smart Antivirus-2009.lnk
Registry Activity
One or more files with the name SMART ANTIVIRUS-2009.EXE creates or modifies the following registry keys and values:
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run Smart Antivirus-2009.exe C:\Program Files\Smart Antivirus 2009\Smart Antivirus-2009.exe
- HKEY_CURRENT_USER\Software\Smart Antivirus 2009 Autorun value:
- HKEY_CURRENT_USER\Software\Smart Antivirus 2009 RegisterShellExtension value:
- HKEY_CURRENT_USER\Software\Smart Antivirus 2009 CheckForUpdates value:
- HKEY_CURRENT_USER\Software\Smart Antivirus 2009 QuickScanAtStartup value:
- HKEY_CURRENT_USER\Software\Smart Antivirus 2009 StartMinimized value:
- HKEY_CURRENT_USER\Software\Smart Antivirus 2009 ID value:
- HKEY_CURRENT_USER\Software\Smart Antivirus 2009 ScanArchives value:
- HKEY_CURRENT_USER\Software\Smart Antivirus 2009 ScanFiles value:
- HKEY_CURRENT_USER\Software\Smart Antivirus 2009 ScanMail value:
- HKEY_CURRENT_USER\Software\Smart Antivirus 2009 ScanProcesses value:
- HKEY_CURRENT_USER\Software\Smart Antivirus 2009 ScanRegistry value:
- HKEY_CURRENT_USER\Software\Smart Antivirus 2009 InstallTime [REG_DWORD, value: 48C018AD]
- HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main Start Page http://smartantivirus-2009buy.com/buy.php?aff=1005