File Investigation Report
TEM7.TMP.EXEMalicious Software
Your PC may be infected. The presence of a file called TEM7.TMP.EXE is a possible sign of infection.
You should urgently check your PC to make sure it is not infected. The free version of Prevx CSI will scan your PC in less than two minutes and check for millions of spyware and malware infections including TEM7.TMP.EXE. Don't put your confidential data, or your identity at risk, check your PC now with Prevx CSI.
File Behavior
TEM7.TMP.EXE has been seen to perform the following behavior:
- Enables an In Process Object/Server - Common with DLL Injections
- This Process Creates Other Processes On Disk
- This Process Deletes Other Processes From Disk
- Creation and Registration of a Browser Helper Object in Internet Explorer
- Can communicate with other computer systems using HTTP protocols
- Registers a Dynamic Link Library File
- Executes a Process
- Uses DNS to retrieve the IP address for web sites
- Adds Products to the system registry
TEM7.TMP.EXE has been the subject of the following behavior:
- Executed as a Process
- Executed by Internet Explorer
- Created as a process on disk
- Executed from Temporary Folders
- Has code inserted into its Virtual Memory space by other programs
- Deleted as a process from disk
Country Of Origin
The filename TEM7.TMP.EXE was first seen on Feb 11 2008 in the following geographical regions of the Prevx community:
- SPAIN on Feb 11 2008
- CANADA on Apr 14 2008
File Name Aliases
TEM7.TMP.EXE can also use the following file names:
- TEME.TMP.EXE
- TEM2C.TMP.EXE
- TEM3C.TMP.EXE
- TEM148.TMP.EXE
- 51970778.SVD
- UPD15A.TMP.EXE
- TEMA.TMP.EXE
- TEMA0.TMP.EXE
- UPD59.TMP.EXE
- TEMF4.TMP.EXE
- UPD10.TMP.EXE
- UPD12.TMP.EXE
- TEM73.TMP.EXE
- TEM51.TMP.EXE
- TEM69.TMP.EXE
- TEM26.TMP.EXE
- TEM2E7.TMP.EXE
- TEM2F7.TMP.EXE
- TEM356.TMP.EXE
- UPD13A.TMP.EXE
- UPD30C.TMP.EXE
- UPD5643.TMP.EXE
- UPD11D5.TMP.EXE
- 31180896.EXE
Filesizes
The following file size has been seen:
- 617,011 bytes
- 159,744 bytes
- 167,936 bytes
- 616,977 bytes
Vendor, Product and Version Information
Files with the name TEM7.TMP.EXE have been seen to have the following Vendor, Product and Version Information in the file header:
- Mirar; Mirar Downloader Setup; 1, 0, 0, 3
File Type
The filename TEM7.TMP.EXE refers to many versions of an executable program.
File Activity
One or more files with the name TEM7.TMP.EXE creates, deletes, copies or moves the following files and folders:
- create folder C:\Program Files\NavigationToo
- Deletes c:\docume~1\user\locals~1\temp\nsw7.tmp
- Creates c:\program files\navigationtool\NavigationTool-1.dll
- Creates c:\program files\navigationtool\pcre3.dll
- Creates c:\program files\navigationtool\uninstall.exe
- Deletes c:\docume~1\user\locals~1\temp\nssF.tmp
- Creates c:\docume~1\user\locals~1\temp\nssf.tmp\NSISdl.dll
- Creates c:\docume~1\user\locals~1\temp\nscD.tm
- Deletes c:\docume~1\user\locals~1\temp\nscD.tm
- Deletes c:\docume~1\user\locals~1\temp\nssf.tmp\NSISdl.dll
Registry Activity
One or more files with the name TEM7.TMP.EXE creates or modifies the following registry keys and values:
- HKEY_CURRENT_USER\Software\NavigationTool InstallDir C:\Program Files\NavigationTool
- HKEY_CURRENT_USER\Software\NavigationTool install_dir C:\Program Files\NavigationTool
Network Activity
One or more files with the name TEM7.TMP.EXE performs the following network events:
- DNS Lookup &try=2
- DNS Lookup &try=3