| X | LiveUpdate32 | services.exe | "Added by the VB.BAU BACKDOOR! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\isas"
|
| X | Livre | Dibane.bat | "Added by the BANEDI VIRUS!"
|
| X | lk3h1 | [path to file] | "Added by the MOSUCK-G TROJAN!"
|
| N | LM Status | LMSTATUS.EXE | Xerox WorkCenter XE - language monitor status application
|
| N | LMSTATUS | LMSTATUS.EXE | Xerox WorkCenter XE - language monitor status application
|
| X | lnternet Update | lExplore.exe | "Added by the RBOT-GRH WORM! Note - the executable is spelt with a lower case ""L"" rather than an lower or upper case ""i"" which is the case with Internet Explorer"
|
| X | load | [path to worm] | "Added by the KELVIR.AI WORM!"
|
| X | load | Internat.exe | "Added by the WOWCRAFT TROJAN!"
|
| X | load | KHATRA.exe | "Added by the ORBINA-A WORM!"
|
| U | load= | asistat.exe | Status monitor for an NEC SuperScript printer
|
| X | load= | msater.exe | "Added by the RETSAM TROJAN!"
|
| ? | Load= | wtfeat.exe | "Associated with the Wintab Digitizer"
|
| X | loaddr | [path to trojan] | "Added by the AGENT-DIY TROJAN!"
|
| X | LoadOrderVerification | [random filename] | "Added by the TRON.A TROJAN!"
|
| ? | LoadWatcher | Test.exe | "Reportedly part of a webcam surveillance program that's supposed to test SMTP dialling in the event of an alert? Is this correct?"
|
| X | LoadWatcher | watcher.exe | "Watcher spyware"
|
| X | Local Service | Intenat.exe | "Added by the NUCLEAR-J TROJAN!"
|
| X | Locator Service | [filename] | "Added by the AGOBOT-KY TROJAN!"
|
| X | login | [path to trojan] | "Added by the HOTWORD-A TROJAN!"
|
| X | Login Service | [path to file] | "Added by the MIGMAF TROJAN!"
|
| Y | Logitech | Communications_Helper.exe | "Entry added when you install versions of the Logitech QuickCam webcam software. Used to interface your webcam with third party chat and voice programs such as instant messaging clients and Skype. Also |
| N | Logitech . Product Registration | eReg.exe | "Registration reminder from Leader Technologies for Logitech software such as SetPoint for their range of wired and wireless keyboards and pointing devices (mice |
| Y | LogitechCommunicationsManager | Communications_Helper.exe | "Entry added when you install versions of the Logitech QuickCam webcam software. Used to interface your webcam with third party chat and voice programs such as instant messaging clients and Skype. Also |
| Y | LogitechRegisterVideoApplications | InstallHelper.exe | Entry added when you install versions of the Logitech QuickCam webcam software and used to register video applications that can use the webcam on the first reboot after installing the software
|
| N | LogitechSoftwareUpdate | ManifestEngine.exe | "Automatic updater for versions of Logitech QuickCam webcam software. Check for updates via the System Tray icon - see the LogitechVideoTray entry"
|
| X | Logo | [path to trojan] | "Added by the DLOADER-RH TROJAN!"
|
| X | LogonAdministrator | imoet.exe | "Added by the RAHIWI.A WORM!"
|
| X | LogonAdministrator | CSRSS.EXE | "Added by the KORRON.B WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in Documents and Settings\<User>\Local Settings\Application Data\WINDOWS"
|
| U | LogWatch | logwat95.exe | Licensing patch for products installed on NT by Computer Associates such as eTrust. Detects and updates old versions of lic98.dll. Not required if you already have a newer version or the patch has been applied
|
| N | LowRateVoip | LowRateVoip.exe | "LowRateVoip - free internet telephony utility using the VoIP (Voice over Internet Protocol). Call online friends for free and regular phones either for free (limited use) or low rates. One of a number provided by Betamax - the others generally have different rate plans. Similar to the more popular Skype"
|
| X | lsass | start.bat | "Added by the ZCREW TROJAN!"
|
| X | lsass | [path to lsass.exe] | "Added by the ALADINZ.F TROJAN! Note - this is not the legitimate lasss.exe process which should NOT appear in Msconfig/Startup!"
|
| X | LsasS | Sygate.exe | "Added by the SDBOT.BCA WORM!"
|
| X | lsass2k Update | lsass2k.exe | "Added by a variant of the RBOT WORM!"
|
| Y | lsburnwatcher | lsburnwatcher.exe | "HP software which helps one create labels after a music CD is burned using LightScribe discs. If you want to use LightScribe labeling |
| Y | LSBWatcher | lsburnwatcher.exe | "HP software which helps one create labels after a music CD is burned using LightScribe discs. If you want to use LightScribe labeling |
| X | LTM2 | winupdate.exe | "Added by the LITMUS.203 TROJAN!"
|
| X | ltwob | formatsys.exe | "Added by the SERFLOG.A WORM!"
|
| Y | LXBSCATS | "rundll32 [path] LXBStime.dll | _RunDLLEntry@16" |
| Y | LXBTCATS | "rundll32 [path] LXBTtime.dll | _RunDLLEntry@16" |
| Y | LXBUCATS | "rundll32 [path] LXBUtime.dll | _RunDLLEntry@16" |
| Y | LXBXCATS | "rundll32 [path] LXBXtime.dll | _RunDLLEntry@16" |
| Y | LXBYCATS | "rundll32 [path] LXBYtime.dll | _RunDLLEntry@16" |
| Y | LXCCCATS | "rundll32 [path] LXCCtime.dll | _RunDLLEntry@16" |
| U | LXCDCATS | "rundll32 [path] LXCDtime.dll | _RunDLLEntry@16" |
| Y | LXCECATS | "rundll32 [path] LXCEtime.dll | _RunDLLEntry@16" |
| Y | LXCFCATS | "rundll32 [path] LXCFtime.dll | _RunDLLEntry@16" |
| Y | LXCGCATS | "rundll32 [path] LXCGtime.dll | _RunDLLEntry@16" |
| Y | LXCJCATS | "rundll32 [path] LXCJtime.dll | _RunDLLEntry@16" |
| Y | LXCQCATS | "rundll32 [path] LXCQtime.dll | _RunDLLEntry@16" |
| Y | LXCRCATS | "rundll32 [path] LXCRtime.dll | _RunDLLEntry@16" |
| Y | LXCTCATS | "rundll32 [path] LXCTtime.dll | _RunDLLEntry@16" |
| Y | LXCYCATS | "rundll32 [path] LXCYtime.dll | _RunDLLEntry@16" |
| Y | LXDBCATS | "rundll32 [path] LXDBtime.dll | _RunDLLEntry@16" |
| Y | LXDCCATS | "rundll32 [path] LXDCtime.dll | _RunDLLEntry@16" |
| Y | LXDDCATS | "rundll32 [path] LXDDtime.dll | _RunDLLEntry@16" |
| Y | LXDICATS | "rundll32 [path] LXDItime.dll | _RunDLLEntry@16" |
| U | LXDJCATS | "rundll32 [path] LXDJtime.dll | _RunDLLEntry@16" |
| X | LzioMediaUpdater | LzioMediaUpdater.exe | "LZIO.com adware downloader"
|
| X | M1cr0s0ft Upd4t4zS | update32.exe | "Added by the RBOT-MI WORM!"
|
| U | MacDrive application | MacDrive.exe | "MacDrive 7 from Mediafour Corporation - ""enables anyone using Windows Vista |
| ? | MacDrive7.0.4TimeOutPatch | TimeOutPatch.EXE | "Part of MacDrive 7 from Mediafour Corporation - ""enables anyone using Windows Vista |
| X | Macfee Security Patch | Mpfsheild.exe | "Added by the RBOT-NP WORM!"
|
| X | Machine Update Soft | wusas.exe | Added by an unidfentified WORM!
|
| X | Macromedia Critical Updater | rarww.exe | "Added by a variant of the RBOT WORM!"
|
| X | Macromedia Flash Update | scvhost.exe | "Added by a variant of the RBOT WORM!"
|
| N | Macrovision Update Service | issch.exe | "InstallShield is used by a number of software producers to install their programs and manage software updates. This entry runs scheduled searches for and performs any updates to supported installed software so you're always working with the most current version. Manually check for software updates for installed programs on a regular basis"
|
| N | Macrovision Update Service | ISUSPM.exe | "InstallShield is used by a number of software producers to install their programs and manage software updates. This entry searches for and performs any updates to supported installed software so you're always working with the most current version. Manually check for software updates for installed programs on a regular basis"
|
| U | MagicFormation | MagicFormation.exe | "MagicFormation from Tokyo Downstairs - a docking program that allows you to group icons in a ring anywhere on the desktop using mouse gestures to access things like My Documents |
| U | MagicFormation.exe | MagicFormation.exe | "MagicFormation from Tokyo Downstairs - a docking program that allows you to group icons in a ring anywhere on the desktop using mouse gestures to access things like My Documents |
| X | MailBlocker | [path to trojan] | "Added by the AGENT-LRJ TROJAN!"
|
| Y | MailScan Dispatcher | Launch.exe | "MicroWorld MailScan Dispatcher splits each e-mail message into various components such as the header |
| X | Malware Catcher 2009 | MCatcher.exe | "Malware Catcher 2009 rogue security software - not recommended |
| X | Mascro soft SDK updates2 | SDKrepair2.exe | "Added by the SDBOT.BXM WORM!"
|
| X | Master Card Updaate 32 | Mastercard32.exe | "Added by a variant of the RBOT WORM!"
|
| U | Matador | mlfbuddy.exe | "MailFrontier - anti-spam application"
|
| U | Matador | mantispm.exe | "MailFrontier Desktop (Matador) email spam blocker software"
|
| U | Matrix Screen Locker | matrix.exe | "Matrix Screen Locker is a system tray application that allows for quick and secure PC lock when you wish. The screen does a ""matrix style"" scrolling characters effect when the lock is running"
|
| X | MatrixScreen | [filename] | "Added by the MATRIXSCREEN TROJAN!"
|
| X | MatrixScreenSaver | mss.exe | Unidentified malware
|
| N | Matrox Color Control | hgcctl95.exe | For Matrox video cards. Quick access to changing colors
|
| N | Matrox Control Center | mgactrl.exe | For Matrox video cards. Quick access to settings
|
| N | Matrox Diagnostic | mgadiag.exe | For Matrox video cards. Quick access to diagnostics
|
| N | Matrox Powerdesk | PDesk.exe | """Matrox PowerDesk software provides extra multi-display desktop management controls"""
|
| N | Matrox PowerDesk 8 | matrox.powerdesk.exe | """Matrox PowerDesk software provides extra multi-display desktop management controls"""
|
| N | Matrox PowerDesk SE | Matrox.PowerDesk SE.exe | "Matrox PowerDesk SE - multi-display desktop management controls"
|
| N | Matrox QuickDesk | mgaqdesk.exe | For Matrox video cards. Quick access to tweak your card to your liking
|
| X | Mcafee Antivirus Monitoring System326 | VSStatmn326.exe | "Added by a variant of the SDBOT WORM!"
|
| X | Mcafee Antivirus Monitoring System32mn | VSStatmn32.exe | "Added by a variant of the RBOT WORM!"
|
| Y | McAfee Application Installer | mcappins.exe | Used by older versions of McAfee internet security related products to clean up installation files that are no longer required once the product is installed. This entry will normally only appear once the product has been installed before the system is rebooted
|
| U | McAfee Backup | McAfeeDataBackup.exe | "McAfee Online Backup (formerly Data Backup) - ""takes the hassle out of manually backing up all of your valuable digital files - from Microsoft Outlook email and contacts to treasured family photos"". Available as a stand-alone product or included in Internet Security and Total Protection"
|
| U | McAfee Backup and Restore | McAfeeDataBackup.exe | "McAfee Online Backup (formerly Data Backup) - ""takes the hassle out of manually backing up all of your valuable digital files - from Microsoft Outlook email and contacts to treasured family photos"". Available as a stand-alone product or included in Internet Security and Total Protection"
|
| U | McAfee Data Backup | LogOnHook.exe | "Part of McAfee Data Backup (now Online Backup) - which ""takes the hassle out of manually backing up all of your valuable digital files - from Microsoft Outlook email and contacts to treasured family photos"". Available as a stand-alone product or included in Internet Security and Total Protection. The exact purpose of this entry is unknown at present but it unloads after startup"
|
| U | McAfee Data Backup | McAfeeDataBackup.exe | "McAfee Data Backup (now Online Backup) - ""takes the hassle out of manually backing up all of your valuable digital files - from Microsoft Outlook email and contacts to treasured family photos"". Available as a stand-alone product or included in Internet Security and Total Protection"
|
| U | McAfee Online Backup | MOBKstat.exe | "System Tray access to McAfee Online Backup (formerly Data Backup) - ""takes the hassle out of manually backing up all of your valuable digital files - from Microsoft Outlook email and contacts to treasured family photos"". Available as a stand-alone product or included in Internet Security and Total Protection"
|
| U | McAfee Online Backup Status | MOBKstat.exe | "System Tray access to McAfee Online Backup (formerly Data Backup) - ""takes the hassle out of manually backing up all of your valuable digital files - from Microsoft Outlook email and contacts to treasured family photos"". Available as a stand-alone product or included in Internet Security and Total Protection"
|
| Y | McAfee SecurityCenter | McUpdate.exe | Automatic virus definition and software updates/upgrades for older versions of McAfee VirusScan and the now obsolete McAfee VirusScan Online
|
| U | McAfee.InstantUpdate.Monitor | RuLaunch.exe | "Instant Updater for McAfee's VirusScan |
| U | McAfeeDataBackup | McAfeeDataBackup.exe | "McAfee Online Backup (formerly Data Backup) - ""takes the hassle out of manually backing up all of your valuable digital files - from Microsoft Outlook email and contacts to treasured family photos"". Available as a stand-alone product or included in Internet Security and Total Protection"
|
| Y | McAfeeUpdaterUI | UpdaterUI.exe | McAfee common updater user interface
|
| Y | McAfeeUpdaterUI | UdaterUI.exe | Updater user interface for McAfee's VirusScan Enterprise corporate anti-virus and anti-spyware security tool
|
| X | Mcrosoftr Update | Mcrosoftr.exe | "Added by a variant of the RBOT WORM!"
|
| Y | McUpdate | McUpdate.exe | Automatic virus definition and software updates/upgrades for older versions of McAfee VirusScan and the now obsolete McAfee VirusScan Online
|
| Y | MCUpdateExe | McUpdate.exe | Automatic virus definition and software updates/upgrades for older versions of McAfee VirusScan and the now obsolete McAfee VirusScan Online
|
| X | MCX Update | wisp.exe | "Added by the RBOT-AQH WORM!"
|
| X | mdetect | [path to trojan] | "Added by the SPABOT TROJAN!"
|
| U | Media Codec Update Service | update.exe | "Windows Essentials Codec Pack 1.0 is a collection of the most commonly needed video and audio codecs. This program allows keeps these codecs updated"
|
| X | Media Gateway | MediaGateway.exe | "WindUpdates MediaPass adware"
|
| X | Media Player Update | xpsp1mfh.exe | "Added by a variant of the RBOT WORM!"
|
| X | Media Software UPdater | sscs.exe | "Added by the RBOT-ABE WORM!"
|
| X | MEDIA32 | [path to trojan] | "Added by the PURSCAN-Z TROJAN!"
|
| N | MediaFace Integration | Sethook.exe | "Fellowes Neato® cd label design software. ""Launch NEATO's MediaFACE II label making software directly from the productname toolbar"""
|
| U | Mediafour Mac Volume Notifications | MACVNTFY.EXE | "Part of MacDrive 6 CrossStripe Edition from Mediafour Corporation - ""a perfect way to share files between Mac OS and Windows."" Unlike the standard version of MacDrive 7 |
| U | Mediafour XPlay Tray Notification Icon | Xptryicn.exe | "Mediafour Xplay - allows you to use an Apple iPod digital music player with a PC running Windows. If not used regularily start manually before connecting the iPod"
|
| U | Mediafour XPlay Tray Notification Icon | Xptryicn.exe | "Xplay 2 from Mediafour Corporation - ""expands what you can do with any iPod |
| X | MediaPath | Proyecto1.exe | "Added by the GRUEL WORM!"
|
| X | MediaPath | Root.exe | "Added by the GRUEL WORM!"
|
| X | MediaPlayeS | MediaPlayer_update.exe | "Added by the STARTER-K TROJAN!"
|
| X | Memory Allocation Host | cihost.exe | "Detected by Avast as a variant of the IRCBOT-CHZ WORM!"
|
| X | Memory Allocation Server | ciserv.exe | Added by an unidentified malware
|
| X | Memory Allocation Services | cisrv.exe | "Added by the IRCBOT.FC BACKDOOR!"
|
| X | Memory relocation service | reloc32.exe | "Added by the RELFEERWORM!"
|
| N | Memory Stick Monitor | MSTAT.exe | "Used with the Sony floppy disk adapter for memory sticks |
| U | Memory Stick Monitor | MSstat.exe | Sony/SmartDisk memorystick-floppydisk-adapter software - allows you to read memorysticks in a normal floppydrive
|
| X | Memory Watcher | MemoryWatcher.exe | "MemoryWatcher spyware"
|
| X | Messenger Gateway | msmgs.exe | "Added by the AGENT-IGK TROJAN!"
|
| X | Messenger Service Updater | svshost.exe | "Added by the MYTOB.GC WORM!"
|
| X | Micosoft Data Core | runservice.exe | "Added by the IRCBOT.BK WORM!"
|
| X | Micosoft Data Core stuff | svshosts.exe | "Added by the RBOT.FZA WORM!"
|
| X | Micr Update | soundblaster.exe | "Added by the SDBOT.NP WORM!"
|
| X | Micr Update System | upwin.exe | "Added by the SDBOT.YS WORM!"
|
| X | Micrcoft Updat | spoolsae.exe | "Added by the RBOT-AIB WORM!"
|
| X | Micrcoft Updat | spoolsaex.exe | "Added by the RBOT-AJM WORM!"
|
| X | Micrcoft Updat | Internet.exe | "Added by the RBOT-ANA WORM!"
|
| X | Micrcsoft Certificate Services | cflmon.exe | "Added by the RBOT-FWV WORM!"
|
| X | Micro Office | [path to trojan] | "Added by the BANCBAN-QC TROJAN!"
|
| X | Micro Update | dailin.exe | "Added by the RBOT-ER WORM!"
|
| N | microAttuneDownload | atmdlusr.exe | "Application Launcher |
| U | MicroDialler | atdialler1.exe | "Part of the Freeserve Connection Kit - changes the dial-up for Freeserve AnyTime if access problems are encountered"
|
| X | Microfot Update | winldx32.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microft Update 32 | winssx.exe | "Added by the RBOT-AQS WORM!"
|
| X | Micromedia Flash Update | wdfmrg.exe | "Added by a variant of the SDBOT WORM!"
|
| X | Micromedia Flash Update | xptxt.exe | "Added by the RBOT-GAB WORM!"
|
| X | Microoft Timing | pupdate.exe | "Added by a variant of the RBOT WORM!"
|
| X | MICROSFT ANTIVIRUS UPDATE SUPPORT | [random 10-letter filename].EXE | "Added by the RBOT-AQA WORM!"
|
| X | MICROSFT ANTIVIRUS UPDATE SUPPORT | MSGUPDATED.EXE | "Added by the RBOT-APZ WORM!"
|
| X | Microsft Corporation Version 2001.12.4414 | comrel.exe | "Added by a variant of the SDBOT TROJAN!"
|
| X | Microsft Corporation Version 2002.12.2414 | comserv.exe | "Added by a variant of the SLAPER TROJAN!"
|
| X | MICROSFT MX UPDATE SUPPORT | taskmngrs.exe | "Added by the RBOT-AUZ WORM!"
|
| X | MICROSFT MX UPDATE SUPPORT | winmx32.EXE | "Added by the IRCBOT-FD WORM!"
|
| X | MICROSFT RAMA UPDATE SUPPORT | [random filename] | "Added by the RBOT-ASM or RBOT-AUW WORMS!"
|
| X | MICROSFT RAMA UPDATE SUPPORT | MSN32.EXE | "Added by the RBOT-AWJ WORM!"
|
| X | MICROSFT RAMA UPDATE SUPPORT | mtakthmyn.EXE | "Added by the RBOT-AUJ WORM!"
|
| X | MICROSFT RAMA UPDATE SUPPORT | MSGUPDAT32.EXE | "Added by the RBOT-BBB WORM!"
|
| X | microsft windows updates | mwupdate32.exe | "Added by a variant of the TOXBOT/CODBOT WORM!"
|
| X | Microsof Value | nmatt.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft | MSUPDATE.exe | Added by an unidentified WORM or TROJAN!
|
| X | Microsoft | updater.exe | "Added by the RBOT-GHP WORM!"
|
| X | Microsoft | internetdat.exe | "Added by the RBOT.ETY BACKDOOR!"
|
| X | Microsoft | MicrosoftCorporation.exe | "Added by the KILLFILES.AED TROJAN!"
|
| X | Microsoft (C) HTML Application host | [random filename] | "Added by the RBOT-YB WORM!"
|
| X | Microsoft (R) Windows Configuration Backup Service | svchost.exe | "Added by the RANKY.X TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in either a ""config"" |
| X | Microsoft (R) Windows Network Latency Controller | 1.tmp | "Added by a generic password stealer TROJAN - see here"
|
| X | Microsoft (R) Windows Network Latency Controller | nlc.exe | "Added by a generic password stealer TROJAN - see here"
|
| X | Microsoft (R) Windows Network Latency Controller | sp2vc.exe | "Added by a generic password stealer TROJAN - see here"
|
| X | Microsoft (R) Windows Protected Content Restoration Service | services.exe | "Added by the AGENT.AGV BACKDOOR! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\etc"
|
| X | Microsoft (R) Windows TCP/IP Socket Driver | [path to trojan] | "Added by the PROXY-DD TROJAN!"
|
| X | Microsoft (R) Windows Update Service | wuauclt.exe | "Added by a variant of the SDBOT WORM! Note - this is not the legitimate wuauclt.exe process |
| X | Microsoft (R) Windows Vista/NT Runtime Compatibility Service | nrcs.exe | "Added by the RANKY.X TROJAN!"
|
| X | Microsoft .NET Confingurator | msnconf.exe | "Added by an unidentified VIRUS |
| X | Microsoft 16Bit Update | wuapdate16.exe | "Added by the RBOT.CZ WORM!"
|
| X | Microsoft 64 Bit Runtime Updater | wupdt64.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft ActiveX Debugger NT | [path to trojan] | "Added by the BANCOS-DO TROJAN!"
|
| X | Microsoft Ansti Update | msie.exe | "Added by the RBOT-LE WORM!"
|
| X | Microsoft Application Center | mappc.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Application Manager | msapl32.exe | "Added by the BROPIA-AE TROJAN!"
|
| X | Microsoft AUT Update | MSlti32.exe | "Added by the RBOT-X WORM!"
|
| X | Microsoft AUT Update | MSlti16.exe | "Added by the RBOT.EB WORM!"
|
| X | Microsoft auto update | winupdate.exe | "Added by the BMBOT TROJAN!"
|
| X | Microsoft Auto Update | WINHLP16.EXE | "Added by the RBOT.GY WORM!"
|
| X | Microsoft auto update | wuauclt.exe | "Added by the CULT-B TROJAN! Note - this is not the legitimate wuauclt.exe process |
| X | Microsoft Automatic Update Serivce | msautou.exe | "Added by the RBOT-AOB WORM!"
|
| X | Microsoft Automatic Updater | Explorer.exe | "Added by the RBOT-SG WORM! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%"
|
| X | Microsoft AutoUpdater | svhost.exe | "Added by the RBOT.QG WORM!"
|
| X | Microsoft Calculator | calc.exe | "Added by a variant of the IRCBOT TROJAN!"
|
| X | Microsoft Configoration Service | msconfigs.exe | "Added by the RBOT-ETT WORM!"
|
| X | Microsoft Configuration | msconfig32.exe | "Added by the SDBOT.MQ WORM!"
|
| X | Microsoft Configuration 35 | microsot1.exe | "Added by an unidentified TROJAN!"
|
| X | Microsoft Configuration Wizard | taskmrg.exe | "Added by the SDBOT-MX TROJAN!"
|
| X | Microsoft Corp SQL Certificates | sqlcer.exe | "Added by the ZYBOT-C WORM!"
|
| X | Microsoft Corp SSL Certificates | windowz.exe | "Added by the RBOT-GCZ WORM!"
|
| X | Microsoft Corp TLS Certificates | msauth.exe | "Added by the RBOT-GAC WORM!"
|
| X | Microsoft Corp Updates | wupdates.exe | "Added by the RBOT-AUU WORM!"
|
| X | Microsoft Corporaticn SQL Handler | sqlhandler.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Corporation | [random filename] | "Added by various VIRUSES |
| X | Microsoft Corporation | jview.exe | "Added by the RBOT-AOD WORM!"
|
| X | Microsoft Corporation Svchost Service | mssvc.exe | "Added by a variant of the SDBOT WORM! See here"
|
| X | Microsoft Corporation Svchost Service | mswsc.exe | Added by the AGENT.MAB TROJAN!
|
| X | Microsoft Corporation SYM monitor | mssym.exe | "Added by the RBOT-GDB WORM!"
|
| X | Microsoft CPU Over Heat Manager | CPU.exe | "Added by a variant of the IRCBOT TROJAN!"
|
| X | Microsoft Data Helper | cihost.exe | "Malware |
| X | Microsoft Data Machine | csdata32.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Database Handler | mssql32.exe | "Added by the RANDEX.AX WORM!"
|
| X | Microsoft Datalog Application | msdata.exe | "Added by a variant of the SDBOT WORM!"
|
| X | Microsoft Directx | directxat.exe | "Added by the SDBOT-BXF WORM! Note - disables autostart for the SharedAccess service and deactivates the Microsoft Internet Connection Firewall (ICF)"
|
| X | Microsoft DirectX | wupdate.exe | "Added by the RBOT-L WORM!"
|
| X | Microsoft DLL Authentification | dllsecure.exe | "Added by a variant of the IRCBOT TROJAN!"
|
| X | Microsoft driver update | Mshome.exe | Added by the SDBOT.BL WORM!
|
| X | Microsoft explorer Update | internal.exe | Added by an unidentified WORM or TROJAN!
|
| X | Microsoft Features | ms32cfg.exe | "Added by the RBOT.HO WORM!"
|
| X | Microsoft Features | msie.exe | "Added by a variant of the RBOT WORM!"
|
| Y | MICROSOFT FIREWALL CLIENT | ISATRAY.EXE | "MS Internet Security and Acceleration Server - see here"
|
| X | Microsoft Generic Update Manager | wupdate.exe | "Added by the RBOT-AWC TROJAN!"
|
| X | Microsoft Incroporate | mfs.exe | "Added by the RBOT-ANF WORM!"
|
| X | Microsoft Information | securenet.exe | "Added by the SDBOT.AJM WORM!"
|
| X | Microsoft Information Check | microsoft.exe | "Added by the IRCBOT.AUH TROJAN!"
|
| X | Microsoft Initialization Service | initsvc.exe | "Added by the IRCBOT.AXK BACKDOOR!"
|
| X | Microsoft Initialization Services | initserv.exe | "Added by the IRCBOT-ABO TROJAN!"
|
| X | Microsoft Internel Corporat | netvhost.exe | "Added by a variant of the IRCBOT BACKDOOR!"
|
| X | Microsoft Internel Corporat | smbvhost.exe | "Added by a variant of the IRCBOT BACKDOOR!"
|
| X | Microsoft Internet Acceleration Utility | iau.exe | "EasySearch adware"
|
| X | Microsoft Internet Acceleration Utility | [path to file] | "Added by the AGENT-CX TROJAN!"
|
| X | Microsoft Internet Acceleration Utility | [path to trojan] | "Added by the SMUTSRCH-A TROJAN!"
|
| X | Microsoft Internet Explorer | [path to trojan] | "Added by the BANCBAN-AS TROJAN!"
|
| X | Microsoft Internet Explorer Update | ieupdate.exe | "Added by the SHEUR.MH TROJAN!"
|
| X | Microsoft Internet Firewall Update | updater.exe | "Added by a variant of the IRCBOT TROJAN!"
|
| X | Microsoft IT Update | win64.exe | "Added by the RBOT.GA WORM!"
|
| X | Microsoft IT Update | [random filename] | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft IT Update | IEserv.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft IT Update | msupdate.exe | "Added by the RBOT-FE WORM!"
|
| X | Microsoft IT Update | winn43.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft IT Update | svchsst.exe | "Added by the RBOT-DH WORM!"
|
| X | Microsoft IT Update | win43.exe | "Added by the RBOT-SA WORM!"
|
| X | Microsoft IT Update | windows.exe | "Added by the RBOT-JM WORM!"
|
| X | Microsoft IT Update | winsyst32.exe | "Added by the RBOT-FC WORM!"
|
| X | Microsoft IT Update | Rhost32.exe | "Added by a variant of the IRCBOT TROJAN!"
|
| X | Microsoft Java Windows Update | [filename] | "Added by the RBOT-DZ WORM!"
|
| U | Microsoft Location Finder | LocationFinder.exe | "Microsoft Location Finder ""is a client-side application that turns a regular WiFi enabled laptop |
| X | Microsoft LV | [path to file] | "Added by the BDOOR-BDL BACKDOOR!"
|
| X | Microsoft Machine | updata.exe | "Added by the RBOT-DJ WORM!"
|
| X | Microsoft MachineUpdatese | tempes.exe | "Added by the RBOT.EWN BACKDOOR!"
|
| X | Microsoft Management Console | [path to trojan] | "Added by the SMUTSRCH-A TROJAN!"
|
| X | Microsoft MSUPDATE | SpoolSvc.exe | "Added by the SXTB-A TROJAN!"
|
| X | Microsoft NT Update | winexec32.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Office Start | winupdates.exe | "Added by the GAOBOT.BC WORM!"
|
| X | Microsoft Patch Update | bootini.exe | "Added by the RBOT-FMN WORM!"
|
| X | Microsoft PCHealth32 | [path to file] | "Added by the NICE-A TROJAN!"
|
| X | Microsoft PSTCP32 Data | pstcp32.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Redirect | [path to file] | "Added by the BANKER-FW TROJAN!"
|
| X | Microsoft Security Hot Fix Update | mshotfix.exe | "Affilred adware"
|
| X | Microsoft Security Monitor Process | windowsupdate.exe | "Added by a variant of the IRCBOT BACKDOOR! See here"
|
| X | Microsoft Security Update | security32.exe | "Added by the DELF-JJ TROJAN!"
|
| X | Microsoft Server Applacations | msnmsg.exe | "Added by the AGOBOT.BBM WORM!"
|
| X | Microsoft Server Applacations | wuauct1.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Server Applacations | lsasss.exe | "Added by the RBOT-AQQ WORM!"
|
| X | Microsoft Server Applacations | Q8See.exe | "Added by the SPYBOT.GEN3 TROJAN!"
|
| X | Microsoft Server Applacations | cli.exe | "Added by the RBOT-GAQ WORM!"
|
| X | Microsoft Server Application | Sound.exe | "Added by the RBOT-NE WORM!"
|
| X | Microsoft Service Information | msnservices.exe | "Added by the RBOT.ID WORM!"
|
| X | Microsoft Software Update | nmon.exe | "Added by the RBOT.HZ WORM!"
|
| X | Microsoft standard protector | [path to trojan] | "Added by the STOX-C TROJAN!"
|
| X | Microsoft Synchronization Manager | asgard.exe | "Added by the SDBOT-AEA WORM!"
|
| X | Microsoft Synchronization Manager | bot.exe | "Added by the SDBOT.IH WORM!"
|
| X | Microsoft Synchronization Manager | netscape.exe | "Added by the RANDEX.AE WORM!"
|
| X | Microsoft Synchronization Manager | slhost.exe | "Added by the SDBOT.YH WORM!"
|
| X | Microsoft Synchronization Manager | svhost.exe | "Added by the SDBOT-PY WORM!"
|
| X | Microsoft Synchronization Manager | WinLoginnn.exe | "Added by the SPYBOT.FO WORM!"
|
| X | Microsoft Synchronization Manager | winupdate.exe | "Added by the SDBOT.ER WORM!"
|
| X | Microsoft Synchronization Manager | xXx.exe | "Added by the SDBOT-KZ WORM!"
|
| X | Microsoft Synchronization Manager | ___synmgr.exe | "Added by the MASLAN.A or MASLAN.C WORMS!"
|
| X | Microsoft Synchronization Manager | al.exe | "Added by the OPTXPRO.132 TROJAN!"
|
| X | Microsoft Synchronization Manager | win.exe | "Added by the SDBOT.AK WORM!"
|
| X | Microsoft Synchronization Manager | java.exe | "Added by a variant of the SDBOT WORM!"
|
| X | Microsoft Synchronization Manager | svchosts.exe | "Added by the SDBOT-LM WORM!"
|
| X | Microsoft Synchronization Manager | winlogon32.exe | "Added by the SDBOT.AEU WORM!"
|
| X | Microsoft Synchronization Manager | svxhost.exe | "Added by the SDBOT-ZU WORM!"
|
| X | Microsoft Synchronization Manager | wincfg32.exe | "Added by the SDBOT.DO WORM!"
|
| X | Microsoft Synchronization Manager | screen.exe | "Added by the SDBOT-ACO WORM!"
|
| X | Microsoft Synchronization Manager | devldr32.exe | "Added by a variant of the RBOT WORM! Note - do not confuse with the legitimate Creative Labs devldr32.exe file"
|
| X | Microsoft Synchronization Manager | explorer.exe | "Added by the SDBOT-AEA WORM! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%"
|
| X | Microsoft Synchronization Manager | firewire.exe | "Added by the SDBOT-AFC WORM!"
|
| X | Microsoft Synchronization Manager | wmedia.exe | "Added by the SDBOT.BFC WORM!"
|
| X | Microsoft Synchronization Manager | win932.exe | "Added by the SDBOT.AH WORM!"
|
| X | Microsoft Synchronization Manager | mircup.exe | "Added by the SDBOT.BQD WORM!"
|
| U | Microsoft Synchronization Manager | mobsync.exe | "Microsoft Synchronization Manager for 2K/XP - used to update network copies of materials that were edited offline |
| X | Microsoft Synchronization Manager | alien.exe | "Added by the SDBOT-MV BACKDOOR!"
|
| X | Microsoft Synchronization Manager | microsoft.exe | "Added by the SDBOT-OM WORM!"
|
| X | Microsoft Synchronization Manager 2 | svhostc.exe | "Added by the SLINBOT.ST WORM!"
|
| X | Microsoft System Administration | system.exe | "Added by a variant of the IRCBOT BACKDOOR!"
|
| N | Microsoft System Configuration Utility | msconfig.exe | Entry that appears when you uncheck an item in the MSConfig Startup group and will disappear if on the next reboot you select the option to not be reminded that you are running in Selective Startup mode. Located in %System% (98/Me/Vista) or %Windir%\PCHealth\HelpCtr\Binaries (XP)
|
| X | Microsoft System DLL Services Configuration | windir32.exe | "Added by the SDBOT-ACY TROJAN!"
|
| X | Microsoft System Restore Configuration | CBRSS.EXE | "Added by a variant of the SPYBOT WORM!"
|
| X | Microsoft System Saver | [path to worm] | "Added by the RBOT.BSK WORM!"
|
| X | Microsoft System Update | sysupdate.exe | "Added by the SDBOT.DG WORM!"
|
| X | Microsoft System32 Update | cmsrg.exe | "Added by the RBOT-GN WORM!"
|
| X | Microsoft Taskmanager Updater | keyboard.exe | "Added by the RBOT-ALU WORM!"
|
| X | Microsoft UMA Update | MSuma32.exe | "Added by the RBOT.FS WORM!"
|
| X | Microsoft Updat3 | mswkst32.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Update | Microsoft.exe | "Added by the GAOBOT.AFJ WORM!"
|
| X | Microsoft Update | mssmgrd.exe | "Added by the SDBOT.JT WORM!"
|
| X | Microsoft Update | mvsc.exe | "Added by the SPYBOT.DAZ WORM!"
|
| X | Microsoft Update | ascdl.exe | "Added by the GAOBOT.SY WORM!"
|
| X | Microsoft Update | Isac.exe | "Added by the RBOT-AU WORM!"
|
| X | Microsoft Update | automgr32.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Update | mediap.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Update | Microsoftx.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Update | msconfg.exe | "Added by the RBOT.H WORM!"
|
| X | Microsoft Update | Mslti32.exe | "Added by the RBOT-LX WORM!"
|
| X | Microsoft Update | muamgrd.exe | "Added by a variant of the AGOBOT/GAOBOT WORM!"
|
| X | Microsoft Update | navmgrd.exe | "Added by the SDBOT.DP TROJAN!"
|
| X | Microsoft Update | Smss32.exe | "Added by the RBOT-CB WORM!"
|
| X | Microsoft Update | sys32cfg.exe | "Added by the RBOT.DR WORM!"
|
| X | Microsoft Update | VPC32.EXE | "Added by the AGOBOT.XM WORM!"
|
| X | Microsoft Update | winsys32.exe | "Added by the RBOT.BD WORM!"
|
| X | Microsoft Update | wuamgrd.exe | "Added by the RBOT-LK WORM!"
|
| X | Microsoft Update | wuammgr32.exe | "Added by the RBOT-AW WORM!"
|
| X | Microsoft Update | wudmate.exe | "Added by the RBOT.AP WORM!"
|
| X | Microsoft Update | msawindows.exe | "Added by the GAOBOT.AFJ WORM!"
|
| X | Microsoft Update | msiwin84.exe | "Added by the GAOBOT.AFJ WORM!"
|
| X | Microsoft Update | wuamgrd32.exe | "Added by the RBOT.ZB WORM!"
|
| X | Microsoft Update | NAV.exe | "Added by the RBOT-IV WORM!"
|
| X | Microsoft Update | systemi32.exe | "Added by a variant of the SPYBOT WORM!"
|
| X | Microsoft Update | xpupdate.exe | "Added by the RBOT-QE WORM!"
|
| X | Microsoft Update | webm.exe | "Added by the SDBOT.WK WORM!"
|
| X | Microsoft Update | wuagrd.exe | "Added by the RBOT-FK WORM!"
|
| X | Microsoft Update | aaupdt.exe | "Added by the RBOT-RQ WORM!"
|
| X | Microsoft Update | lsac.exe | "Added by the GAOBOT.XW WORM!"
|
| X | Microsoft Update | Mupdate.exe | "Added by the RBOT-AG WORM!"
|
| X | Microsoft Update | prowind32.exe | "Added by a variant of the AGOBOT/GAOBOT WORM!"
|
| X | Microsoft Update | snlogsvc.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Update | svhost.exe | "Added by the RBOT-PI WORM!"
|
| X | Microsoft Update | wauguard.exe | "Added by the RBOT.AEE WORM!"
|
| X | Microsoft Update | winscv.exe | "Added by the RBOT-BH WORM!"
|
| X | Microsoft Update | winsys.exe | "Added by the RBOT-GV WORM!"
|
| X | Microsoft Update | wserv32.exe | "Added by the RBOT.AF WORM!"
|
| X | Microsoft Update | wtm32.exe | "Added by the RBOT-AQ WORM!"
|
| X | Microsoft Update | wumgrd.exe | "Added by the SDBOT-KY WORM!"
|
| X | Microsoft Update | wuampd.exe | "Added by the RBOT-UT WORM!"
|
| X | Microsoft Update | msupdate32.exe | "Added by a variant of the SPYBOT WORM!"
|
| X | Microsoft Update | Botnet.exe | "Added by the RBOT.AFL WORM!"
|
| X | Microsoft Update | sghost.exe | "Added by the SDBOT.AKV WORM!"
|
| X | Microsoft Update | update_w.exe | "Added by the RBOT-EW WORM!"
|
| X | Microsoft Update | windows24.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Update | wingrd32.exe | "Added by the RBOT-DW WORM!"
|
| X | Microsoft Update | wssvr.exe | "Added by the RBOT-OD WORM!"
|
| X | Microsoft Update | wuamagr32.exe | "Added by the SPYBOT.CG WORM!"
|
| X | Microsoft Update | WinUpdate32.exe | "Added by the RBOT-TI WORM!"
|
| X | Microsoft Update | wkfix.exe | "Added by the RBOT-ABZ WORM!"
|
| X | Microsoft Update | Kkk.exe | "Added by the RBOT-AHL WORM!"
|
| X | Microsoft Update | mcupdate.exe | "Added by the RBOT.XT WORM! Note - this file is located in %System% and should not be confused with the McAfee antivirus executable as described here"
|
| X | Microsoft Update | Micr0s0ft.exe | "Added by the AGOBOT.AAR WORM!"
|
| X | Microsoft Update | Msnmsngr.exe | "Added by the RBOT.BQS WORM!"
|
| X | Microsoft Update | msupdate32.exe | "Added by the SPYBOT.LZ WORM!"
|
| X | Microsoft Update | scvhost.exe | "Added by the RBOT-AEM WORM!"
|
| X | Microsoft Update | svghost.exe | "Added by the RBOT.BUJ WORM!"
|
| X | Microsoft Update | sys.exe | "Added by the RBOT-AJ WORM!"
|
| X | Microsoft Update | up2dat5.exe | "Added by a variant of the SDBOT WORM!"
|
| X | Microsoft Update | winamp.exe | "Added by a variant of the RBOT WORM! Note - this is NOT the popular Winamp media player"
|
| X | Microsoft Update | win-mang.exe | "Added by the RBOT-AFK WORM!"
|
| X | Microsoft Update | winupdater.exe | "Added by the RBOT.BIN WORM!"
|
| X | Microsoft Update | wuamk0032.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Update | wuamk032.exe | "Added by the RBOT-AHD WORM!"
|
| X | Microsoft Update | wuamk0p32.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Update | wuamkop.exe | "Added by the RBOT-AFI WORM!"
|
| X | Microsoft Update | wuamkop32.exe | "Added by the RBOT.BGU WORM!"
|
| X | Microsoft Update | wuampkd.exe | "Added by the SDBOT.BBX WORM!"
|
| X | Microsoft Update | svzhost.exe | "Added by the RBOT.OX WORM!"
|
| X | Microsoft Update | win32.exe | "Added by a variant of the SDBOT WORM!"
|
| X | Microsoft Update | wininit.exe | "Added by the RBOT-AKR WORM!"
|
| X | Microsoft Update | wuamgrd3.exe | "Added by the RBOT-AMC WORM!"
|
| X | Microsoft Update | Wudates.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Update | ms.exe | "Added by the SDBOT.CC WORM!"
|
| X | Microsoft Update | wuagmsd.exe | "Added by the RBOT-AX WORM!"
|
| X | Microsoft Update | cmss.exe | "Added by the RBOT-ATQ WORM!"
|
| X | Microsoft Update | wuamgrb.exe | "Added by the RBOT-AZE WORM!"
|
| X | Microsoft Update | WINDOC.EXE | "Added by the SDBOT.PF WORM!"
|
| X | Microsoft Update | phqghumea.exe | "Added by the SDBOT.AFO WORM!"
|
| X | Microsoft Update | system32.exe | "Added by the RBOT.IS WORM!"
|
| X | Microsoft Update | bling.exe | "Added by the RBOT-AVK WORM!"
|
| X | Microsoft Update | Sygate.exe | "Added by a variant of the SDBOT WORM!"
|
| X | Microsoft Update | update.exe | "Added by a variant of the SDBOT WORM!"
|
| X | Microsoft Update | WinDrv32.exe | "Added by the RBOT.EGW WORM!"
|
| X | Microsoft Update | devmks32.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft update | winupdate.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Update | msupdate.exe | "Added by the BOROBOT-I TROJAN!"
|
| X | Microsoft Update | mixer.exe | "Added by the RBOT-AIR WORM!"
|
| X | Microsoft Update | taskmgr32.exe | "Added by the RBOT-CV WORM!"
|
| X | Microsoft Update | drive.exe | "Added by the BIFROSE-PN WORM!"
|
| X | Microsoft Update | wangard.exe | "Added by the RBOT-LH WORM!"
|
| X | MICROSOFT UPDATE | WUAGTRD.EXE | "Added by the RBOT-CJ WORM!"
|
| X | Microsoft Update | spool.exe | "Added by the AGENT-GJC TROJAN!"
|
| X | Microsoft Update | bnmveqfts.exe | "Added by the BANLOAD.KWQ TROJAN!"
|
| X | Microsoft Update | dqbxhupdt | "Added by a variant of the SDBOT WORM! See here"
|
| X | Microsoft Update | enule.exe | "Added by the IRCBOT.DU BACKDOOR!"
|
| X | Microsoft Update | explorer.exe | "Added by the RBOT.AEU BACKDOOR! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%"
|
| X | Microsoft Update | imchemaoa.exe | "Added by the BANLOAD.KWQ TROJAN!"
|
| X | Microsoft Update | livemessenger.com | "Added by the ADLOAD-LN TROJAN!"
|
| X | Microsoft Update | msnmsgl.exe | "Added by a variant of the SPYBOT WORM! See here"
|
| X | Microsoft Update | nnwyaupdt | "Added by the RBOT.RHK BACKDOOR!"
|
| X | Microsoft Update | ntservice.exe | "Added by the AGENT-DIS TROJAN!"
|
| X | Microsoft Update | rundll32.dll | "Added by the CIADOOR.GN BACKDOOR!"
|
| X | Microsoft Update | wuamgrdx.exe | "Added by a variant of the SPYBOT WORM! See here"
|
| X | Microsoft Update | wutr.exe | "Added by the SPYBOT.AAR WORM!"
|
| X | Microsoft Update | SetPoints.exe | "Added by a variant of the IRCBOT BACKDOOR!"
|
| X | Microsoft Update | system.exe | "Added by a variant of the RBOT WORM! See here"
|
| X | Microsoft Update | service.exe | "Added by a variant of the RBOT WORM! See here"
|
| X | Microsoft Update | msgn.exe | "Added by the RBOT.RQ BACKDOOR!"
|
| X | Microsoft Update | wuamgrd16.exe | "Added by the RBOT-BQ WORM!"
|
| X | Microsoft Update | windows32.exe | "Added by the RBOT-BHQ WORM!"
|
| X | Microsoft Update | winsyst.exe | "Added by the RBOT-DL WORM!"
|
| X | Microsoft Update 23 | NtKernelSystem.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Update 23 | spoolvs.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Update 32 | explore32.exe | "Added by the SPYBOT.CYM WORM!"
|
| X | Microsoft Update 32 | MSupdate32.exe | "Added by a variant of the SPYBOT WORM!"
|
| X | Microsoft Update 32 | wininit.exe | "Added by the RBOT-ANY WORM!"
|
| X | Microsoft Update 32 | wininit32.exe | "Added by the RBOT-AKJ WORM!"
|
| X | Microsoft Update 32 | [path to file] | "Added by the RBOT-AJJ WORM!"
|
| X | Microsoft Update 32 | mscnfg.exe | "Added by the RBOT-ALM WORM!"
|
| X | Microsoft Update 32 | servic.exe | "Added by the RBOT-AXN WORM!"
|
| X | Microsoft Update 32 | winitXP32.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Update 32 | mssetup32.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Update 32 | wiit.exe | "Added by the RBOT-AMS WORM!"
|
| X | Microsoft Update 32 | explorer.exe | "Added by the RBOT-ARF WORM! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%"
|
| X | Microsoft Update 32 | network.exe | "Added by the RBOT-ARZ WORM!"
|
| X | Microsoft Update 32 | om4r.exe | "Added by the RBOT-AQP WORM!"
|
| X | Microsoft Update 32 | winin.exe | "Added by the RBOT-ARR WORM!"
|
| X | Microsoft Update 32 | wuinit.exe | "Added by the AGOBOT-UE WORM!"
|
| X | Microsoft Update 32 | neta.exe | "Added by the RBOT-AMI WORM!"
|
| X | Microsoft Update 32 | spoolvs.exe | "Added by the RBOT-BBQ WORM!"
|
| X | Microsoft Update 32 | rundll32.exe | "Added by the RBOT.AIE BACKDOOR! Note that this BACKDOOR modifies the file rundll32.exe |
| X | Microsoft Update 32 | taskMangr.exe | "Added by the RBOT.AIE BACKDOOR!"
|
| X | Microsoft Update 32 | winssx.exe | "Added by the RBOT-ARW WORM!"
|
| X | Microsoft Update 33 | init.exe | "Added by the RBOT-ATT WORM!"
|
| X | Microsoft Update 64 BIT | wininit32.exe | "Added by the RBOT-AHE WORM!"
|
| X | Microsoft Update 64 BIT | winman32.exe | "Added by the RBOT-AKI WORM!"
|
| X | Microsoft Update 64 BIT | schvost.exe | "Added by the RBOT.CAU WORM!"
|
| X | Microsoft Update 64 BIT | winl32xe.exe | "Added by the RBOT-AQO WORM!"
|
| X | Microsoft Update Clinic | svsipconfig.exe | "Added by the RBOT.BR WORM!"
|
| X | MICROSOFT UPDATE CONFIGURATION | WIN32SNC.EXE | "Added by the RBOT-AI WORM!"
|
| X | Microsoft Update Control | Ms64.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Update Debugger | wincfg32.exe | "Added by the SPYBOT.ZC WORM!"
|
| X | Microsoft Update Device | flolo.exe | "Added by a variant of the SPYBOT WORM! See here"
|
| X | Microsoft Update Device Drivers | wuauclt.exe | "Added by a variant of the SDBOT WORM! Note - this is not the legitimate wuauclt.exe process |
| X | Microsoft Update DLL | rxxhost.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Update Drivers | explorers.exe | "Added by a variant of the SDBOT WORM!"
|
| X | Microsoft Update Emulator | kern-mxe.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Update Emulator | wuaddsff.exe | "Added by the RBOT-GX WORM!"
|
| X | Microsoft Update Event | svnhost.exe | "Added by the AGOBOT-GW BACKDOOR!"
|
| X | Microsoft Update Loader | [random filename] | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Update Loaders 2005 | winusers.exe | "Added by the RBOT-AIQ WORM!"
|
| X | Microsoft Update Loaders 2006 | winusersystem32.exe | "Added by a variant of the AGOBOT/GAOBOT WORM!"
|
| X | Microsoft Update Machine | expl0rer.exe | "Added by the SDBOT.OK WORM!"
|
| X | Microsoft Update Machine | rxhost.exe | "Added by the RBOT.FC WORM!"
|
| X | Microsoft Update Machine | servicz.exe | "Added by the RBOT-HU WORM!"
|
| X | Microsoft Update Machine | SP2.exe | "Added by the SPYBOT.FP WORM!"
|
| X | Microsoft Update Machine | winini.exe | "Added by the RBOT-KV WORM!"
|
| X | Microsoft Update Machine | xvshost.exe | "Added by the RBOT.QP WORM!"
|
| X | Microsoft Update Machine | memstat.exe | "Added by the RBOT-OM WORM!"
|
| X | Microsoft Update Machine | ntce.exe | "Added by the RBOT-FA WORM!"
|
| X | Microsoft Update Machine | system03.exe | "Added by the RBOT-NM WORM!"
|
| X | Microsoft Update Machine | wuawx.exe | "Added by the RBOT-CE WORM!"
|
| X | Microsoft Update Machine | zonealarm.exe | "Added by the RBOT-BZ WORM! Note - this is not the valid Zone Labs firewall program!"
|
| X | Microsoft Update Machine | systemll.exe | "Added by the RBOT-JT WORM!"
|
| X | Microsoft Update Machine | winupdt.exe | "Added by the RBOT-FP WORM!"
|
| X | Microsoft Update Machine | svshost.exe | "Added by the RBOT.AK WORM!"
|
| X | Microsoft Update Machine | wuamgd.exe | "Added by the SDBOT.HQ WORM!"
|
| X | Microsoft Update Machine | wupdt32x.exe | "Added by a variant of the SDBOT WORM!"
|
| X | Microsoft Update Machine | [random filename] | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Update Machine | linux.exe | "Added by the RBOT-IM WORM!"
|
| X | Microsoft Update Machine | lmrss.exe | "Added by the RBOT-DY WORM!"
|
| X | Microsoft Update Machine | windowsu.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Update Machine | wininigo.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Update Machine | winmgr.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Update Machine | Winmsixp32.exe | "Added by the RBOT.DN WORM!"
|
| X | Microsoft Update Machine | Winregs32.exe | "Added by the RBOT.DN WORM!"
|
| X | Microsoft Update Machine | winxpini.exe | "Added by the RBOT-OB WORM!"
|
| X | Microsoft Update Machine | wuamgrd.exe | "Added by the RBOT-HE WORM!"
|
| X | Microsoft Update Machine | wuagrd.exe | "Added by the RBOT-GF WORM!"
|
| X | Microsoft Update Machine | LANWAKE.EXE | "Added by the RBOT-QZ WORM!"
|
| X | Microsoft Update Machine | scvhost.exe | "Added by the RBOT-GS WORM!"
|
| X | Microsoft Update Machine | winhost.exe | "Added by the RBOT-GK WORM!"
|
| X | Microsoft Update Machine | winss.exe | "Added by the RBOT.JU WORM!"
|
| X | Microsoft Update Machine | WUAMGRDXS.EXE | "Added by the RBOT-GL WORM!"
|
| X | Microsoft Update Machine | crss32.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Update Machine | lsasse.exe | "Added by the RBOT-DI WORM!"
|
| X | Microsoft Update Machine | qwerty.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Update Machine | rxxhost.exe | "Added by the RBOT.EP WORM!"
|
| X | Microsoft Update Machine | servicez.exe | "Added by the SPYBOT.BI WORM!"
|
| X | Microsoft Update Machine | spoolserv.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Update Machine | Systemnt.exe | "Added by the RBOT.DA WORM!"
|
| X | Microsoft Update Machine | systemse.exe | "Added by the RBOT-BD WORM!"
|
| X | Microsoft Update Machine | taskmngrs.exe | "Added by the RBOT-CR WORM!"
|
| X | Microsoft Update Machine | windowsup.exe | "Added by the RBOT-FV WORM!"
|
| X | Microsoft Update Machine | wuamgard.exe | "Added by the SPYBOT.CS WORM!"
|
| X | Microsoft Update Machine | wupdate32.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Update Machine | system.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Update Machine | TMEMSER.EXE | "Added by the RBOT-NQ WORM!"
|
| X | Microsoft Update Machine | winnie.exe | "Added by the RBOT-ACD WORM!"
|
| X | Microsoft Update Machine | winortho.exe | "Added by the RBOT-NW WORM!"
|
| X | Microsoft Update Machine | wins32.exe | "Added by the RBOT.EZ WORM!"
|
| X | Microsoft Update Machine | serviz.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Update Machine | TASKMAN4.EXE | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Update Machine | wftestb.exe | "Added by the RBOT-AFZ WORM!"
|
| X | Microsoft Update Machine | Win32.exe | "Added by the SDBOT.UV WORM!"
|
| X | Microsoft Update Machine | windns.exe | "Added by the RBOT.EF WORM!"
|
| X | Microsoft Update Machine | MSOICONS.EXE | "Added by the RBOT.AWS WORM! Note - do no confuse with the legitimate Msoicons.exe file described here. The latter should not normally figure in Msconfig/Startup!"
|
| X | Microsoft Update Machine | WINSVC32.EXE | "Added by the RBOT.CU WORM!"
|
| X | Microsoft Update Machine | ntsystem.exe | "Added by the RBOT.GF WORM!"
|
| X | Microsoft Update Machine | winupdte.exe | "Added by the RBOT-GKL WORM!"
|
| X | Microsoft Update Machine | jkfrnz.exe | "Added by the RBOT-GOZ WORM!"
|
| X | Microsoft Update Machine | wlimyc.exe | "Added by the RBOT-GQN WORM!"
|
| X | Microsoft Update Machine | xagwxzy.exe | "Added by the RBOT.S WORM!"
|
| X | Microsoft Update Machine | jkydxg.exe | "Added by the RBOT.AEA BACKDOOR!"
|
| X | Microsoft Update Machine | opmmve.exe | "Added by the KOLABC.DES WORM!"
|
| X | Microsoft Update Machine | paxrxo.exe | "Added by the PUSHBOT.A WORM!"
|
| X | Microsoft Update Machine | psmszw.exe | "Added by the KOLABC.CC WORM!"
|
| X | Microsoft Update Machine | syadpo.exe | "Added by the CIADOOR.GN BACKDOOR!"
|
| X | Microsoft Update Machine | systemi.exe | "Added by the BUZUS.JKU TROJAN!"
|
| X | Microsoft Update Machine | thvfyq.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Update Machine | ubthec.exe | "Added by the AGENT.AWZ TROJAN!"
|
| X | Microsoft Update Machine | winmngr.exe | "Added by the RBOT.GKQ BACKDOOR!"
|
| X | Microsoft Update Machine | gbhglj.exe | "Added by the IRCBOT-ZJ TROJAN!"
|
| X | Microsoft Update Machine | wuamgdr.exe | "Added by the RBOT-IO BACKDOOR!"
|
| X | Microsoft Update Manager | WINRLS.EXE | "Added by the RBOT-AF WORM!"
|
| X | Microsoft Update Manager | svshost.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Update Manager | scvhost.exe | "Added by the AGOBOT.AXJ WORM!"
|
| X | Microsoft Update Manager | scvideo.exe | "Added by the SDBOT-CVP TROJAN!"
|
| X | Microsoft Update Mechene | Updatez.exe | "Added by the RBOT-GI WORM!"
|
| X | Microsoft Update Module | rundll24.exe | "Added by the RBOT-PS WORM!"
|
| X | Microsoft Update Process | wmipcvse.exe | "Added by the AGOBOT-JF TROJAN!"
|
| X | Microsoft Update Security Patch | mssecurityupdatepatch.exe | Added by the AGENT.EF TROJAN!
|
| X | Microsoft Update Server | mssrv.exe | "Added by an unidentified VIRUS |
| X | Microsoft Update Service | csrss32.exe | "Added by the AGOBOT-HC WORM!"
|
| X | Microsoft Update Service | mswin32.exe | "Added by a variant of the SPYBOT WORM!"
|
| X | Microsoft update service | systemm.exe | "Added by a variant of the SDBOT WORM!"
|
| X | Microsoft Update SERVICE | phqghum.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Update Service | msupdate.pif | "Added by the RBOT-AQB WORM!"
|
| X | Microsoft Update Service | wmiprvre.exe | "Added by the AGOBOT-NN WORM!"
|
| X | Microsoft Update Services | wcsnfty.exe | "Added by the RBOT-AGK WORM!"
|
| X | Microsoft Update Services | wsnfty.exe | "Added by the RBOT-AFU WORM!"
|
| X | Microsoft Update Time | wuam.exe | "Added by the RBOT-M WORM!"
|
| X | Microsoft Update USB2 | wuammgrd32.exe | "Added by the RBOT-ADT WORM!"
|
| X | Microsoft Update v2.6 | lxxex.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Update Win32a | winupdate32a.exe | "Added by the RBOT-LO WORM!"
|
| X | Microsoft Update Win32x | winupdate32x.exe | "Added by the RBOT-AJN WORM!"
|
| X | Microsoft Update32 | wuamgrd32.exe | "Added by the RBOT-PU WORM!"
|
| X | Microsoft Updater | winsys32.exe | "Added by the RBOT.RL WORM!"
|
| X | Microsoft Updater | msconsole.exe | "Added by a variant of the IRCBOT TROJAN!"
|
| X | Microsoft Updater | svhost.exe | "Added by the AGENT.CDF TROJAN!"
|
| X | Microsoft Updater | vbcjlg.exe | "Added by a variant of the SPYBOT WORM! See here"
|
| X | Microsoft Updater | wuamgrds.exe | "Added by the RBOT.A WORM!"
|
| X | Microsoft Updater | winupdate.exe | "Added by the AGENT-KIR TROJAN!"
|
| X | Microsoft Updater Resources | WinFixd32.exe | "Added by the SPYBOT.CA WORM!"
|
| X | Microsoft Updater v2 | [path to worm] | "Added by the AUTORUN-BCI WORM!"
|
| X | Microsoft UPDATER32 | lsass.exe | "Added by the RANDEX.AR WORM! Note - this is not the legitimate Lsass.exe system file should normally NOT figure in Msconfig/Startup!"
|
| X | Microsoft UPDATER32 | LSASS32.EXE | "Added by the RANDEX.AR WORM!"
|
| X | Microsoft Updaters | tskmgr.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Updaters | sysconfigs.exe | "Added by the RBOT-DF TROJAN!"
|
| X | Microsoft Updaters Pros | WINDLL32XP.EXE | Added by the SPYBOTTER.GEN VIRUS!
|
| X | Microsoft Updates | systemc32.exe | "Added by the RBOT-GR WORM!"
|
| X | Microsoft Updates | wkssvr.exe | "Added by the RBOT.R WORM!"
|
| X | Microsoft Updates | wkssvrs.exe | "Added by the RBOT-EB WORM!"
|
| X | Microsoft Updates | wuamgrd.exe | "Added by the RBOT-CO WORM!"
|
| X | Microsoft Updates | wtemp32.exe | "Added by the RBOT-AHQ WORM!"
|
| X | Microsoft Updates | svehost.exe | "Added by the RBOT-GRW WORM!"
|
| X | Microsoft Updates | svshost.exe | "Added by the AGOBOT-AIW WORM!"
|
| X | Microsoft Updates | svdhost.exe | "Added by the RBOT-GVH WORM!"
|
| X | Microsoft Updates | service.exe | "Added by the POISON.HPT BACKDOOR!"
|
| X | Microsoft Updates | [worm filename] | "Added by the AGOBOT-AIZ WORM!"
|
| X | Microsoft Updates | wgcptsud.exe | "Added by the RBOT-GTF WORM!"
|
| X | Microsoft Updates | winit.exe | "Added by the SDBOT-CSB WORM!"
|
| X | Microsoft Updates 2 USB | wgafixer.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Updates 5 USB | sp3fixer.exe | "Added by the RBOT-ADS WORM!"
|
| X | Microsoft UpdateS Machine | wgrd.exe | "Added by the RBOT-FI WORM!"
|
| X | Microsoft Updates Resources | WinFixIDs.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Updating | navguard.exe | "Added by the RBOT.HW WORM!"
|
| X | Microsoft Updating | syswr.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Updating | wuamguards.exe | "Added by the RBOT-BY WORM!"
|
| X | Microsoft Updating Client | websvc.exe | "Added by the RBOT.AQ WORM!"
|
| X | Microsoft Updating Machine | sysc0de.exe | "Added by the RBOT.RB WORM!"
|
| X | Microsoft Updatting | miroupdate.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft upnp Update | msie.exe | "Added by the RBOT-LQ WORM!"
|
| X | Microsoft UpToDate Driver (32-bits) | [random filename].exe | "Added by the SPYBOT.LXJ WORM!"
|
| X | Microsoft Vertupdate | MSvert32.exe | "Added by the MYTOB-CY WORM!"
|
| X | Microsoft Vista Upgrade Validation Service | cfmon.exe | "Added by a variant of the IRCBOT BACKDOOR!"
|
| X | Microsoft Visual Application | vpcrtf.exe | "Added by the IRCBOT-XJ TROJAN!"
|
| X | Microsoft web update | webmsn.exe | "Added by the RBOT-EMQ WORM!"
|
| X | Microsoft Win Corp TLS Verification | mswintls.exe | "Added by the RBOT-GCT WORM!"
|
| X | Microsoft Win Update | WinUP.exe | "Added by the RBOT-BPR WORM!"
|
| X | MicroSoft Wind0ws Updater | winsupdater.exe | "Added by a variant of the RBOT WORM!"
|
| X | MicroSoft Window Updater | winsupdater.exe | "Added by the RBOT-ZZ WORM!"
|
| X | Microsoft Windows | atup | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Windows | [path to file] | "Added by the BDOOR-LI BACKDOOR!"
|
| X | Microsoft Windows 32 Update | win32update.exe | "Added by a variant of the IRCBOT TROJAN!"
|
| X | Microsoft Windows Communicator for NT/XP | wincomm.exe | "Added by the RBOT.ATH WORM!"
|
| X | Microsoft Windows DLL Services Configuration | newdll.exe | "Added by the SDBOT-ZR WORM!"
|
| X | Microsoft Windows DLL Services Configuration | newdll2.exe | "Added by the SDBOT-ABD WORM!"
|
| X | Microsoft Windows DLL Services Configuration | poker.exe | "Added by the SDBOT-ZY WORM!"
|
| X | Microsoft Windows DLL Services Configuration | poker3.exe | "Added by the SDBOT-AAH WORM!"
|
| X | Microsoft Windows DLL Services Configuration | proxy.exe | "Added by the SDBOT-ZL WORM!"
|
| X | Microsoft Windows DLL Services Configuration | windir32.exe | "Added by the SDBOT.BHF WORM!"
|
| X | Microsoft Windows DLL Services Configuration | windir32a.exe | "Added by a variant of the SDBOT.BHF WORM!"
|
| X | Microsoft Windows DLL Services Configuration | windll32.exe | "Added by the SDBOT.BHD WORM!"
|
| X | Microsoft Windows DLL Services Configuration | winDSL.exe | "Added by the SDBOT-ZG WORM!"
|
| X | Microsoft Windows DLL Services Configuration | dllmanager32.exe | "Added by the SDBOT-BTU WORM!"
|
| X | Microsoft Windows Express | Microsoft Update | "Added by a variant of the IRCBOT BACKDOOR! See here"
|
| X | Microsoft Windows Game Updater | msgame32.exe | "Added by a variant of the RBOT WORM!"
|
| U | Microsoft Windows Media Player Network Sharing Service Configuration Application | WMPNSCFG.exe | "Network sharing tool for Windows Media Player 11 for XP & Vista. When using WMP 11 on home network you can choose to share your favorite music |
| X | Microsoft Windows Secure Update | rpcxwinupdt.exe | Added by an unidentified WORM or TROJAN!
|
| X | Microsoft Windows Updata | scvhost.exe | "Added by the RBOT.CEM BACKDOOR!"
|
| X | Microsoft Windows Updata | windows.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Windows Updata | [5 random letters].exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Windows Update | rundlls.exe | "Added by the HABRACK WORM!"
|
| X | Microsoft Windows Update | msoffice2.exe | "Added by the RBOT-GB WORM!"
|
| X | Microsoft Windows Update | spools.exe | "Added by the SDBOT.TD WORM!"
|
| X | Microsoft Windows Update | svchos.exe | "Added by the SDBOT.AC WORM!"
|
| X | Microsoft Windows Update | svcshost.exe | "Added by the FORBOT-CF WORM!"
|
| X | Microsoft Windows Update | svmhost.exe | "Added by the FORBOT-CH WORM!"
|
| X | Microsoft Windows Update | svshost.exe | "Added by the WOOTBOT.CJ WORM!"
|
| X | Microsoft Windows Update | msnmessenger.exe | "Added by the SDBOT.AJ WORM!"
|
| X | Microsoft Windows Update | msnwun.exe | "Added by the SDBOT-RM WORM!"
|
| X | Microsoft Windows Update | scvvhost.exe | "Added by the FORBOT-DH WORM!"
|
| X | Microsoft Windows Update | swwhost.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Windows Update | MSNMSGR.EXE | "Added by the SDBOT-WM WORM! Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %System%"
|
| X | Microsoft Windows Update | svzhost.exe | "Added by the FORBOT-EV WORM!"
|
| X | Microsoft Windows Update | sccvhost.exe | "Added by a variant of the SDBOT WORM!"
|
| X | Microsoft Windows Update | scrhost.exe | "Added by the RBOT-AOW WORM!"
|
| X | Microsoft Windows Update | mnswinsx.exe | "Added by the RBOT-AWH WORM!"
|
| X | MICROSOFT Windows update | pdate.exe | "Added by the RBOT.BZT WORM!"
|
| X | Microsoft Windows Update | srshost.exe | "Added by a variant of the SDBOT WORM!"
|
| X | Microsoft Windows Update | rhost32.exe | "Added by a variant of the IRCBOT TROJAN!"
|
| X | Microsoft Windows Update | windowsupdate.exe | "Added by the AGOBOT.ON WORM!"
|
| X | Microsoft Windows Update | servcs.exe | "Added by the SDBOT.AL BACKDOOR!"
|
| X | Microsoft Windows Update | syssinfos.exe | "Added by the RBOT-FWR WORM!"
|
| X | Microsoft Windows Update Application | wuap.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Windows Update Client | csrss.exe | "Added by the KEBEDE-G WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\Systems32"
|
| X | Microsoft Windows Update Client | services.exe | "Added by the AUTORUN.DVE WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
|
| X | Microsoft Windows Update Logon | win-logon.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Windows Update Service | wupdmgr32.exe | "Added by the DOS.AUTOCAT TROJAN!"
|
| X | Microsoft Windows Update Service | msnmsg.exe | "Added by a variant of the IRCBOT BACKDOOR!"
|
| X | Microsoft Windows Update x86 | [various filenames] | "Added by a variant of the RBOT WORM! Filenames seen include (but are not limited to firefox.exe |
| X | Microsoft Windows Update XP64 | ********.exe [* = random char] | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Windows Update XP64 | updatexp64.exe | "Added by the SDBOT-AIM WORM!"
|
| X | Microsoft Windows Update XP64 | Lcuninst.exe | "Added by a variant of the SDBOT WORM!"
|
| X | Microsoft Windows Update XP64 | mzhxlixm.exe | "Added by a variant of the SDBOT WORM!"
|
| X | Microsoft Windows Updater | winupdgm.exe | "Added by the GAOBOT.BI WORM!"
|
| X | Microsoft Windows Updater | WINIUPDATES.EXE | "Added by the RBOT-KK WORM!"
|
| X | Microsoft Windows Updater | WINUPDATE.EXE | "Added by the RBOT-LI WORM!"
|
| X | Microsoft Windows Updater | TMNTSrv.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Windows Updater | win32upd.exe | "Added by the RBOT-EC WORM!"
|
| X | Microsoft Windows Updater | msnupdateit.exe | "Added by the AGOBOT-RL WORM!"
|
| X | Microsoft Windows Updater | windates.exe | "Added by the SDBOT.TE WORM!"
|
| X | Microsoft Windows Updater | spoolvs.exe | "Added by the RBOT.ACQ WORM!"
|
| X | Microsoft Windows Updater | suvhost.exe | "Added by a variant of the SDBOT WORM!"
|
| X | Microsoft Windows Updater | winfix.exe | "Added by the RBOT-CM WORM!"
|
| X | Microsoft Windows updaterD | log32zx.exe | "Added by the MYDOOM.W WORM!"
|
| X | Microsoft Windows Updates | explorer32.exe | "Added by the SDBOT.VQ WORM!"
|
| X | Microsoft Windows Updates | wsap32.exe | "Added by a variant of the SDBOT WORM!"
|
| X | Microsoft Windows Updating System | msresource.exe | "Added by the RBOT-EAM WORM!"
|
| X | Microsoft Windows Workstation | devcode.exe | "Added by the RBOT-AWL WORM!"
|
| X | Microsoft Windows XP Configuration Loader | m32svco.exe | "Added by the SDBOT.WORM!.48548 WORM!"
|
| X | Microsoft Winedows Updateing | NinKey.exe | "Added by a variant of the SPYBOT WORM! See here"
|
| X | Microsoft winsupdater | WINSUPDATER.EXE | "Added by the SPYBOTER.FB BACKDOOR!"
|
| X | Microsoft WinUpdate | mntcgf032.exe | "Added by the RBOT-PF WORM!"
|
| X | Microsoft WinUpdate | svh0st.exe | "Added by the SPYBOT.DL WORM!"
|
| X | Microsoft WinUpdate | syslx32.exe | "Added by an unidentified VIRUS |
| X | Microsoft WinUpdate | syswin32.exe | "Added by the RBOT-HO WORM!"
|
| X | Microsoft WinUpdate | spfix.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft WinUpdate | Winamp61.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft WinUpdate | Winupd32.exe | "Added by the RBOT.MQ WORM!"
|
| X | Microsoft WinUpdate | WinNTinit32.exe | "Added by the RBOT.VS WORM!"
|
| X | Microsoft WinUpdate | msupdte.exe | "Added by an unidentified TROJAN! See examples here & here"
|
| X | Microsoft WinUpdates | serm32.exe | "Added by the RBOT.GE WORM!"
|
| N | Microsoft Works Update Detection | wkdetect.exe | Checks for updates to MS Works
|
| X | Microsoft WPCEmail | [path to trojan] | "Added by the SNIFFER-N TROJAN!"
|
| X | Microsoft WWW | [path to trojan] | "Added by the AGENT-DRI TROJAN!"
|
| X | Microsoft Wxdate | Syswu32.exe | "Added by the SPYBOT.HZ WORM!"
|
| X | Microsoft X Update | wuamkoppnp.exe | "Added by the RBOT-ANI WORM!"
|
| X | Microsoft--Updates | sxvhost.exe | "Added by the RBOT-FH WORM!"
|
| X | Microsoft-Update | wngard.exe | "Added by the RBOT-JV WORM!"
|
| X | Microsoft-Updates | svxhost.exe | "Added by the RBOT-CT WORM!"
|
| X | MicrosoftCorp | update.exe | "Added by the AUTORUN-ASG WORM!"
|
| X | MicrosoftCorp | wupdate.exe | "Added by the AGENT-LAY TROJAN!"
|
| X | MicrosoftKs | Drivers.bat | "Added by the SHUTDOWN-F TROJAN!"
|
| X | MicrosoftMultimediaTask | Mmtask.exe | Adware downloader - not the valid MusicMatch Jukebox which shares the same filename
|
| X | MicrosoftNAPC | update.exe | "Added by the AUTORUN-ASG WORM!"
|
| X | MicrosoftNAPC | wupdate.exe | "Added by the AGENT-LAY TROJAN!"
|
| X | Microsofts Updates | lsasss.exe | "Added by the RBOT-AEX WORM!"
|
| X | Microsofts Updatez | cmsssr.exe | "Added by an unidentified VIRUS |
| X | Microsofts Updatez | exploirez.exe | "Added by a variant of the RBOT WORM!"
|
| X | MicrosoftServiceManager | msupdat.exe | "Added by the YAHA.AA WORM!"
|
| X | MicrosoftUpdate | syshelper.exe | "Added by the WOOTBOT.AC WORM!"
|
| X | MicrosoftUpdate | WinUp32.exe | "Added by an unidentified VIRUS |
| X | MicrosoftUpdate | MicrosoftUpdate.exe | "Added by the BANKER-EHC TROJAN!"
|
| X | MicrosoftUpdate | windll.exe | "Added by the RBOT-IH WORM!"
|
| X | MicrosoftUpdate | RBuilder.exe | "Added by the DLOADR-BMV TROJAN!"
|
| X | MicrosoftUpdate | svhest.exe | "Added by the RBOT-ES WORM!"
|
| X | MicrosoftUpdate | downnew.exe | "Added by the TANTO-D TROJAN!"
|
| X | MicrosoftUpdates | [path to trojan] | "Added by the DELF-LO TROJAN!"
|
| X | MicrosoftUpdates | syshelped.exe | "Added by the FORBOT-AZ WORM!"
|
| U | MicrosoftŽ WindowsŽ Operating System | Sidebar.exe | "Windows Sidebar is a pane on the side of the Microsoft Windows Vista desktop where you can keep your gadgets organized and always available. In Windows 7 this feature is known as Desktop Gadgets and each gadget can be placed anywhere on the desktop. If the file isn't located in %ProgramFiles%\Windows Sidebar or you're using other versions of Windows it could be part of the Searchcentrix hijacker"
|
| N | MicrosoftŽ WindowsŽ Operating System | "RunDLL32.exe ehuihlp.dll | BootMediaCenter" |
| N | MicrosoftŽ WindowsŽ Operating System | p2phost.exe | "Signs a user into the People Near Me feature at login in Windows 7 and Vista. People Near Me enables you to use certain peer-to-peer (P2P) programs on a network - that ""identifies people nearby who are using computers and allows those people to send you invitations for programs such as Windows Meeting Space. They can only invite you to participate in programs that are installed on your computer."" Available via Start → Control Panel"
|
| U | MicrosoftŽ WindowsŽ Operating System | ehTray.exe | "Media Center Tray Applet - part of Windows Media Center on XP MCE |
| N | MicrosoftŽ WindowsŽ Operating System | "rundll32.exe oobefldr.dll | ShowWelcomeCenter" |
| N | MicrosoftŽ WindowsŽ Operating System | stikynot.exe | "Microsoft Sticky Notes - virtual sticky notes tool from Windows Vista. This implementation of the popular yellow ""Post-It"" tool is part of the Tablet PC features and allows you to enter either handwriting (via a pen or mouse) or record a voice note. AVailable via Start → All Programs"
|
| U | MicrosoftŽ WindowsŽ Operating System | WMPNSCFG.exe | "Network sharing tool for Windows Media Player 11 for XP & Vista. When using WMP 11 on home network you can choose to share your favorite music |
| X | Microsotufed Update 32 | windinit.exe | "Added by the RBOT-CTJ WORM!"
|
| X | Microszoft Update Mach1nezs | svchst.exe | "Added by the RBOT-ED WORM!"
|
| ? | MigrationVendorSetupCaller | "rundll32.exe migrate.dll | CallVendorSetupDlls" |
| X | minimo | [path to file] | "Added by the MOSUCK-X TROJAN!"
|
| X | Miosf Update | wimsqaad.exe | "Added by the SDBOT.AG TROJAN!"
|
| X | Mirate Sp 2 Information | miratesp2.exe | "Added by the RBOT.QH WORM!"
|
| X | Mircosoft Update | wuampkd.exe | "Added by a variant of the SDBOT WORM!"
|
| X | MistikotitaTuIpologisti | GDC.exe | "MistikotitaTuIpologisti Greek rogue privacy tool - not recommended. A member of the PCPrivacyTool family"
|
| X | ml34 | [path to trojan] | "Added by the MAILBOT-BH TROJAN!"
|
| N | Mobile Connectivity Suite | Application Launcher.exe | "System Tray access to the HTC Sync mobile phone management utility for models including the Hero |
| U | Mobipocket Reader Notifications | readernotify.exe | "Part of Mobipocket Reader - ""Store all your eBooks |
| X | Modem | locatesvc.exe | "Added by a variant of the SPYBOT WORM!"
|
| X | Modem Driverz Updates | mdmdrv.exe | "Added by a variant of the SDBOT WORM!"
|
| X | Modifiet Amateur HTPB | wuaclt.exe | "Added by the IRCBOT.AYS WORM!"
|
| N | MoneyStartUp10.0 | Activation.exe | Part of MS Money 2002. Available via Start -> Programs
|
| X | Monitor calibration | AV1i.exe | "Anti-Virus-1 rogue security software - not recommended |
| X | Motherboard Config | Ati2xxx.exe | "Added by the RBOT-AIK WORM!"
|
| X | MouseDrv | [path to worm] | "Added by the ZOLOAD-B WORM!"
|
| X | MouseDrv | update.exe | "Added by the ZOTOB.N WORM!"
|
| X | MoussaEvil | [path to file] | "Added by the MUSANUB-A WORM!"
|
| X | Mozilla Firebird v0.8 Internet Browser | netstats.exe | "Added by the IRCBOT.MC TROJAN!"
|
| U | Mozy Status | mozystat.exe | "Mozy - free backup at a secure |
| X | Mp3 Loader | Sysdata.EXE | "Added by the AVETTE-A VIRUS!"
|
| X | MPatrolPRO | MPatrolPRO.exe | "MalwarePatrol Pro rogue security software - not recommended |
| U | MP_STATUS_MONITOR | monitr32.exe | Cannon Multi-Pass status monitor - your choice
|
| X | Ms Builders | Wupated.exe | "Added by the AGOBOT-SS WORM!"
|
| X | MS Configuration | MSFramer.exe | "Added by the RANDEX.OL WORM!"
|
| X | Ms Configuration | microsoftsa32.exe | "Added by the KELVIR.X WORM!"
|
| X | MS Configuration Utility | msconfig32.exe | "Added by the WOOTBOT.DY WORM!"
|
| X | MS DATABASE | MSDATA32.EXE | "Added by a variant of the SDBOT WORM!"
|
| X | MS HTML | mslat.exe | "Added by the LATINUS.SVR TROJAN!"
|
| X | MS HTML Location Class | MSHTML32.exe | "Added by the RBOT-YD WORM!"
|
| X | Ms Java Update For Windows NT/XP | msijavaupdt32.exe | "Added by the RANDEX.AF WORM!"
|
| X | MS Security Update 993 | msident.exe | "Added by a variant of the SDBOT WORM!"
|
| X | MS UniX | navupdate64.exe | "Added by the RBOT.CRZ BACKDOOR!"
|
| X | MS Unix Binary | msnupdate.exe | "Added by the RBOT-AAM WORM!"
|
| X | MS Unix Binary | outlookexpressupdate.exe | "Added by the RBOT-YU WORM!"
|
| X | MS Unix Binary | Win32Update.exe | "Added by the RBOT-BAS WORM!"
|
| X | MS Unix Binary | Norton2005Update.exe | "Added by a variant of the RBOT WORM!"
|
| X | MS Unix Binary | trmupdate.exe | "Added by the RBOT-ACC WORM!"
|
| X | MS Update | syshost.exe | "Added by the EVAMAN-F WORM!"
|
| X | Ms Update WinServices NT/XP | winservnt32.exe | "Added by the VANEBOT-G WORM!"
|
| X | MS UPDATER | update.exe | "Added by the RBOT-VC WORM!"
|
| X | MS Updates | mscache.exe | Spyware web downloader
|
| X | MS Updates | syshosts.exe | "Added by the MYDOOM.Y WORM!"
|
| X | MS Updates | aupd.exe | Spyware web downloader
|
| X | MS Updating Utility | msupdater.exe | "Added by the RBOT-XR WORM!"
|
| X | ms window update | ******.exe [* = random character] | "Added by a variant of the RBOT WORM!"
|
| X | MS windows Data list process | MSDATLST.exe | Added by an unidentified WORM or TROJAN!
|
| X | MS Windows Security Updater | updater.pif | "Added by the RBOT-AKY WORM!"
|
| X | MS Windows Update | scguard.exe | "Added by the RBOT-YZ WORM!"
|
| X | MS-patch | msconfig32.exe | "Added by the RBOT-AUF WORM!"
|
| X | MS-patch | mspatch32.exe | "Added by the RBOT-AWF TROJAN!"
|
| X | msbsc | [path to trojan] | "Added by the BANKER-DF TROJAN!"
|
| X | msconfig | msconfig.bat | "Added by the PAHATIA.B WORM!"
|
| X | MSConfig Manager | msupdate.exe | "CoolWebSearch parasite variant"
|
| X | msconfig service | MSupdate32.exe | "Added by a variant of the SPYBOT WORM!"
|
| X | msconfigurator | ctfsdk.exe | "Added by the DELF-ALS TROJAN!"
|
| ? | MSCRMStartup | Microsoft.Crm.Application.Hoster.exe | "Related to Microsoft Dynamics CRM integrated solutions for Financial |
| X | MSDatabla | vadasq.exe | "Added by the LIOTEN.IK WORM!"
|
| X | msdir32 | msdir32.bat | "Added by the ROOKIE-A TROJAN!"
|
| X | MSDNMess | [path to trojan] | "Added by the RANKY.BA TROJAN!"
|
| X | MsgApi | [path to file] | "Added by the DEDLER-D TROJAN! The most common filenames seen are ""csmss.exe"" and ""csmrs.exe"" |
| X | Msgmgr | [path to worm] | "Added by the BABYBEAR WORM!"
|
| X | MSI Configuration | msiconf.exe | "Added by the AGENT.AKSZ TROJAN!"
|
| ? | MSLIB32 | mswatch32.exe | "??"
|
| X | msliveupdate | msliveupdate.exe | "Added by the AGOBOT.ALT WORM!"
|
| X | msmsgss | [path to trojan] | "Added by the RANKY.G BACKDOOR!"
|
| X | MSN | netstats.exe | "Added by the IRCBOT.UXP WORM!"
|
| X | MSN Administration For Windows | msnadp32.exe | "Added by the BROPIA.W WORM!"
|
| X | MSN Auto-Updater | msnaupdater.exe | "Added by a variant of the IRCBOT BACKDOOR!"
|
| X | MSN Auto-Updater | msnupdates.exe | "Added by the AUTORUN.WORM.GEN WORM!"
|
| X | MSN Communication Manager | msncommgr.exe | "Added by an unidentified WORM or TROJAN! See here"
|
| X | MSN Configuration | msnconfig.exe | "Added by a variant of the IRCBOT TROJAN!"
|
| X | Msn Configuration Loader | msngms.exe | "Added by the KELVIR.T WORM!"
|
| X | MSN Configuration Loader | msmsncfg.exe | "Added by the AGOBOT-KX BACKDOOR!"
|
| X | MSN Database Client | msndbcli.exe | "Added by an unidentified WORM or TROJAN! See here"
|
| X | MSN File Configuration | msnfilecfg.exe | "Added by a variant of the IRCBOT BACKDOOR!"
|
| X | MSN Message Background loader | [path to worm] | "Added by the RBOT-AIE WORM!"
|
| X | Msn Messenger Update | msnupdate.exe | "Added by a variant of the RBOT WORM!"
|
| X | Msn Messenger update | msnservice.exe | "Added by a variant of the IRCBOT BACKDOOR!"
|
| X | Msn Patch | msndp.exe | "Added by the RBOT.AAI WORM!"
|
| X | Msn Patches | msndr.exe | "Added by a variant of the SDBOT WORM!"
|
| X | Msn Plus Updater | msnplus.exe | "Added by the RBOT-MU WORM!"
|
| X | Msn Service | matrixcam.exe | "Added by the MYTOB.JH WORM!"
|
| X | MSN Service Updates | winproc.exe | "Added by the KELVIR-BB WORM!"
|
| X | MSN Update | mscon.exe | "Added by the RBOT-QA WORM!"
|
| X | MSN Update | msn32.exe | "Added by the RBOT.AHN WORM!"
|
| X | MSN Update | DLLCON.EXE | "Added by the RBOT-EA WORM!"
|
| X | MSN Update Cfg | msnupdbt.exe | "Added by an unidentified WORM or TROJAN! See here"
|
| X | MSN Update Client | msnupdater.exe | "Added by a variant of the IRCBOT BACKDOOR!"
|
| X | MSN Update Client | msnupdcli.exe | "Added by a variant of the IRCBOT BACKDOOR!"
|
| X | Msn Update Manager (Sp2) | MSMSGS.EXE | "Added by the AGOBOT-NL WORM! Note - this particular msmsgs.exe file is located in %System% and should not be mistaken for the MSN Messenger file of the same name which is located in %Program Files%\Messenger"
|
| X | Msn Update Service | userx.exe | "Added by the MYTOB.JF WORM!"
|
| X | MSN Update Service | msnupdsv.exe | "Added by a variant of the IRCBOT BACKDOOR! See here"
|
| X | Msn Update SUPPORT | [random filename] | "Added by the RBOT-BPS WORM!"
|
| X | MSN Updater | msnms.exe | "Added by the FORBOT-CG WORM!"
|
| X | Msn Updater | msnplugins.exe | "Added by the RBOT-HS WORM!"
|
| X | Msn Updater | windatemanager.exe | "Added by the SDBOT.TS WORM!"
|
| X | MSN UPDATERS | virtualmemory.exe | "Added by the RBOT-JK WORM!"
|
| X | MSN Updating | msnupdate.exe | "Added by the QHOST.AEI TROJAN!"
|
| X | msn upddate | mesenger.exe | "Added by the RBOT-AVZ WORM!"
|
| X | MSN6.1 Auto-Updater | v6msn.exe | "Added by the AUTORUN-MM WORM!"
|
| X | Msnarrator | msnarrator.exe | "Added by the NARAT.A TROJAN! - also identified as MPGCOM Toolbar adware"
|
| X | MSNMSGRE | swef.bat | IRC backdoor TROJAN or WORM!
|
| X | MSNMSGRR | swin.bat | IRC backdoor TROJAN or WORM!
|
| X | MSNMSGRS | swe.bat | IRC worm or backdoor trojan!
|
| X | MSNMSGRS | swiss.bat | IRC worm or backdoor trojan!
|
| X | MSNMSGRS1 | swed.bat | IRC backdoor TROJAN or WORM!
|
| X | msnmsgy | [path to file] | "Added by the BANKER-EQ TROJAN!"
|
| X | MSNPluginSrvcs | sagate.exe | "Added by the SDBOT.AKJ WORM!"
|
| X | msoft-updater23 | mssysstems.exe | "Added by the RBOT-ATU WORM!"
|
| X | msoft-updater23 | slssystem.exe | "Added by the RBOT-ASR WORM!"
|
| X | MSOleath32 | winss.exe | "Added by the KATHER TROJAN!"
|
| X | msoupdater | msoupdater.exe | "Added by the DLOADER.GBD TROJAN!"
|
| X | Mspatch69 | [path to trojan] | "Added by the MPROX TROJAN!"
|
| X | Mspatch89 | cnqmax.exe | "Added by the RANDEX.P WORM!"
|
| X | MSPP System Update 64 | wiaadmgr.exe | "Detected by Kaspersky as the RANKY.GEN TROJAN!"
|
| X | MSPRO32 | [path to worm] | "Added by the IBERIO WORM!"
|
| X | msresear | [path to trojan] | "Added by the WEASYW-B TROJAN!"
|
| X | MSSGisg | [path to file] | "Added by the RANKY.N TROJAN!"
|
| X | mssonfig | winupdate.exe | "Added by a variant of the SDBOT WORM!"
|
| X | mssvc | [path to trojan] | "Added by the PSK TROJAN!"
|
| X | MSUpdate | wupd.exe | "Added by the ALADINZ.M TROJAN!"
|
| X | MSUpdate | svchosthlp.exe | "Added by the BLASTER.T WORM!"
|
| X | msupdate | msupdate.exe | "Added by the RBOT-MZ WORM!"
|
| X | MSUpdate | criticalUpdate.exe | "Affilred adware"
|
| X | msupdate | update.exe | "Added by a variant of the SDBOT WORM!"
|
| X | Msupdate | expIorer.exe | "Added by the TACTSLAY.A TROJAN!"
|
| X | Msupdate | outIook.exe | "Added by the TACTSLAY.A TROJAN!"
|
| X | Msupdate | svchosts.exe | "Added by a variant of the TACTSLAY TROJAN!"
|
| X | Msupdate | svcrhost.exe | "Added by the TACTSLAY.A TROJAN!"
|
| X | Msupdate | svcshost.exe | "Added by the TACTSLAY.A TROJAN!"
|
| X | MSupdate.exe | N/A | "CoolWebSearch parasite variant - resets home page to an adult content site"
|
| X | MSUpdateDevKit | axfd.exe | "Added by the SDBOT-ZD WORM!"
|
| X | msupdater | msupdater.exe | "Added by a variant of the Storm/Nuwar/Zhelatin WORM! See here for an example"
|
| X | MsUpdater System | udpsys32.exe | "Added by the RBOT.AAA WORM!"
|
| X | MSupdater.exe | N/A | "CoolWebSearch parasite variant. Installs the Winshow.dll browser plugin"
|
| X | msupdater25 | lsasser.exe | "Added by the RBOT-ATS WORM!"
|
| X | msupdates | msupdt.exe | "Added by the RBOT-JO WORM!"
|
| X | MSVersion | INTERNETFEATURES.exe | "Added by the POPMON.A TROJAN! - also known as PopMonster adware"
|
| X | msvupdater | msvupdater.exe | "Added by a variant of the Storm/Nuwar/Zhelatin WORM! See here for an example"
|
| X | MsWindows SysDate | sysmsvc.exe | "Added by the SPYBOT.FCD WORM!"
|
| X | MSWindowsUpdate | Systern.exe | "Added by the RBOT-AFD WORM!"
|
| X | MSWindowsUpdate | mswinup.exe | "Added by a variant of the SDBOT WORM!"
|
| X | MSWinupdate | winupdate.exe | "Added by the DLOADR-AAW TROJAN!"
|
| X | MSWTL32 | MSATL32.exe | "Added by an unidentified WORM or TROJAN! See here"
|
| X | MSWUpdate | [path to worm] | "Added by the SILLYFD-V WORM! The most common filename is lsass.exe but it not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup!"
|
| X | MSxmlHpr | "RUNDLL32.EXE [path] msxm192z.dll | w" |
| X | MS_Update Check | wdfmgr.exe | "Added by the AGOBOT-TB WORM!"
|
| X | MS_update_0704_KB74073.exe | MS_update_0704_KB74073.exe | "Added by a variant of the UPDATEKB TROJAN!"
|
| X | Multimedia extensions | [path to trojan] | "Added by the SMUTSRCH-A TROJAN!"
|
| X | mxb2 | [path to worm] | "Added by the IXBOT-G WORM!"
|
| X | MyFastAccess | myfastupdate.exe | My-Fast-Access toolbar updater
|
| U | myNetWatchman | nwclient.exe | "Sends your firewall alerts to a website |
| U | MytekSystrayExePath | MyTekSystray.exe | "MyTek system tray - web site providing computer tech support in Australia"
|
| X | MyWebSearch Plugin | "rundll32 [path] M3PLUGIN.DLL | UPF" |
| X | napv.exe | wupdate.exe | "Added by the AGOBOT-JX BACKDOOR!"
|
| X | Narrator | ******.exe [* = random char] | "Added by the QOOLOGIC TROJAN!"
|
| U | Narrator | Narrator.exe | Associated with the Narrator accessibility feature on Windows XP. It is used to convert text to speech
|
| X | Natal | Natal.scr | "Added by the OPASERV.AE WORM!"
|
| X | NAV Auto Update | [random filename] | "Added by the SPYBOT-E WORM!"
|
| X | NAV Auto Update | iamsad.exe | "Added by the SPYBOT-CE BACKDOOR!"
|
| X | NAV Auto Update | Sadness.exe | "Added by the SPYBOT-E WORM!"
|
| X | NAV Auto Updates | csrssp.exe | "Added by a variant of the SDBOT WORM!"
|
| X | NAV Auto Updates | navwindows.exe | "Added by a variant of the SDBOT WORM!"
|
| X | NAV Auto Updates | slserves.exe | "Added by the RBOT.COI BACKDOOR!"
|
| X | NAV Auto Updates | navupdaterx.exe | "Added by a variant of the RBOT WORM!"
|
| N | NAV Configuration Wizard | cfgwiz.exe | "Introduced with Norton Anti-Virus 2002 |
| X | NAV Live Update | [path to worm] | "Added by the DEBORMS.C WORM! Note - this is not a valid Norton Anti-Virus (NAV) function from Symantec"
|
| X | Navegate | iiexplorer.exe | "Added by the BANCBAN-OP TROJAN!"
|
| X | Navegate | wisterd.exe | "Added by the BANKER-BOS TROJAN!"
|
| X | NAVWatch | NAVWatcher.exe | "VX2.Transponder parasite updater/installer related"
|
| X | NAV_Update | NAV_Update.exe | Unidentified WORM or TROJAN!
|
| N | NB Windows Patterns | WINDBKGND.EXE | "Part of McAfee Nuts & Bolts. With Background Patterns |
| X | NBT System alias | [path] repcale.exe [path] beird.exe | "Added by a variant of the RANDON.AN WORM!"
|
| X | Ndpldaemon | [path to trojan] | "Added by the RPCSDBOT-A TROJAN!"
|
| X | Ndtstat | Ndtstat.exe | Added by a variant of the BANLOAD family of TROJANS!
|
| X | Negative | spain.exe | "Added by the BANKER-EXJ TROJAN!"
|
| X | Nero Updater.6.12 | wmp9.exe | "Added by the AGOBOT-AAG WORM!"
|
| X | NeroUpdate Check | msjava.exe | "Added by the AGOBOT.AMH WORM!"
|
| X | NeroUpdater6.8 | winjava.exe | "Added by the AGOBOT.AMK WORM!"
|
| U | Net Accelerator | NetAccelerator.exe | "Rizal NetAccelerator - ""Optimizing Dial-Up |
| X | NET Bios Stats | ntbstats.exe | "Added by the SDBOT-ZX WORM!"
|
| U | NetAccelerator | NetAccel.exe | "NetAccelerator is a "software utility that optimizes your internet access up to 1200% faster!. NetAccelerator speeds all modems allowing you to download faster |
| U | NetAssistant | matcli.exe | """matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address |
| ? | netfxupdate | netfxupdate.exe | "Would appear to be a valid Microsoft .NET file (see here) but other sources suggest it could be a trojan"
|
| ? | NetFxUpdate_v1.0.3705 | netfxupdate.exe | "Would appear to be a valid Microsoft .NET file (see here) but other sources suggest it could be a trojan"
|
| X | nethost.exe | [path to file] | "Added by the PERDA-J TROJAN!"
|
| U | NetManageImport | nmcpdata.exe | "NetManage business software related"
|
| U | NetPatrol | winclient.exe | "NetPatrol network monitoring software"
|
| N | NetStat Live | Nsl.exe | "AnalogX NetStat Live - TCP/IP protocol monitor which can be used to see your exact throughput on both incoming and outgoing data"
|
| X | Nettordinateur | GDC.exe | "Nettordinateur rogue privacy tool - not recommended. A member of the PCPrivacyTool family"
|
| X | netupdate32 | netupdate32.exe | "Added by the RBOT-GQZ WORM!"
|
| X | NetWatch32 | netwatch.exe | "Added by the MIMAIL.C WORM!"
|
| X | Network Administration | NAS.exe | "Added by the ANTILAM.20.Q TROJAN!"
|
| X | Network Administration Service | rsvc32.exe | "Added by the RBOT.ABH WORM!"
|
| U | Network Associates Error Reporting Service | TBMon.exe | Network Associates Error Reporting Tool - tool traps errors and requests submission to NAI for the purpose of betatesting new software
|
| X | Network Connections | internat.exe | "Added by the VB-ZD TROJAN!"
|
| X | Network Host Controller | [path to trojan] | "Added by the WHISPER TROJAN!"
|
| X | Network Security Guard | [path to trojan] | "Added by the COLEM-A TROJAN!"
|
| X | Network Translation System Service | ntss.exe | "Added by the UNPDOOR TROJAN!"
|
| X | NetworkAssociates Inc | internet.exe | "Added by the LOVGATE.AB WORM!"
|
| X | Networks Configurator | NetConfs.exe | "Added by the RBOT-OX WORM!"
|
| X | New.net Startup | "rundll32 [path] NEWDOT~1.DLL | ClientStartup" |
| X | New.net Startup | "rundll32 [path] NEWDOT~1.DLL | NewDotNetStartup" |
| X | New.net Startup | "rundll32 [path] NEWDOT~2.DLL | ClientStartup" |
| X | New.net Startup | "rundll32 [path] NEWDOT~2.DLL | NewDotNetStartup" |
| X | newname | [path to trojan] | "Added by the DRSMARTL-S TROJAN!"
|
| X | NI.ERS_9999_N91S3108 | [path to file] | "Installer for the ErrorSafe rogue system error and cleaning utility - see here"
|
| X | NI.GA6PU_0001_N108E1308 | [path to file] | "Installer for the VirusSchlacht German rogue security software - see here"
|
| X | NI.GA6PU_0001_N120C2910 | [path to file] | "Installer for the VirusSchlacht German rogue security software - see here"
|
| X | NI.GA6P_0001_N105E2704 | [path to file] | "Installer for the AVSystemCare rogue security software - see here"
|
| X | NI.GA6P_0001_N108E1606 | [path to file] | "Installer for the BestsellerAntivirus rogue security software - see here"
|
| X | NI.GA6P_0001_N111C1707 | [path to file] | "Installer for the AVSystemCare rogue security software - see here"
|
| X | NI.GA6P_0001_N115C0110 | [path to file] | "Installer for the AVSystemCare rogue security software - see here"
|
| X | NI.GA6P_0001_N115E0110 | [path to file] | "Installer for the AVSystemCare rogue security software - see here"
|
| X | NI.GA6P_0001_N122C0611 | [path to file] | "Installer for the AVSystemCare rogue security software - see here"
|
| X | NI.GA6P_0001_N122C2210 | [path to file] | "Installer for the AVSystemCare rogue security software - see here"
|
| X | NI.GA6P_0001_N122C2802 | [path to file] | "Installer for the AVSystemCare rogue security software - see here"
|
| X | NI.GA6P_0001_N122E0611 | [path to file] | "Installer for the AVSystemCare rogue security software - see here"
|
| X | NI.GA6P_2001_N108E1606 | [path to file] | "Installer for the BestsellerAntivirus rogue security software - see here"
|
| X | NI.GDCDE_0001_N122C1912 | [path to file] | "Installer for the FestplattenReiniger German rogue privacy tool - see here"
|
| X | NI.GDC_0001_N111C1909 | [path to file] | "Installer for the PCPrivacyTool rogue privacy tool - see here"
|
| X | NI.GDC_0001_N122C1912 | [path to file] | "Installer for the PCPrivacyTool rogue privacy tool - see here"
|
| X | NI.GES_0001_N122C2610 | [path to file] | "Installer for the ErrClean rogue system error and cleaning utility - see here"
|
| X | NI.UAVIFR_0001_N105M2404 | [path to file] | "Installer for the VirusGarde French rogue security software - see here"
|
| X | NI.UERSM_0001_N68M1602 | [path to file] | "Installer for the ErrorSafe rogue system error and cleaning utility - see here"
|
| X | NI.UGA6P | [path to file] | "Installer for the BestsellerAntivirus rogue security software - see here"
|
| X | NI.UGA6PH_0001_N122M2910 | [path to file] | "Installer for the AntiVirusAskeladd rogue security software - see here"
|
| X | NI.UGA6PK_0001_N122M1302 | [path to file] | "Installer for the VirusForsvar Danish rogue security software - see here"
|
| X | NI.UGA6PL_0001_N108M2808 | [path to file] | "Installer for the VirusSchlacht Swedish rogue security software - see here"
|
| X | NI.UGA6PL_0001_N120M1302 | [path to file] | "Installer for the VirusSchlacht Swedish rogue security software - see here"
|
| X | NI.UGA6PM_0001_N108M2108 | [path to file] | "Installer for the AntivirusScherm Dutch rogue security software - see here"
|
| X | NI.UGA6PM_0001_N122M1202 | [path to file] | "Installer for the AntivirusScherm Dutch rogue security software - see here"
|
| X | NI.UGA6PM_0001_N122M3010 | [path to file] | "Installer for the AntivirusScherm Dutch rogue security software - see here"
|
| X | NI.UGA6PT_0001_N108M2208 | [path to file] | "Installer for the VirusDifesa Italian rogue security software - see here"
|
| X | NI.UGA6PT_0001_N122M1202 | [path to file] | "Installer for the VirusDifesa Italian rogue security software - see here"
|
| X | NI.UGA6PT_0001_N122M2910 | [path to file] | "Installer for the VirusDifesa Italian rogue security software - see here"
|
| X | NI.UGA6PU_0001_N108M1308 | [path to file] | "Installer for the VirusSchlacht German rogue security software - see here"
|
| X | NI.UGA6PU_0001_N120M1202 | [path to file] | "Installer for the VirusSchlacht German rogue security software - see here"
|
| X | NI.UGA6PU_0001_N120M2910 | [path to file] | "Installer for the VirusSchlacht German rogue secu |
