ThreatExpert's awareness of the file "install.exe":

Across all ThreatExpert reports, the file "install.exe" has sometimes been a threat.

File "install.exe" has the following statistics:

Total number of reports analysed	611,932
Number of cases that involved the file "install.exe"	554
Number of incidents when this file was found to be a threat	235
Statistical volume of cases when "install.exe" was a threat	42%

Please enable javascript to display the chart.

Notes:

Please note that the name of the file should NOT be used to define if it is legitimate or not. Such determination can only be made by observing its dynamic behaviour.
In order to check a file, please submit it to ThreatExpert.
For a comprehensive pro-active protection against threats, please consider ThreatFire - our behavioral antivirus solution.

The file "install.exe" is known to be created under the following filenames:

%AllUsersProfile%\cncdown.exe

%AllUsersProfile%\documents.exe

%AllUsersProfile%\favorites.exe

%AppData%\%username%.task\chasnah.exe

%AppData%\%username%.task\csrss.exe

%AppData%\%username%.task\lsass.exe

%AppData%\%username%.task\server.exe

%AppData%\%username%.task\smss.exe

%AppData%\1.exe

%AppData%\adobe\player.exe

%AppData%\alna.scr

%AppData%\blaah.exe

%AppData%\calc.exe

%AppData%\codecsetup.exe

%AppData%\codecsetup3788.exe

%AppData%\codecsetup4127.exe

%AppData%\codecsetup6400.exe

%AppData%\codecsetup8536.exe

%AppData%\cp_setup_assist.exe

%AppData%\cuda.exe

%AppData%\dealassistant\dauninstall.exe

%AppData%\digifast\dfuninstall.exe

%AppData%\hose.exe

%AppData%\ijango_toolbar_installer.exe

%AppData%\ldr.exe

%AppData%\microsoft\dtsc\t.exe

%AppData%\microsoft\office71\vhchk.exe

%AppData%\microsoft\windows\ernsjyi.exe

%AppData%\microsoft\windows\jjcmdrj.exe

%AppData%\microsoft\windows\nheste.exe

%AppData%\microsoft\windows\nxmwp.exe

%AppData%\microsoft\windows\rwmgh.exe

%AppData%\microsoft\windows\security\user0.exe

%AppData%\microsoft\windows\tbljxjk.exe

%AppData%\microsoft\windows\vohth.exe

%AppData%\microsoft\windows\vvpmyvaw.exe

%AppData%\mxplay\temp\mxplay_installer.exe

%AppData%\ntcom.dll

%AppData%\nthead.dll

%AppData%\pak-5593.exe

%AppData%\pak-5594.exe

%AppData%\pak-5595.exe

%AppData%\pak-5596.exe

%AppData%\pak-5597.exe

%AppData%\pak-5598.exe

%AppData%\pak-5599.exe

%AppData%\pak-5600.exe

%AppData%\pak-5601.exe

%AppData%\pak-5602.exe

%AppData%\pak-5603.exe

%AppData%\reddiget\install.exe

%AppData%\salehoo\auctionalert\_tmp\aa.exe

%AppData%\salehoo\salehooalert\_tmp\aa.exe

%AppData%\scvhost.exe

%AppData%\silverlight\silverlight.exe

%AppData%\skynet\muonline\_cw0srv.exe

%AppData%\skynet\muonline\234672.exe

%AppData%\skynet\muonline\239874.exe

%AppData%\skynet\muonline\293874.exe

%AppData%\skynet\muonline\345674.exe

%AppData%\skynet\muonline\345676.exe

%AppData%\skynet\muonline\435627.exe

%AppData%\skynet\muonline\543978.exe

%AppData%\skynet\muonline\546783.exe

%AppData%\speedrunner\sruninstall.exe

%AppData%\svchosters.exe

%AppData%\temp.dll

%AppData%\truesword4.exe

%AppData%\wefisetup.exe

%AppData%\winbutler\winbuninstaller.exe

%AppData%\winbutler\winbutler.exe

%AppData%\windows.exe

%AppData%\wintouch\wintouch.exe

%AppData%\wintouch\wtuninstaller.exe

%AppData%\wrar380d.exe

%AppData%\yeah\yeah374809.exe

%CommonAppData%\38001914.exe

%CommonAppData%\3810eef8.exe

%CommonAppData%\381751d0.exe

%CommonAppData%\388f0900.exe

%CommonAppData%\38d3ff69.exe

%CommonAppData%\3gp.exe

%CommonAppData%\aol downloads\aoltoolbar\setuptoolbar.exe

%CommonAppData%\av1\av1.exe

%CommonAppData%\av1\av1i.exe

%CommonAppData%\av1\av1i2.exe

%CommonAppData%\av1\av1two.exe

%CommonAppData%\av1\qwprotect.dll

%CommonAppData%\av1\svchost.exe

%CommonAppData%\av2010\av2010.exe

%CommonAppData%\av2010\iedefender.dll

%CommonAppData%\av2010\svchost.exe

%CommonAppData%\avg.exe

%CommonAppData%\dyned\eng_loc.exe

%CommonAppData%\e4a12b7\extraav.exe

%CommonAppData%\e4a12b7\ua2009.exe

%CommonAppData%\e4a12b7\valarm.exe

%CommonAppData%\e4a12b7\vmelt.exe

%CommonAppData%\e4a12b7\vsweep.exe

%CommonAppData%\fetion\fetionupdate.exe

Notes:

%AllUsersProfile% is a variable that specifies the all users' profile folder. By default, this is C:\Documents and Settings\All Users (Windows NT/2000/XP).
%AppData% is a variable that refers to the file system directory that serves as a common repository for application-specific data. A typical path is C:\Documents and Settings\[UserName]\Application Data.
%CommonAppData% is a variable that refers to the file system directory containing application data for all users. A typical path is C:\Documents and Settings\All Users\Application Data.

The file "install.exe" has the following possible countries of origin:

Origin		Number of Incidents
	Russian Federation	39
	Germany	7
	China	6
	Sweden	3
	United Kingdom	3
	Iran	2
	Poland	2
	Republic of Korea	2
	Taiwan	2
	Ukraine	2
	Brazil	1
	France	1
	Japan	1
	Spain	1

The following threats are known to be associated with the file "install.exe":

Threat Alias	Number of Incidents
TrojanClicker:Win32/Hatigh.C [Microsoft]	332
Mal/EncPk-KP [Sophos]	263
Gen.Packed [Ikarus]	243
Packed.Generic.233 [Symantec]	220
Generic.dx!fml [McAfee]	189
Downloader [Symantec]	157
Mal/Generic-A [Sophos]	149
Trojan-Clicker.Win32.Hatigh [Ikarus]	122
Trojan-Downloader.Win32.Suurch.awk [Kaspersky Lab]	120
W32/Virut.gen.a [McAfee]	91
PE_VIRUT.AV [Trend Micro]	81
Trojan.Matcash.Gen [PC Tools]	74
Virus.Virut.AV [PC Tools]	72
Trojan Horse [Symantec]	70
Downloader.gen.a [McAfee]	67
Virus.Win32.Virut.av [Kaspersky Lab]	63
TROJ_DLOADR.CS [Trend Micro]	51
Win-Trojan/Agent.21504.NB [AhnLab]	32
Generic.dx!fmw [McAfee]	30
Mal/DownLdr-O, Mal/DownLdr-T [Sophos]	28
Trojan-Downloader.Win32.Small.tei [Kaspersky Lab]	28
Virus.Win32.Small [Ikarus]	28
Bloodhound.Unknown [Symantec]	27
Troj/FakeVir-NU [Sophos]	25
Trojan-Downloader.Win32.FraudLoad [Ikarus]	25
Trojan-Downloader.Win32.FraudLoad.ezj [Kaspersky Lab]	25
W32/HLLP.Philis.dam [McAfee]	25
Win-Trojan/Downloader.60416.AB [AhnLab]	25
FakeAlert-EL [McAfee]	20
Trojan.Win32.FraudPack.pbf [Kaspersky Lab]	15
Trojan-Downloader.Win32.Suurch.awj [Kaspersky Lab]	15
W32.Looked.P [Symantec]	15
Win32/Viking.Gen [AhnLab]	15
Win-Trojan/Fraudpack.27136 [AhnLab]	15
Suspicious.MH690 [Symantec]	14
Generic PUP.d [McAfee]	12
Packer.Pohernah [Ikarus]	12
Backdoor.Trojan [Symantec]	11
Spy-Agent.cv [McAfee]	11
Trojan-Downloader.Win32.Small [Ikarus]	11
VirTool:Win32/CeeInject.gen!J [Microsoft]	11
VirTool.Win32.CeeInject [Ikarus]	10
W32.Stration.AD@mm [Symantec]	10
WORM_DELF.AW [Trend Micro]	10
Mal/DownLdr-O [Sophos]	9
Virus:Win32/Virut.AC [Microsoft]	9
W32.Virut.W [Symantec]	9
W32/Virut-W [Sophos]	9
Win32.Virut.Gen.4 [PC Tools]	9
Win32/Virut.B [AhnLab]	9
AdWare.Ourxin [Ikarus]	8
Generic BackDoor [McAfee]	8
New Malware.aj [McAfee]	8
Packed/Upack [PC Tools]	8
Trojan.Generic [PC Tools]	8
Trojan-Spy.Win32.Ardamax [Ikarus]	8
MonitoringTool:Win32/Ardamax [Microsoft]	7
Trojan-Spy.Win32.Ardamax.n [Kaspersky Lab]	7
TSPY_ARDAMAX.GA [Trend Micro]	7
Backdoor.Win32.Bifrose.ains [Kaspersky Lab]	6
Downloader.MisleadApp [Symantec]	6
FakeAlert-XPSecCenter [McAfee]	6
Generic.dx [McAfee]	6
Mal/EncPk-BW [Sophos]	6
Mal/Sparow-A [Sophos]	6
not-a-virus:FraudTool.Win32.XPSecurityCenter.p [Kaspersky Lab]	6
VirTool:Win32/VBInject.gen!Q [Microsoft]	6
Email-Worm.Warezov [PC Tools]	5
Generic Dropper.bw [McAfee]	5
TROJ_FRAUDLO.PEK [Trend Micro]	5
Trojan.Win32.FraudPack.pfw [Kaspersky Lab]	5
Trojan-Downloader.Win32.Dontovo [Ikarus]	5
Trojan-Downloader.Win32.Small.eqn [Kaspersky Lab]	5
Win-Trojan/Xema.variant [AhnLab]	5
BackDoor-CEP.svr [McAfee]	4
BKDR_NUCLEAR.AZ [Trend Micro]	4
Dropper/Downloader.817294 [AhnLab]	4
FakeAlert-ES [McAfee]	4
Generic Downloader.x [McAfee]	4
Generic.dx!te [McAfee]	4
New Malware.jn [McAfee]	4
Packed.Win32.Krap [Ikarus]	4
Packed.Win32.Krap.ag [Kaspersky Lab]	4
PrivacyCenter [Symantec]	4
Rootkit.Win32.TDSS [Ikarus]	4
TROJ_Generic [Trend Micro]	4
TROJ_SMALL.BYV [Trend Micro]	4
Trojan.Dropper [Symantec]	4
Trojan:Win32/Bumat!rts [Microsoft]	4
Trojan:Win32/Meredrop [Microsoft]	4
Trojan-Downloader.Small!sd5 [PC Tools]	4
Trojan-Downloader.Win32.Small.yxa [Kaspersky Lab]	4
Trojan-Downloader.Win32.Suurch.bbg [Kaspersky Lab]	4
TrojanDownloader:Win32/Renos.JM [Microsoft]	4
Trojan-Spy.Win32.Ardamax.t [Kaspersky Lab]	4
TrojanSpy:Win32/Ardamax.A [Microsoft]	4
TSPY_ARDAMAX.HR [Trend Micro]	4
Win-Trojan/Fraudpack.25088.F [AhnLab]	4
Worm.Win32.AutoRun.efi [Kaspersky Lab]	4
AZESearch [McAfee]	3