system.exe - Process Library - PC Pitstop Libraries

PC Pitstop Libraries > Process Library > system.exe

More than one possible match was found; all matches are listed below in order of their prevalence. This only tells you what the file and the correct action might be.

To understand which possibility is actually running on your own system, perform an Overdrive test and then look at the Software|Processes tab.

Match #1

system.exe (W32.Pahatia.A)

Percentage of recently scanned PC's with this process running: 0.00%
Average CPU use for this program: %
Average RAM for this program: MB

PC Pitstop Analysis

system.exe - According to Symantec:

W32.Pahatia.A is a worm that can spread by copying itself into local folders and mapped network drives, and attempts to restart the compromised computer if certain processes are running.

Recommendation

system.exe is a VIRUS. Stop all work until the virus is removed or you run the risk of spreading the virus to other people. Worse yet, the virus may be doing harm to your computer and your information.

system.exe is a virus and should be removed immediately to avoid doing further harm. PC Pitstop recommends CA Antivirus in these types of situations.

Identification

The file name alone identifies this program.

MD5 Hashes

MD5 hashes is the way that computers can define the uniqueness of a file. Anti malware vendors frequently use this technique to detect and clean malware. It is common for a program to have multiple MD5 hashes as the developers create newer versions of the program. For the program called system.exe, we have detected more than 20 different MD5 hashes. Click on a hash to research the hash in Google.

MD5 Report Summary
Program Name	MD5 Count
system.exe	> 20

#	MD5	Size
1	0xf6e547aa92078445aef8d6e052e6f2da	24576 bytes
2	0x381093eb8de6742efe6bfc8393b2f339	3593810 bytes
3	0xdd4ab823aedf142ce4adfacbaa152b86	5632 bytes
4	0x109ff58d292a9e7595aeb3e8c9deed0a	88593 bytes
5	0x2fc7ce087fc7c8847c1de12ba5ca14d8	5120 bytes
6	0xdb28e581fa8b13b3df14ab34b8a02b48	413696 bytes
7	0x4e53529d8e80be09def364fee569731e	89105 bytes
8	0x6fd6fa259a2c96ced8f38680f22c3383	58294 bytes
9	0xd575da1eafb29300f11c00d261889b87	278528 bytes
10	0xda31bc11e509656c1e2538880538964b	5548 bytes
11	0x77471a778e0939c8895b29845479e6ba	3922019 bytes
12	0xd2fd57356cfeb71bb1860b4174e1a0f4	3705320 bytes
13	0xf89f34393cf71304e50dcd98e00d5707	68096 bytes
14	0xca2aea37449740d6793d9b822dfc3ae5	59513 bytes
15	0x97de357f8c81eff102b0d917b8ef3245	18432 bytes
16	0x1d82ae45fe993c10b6fad8e8f949135d	4256783 bytes
17	0xa9b802c7b5a436159869f9764ffce293	4459810 bytes
18	0x18e43d53753c21814dca5acb2f459196	473088 bytes
19	0xbe9fe335edf24b44bbf6d521cc028754	7680 bytes
20	0xab1b8cf7d7f4c24aab9ac467f0721533	22537 bytes

PC Pitstop Database Comparisons

Every week, we update our information about the running programs identified during the previous week's testing. system.exe (W32.Pahatia.A) has been seen on 0.00% of systems tested at PC Pitstop. As a point of comparison, it is rare for a particular malicious program (virus or spyware) to be seen on more than one or two percent of all systems tested. The average RAM memory usage for this process was MB. The average CPU load for this program was %.

Detailed Description and/or Removal Instructions

http://www.symantec.com/security_response/writeup.jsp?docid=2006-053012-1545-99&tabid=2

Match #2

system.exe (Tofger trojan)

This program has not been seen on any systems tested at PC Pitstop in the past week.

PC Pitstop Analysis

SYSTEM.EXE - Part of the Tofger trojan or a variant, see http://www.sophos.com/virusinfo/analyses/trojtofgerb.html.

Recommendation

system.exe is a virus and should be removed immediately to avoid doing further harm. PC Pitstop recommends CA Antivirus in these types of situations.

Identification

In addition to the file name, system.exe, the following version information is used to identify the file. If the file does not match this information, it may be a different file. To ensure the file is absolutely correct, run a free and comprehensive scan.

Vendor is not specified
Product is not specified
File name contains:	\WIN

To view version information with Windows Explorer, right-click the file and click Properties, Version.

MD5 Hashes

MD5 Report Summary
Program Name	MD5 Count
system.exe	> 20

#	MD5	Size
1	0xcd262133e65f6dcae37b87a438c85c8a	1930240 bytes
2	0x9ba0fece2d996b80fec3572a496c3c58	94208 bytes
3	0x1a6d63e0a1afbf7ebf6e19d4609bea3b	75264 bytes
4	0x1cc06a403c61f98bf0ca5437e6894784	696320 bytes
5	0xc3c4bb1529b639d04e2e53c07cbd84c3	238802 bytes
6	0x031c23f4bad71570794dbfea6549e133	3776512 bytes
7	0x74333affcf44e271950b2fc0122079e2	2560 bytes
8	0x6263a7c227651000f80ff39d20076236	294912 bytes
9	0xdb8a02237d35ab10a3d2fb1f99cc984a	4354046 bytes
10	0x2742a0aefe512a2607ce47932f589121	1428480 bytes
11	0x76b26527e2f56f4a59e59493d0e3ef84	347648 bytes
12	0x6815ede22c8300ddfd813eb7f251b1c4	1319424 bytes
13	0xe114d57f2bf26c170137409264c97a4e	8704 bytes
14	0xda3ab952880b9abe8b89f42a9cfb45c6	307200 bytes
15	0xef97d150fcde41bee8b80aa02039dd0d	63488 bytes
16	0xd81688acf25e16fb35d9acd39f301c21	636890 bytes
17	0xcc82750e2ac0357dec57cfa1f3b538e8	1478656 bytes
18	0x783084ef46b6d3f9b07fb6ba99f8dedf	172032 bytes
19	0x53355cacbc6bf36445e552539e42e8a2	119117 bytes
20	0xe8b3adc8e031aaea812f711e4f1dd540	159744 bytes

PC Pitstop Database Comparisons

Every week, we update our information about the running programs identified during the previous week's testing. This program has not been seen on any systems tested at PC Pitstop in the past week.

Important note: A file name alone may not be enough for positive identification. PC Pitstop's Overdrive tests and spyware scan use information such as the company name, product name, or install directory. If you are unable to identify a file, ask about it in our forums after running our full tests.