commgr.exe

MD5:	4e43e2a468d994e4ab0034aa1aee3c59
SHA1:	3474e4c683a1b8440da2ae11b935848aecb47d7d
SHA256:	19a1400396af724bffb6ba1e11d118eff7d58573f9d3551fa8b32c486bbef830

Warning 40 antivirus scanners has detected malware.

Overview

commgr.exe is malware that executes as a process with the local user's privileges. It is set to be start when the PC boots and any user logs into Windows (added to the Run registry key for the all users under the local machine). This particular version is usually found on Microsoft Windows XP (5.1.2600.131072).

Details

File name:	commgr.exe
Typical file path:	C:\program files\windows common files\commgr.exe
Size:	296 KB (303,104 bytes)
Digital DNA
PE subsystem:	Windows GUI
File packed:	No
Code language:	Microsoft Visual C++ 8.0
.NET CLR:	No

More details

Behaviors

Startup files (all users) run

Runs under the registry key 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'

'WindowMessenger' → C:\RECYCLER\X-1-5-21-1960408961-725345543-839522115-1003\WinSysApp.exe

Malware detections

Based on 40+ industry antivirus scanners, 40 of them detected the following malware.

Antivirus engine	Engine version	Detection
Agnitum	5.5.1.3	Trojan.Agent!S4mvQAkVS0M
AhnLab V3 Internet Security	2012.11.15	Worm/Win32.AutoRun
Avira AntiVir	7.11.50.14	Worm/Autorun.hfp
avast!	6.0.1289.0	Win32:AutoRun-BPH [Wrm]
AVG	2014.0.3629	Worm/Generic.BDKN
BitDefender	7.2	Win32.Worm.Autorun.VN
CAT Quick Heal	4.13.12.00	Worm.Autorun.WT
Clam AntiVirus	0.97.3.0	W32.Trojan.VB-13509
Commtouch	5.3.2.6	W32/MalwareF.KHIO
Comodo Internet Security	14198	TrojWare.Win32.Cosmu.abf
Dr.Web	7.0.4.09250	Trojan.MulDrop4.1379
Emsisoft Anti-Malware	3.0.0.569	Trojan.Win32.Cosmu.xje (A)
ESET NOD32	7.7690	Win32/AutoRun.Agent.VS
Fortinet	5.0.26.0	PossibleThreat
F-Prot	v6.4.6.5.141	W32/MalwareF.KHIO
F-Secure	9.0.17090.0	Win32.Worm.Autorun.VN
G Data	13.4.22	Win32.Worm.Autorun.VN
Ikarus	T3.1.1.122.0	Worm.Win32.AutoRun
Jiangmin	13.0.900	Win32/Generic.a
K7 AntiVirus	9.154.7847	EmailWorm
Kaspersky	9.0.0.837	Worm.Win32.AutoRun.hfp
Kingsoft	2012.9.22.155	Win32.Troj.Generic.ab
McAfee	5.400.1158	W32/Autorun.worm.gp
McAfee Gateway Anti-Malware	v2012.1-dat	Heuristic.BehavesLike.Win32.Suspicious.H
Microsoft Security Essentials	1.8904.0	Worm:Win32/Wecykler.A
eScan by MicroWorld	12.0.250.0	Win32.Worm.Autorun.VN
Norman	6.08.06	W32/AutoRun.BVNA
nProtect	2012-11-14.02	Worm/W32.Bnf.303104
Panda Antivirus	10.0.3.5	W32/Harakit.EY
PC Tools	8.0.0.5	Net-Worm.SillyFDC!rem
Rising Antivirus	24.36.01.05	Trojan.Win32.Generic.11F31F86
Sophos	4.83.0	W32/Autorun-BDV
SUPERAntiSpyware	5.6.0.1008	Trojan.Agent/Gen-WinAlert
Symantec	20121.2.1.2	W32.SillyFDC
Total Defense	37.0.10161	Win32/SillyAutorun.DCE
Trend Micro	9.561.0.1028	WORM_OTORUN.SMXY
Trend Micro HouseCall	9.700.0.1001	WORM_OTORUN.SMXY
Vba32 AntiVirus	3.12.18.3	Trojan.Win32.Cosmu.ngc
VIPRE Antivirus	13972	Worm.Win32.AutoRun.hfp (v)
ViRobot	2011.4.7.4223	Worm.Win32.AutoRun.364544.A

Resource utilization

(Note: statistics below are averages based on a minimum sample size of 200 unique participants)

Averages

CPU
Total CPU:	0.01661549%	0.028634%
Kernel CPU:	0.01587154%	0.013761%
User CPU:	0.00074395%	0.014873%
Kernel CPU time:	193,526 ms/min	100,923,805ms/min
Context switches:	665/sec	284/sec
Memory
Private memory:	4.74 MB	21.59 MB
Private (maximum):	2.99 MB
Private (minimum):	2.83 MB
Non-paged memory:	4.74 MB	21.59 MB
Virtual memory:	106.33 MB	140.96 MB
Virtual memory (peak):	110.22 MB	169.69 MB
Working set:	3 MB	18.61 MB
Working set (peak):	3.36 MB	37.95 MB
Resource allocations
Threads:	6	12
Handles:	2078	600
GUI GDI count:	5	103

Process properties

Integrety level:	Undefined
Platform:	32-bit
Command lines:	"C:\recycler\x-1-5-21-1960408961-725345543-839522115-1003\winsysapp.exe" "C:\program files\windows alerter\winalert.exe" "C:\program files\windows common files\commgr.exe"
Owner:	User
Parent process:	Explorer.EXE (Windows Explorer by Microsoft)

Distribution by Windows OS

OS version	distribution
Microsoft Windows XP	100.00%

Remove Adware and Spyware Programs, FREE Download!

Should I block it?