E.EXE, Prevx

Associated Malware Groups

The unsafe files using this name are associated with the malware groups:

Cloaked Malware
Virus
Malware Dropper
Malicious Software

File Behavior

E.EXE has been seen to perform the following behavior:

This process creates other processes on disk
Writes to another Process's Virtual Memory (Process Hijacking)
Registers a Dynamic Link Library File
This Process is a file infector which modifies program files to include a copy of the infection
The Process is packed and/or encrypted using a software packing process
Disables the Notification Balloon for the Windows Security Center
Disables the Windows Built in Firewall enabling rogue processes to access the internet without your knowledge or permission
This Process Deletes Other Processes From Disk
Executes a Process
Can communicate with other computer systems using HTTP protocols
Creates new folders on the system
Creates a new Background Service on the machine
Changes the Windows Security Center to stop Antivirus status alerts from being displayed
Changes the Windows Security Center to stop Firewall status alerts from being displayed
Changes the Windows Security Center to stop Firewall override alerts from being displayed
Changes the Windows Security Center to stop warnings from being displayed if automatic Windows Updates are not enabled
Injects code into other processes
Performs DNS look ups to resolve URL IP addresses
Creates, registers ot modifies and SMTP Server
Modifies System Runtime Policies to limit system usability
Adds a Registry Key (RUN) to auto start Programs on system start up
Adds a Registry Key (DXCOM) to auto start Programs on system start up
Executes Processes stored in Temporary Folders
Copies files

E.EXE has been the subject of the following behavior:

Created as a new Background Service on the machine
Added as a Registry auto start to load Program on Boot up
Created as a process on disk
Deleted as a process from disk
Executed as a Process
Executed by Internet Explorer
Executed from Temporary Folders
Has code inserted into its Virtual Memory space by other programs
Terminated as a Process
Changes to the file command map within the registry
Added as a Registry Key (DXCOM) to auto start Programs on system start up
Copied to multiple locations on the system
Registered as a Dynamic Link Library File

Country Of Origin

The filename E.EXE was first seen on Jun 14 2007 in the following geographical regions of the Webroot community:

Spain on Jun 14 2007
Canada on Jun 14 2007
Philippines on Oct 21 2007
Brazil on Jan 4 2008
The United States on Jun 4 2009
The United Kingdom on Apr 15 2010
Netherlands on Oct 14 2010
Russian Federation on May 24 2012

File Name Aliases

E.EXE can also use the following file names:

KRUHBRWTSSD.EXE
OLPBLVATSSD.EXE
RMGFEQPTSSD.EXE
D37EAD[1].EXE
FKRKURETSSD.EXE
JARPUVHTSSD.EXE
JJSXNOYTSSD.EXE
JLUSACJTSSD.EXE
JFSOGDITSSD.EXE
JHBTPJHTSSD.EXE
JBYPVKHTSSD.EXE
KLVNNSHTSSD.EXE
KWFQKQFTSSD.EXE
KXOUUWDTSSD.EXE
KAWAEDCTSSD.EXE
KBGFNJATSSD.EXE
KVEBSJATSSD.EXE
KWMFDPXTSSD.EXE
KQKBIQXTSSD.EXE
KMJHSPCTSSD.EXE
LQHBMIATSSD.EXE
LESOOEBTSSD.EXE
LACPATWTSSD.EXE
LEAJTLVTSSD.EXE
LYYPDKYTSSD.EXE
LEWJWDXTSSD.EXE
LYWOHCBTSSD.EXE
LAMENBOTSSD.EXE
LDQJFMCTSSD.EXE
LMURTNRTSSD.EXE
MXLFOEETSSD.EXE
MICRJUPTSSD.EXE
MFBIBJYTSSD.EXE
MIFMRUMTSSD.EXE
MMTMKVSTSSD.EXE
MYVEKBBTSSD.EXE
MLXWLGJTSSD.EXE
MFLXPQQTSSD.EXE
MQLGLXUTSSD.EXE
NSNAXLFTSSD.EXE
NMBBCULTSSD.EXE
NXBJXCQTSSD.EXE
NROKDMXTSSD.EXE
NTHKNJOTSSD.EXE
NUQOWPNTSSD.EXE
NFNMOXOTSSD.EXE
NYKJUYNTSSD.EXE
ORVAULQTSSD.EXE
OKHQUXUTSSD.EXE
OEFMAYTTSSD.EXE
OGNRKESTSSD.EXE
OHWWTKQTSSD.EXE
OIGBDQPTSSD.EXE
OLRQQURTSSD.EXE
OMBUBAPTSSD.EXE
OHXQGBPTSSD.EXE
PBVNMCPTSSD.EXE
PMEPJAMTSSD.EXE
PRCJDSLTSSD.EXE
PENWFOMTSSD.EXE
PIKQYHLTSSD.EXE
PNIKSYJTSSD.EXE
PYRNQWGTSSD.EXE
PKBQNUETSSD.EXE
PVAXKCITSSD.EXE
PHJBHAGTSSD.EXE
QBHWNBFTSSD.EXE
QNPAKXDTSSD.EXE
QHNVQYCTSSD.EXE
QLKPKRBTSSD.EXE
QPIJEKATSSD.EXE
QLRKPAVTSSD.EXE
QQOEJSUTSSD.EXE
QCXHGQRTSSD.EXE
QDHLQVPTSSD.EXE
QPPONTNTSSD.EXE
QJNKTUNTSSD.EXE
RCIWUXJTSSD.EXE
RWFSBYITSSD.EXE
RQDOGYITSSD.EXE
RKAKMAITSSD.EXE
RWJMJXFTSSD.EXE
RXSRTEETSSD.EXE
RYCWDKCTSSD.EXE
RBKBMPBTSSD.EXE
SCTGVVYTSSD.EXE
SEDLFCXTSSD.EXE
SFCUNRDTSSD.EXE
SXWHPUYTSSD.EXE
SYGLYAXTSSD.EXE
SBPQIGVTSSD.EXE
SSISFLOTSSD.EXE
SCFQWUPTSSD.EXE
TWCMDVOTSSD.EXE
TQAIIVOTSSD.EXE
TCJKGTLTSSD.EXE
TBXBNVOTSSD.EXE
FILE[1].EXE
MFILE[n].EXE
ADV32.EXE
AVE.EXE
PDFUPD.EXE
GAME.EXE
SVCHOST.EXE
C.EXE
DF8911.EXE
0.1010937963861418.EXE
C38B.TMP
03078429.TMP
92897372.EXE
41670593.EXE

Filesizes

The following file size has been seen:

12,288 bytes
34,114 bytes
11,133 bytes
36,864 bytes
194,048 bytes
516,096 bytes
175,688 bytes
36,792 bytes
267,008 bytes

File Type

The filename E.EXE is used by multiple object types including executable programs,objects.

Help the Webroot Community to fight cyber crime

We are always looking for ways to improve the quality and speed of research to help us protect you from malicious software and cyber crime.

The filename referred to in this report is often associated with PC infections. If you have a program of this name on your PC and would like to help our research please tell us what you know in the form below:

I have this file on my PC and believe it is an infection
I have this file on my PC and think it has made my PC slower
My firewall asked if I wanted to let this file have access to the Internet
My PC will not work since I noticed this file on it
My antivirus detected this file but won't remove it
I know what this file is and believe it is a Safe program
I am the author of this file and would like to discuss how to have it reclassified as safe

Further Comments or information you'd like to share: (optional)

Your email address if you would like us to contact you about this file and any concerns you may have: (optional)

PCMag.com Editors' Choice Award Logo is a trademark of Ziff Davis Publishing Holdings Inc. Used under license.

E.EXE