Associated Malware Groups
The filename is associated with the malware groups:
File Behavior
ATSXYZD.SYS has been seen to perform the following behavior:
- This process creates other processes on disk
- This Process Deletes Other Processes From Disk
- Violates Windows/Vista Physical Memory Protection allowing it to look inside the data areas of other programs
- Can communicate with other computer systems using HTTP protocols
- Executes a Process
- Modifies the Windows Host File which could be used to stop you visiting specific web sites by redirecting you to alternative addresses without you knowing
- Writes to another Process's Virtual Memory (Process Hijacking)
- Terminates Processes
- Registers a Dynamic Link Library File
- Copies files
- Looks at the contents of the autoexec.bat file
- Reads email address and phone book details
- Opens browser pop ups
- Uses DNS to retrieve the IP address for web sites
ATSXYZD.SYS has been the subject of the following behavior:
- Has code inserted into its Virtual Memory space by other programs
- Created as a process on disk
- Executed as a Process
- Registered as a Dynamic Link Library File
- Terminated as a Process
Country Of Origin
The filename ATSXYZD.SYS was first seen on Aug 7 2008 in the following geographical regions of the Prevx community:
- SPAIN on Aug 7 2008
- CANADA on Aug 7 2008
- The UNITED KINGDOM on Aug 20 2008
- The UNITED STATES on Sep 3 2008
File Name Aliases
ATSXYZD.SYS can also use the following file names:
- TPSZXYD.SYS
- ATSXYZD.TTTT
- OTAXYZD.SYS
- AZWLYAC.TMP
- 79567427.SVD
- W[1].BIN
- 33507755.DAT
- 27753584.SVD
Filesizes
The following file size has been seen:
- 256,000 bytes
- 265,216 bytes
- 274,944 bytes
- 279,552 bytes
- 264,192 bytes
- 276,992 bytes
File Type
The filename ATSXYZD.SYS refers to many versions of an executable program.
PCMag.com Editors' Choice Award Logo is a trademark of Ziff Davis Publishing Holdings Inc. Used under license.