INFO GURU

the information centre

Categories

Online readers

hit counters

Earn Rs.2000 daily. No Investment.

Wanted Online Internet job workers. Job is only through Internet. Work part time. You can earn Rs.750-2000/- daily. These are genuine Internet jobs. No Investment required. Only serious enquires please. For more details visit http://www.earnparttimejobs.com

Search this blog

OPGDE.EXE  

Add comments



File Behavior

OPGDE.EXE has been seen to perform the following behavior:

  • The Process is packed and/or encrypted using a software packing process
  • This Process Deletes Other Processes From Disk
  • This process creates other processes on disk
  • Creates a new Background Service on the machine
  • Loads and Executes a System Driver File
  • Adds a Registry Key (RUN) to auto start Programs on system start up
  • Writes to another Process's Virtual Memory (Process Hijacking)
  • Executes a Process
  • Injects code into other processes
  • Registers a Dynamic Link Library File

OPGDE.EXE has been the subject of the following behavior:

  • Created as a process on disk
  • Deleted as a process from disk
  • Added as a Registry auto start to load Program on Boot up
  • Executed as a Process
  • Executed from Temporary Folders
  • Copied to multiple locations on the system
  • This program is often downloaded from the web
  • Registered as a Dynamic Link Library File

Country Of Origin

The filename OPGDE.EXE was first seen on Feb 10 2009 in the following geographical regions of the Prevx community:

  • TURKEY on Feb 10 2009
  • SAUDI ARABIA on Feb 11 2009

File Name Aliases

OPGDE.EXE can also use the following file names:

  • HELP.EXE
  • OLHRWEF.EXE
  • 13732192.PPE
  • DL1.EXE
  • 2AAXAIY.EXE
  • DF2.EXE
  • DD3.EXE
  • DE2.EXE

Filesizes

The following file size has been seen:

  • 108,067 bytes
  • 169,012 bytes
  • 168,690 bytes
  • 109,724 bytes

Vendor, Product and Version Information

These files have no vendor, product or version information specified in the file header.

File Type

The filename OPGDE.EXE refers to many versions of an executable program.

File Activity

One or more files with the name OPGDE.EXE creates, deletes, copies or moves the following files and folders:

  • Creates c:\windows\system32\drivers\klif.sys
  • Deletes c:\windows\system32\drivers\klif.sys
  • Deletes c:\windows\system32\olhrwef.exe
  • Deletes c:\windows\system32\nmdfgds0.dll
  • Creates c:\windows\system32\nmdfgds0.dll
  • Deletes c:\opgde.ex
  • Copies filec:\windows\system32\olhrwef.exe to c:\opgde.ex
  • Deletes c:\autorun.in
  • Creates c:\autorun.in
  • Deletes d:\opgde.ex
  • Copies filec:\windows\system32\olhrwef.exe to d:\opgde.ex
  • Deletes d:\autorun.in
  • Creates d:\autorun.in

Registry Activity

One or more files with the name OPGDE.EXE creates or modifies the following registry keys and values:

  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run cdoosoft C:\WINDOWS\system32\olhrwef.exe
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced Hidden value:
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced ShowSuperHidden value:
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer NoDriveTypeAutoRun [REG_DWORD, value: 00000091]

Website Activity

One or more files with the name OPGDE.EXE interacts with the following web sites and pages. Web addresses have been deliberately modified to prevent unintentional use.

  • vfyte .com / xmfx / help1 .ra
  • TCP:127.0.0.1:1055 Port:17
  • Port 80 IP:221.1.204.243

0 comments

Post a Comment

Newer Post Older Post

Page views

free hit counter

Recent Posts

Recent Comments