ThreatExpert's awareness of the file "system.exe":

Across all ThreatExpert reports, the file "system.exe" was mostly identified as a threat.

File "system.exe" has the following statistics:

Total number of reports analysed	611,932
Number of cases that involved the file "system.exe"	1,755
Number of incidents when this file was found to be a threat	1,540
Statistical volume of cases when "system.exe" was a threat	88%

Please enable javascript to display the chart.

Notes:

Please note that the name of the file should NOT be used to define if it is legitimate or not. Such determination can only be made by observing its dynamic behaviour.
In order to check a file, please submit it to ThreatExpert.
For a comprehensive pro-active protection against threats, please consider ThreatFire - our behavioral antivirus solution.

The file "system.exe" is known to be created under the following filenames:

%AllUsersProfile%\cncdown.exe

%AllUsersProfile%\desktop.exe

%AllUsersProfile%\documents.exe

%AllUsersProfile%\documentsread1st.exe

%AllUsersProfile%\drm.exe

%AllUsersProfile%\drm\drm.exe

%AllUsersProfile%\favorites.exe

%AllUsersProfile%\templates.exe

%AppData%\1.exe

%AppData%\alna.scr

%AppData%\blaah.exe

%AppData%\calc.exe

%AppData%\codecsetup.exe

%AppData%\codecsetup3788.exe

%AppData%\codecsetup4127.exe

%AppData%\codecsetup6400.exe

%AppData%\codecsetup8536.exe

%AppData%\cp_setup_assist.exe

%AppData%\cuda.exe

%AppData%\dealassistant\dauninstall.exe

%AppData%\digifast\dfuninstall.exe

%AppData%\hose.exe

%AppData%\ijango_toolbar_installer.exe

%AppData%\ldr.exe

%AppData%\microsoft\dtsc\t.exe

%AppData%\microsoft\ints.exe

%AppData%\microsoft\office71\vhchk.exe

%AppData%\microsoft\windows\ernsjyi.exe

%AppData%\microsoft\windows\jjcmdrj.exe

%AppData%\microsoft\windows\nheste.exe

%AppData%\microsoft\windows\nxmwp.exe

%AppData%\microsoft\windows\rwmgh.exe

%AppData%\microsoft\windows\security\user0.exe

%AppData%\microsoft\windows\tbljxjk.exe

%AppData%\microsoft\windows\vohth.exe

%AppData%\microsoft\windows\vvpmyvaw.exe

%AppData%\mxplay\temp\mxplay_installer.exe

%AppData%\ntcom.dll

%AppData%\nthead.dll

%AppData%\pak-5593.exe

%AppData%\pak-5594.exe

%AppData%\pak-5595.exe

%AppData%\pak-5596.exe

%AppData%\pak-5597.exe

%AppData%\pak-5598.exe

%AppData%\pak-5599.exe

%AppData%\pak-5600.exe

%AppData%\pak-5601.exe

%AppData%\pak-5602.exe

%AppData%\pak-5603.exe

%AppData%\salehoo\auctionalert\_tmp\aa.exe

%AppData%\salehoo\salehooalert\_tmp\aa.exe

%AppData%\scvhost.exe

%AppData%\silverlight\silverlight.exe

%AppData%\skynet\muonline\_cw0srv.exe

%AppData%\skynet\muonline\234672.exe

%AppData%\skynet\muonline\239874.exe

%AppData%\skynet\muonline\293874.exe

%AppData%\skynet\muonline\345674.exe

%AppData%\skynet\muonline\345676.exe

%AppData%\skynet\muonline\435627.exe

%AppData%\skynet\muonline\543978.exe

%AppData%\skynet\muonline\546783.exe

%AppData%\speedrunner\sruninstall.exe

%AppData%\system 32\system.exe

%AppData%\system.exe

%AppData%\system.exe.exe

%AppData%\system32\server.exe

%AppData%\temp.dll

%AppData%\truesword4.exe

%AppData%\wefisetup.exe

%AppData%\winbutler\winbuninstaller.exe

%AppData%\winbutler\winbutler.exe

%AppData%\windows.exe

%AppData%\wintouch\wintouch.exe

%AppData%\wintouch\wtuninstaller.exe

%AppData%\wrar380d.exe

%AppData%\yeah\yeah374809.exe

%CommonAppData%\38001914.exe

%CommonAppData%\3810eef8.exe

%CommonAppData%\381751d0.exe

%CommonAppData%\388f0900.exe

%CommonAppData%\38d3ff69.exe

%CommonAppData%\aol downloads\aoltoolbar\setuptoolbar.exe

%CommonAppData%\av1\av1.exe

%CommonAppData%\av1\av1i.exe

%CommonAppData%\av1\av1i2.exe

%CommonAppData%\av1\av1two.exe

%CommonAppData%\av1\qwprotect.dll

%CommonAppData%\av1\svchost.exe

%CommonAppData%\av2010\av2010.exe

%CommonAppData%\av2010\iedefender.dll

%CommonAppData%\av2010\svchost.exe

%CommonAppData%\brainsys\dirlock.exe

%CommonAppData%\dyned\eng_loc.exe

%CommonAppData%\e4a12b7\extraav.exe

%CommonAppData%\e4a12b7\ua2009.exe

%CommonAppData%\e4a12b7\valarm.exe

%CommonAppData%\e4a12b7\vmelt.exe

%CommonAppData%\e4a12b7\vsweep.exe

Notes:

%AllUsersProfile% is a variable that specifies the all users' profile folder. By default, this is C:\Documents and Settings\All Users (Windows NT/2000/XP).
%AppData% is a variable that refers to the file system directory that serves as a common repository for application-specific data. A typical path is C:\Documents and Settings\[UserName]\Application Data.
%CommonAppData% is a variable that refers to the file system directory containing application data for all users. A typical path is C:\Documents and Settings\All Users\Application Data.

The file "system.exe" has the following possible countries of origin:

Origin		Number of Incidents
	China	238
	Spain	48
	United Kingdom	40
	Russian Federation	32
	Brazil	24
	Germany	17
	Sweden	13
	Poland	7
	Hong Kong	4
	Iran	3
	Indonesia	2
	Taiwan	2
	Turkey	2
	Algeria	1
	Belgium	1
	Denmark	1
	France	1
	Israel	1
	Portugal	1

The following threats are known to be associated with the file "system.exe":

Threat Alias	Number of Incidents
Infostealer [Symantec]	5,514
Trojan-GameThief.Win32.MultiFirst [Ikarus]	4,352
Mal/Generic-A [Sophos]	3,117
Trojan-PWS.OnlineGames [PC Tools]	2,498
PWS:Win32/Lolyda.T [Microsoft]	2,433
Generic PWS.y [McAfee]	2,406
Trojan-GameThief.Win32.MultiFirst.ad [Kaspersky Lab]	2,115
Trojan-GameThief.Win32.MultiFirst.ah [Kaspersky Lab]	1,476
Generic.dx [McAfee]	698
W32.SillyDC [Symantec]	627
Trojan-GameThief.Win32.MultiFirst.ae [Kaspersky Lab]	580
PWS:Win32/Lolyda.M [Microsoft]	552
PWS:Win32/OnLineGames.GC [Microsoft]	521
WORM_VBWORM.AC [Trend Micro]	520
Infostealer.Gampass [Symantec]	500
Trojan-PWS.Magania [PC Tools]	423
Virus.Win32.AutoRun.aim [Kaspersky Lab]	420
Trojan-GameThief.Win32.MultiFirst.ac [Kaspersky Lab]	323
PWS-Mmorpg.gen [McAfee]	306
Trojan-Spy.Gampass!sd6 [PC Tools]	294
PWS-OnlineGames.cz [McAfee]	250
TrojanClicker:Win32/Hatigh.C [Microsoft]	240
Mal/EncPk-KP [Sophos]	230
PWS.Win32.Lolyda [Ikarus]	225
W32/Autorun.worm.eb [McAfee]	219
Gen.Packed [Ikarus]	210
Trojan-GameThief.Win32.MultiFirst.al [Kaspersky Lab]	210
PWS-OnlineGames.cf [McAfee]	208
Trojan Horse [Symantec]	201
Trojan-GameThief.Win32.MultiFirst.w [Kaspersky Lab]	196
Packed.Generic.233 [Symantec]	191
Generic.dx!fml [McAfee]	189
Mal/Heuri-D [Sophos]	167
W32.SillyFDC [Symantec]	134
Backdoor.Win32.Agent.ruj [Kaspersky Lab]	132
Trojan-GameThief.Win32.MultiFirst.af [Kaspersky Lab]	132
Trojan-GameThief.Win32.MultiFirst.e [Kaspersky Lab]	132
Trojan-GameThief.Win32.MultiFirst.h [Kaspersky Lab]	110
W32.Lunalight@mm [Symantec]	110
Trojan.Renos.Gen!Pac.5 [PC Tools]	107
Trojan.Win32.SmallGame.a [Kaspersky Lab]	100
Trojan-GameThief.Win32.MultiFirst.y [Kaspersky Lab]	100
Mal/VB-F [Sophos]	92
Trojan-Downloader.VB.AXY [Ikarus]	89
WORM_MOONLIGHT.C [Trend Micro]	86
WORM_NUCRP.GEN [Trend Micro]	86
Email-Worm.Win32.VB.cp [Kaspersky Lab]	82
Win-Trojan/OnlineGameHack.7680.AQ [AhnLab]	82
Worm:Win32/Autorun.AW [Microsoft]	80
Worm.Win32.AutoRun.lk [Kaspersky Lab]	78
W32.Sality.X [Symantec]	71
Win32.Sality.AA [PC Tools]	71
W32/Sality.ac [McAfee]	69
Virus.Win32.Sality.s [Kaspersky Lab]	68
WORM_SALITY.BL [Trend Micro]	67
Infostealer.Hibik.A [Symantec]	66
Mal/Veneb-A [Sophos]	66
Worm.Win32.VB.wg [Kaspersky Lab]	64
New Malware.bc [McAfee]	63
Trojan-GameThief.Win32.MultiFirst.ab [Kaspersky Lab]	63
I-Worm.Moonlight.C [PC Tools]	61
Worm.Win32.VB [Ikarus]	60
Trojan-GameThief.Win32.MultiFirst.t [Kaspersky Lab]	56
Virus.Win32.AutoRun.aim [Ikarus]	52
Mal/Behav-109 [Sophos]	50
Trojan.Delf.AXGF [PC Tools]	50
Trojan-Clicker.Win32.Hatigh [Ikarus]	50
Backdoor.Trojan [Symantec]	46
Trojan-Downloader.Win32.Suurch.awk [Kaspersky Lab]	45
Exp/MS08067-A [Sophos]	44
Exploit.Win32.IMG-WMF.fk [Kaspersky Lab]	44
Worm.Win32.AutoRun [Ikarus]	44
W32/Virut.gen [McAfee]	43
Worm.Win32.VB.yk [Kaspersky Lab]	43
PWS.Win32 [Ikarus]	42
Trojan-GameThief.Win32.MultiFirst.aj [Kaspersky Lab]	42
Trojan-GameThief.Win32.MultiFirst.v [Kaspersky Lab]	42
Trojan.Ducky.B [Symantec]	40
Generic QHosts.b [McAfee]	36
Troj/PWS-AWQ [Sophos]	36
PWS.Win32.Lolyda.M [Ikarus]	35
Suspicious.MH690 [Symantec]	35
W32.Randex.gen [Symantec]	35
Win32.Virut.Gen.5 [PC Tools]	33
Troj/Keylog-JV [Sophos]	32
Backdoor.Win32.Poison.pg [Kaspersky Lab]	31
W32/Autorun.worm.h [McAfee]	31
Exploit.MS08-67 [PC Tools]	30
Trojan-GameThief.Win32.MultiFirst.ak [Kaspersky Lab]	30
Trojan-Spy.Hibik!sd6 [PC Tools]	30
Virus.Win32.Virut.q [Kaspersky Lab]	30
Trojan.DL.CKSPost.Gen [PC Tools]	26
Win32/Autorun.worm.69632 [AhnLab]	26
Win-Trojan/Xema.variant [AhnLab]	26
Worm.AutoRun!sd6 [PC Tools]	26
Trojan-GameThief.Win32.MultiFirst.x [Kaspersky Lab]	25
Win32.SuspectCrc [Ikarus]	25
W32/MoonLight.worm [McAfee]	24
Bloodhound.Unknown [Symantec]	23
Generic BackDoor [McAfee]	23