File Investigation Report
LEXPLORER.EXE
System Back DoorYour PC may be infected. The presence of a file called LEXPLORER.EXE is a possible sign of infection.
You should urgently check your PC to make sure it is not infected. The free version of Prevx will scan your PC in less than two minutes and check for millions of spyware and malware infections including LEXPLORER.EXE. Don't put your confidential data, or your identity at risk, check your PC now with Prevx.
Associated Malware Groups
The unsafe files using this name are associated with the malware groups:
- System Back Door
- Worm
File Behavior
LEXPLORER.EXE has been seen to perform the following behavior:
- Copies files
- This Process Deletes Other Processes From Disk
- This Process is a file infector which modifies program files to include a copy of the infection
- Executes a Process
- This Process looks to see what security products and services are running on the system
LEXPLORER.EXE has been the subject of the following behavior:
- Copied to multiple locations on the system
- Executed as a Process
- Added as a Registry auto start to load Program on Boot up
- Created as a process on disk
Country Of Origin
The filename LEXPLORER.EXE was first seen on Jun 11 2008 in the following geographical regions of the Prevx community:
- KENYA on Jun 11 2008
- The EUROPEAN UNION on Aug 17 2008
- SPAIN on Apr 25 2009
File Name Aliases
LEXPLORER.EXE can also use the following file names:
- 40316893.EXE
- 90689039.EXE
- MPLDFG.EXE
Filesizes
The following file size has been seen:
- 294,969 bytes
- 2,028,544 bytes
- 366,080 bytes
- 49,152 bytes
- 28,672 bytes
Vendor, Product and Version Information
Files with the name LEXPLORER.EXE have been seen to have the following Vendor, Product and Version Information in the file header:
- dEcoiL; ; 1.00
File Type
The filename LEXPLORER.EXE is used by multiple object types including executable programs,objects.
File Activity
One or more files with the name LEXPLORER.EXE creates, deletes, copies or moves the following files and folders:
- Copies filec:\8428002.exe to c:\windows\system32\mpldfg.exe
- Copies filec:\8428002.exe to c:\windows\system32\lexplorer.exe
- Copies filec:\windows\system32\lexplorer.exe to c:\windows\system32\mpldfg.exe
- Creates c:\windows\234.683
- Deletes c:\windows\win.ini
- Copies filec:\windows\234.683 to c:\windows\win.ini
- Deletes c:\windows\234.683
- Creates c:\windows\430.613
- Deletes c:\windows\system.ini
- Copies filec:\windows\430.613 to c:\windows\system.ini
- Deletes c:\windows\430.613
Registry Activity
One or more files with the name LEXPLORER.EXE creates or modifies the following registry keys and values:
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings EnableAutodial [REG_BINARY, size: 4 bytes]
- HKEY_CURRENT_USER\Software\Microsoft\RAS Autodial\Control LoginSessionDisable [REG_BINARY, size: 4 bytes]
- HKEY_CURRENT_USER\Software\Microsoft\RAS Autodial\Control DisableConnectionQuery [REG_BINARY, size: 4 bytes]