File Investigation Report
ARCADE.EXE
Malicious SoftwarePC Cleanup in 3 Easy Steps
Use Prevx 3.0 to remove ARCADE.EXE, along with any other viruses, spyware, adware, trojans, rootkits, worms, information stealers, keyloggers, bots, and other form of malicious threat that may reside on your PC.
- Think your PC might be Infected? Scan Now Prevx 3.0 will scan your PC in seconds to inform you whether your PC is clean or infected.
- Malware Removal Prevx 3.0 removes adware infections for free. More complicated infections require purchase of a malware removal license.
- Expert Assistance In the rare occurence that Prevx 3.0 malware removal fails - a Prevx Engineer will connect to your PC and manually disinfect.
- Money Back Guarantee for Individual Users If within the first 14 days, the Prevx Engineer finds it impossible to clean an infection from your PC, we give you your money back.
Associated Malware Groups
The unsafe files using this name are associated with the malware groups:
- Malicious Software
- Worm
File Behavior
ARCADE.EXE has been seen to perform the following behavior:
- Can make outbound communication to other computers, IM chat rooms and other services using IRC protocols
- The Process is packed and/or encrypted using a software packing process
- Writes to another Process's Virtual Memory (Process Hijacking)
- Can communicate with other computer systems using HTTP protocols
- This process creates other processes on disk
- Registers a Dynamic Link Library File
- Enables an In Process Object/Server - Common with DLL Injections
- Drops known malicious software during execution
- Executes a Process
- This Process Deletes Other Processes From Disk
- Looks at the contents of the autoexec.bat file
- Reads email address and phone book details
- Visits web sites on your PC without you knowing
ARCADE.EXE has been the subject of the following behavior:
- Executed as a Process
- Deleted as a process from disk
- Created as a process on disk
- Downloaded from covert web sites without the user knowing
- Registered as a Dynamic Link Library File
Country Of Origin
The filename ARCADE.EXE was first seen on Jun 11 2007 in the following geographical regions of the Prevx community:
- Spain on Jun 11 2007
- Europe on Jun 11 2007
- The United States on Mar 15 2008
- Malaysia on Oct 6 2008
- Dominica on Oct 6 2008
- Brazil on Jan 29 2009
- Vietnam on Mar 19 2010
File Name Aliases
ARCADE.EXE can also use the following file names:
- APT.EXE
- EPT.EXE
- APT-TESTES - IP 64.56.68.44.EXE
- APT_19550.EXE
- APT_19550_S2_120.EXE
- ARCADEGM-18400.EXE
- ARENAPT.EXE
- APT_19722.EXE
- APT_IRON1_110.EXE
- APT_NEW.EXE
- ARCADE[1].EXE
- ENIGMA.EXE
- DC1.EXE
- 73991182.DAT
- 47279893.DAT
Filesizes
The following file size has been seen:
- 861,003 bytes
- 4,758,272 bytes
- 1,910,273 bytes
- 750,028 bytes
- 2,575,371 bytes
- 380,928 bytes
File Type
The filename ARCADE.EXE refers to many versions of an executable program.
File Activity
One or more files with the name ARCADE.EXE creates, deletes, copies or moves the following files and folders:
- Deletes c:\docume~1\user\locals~1\temp\nsv6.tmp
- Creates c:\docume~1\user\locals~1\temp\nsk8.tmp
- Creates c:\windows\system32\wkcajax.dll
- Creates c:\windows\system32\dsaoms.dll
- Creates c:\docume~1\user\locals~1\temp\whenu.ini
- Creates c:\docume~1\user\locals~1\temp\banner.bmp
- Deletes c:\docume~1\user\locals~1\temp\nsgF.tmp
- Creates c:\docume~1\user\locals~1\temp\nsgf.tmp\ioSpecial.ini
- Creates c:\docume~1\user\locals~1\temp\nsgf.tmp\modern-wizard.bmp
- Creates c:\docume~1\user\locals~1\temp\nsgf.tmp\modern-header.bmp
- Creates c:\docume~1\user\locals~1\temp\nsgf.tmp\InstallOptions.dll
PCMag.com Editors' Choice Award Logo is a trademark of Ziff Davis Publishing Holdings Inc. Used under license.