| X |
Wintime |
Wintime.exe | "Added by the HARNIG TROJAN!"
|
| U |
WinTime |
wintime.exe | "WinTime - change desktop icons' color and font"
|
| N |
Wintime Wtxpload |
Wxpload.exe Wintime | "Part of the software to support a Dexxa USB graphics tablet. From a visitor - "This gets started anyway when you plug in the USB connector for the graphics tablet |
| X |
WinTimer |
msupdate.cmd | "Hijacker - detected by Kaspersky as the STARTPAGE.TJ TROJAN!"
|
| X |
Wintl |
msdred.exe | Identified as a variant of the Trojan-Spy.Win32.Agent.cch malware
|
| X |
wintnask32.exe |
wintnask32.exe | "Added by the RBOT-AFP WORM!"
|
| X |
wintnl.exe |
wintnl.exe | "Added by a variant of the ZOTOB.K WORM!"
|
| X |
wintnpx.exe |
wintnpx.exe | "Added by the ZOTOB.H WORM!"
|
| X |
WinTools |
WToolsA.exe | "Wintools adware"
|
| N |
WinTOTAL Scheduler |
guru.exe | WinTOTAL Real estate appraisal software related
|
| X |
WinTouch |
WinTouch.exe | "Detected by Kaspersky as the AGENT.BUO TROJAN!"
|
| X |
WinTray |
wintray.exe | "Added by the LEGUARDIEN.B TROJAN!"
|
| X |
wintsk32dll |
wintsk32dll.exe | "Added by the RBOT-AAJ WORM!"
|
| X |
winudll.exe |
winudll.exe | "Added by the MITGLIE-CE TROJAN!"
|
| X |
winui |
z.exe | "Added by the KONDELI TROJAN!"
|
| X |
WinUp |
svchost.exe | "Added by the SILLY.BR WORM! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This file is located in a ""4350"" sub-folder"
|
| X |
winupated.exe |
winupated.exe | "Added by a variant of the SDBOT WORM!"
|
| X |
winupd |
"RUNDLL32.EXE [random value].dll | _mainRD" |
| X |
winupd |
winupd.exe | "SearchNew adware"
|
| X |
winupd.exe |
winupd.exe | "Added by the BEAGLE.M or BEAGLE.N WORMS!"
|
| X |
WinUPD32 |
explorer.exe | "Added by an unidentified VIRUS |
| X |
winupdat |
winupdat.exe | "Added by the CANBOT.A WORM!"
|
| X |
WinUpdate |
RBSKQQBO.EXE | "Added by the VBSWG2B.A WORM!"
|
| X |
WinUpdate |
wmbem.exe | "Added by the REVCUSS.B TROJAN!"
|
| X |
WinUpdate |
updsys.exe | "Added by a variant of the RBOT WORM!"
|
| X |
winupdate |
winupdate.exe | "Added by the ALCAN.B WORM!"
|
| X |
WinUpdate |
svhost.exe | "Added by a variant of the SDBOT WORM!"
|
| X |
WinUpdate |
svchots.exe | "Added by the SMALL.GXJ TROJAN!"
|
| X |
winupdate |
jusched.exe | "Added by the DWNLDR-FUX TROJAN! Note that this is not the legitimate Sun Microsystems file (of the same name) which is usually located in %Program Files%\Java\version number\bin. This one is located in %Windir%"
|
| X |
Winupdate |
lsas.exe | "Added by the COSPET.JR TROJAN!"
|
| X |
Winupdate Engine |
wupeng.exe | "MalwareCrush rogue security software - not recommended |
| X |
WinUpdate Loader |
msnnm.exe | "Added by the REVCUSS.C TROJAN!"
|
| X |
Winupdate Service |
winxp.exe | "Added by the SPYBOT.IR WORM!"
|
| X |
winupdate.exe |
winupdate.exe | "Added by the RADO TROJAN!"
|
| X |
winupdate.reg |
winupdate.exe | "Added by the SPYBOT.EAS WORM!"
|
| X |
winupdate2846 |
vbsystem35.exe msvbrun.exe | "Added by a variant of the MUTIN-C TROJAN!"
|
| X |
winupdate86.exe |
winupdate86.exe | "Added by the FAKEAV-AHQ TROJAN!"
|
| X |
WinUpdateAdministrator |
CSRSS.EXE | "Added by the PUNYA-A WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in C:\Application Data\WINDOWS"
|
| X |
WinUpdateB |
breatle.exe | "Added by the BRATLE.AWORM!"
|
| X |
winupdateconn |
[path to file] | "Added by the COMBRA-A WORM!"
|
| X |
winupdateconn_ |
Explorer.EXE | "Added by the COMBRA-B WORM! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%"
|
| X |
Winupdatee |
winsvcc.exe | "Added by the AGENT.AN TROJAN!"
|
| X |
winupdatefiv_ |
[path to file] | "Added by the COMBRA.C WORM!"
|
| U |
WinUpdateProtection |
csrss.exe | "EmployeeWatch is a commercial surveillance software program designed to monitor user activity on a computer. Note - this is not the same file as the csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a subfolder of C:\windowsupdate\ufp"
|
| X |
WinUpdater |
update.exe | "Added by the STARTPAGE.C TROJAN!"
|
| X |
winupdates |
winupdates.exe | "Added by the ALCRA-B WORM!"
|
| X |
winupdate_ |
[path to file] | "Added by the COMDOR.A WORM!"
|
| X |
WinUpdating |
WinUpdating.exe | "Added by the AGENT-GSC TROJAN!"
|
| X |
WinUPDbc |
winupdbc.exe | "Added by the BANKER-DSN TROJAN!"
|
| X |
WinUpdsv |
winupdsv.exe | "Added by the DROPO MACRO!"
|
| X |
winupdt |
RUNDLL32.EXE [random.dll] | "Added by the MABUT.A WORM! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The random DLL file is found in the Windows or Winnt folder"
|
| X |
winupdtl |
winupdtl.exe | "SecondThought adware"
|
| X |
WinUpgrader |
[path to trojan] | "Added by the AGENT-DZ TROJAN!"
|
| X |
WinUPPD.exe |
[random filename] | Added by an unidentified WORM/TROJAN!
|
| X |
winur |
winrun.exe | "Added by the WINUR.B WORM!"
|
| X |
winusb.dll |
winguard.exe | "Added by the FORBOT-CN WORM!"
|
| X |
WinUser32K |
usr32wink.exe | Added by the HK TROJAN!
|
| X |
WinUsr |
WinUsr.exe K1S2 | "Added by the CLUNK.A WORM!"
|
| U |
WinUtilities Memory Optimizer |
ToolMemoryOptimizer.exe | """WinUtilities Memory Optimizer optimizes the memory management of your system and boost-up its performance amazingly!"" MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mind"
|
| X |
Winux Piriax Service |
PH32.EXE | "Added by the RANDEX.G WORM!"
|
| X |
winversion |
winversion.exe | "Browser hijacker |
| U |
WinVNC |
WinVNC.exe | "WinVNC is an application that allows you to remote control your PC from another PC somewhere on the internet. Now superseded by RealVNC"
|
| X |
WinVNC |
iexplorer.exe | "Added by the EVIVINC BACKDOOR! Note - this is not the legitimate Internet Explorer (iexplore.exe)"
|
| X |
winvxd32 |
winvxd32.exe | "Added by the GABLOLIZ.A WORM!"
|
| X |
winwan lptt01 |
winwan.exe | "RapidBlaster variant (in a ""Winwan"" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here"
|
| X |
winwan ml097e |
winwan.exe | "RapidBlaster variant (in a ""Winwan"" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here"
|
| X |
WinwebSecurity |
WinwebSecurity.exe | "Winweb Security rogue security software - not recommended |
| X |
winword |
winword.exe | "Added by the TORPID-C TROJAN!"
|
| X |
WINWORD.exe |
WINWORD.exe | "Added by the DRIVUS TROJAN! Note - this is not the legitimate MS Word process of the same name |
| X |
WinWorks |
vstmgr.exe | "Added by the AGOBOT.ACJ WORM!"
|
| X |
winwsl.exe |
winwsl.exe | "Added by the ZOTOB-J WORM!"
|
| X |
WinX Security Center |
WinX Security Center.exe | "WinX Security Center rogue security software - not recommended |
| X |
WINX16 |
winx16.exe | "Added by the AGOBOT-LS WORM!"
|
| X |
WinXDefender |
WinXDefender.exe | "WinXDefender rogue spyware remover - not recommended |
| X |
WinxDiagUpdate |
WinxDiagUpdate | "Added by the RBOT.BWQ BACKDOOR!"
|
| X |
winXP |
33.exe | "Added by the ANPES WORM!"
|
| X |
WinXP |
plugin1.exe | Added by the Downloader-JW TROJAN!
|
| X |
WinXP |
csrss.exe | "Added by the BANCOS-AG TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %ProgramFiles%\WinXP\Tools"
|
| X |
winxp |
winxp.exe | "Added by the BRONTOK-DN WORM!"
|
| X |
WinXP fix |
[path to file] | "Added by the RANKY.P TROJAN!"
|
| X |
WinXP Processor Generator v1.2 |
intspnsr32.exe | "Added by the SDBOT.LP WORM!"
|
| X |
Winxp update |
Cappp.exe | "Added by the RBOT.DKO WORM!"
|
| X |
WinXp Updater |
winxp32.exe | "Added by the RBOT-HG WORM!"
|
| X |
WinXP-98 |
CSRSS.exe | "Added by the BANKER-DS TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %ProgramFiles%\WinXP-98\Tools"
|
| X |
winxpdll32.exe |
winxpdll32.exe | Added by a variant of the SMALL downloader TROJAN!
|
| X |
WinXPHome |
plugin2.exe | "Added by the malicious INOR.T SCRIPT!"
|
| U |
WinXPLoad |
"Rundll32 LoadDll | LoadExe WinXPLoad.exe" |
| X |
WinXProtector |
WinXProtector.exe | "WinXProtector rogue security software - not recommended |
| X |
WinXPService |
lsass.exe | "Added by the ZAPCHAS-AS TROJAN! Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ""Lavan"" subfolder"
|
| X |
WinXPService |
taksmgr.exe | Identified as a variant of the IRC/Flood.tool malware
|
| X |
WinXPService |
Tskdbg.exe | "Added by the MDROP-BPQ TROJAN!"
|
| X |
WinXPService |
ctfmon.exe | "Added by a variant of the IRCBOT BACKDOOR! Note - this is not the legitimate ctfmon.exe process associated with alternate text inputs which is always located in %System%. This one is located in a ""ctf"" sub-folder"
|
