OUFDDH.EXE - Dangerous

What you should do about OUFDDH.EXE:

Your PC is infected. The file called OUFDDH.EXE is considered unsafe and there may be other infections on your PC.

You should urgently check your PC and remove any malicious software including OUFDDH.EXE as soon as possible. The free version of Prevx CSI will scan your PC for millions of spyware and malware infections in less than 2 minutes. Don't take the risk, check your PC now.

Download Prevx CSI Now

What we know about OUFDDH.EXE:

The filename OUFDDH.EXE was first seen on Feb 20 2008 in SPAIN. It has also been seen in the following geographical regions of the Prevx community:

  • AZERBAIJAN on Jul 4 2008
  • INDIA on Apr 18 2008
  • The UNITED KINGDOM on May 28 2008
  • The EUROPEAN UNION on Feb 20 2008
The filename OUFDDH.EXE refers to many versions of an executable program.

The most common file size is 107,221 bytes. But the following file sizes have also been seen:

  • 146,432 bytes
  • 128,000 bytes

The filename is associated with the malware group KAVKOP:Trojan-A.

 These files have no vendor, product or version information specified in the file header.

OUFDDH.EXE has been seen to perform the following behavior(s):

  • The Process is packed and/or encrypted using a software packing process
  • This Process Creates Other Processes On Disk
  • This Process Deletes Other Processes From Disk
  • Registers a Dynamic Link Library File
  • Looks at the contents of the autoexec.bat file
  • Reads email address and phone book details
  • Uses DNS to retrieve the IP address for web sites
  • The Process is polymorphic and can change its structure
  • Executes a Process
  • Writes to another Process's Virtual Memory (Process Hijacking)
  • Adds a Registry Key (RUN) to auto start Programs on system start up
  • Loads and Executes a System Driver File

OUFDDH.EXE has been the subject of the following behavior(s):

  • Added as a Registry auto start to load Program on Boot up
  • Created as a process on disk
  • Executed as a Process
  • Copied to multiple locations on the system
  • Deleted as a process from disk
  • Has code inserted into its Virtual Memory space by other programs
  • Executed from Temporary Folders
  • Executed by Internet Explorer

OUFDDH.EXE can also use the following file names:

  • AMVO.EXE
  • DPTREO~1.EXE
  • 21928784.SVD
  • DPTRDPNAHB-450.PMS.EXE
  • 017E8A39C8EFCBDF71DF026400CD1C04.EXE
  • DPTRDP~1.EXE
  • HELP[1].EXE
  • HELP.EXE
  • 10890083.DAT
  • 95400809.EXE
  • 67739523.EXE
  • MGG[1].EXE
  • MGG.EXE
  • 47447204.EXE
  • NUEVA CARPETA/OUFDDH.EXE
  • OUFDDH-E2609E36.EXE
  • 88184023.EXE
  • A0065645.EXE
  • A0066641.EXE
  • A0065647.EXE
  • 77575766.EXE

Virus, Spyware & Malware Center