Discover.exe is among the background processes that run when a computer is in operation. The process has the safety rating of a known malware and is not necessary for the operation of ones PC.
It is a member of the malware group or family known as Malware: RontoKBro T. The malware form it takes falls under EXPLOIT. It was first discovered in late January of 2006 and the approximate size of the process is 81,920 bytes. There are no specified vendor details or any vendor information, while the version information is 1.00.0004.
The common path name is %programfiles%\DISC. Further common file and path names for the process are %DOCUMENTS%\MY MUSIC\MY MUSIC.EXE, %DOCUMENTS%\DATA ADMINISTRATOR.EXE, ?:\A00000000 and % LOCALAPPDATA% \SERVICES.EXE.
The process path and file structure is suspicious, with an exceedingly high amount of path and file combinations. The relationship analysis of discover.exe shows that the objects created that are malicious are nine and the malicious creators are six. The run keys for the malware are created for the registry and are malware objects that are known. It generates replicas of itself. It can evade anti-virus detection from third party sources, as well as evading spyware detection from third party sources.
The activity analysis of discover.exe shows behavior such as installing programs, modified System Files that are vulnerable, creates entries for registry, known malware run keys are created, copies of itself are created, address books for email are inspected, and takes part in outbound communications. Other behaviors associated with the process are hijacking of running processes, running other programs, website communication via the use of http out protocols, the creation of run keys and invocation of DLL components and deletion of programs.
The propagation analysis of discover.exe shows a moderate propagation of the malware group, but it is spreading quickly. The process is linked to DISCover Drop from Digital Interactive Systems Corporation. Internet settings, CPU, and memory should be optimized through malware scans. The process has a low rating in harmful malware indices, but can exhibit behaviors akin to resource hogs and viruses. It is left to run on startup but is not a required file, as most of its processes may be run on a manual basis.
Malware can assume any name; therefore running processes in one’s disk should be checked regularly. High risk of infection by worms, Trojans, spyware and viruses are heightened when .exe files that are not system files are located in C:\Windows\System32 or C:\Windows folders.
Tags: discover, discover.exe, malicious process
I need a help, my pc when i removed the data administrator.exe but after 2 mins it will appear again… HELP