Disagree with this determination?
SETUP[n].EXE
AdwareYour PC is infected. The file called SETUP[n].EXE is considered unsafe and there may be other infections on your PC.
You should urgently check your PC and remove any malicious software including SETUP[n].EXE as soon as possible. The free version of Prevx 3.0 will scan your PC for millions of spyware and malware infections in less than 2 minutes. Don't put your confidential data, or your identity at risk, check your PC now with Prevx 3.0.
Associated Malware Groups
The filename is associated with the malware group:
- Adware
File Behavior
SETUP[n].EXE has been seen to perform the following behavior:
- The Process is packed and/or encrypted using a software packing process
- Uses hidden browser windows to connect to web sites without telling you
- Opens browser pop ups
- Runs Javascript code
- Visits web sites on your PC without you knowing
- Found on infected systems and resists interrogation by security products
SETUP[n].EXE has been the subject of the following behavior:
- Executed as a Process
- Created as a process on disk
- Executed by Internet Explorer
- Deleted as a process from disk
- Terminated as a Process
Country Of Origin
The filename SETUP[n].EXE was first seen on Jun 4 2009 in the following geographical regions of the Prevx community:
- SWEDEN on Jun 4 2009
- PORTUGAL on Jun 4 2009
File Name Aliases
SETUP[n].EXE can also use the following file names:
- SETUP.EXE
- 93051866.EXE
- 81404083.EXE
- SETUP(n).EXE
- YOUTUBE CONVERTER SETUP.EXE
- XMFOARYH.EXE.PART
- JNOSJ99T.EXE.PART
- SIMS PARA SACAR.EXE
- TOTA.EXE
- DP545.EXE
Filesizes
This file has been seen with the following file size:
- 336,648 bytes
Vendor, Product and Version Information
A file with the name SETUP[n].EXE have been seen to have the following Vendor, Product and Version Information in the file header:
- Zango, Inc.; Zango Installer; 61, 0, 14, 0
- Zango, Inc.; VeriSign Class 3 Code Signing 2004 CA; {c}
- Zango; VeriSign Class 3 Code Signing 2004 CA; {c}
File Type
The filename SETUP[n].EXE refers to an executable program.
File Activity
One or more files with the name SETUP[n].EXE creates, deletes, copies or moves the following files and folders:
- Opens/modifes c:\autoexec.bat
- Creates c:\documents and settings\user\application data\microsoft\cryptneturlcache\metadata\60E31627FDA0A46932B0E5948949F2A5
- Creates c:\documents and settings\user\application data\microsoft\cryptneturlcache\content\60E31627FDA0A46932B0E5948949F2A5
- Creates c:\documents and settings\user\application data\microsoft\cryptneturlcache\metadata\A8FABA189DB7D25FBA7CAC806625FD30
- Creates c:\documents and settings\user\application data\microsoft\cryptneturlcache\content\A8FABA189DB7D25FBA7CAC806625FD30
- Deletes c:\program files\SAItest.txt
- Creates c:\docume~1\user\locals~1\temp\SAIInstantiator.dll
- Deletes c:\docume~1\user\locals~1\temp\SAIInstantiator.dll
Website Activity
One or more files with the name SETUP[n].EXE interacts with the following web sites and pages. Web addresses have been deliberately modified to prevent unintentional use.
- Remote server connection to static .zangocash .co
- Remote server connection to te1 .zango .co
- Remote server connection to public .zangocash .co
- TCP:127.0.0.1:1071 Port:26
- Port 80 IP:199.7.71.190
- Port 80 IP:199.7.51.190
- Port 80 IP:88.221.26.32
- Port 80 IP:66.150.14.74
- Port 80 IP:66.150.14.65
- Port 80 IP:66.150.14.61
- Port 80 IP:64.94.137.52