Should I block it?
Yes, 98% block recommendation.
Possible reason:
Multiple malware detections
commgr.exe
MD5: | 4e43e2a468d994e4ab0034aa1aee3c59 |
SHA1: | 3474e4c683a1b8440da2ae11b935848aecb47d7d |
SHA256: | 19a1400396af724bffb6ba1e11d118eff7d58573f9d3551fa8b32c486bbef830 |
Warning 40 antivirus scanners has detected malware.
Overview
commgr.exe is malware that executes as a process with the local user's privileges. It is set to be start when the PC boots and any user logs into Windows (added to the Run registry key for the all users under the local machine). This particular version is usually found on Microsoft Windows XP (5.1.2600.131072).
Details
File name: | commgr.exe |
Typical file path: | C:\program files\windows common files\commgr.exe |
Size: | 296 KB (303,104 bytes) |
Digital DNA |
PE subsystem: | Windows GUI |
File packed: | No |
Code language: | Microsoft Visual C++ 8.0 |
.NET CLR: | No |
More details
Behaviors
Startup files (all users) run
Runs under the registry key 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
- 'WindowMessenger' → C:\RECYCLER\X-1-5-21-1960408961-725345543-839522115-1003\WinSysApp.exe
Malware detections
Based on 40+ industry antivirus scanners, 40 of them detected the following malware.
Antivirus engine | Engine version | Detection |
Agnitum |
5.5.1.3 |
Trojan.Agent!S4mvQAkVS0M |
AhnLab V3 Internet Security |
2012.11.15 |
Worm/Win32.AutoRun |
Avira AntiVir |
7.11.50.14 |
Worm/Autorun.hfp |
avast! |
6.0.1289.0 |
Win32:AutoRun-BPH [Wrm] |
AVG |
2014.0.3629 |
Worm/Generic.BDKN |
BitDefender |
7.2 |
Win32.Worm.Autorun.VN |
CAT Quick Heal |
4.13.12.00 |
Worm.Autorun.WT |
Clam AntiVirus |
0.97.3.0 |
W32.Trojan.VB-13509 |
Commtouch |
5.3.2.6 |
W32/MalwareF.KHIO |
Comodo Internet Security |
14198 |
TrojWare.Win32.Cosmu.abf |
Dr.Web |
7.0.4.09250 |
Trojan.MulDrop4.1379 |
Emsisoft Anti-Malware |
3.0.0.569 |
Trojan.Win32.Cosmu.xje (A) |
ESET NOD32 |
7.7690 |
Win32/AutoRun.Agent.VS |
Fortinet |
5.0.26.0 |
PossibleThreat |
F-Prot |
v6.4.6.5.141 |
W32/MalwareF.KHIO |
F-Secure |
9.0.17090.0 |
Win32.Worm.Autorun.VN |
G Data |
13.4.22 |
Win32.Worm.Autorun.VN |
Ikarus |
T3.1.1.122.0 |
Worm.Win32.AutoRun |
Jiangmin |
13.0.900 |
Win32/Generic.a |
K7 AntiVirus |
9.154.7847 |
EmailWorm |
Kaspersky |
9.0.0.837 |
Worm.Win32.AutoRun.hfp |
Kingsoft |
2012.9.22.155 |
Win32.Troj.Generic.ab |
McAfee |
5.400.1158 |
W32/Autorun.worm.gp |
McAfee Gateway Anti-Malware |
v2012.1-dat |
Heuristic.BehavesLike.Win32.Suspicious.H |
Microsoft Security Essentials |
1.8904.0 |
Worm:Win32/Wecykler.A |
eScan by MicroWorld |
12.0.250.0 |
Win32.Worm.Autorun.VN |
Norman |
6.08.06 |
W32/AutoRun.BVNA |
nProtect |
2012-11-14.02 |
Worm/W32.Bnf.303104 |
Panda Antivirus |
10.0.3.5 |
W32/Harakit.EY |
PC Tools |
8.0.0.5 |
Net-Worm.SillyFDC!rem |
Rising Antivirus |
24.36.01.05 |
Trojan.Win32.Generic.11F31F86 |
Sophos |
4.83.0 |
W32/Autorun-BDV |
SUPERAntiSpyware |
5.6.0.1008 |
Trojan.Agent/Gen-WinAlert |
Symantec |
20121.2.1.2 |
W32.SillyFDC |
Total Defense |
37.0.10161 |
Win32/SillyAutorun.DCE |
Trend Micro |
9.561.0.1028 |
WORM_OTORUN.SMXY |
Trend Micro HouseCall |
9.700.0.1001 |
WORM_OTORUN.SMXY |
Vba32 AntiVirus |
3.12.18.3 |
Trojan.Win32.Cosmu.ngc |
VIPRE Antivirus |
13972 |
Worm.Win32.AutoRun.hfp (v) |
ViRobot |
2011.4.7.4223 |
Worm.Win32.AutoRun.364544.A |
Resource utilization
(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
CPU |
Total CPU: | 0.01661549% | |
Kernel CPU: | 0.01587154% | |
User CPU: | 0.00074395% | |
Kernel CPU time: | 193,526 ms/min | |
Context switches: | 665/sec | |
Memory |
Private memory: | 4.74 MB | |
Private (maximum): | 2.99 MB | |
Private (minimum): | 2.83 MB | |
Non-paged memory: | 4.74 MB | |
Virtual memory: | 106.33 MB | |
Virtual memory (peak): | 110.22 MB | |
Working set: | 3 MB | |
Working set (peak): | 3.36 MB | |
Resource allocations |
Threads: | 6 | |
Handles: | 2078 | |
GUI GDI count: | 5 | |
Process properties
Integrety level: | Undefined |
Platform: | 32-bit |
Command lines: |
- "C:\recycler\x-1-5-21-1960408961-725345543-839522115-1003\winsysapp.exe"
- "C:\program files\windows alerter\winalert.exe"
- "C:\program files\windows common files\commgr.exe"
|
Owner: | User |
Parent process: | Explorer.EXE (Windows Explorer by Microsoft) |
Distribution by Windows OS
OS version | distribution |
Microsoft Windows XP |
100.00% |
|