Associated Malware Groups
The unsafe files using this name are associated with the malware groups:
- Cloaked Malware
- System Back Door
- Worm
File Behavior
FXSTALLER.EXE has been seen to perform the following behavior:
- The Process is packed and/or encrypted using a software packing process
- Automatically changes your firewall settings to allow itself or other programs to communicate over the internet
- Disables the Windows Built in Firewall enabling rogue processes to access the internet without your knowledge or permission
- Disables the Windows Security Center Service
- Disables Windows Automatic Updates including Security Updates and Patches
- Executes a Process
- Writes to another Process's Virtual Memory (Process Hijacking)
- Adds a Registry Key (RUN) to auto start Programs on system start up
- This Process Deletes Other Processes From Disk
- This process creates other processes on disk
- Creates system tray popups, messages, errors and security warnings
- Opens browser pop ups
- The Process is polymorphic and can change its structure
- Found on infected systems and resists interrogation by security products
- Registers a Dynamic Link Library File
- Can communicate with other computer systems using HTTP protocols
- Executes Processes stored in Temporary Folders
FXSTALLER.EXE has been the subject of the following behavior:
- Added as a Registry auto start to load Program on Boot up
- Created as a process on disk
- Has code inserted into its Virtual Memory space by other programs
- Executed as a Process
- Terminated as a Process
- Copied to multiple locations on the system
- Created as a new Background Service on the machine
- Deleted as a process from disk
- Executed by Internet Explorer
- Executed from Temporary Folders
Country Of Origin
The filename FXSTALLER.EXE was first seen on Sep 24 2008 in the following geographical regions of the Prevx community:
- SPAIN on Sep 24 2008
- URUGUAY on Sep 28 2008
- The UNITED STATES on Oct 16 2008
- GERMANY on Nov 25 2008
- THAILAND on Dec 2 2008
- TURKEY on Jan 30 2009
- FINLAND on Feb 7 2009
File Name Aliases
FXSTALLER.EXE can also use the following file names:
- 04172258.DAT
- 59465376.DAT
- BBPHOTO[1].EXE
- PACK.EXE
- 03932762.EXE
- FXSTALLER.MSNFIX
- LACOSTES.EXE
- MARINA[n].COM
- LACOSTES(n).EXE
- LACOSTES[n].EXE
- ERASEME_78156.EXE
- BNEZ.EXE
- 57427198.EXE
- 90487762.DAT
- FXSTALLER.EXE.BACK
- 15451429.EXE
- 76765953.EXE
- HOUSEGIRL.EXE
- STH4NSBA.EXE
- DD1.EXE
- HOUSEGIRL.COM
- 39026582.EXE
- 11162921.EXE
- 40619004.COM
- HACKEDMSN.EXE
- HACKEDMSN[n].COM
- BURIMI.EXE
- 96195105.EXE
- 60362081.DAT
- 61238444.EXE
- 05322745.DAT
- 06332453.DAT
- FOTO[n].EXE
- CRYPTE~1.EXE
- FOSSFD.EXE
- FOS.EXE
- FOSS.EXE
- LSS.EXE
- FGH.EXE
Filesizes
The following file size has been seen:
- 37,376 bytes
- 187,392 bytes
- 52,786 bytes
- 39,936 bytes
- 48,690 bytes
- 44,554 bytes
- 60,938 bytes
- 73,262 bytes
File Type
The filename FXSTALLER.EXE refers to many versions of an executable program.
PCMag.com Editors' Choice Award Logo is a trademark of Ziff Davis Publishing Holdings Inc. Used under license.