Technical Information
Malicious functions:
Creates and executes the following:
- <SYSTEM32>\tcxp.exe netstat tracert nbstat mmc tcpview _avp32 _avpcc _avpm ackwin32 advxdwin agentsvr agv ahnsd alertsvc alogserv amon amon9x amonavp32 anti -trojan antivir antivirus ants antssircam apimonitor aplica32 apvxdwin atcon atguard ats atscan atupdater atwatch autodown autotrace autoupdate avconsol ave32 avgcc32 avgctrl avgserv avgserv9 avgserv9schedapp avgw avkpop avkserv avkservice avkwcl9 avkwctl9 avnt avp avp32 avpcc AVPCC Service avpccavpm avpdos32 avpexec avpinst avpm avpmonitor avptc avptc32 avpupd avpupdates avrescue avsched32 avsynmgr avwin95 avwinnt avwupd32 avxgui avxinit avxlive avxmonitor9x avxmonitornt avxnews avxquar avxsch avxw BACKLOG bd_professional bidef bidserver bipcp bisp blackd blackice blackiceblackd BootWarn borg2 bs120 bullguard ccApp ccevtmgr ccIMScan ccPwdSrc ccpxysvc ccSetMgr cdp cfiadmin cfiaudit cfinet cfinet32 claw95 claw95cf clean cleaner cleaner3 cleanpc cmgrdian cmon016 codered connectionmonitor conseal cpd cpf9x206 ctrl defalert defence defense defscangui defwatch deputy doors dpf drwatson drweb32 dvp95 dvp95_0 ecengine edisk efpeadm esafe escanh95 escanhnt escanv95 espwatch etrustcipe evpn exantivirus -cnet expert f -agnt95 f -prot f -prot95 f -secure f -stopw fameh32 fast fch32 fih32 findviru firewall fix-it flowprotector fnrb32 fp -win fp -win_trial fprot frw fsaa fsav32 fsav95 fsave32 fsgk32 fsm32 fsma32 fsmb32 fwenc gbmenu gbpoll gedit generics grief3878 guard guarddog HackerEliminator hh iamapp iamserv iamstats ibmasn ibmavsp icload95 icloadnt icmon icsupp95 icsuppnt iface ifw2000 inoculateit iomon98 iparmor iris isrv95 jammer jedi kavpf kav kavsvc ldnetmon ldpromenu ldscan localnet lockdown lockdown2000 lookout luall lucomserver luspt mcafee mcagent mcmnhdlr mcshield mcshieldvvstat mctool mcupdate mcvsrte mcvsshld mgavrtcl mgavrte mghtml mgui minilog mon monitor monsys32 monsysnt moolive mpfservice mpftray mrflux msinfo32 mwatch mxtask n32scanw nav NAV DefAlert nav32 navalert navap navapsvc NAVAPW32 navauto -protect navdx navengnavex15 navlu32 navnt navrunr navstub navw32 Navwnt nc2000 ndd32 neomonitor neowatchlog net2000 netarmor netcommando netinfo netmon netpro netprotect netscanpro netspyhunter -1.2 netstat netutils netutils] nimda nisserv nisum nisumnisservnisum nmain nod32 norman norman_32 norman_av norman32 normanav normist norton Norton Auto-Protect norton_av nortonav notstart npfmessenger npfw npfw32 nprotect npscheck npssvc nresq32 nsched32 nschednt nsplugin ntrtscan ntvdm ntxconfig nui nupgrade nvarch16 nvc95 nvsvc32 nwservice nwtool16 offguard OPScan ostronet outpost padmin panda pandaav panixk pav pavcl pavproxy pavsched pavw pc -cillan pc -cillin pccguide pcciomon pccntmon pccwin97 pccwin98 pcfwallicon pcscan periscope persfw pf2 pfwad min pingscan platin pop3trap poproxy portdetective portmonitor ppinupdt pptbc ppvstop processmonitor programauditor proport protectx pspf purge pview95 pw32 qconsole rav rav7 rav7win realmon regrun2 rescue rrguard rshell rtvscn95 rulaunch safeweb SAVscan sbserv SBservice scan scan32 scan95 scanpm scrscan sd SENS serv95 sfc sh sharedaccess shn smc sofi sophos sophos_av sophosav spf sphinx spy spygate spyx spyxx srwatch ss3edit st2 supftrl supp95 supporter5 sweep95 sweepnet sweepsrv.sys sweepsrv.sysvshwin32 swnetsup symantec Symantec Core LC symlcsvc symproxysvc symtray sysedit taskmon taumon tauscan tbscan tc tca tcm tctca tds -3 tds2 -98 tds2 -nt tfak tfak5 tgbob titanin titaninxp trendmicro trjscan trojantrap3 TrueVector undoboot update vbcmserv vbcons vbust vbwin9x vbwinntw vccmserv vcontrol vet32 vet95 vettray vir -help virus virusmdpersonalfirewall vnlan300 vnpc3000 vpc32 vpfw30s vptray vscan40 vsched vsecomr vshwin32 vshwin32vbcmserv vsmain vsmon vsstat vswin9xe vswinntse w9x watchdog webscanx webtrap wfindv32 wgfe95 whoswatchingme wimmun32 winrecon winroute winsfcm wnt wqkmm3878 wradmin wrctrl wsbgate wyvernworksfirewall zapro zatutor zauinst zonealarm msconfig netstat tracert nbstat mmc tcpview _avp32 _avpcc _avpm ackwin32 advxdwin agentsvr agv ahnsd alertsvc alogserv amon amon9x amonavp32 anti -trojan antivir antivirus ants antssircam apimonitor aplica32 apvxdwin atcon atguard ats atscan atupdater atwatch autodown autotrace autoupdate avconsol ave32 avgcc32 avgctrl avgserv avgserv9 avgserv9schedapp avgw avkpop avkserv avkservice avkwcl9 avkwctl9 avnt avp avp32 avpcc AVPCC Service avpccavpm avpdos32 avpexec avpinst avpm avpmonitor avptc avptc32 avpupd avpupdates avrescue avsched32 avsynmgr avwin95 avwinnt avwupd32 avxgui avxinit avxlive avxmonitor9x avxmonitornt avxnews avxquar avxsch avxw BACKLOG bd_professional bidef bidserver bipcp bisp blackd blackice blackiceblackd BootWarn borg2 bs120 bullguard ccApp ccevtmgr ccIMScan ccPwdSrc ccpxysvc ccSetMgr cdp cfiadmin cfiaudit cfinet cfinet32 claw95 claw95cf clean cleaner cleaner3 cleanpc cmgrdian cmon016 codered connectionmonitor conseal cpd cpf9x206 ctrl defalert defence defense defscangui defwatch deputy doors dpf drwatson drweb32 dvp95 dvp95_0 ecengine edisk efpeadm esafe escanh95 escanhnt escanv95 espwatch etrustcipe evpn exantivirus -cnet expert f -agnt95 f -prot f -prot95 f -secure f -stopw fameh32 fast fch32 fih32 findviru firewall fix-it flowprotector fnrb32 fp -win fp -win_trial fprot frw fsaa fsav32 fsav95 fsave32 fsgk32 fsm32 fsma32 fsmb32 fwenc gbmenu gbpoll gedit generics grief3878 guard guarddog HackerEliminator hh iamapp iamserv iamstats ibmasn ibmavsp icload95 icloadnt icmon icsupp95 icsuppnt iface ifw2000 inoculateit iomon98 iparmor iris isrv95 jammer jedi kavpf kav kavsvc ldnetmon ldpromenu ldscan localnet lockdown lockdown2000 lookout luall lucomserver luspt mcafee mcagent mcmnhdlr mcshield mcshieldvvstat mctool mcupdate mcvsrte mcvsshld mgavrtcl mgavrte mghtml mgui minilog mon monitor monsys32 monsysnt moolive mpfservice mpftray mrflux msinfo32 mwatch mxtask n32scanw nav NAV DefAlert nav32 navalert navap navapsvc NAVAPW32 navauto -protect navdx navengnavex15 navlu32 navnt navrunr navstub navw32 Navwnt nc2000 ndd32 neomonitor neowatchlog net2000 netarmor netcommando netinfo netmon netpro netprotect netscanpro netspyhunter -1.2 netstat netutils netutils] nimda nisserv nisum nisumnisservnisum nmain nod32 norman norman_32 norman_av norman32 normanav normist norton Norton Auto-Protect norton_av nortonav notstart npfmessenger npfw npfw32 nprotect npscheck npssvc nresq32 nsched32 nschednt nsplugin ntrtscan ntvdm ntxconfig nui nupgrade nvarch16 nvc95 nvsvc32 nwservice nwtool16 offguard OPScan ostronet outpost padmin panda pandaav panixk pav pavcl pavproxy pavsched pavw pc -cillan pc -cillin pccguide pcciomon pccntmon pccwin97 pccwin98 pcfwallicon pcscan periscope persfw pf2 pfwad min pingscan platin pop3trap poproxy portdetective portmonitor ppinupdt pptbc ppvstop processmonitor programauditor proport protectx pspf purge pview95 pw32 qconsole rav rav7 rav7win realmon regrun2 rescue rrguard rshell rtvscn95 rulaunch safeweb SAVscan sbserv SBservice scan scan32 scan95 scanpm scrscan sd SENS serv95 sfc sh sharedaccess shn smc sofi sophos sophos_av sophosav spf sphinx spy spygate spyx spyxx srwatch ss3edit st2 supftrl supp95 supporter5 sweep95 sweepnet sweepsrv.sys sweepsrv.sysvshwin32 swnetsup symantec Symantec Core LC symlcsvc symproxysvc symtray sysedit taskmon taumon tauscan tbscan tc tca tcm tctca tds -3 tds2 -98 tds2 -nt tfak tfak5 tgbob titanin titaninxp trendmicro trjscan trojantrap3 TrueVector undoboot update vbcmserv vbcons vbust vbwin9x vbwinntw vccmserv vcontrol vet32 vet95 vettray vir -help virus virusmdpersonalfirewall vnlan300 vnpc3000 vpc32 vpfw30s vptray vscan40 vsched vsecomr vshwin32 vshwin32vbcmserv vsmain vsmon vsstat vswin9xe vswinntse w9x watchdog webscanx webtrap wfindv32 wgfe95 whoswatchingme wimmun32 winrecon winroute winsfcm wnt wqkmm3878 wradmin wrctrl wsbgate wyvernworksfirewall zapro zatutor zauinst zonealarm
Terminates or attempts to terminate
the following user processes:
- mpftray.exe
- NAVAPW32.EXE
- GUARD.EXE
- MCAGENT.EXE
- nod32.exe
- zapro.exe
- ZONEALARM.EXE
- outpost.exe
- smc.exe
- AVP.EXE
- AVP32.EXE
- AVGCC32.EXE
- AVGCTRL.EXE
- AVPCC.EXE
- ccapp.exe
- fsav32.exe
- AVPM.EXE
- AVSYNMGR.EXE
Modifies file system :
Creates the following files:
- <SYSTEM32>\tcxp.exe
Miscellaneous:
Searches for the following windows:
- ClassName: '' WindowName: ''