Skip to content

mgrs.exe

mgrs.exe was added to FreeFixer's database on the 25 Jul 2007. The most recent search for this file was done on 19 Aug 2007. mgrs.exe is located in the 'C:\WINDOWS\' folder.

So far there has been 6 searches for mgrs.exe.

If you have additional information about the file, please share it with the FreeFixer users by posting a comment at the bottom of this page.

Version information

This file does not have any version information.

What will you do with the file?

To help other users, please let us know what you will do with the file:



What did other users do?

The poll results listed below shows what other users choose to do with the file.

Votes
Keep27.5 %
19
Remove72.5 %
50

NOTE: Please do not use this poll as the only source of input to determine what you will do with the file.

Comments

Roger Karlsson writes

10 thumbs Put you thumb up for this comment Put you thumb down for this comment

Here's what the anti-virus programs say about the file:

File: mgrs.exe
Status: INFECTED/MALWARE
MD5: c6427852f1b0044cd18788c3dfdc0e7a
Packers detected: -
Bit9 reports: Not analyzed yet (more info)

Scanner results
Scan taken on 19 Aug 2007 07:52:37 (GMT)
A-Squared Found nothing
AntiVir Found TR/Dldr.Alphabet.K.1
ArcaVir Found nothing
Avast Found Win32:Alphabet-C
AVG Antivirus Found Clicker.GNU
BitDefender Found Generic.Dld.Alpha.D79E2EA7
ClamAV Found Trojan.Downloader-11634
CPsecure Found nothing
Dr.Web Found Trojan.DownLoader.25873
F-Prot Antivirus Found W32/Downldr2.AJVV
F-Secure Anti-Virus Found Trojan-Downloader.Win32.Alphabet.k
Fortinet Found Nonaco!tr
Kaspersky Anti-Virus Found nothing
NOD32 Found probably a variant of Win32/TrojanClicker.Agent.NBS (probable variant)
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found Troj/Nonaco-Gen
VirusBuster Found nothing
VBA32 Found Trojan.DownLoader.25873

(Scan done with Jotti's malware scanner)

# 19 Aug 2007, 9:53

SpamBUSTERS writes

7 thumbs Put you thumb up for this comment Put you thumb down for this comment

mgrs.exe
MGRS.EXE has been seen to perform the following behavior(s):
Registers a Dynamic Link Library File The Process is packed and/or encrypted using a software packing process The Process is polymorphic and can change its structure Can communicate with other computer systems using HTTP protocols This Process Creates Other Processes On Disk Executes a Process Writes to another Process's Virtual Memory (Process Hijacking) This Process Deletes Other Processes From Disk Adds a Registry Key (RUN) to auto start Programs on system start up
http://www.prevx.com/filenames/X58569627309651352-X1/XPUPDATE.EXE.html

Executed as a Process Deleted as a process from disk Created as a process on disk Writes to another Process's Virtual Memory (Process Hijacking) Terminated as a Process Added as a Registry auto start to load Program on Boot up Registered as a Dynamic Link Library File
http://www.prevx.com/filenames/X3654177192240634719-X1/MGRS.EXE.html

mgrs,exe is a component of Trojan.Downloader.Contravirus
Trojan.Downloader.Contravirus is a Trojan downloader program that is known to be affiliated with a rogue anti-spyware program called ContraVirus. Once Trojan.Downloader.Contravirus infects your machine, it will get access to import additional malware parasites onto your computer system. Additionally, Trojan.Downloader.Contravirus may bombard your screen with excessive popup advertisements that will cause your machine to behave sluggish. Also beware that Trojan.Downloader.Contravirus may appear very hard to manually remove

other components listed are
main_uninstaller.exe
rzfum.exe
mgrs.exe
dmrua.exe
qacodebv.exe
bjzkaa.exe
tconcbiA.exe
nkdsregj.exe
pwinnndt.exe
mmdsregr.exe
xpuupdate.exe
msdsregl.exe

Registry entries listed here
http://www.spywareremove.com/removeTrojanDownloaderContravirus.html

# 1 Jan 2008, 9:58

Login and comment