Prevx Research Division
ACTIVEX.EXE
Malicious SoftwareFree PC Cleanup from Webroot
Use Webroot SecureAnywhere to remove ACTIVEX.EXE.
"Just when you thought it couldn't get any better or faster. The Webroot scanning engine is 'high octane' with a hidden nitrous oxide system. Bravo!!!" W. Lodzinski, SecureAnywhere User
Associated Malware Groups
The unsafe files using this name are associated with the malware groups:
- Malicious Software
- Malware Dropper
- Virus
File Behavior
ACTIVEX.EXE has been seen to perform the following behavior:
- The Process is packed and/or encrypted using a software packing process
- Adds a Registry Key (RUN) to auto start Programs on system start up
- Modifies Windows Initialization And System Settings Used On Start up
- Disables the built in Windows File Protection System
- This process creates other processes on disk
- Writes to another Process's Virtual Memory (Process Hijacking)
- This Process Deletes Other Processes From Disk
- Executes a Process
- Registers a Dynamic Link Library File
- Copies files
- Changes the Windows Security Center to stop Firewall override alerts from being displayed
- Changes the Windows Security Center to stop warnings from being displayed if automatic Windows Updates are not enabled
- Changes the Windows Security Center to stop Antivirus status alerts from being displayed
- Ability to execute files automatically on your PC
- Disables the Notification Balloon for the Windows Security Center
- Disables the Built in Windows System Restore Feature
- Modifies Windows Security Policies to restrict/expand User Privileges on the machine
- Creation and Registers a Browser Helper Object in Internet Explorer
- Opens browser pop ups
ACTIVEX.EXE has been the subject of the following behavior:
- Copied to multiple locations on the system
- Created as a process on disk
- Executed as a Process
- Added as a Registry auto start to load Program on Boot up
- Has code inserted into its Virtual Memory space by other programs
- Registered as a Dynamic Link Library File
- Executed by Internet Explorer
Country Of Origin
The filename ACTIVEX.EXE was first seen on Jan 31 2008 in the following geographical regions of the Webroot community:
- Europe on Jan 31 2008
- Italy on Jan 31 2008
- The United States on Jul 15 2008
- The United Kingdom on Dec 23 2009
- South Africa on Nov 24 2011
- Turkey on May 24 2012
File Name Aliases
ACTIVEX.EXE can also use the following file names:
- ALLINONECODECS[1].EXE
- WINDOWS PHOTO VIEWER-CRACK.EXE
- CONDUIT-CRACK.EXE
- LEMONADE TYCOON 2-CRACK.EXE
- CONDUITENGINE-CRACK.EXE
- ADOBE-CRACK.EXE
- DAEMON TOOLS LITE-CRACK.EXE
- DAEMON TOOLS TOOLBAR-CRACK.EXE
- DIFX-CRACK.EXE
- DVD MAKER-CRACK.EXE
- ELECTRONIC ARTS-CRACK.EXE
- MASS EFFECT 2-CRACK.EXE
- ITUNES-CRACK.EXE
- SOFTLAND-CRACK.EXE
- MICROSOFT SYNC FRAMEWORK-CRACK.EXE
- CAMSTUDIO-CRACK.EXE
- WINDOWS JOURNAL-CRACK.EXE
- COMMON FILES-CRACK.EXE
- NCH_EN-CRACK.EXE
- MICROSOFT SQL SERVER COMPACT EDITION-CRACK.EXE
- WINRAR-CRACK.EXE
- RAR FILE OPEN KNIFE - FREE OPENER-CRACK.EXE
- WINDOWS DEFENDER-CRACK.EXE
- TORTOISESVN-CRACK.EXE
- XENOCODE-CRACK.EXE
- TRUSTEER-CRACK.EXE
- MICROSOFT GAMES-CRACK.EXE
- REVIVERSOFT-CRACK.EXE
- GOOGLE-CRACK.EXE
- REFERENCE ASSEMBLIES-CRACK.EXE
- HP-CRACK.EXE
- INSTALLSHIELD INSTALLATION INFORMATION-CRACK.EXE
- MICROSOFT VISUAL STUDIO-CRACK.EXE
- MICROSOFT SECURITY CLIENT-CRACK.EXE
- INTERNET EXPLORER-CRACK.EXE
- WINDOWS NT-CRACK.EXE
- IPOD-CRACK.EXE
- WINDOWS LIVE SKYDRIVE-CRACK.EXE
- GAMEFORGE4D-CRACK.EXE
- MICROSOFT.NET-CRACK.EXE
- WINDOWS MAIL-CRACK.EXE
- ACTIVISION-CRACK.EXE
- MICROSOFT INTELLITYPE PRO-CRACK.EXE
- MICROSOFT SILVERLIGHT-CRACK.EXE
- MICROSOFT WORKS-CRACK.EXE
- ULTRAISO-CRACK.EXE
- TUNEUP UTILITIES 2011-CRACK.EXE
- ATI-CRACK.EXE
- MICROSOFT OFFICE OUTLOOK CONNECTOR-CRACK.EXE
- COMMVIEW-CRACK.EXE
- BONJOUR-CRACK.EXE
- MICROSOFT CAPICOM 2.1.0.2-CRACK.EXE
- CHEAT ENGINE-CRACK.EXE
- JAVA-CRACK.EXE
- MSBUILD-CRACK.EXE
- NERO-CRACK.EXE
- WINDOWS SIDEBAR-CRACK.EXE
- SONY-CRACK.EXE
- FREECORDER-CRACK.EXE
- CHEAT ENGINE 6-CRACK.EXE
- WINISO53-CRACK.EXE
- POWERISO-CRACK.EXE
- NVIDIA CORPORATION-CRACK.EXE
- WINDOWS PORTABLE DEVICES-CRACK.EXE
- SIBER SYSTEMS-CRACK.EXE
- MICROSOFT VISUAL STUDIO 8-CRACK.EXE
- UTORRENTBAR-CRACK.EXE
- PC CONNECTIVITY SOLUTION-CRACK.EXE
- APPLE SOFTWARE UPDATE-CRACK.EXE
- RNDLABS-CRACK.EXE
- SID MEIER'S CIVILIZATION V-CRACK.EXE
- MOZILLA FIREFOX-CRACK.EXE
- AGEIA TECHNOLOGIES-CRACK.EXE
- MICROSOFT-CRACK.EXE
- VIDEOLAN-CRACK.EXE
- EPSON SOFTWARE-CRACK.EXE
- EPSON-CRACK.EXE
- SUN-CRACK.EXE
- UTORRENT-CRACK.EXE
- SKYPE-CRACK.EXE
- WINDOWS LIVE-CRACK.EXE
- QUICKTIME-CRACK.EXE
- NOKIA-CRACK.EXE
- ATI TECHNOLOGIES-CRACK.EXE
- SVCHOST.PIF
- LSASS.PIF
- SMSS.PIF
- LSASS.EXE
- SMSS.EXE
- WINLOGON.EXE
- CSRSS.EXE
- SVCHOST.EXE
- WINDOWS.EXE
- 5CDGAI0K.EXE
- DC8.EXE
Filesizes
The following file size has been seen:
- 57,832 bytes
- 57,793 bytes
- 27,907 bytes
- 45,056 bytes
- 63,501 bytes
- 57,818 bytes
- 2,285,568 bytes
- 75,776 bytes
File Type
The filename ACTIVEX.EXE is used by multiple object types including executable programs,objects.
File Activity
One or more files with the name ACTIVEX.EXE creates, deletes, copies or moves the following files and folders:
- Creates c:\windows\system32\iefltr.dll
- Opens/modifes c:\autoexec.bat
- Creates c:\docume~1\user\locals~1\temp\0000053800000a88.ur
- Deletes c:\docume~1\user\locals~1\temp\0000053800000a88.ur
Website Activity
One or more files with the name ACTIVEX.EXE interacts with the following web sites and pages. Web addresses have been deliberately modified to prevent unintentional use.
- TCP:127.0.0.1:1086 Port:26
- Port 80 IP:91.203.92.53
- Port 80 IP:64.233.167.99
- Port 80 IP:66.249.93.104
- Port 80 IP:64.233.183.99
Help the Webroot Community to fight cyber crime
We are always looking for ways to improve the quality and speed of research to help us protect you from malicious software and cyber crime.
PCMag.com Editors' Choice Award Logo is a trademark of Ziff Davis Publishing Holdings Inc. Used under license.