File Investigation Report

MOVEMEDIAPLAYER_07103010[1].EXE

Malicious Software

Your PC may be infected. The presence of a file called MOVEMEDIAPLAYER_07103010[1].EXE is a possible sign of infection.

You should urgently check your PC to make sure it is not infected. The free version of Prevx will scan your PC in less than two minutes and check for millions of spyware and malware infections including MOVEMEDIAPLAYER_07103010[1].EXE. Don't put your confidential data, or your identity at risk, check your PC now with Prevx.

Download Prevx 3.0 »

Associated Malware Groups

The unsafe files using this name are associated with the malware group:

Malicious Software

File Behavior

MOVEMEDIAPLAYER_07103010[1].EXE has been seen to perform the following behavior:

This process creates other processes on disk
This Process Deletes Other Processes From Disk
Enables an In Process Object/Server - Common with DLL Injections
Terminates Processes
Creates system tray popups, messages, errors and security warnings
Executes a Process
Writes to another Process's Virtual Memory (Process Hijacking)
Creates new folders on the system

MOVEMEDIAPLAYER_07103010[1].EXE has been the subject of the following behavior:

Deleted as a process from disk
Created as a process on disk
Executed by Internet Explorer
Executed as a Process
Executed from Temporary Folders
Has code inserted into its Virtual Memory space by other programs
Terminated as a Process

Country Of Origin

The filename MOVEMEDIAPLAYER_07103010[1].EXE was first seen on Jun 17 2008 in the following geographical regions of the Prevx community:

The UNITED STATES on Jun 17 2008
URUGUAY on Jun 18 2008
EL SALVADOR on Nov 20 2009
GREAT BRITAIN on Nov 20 2009

File Name Aliases

MOVEMEDIAPLAYER_07103010[1].EXE can also use the following file names:

MOVEMEDIAPLAYER_07103010.EXE
MOVEMEDIAPLAYER_07103010(1).EXE
MOVEMEDIAPLAYER_07103010[n].EXE
DISCOVERY CHANEL PLAYER.EXE
DG4.EXE
|
DC77.EXE
(��65*
99163779.SVD

Filesizes

The following file size has been seen:

8,192 bytes
965,120 bytes
106,960 bytes

Vendor, Product and Version Information

These files have no vendor, product or version information specified in the file header.

File Type

The filename MOVEMEDIAPLAYER_07103010[1].EXE refers to many versions of an executable program.

File Activity

One or more files with the name MOVEMEDIAPLAYER_07103010[1].EXE creates, deletes, copies or moves the following files and folders:

Deletes c:\docume~1\user\locals~1\temp\nss8.tmp
Deletes c:\docume~1\user\locals~1\temp\nsiA.tmp
Creates c:\docume~1\user\locals~1\temp\nsia.tmp\System.dll
Creates c:\docume~1\user\locals~1\temp\nsia.tmp\MNProgress.dll
Creates c:\documents and settings\user\application data\move networks\ie_bin\Uninst.exe
Creates c:\documents and settings\user\application data\move networks\ie_bin\qsp2ie07103010.dll
Creates c:\documents and settings\user\application data\move networks\ie_bin\MovePlayerUpgrade.exe
Deletes c:\docume~1\user\locals~1\temp\nsia.tmp\MNProgress.dll
Deletes c:\docume~1\user\locals~1\temp\nsia.tmp\System.dll

Registry Activity

One or more files with the name MOVEMEDIAPLAYER_07103010[1].EXE creates or modifies the following registry keys and values:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{e3e02f12-2adb-478c-8742-5f0819f9f0f4}\iexplore Blocked value:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{e3e02f12-2adb-478c-8742-5f0819f9f0f4}\iexplore Count value:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{e3e02f12-2adb-478c-8742-5f0819f9f0f4}\iexplore Flags value:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{e3e02f12-2adb-478c-8742-5f0819f9f0f4}\iexplore Type value:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{e3e02f12-2adb-478c-8742-5f0819f9f0f4}\iexplore Time [REG_BINARY, size: 16 bytes]
HKEY_CURRENT_USER\CLSID\{e3e02f12-2adb-478c-8742-5f0819f9f0f4} Quantum Streaming IE VersionManager Class
HKEY_CURRENT_USER\CLSID\{e3e02f12-2adb-478c-8742-5f0819f9f0f4}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
HKEY_CURRENT_USER\CLSID\{e3e02f12-2adb-478c-8742-5f0819f9f0f4}
HKEY_CURRENT_USER\CLSID\{e3e02f12-2adb-478c-8742-5f0819f9f0f4}\InstalledVersion 7,10,3,10
HKEY_CURRENT_USER\CLSID\{e3e02f12-2adb-478c-8742-5f0819f9f0f4}\InstalledVersion path C:\Documents and Settings\user\Application Data\Move Networks\ie_bin\qsp2ie07103010.dll
HKEY_CURRENT_USER\CLSID\{e3e02f12-2adb-478c-8742-5f0819f9f0f4}\Control
HKEY_CURRENT_USER\CLSID\{e3e02f12-2adb-478c-8742-5f0819f9f0f4}\MiscStatus 0
HKEY_CURRENT_USER\CLSID\{e3e02f12-2adb-478c-8742-5f0819f9f0f4}\MiscStatus\1 131473
HKEY_CURRENT_USER\CLSID\{e3e02f12-2adb-478c-8742-5f0819f9f0f4}\TypeLib {1bf6eff2-f87d-4f1a-9f11-3ed2cabe7f3c}
HKEY_CURRENT_USER\CLSID\{e3e02f12-2adb-478c-8742-5f0819f9f0f4}\Version 1
HKEY_CURRENT_USER\CLSID\{e3e02f12-2adb-478c-8742-5f0819f9f0f4}\InprocServer32 "C:\Documents and Settings\user\Application Data\Move Networks\ie_bin\qsp2ie07103010.dll"
HKEY_CURRENT_USER\CLSID\{e3e02f12-2adb-478c-8742-5f0819f9f0f4}\InprocServer32 ThreadingModel Apartment
HKEY_CURRENT_USER\CLSID\{e3e02f12-2adb-478c-8742-5f0819f9f0f4}\ProgID QSP2IE_Dep.QSP2IE_Dep.1
HKEY_CURRENT_USER\CLSID\{e3e02f12-2adb-478c-8742-5f0819f9f0f4}\VersionIndependentProgID QSP2IE_Dep.QSP2IE_Dep
HKEY_CURRENT_USER\CLSID\{e3e02f12-2adb-478c-8742-5f0819f9f0f4}\Programmable
HKEY_CURRENT_USER\CLSID\{e3e02f12-2adb-478c-8742-5f0819f9f0f4}\InstalledVersionComparable 07103010
HKEY_CURRENT_USER\AppID\{e3e02f12-2adb-478c-8742-5f0819f9f0f4} QSP2IE_Dep.QSP2IE_Dep
HKEY_CURRENT_USER\QSP2IE_Dep.QSP2IE_Dep Quantum Streaming IE Class - Depricated
HKEY_CURRENT_USER\QSP2IE_Dep.QSP2IE_Dep\CLSID {e3e02f12-2adb-478c-8742-5f0819f9f0f4}
HKEY_CURRENT_USER\QSP2IE_Dep.QSP2IE_Dep\CurVer QSP2IE_Dep.QSP2IE_Dep.1
HKEY_CURRENT_USER\QSP2IE_Dep.QSP2IE_Dep.1 Quantum Streaming IE Class - Depricated
HKEY_CURRENT_USER\QSP2IE_Dep.QSP2IE_Dep.1\CLSID {e3e02f12-2adb-478c-8742-5f0819f9f0f4}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{e473a65c-8087-49a3-affd-c5bc4a10669b}\iexplore Blocked value:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{e473a65c-8087-49a3-affd-c5bc4a10669b}\iexplore Count value:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{e473a65c-8087-49a3-affd-c5bc4a10669b}\iexplore Flags value:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{e473a65c-8087-49a3-affd-c5bc4a10669b}\iexplore Type value:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{e473a65c-8087-49a3-affd-c5bc4a10669b}\iexplore Time [REG_BINARY, size: 16 bytes]
HKEY_CURRENT_USER\CLSID\{e473a65c-8087-49a3-affd-c5bc4a10669b} Quantum Streaming IE VersionManager Class
HKEY_CURRENT_USER\CLSID\{e473a65c-8087-49a3-affd-c5bc4a10669b}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
HKEY_CURRENT_USER\CLSID\{e473a65c-8087-49a3-affd-c5bc4a10669b}
HKEY_CURRENT_USER\CLSID\{e473a65c-8087-49a3-affd-c5bc4a10669b}\InstalledVersion 7,10,3,10
HKEY_CURRENT_USER\CLSID\{e473a65c-8087-49a3-affd-c5bc4a10669b}\InstalledVersion path C:\Documents and Settings\user\Application Data\Move Networks\ie_bin\qsp2ie07103010.dll
HKEY_CURRENT_USER\CLSID\{e473a65c-8087-49a3-affd-c5bc4a10669b}\Control
HKEY_CURRENT_USER\CLSID\{e473a65c-8087-49a3-affd-c5bc4a10669b}\MiscStatus 0
HKEY_CURRENT_USER\CLSID\{e473a65c-8087-49a3-affd-c5bc4a10669b}\MiscStatus\1 131473
HKEY_CURRENT_USER\CLSID\{e473a65c-8087-49a3-affd-c5bc4a10669b}\TypeLib {1bf6eff2-f87d-4f1a-9f11-3ed2cabe7f3c}
HKEY_CURRENT_USER\CLSID\{e473a65c-8087-49a3-affd-c5bc4a10669b}\Version 1
HKEY_CURRENT_USER\CLSID\{e473a65c-8087-49a3-affd-c5bc4a10669b}\InprocServer32 "C:\Documents and Settings\user\Application Data\Move Networks\ie_bin\qsp2ie07103010.dll"
HKEY_CURRENT_USER\CLSID\{e473a65c-8087-49a3-affd-c5bc4a10669b}\InprocServer32 ThreadingModel Apartment
HKEY_CURRENT_USER\CLSID\{e473a65c-8087-49a3-affd-c5bc4a10669b}\ProgID QSP2IEVer_Dep.QSP2IEVer_Dep.1
HKEY_CURRENT_USER\CLSID\{e473a65c-8087-49a3-affd-c5bc4a10669b}\VersionIndependentProgID QSP2IEVer_Dep.QSP2IEVer_Dep
HKEY_CURRENT_USER\CLSID\{e473a65c-8087-49a3-affd-c5bc4a10669b}\Programmable
HKEY_CURRENT_USER\CLSID\{e473a65c-8087-49a3-affd-c5bc4a10669b}\InstalledVersionComparable 07103010
HKEY_CURRENT_USER\AppID\{e473a65c-8087-49a3-affd-c5bc4a10669b} QSP2IEVer_Dep.QSP2IEVer_Dep
HKEY_CURRENT_USER\QSP2IEVer_Dep.QSP2IEVer_Dep Quantum Streaming IE VersionManager Class - Depricated