What is e7l6s24y4.exe? Please help

I recently seem to have removed a persistent infection of trojan 'backdoor.hupigon' using avg9.0 & malwarebytes malware scanner. after reinstalling avg & updating it, its id protection module was again disabled as before & i cannot enable it again. I then noticed e7l6s24y4.exe in c:\documents&settings\user1 folder. googling it led to the Prevx site where it is classed as a malware downloader, but running prevx3.0 free scan results in my pc being classified as 'clean'. is this exe file a problem or not?

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

Re: What is e7l6s24y4.exe?

by Peconet Tietokoneet In reply to What is e7l6s24y4.exe? Pl ...

Z6G9X15K9.EXE has been seen to perform the following behavior:

* Executes a Process
* This process creates other processes on disk
* This Process is a file infector which modifies program files to include a copy of the infection
* Looks at the contents of the autoexec.bat file
* Reads email address and phone book details
* Uses DNS to retrieve the IP address for web sites

Z6G9X15K9.EXE has been the subject of the following behavior:

* Registered as a Dynamic Link Library File
* Executed as a Process
* Created by processes which appear to be checking for interception by security products

Country Of Origin

The filename Z6G9X15K9.EXE was first seen on Jun 10 2009 in the following geographical region of the Prevx community:

* TURKEY on Jun 10 2009

File Activity

One or more files with the name Z6G9X15K9.EXE creates, deletes, copies or moves the following files and folders:

* Opens/modifes c:\autoexec.bat
* Deletes c:\windows\number.txt
* Creates c:\docume~1\user\locals~1\temp\ff54_appcompat.txt
* Creates c:\documents and settings\all users\application data\microsoft\dr watson\user.dmp

Network Activity

One or more files with the name Z6G9X15K9.EXE performs the following network events:

* DNS Lookup127.0.0.1 0
* DNS Lookup91.195.118.117 **.195.118.117

I would do a FULL re-install if i were you just to be sure you do not have anymore problems. :)

Collapse -

Delete it

by IC-IT In reply to What is e7l6s24y4.exe? Pl ...

It is not a system file.
It wouldn't hurt to rum MalwareBytes again in Safe Mode.

Collapse -


by jddk-23197435850791053295810403902028 In reply to Delete it

Thanks to all who answered my query - i'm grateful for your time & help

Related Discussions

Related Forums