|
|
Startup Name
| Process Name
| Details |
| X | (Default) | media_driver.exe | "Added by the TUPEG VIRUS! Note - this malware actually changes the value data of the ""(Default)"" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
|
| X | (Default) | Shania.vbs | "Added by the SHANIA BACKDOOR! Note - this malware actually changes the value data of the ""(Default)"" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
|
| X | (Default) | NOTEPAD.exe | "Added by the RUSTY WORM! Note - not to be confused with the valid Windows ""NOTEPAD"" text editor! Note - this malware actually changes the value data of the ""(Default)"" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
|
| X | (Default) | [random filename].exe | "Added by the BLACKMAL WORM! Note - this malware actually changes the value data of the ""(Default)"" key in HKLM\Run and HKLM\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
|
| X | (Default) | twunk_32.exe | "Added by the BLACKMAL.C WORM! Note - this malware actually changes the value data of the ""(Default)"" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
|
| X | (Default) | winhelp.exe | "Added by the BLACKMAL.C WORM! Note - this malware actually changes the value data of the ""(Default)"" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
|
| X | (Default) | spolsvr2.exe | "Added by the EVILSOCK.10 TROJAN! Note - this malware actually changes the value data of the ""(Default)"" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
|
| X | (Default) | winbas12.exe | "Adware |
| X | (Default) | Systrsy.exe | "Added by the CDTRAY TROJAN! Note - this malware actually changes the value data of the ""(Default)"" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
|
| X | (Default) | llsass.exe | "Added by the PROXY-GG TROJAN! Note - this malware actually changes the value data of the ""(Default)"" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
|
| X | (Default) | syspol.exe | "Added by the DREMN-B TROJAN! Note - this malware actually changes the value data of the ""(Default)"" key in HKCU\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
|
| X | (default) | winlog.exe | "Added by the RBOT-CVY WORM! Note - this malware actually changes the value data of the ""(Default)"" key in HKLM\Run and HKLM\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
|
| X | (default) | "rundll32.exe [path to DLL file] | Do98Work" |
| X | (Default) | winligom.exe | "Added by the RBOT-GAI WORM! Note - this malware actually changes the value data of the ""(Default)"" key in HKCU\Run |
| X | (Default) | 5640.exe | "Added by the DOWNLD-ABF TROJAN! Note - this malware actually changes the value data of the ""(Default)"" key in HKCU\Run |
| X | (Default) | QQUpdate.exe | "Added by the QUADRULE.A WORM! Note - this malware actually changes the value data of the ""(Default)"" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
|
| X | (Default) | Mcafee.exe | "Added by the AGENT.AY TROJAN! Note - this is not a valid McAfee program and is located in %System%. This malware actually changes the value data of the ""(Default)"" key in HKCU\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
|
| X | (Default) | fada.exe | "Added by the VB.HEI TROJAN! Note - this malware actually changes the value data of the ""(Default)"" key in HKLM\Run |
| X | (Default) | Default.exe | "Added by the AUTORUN.BUK WORM! Note - this malware actually changes the value data of the ""(Default)"" key in HKLM\RunOnce & HKCU\RunOnce in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
|
| X | (Default) | KEYBOARD.exe | "Added by the AUTORUN.BUK WORM! Note - this malware actually changes the value data of the ""(Default)"" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
|
| X | (Default) | msarti.com | "Added by the SILLYFDC.CJ WORM! Note - this malware actually changes the value data of the ""(Default)"" key in HKLM\..\Policies\Explorer\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
|
| X | (Default) | msnupdate.exe | "Added by the RBOT-GWT BACKDOOR! Note - this malware actually changes the value data of the ""(Default)"" key in HKLM\Run & HKLM\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
|
| X | (Default) | xtreme.exe | "Added by the DROPR-CZ TROJAN! Note - this malware actually changes the value data of the ""(Default)"" key in HKLMRun in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
|
DISCLAIMER: It is assumed that users are familiar with the operating
system they are using and comfortable with making the suggested changes. I will
not be held responsible if changes you make cause a system failure.
This is
NOT a list of tasks/processes taken from
Task Manager or the
Close Program window (
CTRL+ALT+DEL) but a list of startup
applications, although you will find some of them listed via this method.
Pressing CTRL+ALT+DEL identifies programs that are currently running - not
necessarily at startup. For a list of tasks/processes you should try
WinTasks 5 Standard/Professional from LIUtilities or the list at
AnswersThatWork. Therefore, before ending a task/process via CTRL+ALT+DEL
just because it has an "X" recommendation, please check whether it's in MSCONFIG
or the registry first. An example would be "svchost.exe" - which doesn't appear
in either under normal conditions but does via CTRL+ALT+DEL. If in doubt, don't
do anything.
