Prevx Research Division
LEXPLORER.EXE
RootkitYour PC may be infected. The presence of a file called LEXPLORER.EXE is a possible sign of infection.
You should urgently check your PC to make sure it is not infected. The free version of Prevx will scan your PC in less than two minutes and check for millions of spyware and malware infections including LEXPLORER.EXE. Don't put your confidential data, or your identity at risk, check your PC now with Prevx.
Associated Malware Groups
The unsafe files using this name are associated with the malware groups:
- Rootkit
- System Back Door
- Malicious Software
- Worm
File Behavior
LEXPLORER.EXE has been seen to perform the following behavior:
- Copies files
- This Process Deletes Other Processes From Disk
- This Process is a file infector which modifies program files to include a copy of the infection
- Executes a Process
- This Process looks to see what security products and services are running on the system
- Writes to another Process's Virtual Memory (Process Hijacking)
LEXPLORER.EXE has been the subject of the following behavior:
- Copied to multiple locations on the system
- Executed as a Process
- Added as a Registry auto start to load Program on Boot up
- Created as a process on disk
- Has code inserted into its Virtual Memory space by other programs
- Terminated as a Process
Country Of Origin
The filename LEXPLORER.EXE was first seen on May 25 2007 in the following geographical regions of the Prevx community:
- The United Kingdom on May 25 2007
- Kenya on Jun 11 2008
- Europe on Aug 17 2008
- Spain on Apr 25 2009
File Name Aliases
LEXPLORER.EXE can also use the following file names:
- MPLDFG.EXE
- 68382444.DAT
- 65844308.DAT
- 23226376.DAT
- 40316893.EXE
- 90689039.EXE
Filesizes
The following file size has been seen:
- 249,364 bytes
- 294,969 bytes
- 2,028,544 bytes
- 49,152 bytes
- 131,321 bytes
- 28,672 bytes
Vendor, Product and Version Information
Files with the name LEXPLORER.EXE have been seen to have the following Vendor, Product and Version Information in the file header:
- LexLwvKaJC; ; 4.36.0049
- dEcoiL; ; 1.00
File Type
The filename LEXPLORER.EXE refers to many versions of an executable program.
File Activity
One or more files with the name LEXPLORER.EXE creates, deletes, copies or moves the following files and folders:
- Copies filec:\8428002.exe to c:\windows\system32\mpldfg.exe
- Copies filec:\8428002.exe to c:\windows\system32\lexplorer.exe
- Copies filec:\windows\system32\lexplorer.exe to c:\windows\system32\mpldfg.exe
- Creates c:\windows\234.683
- Deletes c:\windows\win.ini
- Copies filec:\windows\234.683 to c:\windows\win.ini
- Deletes c:\windows\234.683
- Creates c:\windows\430.613
- Deletes c:\windows\system.ini
- Copies filec:\windows\430.613 to c:\windows\system.ini
- Deletes c:\windows\430.613
Registry Activity
One or more files with the name LEXPLORER.EXE creates or modifies the following registry keys and values:
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings EnableAutodial [REG_BINARY, size: 4 bytes]
- HKEY_CURRENT_USER\Software\Microsoft\RAS Autodial\Control LoginSessionDisable [REG_BINARY, size: 4 bytes]
- HKEY_CURRENT_USER\Software\Microsoft\RAS Autodial\Control DisableConnectionQuery [REG_BINARY, size: 4 bytes]