Associated Malware Groups
The unsafe files using this name are associated with the malware groups:
File Behavior
HPQSTE08.EXE has been seen to perform the following behavior:
- Registers a Dynamic Link Library File
- This Process is a file infector which modifies program files to include a copy of the infection
- Includes file creation code which could be used to test for interception by security products
- The Process is polymorphic and can change its structure
HPQSTE08.EXE has been the subject of the following behavior:
- Deleted as a process from disk
- Executed as a Process
- Created by processes which appear to be checking for interception by security products
Country Of Origin
The filename HPQSTE08.EXE was first seen on Mar 15 2008 in the following geographical regions of the Prevx community:
- SOUTH AFRICA on Mar 15 2008
- SPAIN on Oct 13 2008
File Name Aliases
HPQSTE08.EXE can also use the following file names:
- 06021374.SVD
- 73918194.EXE
- 04475769.EXE
- 85708978.SVD
Filesizes
The following file size has been seen:
- 225,280 bytes
- 241,664 bytes
- 212,992 bytes
- 218,555 bytes
- 307,936 bytes
- 220,672 bytes
- 204,800 bytes
File Type
The filename HPQSTE08.EXE refers to many versions of an executable program.
File Activity
One or more files with the name HPQSTE08.EXE creates, deletes, copies or moves the following files and folders:
- create folder C:\WINDOWS\uninstall\
- Creates c:\windows\uninstall\rundl132.exe
- Creates c:\windows\Logo1_.exe
- Deletes c:\docume~1\user\locals~1\temp\$$aC.bat
- Creates c:\docume~1\user\locals~1\temp\$$aC.bat
- Creates c:\windows\RichDll.dll
- Creates c:\_desktop.ini
- Deletes c:\mbr\scan.exe
- Creates c:\mbr\scan.exe
- Moves c:\mbr\scan.exe to c:\mbr\scan.exe
- Deletes c:\program files\ati technologies\uninstallall\AtiCimUn.exe
- Creates c:\program files\ati technologies\uninstallall\AtiCimUn.exe
- Moves c:\program files\ati technologies\uninstallall\AtiCimUn.exe to c:\program files\ati technologies\uninstallall\AtiCimUn.exe
- Deletes c:\program files\intel\ncs2\wmiprov\ncs2prov.exe
- Creates c:\program files\intel\ncs2\wmiprov\ncs2prov.exe
- Moves c:\program files\intel\ncs2\wmiprov\ncs2prov.exe to c:\program files\intel\ncs2\wmiprov\ncs2prov.exe
- Deletes c:\program files\intel\ncs2\wmiprov\NCSDiag.exe
- Creates c:\program files\intel\ncs2\wmiprov\NCSDiag.exe
- Moves c:\program files\intel\ncs2\wmiprov\NCSDiag.exe to c:\program files\intel\ncs2\wmiprov\NCSDiag.exe
- Deletes c:\program files\msn\msncorefiles\install\msnsusii.exe
- Creates c:\program files\msn\msncorefiles\install\msnsusii.exe
- Moves c:\program files\msn\msncorefiles\install\msnsusii.exe to c:\program files\msn\msncorefiles\install\msnsusii.exe
- Deletes c:\program files\msn\msncorefiles\install\msn9components\Digcore.exe
- Creates c:\program files\msn\msncorefiles\install\msn9components\Digcore.exe
- Moves c:\program files\msn\msncorefiles\install\msn9components\Digcore.exe to c:\program files\msn\msncorefiles\install\msn9components\Digcore.exe
- Deletes c:\program files\msn\msncorefiles\install\msn9components\Msncli.exe
- Creates c:\program files\msn\msncorefiles\install\msn9components\Msncli.exe
- Moves c:\program files\msn\msncorefiles\install\msn9components\Msncli.exe to c:\program files\msn\msncorefiles\install\msn9components\Msncli.exe
- Deletes c:\program files\realtek\installshield\ChCfg.exe
- Creates c:\program files\realtek\installshield\ChCfg.exe
- Moves c:\program files\realtek\installshield\ChCfg.exe to c:\program files\realtek\installshield\ChCfg.exe
- Deletes c:\program files\realtek\installshield\RtlUpd.exe
- Creates c:\program files\realtek\installshield\RtlUpd.exe
- Moves c:\program files\realtek\installshield\RtlUpd.exe to c:\program files\realtek\installshield\RtlUpd.exe
- Deletes c:\program files\realtek\installshield\RtlUpd64.exe
- Creates c:\program files\realtek\installshield\RtlUpd64.exe
- Moves c:\program files\realtek\installshield\RtlUpd64.exe to c:\program files\realtek\installshield\RtlUpd64.exe
- Deletes c:\program files\windows live\installer\Dashboard.exe
- Creates c:\program files\windows live\installer\Dashboard.exe
- Moves c:\program files\windows live\installer\Dashboard.exe to c:\program files\windows live\installer\Dashboard.exe
- Deletes c:\program files\windows live\installer\WLSetupSvc.exe
- Creates c:\program files\windows live\installer\WLSetupSvc.exe
- Moves c:\program files\windows live\installer\WLSetupSvc.exe to c:\program files\windows live\installer\WLSetupSvc.exe
- Deletes c:\program files\winpcap\rpcapd.exe
- Creates c:\program files\winpcap\rpcapd.exe
- Moves c:\program files\winpcap\rpcapd.exe to c:\program files\winpcap\rpcapd.exe
- Deletes c:\program files\winpcap\Uninstall.exe
- Creates c:\program files\winpcap\Uninstall.exe
- Moves c:\program files\winpcap\Uninstall.exe to c:\program files\winpcap\Uninstall.exe
- Creates c:\docume~1\user\locals~1\temp\3e01_appcompat.txt
PCMag.com Editors' Choice Award Logo is a trademark of Ziff Davis Publishing Holdings Inc. Used under license.