Prevx Research Division
SEEKMOSA.EXE
AdwareFree PC Cleanup from Webroot
Use Webroot SecureAnywhere to remove SEEKMOSA.EXE.
"Just when you thought it couldn't get any better or faster. The Webroot scanning engine is 'high octane' with a hidden nitrous oxide system. Bravo!!!" W. Lodzinski, SecureAnywhere User
Associated Malware Groups
The filename is associated with the malware group:
- Adware
File Behavior
SEEKMOSA.EXE has been seen to perform the following behavior:
- Adds products to the system registry
- Can communicate with other computer systems using HTTP protocols
- Registers a Dynamic Link Library File
- Executes a Process
- This Process Deletes Other Processes From Disk
- Writes to another Process's Virtual Memory (Process Hijacking)
- This process creates other processes on disk
- Executes Processes stored in Temporary Folders
- Disables Access to the Task Manager built into Windows
- Disables the Notification Balloon for the Windows Security Center
- Disables Access to the Windows Registry Editior
- Modifies Windows Security Policies to restrict/expand User Privileges on the machine
- Automatically changes your firewall settings to allow itself or other programs to communicate over the internet
- Creates or uses a background service to access the Internet using HTTP protocols
- Changes the Windows Security Center to stop Antivirus status alerts from being displayed
- Changes the Windows Security Center to stop Firewall status alerts from being displayed
- Changes the Windows Security Center to stop Firewall override alerts from being displayed
- Changes the Windows Security Center to stop warnings from being displayed if automatic Windows Updates are not enabled
- Modifies firewall settings, without user permission so it is not blocked from accessing the Internet
- Disables safe mode on your PC
- Injects code into other processes
- Creates a new Background Service on the machine
- Makes outbound connections to other computers using NETBIOSOUT protocols
- The process hooks code into all running processes which could allow it to take control of the system or record keyboard input, mouse activity and screen contents
- Changes to the file command map within the registry
- Creates new file extentions so that Internet Explorer will automatically open and potentially execute additional file types
- Enables the system to use a Communications Proxy Server
- This Process sends MIME Email
- Adds a Registry Key (RUN) to auto start Programs on system start up
SEEKMOSA.EXE has been the subject of the following behavior:
- Created as a process on disk
- Added as a Registry auto start to load Program on Boot up
- Executed as a Process
- Has code inserted into its Virtual Memory space by other programs
- Deleted as a process from disk
- Registered as a Dynamic Link Library File
- Terminated as a Process
- Victim of a Heap Based Buffer Overflow Exploit
Country Of Origin
The filename SEEKMOSA.EXE was first seen on Jun 26 2007 in the following geographical regions of the Webroot community:
- Malaysia on Jun 26 2007
- Netherlands on Jun 26 2007
- Uruguay on Aug 2 2007
- Belgium on Oct 16 2007
- Romania on Nov 19 2009
- The United Kingdom on Nov 19 2009
- Morocco on Dec 5 2011
File Name Aliases
SEEKMOSA.EXE can also use the following file names:
- TMP_SEEKMOSA.EXE
- SEEKMO
- SEEKMOSA.EX
- Ÿ4774C7A8
Filesizes
The following file size has been seen:
- 883,829 bytes
- 796,424 bytes
- 851,728 bytes
- 792,840 bytes
- 792,328 bytes
File Type
The filename SEEKMOSA.EXE refers to many versions of an executable program.
Help the Webroot Community to fight cyber crime
We are always looking for ways to improve the quality and speed of research to help us protect you from malicious software and cyber crime.
PCMag.com Editors' Choice Award Logo is a trademark of Ziff Davis Publishing Holdings Inc. Used under license.