ThreatExpert's awareness of the file "setup.exe":

Across all ThreatExpert reports, the file "setup.exe" has sometimes been a threat.

File "setup.exe" has the following statistics:

Total number of reports analysed	611,932
Number of cases that involved the file "setup.exe"	3,550
Number of incidents when this file was found to be a threat	1,525
Statistical volume of cases when "setup.exe" was a threat	43%

Please enable javascript to display the chart.

Notes:

Please note that the name of the file should NOT be used to define if it is legitimate or not. Such determination can only be made by observing its dynamic behaviour.
In order to check a file, please submit it to ThreatExpert.
For a comprehensive pro-active protection against threats, please consider ThreatFire - our behavioral antivirus solution.

The file "setup.exe" is known to be created under the following filenames:

%AllUsersProfile%\cncdown.exe

%AppData%\1.exe

%AppData%\adobe\reader 9.0\setup files\setup.exe

%AppData%\adobe\reader 9.1\setup files\setup.exe

%AppData%\blaah.exe

%AppData%\calc.exe

%AppData%\codecsetup.exe

%AppData%\codecsetup3788.exe

%AppData%\codecsetup4127.exe

%AppData%\codecsetup6400.exe

%AppData%\codecsetup8536.exe

%AppData%\cp_setup_assist.exe

%AppData%\cuda.exe

%AppData%\dealassistant\dauninstall.exe

%AppData%\digifast\dfuninstall.exe

%AppData%\explorer.exe

%AppData%\hose.exe

%AppData%\ijango_toolbar_installer.exe

%AppData%\ldr.exe

%AppData%\lsass.exe

%AppData%\microsoft\dtsc\t.exe

%AppData%\microsoft\office71\vhchk.exe

%AppData%\microsoft\windows\ernsjyi.exe

%AppData%\microsoft\windows\jjcmdrj.exe

%AppData%\microsoft\windows\nheste.exe

%AppData%\microsoft\windows\nxmwp.exe

%AppData%\microsoft\windows\rwmgh.exe

%AppData%\microsoft\windows\security\user0.exe

%AppData%\microsoft\windows\tbljxjk.exe

%AppData%\microsoft\windows\vohth.exe

%AppData%\microsoft\windows\vvpmyvaw.exe

%AppData%\microsoft\winlog.exe

%AppData%\microsoft\winnt.com

%AppData%\mxplay\temp\mxplay_installer.exe

%AppData%\ntcom.dll

%AppData%\nthead.dll

%AppData%\pak-5593.exe

%AppData%\pak-5594.exe

%AppData%\pak-5595.exe

%AppData%\pak-5596.exe

%AppData%\pak-5597.exe

%AppData%\pak-5598.exe

%AppData%\pak-5599.exe

%AppData%\pak-5600.exe

%AppData%\pak-5601.exe

%AppData%\pak-5602.exe

%AppData%\pak-5603.exe

%AppData%\powerfile.exe

%AppData%\powerfile.exe.exe

%AppData%\salehoo\auctionalert\_tmp\aa.exe

%AppData%\salehoo\salehooalert\_tmp\aa.exe

%AppData%\scvhost.exe

%AppData%\setup.exe

%AppData%\silverlight\silverlight.exe

%AppData%\skynet\muonline\_cw0srv.exe

%AppData%\skynet\muonline\234672.exe

%AppData%\skynet\muonline\239874.exe

%AppData%\skynet\muonline\293874.exe

%AppData%\skynet\muonline\345674.exe

%AppData%\skynet\muonline\345676.exe

%AppData%\skynet\muonline\435627.exe

%AppData%\skynet\muonline\543978.exe

%AppData%\skynet\muonline\546783.exe

%AppData%\smss.exe

%AppData%\speedrunner\sruninstall.exe

%AppData%\svchost.exe

%AppData%\system.exe

%AppData%\system.exe.exe

%AppData%\temp.dll

%AppData%\truesword4.exe

%AppData%\wefisetup.exe

%AppData%\winbutler\winbuninstaller.exe

%AppData%\winbutler\winbutler.exe

%AppData%\windows.exe

%AppData%\wintouch\wintouch.exe

%AppData%\wintouch\wtuninstaller.exe

%AppData%\wrar380d.exe

%AppData%\yeah\yeah374809.exe

%CommonAppData%\38001914.exe

%CommonAppData%\3810eef8.exe

%CommonAppData%\381751d0.exe

%CommonAppData%\388f0900.exe

%CommonAppData%\38d3ff69.exe

%CommonAppData%\aol downloads\aoltoolbar\setuptoolbar.exe

%CommonAppData%\av1\av1.exe

%CommonAppData%\av1\av1i.exe

%CommonAppData%\av1\av1i2.exe

%CommonAppData%\av1\av1two.exe

%CommonAppData%\av1\qwprotect.dll

%CommonAppData%\av1\svchost.exe

%CommonAppData%\av2010\av2010.exe

%CommonAppData%\av2010\iedefender.dll

%CommonAppData%\av2010\svchost.exe

%CommonAppData%\dbc3fdec-d5f4-439c-9a18-ef454a74e3de\setup.exe

%CommonAppData%\dyned\eng_loc.exe

%CommonAppData%\e4a12b7\extraav.exe

%CommonAppData%\e4a12b7\ua2009.exe

%CommonAppData%\e4a12b7\valarm.exe

%CommonAppData%\e4a12b7\vmelt.exe

%CommonAppData%\e4a12b7\vsweep.exe

Notes:

%AllUsersProfile% is a variable that specifies the all users' profile folder. By default, this is C:\Documents and Settings\All Users (Windows NT/2000/XP).
%AppData% is a variable that refers to the file system directory that serves as a common repository for application-specific data. A typical path is C:\Documents and Settings\[UserName]\Application Data.
%CommonAppData% is a variable that refers to the file system directory containing application data for all users. A typical path is C:\Documents and Settings\All Users\Application Data.

The file "setup.exe" has the following possible countries of origin:

Origin		Number of Incidents
	Russian Federation	129
	China	93
	Germany	82
	United Kingdom	72
	Canada	70
	Japan	24
	Netherlands	16
	Israel	15
	France	10
	Italy	10
	Spain	10
	Ukraine	7
	Australia	4
	Austria	2
	Belgium	2
	Brazil	2
	Ireland	2
	Peru	2
	Romania	2
	Sweden	2
	Taiwan	2
	Czech Republic	1
	Denmark	1
	Estonia	1
	Poland	1
	Republic of Korea	1
	Switzerland	1

The following threats are known to be associated with the file "setup.exe":

Threat Alias	Number of Incidents
BKDR_CIADOOR.EA [Trend Micro]	15,135
Backdoor.IRC.Bot [Symantec]	15,019
Trojan.DL.VB.AAVI [PC Tools]	14,519
Trojan-Downloader.Win32.VB.bsa [Kaspersky Lab]	10,952
Downloader.gen.a [McAfee]	10,933
W32.Fontra [Symantec]	8,362
Worm.Fontra.F [PC Tools]	8,209
Virus.Win32.Fontra.c [Kaspersky Lab]	8,047
Generic.dx [McAfee]	3,903
W32.Alcra.F [Symantec]	1,938
Backdoor.IRCBot.DD [PC Tools]	1,899
WORM_GAOBOT.DF [Trend Micro]	1,892
P2P-Worm.Win32.VB.dw [Kaspersky Lab]	1,866
W32/Generic.m [McAfee]	1,686
Trojan Horse [Symantec]	1,465
Backdoor.Win32.IRCBot.aro [Kaspersky Lab]	1,439
Adware.CDN [PC Tools]	1,279
W32/Sdbot.worm [McAfee]	1,209
Adware-BDSearch [McAfee]	1,116
Backdoor.IRCBot.UUX [PC Tools]	816
W32/Alcan.worm!p2p [McAfee]	520
IRC.Backdoor.Trojan [Symantec]	437
Trojan.Crypt.E [PC Tools]	432
Worm.Win32.VB.an [Kaspersky Lab]	426
TROJ_DLOADER.FXN [Trend Micro]	424
W32.Alcra.B [Symantec]	420
WORM_VB.AS [Trend Micro]	420
Downloader-BJM [McAfee]	402
Troj/Agent-GGQ [Sophos]	402
TrojanDownloader:Win32/VB [Microsoft]	335
BrowserModifier:Win32/CNNIC [Microsoft]	328
TrojanClicker:Win32/Hatigh.C [Microsoft]	280
Mal/EncPk-KP [Sophos]	230
Mal/Generic-A [Sophos]	225
Virus.Win32.VB.FXE [Ikarus]	224
Gen.Packed [Ikarus]	213
W32/Fontra-F [Sophos]	211
Packed.Generic.233 [Symantec]	194
Trojan:Win32/VB.ZC [Microsoft]	185
WORM_VB.GZP [Trend Micro]	184
W32.SillyFDC [Symantec]	167
TROJ_VB.CEO [Trend Micro]	165
Generic.dx!fml [McAfee]	162
Adware-CDNHelper [McAfee]	159
Worm.Fontra.B [PC Tools]	154
Win32.Luder [Ikarus]	144
Win-Trojan/Xema.variant [AhnLab]	134
W32.IRCBot [Symantec]	119
W32/Autorun.worm.h [McAfee]	116
Adware.PigSearch [Symantec]	105
not-a-virus:AdWare.Win32.WSearch.j [Kaspersky Lab]	105
Virus.Win32.Fontra.c [Ikarus]	105
Win32/Fontra.worm.417792 [AhnLab]	105
Adware.DeskAdTop [PC Tools]	104
Adware-PigSearch [McAfee]	104
Keylog-Perfect.gen [McAfee]	104
TROJ_DROPPER.BKV [Trend Micro]	104
Win-Trojan/Dropper.210432 [AhnLab]	98
Backdoor.IRC!sd5 [PC Tools]	97
Downloader [Symantec]	97
Trojan-Clicker.Win32.Hatigh [Ikarus]	93
Trojan-Downloader.Win32.Suurch.awk [Kaspersky Lab]	90
P2P-Worm.Win32.VB [Ikarus]	86
W32/VB-YY [Sophos]	86
Worm:Win32/Alcan.D [Microsoft]	86
Generic BackDoor.f [McAfee]	85
Backdoor:Win32/Rbot [Microsoft]	81
Worm.Delf.BG [PC Tools]	76
Virus.Win32.Drowor.a [Kaspersky Lab]	75
Trojan-Downloader.VB!sd6 [PC Tools]	72
TrojanDownloader:Win32/VB.BK [Microsoft]	67
WORM_AQBH.A [Trend Micro]	65
Application.Win32.AdWare.Cdn [Ikarus]	64
Spyware.Perfect [Symantec]	64
Trojan.Win32.Agent [Ikarus]	62
PE_ABI.A [Trend Micro]	61
Trojan-Downloader.Win32.VB.dck [Kaspersky Lab]	61
W32/Zipwire-A [Sophos]	61
TrojanDownloader:Win32/Tonick.gen [Microsoft]	56
MonitoringTool:Win32/PerfectKeylogger [Microsoft]	52
not-a-virus:Monitor.Win32.Perflogger.ct [Kaspersky Lab]	52
Generic.Perfloger [Ikarus]	50
Backdoor.Win32.IRCBot [Ikarus]	49
Bloodhound.Unknown [Symantec]	49
Trojan.Agent!sd6 [PC Tools]	49
Trojan.Win32.Agent.bjql [Kaspersky Lab]	49
Mal/Behav-167 [Sophos]	48
Worm.Alcra.F [PC Tools]	48
IM-Worm.Win32.VB.gd [Kaspersky Lab]	42
Win-Trojan/Perfloger.57344.C [AhnLab]	40
Trojan.Fakeavalert [Symantec]	39
W32.Jacksuf.A [Symantec]	39
Backdoor.IRCBot!sd5 [PC Tools]	38
PE_CEKAR.GEN [Trend Micro]	38
W32/Cekar-A [Sophos]	38
WORM_DELF.EMJ [Trend Micro]	38
Trojan-Downloader.Small!sd5 [PC Tools]	36
Trojan-Downloader.Win32.Small.uek [Kaspersky Lab]	36
Generic VB.b [McAfee]	35
Generic Downloader.x [McAfee]	33