DRWVR_OE.EXE

Currently being reviewed

The most common objects with the name of DRWVR_OE.EXE are considered safe.

You can use our free Prevx 3.0 Scanner to thoroughly check your PC for spyware and other infections. It is free and takes less than 2 minutes to run. To start the scan just click the blue button.

Download Prevx 3.0 now »

File Behavior

DRWVR_OE.EXE has been seen to perform the following behavior:

The Process is packed and/or encrypted using a software packing process
Creates system tray popups, messages, errors and security warnings

DRWVR_OE.EXE has been the subject of the following behavior:

Executed as a Process

Country Of Origin

The filename DRWVR_OE.EXE was first seen on Sep 25 2007 in the following geographical region of the Prevx community:

Filesizes

This file has been seen with the following file size:

223,446 bytes

Vendor, Product and Version Information

A file with the name DRWVR_OE.EXE have been seen to have the following Vendor, Product and Version Information in the file header:

; Dr.Web ® Antispam Rule utility;

File Type

The filename DRWVR_OE.EXE refers to an executable program.

Registry Activity

One or more files with the name DRWVR_OE.EXE creates or modifies the following registry keys and values:

HKEY_CURRENT_USER\Identities\{EF065F90-50CC-4E4C-A773-436D5FF31A39}\Software\Microsoft\Outlook Express\5.0\Rules\Mail Order 000
HKEY_CURRENT_USER\Identities\{EF065F90-50CC-4E4C-A773-436D5FF31A39}\Software\Microsoft\Outlook Express\5.0\Rules\Mail\000 Name DRWEB-VR-ANTISPAM RULE
HKEY_CURRENT_USER\Identities\{EF065F90-50CC-4E4C-A773-436D5FF31A39}\Software\Microsoft\Outlook Express\5.0\Rules\Mail\000 Enabled value:
HKEY_CURRENT_USER\Identities\{EF065F90-50CC-4E4C-A773-436D5FF31A39}\Software\Microsoft\Outlook Express\5.0\Rules\Mail\000 Version value:
HKEY_CURRENT_USER\Identities\{EF065F90-50CC-4E4C-A773-436D5FF31A39}\Software\Microsoft\Outlook Express\5.0\Rules\Mail\000\Actions Order 000
HKEY_CURRENT_USER\Identities\{EF065F90-50CC-4E4C-A773-436D5FF31A39}\Software\Microsoft\Outlook Express\5.0\Rules\Mail\000\Actions\000 Type value:
HKEY_CURRENT_USER\Identities\{EF065F90-50CC-4E4C-A773-436D5FF31A39}\Software\Microsoft\Outlook Express\5.0\Rules\Mail\000\Actions\000 Flags value:
HKEY_CURRENT_USER\Identities\{EF065F90-50CC-4E4C-A773-436D5FF31A39}\Software\Microsoft\Outlook Express\5.0\Rules\Mail\000\Actions\000 ValueType [REG_DWORD, value: 00000041]
HKEY_CURRENT_USER\Identities\{EF065F90-50CC-4E4C-A773-436D5FF31A39}\Software\Microsoft\Outlook Express\5.0\Rules\Mail\000\Actions\000 Value [REG_BINARY, size: 12 bytes]
HKEY_CURRENT_USER\Identities\{EF065F90-50CC-4E4C-A773-436D5FF31A39}\Software\Microsoft\Outlook Express\5.0\Rules\Mail\000\Criteria Order 000
HKEY_CURRENT_USER\Identities\{EF065F90-50CC-4E4C-A773-436D5FF31A39}\Software\Microsoft\Outlook Express\5.0\Rules\Mail\000\Criteria\000 Type value:
HKEY_CURRENT_USER\Identities\{EF065F90-50CC-4E4C-A773-436D5FF31A39}\Software\Microsoft\Outlook Express\5.0\Rules\Mail\000\Criteria\000 Logic value:
HKEY_CURRENT_USER\Identities\{EF065F90-50CC-4E4C-A773-436D5FF31A39}\Software\Microsoft\Outlook Express\5.0\Rules\Mail\000\Criteria\000 Flags value:
HKEY_CURRENT_USER\Identities\{EF065F90-50CC-4E4C-A773-436D5FF31A39}\Software\Microsoft\Outlook Express\5.0\Rules\Mail\000\Criteria\000 ValueType [REG_DWORD, value: 00000041]
HKEY_CURRENT_USER\Identities\{EF065F90-50CC-4E4C-A773-436D5FF31A39}\Software\Microsoft\Outlook Express\5.0\Rules\Mail\000\Criteria\000 Value [REG_BINARY, size: 9 bytes