File Investigation Report
NORTON.EXE
Cloaked MalwareYour PC may be infected. The presence of a file called NORTON.EXE is a possible sign of infection.
You should urgently check your PC to make sure it is not infected. The free version of Prevx will scan your PC in less than two minutes and check for millions of spyware and malware infections including NORTON.EXE. Don't put your confidential data, or your identity at risk, check your PC now with Prevx.
Associated Malware Groups
The unsafe files using this name are associated with the malware groups:
- Cloaked Malware
- Malicious Software
- Worm
File Behavior
NORTON.EXE has been seen to perform the following behavior:
- The process hooks code into all running processes which could allow it to take control of the system or record keyboard input, mouse activity and screen contents
- Sends email using SMTP protocols
- Registers a Dynamic Link Library File
- Adds a Registry Key (RUN) to auto start Programs on system start up
- Can Send email using SMTP protocols
- This Process sends MIME Email
- This Process Contains User Mode Rootkit Functionality and can hide itself from the running process list
- The Process is polymorphic and can change its structure
- Opens browser pop ups
- The Process is packed and/or encrypted using a software packing process
- This Process is a file infector which modifies program files to include a copy of the infection
- Drops known malicious software during execution
- Uses DNS to retrieve the IP address for web sites
- Visits web sites on your PC without you knowing
- Found on infected systems and resists interrogation by security products
NORTON.EXE has been the subject of the following behavior:
- Created as a process on disk
- Deleted as a process from disk
- Executed as a Process
- Has code inserted into its Virtual Memory space by other programs
- Added as a Registry auto start to load Program on Boot up
- Copied to multiple locations on the system
- Registered as a Dynamic Link Library File
Country Of Origin
The filename NORTON.EXE was first seen on May 17 2007 in the following geographical regions of the Prevx community:
- The UNITED STATES on May 17 2007
- TURKEY on May 17 2007
- GERMANY on Jun 2 2007
- The EUROPEAN UNION on Jun 2 2007
- SWITZERLAND on Jul 23 2007
- SPAIN on Jul 23 2007
File Name Aliases
NORTON.EXE can also use the following file names:
- EXPLORER.EXE
- MICROSOFT.EXE
- MCAFEE.EXE
- YAHOO.EXE
- MSN.EXE
- ALG.EXE
- TEST.EXE
- XURHRHBZ.EXE
- WIN32.EXE
- MESHAL.EXE
- NASS3R.EXE
- DOROD.EXE
- HIDE.EXE
- Q8YSEXY1.EXE
- HD.EXE
- DC1.EXE
- BACKDOOR.WIN32.DARKMOON.AQ
Filesizes
The following file size has been seen:
- 36,360,016 bytes
- 470,528 bytes
- 57,344 bytes
- 53,248 bytes
- 52,224 bytes
- 17,941 bytes
Vendor, Product and Version Information
Files with the name NORTON.EXE have been seen to have the following Vendor, Product and Version Information in the file header:
- Symantec Corporation; Solution Package Installer; 1.1
- Symantec Corporation; Norton Integrator Stub; 14.00.0.28
File Type
The filename NORTON.EXE is used by multiple object types including objects,executable programs.
File Activity
One or more files with the name NORTON.EXE creates, deletes, copies or moves the following files and folders:
- Deletes c:\windows\system32\texty