| X | LiveUpdate32 | services.exe | "Added by the VB.BAU BACKDOOR! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\isas"
|
| X | Livre | Dibane.bat | "Added by the BANEDI VIRUS!"
|
| X | lk3h1 | [path to file] | "Added by the MOSUCK-G TROJAN!"
|
| N | LM Status | LMSTATUS.EXE | Xerox WorkCenter XE - language monitor status application
|
| N | LMSTATUS | LMSTATUS.EXE | Xerox WorkCenter XE - language monitor status application
|
| X | lnternet Update | lExplore.exe | "Added by the RBOT-GRH WORM! Note - the executable is spelt with a lower case ""L"" rather than an lower or upper case ""i"" which is the case with Internet Explorer"
|
| X | load | [path to worm] | "Added by the KELVIR.AI WORM!"
|
| X | load | Internat.exe | "Added by the WOWCRAFT TROJAN!"
|
| X | load | KHATRA.exe | "Added by the ORBINA-A WORM!"
|
| U | load= | asistat.exe | Status monitor for an NEC SuperScript printer
|
| X | load= | msater.exe | "Added by the RETSAM TROJAN!"
|
| ? | Load= | wtfeat.exe | "Associated with the Wintab Digitizer"
|
| X | loaddr | [path to trojan] | "Added by the AGENT-DIY TROJAN!"
|
| X | LoadOrderVerification | [random filename] | "Added by the TRON.A TROJAN!"
|
| ? | LoadWatcher | Test.exe | "Reportedly part of a webcam surveillance program that's supposed to test SMTP dialling in the event of an alert? Is this correct?"
|
| X | LoadWatcher | watcher.exe | "Watcher spyware"
|
| X | Local Service | Intenat.exe | "Added by the NUCLEAR-J TROJAN!"
|
| X | Locator Service | [filename] | "Added by the AGOBOT-KY TROJAN!"
|
| X | login | [path to trojan] | "Added by the HOTWORD-A TROJAN!"
|
| X | Login Service | [path to file] | "Added by the MIGMAF TROJAN!"
|
| Y | Logitech | Communications_Helper.exe | "Entry added when you install versions of the Logitech QuickCam webcam software. Used to interface your webcam with third party chat and voice programs such as instant messaging clients and Skype. Also |
| N | Logitech . Product Registration | eReg.exe | "Registration reminder from Leader Technologies for Logitech software such as SetPoint for their range of wired and wireless keyboards and pointing devices (mice |
| Y | LogitechCommunicationsManager | Communications_Helper.exe | "Entry added when you install versions of the Logitech QuickCam webcam software. Used to interface your webcam with third party chat and voice programs such as instant messaging clients and Skype. Also |
| Y | LogitechRegisterVideoApplications | InstallHelper.exe | Entry added when you install versions of the Logitech QuickCam webcam software and used to register video applications that can use the webcam on the first reboot after installing the software
|
| N | LogitechSoftwareUpdate | ManifestEngine.exe | "Automatic updater for versions of Logitech QuickCam webcam software. Check for updates via the System Tray icon - see the LogitechVideoTray entry"
|
| X | Logo | [path to trojan] | "Added by the DLOADER-RH TROJAN!"
|
| X | LogonAdministrator | imoet.exe | "Added by the RAHIWI.A WORM!"
|
| X | LogonAdministrator | CSRSS.EXE | "Added by the KORRON.B WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in Documents and Settings\<User>\Local Settings\Application Data\WINDOWS"
|
| U | LogWatch | logwat95.exe | Licensing patch for products installed on NT by Computer Associates such as eTrust. Detects and updates old versions of lic98.dll. Not required if you already have a newer version or the patch has been applied
|
| N | LowRateVoip | LowRateVoip.exe | "LowRateVoip - free internet telephony utility using the VoIP (Voice over Internet Protocol). Call online friends for free and regular phones either for free (limited use) or low rates. One of a number provided by Betamax - the others generally have different rate plans. Similar to the more popular Skype"
|
| X | lsass | start.bat | "Added by the ZCREW TROJAN!"
|
| X | lsass | [path to lsass.exe] | "Added by the ALADINZ.F TROJAN! Note - this is not the legitimate lasss.exe process which should NOT appear in Msconfig/Startup!"
|
| X | LsasS | Sygate.exe | "Added by the SDBOT.BCA WORM!"
|
| X | lsass2k Update | lsass2k.exe | "Added by a variant of the RBOT WORM!"
|
| Y | lsburnwatcher | lsburnwatcher.exe | "HP software which helps one create labels after a music CD is burned using LightScribe discs. If you want to use LightScribe labeling |
| Y | LSBWatcher | lsburnwatcher.exe | "HP software which helps one create labels after a music CD is burned using LightScribe discs. If you want to use LightScribe labeling |
| X | LTM2 | winupdate.exe | "Added by the LITMUS.203 TROJAN!"
|
| X | ltwob | formatsys.exe | "Added by the SERFLOG.A WORM!"
|
| Y | LXBSCATS | "rundll32 [path] LXBStime.dll | _RunDLLEntry@16" |
| Y | LXBTCATS | "rundll32 [path] LXBTtime.dll | _RunDLLEntry@16" |
| Y | LXBUCATS | "rundll32 [path] LXBUtime.dll | _RunDLLEntry@16" |
| Y | LXBXCATS | "rundll32 [path] LXBXtime.dll | _RunDLLEntry@16" |
| Y | LXBYCATS | "rundll32 [path] LXBYtime.dll | _RunDLLEntry@16" |
| Y | LXCCCATS | "rundll32 [path] LXCCtime.dll | _RunDLLEntry@16" |
| U | LXCDCATS | "rundll32 [path] LXCDtime.dll | _RunDLLEntry@16" |
| Y | LXCECATS | "rundll32 [path] LXCEtime.dll | _RunDLLEntry@16" |
| Y | LXCFCATS | "rundll32 [path] LXCFtime.dll | _RunDLLEntry@16" |
| Y | LXCGCATS | "rundll32 [path] LXCGtime.dll | _RunDLLEntry@16" |
| Y | LXCJCATS | "rundll32 [path] LXCJtime.dll | _RunDLLEntry@16" |
| Y | LXCQCATS | "rundll32 [path] LXCQtime.dll | _RunDLLEntry@16" |
| Y | LXCRCATS | "rundll32 [path] LXCRtime.dll | _RunDLLEntry@16" |
| Y | LXCTCATS | "rundll32 [path] LXCTtime.dll | _RunDLLEntry@16" |
| Y | LXCYCATS | "rundll32 [path] LXCYtime.dll | _RunDLLEntry@16" |
| Y | LXDBCATS | "rundll32 [path] LXDBtime.dll | _RunDLLEntry@16" |
| Y | LXDCCATS | "rundll32 [path] LXDCtime.dll | _RunDLLEntry@16" |
| Y | LXDDCATS | "rundll32 [path] LXDDtime.dll | _RunDLLEntry@16" |
| Y | LXDICATS | "rundll32 [path] LXDItime.dll | _RunDLLEntry@16" |
| U | LXDJCATS | "rundll32 [path] LXDJtime.dll | _RunDLLEntry@16" |
| X | LzioMediaUpdater | LzioMediaUpdater.exe | "LZIO.com adware downloader"
|
| X | M1cr0s0ft Upd4t4zS | update32.exe | "Added by the RBOT-MI WORM!"
|
| U | MacDrive application | MacDrive.exe | "MacDrive 7 from Mediafour Corporation - ""enables anyone using Windows Vista |
| ? | MacDrive7.0.4TimeOutPatch | TimeOutPatch.EXE | "Part of MacDrive 7 from Mediafour Corporation - ""enables anyone using Windows Vista |
| X | Macfee Security Patch | Mpfsheild.exe | "Added by the RBOT-NP WORM!"
|
| X | Machine Update Soft | wusas.exe | Added by an unidfentified WORM!
|
| X | Macromedia Critical Updater | rarww.exe | "Added by a variant of the RBOT WORM!"
|
| X | Macromedia Flash Update | scvhost.exe | "Added by a variant of the RBOT WORM!"
|
| N | Macrovision Update Service | issch.exe | "InstallShield is used by a number of software producers to install their programs and manage software updates. This entry runs scheduled searches for and performs any updates to supported installed software so you're always working with the most current version. Manually check for software updates for installed programs on a regular basis"
|
| N | Macrovision Update Service | ISUSPM.exe | "InstallShield is used by a number of software producers to install their programs and manage software updates. This entry searches for and performs any updates to supported installed software so you're always working with the most current version. Manually check for software updates for installed programs on a regular basis"
|
| U | MagicFormation | MagicFormation.exe | "MagicFormation from Tokyo Downstairs - a docking program that allows you to group icons in a ring anywhere on the desktop using mouse gestures to access things like My Documents |
| U | MagicFormation.exe | MagicFormation.exe | "MagicFormation from Tokyo Downstairs - a docking program that allows you to group icons in a ring anywhere on the desktop using mouse gestures to access things like My Documents |
| X | MailBlocker | [path to trojan] | "Added by the AGENT-LRJ TROJAN!"
|
| Y | MailScan Dispatcher | Launch.exe | "MicroWorld MailScan Dispatcher splits each e-mail message into various components such as the header |
| X | Malware Catcher 2009 | MCatcher.exe | "Malware Catcher 2009 rogue security software - not recommended |
| X | Mascro soft SDK updates2 | SDKrepair2.exe | "Added by the SDBOT.BXM WORM!"
|
| X | Master Card Updaate 32 | Mastercard32.exe | "Added by a variant of the RBOT WORM!"
|
| U | Matador | mlfbuddy.exe | "MailFrontier - anti-spam application"
|
| U | Matador | mantispm.exe | "MailFrontier Desktop (Matador) email spam blocker software"
|
| U | Matrix Screen Locker | matrix.exe | "Matrix Screen Locker is a system tray application that allows for quick and secure PC lock when you wish. The screen does a ""matrix style"" scrolling characters effect when the lock is running"
|
| X | MatrixScreen | [filename] | "Added by the MATRIXSCREEN TROJAN!"
|
| X | MatrixScreenSaver | mss.exe | Unidentified malware
|
| N | Matrox Color Control | hgcctl95.exe | For Matrox video cards. Quick access to changing colors
|
| N | Matrox Control Center | mgactrl.exe | For Matrox video cards. Quick access to settings
|
| N | Matrox Diagnostic | mgadiag.exe | For Matrox video cards. Quick access to diagnostics
|
| N | Matrox Powerdesk | PDesk.exe | """Matrox PowerDesk software provides extra multi-display desktop management controls"""
|
| N | Matrox PowerDesk 8 | matrox.powerdesk.exe | """Matrox PowerDesk software provides extra multi-display desktop management controls"""
|
| N | Matrox PowerDesk SE | Matrox.PowerDesk SE.exe | "Matrox PowerDesk SE - multi-display desktop management controls"
|
| N | Matrox QuickDesk | mgaqdesk.exe | For Matrox video cards. Quick access to tweak your card to your liking
|
| X | Mcafee Antivirus Monitoring System326 | VSStatmn326.exe | "Added by a variant of the SDBOT WORM!"
|
| X | Mcafee Antivirus Monitoring System32mn | VSStatmn32.exe | "Added by a variant of the RBOT WORM!"
|
| Y | McAfee Application Installer | mcappins.exe | Used by older versions of McAfee internet security related products to clean up installation files that are no longer required once the product is installed. This entry will normally only appear once the product has been installed before the system is rebooted
|
| U | McAfee Backup | McAfeeDataBackup.exe | "McAfee Online Backup (formerly Data Backup) - ""takes the hassle out of manually backing up all of your valuable digital files - from Microsoft Outlook email and contacts to treasured family photos"". Available as a stand-alone product or included in Internet Security and Total Protection"
|
| U | McAfee Backup and Restore | McAfeeDataBackup.exe | "McAfee Online Backup (formerly Data Backup) - ""takes the hassle out of manually backing up all of your valuable digital files - from Microsoft Outlook email and contacts to treasured family photos"". Available as a stand-alone product or included in Internet Security and Total Protection"
|
| U | McAfee Data Backup | LogOnHook.exe | "Part of McAfee Data Backup (now Online Backup) - which ""takes the hassle out of manually backing up all of your valuable digital files - from Microsoft Outlook email and contacts to treasured family photos"". Available as a stand-alone product or included in Internet Security and Total Protection. The exact purpose of this entry is unknown at present but it unloads after startup"
|
| U | McAfee Data Backup | McAfeeDataBackup.exe | "McAfee Data Backup (now Online Backup) - ""takes the hassle out of manually backing up all of your valuable digital files - from Microsoft Outlook email and contacts to treasured family photos"". Available as a stand-alone product or included in Internet Security and Total Protection"
|
| U | McAfee Online Backup | MOBKstat.exe | "System Tray access to McAfee Online Backup (formerly Data Backup) - ""takes the hassle out of manually backing up all of your valuable digital files - from Microsoft Outlook email and contacts to treasured family photos"". Available as a stand-alone product or included in Internet Security and Total Protection"
|
| U | McAfee Online Backup Status | MOBKstat.exe | "System Tray access to McAfee Online Backup (formerly Data Backup) - ""takes the hassle out of manually backing up all of your valuable digital files - from Microsoft Outlook email and contacts to treasured family photos"". Available as a stand-alone product or included in Internet Security and Total Protection"
|
| Y | McAfee SecurityCenter | McUpdate.exe | Automatic virus definition and software updates/upgrades for older versions of McAfee VirusScan and the now obsolete McAfee VirusScan Online
|
| U | McAfee.InstantUpdate.Monitor | RuLaunch.exe | "Instant Updater for McAfee's VirusScan |
| U | McAfeeDataBackup | McAfeeDataBackup.exe | "McAfee Online Backup (formerly Data Backup) - ""takes the hassle out of manually backing up all of your valuable digital files - from Microsoft Outlook email and contacts to treasured family photos"". Available as a stand-alone product or included in Internet Security and Total Protection"
|
| Y | McAfeeUpdaterUI | UpdaterUI.exe | McAfee common updater user interface
|
| Y | McAfeeUpdaterUI | UdaterUI.exe | Updater user interface for McAfee's VirusScan Enterprise corporate anti-virus and anti-spyware security tool
|
| X | Mcrosoftr Update | Mcrosoftr.exe | "Added by a variant of the RBOT WORM!"
|
| Y | McUpdate | McUpdate.exe | Automatic virus definition and software updates/upgrades for older versions of McAfee VirusScan and the now obsolete McAfee VirusScan Online
|
| Y | MCUpdateExe | McUpdate.exe | Automatic virus definition and software updates/upgrades for older versions of McAfee VirusScan and the now obsolete McAfee VirusScan Online
|
| X | MCX Update | wisp.exe | "Added by the RBOT-AQH WORM!"
|
| X | mdetect | [path to trojan] | "Added by the SPABOT TROJAN!"
|
| U | Media Codec Update Service | update.exe | "Windows Essentials Codec Pack 1.0 is a collection of the most commonly needed video and audio codecs. This program allows keeps these codecs updated"
|
| X | Media Gateway | MediaGateway.exe | "WindUpdates MediaPass adware"
|
| X | Media Player Update | xpsp1mfh.exe | "Added by a variant of the RBOT WORM!"
|
| X | Media Software UPdater | sscs.exe | "Added by the RBOT-ABE WORM!"
|
| X | MEDIA32 | [path to trojan] | "Added by the PURSCAN-Z TROJAN!"
|
| N | MediaFace Integration | Sethook.exe | "Fellowes Neato® cd label design software. ""Launch NEATO's MediaFACE II label making software directly from the productname toolbar"""
|
| U | Mediafour Mac Volume Notifications | MACVNTFY.EXE | "Part of MacDrive 6 CrossStripe Edition from Mediafour Corporation - ""a perfect way to share files between Mac OS and Windows."" Unlike the standard version of MacDrive 7 |
| U | Mediafour XPlay Tray Notification Icon | Xptryicn.exe | "Mediafour Xplay - allows you to use an Apple iPod digital music player with a PC running Windows. If not used regularily start manually before connecting the iPod"
|
| U | Mediafour XPlay Tray Notification Icon | Xptryicn.exe | "Xplay 2 from Mediafour Corporation - ""expands what you can do with any iPod |
| X | MediaPath | Proyecto1.exe | "Added by the GRUEL WORM!"
|
| X | MediaPath | Root.exe | "Added by the GRUEL WORM!"
|
| X | MediaPlayeS | MediaPlayer_update.exe | "Added by the STARTER-K TROJAN!"
|
| X | Memory Allocation Host | cihost.exe | "Detected by Avast as a variant of the IRCBOT-CHZ WORM!"
|
| X | Memory Allocation Server | ciserv.exe | Added by an unidentified malware
|
| X | Memory Allocation Services | cisrv.exe | "Added by the IRCBOT.FC BACKDOOR!"
|
| X | Memory relocation service | reloc32.exe | "Added by the RELFEERWORM!"
|
| N | Memory Stick Monitor | MSTAT.exe | "Used with the Sony floppy disk adapter for memory sticks |
| U | Memory Stick Monitor | MSstat.exe | Sony/SmartDisk memorystick-floppydisk-adapter software - allows you to read memorysticks in a normal floppydrive
|
| X | Memory Watcher | MemoryWatcher.exe | "MemoryWatcher spyware"
|
| X | Messenger Gateway | msmgs.exe | "Added by the AGENT-IGK TROJAN!"
|
| X | Messenger Service Updater | svshost.exe | "Added by the MYTOB.GC WORM!"
|
| X | Micosoft Data Core | runservice.exe | "Added by the IRCBOT.BK WORM!"
|
| X | Micosoft Data Core stuff | svshosts.exe | "Added by the RBOT.FZA WORM!"
|
| X | Micr Update | soundblaster.exe | "Added by the SDBOT.NP WORM!"
|
| X | Micr Update System | upwin.exe | "Added by the SDBOT.YS WORM!"
|
| X | Micrcoft Updat | spoolsae.exe | "Added by the RBOT-AIB WORM!"
|
| X | Micrcoft Updat | spoolsaex.exe | "Added by the RBOT-AJM WORM!"
|
| X | Micrcoft Updat | Internet.exe | "Added by the RBOT-ANA WORM!"
|
| X | Micrcsoft Certificate Services | cflmon.exe | "Added by the RBOT-FWV WORM!"
|
| X | Micro Office | [path to trojan] | "Added by the BANCBAN-QC TROJAN!"
|
| X | Micro Update | dailin.exe | "Added by the RBOT-ER WORM!"
|
| N | microAttuneDownload | atmdlusr.exe | "Application Launcher |
| U | MicroDialler | atdialler1.exe | "Part of the Freeserve Connection Kit - changes the dial-up for Freeserve AnyTime if access problems are encountered"
|
| X | Microfot Update | winldx32.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microft Update 32 | winssx.exe | "Added by the RBOT-AQS WORM!"
|
| X | Micromedia Flash Update | wdfmrg.exe | "Added by a variant of the SDBOT WORM!"
|
| X | Micromedia Flash Update | xptxt.exe | "Added by the RBOT-GAB WORM!"
|
| X | Microoft Timing | pupdate.exe | "Added by a variant of the RBOT WORM!"
|
| X | MICROSFT ANTIVIRUS UPDATE SUPPORT | [random 10-letter filename].EXE | "Added by the RBOT-AQA WORM!"
|
| X | MICROSFT ANTIVIRUS UPDATE SUPPORT | MSGUPDATED.EXE | "Added by the RBOT-APZ WORM!"
|
| X | Microsft Corporation Version 2001.12.4414 | comrel.exe | "Added by a variant of the SDBOT TROJAN!"
|
| X | Microsft Corporation Version 2002.12.2414 | comserv.exe | "Added by a variant of the SLAPER TROJAN!"
|
| X | MICROSFT MX UPDATE SUPPORT | taskmngrs.exe | "Added by the RBOT-AUZ WORM!"
|
| X | MICROSFT MX UPDATE SUPPORT | winmx32.EXE | "Added by the IRCBOT-FD WORM!"
|
| X | MICROSFT RAMA UPDATE SUPPORT | [random filename] | "Added by the RBOT-ASM or RBOT-AUW WORMS!"
|
| X | MICROSFT RAMA UPDATE SUPPORT | MSN32.EXE | "Added by the RBOT-AWJ WORM!"
|
| X | MICROSFT RAMA UPDATE SUPPORT | mtakthmyn.EXE | "Added by the RBOT-AUJ WORM!"
|
| X | MICROSFT RAMA UPDATE SUPPORT | MSGUPDAT32.EXE | "Added by the RBOT-BBB WORM!"
|
| X | microsft windows updates | mwupdate32.exe | "Added by a variant of the TOXBOT/CODBOT WORM!"
|
| X | Microsof Value | nmatt.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft | MSUPDATE.exe | Added by an unidentified WORM or TROJAN!
|
| X | Microsoft | updater.exe | "Added by the RBOT-GHP WORM!"
|
| X | Microsoft | internetdat.exe | "Added by the RBOT.ETY BACKDOOR!"
|
| X | Microsoft | MicrosoftCorporation.exe | "Added by the KILLFILES.AED TROJAN!"
|
| X | Microsoft (C) HTML Application host | [random filename] | "Added by the RBOT-YB WORM!"
|
| X | Microsoft (R) Windows Configuration Backup Service | svchost.exe | "Added by the RANKY.X TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in either a ""config"" |
| X | Microsoft (R) Windows Network Latency Controller | 1.tmp | "Added by a generic password stealer TROJAN - see here"
|
| X | Microsoft (R) Windows Network Latency Controller | nlc.exe | "Added by a generic password stealer TROJAN - see here"
|
| X | Microsoft (R) Windows Network Latency Controller | sp2vc.exe | "Added by a generic password stealer TROJAN - see here"
|
| X | Microsoft (R) Windows Protected Content Restoration Service | services.exe | "Added by the AGENT.AGV BACKDOOR! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\etc"
|
| X | Microsoft (R) Windows TCP/IP Socket Driver | [path to trojan] | "Added by the PROXY-DD TROJAN!"
|
| X | Microsoft (R) Windows Update Service | wuauclt.exe | "Added by a variant of the SDBOT WORM! Note - this is not the legitimate wuauclt.exe process |
| X | Microsoft (R) Windows Vista/NT Runtime Compatibility Service | nrcs.exe | "Added by the RANKY.X TROJAN!"
|
| X | Microsoft .NET Confingurator | msnconf.exe | "Added by an unidentified VIRUS |
| X | Microsoft 16Bit Update | wuapdate16.exe | "Added by the RBOT.CZ WORM!"
|
| X | Microsoft 64 Bit Runtime Updater | wupdt64.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft ActiveX Debugger NT | [path to trojan] | "Added by the BANCOS-DO TROJAN!"
|
| X | Microsoft Ansti Update | msie.exe | "Added by the RBOT-LE WORM!"
|
| X | Microsoft Application Center | mappc.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Application Manager | msapl32.exe | "Added by the BROPIA-AE TROJAN!"
|
| X | Microsoft AUT Update | MSlti32.exe | "Added by the RBOT-X WORM!"
|
| X | Microsoft AUT Update | MSlti16.exe | "Added by the RBOT.EB WORM!"
|
| X | Microsoft auto update | winupdate.exe | "Added by the BMBOT TROJAN!"
|
| X | Microsoft Auto Update | WINHLP16.EXE | "Added by the RBOT.GY WORM!"
|
| X | Microsoft auto update | wuauclt.exe | "Added by the CULT-B TROJAN! Note - this is not the legitimate wuauclt.exe process |
| X | Microsoft Automatic Update Serivce | msautou.exe | "Added by the RBOT-AOB WORM!"
|
| X | Microsoft Automatic Updater | Explorer.exe | "Added by the RBOT-SG WORM! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%"
|
| X | Microsoft AutoUpdater | svhost.exe | "Added by the RBOT.QG WORM!"
|
| X | Microsoft Calculator | calc.exe | "Added by a variant of the IRCBOT TROJAN!"
|
| X | Microsoft Configoration Service | msconfigs.exe | "Added by the RBOT-ETT WORM!"
|
| X | Microsoft Configuration | msconfig32.exe | "Added by the SDBOT.MQ WORM!"
|
| X | Microsoft Configuration 35 | microsot1.exe | "Added by an unidentified TROJAN!"
|
| X | Microsoft Configuration Wizard | taskmrg.exe | "Added by the SDBOT-MX TROJAN!"
|
| X | Microsoft Corp SQL Certificates | sqlcer.exe | "Added by the ZYBOT-C WORM!"
|
| X | Microsoft Corp SSL Certificates | windowz.exe | "Added by the RBOT-GCZ WORM!"
|
| X | Microsoft Corp TLS Certificates | msauth.exe | "Added by the RBOT-GAC WORM!"
|
| X | Microsoft Corp Updates | wupdates.exe | "Added by the RBOT-AUU WORM!"
|
| X | Microsoft Corporaticn SQL Handler | sqlhandler.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Corporation | [random filename] | "Added by various VIRUSES |
| X | Microsoft Corporation | jview.exe | "Added by the RBOT-AOD WORM!"
|
| X | Microsoft Corporation Svchost Service | mssvc.exe | "Added by a variant of the SDBOT WORM! See here"
|
| X | Microsoft Corporation Svchost Service | mswsc.exe | Added by the AGENT.MAB TROJAN!
|
| X | Microsoft Corporation SYM monitor | mssym.exe | "Added by the RBOT-GDB WORM!"
|
| X | Microsoft CPU Over Heat Manager | CPU.exe | "Added by a variant of the IRCBOT TROJAN!"
|
| X | Microsoft Data Helper | cihost.exe | "Malware |
| X | Microsoft Data Machine | csdata32.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Database Handler | mssql32.exe | "Added by the RANDEX.AX WORM!"
|
| X | Microsoft Datalog Application | msdata.exe | "Added by a variant of the SDBOT WORM!"
|
| X | Microsoft Directx | directxat.exe | "Added by the SDBOT-BXF WORM! Note - disables autostart for the SharedAccess service and deactivates the Microsoft Internet Connection Firewall (ICF)"
|
| X | Microsoft DirectX | wupdate.exe | "Added by the RBOT-L WORM!"
|
| X | Microsoft DLL Authentification | dllsecure.exe | "Added by a variant of the IRCBOT TROJAN!"
|
| X | Microsoft driver update | Mshome.exe | Added by the SDBOT.BL WORM!
|
| X | Microsoft explorer Update | internal.exe | Added by an unidentified WORM or TROJAN!
|
| X | Microsoft Features | ms32cfg.exe | "Added by the RBOT.HO WORM!"
|
| X | Microsoft Features | msie.exe | "Added by a variant of the RBOT WORM!"
|
| Y | MICROSOFT FIREWALL CLIENT | ISATRAY.EXE | "MS Internet Security and Acceleration Server - see here"
|
| X | Microsoft Generic Update Manager | wupdate.exe | "Added by the RBOT-AWC TROJAN!"
|
| X | Microsoft Incroporate | mfs.exe | "Added by the RBOT-ANF WORM!"
|
| X | Microsoft Information | securenet.exe | "Added by the SDBOT.AJM WORM!"
|
| X | Microsoft Information Check | microsoft.exe | "Added by the IRCBOT.AUH TROJAN!"
|
| X | Microsoft Initialization Service | initsvc.exe | "Added by the IRCBOT.AXK BACKDOOR!"
|
| X | Microsoft Initialization Services | initserv.exe | "Added by the IRCBOT-ABO TROJAN!"
|
| X | Microsoft Internel Corporat | netvhost.exe | "Added by a variant of the IRCBOT BACKDOOR!"
|
| X | Microsoft Internel Corporat | smbvhost.exe | "Added by a variant of the IRCBOT BACKDOOR!"
|
| X | Microsoft Internet Acceleration Utility | iau.exe | "EasySearch adware"
|
| X | Microsoft Internet Acceleration Utility | [path to file] | "Added by the AGENT-CX TROJAN!"
|
| X | Microsoft Internet Acceleration Utility | [path to trojan] | "Added by the SMUTSRCH-A TROJAN!"
|
| X | Microsoft Internet Explorer | [path to trojan] | "Added by the BANCBAN-AS TROJAN!"
|
| X | Microsoft Internet Explorer Update | ieupdate.exe | "Added by the SHEUR.MH TROJAN!"
|
| X | Microsoft Internet Firewall Update | updater.exe | "Added by a variant of the IRCBOT TROJAN!"
|
| X | Microsoft IT Update | win64.exe | "Added by the RBOT.GA WORM!"
|
| X | Microsoft IT Update | [random filename] | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft IT Update | IEserv.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft IT Update | msupdate.exe | "Added by the RBOT-FE WORM!"
|
| X | Microsoft IT Update | winn43.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft IT Update | svchsst.exe | "Added by the RBOT-DH WORM!"
|
| X | Microsoft IT Update | win43.exe | "Added by the RBOT-SA WORM!"
|
| X | Microsoft IT Update | windows.exe | "Added by the RBOT-JM WORM!"
|
| X | Microsoft IT Update | winsyst32.exe | "Added by the RBOT-FC WORM!"
|
| X | Microsoft IT Update | Rhost32.exe | "Added by a variant of the IRCBOT TROJAN!"
|
| X | Microsoft Java Windows Update | [filename] | "Added by the RBOT-DZ WORM!"
|
| U | Microsoft Location Finder | LocationFinder.exe | "Microsoft Location Finder ""is a client-side application that turns a regular WiFi enabled laptop |
| X | Microsoft LV | [path to file] | "Added by the BDOOR-BDL BACKDOOR!"
|
| X | Microsoft Machine | updata.exe | "Added by the RBOT-DJ WORM!"
|
| X | Microsoft MachineUpdatese | tempes.exe | "Added by the RBOT.EWN BACKDOOR!"
|
| X | Microsoft Management Console | [path to trojan] | "Added by the SMUTSRCH-A TROJAN!"
|
| X | Microsoft MSUPDATE | SpoolSvc.exe | "Added by the SXTB-A TROJAN!"
|
| X | Microsoft NT Update | winexec32.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Office Start | winupdates.exe | "Added by the GAOBOT.BC WORM!"
|
| X | Microsoft Patch Update | bootini.exe | "Added by the RBOT-FMN WORM!"
|
| X | Microsoft PCHealth32 | [path to file] | "Added by the NICE-A TROJAN!"
|
| X | Microsoft PSTCP32 Data | pstcp32.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Redirect | [path to file] | "Added by the BANKER-FW TROJAN!"
|
| X | Microsoft Security Hot Fix Update | mshotfix.exe | "Affilred adware"
|
| X | Microsoft Security Monitor Process | windowsupdate.exe | "Added by a variant of the IRCBOT BACKDOOR! See here"
|
| X | Microsoft Security Update | security32.exe | "Added by the DELF-JJ TROJAN!"
|
| X | Microsoft Server Applacations | msnmsg.exe | "Added by the AGOBOT.BBM WORM!"
|
| X | Microsoft Server Applacations | wuauct1.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Server Applacations | lsasss.exe | "Added by the RBOT-AQQ WORM!"
|
| X | Microsoft Server Applacations | Q8See.exe | "Added by the SPYBOT.GEN3 TROJAN!"
|
| X | Microsoft Server Applacations | cli.exe | "Added by the RBOT-GAQ WORM!"
|
| X | Microsoft Server Application | Sound.exe | "Added by the RBOT-NE WORM!"
|
| X | Microsoft Service Information | msnservices.exe | "Added by the RBOT.ID WORM!"
|
| X | Microsoft Software Update | nmon.exe | "Added by the RBOT.HZ WORM!"
|
| X | Microsoft standard protector | [path to trojan] | "Added by the STOX-C TROJAN!"
|
| X | Microsoft Synchronization Manager | asgard.exe | "Added by the SDBOT-AEA WORM!"
|
| X | Microsoft Synchronization Manager | bot.exe | "Added by the SDBOT.IH WORM!"
|
| X | Microsoft Synchronization Manager | netscape.exe | "Added by the RANDEX.AE WORM!"
|
| X | Microsoft Synchronization Manager | slhost.exe | "Added by the SDBOT.YH WORM!"
|
| X | Microsoft Synchronization Manager | svhost.exe | "Added by the SDBOT-PY WORM!"
|
| X | Microsoft Synchronization Manager | WinLoginnn.exe | "Added by the SPYBOT.FO WORM!"
|
| X | Microsoft Synchronization Manager | winupdate.exe | "Added by the SDBOT.ER WORM!"
|
| X | Microsoft Synchronization Manager | xXx.exe | "Added by the SDBOT-KZ WORM!"
|
| X | Microsoft Synchronization Manager | ___synmgr.exe | "Added by the MASLAN.A or MASLAN.C WORMS!"
|
| X | Microsoft Synchronization Manager | al.exe | "Added by the OPTXPRO.132 TROJAN!"
|
| X | Microsoft Synchronization Manager | win.exe | "Added by the SDBOT.AK WORM!"
|
| X | Microsoft Synchronization Manager | java.exe | "Added by a variant of the SDBOT WORM!"
|
| X | Microsoft Synchronization Manager | svchosts.exe | "Added by the SDBOT-LM WORM!"
|
| X | Microsoft Synchronization Manager | winlogon32.exe | "Added by the SDBOT.AEU WORM!"
|
| X | Microsoft Synchronization Manager | svxhost.exe | "Added by the SDBOT-ZU WORM!"
|
| X | Microsoft Synchronization Manager | wincfg32.exe | "Added by the SDBOT.DO WORM!"
|
| X | Microsoft Synchronization Manager | screen.exe | "Added by the SDBOT-ACO WORM!"
|
| X | Microsoft Synchronization Manager | devldr32.exe | "Added by a variant of the RBOT WORM! Note - do not confuse with the legitimate Creative Labs devldr32.exe file"
|
| X | Microsoft Synchronization Manager | explorer.exe | "Added by the SDBOT-AEA WORM! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%"
|
| X | Microsoft Synchronization Manager | firewire.exe | "Added by the SDBOT-AFC WORM!"
|
| X | Microsoft Synchronization Manager | wmedia.exe | "Added by the SDBOT.BFC WORM!"
|
| X | Microsoft Synchronization Manager | win932.exe | "Added by the SDBOT.AH WORM!"
|
| X | Microsoft Synchronization Manager | mircup.exe | "Added by the SDBOT.BQD WORM!"
|
| U | Microsoft Synchronization Manager | mobsync.exe | "Microsoft Synchronization Manager for 2K/XP - used to update network copies of materials that were edited offline |
| X | Microsoft Synchronization Manager | alien.exe | "Added by the SDBOT-MV BACKDOOR!"
|
| X | Microsoft Synchronization Manager | microsoft.exe | "Added by the SDBOT-OM WORM!"
|
| X | Microsoft Synchronization Manager 2 | svhostc.exe | "Added by the SLINBOT.ST WORM!"
|
| X | Microsoft System Administration | system.exe | "Added by a variant of the IRCBOT BACKDOOR!"
|
| N | Microsoft System Configuration Utility | msconfig.exe | Entry that appears when you uncheck an item in the MSConfig Startup group and will disappear if on the next reboot you select the option to not be reminded that you are running in Selective Startup mode. Located in %System% (98/Me/Vista) or %Windir%\PCHealth\HelpCtr\Binaries (XP)
|
| X | Microsoft System DLL Services Configuration | windir32.exe | "Added by the SDBOT-ACY TROJAN!"
|
| X | Microsoft System Restore Configuration | CBRSS.EXE | "Added by a variant of the SPYBOT WORM!"
|
| X | Microsoft System Saver | [path to worm] | "Added by the RBOT.BSK WORM!"
|
| X | Microsoft System Update | sysupdate.exe | "Added by the SDBOT.DG WORM!"
|
| X | Microsoft System32 Update | cmsrg.exe | "Added by the RBOT-GN WORM!"
|
| X | Microsoft Taskmanager Updater | keyboard.exe | "Added by the RBOT-ALU WORM!"
|
| X | Microsoft UMA Update | MSuma32.exe | "Added by the RBOT.FS WORM!"
|
| X | Microsoft Updat3 | mswkst32.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Update | Microsoft.exe | "Added by the GAOBOT.AFJ WORM!"
|
| X | Microsoft Update | mssmgrd.exe | "Added by the SDBOT.JT WORM!"
|
| X | Microsoft Update | mvsc.exe | "Added by the SPYBOT.DAZ WORM!"
|
| X | Microsoft Update | ascdl.exe | "Added by the GAOBOT.SY WORM!"
|
| X | Microsoft Update | Isac.exe | "Added by the RBOT-AU WORM!"
|
| X | Microsoft Update | automgr32.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Update | mediap.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Update | Microsoftx.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Update | msconfg.exe | "Added by the RBOT.H WORM!"
|
| X | Microsoft Update | Mslti32.exe | "Added by the RBOT-LX WORM!"
|
| X | Microsoft Update | muamgrd.exe | "Added by a variant of the AGOBOT/GAOBOT WORM!"
|
| X | Microsoft Update | navmgrd.exe | "Added by the SDBOT.DP TROJAN!"
|
| X | Microsoft Update | Smss32.exe | "Added by the RBOT-CB WORM!"
|
| X | Microsoft Update | sys32cfg.exe | "Added by the RBOT.DR WORM!"
|
| X | Microsoft Update | VPC32.EXE | "Added by the AGOBOT.XM WORM!"
|
| X | Microsoft Update | winsys32.exe | "Added by the RBOT.BD WORM!"
|
| X | Microsoft Update | wuamgrd.exe | "Added by the RBOT-LK WORM!"
|
| X | Microsoft Update | wuammgr32.exe | "Added by the RBOT-AW WORM!"
|
| X | Microsoft Update | wudmate.exe | "Added by the RBOT.AP WORM!"
|
| X | Microsoft Update | msawindows.exe | "Added by the GAOBOT.AFJ WORM!"
|
| X | Microsoft Update | msiwin84.exe | "Added by the GAOBOT.AFJ WORM!"
|
| X | Microsoft Update | wuamgrd32.exe | "Added by the RBOT.ZB WORM!"
|
| X | Microsoft Update | NAV.exe | "Added by the RBOT-IV WORM!"
|
| X | Microsoft Update | systemi32.exe | "Added by a variant of the SPYBOT WORM!"
|
| X | Microsoft Update | xpupdate.exe | "Added by the RBOT-QE WORM!"
|
| X | Microsoft Update | webm.exe | "Added by the SDBOT.WK WORM!"
|
| X | Microsoft Update | wuagrd.exe | "Added by the RBOT-FK WORM!"
|
| X | Microsoft Update | aaupdt.exe | "Added by the RBOT-RQ WORM!"
|
| X | Microsoft Update | lsac.exe | "Added by the GAOBOT.XW WORM!"
|
| X | Microsoft Update | Mupdate.exe | "Added by the RBOT-AG WORM!"
|
| X | Microsoft Update | prowind32.exe | "Added by a variant of the AGOBOT/GAOBOT WORM!"
|
| X | Microsoft Update | snlogsvc.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Update | svhost.exe | "Added by the RBOT-PI WORM!"
|
| X | Microsoft Update | wauguard.exe | "Added by the RBOT.AEE WORM!"
|
| X | Microsoft Update | winscv.exe | "Added by the RBOT-BH WORM!"
|
| X | Microsoft Update | winsys.exe | "Added by the RBOT-GV WORM!"
|
| X | Microsoft Update | wserv32.exe | "Added by the RBOT.AF WORM!"
|
| X | Microsoft Update | wtm32.exe | "Added by the RBOT-AQ WORM!"
|
| X | Microsoft Update | wumgrd.exe | "Added by the SDBOT-KY WORM!"
|
| X | Microsoft Update | wuampd.exe | "Added by the RBOT-UT WORM!"
|
| X | Microsoft Update | msupdate32.exe | "Added by a variant of the SPYBOT WORM!"
|
| X | Microsoft Update | Botnet.exe | "Added by the RBOT.AFL WORM!"
|
| X | Microsoft Update | sghost.exe | "Added by the SDBOT.AKV WORM!"
|
| X | Microsoft Update | update_w.exe | "Added by the RBOT-EW WORM!"
|
| X | Microsoft Update | windows24.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Update | wingrd32.exe | "Added by the RBOT-DW WORM!"
|
| X | Microsoft Update | wssvr.exe | "Added by the RBOT-OD WORM!"
|
| X | Microsoft Update | wuamagr32.exe | "Added by the SPYBOT.CG WORM!"
|
| X | Microsoft Update | WinUpdate32.exe | "Added by the RBOT-TI WORM!"
|
| X | Microsoft Update | wkfix.exe | "Added by the RBOT-ABZ WORM!"
|
| X | Microsoft Update | Kkk.exe | "Added by the RBOT-AHL WORM!"
|
| X | Microsoft Update | mcupdate.exe | "Added by the RBOT.XT WORM! Note - this file is located in %System% and should not be confused with the McAfee antivirus executable as described here"
|
| X | Microsoft Update | Micr0s0ft.exe | "Added by the AGOBOT.AAR WORM!"
|
| X | Microsoft Update | Msnmsngr.exe | "Added by the RBOT.BQS WORM!"
|
| X | Microsoft Update | msupdate32.exe | "Added by the SPYBOT.LZ WORM!"
|
| X | Microsoft Update | scvhost.exe | "Added by the RBOT-AEM WORM!"
|
| X | Microsoft Update | svghost.exe | "Added by the RBOT.BUJ WORM!"
|
| X | Microsoft Update | sys.exe | "Added by the RBOT-AJ WORM!"
|
| X | Microsoft Update | up2dat5.exe | "Added by a variant of the SDBOT WORM!"
|
| X | Microsoft Update | winamp.exe | "Added by a variant of the RBOT WORM! Note - this is NOT the popular Winamp media player"
|
| X | Microsoft Update | win-mang.exe | "Added by the RBOT-AFK WORM!"
|
| X | Microsoft Update | winupdater.exe | "Added by the RBOT.BIN WORM!"
|
| X | Microsoft Update | wuamk0032.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Update | wuamk032.exe | "Added by the RBOT-AHD WORM!"
|
| X | Microsoft Update | wuamk0p32.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Update | wuamkop.exe | "Added by the RBOT-AFI WORM!"
|
| X | Microsoft Update | wuamkop32.exe | "Added by the RBOT.BGU WORM!"
|
| X | Microsoft Update | wuampkd.exe | "Added by the SDBOT.BBX WORM!"
|
| X | Microsoft Update | svzhost.exe | "Added by the RBOT.OX WORM!"
|
| X | Microsoft Update | win32.exe | "Added by a variant of the SDBOT WORM!"
|
| X | Microsoft Update | wininit.exe | "Added by the RBOT-AKR WORM!"
|
| X | Microsoft Update | wuamgrd3.exe | "Added by the RBOT-AMC WORM!"
|
| X | Microsoft Update | Wudates.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Update | ms.exe | "Added by the SDBOT.CC WORM!"
|
| X | Microsoft Update | wuagmsd.exe | "Added by the RBOT-AX WORM!"
|
| X | Microsoft Update | cmss.exe | "Added by the RBOT-ATQ WORM!"
|
| X | Microsoft Update | wuamgrb.exe | "Added by the RBOT-AZE WORM!"
|
| X | Microsoft Update | WINDOC.EXE | "Added by the SDBOT.PF WORM!"
|
| X | Microsoft Update | phqghumea.exe | "Added by the SDBOT.AFO WORM!"
|
| X | Microsoft Update | system32.exe | "Added by the RBOT.IS WORM!"
|
| X | Microsoft Update | bling.exe | "Added by the RBOT-AVK WORM!"
|
| X | Microsoft Update | Sygate.exe | "Added by a variant of the SDBOT WORM!"
|
| X | Microsoft Update | update.exe | "Added by a variant of the SDBOT WORM!"
|
| X | Microsoft Update | WinDrv32.exe | "Added by the RBOT.EGW WORM!"
|
| X | Microsoft Update | devmks32.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft update | winupdate.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Update | msupdate.exe | "Added by the BOROBOT-I TROJAN!"
|
| X | Microsoft Update | mixer.exe | "Added by the RBOT-AIR WORM!"
|
| X | Microsoft Update | taskmgr32.exe | "Added by the RBOT-CV WORM!"
|
| X | Microsoft Update | drive.exe | "Added by the BIFROSE-PN WORM!"
|
| X | Microsoft Update | wangard.exe | "Added by the RBOT-LH WORM!"
|
| X | MICROSOFT UPDATE | WUAGTRD.EXE | "Added by the RBOT-CJ WORM!"
|
| X | Microsoft Update | spool.exe | "Added by the AGENT-GJC TROJAN!"
|
| X | Microsoft Update | bnmveqfts.exe | "Added by the BANLOAD.KWQ TROJAN!"
|
| X | Microsoft Update | dqbxhupdt | "Added by a variant of the SDBOT WORM! See here"
|
| X | Microsoft Update | enule.exe | "Added by the IRCBOT.DU BACKDOOR!"
|
| X | Microsoft Update | explorer.exe | "Added by the RBOT.AEU BACKDOOR! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%"
|
| X | Microsoft Update | imchemaoa.exe | "Added by the BANLOAD.KWQ TROJAN!"
|
| X | Microsoft Update | livemessenger.com | "Added by the ADLOAD-LN TROJAN!"
|
| X | Microsoft Update | msnmsgl.exe | "Added by a variant of the SPYBOT WORM! See here"
|
| X | Microsoft Update | nnwyaupdt | "Added by the RBOT.RHK BACKDOOR!"
|
| X | Microsoft Update | ntservice.exe | "Added by the AGENT-DIS TROJAN!"
|
| X | Microsoft Update | rundll32.dll | "Added by the CIADOOR.GN BACKDOOR!"
|
| X | Microsoft Update | wuamgrdx.exe | "Added by a variant of the SPYBOT WORM! See here"
|
| X | Microsoft Update | wutr.exe | "Added by the SPYBOT.AAR WORM!"
|
| X | Microsoft Update | SetPoints.exe | "Added by a variant of the IRCBOT BACKDOOR!"
|
| X | Microsoft Update | system.exe | "Added by a variant of the RBOT WORM! See here"
|
| X | Microsoft Update | service.exe | "Added by a variant of the RBOT WORM! See here"
|
| X | Microsoft Update | msgn.exe | "Added by the RBOT.RQ BACKDOOR!"
|
| X | Microsoft Update | wuamgrd16.exe | "Added by the RBOT-BQ WORM!"
|
| X | Microsoft Update | windows32.exe | "Added by the RBOT-BHQ WORM!"
|
| X | Microsoft Update | winsyst.exe | "Added by the RBOT-DL WORM!"
|
| X | Microsoft Update 23 | NtKernelSystem.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Update 23 | spoolvs.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Update 32 | explore32.exe | "Added by the SPYBOT.CYM WORM!"
|
| X | Microsoft Update 32 | MSupdate32.exe | "Added by a variant of the SPYBOT WORM!"
|
| X | Microsoft Update 32 | wininit.exe | "Added by the RBOT-ANY WORM!"
|
| X | Microsoft Update 32 | wininit32.exe | "Added by the RBOT-AKJ WORM!"
|
| X | Microsoft Update 32 | [path to file] | "Added by the RBOT-AJJ WORM!"
|
| X | Microsoft Update 32 | mscnfg.exe | "Added by the RBOT-ALM WORM!"
|
| X | Microsoft Update 32 | servic.exe | "Added by the RBOT-AXN WORM!"
|
| X | Microsoft Update 32 | winitXP32.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Update 32 | mssetup32.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Update 32 | wiit.exe | "Added by the RBOT-AMS WORM!"
|
| X | Microsoft Update 32 | explorer.exe | "Added by the RBOT-ARF WORM! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%"
|
| X | Microsoft Update 32 | network.exe | "Added by the RBOT-ARZ WORM!"
|
| X | Microsoft Update 32 | om4r.exe | "Added by the RBOT-AQP WORM!"
|
| X | Microsoft Update 32 | winin.exe | "Added by the RBOT-ARR WORM!"
|
| X | Microsoft Update 32 | wuinit.exe | "Added by the AGOBOT-UE WORM!"
|
| X | Microsoft Update 32 | neta.exe | "Added by the RBOT-AMI WORM!"
|
| X | Microsoft Update 32 | spoolvs.exe | "Added by the RBOT-BBQ WORM!"
|
| X | Microsoft Update 32 | rundll32.exe | "Added by the RBOT.AIE BACKDOOR! Note that this BACKDOOR modifies the file rundll32.exe |
| X | Microsoft Update 32 | taskMangr.exe | "Added by the RBOT.AIE BACKDOOR!"
|
| X | Microsoft Update 32 | winssx.exe | "Added by the RBOT-ARW WORM!"
|
| X | Microsoft Update 33 | init.exe | "Added by the RBOT-ATT WORM!"
|
| X | Microsoft Update 64 BIT | wininit32.exe | "Added by the RBOT-AHE WORM!"
|
| X | Microsoft Update 64 BIT | winman32.exe | "Added by the RBOT-AKI WORM!"
|
| X | Microsoft Update 64 BIT | schvost.exe | "Added by the RBOT.CAU WORM!"
|
| X | Microsoft Update 64 BIT | winl32xe.exe | "Added by the RBOT-AQO WORM!"
|
| X | Microsoft Update Clinic | svsipconfig.exe | "Added by the RBOT.BR WORM!"
|
| X | MICROSOFT UPDATE CONFIGURATION | WIN32SNC.EXE | "Added by the RBOT-AI WORM!"
|
| X | Microsoft Update Control | Ms64.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Update Debugger | wincfg32.exe | "Added by the SPYBOT.ZC WORM!"
|
| X | Microsoft Update Device | flolo.exe | "Added by a variant of the SPYBOT WORM! See here"
|
| X | Microsoft Update Device Drivers | wuauclt.exe | "Added by a variant of the SDBOT WORM! Note - this is not the legitimate wuauclt.exe process |
| X | Microsoft Update DLL | rxxhost.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Update Drivers | explorers.exe | "Added by a variant of the SDBOT WORM!"
|
| X | Microsoft Update Emulator | kern-mxe.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Update Emulator | wuaddsff.exe | "Added by the RBOT-GX WORM!"
|
| X | Microsoft Update Event | svnhost.exe | "Added by the AGOBOT-GW BACKDOOR!"
|
| X | Microsoft Update Loader | [random filename] | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Update Loaders 2005 | winusers.exe | "Added by the RBOT-AIQ WORM!"
|
| X | Microsoft Update Loaders 2006 | winusersystem32.exe | "Added by a variant of the AGOBOT/GAOBOT WORM!"
|
| X | Microsoft Update Machine | expl0rer.exe | "Added by the SDBOT.OK WORM!"
|
| X | Microsoft Update Machine | rxhost.exe | "Added by the RBOT.FC WORM!"
|
| X | Microsoft Update Machine | servicz.exe | "Added by the RBOT-HU WORM!"
|
| X | Microsoft Update Machine | SP2.exe | "Added by the SPYBOT.FP WORM!"
|
| X | Microsoft Update Machine | winini.exe | "Added by the RBOT-KV WORM!"
|
| X | Microsoft Update Machine | xvshost.exe | "Added by the RBOT.QP WORM!"
|
| X | Microsoft Update Machine | memstat.exe | "Added by the RBOT-OM WORM!"
|
| X | Microsoft Update Machine | ntce.exe | "Added by the RBOT-FA WORM!"
|
| X | Microsoft Update Machine | system03.exe | "Added by the RBOT-NM WORM!"
|
| X | Microsoft Update Machine | wuawx.exe | "Added by the RBOT-CE WORM!"
|
| X | Microsoft Update Machine | zonealarm.exe | "Added by the RBOT-BZ WORM! Note - this is not the valid Zone Labs firewall program!"
|
| X | Microsoft Update Machine | systemll.exe | "Added by the RBOT-JT WORM!"
|
| X | Microsoft Update Machine | winupdt.exe | "Added by the RBOT-FP WORM!"
|
| X | Microsoft Update Machine | svshost.exe | "Added by the RBOT.AK WORM!"
|
| X | Microsoft Update Machine | wuamgd.exe | "Added by the SDBOT.HQ WORM!"
|
| X | Microsoft Update Machine | wupdt32x.exe | "Added by a variant of the SDBOT WORM!"
|
| X | Microsoft Update Machine | [random filename] | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Update Machine | linux.exe | "Added by the RBOT-IM WORM!"
|
| X | Microsoft Update Machine | lmrss.exe | "Added by the RBOT-DY WORM!"
|
| X | Microsoft Update Machine | windowsu.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Update Machine | wininigo.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Update Machine | winmgr.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Update Machine | Winmsixp32.exe | "Added by the RBOT.DN WORM!"
|
| X | Microsoft Update Machine | Winregs32.exe | "Added by the RBOT.DN WORM!"
|
| X | Microsoft Update Machine | winxpini.exe | "Added by the RBOT-OB WORM!"
|
| X | Microsoft Update Machine | wuamgrd.exe | "Added by the RBOT-HE WORM!"
|
| X | Microsoft Update Machine | wuagrd.exe | "Added by the RBOT-GF WORM!"
|
| X | Microsoft Update Machine | LANWAKE.EXE | "Added by the RBOT-QZ WORM!"
|
| X | Microsoft Update Machine | scvhost.exe | "Added by the RBOT-GS WORM!"
|
| X | Microsoft Update Machine | winhost.exe | "Added by the RBOT-GK WORM!"
|
| X | Microsoft Update Machine | winss.exe | "Added by the RBOT.JU WORM!"
|
| X | Microsoft Update Machine | WUAMGRDXS.EXE | "Added by the RBOT-GL WORM!"
|
| X | Microsoft Update Machine | crss32.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Update Machine | lsasse.exe | "Added by the RBOT-DI WORM!"
|
| X | Microsoft Update Machine | qwerty.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Update Machine | rxxhost.exe | "Added by the RBOT.EP WORM!"
|
| X | Microsoft Update Machine | servicez.exe | "Added by the SPYBOT.BI WORM!"
|
| X | Microsoft Update Machine | spoolserv.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Update Machine | Systemnt.exe | "Added by the RBOT.DA WORM!"
|
| X | Microsoft Update Machine | systemse.exe | "Added by the RBOT-BD WORM!"
|
| X | Microsoft Update Machine | taskmngrs.exe | "Added by the RBOT-CR WORM!"
|
| X | Microsoft Update Machine | windowsup.exe | "Added by the RBOT-FV WORM!"
|
| X | Microsoft Update Machine | wuamgard.exe | "Added by the SPYBOT.CS WORM!"
|
| X | Microsoft Update Machine | wupdate32.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Update Machine | system.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Update Machine | TMEMSER.EXE | "Added by the RBOT-NQ WORM!"
|
| X | Microsoft Update Machine | winnie.exe | "Added by the RBOT-ACD WORM!"
|
| X | Microsoft Update Machine | winortho.exe | "Added by the RBOT-NW WORM!"
|
| X | Microsoft Update Machine | wins32.exe | "Added by the RBOT.EZ WORM!"
|
| X | Microsoft Update Machine | serviz.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Update Machine | TASKMAN4.EXE | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Update Machine | wftestb.exe | "Added by the RBOT-AFZ WORM!"
|
| X | Microsoft Update Machine | Win32.exe | "Added by the SDBOT.UV WORM!"
|
| X | Microsoft Update Machine | windns.exe | "Added by the RBOT.EF WORM!"
|
| X | Microsoft Update Machine | MSOICONS.EXE | "Added by the RBOT.AWS WORM! Note - do no confuse with the legitimate Msoicons.exe file described here. The latter should not normally figure in Msconfig/Startup!"
|
| X | Microsoft Update Machine | WINSVC32.EXE | "Added by the RBOT.CU WORM!"
|
| X | Microsoft Update Machine | ntsystem.exe | "Added by the RBOT.GF WORM!"
|
| X | Microsoft Update Machine | winupdte.exe | "Added by the RBOT-GKL WORM!"
|
| X | Microsoft Update Machine | jkfrnz.exe | "Added by the RBOT-GOZ WORM!"
|
| X | Microsoft Update Machine | wlimyc.exe | "Added by the RBOT-GQN WORM!"
|
| X | Microsoft Update Machine | xagwxzy.exe | "Added by the RBOT.S WORM!"
|
| X | Microsoft Update Machine | jkydxg.exe | "Added by the RBOT.AEA BACKDOOR!"
|
| X | Microsoft Update Machine | opmmve.exe | "Added by the KOLABC.DES WORM!"
|
| X | Microsoft Update Machine | paxrxo.exe | "Added by the PUSHBOT.A WORM!"
|
| X | Microsoft Update Machine | psmszw.exe | "Added by the KOLABC.CC WORM!"
|
| X | Microsoft Update Machine | syadpo.exe | "Added by the CIADOOR.GN BACKDOOR!"
|
| X | Microsoft Update Machine | systemi.exe | "Added by the BUZUS.JKU TROJAN!"
|
| X | Microsoft Update Machine | thvfyq.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Update Machine | ubthec.exe | "Added by the AGENT.AWZ TROJAN!"
|
| X | Microsoft Update Machine | winmngr.exe | "Added by the RBOT.GKQ BACKDOOR!"
|
| X | Microsoft Update Machine | gbhglj.exe | "Added by the IRCBOT-ZJ TROJAN!"
|
| X | Microsoft Update Machine | wuamgdr.exe | "Added by the RBOT-IO BACKDOOR!"
|
| X | Microsoft Update Manager | WINRLS.EXE | "Added by the RBOT-AF WORM!"
|
| X | Microsoft Update Manager | svshost.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Update Manager | scvhost.exe | "Added by the AGOBOT.AXJ WORM!"
|
| X | Microsoft Update Manager | scvideo.exe | "Added by the SDBOT-CVP TROJAN!"
|
| X | Microsoft Update Mechene | Updatez.exe | "Added by the RBOT-GI WORM!"
|
| X | Microsoft Update Module | rundll24.exe | "Added by the RBOT-PS WORM!"
|
| X | Microsoft Update Process | wmipcvse.exe | "Added by the AGOBOT-JF TROJAN!"
|
| X | Microsoft Update Security Patch | mssecurityupdatepatch.exe | Added by the AGENT.EF TROJAN!
|
| X | Microsoft Update Server | mssrv.exe | "Added by an unidentified VIRUS |
| X | Microsoft Update Service | csrss32.exe | "Added by the AGOBOT-HC WORM!"
|
| X | Microsoft Update Service | mswin32.exe | "Added by a variant of the SPYBOT WORM!"
|
| X | Microsoft update service | systemm.exe | "Added by a variant of the SDBOT WORM!"
|
| X | Microsoft Update SERVICE | phqghum.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Update Service | msupdate.pif | "Added by the RBOT-AQB WORM!"
|
| X | Microsoft Update Service | wmiprvre.exe | "Added by the AGOBOT-NN WORM!"
|
| X | Microsoft Update Services | wcsnfty.exe | "Added by the RBOT-AGK WORM!"
|
| X | Microsoft Update Services | wsnfty.exe | "Added by the RBOT-AFU WORM!"
|
| X | Microsoft Update Time | wuam.exe | "Added by the RBOT-M WORM!"
|
| X | Microsoft Update USB2 | wuammgrd32.exe | "Added by the RBOT-ADT WORM!"
|
| X | Microsoft Update v2.6 | lxxex.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Update Win32a | winupdate32a.exe | "Added by the RBOT-LO WORM!"
|
| X | Microsoft Update Win32x | winupdate32x.exe | "Added by the RBOT-AJN WORM!"
|
| X | Microsoft Update32 | wuamgrd32.exe | "Added by the RBOT-PU WORM!"
|
| X | Microsoft Updater | winsys32.exe | "Added by the RBOT.RL WORM!"
|
| X | Microsoft Updater | msconsole.exe | "Added by a variant of the IRCBOT TROJAN!"
|
| X | Microsoft Updater | svhost.exe | "Added by the AGENT.CDF TROJAN!"
|
| X | Microsoft Updater | vbcjlg.exe | "Added by a variant of the SPYBOT WORM! See here"
|
| X | Microsoft Updater | wuamgrds.exe | "Added by the RBOT.A WORM!"
|
| X | Microsoft Updater | winupdate.exe | "Added by the AGENT-KIR TROJAN!"
|
| X | Microsoft Updater Resources | WinFixd32.exe | "Added by the SPYBOT.CA WORM!"
|
| X | Microsoft Updater v2 | [path to worm] | "Added by the AUTORUN-BCI WORM!"
|
| X | Microsoft UPDATER32 | lsass.exe | "Added by the RANDEX.AR WORM! Note - this is not the legitimate Lsass.exe system file should normally NOT figure in Msconfig/Startup!"
|
| X | Microsoft UPDATER32 | LSASS32.EXE | "Added by the RANDEX.AR WORM!"
|
| X | Microsoft Updaters | tskmgr.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Updaters | sysconfigs.exe | "Added by the RBOT-DF TROJAN!"
|
| X | Microsoft Updaters Pros | WINDLL32XP.EXE | Added by the SPYBOTTER.GEN VIRUS!
|
| X | Microsoft Updates | systemc32.exe | "Added by the RBOT-GR WORM!"
|
| X | Microsoft Updates | wkssvr.exe | "Added by the RBOT.R WORM!"
|
| X | Microsoft Updates | wkssvrs.exe | "Added by the RBOT-EB WORM!"
|
| X | Microsoft Updates | wuamgrd.exe | "Added by the RBOT-CO WORM!"
|
| X | Microsoft Updates | wtemp32.exe | "Added by the RBOT-AHQ WORM!"
|
| X | Microsoft Updates | svehost.exe | "Added by the RBOT-GRW WORM!"
|
| X | Microsoft Updates | svshost.exe | "Added by the AGOBOT-AIW WORM!"
|
| X | Microsoft Updates | svdhost.exe | "Added by the RBOT-GVH WORM!"
|
| X | Microsoft Updates | service.exe | "Added by the POISON.HPT BACKDOOR!"
|
| X | Microsoft Updates | [worm filename] | "Added by the AGOBOT-AIZ WORM!"
|
| X | Microsoft Updates | wgcptsud.exe | "Added by the RBOT-GTF WORM!"
|
| X | Microsoft Updates | winit.exe | "Added by the SDBOT-CSB WORM!"
|
| X | Microsoft Updates 2 USB | wgafixer.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Updates 5 USB | sp3fixer.exe | "Added by the RBOT-ADS WORM!"
|
| X | Microsoft UpdateS Machine | wgrd.exe | "Added by the RBOT-FI WORM!"
|
| X | Microsoft Updates Resources | WinFixIDs.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Updating | navguard.exe | "Added by the RBOT.HW WORM!"
|
| X | Microsoft Updating | syswr.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Updating | wuamguards.exe | "Added by the RBOT-BY WORM!"
|
| X | Microsoft Updating Client | websvc.exe | "Added by the RBOT.AQ WORM!"
|
| X | Microsoft Updating Machine | sysc0de.exe | "Added by the RBOT.RB WORM!"
|
| X | Microsoft Updatting | miroupdate.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft upnp Update | msie.exe | "Added by the RBOT-LQ WORM!"
|
| X | Microsoft UpToDate Driver (32-bits) | [random filename].exe | "Added by the SPYBOT.LXJ WORM!"
|
| X | Microsoft Vertupdate | MSvert32.exe | "Added by the MYTOB-CY WORM!"
|
| X | Microsoft Vista Upgrade Validation Service | cfmon.exe | "Added by a variant of the IRCBOT BACKDOOR!"
|
| X | Microsoft Visual Application | vpcrtf.exe | "Added by the IRCBOT-XJ TROJAN!"
|
| X | Microsoft web update | webmsn.exe | "Added by the RBOT-EMQ WORM!"
|
| X | Microsoft Win Corp TLS Verification | mswintls.exe | "Added by the RBOT-GCT WORM!"
|
| X | Microsoft Win Update | WinUP.exe | "Added by the RBOT-BPR WORM!"
|
| X | MicroSoft Wind0ws Updater | winsupdater.exe | "Added by a variant of the RBOT WORM!"
|
| X | MicroSoft Window Updater | winsupdater.exe | "Added by the RBOT-ZZ WORM!"
|
| X | Microsoft Windows | atup | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Windows | [path to file] | "Added by the BDOOR-LI BACKDOOR!"
|
| X | Microsoft Windows 32 Update | win32update.exe | "Added by a variant of the IRCBOT TROJAN!"
|
| X | Microsoft Windows Communicator for NT/XP | wincomm.exe | "Added by the RBOT.ATH WORM!"
|
| X | Microsoft Windows DLL Services Configuration | newdll.exe | "Added by the SDBOT-ZR WORM!"
|
| X | Microsoft Windows DLL Services Configuration | newdll2.exe | "Added by the SDBOT-ABD WORM!"
|
| X | Microsoft Windows DLL Services Configuration | poker.exe | "Added by the SDBOT-ZY WORM!"
|
| X | Microsoft Windows DLL Services Configuration | poker3.exe | "Added by the SDBOT-AAH WORM!"
|
| X | Microsoft Windows DLL Services Configuration | proxy.exe | "Added by the SDBOT-ZL WORM!"
|
| X | Microsoft Windows DLL Services Configuration | windir32.exe | "Added by the SDBOT.BHF WORM!"
|
| X | Microsoft Windows DLL Services Configuration | windir32a.exe | "Added by a variant of the SDBOT.BHF WORM!"
|
| X | Microsoft Windows DLL Services Configuration | windll32.exe | "Added by the SDBOT.BHD WORM!"
|
| X | Microsoft Windows DLL Services Configuration | winDSL.exe | "Added by the SDBOT-ZG WORM!"
|
| X | Microsoft Windows DLL Services Configuration | dllmanager32.exe | "Added by the SDBOT-BTU WORM!"
|
| X | Microsoft Windows Express | Microsoft Update | "Added by a variant of the IRCBOT BACKDOOR! See here"
|
| X | Microsoft Windows Game Updater | msgame32.exe | "Added by a variant of the RBOT WORM!"
|
| U | Microsoft Windows Media Player Network Sharing Service Configuration Application | WMPNSCFG.exe | "Network sharing tool for Windows Media Player 11 for XP & Vista. When using WMP 11 on home network you can choose to share your favorite music |
| X | Microsoft Windows Secure Update | rpcxwinupdt.exe | Added by an unidentified WORM or TROJAN!
|
| X | Microsoft Windows Updata | scvhost.exe | "Added by the RBOT.CEM BACKDOOR!"
|
| X | Microsoft Windows Updata | windows.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Windows Updata | [5 random letters].exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Windows Update | rundlls.exe | "Added by the HABRACK WORM!"
|
| X | Microsoft Windows Update | msoffice2.exe | "Added by the RBOT-GB WORM!"
|
| X | Microsoft Windows Update | spools.exe | "Added by the SDBOT.TD WORM!"
|
| X | Microsoft Windows Update | svchos.exe | "Added by the SDBOT.AC WORM!"
|
| X | Microsoft Windows Update | svcshost.exe | "Added by the FORBOT-CF WORM!"
|
| X | Microsoft Windows Update | svmhost.exe | "Added by the FORBOT-CH WORM!"
|
| X | Microsoft Windows Update | svshost.exe | "Added by the WOOTBOT.CJ WORM!"
|
| X | Microsoft Windows Update | msnmessenger.exe | "Added by the SDBOT.AJ WORM!"
|
| X | Microsoft Windows Update | msnwun.exe | "Added by the SDBOT-RM WORM!"
|
| X | Microsoft Windows Update | scvvhost.exe | "Added by the FORBOT-DH WORM!"
|
| X | Microsoft Windows Update | swwhost.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Windows Update | MSNMSGR.EXE | "Added by the SDBOT-WM WORM! Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %System%"
|
| X | Microsoft Windows Update | svzhost.exe | "Added by the FORBOT-EV WORM!"
|
| X | Microsoft Windows Update | sccvhost.exe | "Added by a variant of the SDBOT WORM!"
|
| X | Microsoft Windows Update | scrhost.exe | "Added by the RBOT-AOW WORM!"
|
| X | Microsoft Windows Update | mnswinsx.exe | "Added by the RBOT-AWH WORM!"
|
| X | MICROSOFT Windows update | pdate.exe | "Added by the RBOT.BZT WORM!"
|
| X | Microsoft Windows Update | srshost.exe | "Added by a variant of the SDBOT WORM!"
|
| X | Microsoft Windows Update | rhost32.exe | "Added by a variant of the IRCBOT TROJAN!"
|
| X | Microsoft Windows Update | windowsupdate.exe | "Added by the AGOBOT.ON WORM!"
|
| X | Microsoft Windows Update | servcs.exe | "Added by the SDBOT.AL BACKDOOR!"
|
| X | Microsoft Windows Update | syssinfos.exe | "Added by the RBOT-FWR WORM!"
|
| X | Microsoft Windows Update Application | wuap.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Windows Update Client | csrss.exe | "Added by the KEBEDE-G WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\Systems32"
|
| X | Microsoft Windows Update Client | services.exe | "Added by the AUTORUN.DVE WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
|
| X | Microsoft Windows Update Logon | win-logon.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Windows Update Service | wupdmgr32.exe | "Added by the DOS.AUTOCAT TROJAN!"
|
| X | Microsoft Windows Update Service | msnmsg.exe | "Added by a variant of the IRCBOT BACKDOOR!"
|
| X | Microsoft Windows Update x86 | [various filenames] | "Added by a variant of the RBOT WORM! Filenames seen include (but are not limited to firefox.exe |
| X | Microsoft Windows Update XP64 | ********.exe [* = random char] | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Windows Update XP64 | updatexp64.exe | "Added by the SDBOT-AIM WORM!"
|
| X | Microsoft Windows Update XP64 | Lcuninst.exe | "Added by a variant of the SDBOT WORM!"
|
| X | Microsoft Windows Update XP64 | mzhxlixm.exe | "Added by a variant of the SDBOT WORM!"
|
| X | Microsoft Windows Updater | winupdgm.exe | "Added by the GAOBOT.BI WORM!"
|
| X | Microsoft Windows Updater | WINIUPDATES.EXE | "Added by the RBOT-KK WORM!"
|
| X | Microsoft Windows Updater | WINUPDATE.EXE | "Added by the RBOT-LI WORM!"
|
| X | Microsoft Windows Updater | TMNTSrv.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Windows Updater | win32upd.exe | "Added by the RBOT-EC WORM!"
|
| X | Microsoft Windows Updater | msnupdateit.exe | "Added by the AGOBOT-RL WORM!"
|
| X | Microsoft Windows Updater | windates.exe | "Added by the SDBOT.TE WORM!"
|
| X | Microsoft Windows Updater | spoolvs.exe | "Added by the RBOT.ACQ WORM!"
|
| X | Microsoft Windows Updater | suvhost.exe | "Added by a variant of the SDBOT WORM!"
|
| X | Microsoft Windows Updater | winfix.exe | "Added by the RBOT-CM WORM!"
|
| X | Microsoft Windows updaterD | log32zx.exe | "Added by the MYDOOM.W WORM!"
|
| X | Microsoft Windows Updates | explorer32.exe | "Added by the SDBOT.VQ WORM!"
|
| X | Microsoft Windows Updates | wsap32.exe | "Added by a variant of the SDBOT WORM!"
|
| X | Microsoft Windows Updating System | msresource.exe | "Added by the RBOT-EAM WORM!"
|
| X | Microsoft Windows Workstation | devcode.exe | "Added by the RBOT-AWL WORM!"
|
| X | Microsoft Windows XP Configuration Loader | m32svco.exe | "Added by the SDBOT.WORM!.48548 WORM!"
|
| X | Microsoft Winedows Updateing | NinKey.exe | "Added by a variant of the SPYBOT WORM! See here"
|
| X | Microsoft winsupdater | WINSUPDATER.EXE | "Added by the SPYBOTER.FB BACKDOOR!"
|
| X | Microsoft WinUpdate | mntcgf032.exe | "Added by the RBOT-PF WORM!"
|
| X | Microsoft WinUpdate | svh0st.exe | "Added by the SPYBOT.DL WORM!"
|
| X | Microsoft WinUpdate | syslx32.exe | "Added by an unidentified VIRUS |
| X | Microsoft WinUpdate | syswin32.exe | "Added by the RBOT-HO WORM!"
|
| X | Microsoft WinUpdate | spfix.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft WinUpdate | Winamp61.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft WinUpdate | Winupd32.exe | "Added by the RBOT.MQ WORM!"
|
| X | Microsoft WinUpdate | WinNTinit32.exe | "Added by the RBOT.VS WORM!"
|
| X | Microsoft WinUpdate | msupdte.exe | "Added by an unidentified TROJAN! See examples here & here"
|
| X | Microsoft WinUpdates | serm32.exe | "Added by the RBOT.GE WORM!"
|
| N | Microsoft Works Update Detection | wkdetect.exe | Checks for updates to MS Works
|
| X | Microsoft WPCEmail | [path to trojan] | "Added by the SNIFFER-N TROJAN!"
|
| X | Microsoft WWW | [path to trojan] | "Added by the AGENT-DRI TROJAN!"
|
| X | Microsoft Wxdate | Syswu32.exe | "Added by the SPYBOT.HZ WORM!"
|
| X | Microsoft X Update | wuamkoppnp.exe | "Added by the RBOT-ANI WORM!"
|
| X | Microsoft--Updates | sxvhost.exe | "Added by the RBOT-FH WORM!"
|
| X | Microsoft-Update | wngard.exe | "Added by the RBOT-JV WORM!"
|
| X | Microsoft-Updates | svxhost.exe | "Added by the RBOT-CT WORM!"
|
| X | MicrosoftCorp | update.exe | "Added by the AUTORUN-ASG WORM!"
|
| X | MicrosoftCorp | wupdate.exe | "Added by the AGENT-LAY TROJAN!"
|
| X | MicrosoftKs | Drivers.bat | "Added by the SHUTDOWN-F TROJAN!"
|
| X | MicrosoftMultimediaTask | Mmtask.exe | Adware downloader - not the valid MusicMatch Jukebox which shares the same filename
|
| X | MicrosoftNAPC | update.exe | "Added by the AUTORUN-ASG WORM!"
|
| X | MicrosoftNAPC | wupdate.exe | "Added by the AGENT-LAY TROJAN!"
|
| X | Microsofts Updates | lsasss.exe | "Added by the RBOT-AEX WORM!"
|
| X | Microsofts Updatez | cmsssr.exe | "Added by an unidentified VIRUS |
| X | Microsofts Updatez | exploirez.exe | "Added by a variant of the RBOT WORM!"
|
| X | MicrosoftServiceManager | msupdat.exe | "Added by the YAHA.AA WORM!"
|
| X | MicrosoftUpdate | syshelper.exe | "Added by the WOOTBOT.AC WORM!"
|
| X | MicrosoftUpdate | WinUp32.exe | "Added by an unidentified VIRUS |
| X | MicrosoftUpdate | MicrosoftUpdate.exe | "Added by the BANKER-EHC TROJAN!"
|
| X | MicrosoftUpdate | windll.exe | "Added by the RBOT-IH WORM!"
|
| X | MicrosoftUpdate | RBuilder.exe | "Added by the DLOADR-BMV TROJAN!"
|
| X | MicrosoftUpdate | svhest.exe | "Added by the RBOT-ES WORM!"
|
| X | MicrosoftUpdate | downnew.exe | "Added by the TANTO-D TROJAN!"
|
| X | MicrosoftUpdates | [path to trojan] | "Added by the DELF-LO TROJAN!"
|
| X | MicrosoftUpdates | syshelped.exe | "Added by the FORBOT-AZ WORM!"
|
| U | MicrosoftŽ WindowsŽ Operating System | Sidebar.exe | "Windows Sidebar is a pane on the side of the Microsoft Windows Vista desktop where you can keep your gadgets organized and always available. In Windows 7 this feature is known as Desktop Gadgets and each gadget can be placed anywhere on the desktop. If the file isn't located in %ProgramFiles%\Windows Sidebar or you're using other versions of Windows it could be part of the Searchcentrix hijacker"
|
| N | MicrosoftŽ WindowsŽ Operating System | "RunDLL32.exe ehuihlp.dll | BootMediaCenter" |
| N | MicrosoftŽ WindowsŽ Operating System | p2phost.exe | "Signs a user into the People Near Me feature at login in Windows 7 and Vista. People Near Me enables you to use certain peer-to-peer (P2P) programs on a network - that ""identifies people nearby who are using computers and allows those people to send you invitations for programs such as Windows Meeting Space. They can only invite you to participate in programs that are installed on your computer."" Available via Start → Control Panel"
|
| U | MicrosoftŽ WindowsŽ Operating System | ehTray.exe | "Media Center Tray Applet - part of Windows Media Center on XP MCE |
| N | MicrosoftŽ WindowsŽ Operating System | "rundll32.exe oobefldr.dll | ShowWelcomeCenter" |
| N | MicrosoftŽ WindowsŽ Operating System | stikynot.exe | "Microsoft Sticky Notes - virtual sticky notes tool from Windows Vista. This implementation of the popular yellow ""Post-It"" tool is part of the Tablet PC features and allows you to enter either handwriting (via a pen or mouse) or record a voice note. AVailable via Start → All Programs"
|
| U | MicrosoftŽ WindowsŽ Operating System | WMPNSCFG.exe | "Network sharing tool for Windows Media Player 11 for XP & Vista. When using WMP 11 on home network you can choose to share your favorite music |
| X | Microsotufed Update 32 | windinit.exe | "Added by the RBOT-CTJ WORM!"
|
| X | Microszoft Update Mach1nezs | svchst.exe | "Added by the RBOT-ED WORM!"
|
| ? | MigrationVendorSetupCaller | "rundll32.exe migrate.dll | CallVendorSetupDlls" |
| X | minimo | [path to file] | "Added by the MOSUCK-X TROJAN!"
|
| X | Miosf Update | wimsqaad.exe | "Added by the SDBOT.AG TROJAN!"
|
| X | Mirate Sp 2 Information | miratesp2.exe | "Added by the RBOT.QH WORM!"
|
| X | Mircosoft Update | wuampkd.exe | "Added by a variant of the SDBOT WORM!"
|
| X | MistikotitaTuIpologisti | GDC.exe | "MistikotitaTuIpologisti Greek rogue privacy tool - not recommended. A member of the PCPrivacyTool family"
|
| X | ml34 | [path to trojan] | "Added by the MAILBOT-BH TROJAN!"
|
| N | Mobile Connectivity Suite | Application Launcher.exe | "System Tray access to the HTC Sync mobile phone management utility for models including the Hero |
| U | Mobipocket Reader Notifications | readernotify.exe | "Part of Mobipocket Reader - ""Store all your eBooks |
| X | Modem | locatesvc.exe | "Added by a variant of the SPYBOT WORM!"
|
| X | Modem Driverz Updates | mdmdrv.exe | "Added by a variant of the SDBOT WORM!"
|
| X | Modifiet Amateur HTPB | wuaclt.exe | "Added by the IRCBOT.AYS WORM!"
|
| N | MoneyStartUp10.0 | Activation.exe | Part of MS Money 2002. Available via Start -> Programs
|
| X | Monitor calibration | AV1i.exe | "Anti-Virus-1 rogue security software - not recommended |
| X | Motherboard Config | Ati2xxx.exe | "Added by the RBOT-AIK WORM!"
|
| X | MouseDrv | [path to worm] | "Added by the ZOLOAD-B WORM!"
|
| X | MouseDrv | update.exe | "Added by the ZOTOB.N WORM!"
|
| X | MoussaEvil | [path to file] | "Added by the MUSANUB-A WORM!"
|
| X | Mozilla Firebird v0.8 Internet Browser | netstats.exe | "Added by the IRCBOT.MC TROJAN!"
|
| U | Mozy Status | mozystat.exe | "Mozy - free backup at a secure |
| X | Mp3 Loader | Sysdata.EXE | "Added by the AVETTE-A VIRUS!"
|
| X | MPatrolPRO | MPatrolPRO.exe | "MalwarePatrol Pro rogue security software - not recommended |
| U | MP_STATUS_MONITOR | monitr32.exe | Cannon Multi-Pass status monitor - your choice
|
| X | Ms Builders | Wupated.exe | "Added by the AGOBOT-SS WORM!"
|
| X | MS Configuration | MSFramer.exe | "Added by the RANDEX.OL WORM!"
|
| X | Ms Configuration | microsoftsa32.exe | "Added by the KELVIR.X WORM!"
|
| X | MS Configuration Utility | msconfig32.exe | "Added by the WOOTBOT.DY WORM!"
|
| X | MS DATABASE | MSDATA32.EXE | "Added by a variant of the SDBOT WORM!"
|
| X | MS HTML | mslat.exe | "Added by the LATINUS.SVR TROJAN!"
|
| X | MS HTML Location Class | MSHTML32.exe | "Added by the RBOT-YD WORM!"
|
| X | Ms Java Update For Windows NT/XP | msijavaupdt32.exe | "Added by the RANDEX.AF WORM!"
|
| X | MS Security Update 993 | msident.exe | "Added by a variant of the SDBOT WORM!"
|
| X | MS UniX | navupdate64.exe | "Added by the RBOT.CRZ BACKDOOR!"
|
| X | MS Unix Binary | msnupdate.exe | "Added by the RBOT-AAM WORM!"
|
| X | MS Unix Binary | outlookexpressupdate.exe | "Added by the RBOT-YU WORM!"
|
| X | MS Unix Binary | Win32Update.exe | "Added by the RBOT-BAS WORM!"
|
| X | MS Unix Binary | Norton2005Update.exe | "Added by a variant of the RBOT WORM!"
|
| X | MS Unix Binary | trmupdate.exe | "Added by the RBOT-ACC WORM!"
|
| X | MS Update | syshost.exe | "Added by the EVAMAN-F WORM!"
|
| X | Ms Update WinServices NT/XP | winservnt32.exe | "Added by the VANEBOT-G WORM!"
|
| X | MS UPDATER | update.exe | "Added by the RBOT-VC WORM!"
|
| X | MS Updates | mscache.exe | Spyware web downloader
|
| X | MS Updates | syshosts.exe | "Added by the MYDOOM.Y WORM!"
|
| X | MS Updates | aupd.exe | Spyware web downloader
|
| X | MS Updating Utility | msupdater.exe | "Added by the RBOT-XR WORM!"
|
| X | ms window update | ******.exe [* = random character] | "Added by a variant of the RBOT WORM!"
|
| X | MS windows Data list process | MSDATLST.exe | Added by an unidentified WORM or TROJAN!
|
| X | MS Windows Security Updater | updater.pif | "Added by the RBOT-AKY WORM!"
|
| X | MS Windows Update | scguard.exe | "Added by the RBOT-YZ WORM!"
|
| X | MS-patch | msconfig32.exe | "Added by the RBOT-AUF WORM!"
|
| X | MS-patch | mspatch32.exe | "Added by the RBOT-AWF TROJAN!"
|
| X | msbsc | [path to trojan] | "Added by the BANKER-DF TROJAN!"
|
| X | msconfig | msconfig.bat | "Added by the PAHATIA.B WORM!"
|
| X | MSConfig Manager | msupdate.exe | "CoolWebSearch parasite variant"
|
| X | msconfig service | MSupdate32.exe | "Added by a variant of the SPYBOT WORM!"
|
| X | msconfigurator | ctfsdk.exe | "Added by the DELF-ALS TROJAN!"
|
| ? | MSCRMStartup | Microsoft.Crm.Application.Hoster.exe | "Related to Microsoft Dynamics CRM integrated solutions for Financial |
| X | MSDatabla | vadasq.exe | "Added by the LIOTEN.IK WORM!"
|
| X | msdir32 | msdir32.bat | "Added by the ROOKIE-A TROJAN!"
|
| X | MSDNMess | [path to trojan] | "Added by the RANKY.BA TROJAN!"
|
| X | MsgApi | [path to file] | "Added by the DEDLER-D TROJAN! The most common filenames seen are ""csmss.exe"" and ""csmrs.exe"" |
| X | Msgmgr | [path to worm] | "Added by the BABYBEAR WORM!"
|
| X | MSI Configuration | msiconf.exe | "Added by the AGENT.AKSZ TROJAN!"
|
| ? | MSLIB32 | mswatch32.exe | "??"
|
| X | msliveupdate | msliveupdate.exe | "Added by the AGOBOT.ALT WORM!"
|
| X | msmsgss | [path to trojan] | "Added by the RANKY.G BACKDOOR!"
|
| X | MSN | netstats.exe | "Added by the IRCBOT.UXP WORM!"
|
| X | MSN Administration For Windows | msnadp32.exe | "Added by the BROPIA.W WORM!"
|
| X | MSN Auto-Updater | msnaupdater.exe | "Added by a variant of the IRCBOT BACKDOOR!"
|
| X | MSN Auto-Updater | msnupdates.exe | "Added by the AUTORUN.WORM.GEN WORM!"
|
| X | MSN Communication Manager | msncommgr.exe | "Added by an unidentified WORM or TROJAN! See here"
|
| X | MSN Configuration | msnconfig.exe | "Added by a variant of the IRCBOT TROJAN!"
|
| X | Msn Configuration Loader | msngms.exe | "Added by the KELVIR.T WORM!"
|
| X | MSN Configuration Loader | msmsncfg.exe | "Added by the AGOBOT-KX BACKDOOR!"
|
| X | MSN Database Client | msndbcli.exe | "Added by an unidentified WORM or TROJAN! See here"
|
| X | MSN File Configuration | msnfilecfg.exe | "Added by a variant of the IRCBOT BACKDOOR!"
|
| X | MSN Message Background loader | [path to worm] | "Added by the RBOT-AIE WORM!"
|
| X | Msn Messenger Update | msnupdate.exe | "Added by a variant of the RBOT WORM!"
|
| X | Msn Messenger update | msnservice.exe | "Added by a variant of the IRCBOT BACKDOOR!"
|
| X | Msn Patch | msndp.exe | "Added by the RBOT.AAI WORM!"
|
| X | Msn Patches | msndr.exe | "Added by a variant of the SDBOT WORM!"
|
| X | Msn Plus Updater | msnplus.exe | "Added by the RBOT-MU WORM!"
|
| X | Msn Service | matrixcam.exe | "Added by the MYTOB.JH WORM!"
|
| X | MSN Service Updates | winproc.exe | "Added by the KELVIR-BB WORM!"
|
| X | MSN Update | mscon.exe | "Added by the RBOT-QA WORM!"
|
| X | MSN Update | msn32.exe | "Added by the RBOT.AHN WORM!"
|
| X | MSN Update | DLLCON.EXE | "Added by the RBOT-EA WORM!"
|
| X | MSN Update Cfg | msnupdbt.exe | "Added by an unidentified WORM or TROJAN! See here"
|
| X | MSN Update Client | msnupdater.exe | "Added by a variant of the IRCBOT BACKDOOR!"
|
| X | MSN Update Client | msnupdcli.exe | "Added by a variant of the IRCBOT BACKDOOR!"
|
| X | Msn Update Manager (Sp2) | MSMSGS.EXE | "Added by the AGOBOT-NL WORM! Note - this particular msmsgs.exe file is located in %System% and should not be mistaken for the MSN Messenger file of the same name which is located in %Program Files%\Messenger"
|
| X | Msn Update Service | userx.exe | "Added by the MYTOB.JF WORM!"
|
| X | MSN Update Service | msnupdsv.exe | "Added by a variant of the IRCBOT BACKDOOR! See here"
|
| X | Msn Update SUPPORT | [random filename] | "Added by the RBOT-BPS WORM!"
|
| X | MSN Updater | msnms.exe | "Added by the FORBOT-CG WORM!"
|
| X | Msn Updater | msnplugins.exe | "Added by the RBOT-HS WORM!"
|
| X | Msn Updater | windatemanager.exe | "Added by the SDBOT.TS WORM!"
|
| X | MSN UPDATERS | virtualmemory.exe | "Added by the RBOT-JK WORM!"
|
| X | MSN Updating | msnupdate.exe | "Added by the QHOST.AEI TROJAN!"
|
| X | msn upddate | mesenger.exe | "Added by the RBOT-AVZ WORM!"
|
| X | MSN6.1 Auto-Updater | v6msn.exe | "Added by the AUTORUN-MM WORM!"
|
| X | Msnarrator | msnarrator.exe | "Added by the NARAT.A TROJAN! - also identified as MPGCOM Toolbar adware"
|
| X | MSNMSGRE | swef.bat | IRC backdoor TROJAN or WORM!
|
| X | MSNMSGRR | swin.bat | IRC backdoor TROJAN or WORM!
|
| X | MSNMSGRS | swe.bat | IRC worm or backdoor trojan!
|
| X | MSNMSGRS | swiss.bat | IRC worm or backdoor trojan!
|
| X | MSNMSGRS1 | swed.bat | IRC backdoor TROJAN or WORM!
|
| X | msnmsgy | [path to file] | "Added by the BANKER-EQ TROJAN!"
|
| X | MSNPluginSrvcs | sagate.exe | "Added by the SDBOT.AKJ WORM!"
|
| X | msoft-updater23 | mssysstems.exe | "Added by the RBOT-ATU WORM!"
|
| X | msoft-updater23 | slssystem.exe | "Added by the RBOT-ASR WORM!"
|
| X | MSOleath32 | winss.exe | "Added by the KATHER TROJAN!"
|
| X | msoupdater | msoupdater.exe | "Added by the DLOADER.GBD TROJAN!"
|
| X | Mspatch69 | [path to trojan] | "Added by the MPROX TROJAN!"
|
| X | Mspatch89 | cnqmax.exe | "Added by the RANDEX.P WORM!"
|
| X | MSPP System Update 64 | wiaadmgr.exe | "Detected by Kaspersky as the RANKY.GEN TROJAN!"
|
| X | MSPRO32 | [path to worm] | "Added by the IBERIO WORM!"
|
| X | msresear | [path to trojan] | "Added by the WEASYW-B TROJAN!"
|
| X | MSSGisg | [path to file] | "Added by the RANKY.N TROJAN!"
|
| X | mssonfig | winupdate.exe | "Added by a variant of the SDBOT WORM!"
|
| X | mssvc | [path to trojan] | "Added by the PSK TROJAN!"
|
| X | MSUpdate | wupd.exe | "Added by the ALADINZ.M TROJAN!"
|
| X | MSUpdate | svchosthlp.exe | "Added by the BLASTER.T WORM!"
|
| X | msupdate | msupdate.exe | "Added by the RBOT-MZ WORM!"
|
| X | MSUpdate | criticalUpdate.exe | "Affilred adware"
|
| X | msupdate | update.exe | "Added by a variant of the SDBOT WORM!"
|
| X | Msupdate | expIorer.exe | "Added by the TACTSLAY.A TROJAN!"
|
| X | Msupdate | outIook.exe | "Added by the TACTSLAY.A TROJAN!"
|
| X | Msupdate | svchosts.exe | "Added by a variant of the TACTSLAY TROJAN!"
|
| X | Msupdate | svcrhost.exe | "Added by the TACTSLAY.A TROJAN!"
|
| X | Msupdate | svcshost.exe | "Added by the TACTSLAY.A TROJAN!"
|
| X | MSupdate.exe | N/A | "CoolWebSearch parasite variant - resets home page to an adult content site"
|
| X | MSUpdateDevKit | axfd.exe | "Added by the SDBOT-ZD WORM!"
|
| X | msupdater | msupdater.exe | "Added by a variant of the Storm/Nuwar/Zhelatin WORM! See here for an example"
|
| X | MsUpdater System | udpsys32.exe | "Added by the RBOT.AAA WORM!"
|
| X | MSupdater.exe | N/A | "CoolWebSearch parasite variant. Installs the Winshow.dll browser plugin"
|
| X | msupdater25 | lsasser.exe | "Added by the RBOT-ATS WORM!"
|
| X | msupdates | msupdt.exe | "Added by the RBOT-JO WORM!"
|
| X | MSVersion | INTERNETFEATURES.exe | "Added by the POPMON.A TROJAN! - also known as PopMonster adware"
|
| X | msvupdater | msvupdater.exe | "Added by a variant of the Storm/Nuwar/Zhelatin WORM! See here for an example"
|
| X | MsWindows SysDate | sysmsvc.exe | "Added by the SPYBOT.FCD WORM!"
|
| X | MSWindowsUpdate | Systern.exe | "Added by the RBOT-AFD WORM!"
|
| X | MSWindowsUpdate | mswinup.exe | "Added by a variant of the SDBOT WORM!"
|
| X | MSWinupdate | winupdate.exe | "Added by the DLOADR-AAW TROJAN!"
|
| X | MSWTL32 | MSATL32.exe | "Added by an unidentified WORM or TROJAN! See here"
|
| X | MSWUpdate | [path to worm] | "Added by the SILLYFD-V WORM! The most common filename is lsass.exe but it not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup!"
|
| X | MSxmlHpr | "RUNDLL32.EXE [path] msxm192z.dll | w" |
| X | MS_Update Check | wdfmgr.exe | "Added by the AGOBOT-TB WORM!"
|
| X | MS_update_0704_KB74073.exe | MS_update_0704_KB74073.exe | "Added by a variant of the UPDATEKB TROJAN!"
|
| X | Multimedia extensions | [path to trojan] | "Added by the SMUTSRCH-A TROJAN!"
|
| X | mxb2 | [path to worm] | "Added by the IXBOT-G WORM!"
|
| X | MyFastAccess | myfastupdate.exe | My-Fast-Access toolbar updater
|
| U | myNetWatchman | nwclient.exe | "Sends your firewall alerts to a website |
| U | MytekSystrayExePath | MyTekSystray.exe | "MyTek system tray - web site providing computer tech support in Australia"
|
| X | MyWebSearch Plugin | "rundll32 [path] M3PLUGIN.DLL | UPF" |
| X | napv.exe | wupdate.exe | "Added by the AGOBOT-JX BACKDOOR!"
|
| X | Narrator | ******.exe [* = random char] | "Added by the QOOLOGIC TROJAN!"
|
| U | Narrator | Narrator.exe | Associated with the Narrator accessibility feature on Windows XP. It is used to convert text to speech
|
| X | Natal | Natal.scr | "Added by the OPASERV.AE WORM!"
|
| X | NAV Auto Update | [random filename] | "Added by the SPYBOT-E WORM!"
|
| X | NAV Auto Update | iamsad.exe | "Added by the SPYBOT-CE BACKDOOR!"
|
| X | NAV Auto Update | Sadness.exe | "Added by the SPYBOT-E WORM!"
|
| X | NAV Auto Updates | csrssp.exe | "Added by a variant of the SDBOT WORM!"
|
| X | NAV Auto Updates | navwindows.exe | "Added by a variant of the SDBOT WORM!"
|
| X | NAV Auto Updates | slserves.exe | "Added by the RBOT.COI BACKDOOR!"
|
| X | NAV Auto Updates | navupdaterx.exe | "Added by a variant of the RBOT WORM!"
|
| N | NAV Configuration Wizard | cfgwiz.exe | "Introduced with Norton Anti-Virus 2002 |
| X | NAV Live Update | [path to worm] | "Added by the DEBORMS.C WORM! Note - this is not a valid Norton Anti-Virus (NAV) function from Symantec"
|
| X | Navegate | iiexplorer.exe | "Added by the BANCBAN-OP TROJAN!"
|
| X | Navegate | wisterd.exe | "Added by the BANKER-BOS TROJAN!"
|
| X | NAVWatch | NAVWatcher.exe | "VX2.Transponder parasite updater/installer related"
|
| X | NAV_Update | NAV_Update.exe | Unidentified WORM or TROJAN!
|
| N | NB Windows Patterns | WINDBKGND.EXE | "Part of McAfee Nuts & Bolts. With Background Patterns |
| X | NBT System alias | [path] repcale.exe [path] beird.exe | "Added by a variant of the RANDON.AN WORM!"
|
| X | Ndpldaemon | [path to trojan] | "Added by the RPCSDBOT-A TROJAN!"
|
| X | Ndtstat | Ndtstat.exe | Added by a variant of the BANLOAD family of TROJANS!
|
| X | Negative | spain.exe | "Added by the BANKER-EXJ TROJAN!"
|
| X | Nero Updater.6.12 | wmp9.exe | "Added by the AGOBOT-AAG WORM!"
|
| X | NeroUpdate Check | msjava.exe | "Added by the AGOBOT.AMH WORM!"
|
| X | NeroUpdater6.8 | winjava.exe | "Added by the AGOBOT.AMK WORM!"
|
| U | Net Accelerator | NetAccelerator.exe | "Rizal NetAccelerator - ""Optimizing Dial-Up |
| X | NET Bios Stats | ntbstats.exe | "Added by the SDBOT-ZX WORM!"
|
| U | NetAccelerator | NetAccel.exe | "NetAccelerator is a "software utility that optimizes your internet access up to 1200% faster!. NetAccelerator speeds all modems allowing you to download faster |
| U | NetAssistant | matcli.exe | """matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address |
| ? | netfxupdate | netfxupdate.exe | "Would appear to be a valid Microsoft .NET file (see here) but other sources suggest it could be a trojan"
|
| ? | NetFxUpdate_v1.0.3705 | netfxupdate.exe | "Would appear to be a valid Microsoft .NET file (see here) but other sources suggest it could be a trojan"
|
| X | nethost.exe | [path to file] | "Added by the PERDA-J TROJAN!"
|
| U | NetManageImport | nmcpdata.exe | "NetManage business software related"
|
| U | NetPatrol | winclient.exe | "NetPatrol network monitoring software"
|
| N | NetStat Live | Nsl.exe | "AnalogX NetStat Live - TCP/IP protocol monitor which can be used to see your exact throughput on both incoming and outgoing data"
|
| X | Nettordinateur | GDC.exe | "Nettordinateur rogue privacy tool - not recommended. A member of the PCPrivacyTool family"
|
| X | netupdate32 | netupdate32.exe | "Added by the RBOT-GQZ WORM!"
|
| X | NetWatch32 | netwatch.exe | "Added by the MIMAIL.C WORM!"
|
| X | Network Administration | NAS.exe | "Added by the ANTILAM.20.Q TROJAN!"
|
| X | Network Administration Service | rsvc32.exe | "Added by the RBOT.ABH WORM!"
|
| U | Network Associates Error Reporting Service | TBMon.exe | Network Associates Error Reporting Tool - tool traps errors and requests submission to NAI for the purpose of betatesting new software
|
| X | Network Connections | internat.exe | "Added by the VB-ZD TROJAN!"
|
| X | Network Host Controller | [path to trojan] | "Added by the WHISPER TROJAN!"
|
| X | Network Security Guard | [path to trojan] | "Added by the COLEM-A TROJAN!"
|
| X | Network Translation System Service | ntss.exe | "Added by the UNPDOOR TROJAN!"
|
| X | NetworkAssociates Inc | internet.exe | "Added by the LOVGATE.AB WORM!"
|
| X | Networks Configurator | NetConfs.exe | "Added by the RBOT-OX WORM!"
|
| X | New.net Startup | "rundll32 [path] NEWDOT~1.DLL | ClientStartup" |
| X | New.net Startup | "rundll32 [path] NEWDOT~1.DLL | NewDotNetStartup" |
| X | New.net Startup | "rundll32 [path] NEWDOT~2.DLL | ClientStartup" |
| X | New.net Startup | "rundll32 [path] NEWDOT~2.DLL | NewDotNetStartup" |
| X | newname | [path to trojan] | "Added by the DRSMARTL-S TROJAN!"
|
| X | NI.ERS_9999_N91S3108 | [path to file] | "Installer for the ErrorSafe rogue system error and cleaning utility - see here"
|
| X | NI.GA6PU_0001_N108E1308 | [path to file] | "Installer for the VirusSchlacht German rogue security software - see here"
|
| X | NI.GA6PU_0001_N120C2910 | [path to file] | "Installer for the VirusSchlacht German rogue security software - see here"
|
| X | NI.GA6P_0001_N105E2704 | [path to file] | "Installer for the AVSystemCare rogue security software - see here"
|
| X | NI.GA6P_0001_N108E1606 | [path to file] | "Installer for the BestsellerAntivirus rogue security software - see here"
|
| X | NI.GA6P_0001_N111C1707 | [path to file] | "Installer for the AVSystemCare rogue security software - see here"
|
| X | NI.GA6P_0001_N115C0110 | [path to file] | "Installer for the AVSystemCare rogue security software - see here"
|
| X | NI.GA6P_0001_N115E0110 | [path to file] | "Installer for the AVSystemCare rogue security software - see here"
|
| X | NI.GA6P_0001_N122C0611 | [path to file] | "Installer for the AVSystemCare rogue security software - see here"
|
| X | NI.GA6P_0001_N122C2210 | [path to file] | "Installer for the AVSystemCare rogue security software - see here"
|
| X | NI.GA6P_0001_N122C2802 | [path to file] | "Installer for the AVSystemCare rogue security software - see here"
|
| X | NI.GA6P_0001_N122E0611 | [path to file] | "Installer for the AVSystemCare rogue security software - see here"
|
| X | NI.GA6P_2001_N108E1606 | [path to file] | "Installer for the BestsellerAntivirus rogue security software - see here"
|
| X | NI.GDCDE_0001_N122C1912 | [path to file] | "Installer for the FestplattenReiniger German rogue privacy tool - see here"
|
| X | NI.GDC_0001_N111C1909 | [path to file] | "Installer for the PCPrivacyTool rogue privacy tool - see here"
|
| X | NI.GDC_0001_N122C1912 | [path to file] | "Installer for the PCPrivacyTool rogue privacy tool - see here"
|
| X | NI.GES_0001_N122C2610 | [path to file] | "Installer for the ErrClean rogue system error and cleaning utility - see here"
|
| X | NI.UAVIFR_0001_N105M2404 | [path to file] | "Installer for the VirusGarde French rogue security software - see here"
|
| X | NI.UERSM_0001_N68M1602 | [path to file] | "Installer for the ErrorSafe rogue system error and cleaning utility - see here"
|
| X | NI.UGA6P | [path to file] | "Installer for the BestsellerAntivirus rogue security software - see here"
|
| X | NI.UGA6PH_0001_N122M2910 | [path to file] | "Installer for the AntiVirusAskeladd rogue security software - see here"
|
| X | NI.UGA6PK_0001_N122M1302 | [path to file] | "Installer for the VirusForsvar Danish rogue security software - see here"
|
| X | NI.UGA6PL_0001_N108M2808 | [path to file] | "Installer for the VirusSchlacht Swedish rogue security software - see here"
|
| X | NI.UGA6PL_0001_N120M1302 | [path to file] | "Installer for the VirusSchlacht Swedish rogue security software - see here"
|
| X | NI.UGA6PM_0001_N108M2108 | [path to file] | "Installer for the AntivirusScherm Dutch rogue security software - see here"
|
| X | NI.UGA6PM_0001_N122M1202 | [path to file] | "Installer for the AntivirusScherm Dutch rogue security software - see here"
|
| X | NI.UGA6PM_0001_N122M3010 | [path to file] | "Installer for the AntivirusScherm Dutch rogue security software - see here"
|
| X | NI.UGA6PT_0001_N108M2208 | [path to file] | "Installer for the VirusDifesa Italian rogue security software - see here"
|
| X | NI.UGA6PT_0001_N122M1202 | [path to file] | "Installer for the VirusDifesa Italian rogue security software - see here"
|
| X | NI.UGA6PT_0001_N122M2910 | [path to file] | "Installer for the VirusDifesa Italian rogue security software - see here"
|
| X | NI.UGA6PU_0001_N108M1308 | [path to file] | "Installer for the VirusSchlacht German rogue security software - see here"
|
| X | NI.UGA6PU_0001_N120M1202 | [path to file] | "Installer for the VirusSchlacht German rogue security software - see here"
|
| X | NI.UGA6PU_0001_N120M2910 | [path to file] | "Installer for the VirusSchlacht German rogue security software - see here"
|
| X | NI.UGA6PV_0001_N108M0207 | [path to file] | "Installer for the VirusGarde French rogue security software - see here"
|
| X | NI.UGA6PV_0001_N122M1202 | [path to file] | "Installer for the VirusGarde French rogue security software - see here"
|
| X | NI.UGA6PV_0001_N122M2910 | [path to file] | "Installer for the VirusGarde French rogue security software - see here"
|
| X | NI.UGA6P_0001_N105M2704 | [path to file] | "Installer for the AVSystemCare rogue security software - see here"
|
| X | NI.UGA6P_0001_N111M1707 | [path to file] | "Installer for the AVSystemCare rogue security software - see here"
|
| X | NI.UGA6P_0001_N115M0110 | [path to file] | "Installer for the AVSystemCare rogue security software - see here"
|
| X | NI.UGA6P_0001_N119M1510 | [path to file] | "Installer for the AVSystemCare rogue security software - see here"
|
| X | NI.UGA6P_0001_N120M1710 | [path to file] | "Installer for the AVSystemCare rogue security software - see here"
|
| X | NI.UGA6P_0001_N122M0611 | [path to file] | "Installer for the AVSystemCare rogue security software - see here"
|
| X | NI.UGA6P_0001_N122M2210 | [path to file] | "Installer for the AVSystemCare rogue security software - see here"
|
| X | NI.UGA6P_0001_N122M2802 | [path to file] | "Installer for the AVSystemCare rogue security software - see here"
|
| X | NI.UGA6P_0007_N125M2002 | [path to file] | "Installer for the BestsellerAntivirus rogue security software - see here"
|
| X | NI.UGA6P_1001_N122M0402 | [path to file] | "Installer for the AVSystemCare rogue security software - see here"
|
| X | NI.UGA6P_1002_N122M1402 | [path to file] | "Installer for the AVSystemCare rogue security software - see here"
|
| X | NI.UGA6P_4001_N122M2111 | [path to file] | "Installer for the AVSystemCare rogue security software - see here"
|
| X | NI.UGA6P_4444_N122M2811 | [path to file] | "Installer for the AVSystemCare rogue security software - see here"
|
| X | NI.UGA6P_5001_N122M1902 | [path to file] | "Installer for the AVSystemCare rogue security software - see here"
|
| X | NI.UGA6P_5555_N122M0312 | [path to file] | "Installer for the AVSystemCare rogue security software - see here"
|
| X | NI.UGDC1_0001_N119M0911 | [path to file] | "Installer for the FilterProgram rogue privacy tool - see here"
|
| X | NI.UGDCCZ_0001_N122M0307 | [path to file] | "Installer for the SuspenzorPC Czech rogue privacy tool - see here"
|
| X | NI.UGDCCZ_0001_N122M0511 | [path to file] | "Installer for the SuspenzorPC Czech rogue privacy tool - see here"
|
| X | NI.UGDCCZ_0001_N122M1712 | [path to file] | "Installer for the SuspenzorPC Czech rogue privacy tool - see here"
|
| X | NI.UGDCDE_0001_N111M3007 | [path to file] | "Installer for the FestplattenReiniger German rogue privacy tool - see here"
|
| X | NI.UGDCDE_0001_N122M1912 | [path to file] | "Installer for the FestplattenReiniger German rogue privacy tool - see here"
|
| X | NI.UGDCGR_0001_N122M0307 | [path to file] | "Installer for the FestplattenReiniger Greek rogue privacy tool - see here"
|
| X | NI.UGDCGR_0001_N122M1812 | [path to file] | "Installer for the FestplattenReiniger Greek rogue privacy tool - see here"
|
| X | NI.UGDCNL_0001_N111M3007 | [path to file] | "Installer for the NoCompromaat Dutch rogue privacy tool - see here"
|
| X | NI.UGDCNL_0001_N122M1912 | [path to file] | "Installer for the NoCompromaat Dutch rogue privacy tool - see here"
|
| X | NI.UGDCNL_0001_N122M3011 | [path to file] | "Installer for the NoCompromaat Dutch rogue privacy tool - see here"
|
| X | NI.UGDCPL_0001_N108M0207 | [path to file] | "Installer for the OczyszczaczKomputerza Polish rogue privacy tool - see here"
|
| X | NI.UGDCPL_0001_N122M2012 | [path to file] | "Installer for the OczyszczaczKomputerza Polish rogue privacy tool - see here"
|
| X | NI.UGDCRU_0001_N111M0208 | [path to file] | "Installer for the SanitarDiska Romanian rogue privacy tool - see here"
|
| X | NI.UGDCRU_0001_N122M2012 | [path to file] | "Installer for the SanitarDiska Romanian rogue privacy tool - see here"
|
| X | NI.UGDCTH_0001_N122M1712 | [path to file] | "Installer for the PC Drive Tool rogue privacy tool - see here"
|
| X | NI.UGDCTR_0001_N108M0407 | [path to file] | "Installer for the PC Drive Tool rogue privacy tool - see here"
|
| X | NI.UGDC_0001_N108M0407 | [path to file] | "Installer for the PC Drive Tool rogue privacy tool - see here"
|
| X | NI.UGDC_0001_N111M1909 | [path to file] | "Installer for the PCPrivacyTool rogue privacy tool - see here"
|
| X | NI.UGDC_0001_N122M0502 | [path to file] | "Installer for the PCPrivacyTool rogue privacy tool - see here"
|
| X | NI.UGDC_0001_N122M1912 | [path to file] | "Installer for the PCPrivacyTool rogue privacy tool - see here"
|
| X | NI.UGDC_0001_N122M2603 | [path to file] | "Installer for the PCPrivacyTool rogue privacy tool - see here"
|
| X | NI.UGDC_0001_N122M2610 | [path to file] | "Installer for the PCPrivacyTool rogue privacy tool - see here"
|
| X | NI.UGDC_0001_N122M2802 | [path to file] | "Installer for the PCPrivacyTool rogue privacy tool - see here"
|
| X | NI.UGDC_0001_N122M2811 | [path to file] | "Installer for the PCPrivacyTool rogue privacy tool - see here"
|
| X | NI.UGDC_0002_N108M1007 | [path to file] | "Installer for the PC Drive Tool rogue privacy tool - see here"
|
| X | NI.UGDC_0003_N108M2407 | [path to file] | "Installer for the PCPrivacyTool rogue privacy tool - see here"
|
| X | NI.UGESF_0001_N122M0201 | [path to file] | "Installer for the HataDuzelticisi Turkish rogue system error and cleaning utility - see here"
|
| X | NI.UGESL_0001_N105M0405 | [path to file] | "Installer for the SystemOrdnare Swedish rogue system error and cleaning utility - see here"
|
| X | NI.UGESL_0001_N122M0303 | [path to file] | "Installer for the SystemOrdnare Swedish rogue system error and cleaning utility - see here"
|
| X | NI.UGESL_0001_N122M2911 | [path to file] | "Installer for the SystemOrdnare Swedish rogue system error and cleaning utility - see here"
|
| X | NI.UGESM_0001_N122M0303 | [path to file] | "Installer for the DokterFix Dutch rogue system error and cleaning utility - see here"
|
| X | NI.UGESV_0001_N108M2006 | [path to file] | "Installer for the SysDepannage French rogue system error and cleaning utility - see here"
|
| X | NI.UGESV_0001_N122M0303 | [path to file] | "Installer for the SysDepannage French rogue system error and cleaning utility - see here"
|
| X | NI.UGESV_0001_N122M2811 | [path to file] | "Installer for the SysDepannage French rogue system error and cleaning utility - see here"
|
| X | NI.UGESV_0001_N122M3010 | [path to file] | "Installer for the SysDepannage French rogue system error and cleaning utility - see here"
|
| X | NI.UGES_0001_N122M0502 | [path to file] | "Installer for the ErrClean rogue system error and cleaning utility - see here"
|
| X | NI.UGES_0001_N122M2111 | [path to file] | "Installer for the ErrClean rogue system error and cleaning utility - see here"
|
| X | NI.UGES_0001_N122M2602 | [path to file] | "Installer for the ErrClean rogue system error and cleaning utility - see here"
|
| X | NI.UGES_0001_N122M2603 | [path to file] | "Installer for the ErrClean rogue system error and cleaning utility - see here"
|
| X | NI.UGES_0001_N122M2610 | [path to file] | "Installer for the ErrClean rogue system error and cleaning utility - see here"
|
| X | NI.UGES_0002_N108M1607 | [path to file] | "Installer for the ErrClean rogue system error and cleaning utility - see here"
|
| X | Nielsen NetRatings | insight.exe | "NetRatings Premeter spyware"
|
| X | NIEUW | [path to dialler] | """Switch-F"" premium rate adult content dialler"
|
| X | NiroFile Updated | NiroFile.exe | "Added by a variant of the IRCBOT TROJAN!"
|
| X | Nocana | [path to worm] | "Added by the ANACON-B WORM!"
|
| X | NoCompromaat | GDC.exe | "NoCompromaat Dutch rogue privacy tool - not recommended. A member of the PCPrivacyTool family"
|
| X | Nod32 Service | AutoUpdateWin32.exe | "Added by the SDBOT-DJG WORM!"
|
| U | Nokia M Platform | NokiaMServer.exe | "Part of the Nokia Music music manager |
| Y | Nokia PC Suite | DataLayer.exe | "Part of Nokia PC Suite version 5 - which ""is a free PC software product that allows you to connect your Nokia device to a PC and access mobile content as if the device and the PC were one."" Required by the Nokia status/connection monitor (NclTray.exe)"
|
| Y | Nokia Software Updater | nsu_ui_client.exe | "Utility that only runs once after installing the Nokia Software Updater which is used to update the operating system (or firmware) for selected Nokia mobile devices"
|
| N | Nokia Status Monitor | NclTray.exe | "Part of Nokia PC Suite version 5 - which ""is a free PC software product that allows you to connect your Nokia device to a PC and access mobile content as if the device and the PC were one."" Monitors ports to see if a phone has been connected and provides System Tray access to the Connection Manager (and other PC Suite components if a phone is connected). Available via the Control Panel as ""Nokia Connection Manager"""
|
| N | Nokia Tray Application | NclTray.exe | "Part of Nokia PC Suite version 5 - which ""is a free PC software product that allows you to connect your Nokia device to a PC and access mobile content as if the device and the PC were one."" Monitors ports to see if a phone has been connected and provides System Tray access to the Connection Manager (and other PC Suite components if a phone is connected). Available via the Control Panel as ""Nokia Connection Manager"""
|
| N | NokiaPCSuiteTray | LaunchApplication.exe | "System Tray access to Nokia PC Suite - which ""is a free PC software product that allows you to connect your Nokia device to a PC and access mobile content as if the device and the PC were one."" This allows you (amongst other options) to backup your devices contents to your PC |
| X | Norton Antivirus 7.0a | [path to file] | "Added by the PERDA-B or RANCK-CT TROJANS!"
|
| X | Norton Antivirus Updater | nortonav.exe | "Added by the DELBOT-T WORM! Note - this is not the real Norton AV!"
|
| X | Norton AV Protection Startup | Ati2xxx.exe | "Added by a variant of the RBOT WORM!"
|
| X | Norton Firewall | [path to trojan] | "Added by the BANKER-ET TROJAN!"
|
| X | Norton Live Update Server | cpsdv.exe | "Added by the AGOBOT.EW TROJAN!"
|
| X | Norton Live Updater | Cavapsvc.exe | "Added by the GAOBOT.AO WORM!"
|
| X | Norton Live Updater | Sochost.exe | "Added by the GAOBOT.AO WORM!"
|
| X | Norton Live Updater | Avapsvc.exe | "Added by the AGOBOT-BG BACKDOOR!"
|
| N | Norton Navigator Loader | nnloader.exe | "An older Norton utility for file management under Windows 95. More information here"
|
| X | Norton SpySweeper AutoUpdate | navsw.exe | "Added by the FORBOT-AS WORM!"
|
| X | Norton Update | ccUpdate.exe | "Added by a variant of the AGOBOT/GAOBOT WORM!"
|
| X | Norton Update | winsvc.exe | "Added by the AGOBOT.ALP WORM!"
|
| X | Norton Update | cUpdate.exe | "Added by the AGOBOT.APP WORM!"
|
| X | Norton updated | NVSV32.EXE | "Added by the SDBOT.ABH WORM!"
|
| X | Norton Updater | winset.exe | "Added by a variant of the SPYBOT WORM!"
|
| X | Norton Updater | lsa.exe | "Added by a variant of the RBOT WORM!"
|
| X | Norton Updater | NortonUpdate.exe | Added by an unidentified WORM or TROJAN!
|
| X | Norton Updater | ccUpdate.exe | "Added by a variant of the AGOBOT/GAOBOT WORM!"
|
| X | Norton Updater | navupdtr.exe | "Added by the SDBOT.AXV WORM!"
|
| X | Notification Utility | altpayV2.exe | "AltPay adware"
|
| X | nstat | netstat.exe | Adult content dialler
|
| X | NSupdate | NSupdate.exe | "Added by the Dial/Laet-B premium rate dialer!"
|
| N | NT Kernel Patch | ntkrnlpt.exe | "FaxServe network fax software"
|
| X | NT Virtual Machine | [path to file] | "Added by the SCAERBOT-A WORM!"
|
| X | NTCommLib3 | [path to trojan] | "Added by the AGENT-AXB TROJAN!"
|
| X | Ntech.patchs | [trojan filename] | "Added by the LEMIR.G TROJAN!"
|
| N | ntlfreedom | "rundll32 [path] RyDial.dll | QuickStart" |
| X | NTP Server | [path to trojan] | "Added by the RANKY.F TROJAN!"
|
| X | ntupdate | dnsvc.exe | "Added by the SDBOT-TC WORM!"
|
| X | NTupdater | [path to trojan] | "Added by the DIGARIX-D TROJAN!"
|
| U | NUAgentInstallPath | NU_Install.exe | "Installer associated with Chily Employee Activity Monitoring surveillance software. Uninstall this software unless you put it there yourself"
|
| N | Nuance PDF Create! 5-reminder | Ereg.exe Ereg.ini | "Registration reminder for PDF Create version 5 from Nuance"
|
| U | NuvaTime | NuvaTime.exe | "NuvaTime - reminder for women using NuvaRing"
|
| X | NvCp1Do | [path to trojan] | "Added by the DWNLDR-GWE TROJAN! The most common filename seen is ""smss.exe"" - which is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup!"
|
| X | NvCplScan | netstat32.exe | "Added by the SDBOT.BRL WORM!"
|
| X | NvGraphicsInterface | [path to trojan] | "Added by the BCKDR-QKI BACKDOOR!"
|
| X | nVidia Application Drivers | nvidiav32.exe | "Added by a variant of the IRCBOT BACKDOOR!"
|
| X | NVidia Drivers | [path to trojan] | "Added by the RANCK-R TROJAN! Note - this is not related to any nVidia based motherboard or graphics card"
|
| N | NVIDIA nForce APU1 Utilities | NVATray.exe | "nVidia's nForce Audio Processing Unit (APU)- ""provides 3D positional audio and DirectX 8.0 compatibility |
| X | nvpatch | napatch.exe | "Added by the SASSER-F WORM!"
|
| ? | NVRotateSysTray | nvsysrot.dll | "Related to NVIDIA nView Control Panel. What does it do and is it required?"
|
| X | NvUpdater | nwiz32.exe | "Added by a variant of the RBOT WORM!"
|
| X | nwiz | KHATRA.exe | "Added by the ORBINA-A WORM!"
|
| X | OB Updater | ob.exe | "Added by the AGOBOT-IH WORM!"
|
| X | od-matrxx | od-matrxx.exe | Adult dialler - xx can be any number
|
| X | Office Monitors | GoogleUpdater.exe | "Added by the RBOT-GKZ WORM! Note - this is not the updater for the popular Google tools"
|
| X | Office Monitorse | [path to worm] | "Added by the SDBOT-CZX WORM!"
|
| X | Offices Monitors | [path to worm] | "Added by the RBOT-GKO WORM!"
|
| X | Offices Monitorse | [path to worm] | "Added by the RBOT-GKO WORM!"
|
| X | office_update | [path to trojan] | "Added by the DLOADER-ZB TROJAN!"
|
| X | OLE Automation Server | ole32aut.vbe | "CoolWebSearch parasite variant"
|
| X | OnlineHelpmate | GDC.exe | "OnlineHelpmate rogue privacy tool - not recommended. A member of the PCPrivacyTool family"
|
| X | Open Service Drivers | opiater.exe | "Added by a variant of the RBOT WORM!"
|
| U | OpenDNS Update | OpenDNS Updater.exe | "Updater for OpenDNS which ""is a free service that works for networks of all sizes |
| X | OpenMstart | [path to dialler] | """Switch-E"" premium rate adult content dialer"
|
| U | Openwares LiveUpdate | LiveUpdate.exe | "Web-update utility as used by various types of software - see here"
|
| N | Operations Typhoon Rising Registration | NOVG.EXE | "Joint Operations registration reminder"
|
| N | Operator | ?? | "Media Pilot operator |
| U | Operator | xtmop.exe | Fax/Phone answering facility for Extreem Machine - as supplied with the old Diamond SupraExpress modems. No longer supported
|
| X | OpiStat | OpiStat.exe | "NetRatings Premeter spyware"
|
| X | opsql update check | opsql.exe | "Added by the RBOT-ACJ WORM!"
|
| X | Optim[NUMBER] | [path]
egdtopt.exe | "Added by the RAMVICRYPE TROJAN!"
|
| U | Optus Cable Data Monitor | datamonitor.exe | "Allows Optus customers to monitor their actual data usage against Optus' ""data allowance limits"""
|
| Y | Orange Connection Kit | atdialler1.exe | "Part of the Orange Connection Kit - changes the dial-up for Orange Any Time if access problems are encountered"
|
| N | OrangeShark | OSharkUpdater.exe | "Orange Shark updater - online games for all ages"
|
| X | OrbitUpdate | update.exe | "Xupiter OrbitExplorer toolbar related. Drive-by foistware. Use Spybot S&D |
| X | OS Boot Configuration | bootconfig.exe | "Added by the IRCBOT.HJ WORM!"
|
| X | OS Boot Configuration! | bootconf.exe | "CoolWebSearch BootConf adware"
|
| X | OuterinfoUpdate | OuterinfoUpdate.exe | "Clickspring.Outerinfo adware"
|
| X | outpostupdate | outpostupdate.exe | "Added by the COSIAM-C TROJAN!"
|
| N | PAL Evidence Eliminator | Cleaner.exe | "PAL Evidence Eliminator - cover the tracks of your browsing habits and E-mails if you think you need to. Run manually on a regular basis"
|
| N | palmOne Registration | register.exe | "Registration reminder for Palm products"
|
| N | Palo Alto Software Update Manager 8.0 | PAS8_UD.exe | "Update manager for small business planning software from Palo Alto Software - such as Business Plan Pro |
| U | Panasonic Communications Utility | Mfpscdl.exe | "Port manager for Panasonic Panafax fax_machines"
|
| X | Patah Hati | [path to worm] | "Added by the PAHATIA-A WORM!"
|
| X | Patah Hati | ISASS.exe | "Added by the PAHATIA.A WORM!"
|
| X | Patch | patch.exe | "Added by the NETBUS WORM!"
|
| X | Patches Value | WinGamed.exe | "Added by the SDBOT.BR WORM!"
|
| ? | Path | lide.exe | "??"
|
| X | pathname | pathname.exe | "Added by the IRCCONTACT TROJAN!"
|
| ? | PathNvidiaTV | patchnvidiaTVout.exe | Related to a Gigabyte Nvidia based video card - typical file location is %ProgramFiles%\Gigabyte\Nvidia
|
| N | PC Suite | LaunchApplication.exe | "System Tray access to Nokia PC Suite - which ""is a free PC software product that allows you to connect your Nokia device to a PC and access mobile content as if the device and the PC were one."" This allows you (amongst other options) to backup your devices contents to your PC |
| N | PC Suite for Smartphones | Application Launcher.exe | "System Tray access to the Sony Ericsson PC Suite mobile phone management utility for some models |
| X | PC2X | initial.bat | "Added by the DWNLDR-FZZ TROJAN!"
|
| X | PCHEasySearch | STUpdate.exe | PCH EasySearch bar
|
| N | PCPitstop Registration Reminder | Reminder.exe | "Registration reminder for the Exterminate antimalware package from PC Pitstop"
|
| N | PCSuiteTrayApplication | TrayApplication.exe | "System Tray access to Nokia PC Suite - which ""is a free PC software product that allows you to connect your Nokia device to a PC and access mobile content as if the device and the PC were one."" This allows you (amongst other options) to backup your devices contents to your PC |
| N | PCSuiteTrayApplication | LaunchApplication.exe | "System Tray access to Nokia PC Suite - which ""is a free PC software product that allows you to connect your Nokia device to a PC and access mobile content as if the device and the PC were one."" This allows you (amongst other options) to backup your devices contents to your PC |
| N | PCSuiteTrayApplication | TRAYAP~1.EXE | "System Tray access to Nokia PC Suite - which ""is a free PC software product that allows you to connect your Nokia device to a PC and access mobile content as if the device and the PC were one."" This allows you (amongst other options) to backup your devices contents to your PC |
| N | PCSuiteTrayApplication | LAUNCH~1.EXE | "System Tray access to Nokia PC Suite - which ""is a free PC software product that allows you to connect your Nokia device to a PC and access mobile content as if the device and the PC were one."" This allows you (amongst other options) to backup your devices contents to your PC |
| U | PCWatch | pcwatch.exe | "PCWatch surveillance software. Uninstall this software if you did not install it yourself"
|
| U | pdfFactory Dispatcher v1 | fppdis1a.exe | "FinePrint pdfFactory Dispatcher - background task which handles the creation of PDF files when you print to the FinePrint pdfFactory printer. Version 1.x of the software. ""pdfFactory products offer a unique approach to PDF creation that is simpler |
| U | pdfFactory Dispatcher v2 | fppdis2a.exe | "FinePrint pdfFactory Dispatcher - background task which handles the creation of PDF files when you print to the FinePrint pdfFactory printer. Version 2.x of the software. ""pdfFactory products offer a unique approach to PDF creation that is simpler |
| U | pdfFactory Pro Dispatcher v1 | fppdis1.exe | "FinePrint pdfFactory Pro Dispatcher - background task which handles the creation of PDF files when you print to the FinePrint pdfFactory PRO printer. Version 1.x of the software. ""pdfFactory products offer a unique approach to PDF creation that is simpler |
| U | pdfFactory Pro Dispatcher v3 | fppdis3a.exe | "FinePrint pdfFactory Pro Dispatcher - background task which handles the creation of PDF files when you print to the FinePrint pdfFactory Pro printer. Version 3.x of the software. ""pdfFactory products offer a unique approach to PDF creation that is simpler |
| U | PDFHook | pdfcreate5hook.exe | "Prevents the ""Trial Version www.Nuance.com"" watermark appearing in PDF documents created by PDF Create version 5 (from Nuance) when the product has been installed but not activated properly. See here for more information"
|
| U | pdfMachine dispatcher | mapisnd.exe | "pdfMachine Windows print driver"
|
| N | PDIBM Application | pdibm.exe | "Part of the IBM customized version of SafeGuard PrivateDisk from Utimaco - which provides secure area of hard disk where files and folders are encrypted. This entry loads the associated IBM wizard to create the initial secure area once the program has been installed and will no longer be loaded (but remains as a startup entry) once it is completed"
|
| X | Personal Firewall V9 | Firewall-UpdateV9.exe | "Added by the RBOT-BJR WORM!"
|
| X | Pest-Patrol | Pest-Patrol.exe | "Pest-Patrol rogue security software - not recommended |
| X | Pest-Patrol 2.1.0 | Pest-Patrol.exe | "Pest-Patrol rogue security software - not recommended |
| U | PestPatrol Control Center | PPControl.exe | "PestPatrol Control Terminal - utility that launched PestPatrol features such as PPMemCheck and CookiePatrol before CA's acquisition"
|
| ? | PestPatrolCL | PestPatrolCL.exe | "PestPatrol's command line scanner |
| X | PHIME2OO2ASyst | [path to trojan] | "Added by the DBDOOR-B TROJAN!"
|
| N | Pickatag | pickatag.exe | "Pick-a-tag - ""freeware utility for random selection of your taglines. This utility randomly picks a tagline out of a list of taglines. It will create a signature file which your mailer can use to place under your messages"""
|
| N | Picture Motion Browser Media Check Tool | SPUVolumeWatcher.exe | "Part of the Sony Picture Uility software supplied with Sony camera/camcorder products. Automatically invokes an import process if the camera/camcorder is connected and has media on it"
|
| N | PluckSvr | PluckUpdater.exe | "Pluck Toolbar updater"
|
| X | Pofatch | nstrue.exe | "Added by the RANDEX.Z WORM!"
|
| X | PopRock | [path to trojan] | "Added by the AGENT-LNU TROJAN!"
|
| X | PopularScreensaversWallpaper | "rundll32 [path] F3SCRCTR.DLL | LES" |
| X | Popup Blocker Updater | regsvr32 veev****.dll [* = random char] | "SafeguardProtect/Veevo hijacker. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The random DLL file is found in %System%"
|
| X | Popup Defence Updater | regsvr32 pdfupd.dll | "SafeguardProtect/Veevo hijacker. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The random DLL file is found in %System%"
|
| U | Popup Terminator | GLADManager.exe | "Popup Terminator - pop-up killer"
|
| U | PopupEliminator | Popup Eliminator.exe | "Popup Eliminator - pop-up killer"
|
| X | popuppers65 | [path to file] | "Medload adware"
|
| X | PopUpWatch | PopUpWatch.exe | "BPS spyware remover - not recommended |
| ? | POS-Partnerbatchprocessor | BATCH.EXE | "VISA credit card batch processing related to Appcon. Is it needed or can it be started manually via Start -> Programs or a manually created shortcut?"
|
| X | Postdavatch | nvdas.exe | "Added by the RANDEX.T WORM!"
|
| X | Postpatch | nvdes.exe | "Added by the RANDEX.T WORM!"
|
| X | PostSetupCheck | Rundll32.exe atgban.dll | "TrafficSol adware variant. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The ""atgban.dll"" file is found in %System%"
|
| U | Power_Gear | BatteryLife.exe | Power management for all Asus notebook. Useful but not critical
|
| U | PP2000 Instaupdate | PPInupdt.exe | Protector Plus anti-virus software - instant update program for virus data updates. Not required if you regularly update virus data manually
|
| N | PP3100b | flatbed.exe | "Twain driver for the Visioneer PaperPort 3100b scanner that allows you to scan |
| N | ppmate | ppmate.exe | "PPMate - free tool for streaming online TV via P2P (peer-to-peer)"
|
| U | PPSVC | [path to file] | "PC Police surveillance software that logs keystrokes |
| U | PPUpdate | ppupdater.exe | "PPUpdater - updater that used to be part of PestPatrol before CA's acquisition"
|
| ? | PreAnnotate | PreAnntt.exe | "Genius Wizard Pen Tablet driver related. Is it required?"
|
| X | PreInstall Windows | [path] repcale.exe [path] beird.exe | "Added by a variant of the RANDON.AN WORM! Both files are located in %System%\detr"
|
| N | Price Patrol | neo.exe | "Price Patrol by Half.com - internet shopping companion for finding the best on-line prices"
|
| X | print sharing | start.bat | "Added by the ZCREW TROJAN!"
|
| X | print sharing | [path] hidden32.exe [path] explorer.exe | "Added by the ZCREW.B BACKDOOR! Note - the legitimate Windows Explorer (explorer.exe) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually!"
|
| X | Printer | [path to file] | "Added by the LOWTAPER TROJAN!"
|
| X | Printer Spool | updater.exe | "Added by a variant of the RBOT WORM!"
|
| ? | Printer Update | CFGREG.EXE | "Maybe a registration reminder or automatically updates drivers or application software for a printer?"
|
| X | PrinterSpool | [path] RESTORE.EXE [path] SPOOL.EXE | "Added by the ALADINZ.K TROJAN!"
|
| X | Privacy Watcher | Privacy Watcher.exe | "Privacy Watcher rogue privacy program - not recommended |
| N | PrivateDisk | pdservice.exe | "Part of SafeGuard PrivateDisk from Utimaco - which ""securely and transparently protects sensitive files on notebooks and desktop computers |
| X | PrivateNet | [various filenames] | Premium rate adult content dialler
|
| X | pro | [path to file] | "Added by the SPYWAD-F TROJAN!"
|
| U | Pro PCL Status Monitor | PENGSS.EXE | Xerox printer/fax/copier status monitor (PCL = printer control language)
|
| X | Proc992 | [path to file] | "Added by the IXBOT-C WORM!"
|
| X | PromoReg | [path to worm] | "Added by the WALEDAC.C WORM!"
|
| X | PromulGate | PgMonitr.exe | "Delfin Promulgate adware variant"
|
| U | Propel Accelerator | PropelAC.exe | "Propel Internet Accelerator"
|
| X | Protection | [path] runtask.exe [path] protection.exe | Added by a variant of the AGENT.3.AU TROJAN!
|
| X | ProtezionefiData | pgs.exe | "ProtezionefiData rogue security software - not recommended. A member of the AVSystemCare family"
|
| X | PrU Async Service | [path to worm] | "Added by the IRCBOT-UG WORM!"
|
| X | prunnet | [path to trojan] | "Added by the AGENT-HVB TROJAN!"
|
| U | Purgative | PURGATIVE100.EXE | AIM (AOL Instant Messenger) Ad Remover Using Active Memory Edits instead of a patch/crack
|
| X | Purgatory | Purga.exe | "Added by the PURGORY-B WORM!"
|
| U | pwrmonit | "RunDll32 [path] pwrmonit.dll | StartPwrMonitor" |
| U | pyrobatchftp | pyrobatchftp.exe | """PyroBatchFTP lets you transfer files to/from FTP/SFTP servers in an automatic and unattended way through a simple to learn batch/script language"""
|
| U | pyrobatchftp.exe | pyrobatchftp.exe | """PyroBatchFTP lets you transfer files to/from FTP/SFTP servers in an automatic and unattended way through a simple to learn batch/script language"""
|
| U | PyroTrans | pyrobatchftp.exe | """PyroBatchFTP lets you transfer files to/from FTP/SFTP servers in an automatic and unattended way through a simple to learn batch/script language"""
|
| X | qgqqft | [path to Trojan] | "Added by the RANKY.T TROJAN!"
|
| Y | QH Live Update Scheduler | UPSCHD.EXE | "Quick Heal Anti-Virus"
|
| Y | Quick Heal On-Line Protection | Cateye.exe | "Quick Heal - virus scanner"
|
| X | Quick Office | activate.exe | "Added by the RANSOMLOCK.D TROJAN! Note - this infection hooks the keyboard to prevent anything except numbers from being typed and displays a Russian message requesting a valid license key"
|
| U | QuickBooks Database Server Manager | QBServerUtilityMgr.exe | "Part of QuickBooks Pro/Premier from Intuit - ""QuickBooks Database Server Manager is a utility that allows you to configure the QuickBooks Server for multi-user access."" See here for further information"
|
| N | Quickbooks Update Agent | qbupdate.exe | Associated with Intuit's Quickbooks but not required. Possibly to do with the payroll update service but you're prompted to check for updates when appropriate whether this is running or not
|
| N | Quicken Scheduled Updates | bagent.exe | Quicken background downloading module
|
| N | QuickTime Update Completion x | quicktimeupdatehelper.exe | "Different numbers caused by number of launches. So if 3 updates are made separately |
| X | QuickTimeUpdate | QuickUpdate.exe | "Added by the BIFROSE-CW TROJAN!"
|
| X | Rakyat_Kelaparan | Kuli.exe | "Added by the SILLYFDC.BDM WORM!"
|
| X | Rakyat_Miskin | Buruh.exe | "Added by the SILLYFDC.BDM WORM!"
|
| ? | RAMGINAConnWatch | RAMConnWatcher.exe | "Part of Remote Access Manager (RAM) for Nortel Networks - which ""combines an intuitive |
| X | Rapdata | ravsecs.exe | "Added by the QQPASS-V TROJAN!"
|
| X | Rapdatae | rabseuser.exe | "Added by the QQPASS-S TROJAN!"
|
| X | Rapdatybs | ravseteyns.exe | "Added by the PWS-ACP TROJAN!"
|
| X | rate.exe | i11r54n4.exe | "Added by the BEAGLE-I WORM!"
|
| X | rate.exe | i1ru74n4.exe | "Added by the BEAGLE.E WORM and variants!"
|
| X | rawload | [path to trojan] | "Added by the DARKIRC.QZ TROJAN!"
|
| X | RBOT v2 with NetAPI exploit traded with billgates I gave my mother Greetz - OG - Bluehell Irc Server | glossary.exe | "Added by the VANEBOT-J WORM!"
|
| X | RCAutoLiveUpdate | MaxLURC.exe | "Max Registry Cleaner rogue registry cleaner - not recommended |
| X | RDPlatinum v5 | RDPlatinumv5.exe | "Registry Defender Platinum rogue registry cleaner - not recommended |
| X | Real player updater | realupd.exe | "Added by the PARLAY TROJAN!"
|
| X | Real Statics Agent | ccreal.exe | "Added by a variant of the RBOT WORM!"
|
| X | RealP1ayer | [path to file] | "Added by the RPLAY.A TROJAN! Note that the name has a number ""1"" in place of the second lower case ""L"""
|
| X | RealPlayer Ath Check | rnathchk.exe | "Added by the MYTOB.AG WORM!"
|
| X | RealPlayer Ath Check | mathchk.exe | "Added by the MYDOOM-AJ WORM!"
|
| X | RealPlayerUpdater | realupd32.exe | "Added by the LOHAV-T TROJAN!"
|
| ? | RealTimeUpdate | RealTimeUpdate.exe | "Product description in properties is ""InternetExplorerCommunicationAgent Module"" ?"
|
| X | RealUpdater | realupd.exe | "Added by the PARLAY or MITGLIEDER.I TROJANS!"
|
| X | RebateNation0 | RebateNation0.exe | "RebateNation adware"
|
| X | REEGRUN | [path to file] | "Added by the SECDROP.AI TROJAN"
|
| X | Reeg_ | [path to trojan] | "Added by the BANCBAN-AW TROJAN!"
|
| X | regcheck | [path to file] | "Added by the SERVPAM TROJAN!"
|
| X | Registration Service | toker.exe | "Added by the SDBOT-BB WORM!"
|
| X | Registration Service | msvdm6.exe | "Added by the SDBOT-HE TROJAN!"
|
| N | Registration-Studio 8 | RegTool.exe | "Registration for Pinnacle Studio Version 8 home video software from Pinnacle Systems"
|
| X | RegistryGreat.exe | RegistryGreat.exe | "Registry Great rogue registry cleaner - not recommended"
|
| X | REGMSYS | [path to file] | "Added by the LOWZONE-AX TROJAN!"
|
| X | REGRUN | [path to trojan] | "Added by the LOWZONE-AH TROJAN!"
|
| Y | Regrun2 | WatchDog.exe | "Greatis Software's RegRun security suite which amongst other things replaces MSCONFIG. The WatchDog check for registry changes caused by trojan's |
| U | RegUpdate | sb32mon.exe | "Part of the SpyBuddy keystroke logger/monitoring program - see here. Remove unless you installed it yourself!"
|
| Y | Regx10EXE | ATIX10.exe | ATI Remote Wonder™ - PC wireless remote control driver. Required if you use it
|
| N | reminder-ScanSoft Product Registration | remind32.exe | Registration reminder for ScanSoft products such as PaperPort
|
| U | Remote Data Backups | CBSysTray.exe | "System Tray access to Remote Data Backups online system/data backup utility"
|
| U | Remote Data Backups | COBackup.exe | "Remote Data Backups online system/data backup utility"
|
| U | Remote Data Backups TaskBar Icon | CBSysTray.exe | "System Tray access to Remote Data Backups online system/data backup utility"
|
| X | Remote Procedure Call Locator | RUNDLL32.EXE reg678.dll ondll_reg | "Added by the LOVGATE.F WORM! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted"
|
| Y | Remote Update Monitor | imonitor.exe | "Sophos Antivirus Remote Update utility - provides an easy way for remote workers to keep up to date with their virus protection via a website or network connection provided by their employer"
|
| X | ReparateurDeSysteme | SysRep.exe | "ReparateurDeSysteme |
| U | Replicator | PTReplicator.exe | "Replicator from Karen's powertools. ""Automatically backup files |
| X | reseurce | [path to trojan] | "Added by the LINEAGE-AI TROJAN!"
|
| U | Resolution Assistant | matcli.exe | "Dell Resolution Assistant. ""matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address |
| ? | Restart Watch | Watch.exe | "Associated with an Eicon Networks Diva ISDN or ADSL modem. What does it do and is it required?"
|
| X | Restore Operation | svchots.exe | "Added by a variant of the RBOT WORM!"
|
| X | Rg2catbd | Rg2catbd.exe | Added by a variant of the BANLOAD family of TROJANS!
|
| X | RichMedia | "rundll32.exe [path] hbcast.dll | WaitWindows" |
| U | RivaTuner | RivaTuner.exe | "RivaTuner is a tweaking utility for NVIDIA (and to a lesser extent AMD/ATI) chipset based graphics cards. This startup entry is for XP and can appear twice - with registry key names of ""RivaTuner"" and ""RivaTunerStartupDaemon"" respectively. The former minimizes it to the System Tray and is primarily required only if you want to use the ""Launcher"" or monitoring options. The latter applies overclocking changes to clocks and memory (for example) at startup and then exits. See the FAQ for more information"
|
| U | RivaTuner | RivaTunerWrapper.exe | "RivaTuner is a tweaking utility for NVIDIA (and to a lesser extent AMD/ATI) chipset based graphics cards. This startup entry is for Vista and can appear twice - with registry key names of ""RivaTuner"" and ""RivaTunerStartupDaemon"" respectively. Both load the main application (RivaTuner.exe). The former minimizes it to the System Tray and is primarily required only if you want to use the ""Launcher"" or monitoring options. The latter applies overclocking changes to clocks and memory (for example) at startup and then exits. See the FAQ for more information"
|
| U | RivaTuner Application | RivaTuner.exe | "RivaTuner is a tweaking utility for NVIDIA (and to a lesser extent AMD/ATI) chipset based graphics cards. This startup entry is for XP and can appear twice - with registry key names of ""RivaTuner"" and ""RivaTunerStartupDaemon"" respectively. The former minimizes it to the System Tray and is primarily required only if you want to use the ""Launcher"" or monitoring options. The latter applies overclocking changes to clocks and memory (for example) at startup and then exits. See the FAQ for more information"
|
| U | RivaTunerStartupDaemon | RivaTuner.exe | "Part of RivaTuner - a tweaking utility for NVIDIA (and to a lesser extent AMD/ATI) chipset based graphics cards. This entry is for XP and applies overclocking changes to clocks and memory (for example) at startup and then exits. See the FAQ for more information"
|
| U | RivaTunerStartupDaemon | RivaTunerWrapper.exe | "Part of RivaTuner - a tweaking utility for NVIDIA (and to a lesser extent AMD/ATI) chipset based graphics cards. This entry is for Vista and loads the main application (RivaTuner.exe) to apply overclocking changes to clocks and memory (for example) at startup and then exits. See the FAQ for more information"
|
| U | RivaTunerWrapper Application | RivaTunerWrapper.exe | "RivaTuner is a tweaking utility for NVIDIA (and to a lesser extent AMD/ATI) chipset based graphics cards. This startup entry is for Vista and can appear twice - with registry key names of ""RivaTuner"" and ""RivaTunerStartupDaemon"" respectively. Both load the main application (RivaTuner.exe). The former minimizes it to the System Tray and is primarily required only if you want to use the ""Launcher"" or monitoring options. The latter applies overclocking changes to clocks and memory (for example) at startup and then exits. See the FAQ for more information"
|
| X | rngmf | [path to trojan] | "Added by the RANKY.C TROJAN!"
|
| N | RoboFormWatcher | RoboFormWatcher.exe | "Roboform from Siber Systems. Automatically completes web forms. Available via Start -> Programs"
|
| X | rollbk | msmpatch.exe | "Added by the SERFLOG.B WORM!"
|
| X | romahere | matrixhere.exe | "SuperSpider hijacker - a CoolWebSearch parasite variant"
|
| X | Root_Machine | [path to trojan] | "Added by the BANCBAN-DI TROJAN!"
|
| Y | Roxio Engine Compatibility Wizard | EngUtil.exe | "Part of the Roxio Easy CD & DVD Creator and Easy Media Creator series of CD/DVD tools - corrects any modification made to the Roxio Engine |
| N | RoxWatchTray | RoxWatchTray.exe | "System Tray access to managing the ""Watched Folders"" |
| N | RoxWatchTray | RoxWatchTray10.exe | "System Tray access to managing the ""Watched Folders"" |
| N | RoxWatchTray | RoxWatchTray9.exe | "System Tray access to managing the ""Watched Folders"" |
| N | RoxWatchTray10 | RoxWatchTray10.exe | "System Tray access to managing the ""Watched Folders"" |
| N | RoxWatchTray9 | RoxWatchTray9.exe | "System Tray access to managing the ""Watched Folders"" |
| X | RPC DCOM Vulnerability Patch | msgfix.exe | "Added by the RBOT.S WORM!"
|
| X | RPC Patcher | [path to worm] | "Added by the BOLGI WORM!"
|
| X | RPCInstall | [path to trojan] | "Added by the AGENT-DQM TROJAN!"
|
| X | RpcLocator | explorer.exe | "Added by the RBOT-GSA WORM! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%"
|
| U | Run Google Web Accelerator | GoogleWebAccWarden.exe | "Google Web Accelerator"
|
| U | Run Nintendo Wi-Fi USB Connector Registration Tool | NintendoWFCReg.exe | "Related to Wi-Fi USB Connector from Nintendo"
|
| X | Run Services as Application | localsvc.exe | "Added by the DLOADER-NY TROJAN!"
|
| X | Run Services as Application | netsvc.exe | "Added by the DLOADER-NY TROJAN!"
|
| X | Run Services as Application | spoolsvc.exe | "Added by the DLOADER-NY TROJAN!"
|
| X | Run Services as Application | svcadmin.exe | "Added by the DLOADER-NY TROJAN!"
|
| X | Run Services as Application | svcman.exe | "Added by the DLOADER-NY TROJAN!"
|
| X | Run Services as Application | svcrun.exe | "Added by the DLOADER-NY TROJAN!"
|
| X | Run Services as Application | tcpsvc.exe | "Added by the DLOADER-NY TROJAN!"
|
| X | Run Services as Application | websvc.exe | "Added by the DLOADER-NY TROJAN!"
|
| X | run windows | servic.bat | "Added by the REBOOT-AP TROJAN!"
|
| X | run= | mouse_configurator.win | "Added by the GAGGLE.E WORM!"
|
| X | rundl332 | math.exe ...pluged.exe | "Added by the DOOMJUICE WORM!"
|
| X | RunDLL | "rundll32.exe [path] Bridge.dll | Load" |
| X | RunDll | [path to trojan] | "Added by the DROPPER.EAT TROJAN!"
|
| X | rundll*** | die.exe [path] mdll.exe | "Added by the SUMTAX TROJAN! where *** is 134 |
| X | rundll*** | die.exe [path] secure.bat | "Added by the SUMTAX TROJAN! where *** is 134 |
| X | rundll*** | die.exe [path] secure.exe | "Added by the SUMTAX TROJAN! where *** is 134 |
| X | rundll*** | die.exe [path] ttg.exe | "Added by the SUMTAX TROJAN! where *** is 134 |
| X | RunDLL32 | winupdate.exe | "Added by an unidentified TROJAN! - possibly a BMBOT variant"
|
| X | rundll32 | [path to worm] | "Added by the AUTEX WORM!"
|
| X | rundll64 | [path to worm] | "Added by the AUTEX WORM!"
|
| U | RunNarrator | Narrator.exe | Associated with the Narrator accessibility feature on Windows XP. It is used to convert text to speech
|
| X | runner1 | updater.exe | Added by the CRYPT.ULPM.GEN TROJAN!
|
| X | RunOnce | [path to trojan] | "Added by the BANCBAN-P TROJAN!"
|
| X | RunOnce | [path to mstask32.exe] | "Added by the DELF-IA TROJAN!"
|
| X | RunOnce2Upd | [path to trojan] | "Added by the MURLO.FI TROJAN!"
|
| X | runSubvalues | [path to file] | "Added by the DLOADER-QY TROJAN!"
|
| X | Runtt1 | Internat.exe | "Added by the LINEAGE-R TROJAN!"
|
| X | RunWin | [path to file] | "Added by the BANKER-ES TROJAN!"
|
| X | RunWindowsUpdate | uptodate.exe | "BrowserAid/BrowserPal foistware"
|
| X | rxres32 | ati2vid.exe | "Added by the RBOT-FL WORM!"
|
| X | Safe | [path to trojan] | "Added by the BANKER-DT TROJAN!"
|
| X | SafeGuard Popup Blocker Updater | regsvr32 sfgupd.dll | "SafeguardProtect/Veevo hijacker. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The random DLL file is found in %System%"
|
| X | SafeGuard Popup Blocker Updater (required) | regsvr32 sfg****.dll [* = ramdom char] | "SafeguardProtect/Veevo hijacker. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The random DLL file is found in %System%"
|
| X | SafeGuard Popup Updater (required) | regsvr32 sfg****.dll [* = random char] | "SafeguardProtect/Veevo hijacker. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The random DLL file is found in %System%"
|
| X | SafeGuard Popup Updater (required) | regsvr32 PDF****.dll [* = random char] | "SafeguardProtect/Veevo hijacker. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The random DLL file is found in %System%"
|
| X | SafeSurfingUpdate | SSUpdate.exe | "MoneyTree parasite - ActiveX control used to download premium-rate dialers"
|
| X | Sagate Security Firewall | sagate.exe | "Added by the GAOBOT.BOW WORM!"
|
| N | SAgent2ExePath | SAgent2.exe | Seiko Epson printer status agent. Disable if printer is not used often
|
| N | SalaatTime | SalaatTime.exe | """Salaat Time is a FREE multi-function Islamic application that calculates the prescribed five daily Muslim prayer times as well as Qiblah direction for anywhere in the world"""
|
| U | SansaDispatch | SansaDispatch.exe | "Sansa Updater - ""The Sansa Updater is an application that checks for the latest firmware updates then downloads and installs the firmware to your Sansa device"""
|
| U | SaskTel Accelerated Dial-up | sasktelgui.exe | """Experience faster surfing |
| U | SATARaid | SATARaid.exe | RAID driver for serial ATA disks on some motherboards such as the DFI Lanparty range. Only loaded if one is using RAID support on SATA drives
|
| X | satmat | satmat.exe | "VX2.Transponder parasite updater/installer related"
|
| U | SAUpdate | SAUpdate.exe | "Big Brother from Quest Software. System and network monitor"
|
| X | SaveDate | SaveStartDate.Exe | Unidentified adware
|
| X | SB Watchdog | SBWatchdog.exe | Spyware utility installed by the manufacturers of some laptops (Sony) used to monitor browsing habits and send them back to whoever installed it - released by SoftBank
|
| U | SBAutoUpdate | sbautoupdate.exe | "SpywareBlaster auto-updater"
|
| U | SBC Self Support Tool | matcli.exe | "matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address |
| X | ScanDisc | satan.exe | Added by the GREGSTAR TROJAN!
|
| Y | Scanner File Utility | NsCatCom.exe | "Kycocera Mita network copier/printer/scanner process to dump scanned documents onto a workstation"
|
| X | ScanRegistry | update.exe | "Added by the DWNLDR-FZY TROJAN!"
|
| N | ScanSoft PaperPort 7 Registration Reminder | NAVBrowser.EXE | "Registration reminder for PaperPort 7 from Scansoft (now Nuance)"
|
| U | scheduler_proxy Application | scheduler_proxy.exe | "Found on IBM/Lenovo ThinkCentre/ThinkStation desktops and Thinkpad notebooks. Included with versions of ThinkVantage System Update (for software updates) |
| X | schost | [path to trojan] | "Added by the TJSERV.D TROJAN!"
|
| X | scrbmk | [path to trojan] | "Added by the DLOADER-VP TROJAN!"
|
| ? | script | script.bat | "Maybe associated with DOS on a Win9x machine"
|
| U | SDAutoLiveupdate | LiveUpdateSD.exe | "Spyware Detector - spyware remover. Initially not recommended due to false positives but the later versions have since improved - see here"
|
| X | sdfsdfsdf | sp2update.exe | "Added by a variant of the SPYBOT WORM!"
|
| X | SDKcore Update Components2 | SDKC0R3.exe | "Added by the RBOT-ABA WORM!"
|
| X | sdkupdate22 | SDK0mCORE.exe | "Added by the FORBOT-DT WORM!"
|
| X | Secure Socket Layer Certification | sslcert.exe | "Added by the VANEBOT-AN WORM!"
|
| X | Security | WindowsSecurityUpdate.exe | "Added by a variant of the SDBOT WORM!"
|
| X | Security Patch | scmss.exe | "Added by the RBOT-ZW WORM!"
|
| X | Security Patch | WinUpdate32.exe | "Added by the SDBOT-BM WORM!"
|
| X | Security Patches | msnkn.exe | "Added by the RBOT.WW WORM!"
|
| X | Security Patches | WinLab32.exe | "Added by the SDBOT-KB WORM!"
|
| X | Security Update Service | wmiprvce.exe | "Added by the AGOBOT.ZW WORM!"
|
| X | Security Update Service Process | svrhost23.exe | "Added by the AGOBOT-GN WORM!"
|
| X | seli | [path to file] | "Added by the LOWZONE-AS TROJAN!"
|
| X | Sepate Security Firewall | sepate.exe | "Added by the RBOT.BLC BACKDOOR!"
|
| X | serpe | formatsys.exe | "Added by the SERFLOG.A WORM!"
|
| Y | Server Application for MFP Server | ServoApp.exe | "Multi Function Printer (MFP) Server Agent for Belkin's Wirless G All-in-One Print Server and ZyXEL's NPS-520"
|
| X | Service Update Client | svcupdcli.exe | "Added by an unidentified WORM or TROJAN! See here"
|
| X | service32.exe | [path to trojan] | "Added by the DLOADR-AYX TROJAN!"
|
| X | ServiceAdministrator | SERVICES.EXE | "Added by the KORRON.B WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in Documents and Settings\<User>\Local Settings\Application Data\WINDOWS"
|
| X | services | start.bat | "Added by the ZCREW TROJAN!"
|
| X | Services | [path to trojan] | "Added by the METEORSHELL TROJAN!"
|
| X | Services | [path to trojan] | "Added by the RANCK-DB TROJAN!"
|
| X | Services Administrator | localsvc.exe | "Added by the DLOADER-NY TROJAN!"
|
| X | Services Administrator | netsvc.exe | "Added by the DLOADER-NY TROJAN!"
|
| X | Services Administrator | spoolsvc.exe | "Added by the DLOADER-NY TROJAN!"
|
| X | Services Administrator | svcadmin.exe | "Added by the DLOADER-NY TROJAN!"
|
| X | Services Administrator | svcman.exe | "Added by the DLOADER-NY TROJAN!"
|
| X | Services Administrator | svcrun.exe | "Added by the DLOADER-NY TROJAN!"
|
| X | Services Administrator | tcpsvc.exe | "Added by the DLOADER-NY TROJAN!"
|
| X | Services Administrator | websvc.exe | "Added by the DLOADER-NY TROJAN!"
|
| X | ServicesAdministrator | SERVICES.EXE | "Added by the PUNYA-B WORM! Note - this is not the legitimate services.exe process |
| X | setFTPBack | createsw.exe | "Added by the FTP_BMAIL TROJAN!"
|
| X | Setup | [path to trojan] | "Added by the DROPPER.EAT TROJAN!"
|
| X | Setup experation | svchost.exe | "Added by the TOFGER-AW TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
|
| X | setupdata | rnll32.exe | "Added by the QQPASS-AC TROJAN!"
|
| X | SGPUpdater | sgpUpdaters.exe | "Fast Browser Search/Search Guard Plus parasite - installed with ""Make the Web Better"" applications such as My Web Tattoo |
| X | shambl3r | cnf.bat | "Added by the REMABL WORM!"
|
| U | Shareaza | bindata.exe | "Shareaza P2P client related"
|
| X | ShareSearcher | [path to trojan] | "Added by the AGENT-FPE TROJAN!"
|
| X | Shell | Explorer.exe winupdate.exe | "Added by the AGENT-FD TROJAN! Note - do not delete the legitimate Windows Explorer (explorer.exe) which is located in %Windir% and can be used to launch other files. The ""winupdate.exe"" file is located in %System%"
|
| X | Shell | Explorer.exe [path] ibm[RANDOM 5 DIGIT NUMBER].exe | "Added by the ANSERIN TROJAN! Note - do not delete the legitimate Windows Explorer (explorer.exe) which is located in %Windir% and can be used to launch other files"
|
| X | shell update | shellexec.exe | "Added by the RBOT-ANC WORM!"
|
| X | ShellCommand | [path to file] | "Added by the REMCON-A TROJAN!"
|
| X | Shmgrate.exe | ibot4.exe | "Added by the GASTER TROJAN!"
|
| U | ShowIcon_PNY_PNY Attaché | shwicon.exe | "PNY Attaché USB flash memory stick System Tray icon - shows when the device is plugged in"
|
| ? | ShowIcon_SmartDisk Corporation_USB Card Reader v1.14e051 | shwicon.exe | "Card reader for memory cards from digital cameras. Is it required? "
|
| Y | ShStatEXE | SHSTAT.EXE | Part of McAfee's VirusScan Enterprise corporate anti-virus and anti-spyware security tool
|
| X | ShutdownWithoutLjiasvt.exe | [path to trojan] | "Added by the BIFROSE.F BACKDOOR!"
|
| N | SigmaTel Audio | setup.exe | "Sigmatel audio driver"
|
| N | SigmaTel StacMon | stacmon.exe | Installed with the drivers for a SigmaTel C-Major Audio card (on a Dell Inspiron 600m PC for example). Appears as though it can be disabled with no ill effects
|
| N | SigmatelSysTrayApp | stsystra.exe | System tray program for the Sigmatel Audio sound card. Often found on Dell computers
|
| N | SigmatelSysTrayApp | sttray.exe | System tray program for the Sigmatel Audio sound card. Often found on Dell computers
|
| U | Sinus 1054 data WLAN Manager | Wifiusb.exe | Wireless management utility for the T-Com Sinus 1054 Data WLAN adapter
|
| U | SiS (R) Compatible Super VGA SiSTray application | sistray.exe | System Tray access to display settings for Silicon Integrated Systems (SiS) based graphics chipsets. Located in %System%
|
| X | SiS 6326 Accelerator | sis6326m.exe | "Added by the MSIC BACKDOOR!"
|
| U | SiS Compatible Super VGA Keyboard Daemon | keyhook.exe | "Hotkey manager for Silicon Integrated Systems (SiS) based graphics chipsets - disable unless you use hotkeys"
|
| X | Sistray32 | win.bat | "Added by the JUMPRED.A WORM!"
|
| U | SkinClock | AtomicAlarmClock.exe | "Atomic Alarm Clock - ""Alert yourself about important events with different alarms and replace your computer tray clock using different skins. Computer Alarm clock that will play any MP3 file. It can also run a program |
| N | SkypeMate | SkypeMate.exe | "SkypeMate acts as a bridge between networks of VoIP and PSTN"
|
| X | SM | iro.bat | "Added by the IROFFER.CT TROJAN!"
|
| X | Smart Virus Eliminator | SM[random characters].exe | "Smart Virus Eliminator rogue security software - not recommended |
| U | SMax4PNP Application | SMax4PNP.exe | "Analog Devices SoundMax integrated soundcard utility. Brings up the SoundMAX Control Panel when it detects if new audio devices (such as microphones |
| X | SMS | iro.bat | "Added by the IROFFER.CT TROJAN!"
|
| U | SMS Application Launcher | LAUNCH32.EXE | "Microsoft Systems Management Server - used to manage computers on a network remotely"
|
| X | smss | [path to smss.exe] | "Added by the ALADINZ.F TROJAN! Note - this is not the legitimate smss.exe process which should NOT appear in Msconfig/Startup!"
|
| X | Sndcompat | Sndcompat.exe | "Added by the GEMA TROJAN!"
|
| ? | SO5 Integrator Pass One | sointgr.exe | "StarOffice 5. See here for more details"
|
| ? | SO5 Integrator Pass Two | sointgr.exe | "StarOffice 5. See here for more details"
|
| X | softIce Update 32 | wininits.exe | "Added by the RBOT-ANB WORM!"
|
| U | SoftickPPP | PPPGate.exe | "Softick PPP is a Microsoft Windows driver that allows to establish PPP session between Palm powered devices and Microsoft Windows desktop computer"
|
| U | SoftwareStation | station.exe | "eAcceleration Stop-Sign security software related. Previously not recommended |
| X | somatic | somatic.exe | "Searchcentrix hijacker"
|
| X | Somefox | [path to trojan] | "Added by the DWNLDR-HHB TROJAN!"
|
| N | Sony Auto Update Tray Application | CONNECTAUTrayApp.exe | "System Tray access to change update settings for the Sony CONNECT Player originally supplied with their range of USB or hard disk based MP3 players and used in conjunction with the CONNECT Music store download service - now replaced by SonicStage CP"
|
| N | Sony Ericsson PC Suite | Application Launcher.exe | "System Tray access to Sony Ericsson PC Suite which ""connects your phone to your computer and expands the capabilities of your phone"". Run manually via the Start Menu (or optional desktop shortcut) before connecting the phone"
|
| X | Sound | [path to trojan] | "Added by the DROPPER.EAT TROJAN!"
|
| N | SoundMAX Integrated Digital Audio | Smtray.exe | "System Tray icon for Analog Devices SoundMax integrated soundcards. Sound properties can be accessed through the Start Menu or Control Panel"
|
| X | SoundMnEx32 | [path to worm] | "Added by the STRATION-FW WORM!"
|
| N | SourcePath | gwreg.exe | Used to update Gateway registry settings for System Restoration Kit and Web update programs
|
| X | sp | "rundll32 (Path to Trojan DLL) | DllInstall" |
| U | SP2 Connection Patcher | SP2ConnPatcher.exe | Changes limit of concurrent TCP connections of Windows Service Pack 2
|
| X | SP2 data | [path] repcale.exe [path] apc.exe | "Added by a variant of the RANDON.AN WORM! Both files are often located in %System%\winstat"
|
| X | SP2 Firewall/Internet Updater | crssrs.exe | "Added by the RBOT.BJO WORM!"
|
| X | sp2update | sp2update.exe | "SP2Update adware! Tracks URLs visited and search terms entered into Internet Explorer"
|
| X | sp2update | updatesp2.exe | "Added by the SDBOT.CAS WORM!"
|
| U | spamihilator | spamihilator.exe | "Spamihilator - spam filter"
|
| U | SpamMonitor Application | SpamMonitor.Exe | "System Tray access to Spam Monitor from PC Tools - which ""is an easy-to-use spam filter that detects and isolates unsolicited junk mail sent to your mailbox. Designed for computer users |
| N | SpeedBitVideoAccelerator | VideoAccelerator.exe | """SpeedBit Video Accelerator makes videos from YouTube and over 150 sites stream faster and play smoother by reducing buffering problems and video interruptions or hiccups"""
|
| X | Spees2 | Speedy.bat | "Added by the OPASERV.AD WORM!"
|
| X | Spool | [path to trojan] | "Added by the RANKY.R TROJAN!"
|
| X | Spool | static.exe | "Added by an unidentified WORM or TROJAN! Located in the Root folder (C:\) |
| X | SPOOL Configuration | spoolsvc.exe | "Added by the SDBOT-KD WORM!"
|
| X | spoolax | [path to trojan] | "Added by the PERDA-D TROJAN!"
|
| X | Spooler SubSystem Application | localsvc.exe | "Added by the DLOADER-NY TROJAN!"
|
| X | Spooler SubSystem Application | netsvc.exe | "Added by the DLOADER-NY TROJAN!"
|
| X | Spooler SubSystem Application | spoolsvc.exe | "Added by the DLOADER-NY TROJAN!"
|
| X | Spooler SubSystem Application | svcadmin.exe | "Added by the DLOADER-NY TROJAN!"
|
| X | Spooler SubSystem Application | svcman.exe | "Added by the DLOADER-NY TROJAN!"
|
| X | Spooler SubSystem Application | svcrun.exe | "Added by the DLOADER-NY TROJAN!"
|
| X | Spooler SubSystem Application | tcpsvc.exe | "Added by the DLOADER-NY TROJAN!"
|
| X | Spooler SubSystem Application | websvc.exe | "Added by the DLOADER-NY TROJAN!"
|
| X | Spooler Subsystem Application | smss.exe | "Added by the IRCBOT-ZO TROJAN! Note - the legitimate smss.exe process should not normally figure in Msconfig/Startup!"
|
| U | Sprint DSL virtual assistant | matcli.exe | """matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address |
| X | Spruce - Auto Update | Spruce.exe | "Rabio ""Search Enhancer"" adware variant"
|
| Y | Spybot - Search & Destroy | TeaTimer.exe | "Part of the popular Spybot - Search & Destroy spyware removal tool from Safer Networking Limited. ""Resident TeaTimer is a tool of Spybot-S&D which perpetually monitors the processes called/initiated. It immediately detects known malicious processes wanting to start and terminates them giving you some options |
| Y | SpybotDeleting***** | [cmd or command] /c del [path] [filename] | "Generated by Spybot Search & Destroy if it encounters files that cannot be deleted during runtime because they are locked by other processes. For example |
| Y | SpybotSD TeaTimer | TeaTimer.exe | "Part of the popular Spybot - Search & Destroy spyware removal tool from Safer Networking Limited. ""Resident TeaTimer is a tool of Spybot-S&D which perpetually monitors the processes called/initiated. It immediately detects known malicious processes wanting to start and terminates them giving you some options |
| X | SpyDevastator | SpyDevastator.exe | "SpyDevastator rogue security software - not recommended |
| X | SpyFighterUpdate | AutoUpdate.exe | "SpyFighter spyware remover - not recommended |
| X | Spyinator | Spyinator.exe | "Spyinator rogue spyware remover - not recommended"
|
| Y | Spyware X-terminator | SpywareX.exe | "Spyware X-terminator antispyware from StompSoft |
| X | spywareisolator | spywareisolator.exe | "SpywareIsolator rogue spyware remover - not recommended |
| Y | SpywareTerminator | SpywareTerminatorShield.exe | "Spyware Terminator's real-time protection. Initially not recommended due to false positives but the later versions have since improved - see here"
|
| Y | SpywareTerminatorUpdate | SpywareTerminatorUpdate.exe | "Automatic updates for Spyware Terminator. Initially not recommended due to false positives but the later versions have since improved - see here"
|
| X | SPYWATCH | SpyWatch.exe | "BPS spyware remover - not recommended |
| X | SpyWatchE | SpyWatchE.exe | "SpyWatchE rogue security software - not recommended |
| X | SQUpdatesChecker | uc.exe | "Xupiter SQWire toolbar related. Use Spybot S&D |
| X | sr64 | [path to trojan] | "Added by the AGENT.X TROJAN!"
|
| X | SrchfstUpdate | srchupdt.exe | SearchFast adware downloader
|
| ? | srePostpone | "rundll32.exe [path] srescan.dll | DoSpecialAction" |
| X | Srv32 spool service | [path to trojan] | "Added by the DLOADER-LB TROJAN!"
|
| X | ssate.exe | irun4.exe | "Added by the BEAGLE.J WORM!"
|
| X | ssate.exe | winsys.exe | "Added by the BEAGLE.K WORM!"
|
| N | SSBkgdUpdate | SSBkgdupdate.exe | "Automatic updates for ScanSoft (now Nuance) products such as OmniPage and PaperPort. Can be disabled using the main program's options. Note - if you have a Soundblaster Audigy2 ZS soundcard installed on your computer and the volume of your sound system is turned on extremely high disabling this will solve the problem"
|
| X | ssgrate.exe | system.exe | "Added by the MITGLIEDER.C TROJAN!"
|
| X | ssgrate.exe | irun.exe | "Added by the MITGLIEDER.D TROJAN!"
|
| X | ssgrate.exe | irun4.exe | "Added by the MITGLIEDER.F TROJAN!"
|
| X | ssgrate.exe | sysdoor.exe | "Added by the MITGLIEDER.N TROJAN!"
|
| X | ssgrate.exe | winerdir.exe | "Added by the MITGLIEDER.O TROJAN!"
|
| X | ssgrate.exe | winsystems.exe | "Added by the BAGLEDL-J TROJAN!"
|
| X | ssgrate.exe | wintems.exe | "Added by the MITGLIEDER.Q TROJAN!"
|
| X | sstata | dwdas.exe | "Added by the DASDA TROJAN!"
|
| X | sstata | [path to trojan] | "Added by the RANCK-DF TROJAN!"
|
| X | SSUpdate | SSUpdate.exe | "MoneyTree parasite - ActiveX control used to download premium-rate dialers"
|
| X | Start aThe Roll | enotxa2.exe | "Added by the RBOT-PV BACKDOOR!"
|
| X | Start aThx Roll | f0mered.exe | "Added by the RBOT.AAV WORM!"
|
| X | Start Uppings | mssupdate.exe | "Added by a variant of the RBOT WORM!"
|
| X | startemdoit | [path to trojan] | "Added by the DLOADR-AVP TROJAN!"
|
| X | startkey | update.exe | "Added by the BIFROSE-DG TROJAN!"
|
| X | Startup Configuration | [six character filename] | "Added by the RBOT-ARV WORM!"
|
| X | Startup Configuration | wztoid.exe | "Added by the RBOT-ASD WORM!"
|
| X | Startup Update | Cvshost.exe | "Added by the GAOBOT.AO WORM!"
|
| X | StartUpDate | [path to trojan] | "Added by the BIFROSE.F BACKDOOR!"
|
| N | Stat 'n' Perf | StatnPerf.exe | "Stat 'n' Perf monitors your internet connection and displays information about sent and received bytes"
|
| X | StatBar | STATBAR.exe | "StatBar (system status bar) allows you to quickly get an overview of your system's condition (memory |
| X | State Service | csrss.exe | "Added by the DADOBRA-CP TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
|
| U | StationPlaylistStudio | SPLStudio.exe | "StationPlaylist Studio - ""simple to use on-air broadcast playback software for the studio and/or DJ"" for small to medium sized radio broadcasters |
| X | Statistics | statslist.exe | "Added by the OPANKI-S WORM!"
|
| X | statloads | pgjd83sa.exe | "Added by the SDBOT-UM WORM!"
|
| N | Status Monitor | BrMfcWnd.exe | Brother scanner status monitor - can be started manually
|
| U | Status Monitor CLJ1500 | HPPOUMUI.exe | "Status monitor for the HP Color LaserJet 1500 printer from Hewlett-Packard - for monitoring printer status |
| N | Status Monitor XE | ENGSS.EXE | The Xerox Document WorkCentre XE Series Status Monitor displays information about your printer and currently active or waiting print jobs. You can use it to control your printing environment and manage your printing operations. Available via Start -> Programs
|
| ? | StatusClient | StatusClient.exe | Part of Hewlett Packard network printer drivers
|
| ? | StatusClient 2.6 | StatusClient.exe | Part of Hewlett Packard network printer drivers
|
| N | StatusView | StatusView.exe | "Status View intra-office messaging"
|
| X | stealth.stat.exe | stealth.stat.exe | "Added by the THEALS.A WORM!"
|
| U | StopSignStatus | stopsinfo.dll | "eAcceleration Stop-Sign security software related. Previously not recommended |
| X | stratas | xmconfig.exe | "Added by the RBOT-AHR WORM!"
|
| X | stratas | lockx.exe | "Added by the SDBOT-ADD WORM!"
|
| X | Stratas | ggfig.exe | "Added by the OPANKI.W WORM!"
|
| X | strto | [path to trojan] | "Added by the KILLAV-AP TROJAN!"
|
| X | StubPath | Sservice.exe | "Added by the PRORAT TROJAN!"
|
| X | stup | [path to trojan] | "Added by the AGENT-CIL TROJAN!"
|
| X | stxrmsgms | mstats.exe | "Added by the IRCBOT-AE TROJAN!"
|
| X | suicide | tempfile2.bat | "Personal Protector rogue security software - not recommended |
| X | Sun Java Updater | stacsv.exe | "Added by the BUZUS.DBFM TROJAN!"
|
| X | Sun Java Updater v5 | javajre.exe | "Added by the AUTORUN-XI WORM!"
|
| X | Sun Java Updater v7.4 | javawx.exe | "Added by the ACKANTTA.B WORM!"
|
| X | SunJava Updater v7 | javale.exe | "Added by the ACKANTTA.B WORM!"
|
| X | SunJavaSched Updater | avamx.exe | "Added by the RBOT-ABJ WORM!"
|
| X | SunJavaUpdate | smvss.exe | "Added by the DEDLER-G TROJAN!"
|
| X | SunJavaUpdater | javaw.exe | "Added by the MYTOB.QR WORM!"
|
| X | SunJavaUpdaterv13 | javaupdater.exe | "Added by the ROUTROBOT WORM!"
|
| N | SunJavaUpdateSched | jusched.exe | "Checks with Sun's Java updates site to see if newer Java versions are available. Either visit the Java download page or click on Start → Control Panel → Java → Update → Update Now"
|
| X | SunJavaUpdateSched | scvhost.exe | "Added by the SDBOT-AVX WORM!"
|
| X | SunJavaUpdateSched | javamx.exe | "Added by the SDBOT-WI WORM!"
|
| X | SunJavaUpdateSched10 | jushed.exe | "Added by the ACKANTTA.F WORM!"
|
| X | SunJavaUpdateSched132 | jschd.exe | "Added by the AUTORUN-AQY WORM!"
|
| X | SunJavaUpdateSched16 | jvshed.exe | "Added by the ACKANTTA.G WORM!"
|
| X | SunJavaUpdatSched | spoolsv.exe | "Added by the BANCBAN-NP TROJAN! Note - this is not the legitimate spoolsv.exe which is always located in %System%. This one is located in %ProgramFiles%\MSN Messenger"
|
| U | SuNotification | suatshut.exe | "ShadowSurfer - ""provides a safe computing environment by creating a virtual twin of your PC. Restore the pre-ShadowMode system state no matter what changes have occurred to your PC"""
|
| N | Supastatus | status.exe | "Supanet ISP software"
|
| X | supdate | supdate.exe | "Added by the MALWARE.D TROJAN!"
|
| X | supdate2.dll | "rundll32.exe supdate2.dll | Run" |
| X | supdate2.dll | regsvr32.exe /s supdate2.dll | "Added by the ZLOB-VL TROJAN! Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The ""supdate2.dll"" file is found in %System%"
|
| X | SuperBar.Component | [path to services.exe] | "Added by the SMALL-AQ TROJAN! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %System%\Inetsrv"
|
| U | Support.com Scheduler and Command Dispatcher | tgcmd.exe | "Part of software from SupportSoft (aka Support.com) provided to manufacturers and ISPs that allows them to offer on-line support - to update drivers |
| X | SurfBuddy | rundll32 [path] sbuddy.dll | "SurfBuddy adware - not to be confused with the legitimate SurfBuddy application by SurfApps!. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted"
|
| X | SustemUpdate | explorer.exe | "Added by an unidentified VIRUS |
| X | svcdata.exe | svcdata.exe | "Added by the SPYBOT.ZIF WORM!"
|
| X | svchosd | [path to trojan] | "Added by the BANCOS-BCX TROJAN!"
|
| X | svchost | [path to trojan] | "Added by the HAZZER TROJAN!"
|
| X | svchost | [path] SETUP.EXE | "Added by the SETCLO WORM!"
|
| X | SVCHOST | updater32.exe | "Added by the RANTS.A WORM!"
|
| X | svchost | [path to explorer.exe] | "Added by the UNREAL-A TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually!"
|
| X | SVCHOST Generic application | svchost.exe | "Added by the DAEMONI-K TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
|
| X | svchost.exe | [path to executeable] | "Added by the BANKER-MO TROJAN!"
|
| X | SvcManager | [path to trojan] | "Added by the ZALON-A BACKDOOR!"
|
| X | SvcSys | [path to file] | "Added by the BANCOS.Z TROJAN!"
|
| X | svcwinprocess32 | [path to worm] | "Added by the UPERING WORM!"
|
| X | svhost updates | Svhost.exe | "Added by a variant of the RBOT WORM!"
|
| X | sVideo2 | [path to dialler] | """Switch-D"" premium rate adult content dialler"
|
| X | Svshost Update Service | svcbind.exe | "Added by the MYTOB.LH WORM!"
|
| X | svshostdriver | msnmessengerupdate.exe | "Added by the SDBOT-BI BACKDOOR!"
|
| X | Swf32 | AVupdate.exe | "Added by the MERKUR.E WORM!"
|
| N | Switchboard.com Toolbar | AtHoc.exe | "Toolbar for the on-line version of Yellow Pages in the US - Switchboard.com"
|
| U | SWL | rundll32.exe [path] SWL.dll rdl | "StealthWeblog surveillance software. Uninstall this software unless you put it there yourself! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted"
|
| X | SYDNEY | [file path] | "Added by the SYNEY WORM!"
|
| X | Sygaete Personal Firewall | SyGate.exe | "Added by the RBOT-GLX WORM!"
|
| X | Sygate Peral Firewall | Syga.exe | "Added by the RBOT-AQK WORM!"
|
| X | Sygate Personal 3 | svrv.exe | "Added by the RBOT-XD WORM!"
|
| X | Sygate Personal Block | Studio.exe | "Added by the RBOT-TW WORM!"
|
| X | Sygate Personal Firewall | Win32x.exe | "Added by the RBOT-KZ WORM!"
|
| X | Sygate Personal Firewall | system32.exe | "Added by the RBOT.VI WORM!"
|
| X | Sygate Personal Firewall | sysgut.exe | "Added by the SDBOT.WM WORM!"
|
| X | Sygate Personal Firewall | Sygate.exe | "Added by the RBOT-PN WORM!"
|
| X | Sygate Personal Firewall | Mcafeeupdate.exe | "Added by the RBOT.YN WORM!"
|
| X | Sygate Personal Firewall | Sygate32.exe | "Added by the RBOT.ATW WORM!"
|
| X | Sygate Personal Firewall | MSNSRV32.exe | "Added by a variant of the RBOT WORM!"
|
| X | Sygate Personal Firewall | service.exe | "Added by a variant of the RBOT WORM!"
|
| X | Sygate Personal Firewall | t1ktik.exe | "Added by the RBOT-VP WORM!"
|
| X | Sygate Personal Firewall | host32.exe | "Added by the RBOT.ALD WORM!"
|
| X | Sygate Personal Firewall | sexy.exe | "Added by the RBOT-XY WORM!"
|
| X | Sygate Personal Firewall | sys.exe | "Added by the RBOT-ZC WORM!"
|
| X | Sygate Personal Firewall | syserror.exe | "Added by the RBOT.UC WORM!"
|
| X | Sygate Personal Firewall | hostserv.exe | "Added by the RBOT.BKO WORM!"
|
| X | Sygate Personal Firewall | msnmsgrs.exe | "Added by the RBOT.XN WORM!"
|
| X | Sygate Personal Firewall | Sygat.exe | "Added by a variant of the RBOT WORM!"
|
| X | Sygate Personal Firewall | wins.exe | "Added by the RBOT.AOB WORM!"
|
| X | Sygate Personal Firewall | winxpstat.exe | "Added by a variant of the RBOT WORM!"
|
| X | Sygate Personal Firewall | Syga.exe | "Added by the RBOT-AQD WORM!"
|
| X | Sygate Personal Firewall | svchots.exe | "Added by the RBOT.ABT WORM!"
|
| X | Sygate Personal Firewall | win31243.exe | "Added by a variant of the IRCBOT TROJAN!"
|
| X | Sygate Personal Firewall Start | services32.exe | "Added by the RBOT-MB WORM!"
|
| X | Sygate Personal Firewall Start | servic.exe | "Added by the RBOT-RY WORM!"
|
| X | Sygate Personal Port | crss.exe | "Added by the RBOT-PX WORM!"
|
| X | Sygate Personal Port Blocker | volume.exe | "Added by a variant of the RBOT WORM!"
|
| X | Sygate Personal Port Blocker | winupdate.exe | "Added by a variant of the RBOT WORM!"
|
| X | Sygate Personals Firewalls | ccsrn.exe | "Added by a variant of the RBOT WORM!"
|
| X | Sygates Personal Firewall | sygs.exe | "Added by the RBOT.XB WORM!"
|
| U | SyGateService | sgserv95.exe | "SyGate is a useful little program that lets you share an internet connection over an intranet. Is it needed - it saves a lot of headache to just let SyGate load at startup. Available via Start -> Programs"
|
| X | Symantec Antivirus professional | dfrgfrat.exe | "Added by a variant of the FORBOT WORM!"
|
| X | Symantec Antivirus professional | autoformat.exe | "Added by a variant of the FORBOT WORM!"
|
| X | Symantec Configuration Loader | ccApp32.exe | "Added by the AGOBOT-EE WORM!"
|
| X | SymantecFilterCheck | [path to trojan] | "Added by the BANKER-EIN TROJAN!"
|
| X | Symlcs | [path to file] | "Added by the YASPY-A TROJAN!"
|
| U | SymmTime Application | GeTTime.exe | "SymmTime from Symmetricon - freeware utility that ""synchronizes your PC clock to Coordinated Universal Time (UTC) |
| U | Sync Data | Hndsync.exe | "Pocket Real Estate - mobile synchronization manager"
|
| X | Sync Server | drwatsoon.exe | "Added by the WATSOON.A TROJAN!"
|
| X | Synchronization Agent | mobsynca.exe | "Added by the RANDEX-E WORM!"
|
| U | Synchronization Manager | mobsync.exe | "Microsoft Synchronization Manager for 2K/XP - used to update network copies of materials that were edited offline |
| X | Synchronization Manager | rservers.exe | "Added by the FORBOT-FM WORM!"
|
| X | Syntax Script | saskatcw.exe | "Added by the SDBOT-TE WORM!"
|
| X | Sys-Stat | wuapdxe.exe | "Added by the SDBOT.HK WORM!"
|
| X | SysATW | sysatw.exe | "Added by the VANEBOT-AM WORM!"
|
| U | SysBkup | [path to file] | "Keyspy keystroke logger/monitoring program - remove unless you installed it yourself!"
|
| X | Sysctrls | winupdate.exe | Added by an unidentified WORM or TROJAN!
|
| X | sysdat.dll | sysdat.dll.exe | Added by the NISHICA 1.1 TROJAN!
|
| X | SysData | [path to file] | "Added by the RANCK-BA TROJAN!"
|
| X | sysformat | sysformat.exe | "Added by the BAGLE-BK WORM!"
|
| X | Sysgate Personal Firewall | syst3ms.exe | "Added by a variant of the IRCBOT TROJAN!"
|
| X | sysin | [path to file] | "Added by the DSRC-A TROJAN!"
|
| X | sysnate | sysnate.exe | "Added by the MEDIAS TROJAN!"
|
| X | syspath | drv.exe | "Added by the SOBER WORM!"
|
| X | SySPower | [path to trojan] | "Added by the BANCBAN-OC TROJAN!"
|
| X | Syss | ehuupdate.exe | "EHU adware"
|
| X | sysser | [path to file] | "Added by the RAHACK WORM!"
|
| X | System | Atira.exe | "Added by the KOTIRA VIRUS!"
|
| X | System | Updaterun.exe | "Added by the QQHELP-DX TROJAN!"
|
| X | System Applications Profile | sap.exe | "Added by the RBOT-QF WORM!"
|
| X | System Buffer Application | buffer32.exe | "Added by the SDBOT-UD WORM!"
|
| X | system check | updater.exe | Unidentified adware downloader
|
| X | System Configuration | iexplore.exe | "Added by the RANDEX.AD WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System%"
|
| X | System Configuration | syscfg32.exe | "Added by the MYTOB.EA WORM!"
|
| X | System Configurator32 | SYSTEMCFG.EXE | "Added by the AGOBOT-KS WORM!"
|
| X | System CSRSS Patch | scrtkfg.exe | "Added by the RBOT-ADA WORM!"
|
| X | System Database administration | systemDA.exe | "Added by the DERDERO.B WORM!"
|
| X | System Database Administration Support Process | sysdasp.exe | "Added by the DERDERO.C WORM!"
|
| X | System DataBase Root | sysdbroot.exe | "Added by the QHOST-W TROJAN!"
|
| X | System Document Application | nmod.exe | "Added by the SDBOT-ABB WORM!"
|
| X | System Document Application | msdocument.exe | "Added by the RANDEX.COX WORM!"
|
| X | System Document Application | wins.exe | "Added by the SDBOT.AUB WORM!"
|
| X | System Document Application | winsvc32.exe | "Added by the SDBOT-VA WORM!"
|
| X | System Error Notification | senr32.exe | "Added by the POISON-BT TROJAN!"
|
| X | System Failure Statistic | cnstat.exe | "Added by the RBOT-LF WORM!"
|
| U | System Files Updater | System Files Updater.exe | "System Files Updater from Flyakiteosx ""will transform the look of an ordinary Windows XP system to resemble the look of Mac OS X"""
|
| X | System Information Manager | Navcpe.exe | "Added by the SDBOT-QB WORM!"
|
| X | System Information Manager | Msbb.exe | "Added by the SLINBOT.YR BACKDOOR!"
|
| X | System Information Manager | iexplore.exe | "Added by a variant of the IRCBOT BACKDOOR! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System%"
|
| X | System Information Manager | mslog.exe | "Added by the DELF.AKO TROJAN!"
|
| X | System Information Manager | no.exe | "Added by the SPYBOT.NO WORM!"
|
| X | System Information Manager | syspass.exe | "Added by the SDBOT-MO WORM!"
|
| X | System Information Manager | win.exe | "Added by the SDBOT-MU WORM!"
|
| X | System Information Manager | windowsNt.com | "Added by the SDBOT-ND WORM!"
|
| X | System Initialization | msmsgri32.exe | "Added by the RANDEX.D WORM or ROXY or ROXY.B TROJANS!"
|
| X | System Initialization | payload.dat | "Added by the RANDEX.D WORM or ROXY or ROXY.B TROJANS!"
|
| X | System Manager Updates | winsvc.exe | "Added by the AGOBOT.AEM WORM!"
|
| N | System Mechanic Professional Update [Incinerator.dll] | SysMech4.exe /REREG: [path] Incinerator.dll | "Iolo System Mechanic ""Incinerator"" feature securely deletes files and folders from your PC so they can never be recovered again"
|
| X | System Net Database | sysnd.exe | "Added by the RBOT-AAW WORM!"
|
| X | System Process Analization | sysproc.exe | "Added by a variant of the RBOT WORM!"
|
| X | System Process Analization Thread | system.exe | "Added by a variant of the RBOT WORM!"
|
| X | System Restore Data | [path] repcale.exe [path] beird.exe | "Added by the RANDON.AN WORM! Both files are located in %System%\frbyjed"
|
| X | System Security Updaters | vsmons.exe | "Added by the RBOT-OW WORM!"
|
| X | System service78 | [path to file] | "Added by the ELITEBAR-T and ELITEBAR-U TROJANS!"
|
| X | System service79 | [path to file] | "Added by the ELITEBAR-V TROJAN!"
|
| X | System Stats | SystemStats.exe | "Added by a variant of the WOOTBOT WORM!"
|
| X | System time updator | CSysTime.exe | "Added by the RANDEX.S WORM!"
|
| X | system updata | updata.exe | "Added by the LINEAGE-C TROJAN!"
|
| X | System Update | [filename].exe | "CoolWebSearch parasite variant"
|
| X | System Update | [random filename] | "Added by the KORGO.W or KORGO.X WORMS!"
|
| X | System Update | wupdmgr.exe | "Added by the SOROMO-A TROJAN!"
|
| X | System Update | [random filename] | "Added by the SOROMO-A TROJAN!"
|
| X | System Update | wauluclt.exe | "Added by the SDBOT.EF WORM!"
|
| X | System Update | [path to trojan] | "Added by the AUTOTROJ-D TROJAN!"
|
| X | System Update | mssetupconf.exe | "Added by the RBOT.DLC WORM!"
|
| X | System Update Application | msbuffer.exe | "Added by the SDBOT.AFF WORM!"
|
| X | System Update Service | wmiprvsa.exe | "Added by the AGOBOT-RG TROJAN!"
|
| X | System Update Service | winupd32.exe | "Added by the ADTODA-A TROJAN!"
|
| X | System Update Service | system.pif | "Added by the RBOT-ALL WORM!"
|
| X | System Update Service | update.pif | "Added by the SPYBOT.WOE WORM!"
|
| X | System Update Service | wmiprvsv.exe | "Added by the AGOBOT.YG WORM!"
|
| X | System Update Service | csrss32.exe | "Added by the AGOBOT-HI WORM!"
|
| X | System Update2 | explorer.exe | "Added by the AUTOTROJ-C TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%"
|
| X | System Update2 | services.exe | "Added by the AUTOTROJ-C TROJAN! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup!"
|
| X | System Update2 | svchost.exe | "Added by the AUTOTROJ-C TROJAN! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup!"
|
| X | System Update2 | system.exe | "Added by the AUTOTROJ-C TROJAN!"
|
| X | System Update2 | taskman.exe | "Added by the AUTOTROJ-C TROJAN!"
|
| X | System Update2 | taskmon.exe | "Added by the AUTOTROJ-C TROJAN! Note - this is not the legitimate Win98/Me file of the same name which is located in %Windir% as this version is located in %System%. It is not normally found on a WinXP system"
|
| X | System Update2 | update.exe | "Added by the AUTOTROJ-C TROJAN!"
|
| X | System Update2 | webcheck.exe | "Added by the AUTOTROJ-C TROJAN!"
|
| X | System Update2 | wininet.exe | "Added by the AUTOTROJ-C TROJAN!"
|
| X | System Update2 | winlogon.exe | "Added by the AUTOTROJ-C TROJAN! Note - this is not the legitimate winlogon.exe process |
| X | System Update2 | winspool.exe | "Added by the AUTOTROJ-C TROJAN!"
|
| X | System Update2 | wupdmgr.exe | "Added by the AUTOTROJ-C TROJAN!"
|
| X | System Updated | svchoes.exe | "Added by the RBOT-ASF WORM!"
|
| X | System Updater Machine | crhwss.exe | "Added by the CIADOOR-DQ TROJAN!"
|
| X | System Updater Machine | system.exe | "Added by the CIADOOR.GN BACKDOOR!"
|
| X | System Updater Process | wmiprvsw.exe | "Added by the AGOBOT-IL WORM!"
|
| X | System Updater Service | wmiprvsw.exe | "Added by the GAOBOT.AFC WORM!"
|
| X | System Updates | winsci.exe | "Added by a variant of the RBOT WORM!"
|
| X | System Updates | szwi.exe | "Added by the RBOT-AXE WORM!"
|
| X | System Updates | unve.exe | "Added by the RBOT-AWG TROJAN!"
|
| X | System Updates | wmkl.exe | "Added by the RBOT-AYJ WORM!"
|
| X | System Updates 4 | mssysfix.exe | "Added by the RBOT-ADU WORM!"
|
| X | System Updates Manager | winserv32.exe | "Added by the AGOBOT-AGA WORM!"
|
| X | System Updates Service | updates.pif | "Added by the RBOT-AMA WORM!"
|
| X | System-Stat | systats.exe | "Added by the SDBOT.RA WORM!"
|
| X | SystemAdministration | Wincmp32.exe | "Added by the ASYLUM TROJAN!"
|
| X | SystemBooster2009 | sbr_updater.exe | "SystemBooster2009 rogue system suite - not recommended |
| X | SystemData | MBlocker.exe | "Messenger Blocker rogue security software - not recommended"
|
| X | Systemiom Updater | Systemiom.exe | "Added by the SPYBOT.TY WORM!"
|
| U | SystemKey | rundll32.exe [path] SystemKey.dll rdl | "Stealth Keylogger keystroke logger/monitoring program - remove unless you installed it yourself! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted"
|
| X | SystemMessenger | rundll32.exe [path] SystemMessenger.dll | "Stealth Chat Monitor spyware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted"
|
| X | SystemMigration | WinMedia.exe | "Added by the KELVIR.EI WORM!"
|
| X | SystemUpdate | Negdo.exe | "Added by the CULLER-C WORM!"
|
| X | SystemUpdate | Xeyu.exe | "Added by the CULLER-D WORM!"
|
| U | SystemWeb | rundll32.exe [path] SystemWeb.dll rdl | "StealthWeblog surveillance software. Uninstall this software unless you put it there yourself! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted"
|
| X | systemyom Updater | systemyom.exe | "Added by a variant of the IRCBOT TROJAN!"
|
| X | SYSTEMZ Patch | SYSZ.exe | "Added by the ALADINZ.P TROJAN!"
|
| X | systrans | [path to trojan] | "Added by the STARTPA-GZ TROJAN!"
|
| X | Systray | KAT.vbs | "Added by the SOAD-D WORM!"
|
| X | Systry | [path to worm] | "Added by the AUTEX WORM!"
|
| X | Systryt | [path to worm] | "Added by the AUTEX WORM!"
|
| X | sysupdate | cmman32.exe | "Added by a variant of the SDBOT WORM!"
|
| X | taengtae | AutoRun.bat | "Added by the GATINA-B WORM!"
|
| N | Tahni Deskmate | Tahni.exe | "Tahni Deskmate - "Interactive cartoon character that lives on your Windows desktop""
|
| X | talk | talk.bat | "Added by the TIOTUA-G WORM!"
|
| X | TANG_INA_MO | AutoRun.bat | "Added by the FILUKIN.A WORM!"
|
| U | Task Catcher | tasktrap.exe | "Real-time monitor for Task Catcher from BillP Studios - which ""allows you to efficiently monitor programs running on your computer without slowing you down or hogging all your memory. Task Catcher will block unwanted programs from running and restart your favorite programs if they are disabled or crash"". If the program isn't registered the monitor will initially load and then close at start-up. If registered it will continue to run and optional System Tray access will also be available"
|
| U | Task Catcher Monitor | tasktrap.exe | "Real-time monitor for Task Catcher from BillP Studios - which ""allows you to efficiently monitor programs running on your computer without slowing you down or hogging all your memory. Task Catcher will block unwanted programs from running and restart your favorite programs if they are disabled or crash"". If the program isn't registered the monitor will initially load and then close at start-up. If registered it will continue to run and optional System Tray access will also be available"
|
| U | Task Catcher Real-Time Detector | tasktrap.exe | "Real-time monitor for Task Catcher from BillP Studios - which ""allows you to efficiently monitor programs running on your computer without slowing you down or hogging all your memory. Task Catcher will block unwanted programs from running and restart your favorite programs if they are disabled or crash"". If the program isn't registered the monitor will initially load and then close at start-up. If registered it will continue to run and optional System Tray access will also be available"
|
| X | Task manager | UPDATEWIN.exe | "Added by the RBOT.BBS WORM!"
|
| X | Taskman | KHATRA.exe | "Added by the AUTORUN-AKR WORM!"
|
| X | Taskman | sysdate.exe | "Added by the SILLYFDC.BCQ WORM!"
|
| X | TaskManager | [path to trojan] | "Added by the LDPINCH-CF TROJAN!"
|
| X | Taskmgo | [path to file] | "Added by the BANCBAN-T TROJAN!"
|
| X | taskmgr | [path to trojan] | "Added by the AGENT-ENV TROJAN!"
|
| X | taskmngr | [path] msnve.exe [path] task.exe | "Added by the FLOOD-EK TROJAN!"
|
| X | TaskMon | [path to trojan] | "Added by the DROPPER.EAT TROJAN!"
|
| X | taskmrg.exe | [path to trojan] | "Added by the BANCBAN-BN TROJAN!"
|
| X | taskmsgs | [path to trojan] | "Added by the BANCOS-BBW TROJAN!"
|
| X | Tasmgr | Taskmgr.bat | "Added by the YPSAN.G WORM!"
|
| X | tat | tatss.exe | "Delfin Promulgate adware variant"
|
| X | Tcp Application Manager | localsvc.exe | "Added by the DLOADER-NY TROJAN!"
|
| X | Tcp Application Manager | netsvc.exe | "Added by the DLOADER-NY TROJAN!"
|
| X | Tcp Application Manager | spoolsvc.exe | "Added by the DLOADER-NY TROJAN!"
|
| X | Tcp Application Manager | svcadmin.exe | "Added by the DLOADER-NY TROJAN!"
|
| X | Tcp Application Manager | svcman.exe | "Added by the DLOADER-NY TROJAN!"
|
| X | Tcp Application Manager | svcrun.exe | "Added by the DLOADER-NY TROJAN!"
|
| X | Tcp Application Manager | tcpsvc.exe | "Added by the DLOADER-NY TROJAN!"
|
| X | Tcp Application Manager | websvc.exe | "Added by the DLOADER-NY TROJAN!"
|
| X | TCPXP Update | tcpxp.exe | "Added by the RBOT-UL WORM!"
|
| X | tcupdater | tcupdater.exe | Topconverting.com/180Search adware updater
|
| Y | TeaTimer | TeaTimer.exe | "Part of the popular Spybot - Search & Destroy spyware removal tool from Safer Networking Limited. ""Resident TeaTimer is a tool of Spybot-S&D which perpetually monitors the processes called/initiated. It immediately detects known malicious processes wanting to start and terminates them giving you some options |
| Y | Telepath | telepath.exe | "Drivers for the WinModem versions of the US Robotics ""Telepath"" series - as supplied to Gateway for instance. WinModems use software rather than hardware - hence putting a load on the CPU. Needed if you have it for loading the drivers. See here for more WinModem information"
|
| U | TelstraClear Broadband Support | matcli.exe | """matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address |
| U | TELUS eCare | matcli.exe | "TELUS Resolution Assistant. ""matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address |
| X | Terminal Update | biosefui.exe | "Added by the PPDOOR-O TROJAN!"
|
| X | Terminate Popup | ZPU.exe | "Free Popup Killer - foistware proven to install the Regsvc32 homepage hijacker. Also see here"
|
| X | Terminate Popup | fpuk.exe | Popup killer - foistware proven to install the Regsvc32 homepage hijacker
|
| N | Tesco.net | "rundll32 [path] RyDial.dll | QuickStart" |
| X | Testing 123 | msdata.dat | "Added by the NITS.A WORM!"
|
| N | Textbridge Instant Access OCR | telepath.exe | "TextBridge from Nuance (was Scansoft). OCR (optical character recognition) software for scanning documents into popular editing applications. Available via Start -> Programs"
|
| U | The Easy Bee's Hive | ATCEgSvr.exe | "The Easy Bee is a software that allows you to record Internet navigation sequences |
| X | TheMonitor | [path to trojan] | "Added by the DLOADR-LO TROJAN!"
|
| N | ThinkPad Configuration Utility | TP98TRAY.EXE | "System Tray access to the ThinkPad Configuration utility for IBM/Lenovo ThinkPad notebooks. ""The ThinkPad Configuration utility is a control center to configure your ThinkPad hardware. With this utility |
| U | ThinkPad Presentation Director | NPDTray.exe | System Tray access to Presentation Director for IBM/Lenovo Thinkpad notebooks - which allows you to create and quickly select between various single and mulitple display options. Scheme selection and settings are also available via Fn+F7 key combination on some models
|
| Y | ThreatFire | TFTray.exe | "System Tray access to ThreatFire no-signature anti-malware from PC Tools - which ""features innovative real-time behavioral technology that provides powerful protection against both known and unknown viruses |
| X | Time Zone Synchronization | wscript zshell.js | "Added by the NETDEX-A TROJAN!"
|
| N | Tiny Watcher Logon Time | Watcher.exe | "Tiny Watcher detects changes to your system. It will not prevent your system from being modified or corrupted. It will only tell you that something suspicious happened. Think of it as an early CAT scan against system tumors. Better to install a tool that will detect and remove bad items"
|
| U | Titlebar Date | Titlebar Date.exe | "Titlebar Date by Titlebar Software - displays the day of the week and date and time in the active window's tile bar. For example |
| X | tjstartup | [path to file] | "Added by the TJSERV.C TROJAN!"
|
| X | tlc | update911.js | Hijacker installer
|
| U | TLogonPath | tb2logon.exe | "Timbuktu Pro - remote desktop access software"
|
| X | tmax | pupdate.exe | Adware pop-up generator
|
| X | Tok-Cirrhatus | IDTemplate.exe | "Added by the RONTOKBRO.A WORM!"
|
| X | Tok-Cirrhatus | smss.exe | "Added by the BRONTOK-A WORM and variants! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %AppData%"
|
| X | Tok-Cirrhatus | [path to file] | "Added by the BRONTOK-F WORM!"
|
| X | Tok-Cirrhatus-1464 | br3951on.exe | "Added by the BRONTOK.AD WORM!"
|
| X | Tok-Cirrhatus-1959 | br4941on.exe | "Added by the BRONTOK-J WORM!"
|
| X | Tok-Cirrhatus-1959 | [random].exe | "Added by the BRONTOK-CF WORM!"
|
| X | Tok-Cirrhatus-1959sarc | sv711224030r.exe | "Added by the BRONTOK-R WORM!"
|
| X | Tok-Cirrhatus-1959sarc | yesbron.com | "Added by the BRONTOK-R WORM!"
|
| X | Tok-Cirrhatus-2454 | br5931on.exe | "Added by the BRONTOK.AD WORM!"
|
| X | Tok-Cirrhatus-2784 | br6591on.exe | "Added by the BRONTOK-L WORM!"
|
| X | Tok-Cirrhatus-2784 | smss.exe | "Added by the BRONTOK-S WORM! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %AppData%"
|
| X | Tok-Cirrhatus-[4 random digits] | br[4 random digits]on.exe | "Added by the BRONTOK-M WORM!"
|
| ? | TomcatStartup | hpbpsttp.exe | "Apache Tomcat web server |
| ? | TomcatStartup 2.5 | hpbpsttp.exe | "Apache Tomcat web server |
| X | topat | zlip.exe | "Added by the FLOOD-IG TROJAN!"
|
| X | Torjan Program | [path to trojan] | "Added by the LEGMIR-BO TROJAN!"
|
| U | Toshiba Key State | KEYSTATE.EXE | "Displays an icon in the System Tray indicating the state of the CAPS LOCK key. Can be handy on (e.g. |
| N | Toshiba Registration | ToshibaRegistration.exe | Toshiba Registration - available via Start -> Programs
|
| N | Toshiba TEMPO | Toshiba.Tempo.UI.TrayApplication.exe | "TEMPO is a software service developed by Toshiba. It will advise you on how to fine-tune the performance of your notebook and keep you informed of the latest Toshiba software and driver updates as soon as they are released. It does this by delivering various types of alerts into a special TEMPO inbox area on your notebook PC"
|
| U | TOSHIBA Volume Indicator | VolControl.exe | On-screen volume indicator for Toshiba notebooks
|
| U | TosRotation | TRot.exe | TOSHIBA Rotation Utility - allows users to rotate a notebook's screen image 180 degrees in order to share information on the screen with others seated across a table or desk
|
| N | tourpath | regedit /s [path] tour.reg | "Edits registry values to keep the Win 2000 ""tour"" in Task Scheduler"
|
| X | tpcupdater | updatetc.exe | "Antivirus XP 2008 rogue security software - not recommended"
|
| X | trackerx90.th.gs | anti_data_exe_by_trackerx90.exe | "Added by the BCKDR-QIT BACKDOOR!"
|
| U | TrackPoint Accessibility Features | tp4ex.exe | "Supports accessibility features for the TrackPoint stick and associated buttons on IBM/Lenovo ThinkPad notebooks. If features such as ""Click Sound"" |
| N | Tray Date | Tray Date.exe | "Tray Date by Titlebar Software - displays a simple icon in the System Tray (that can't be configured) which shows the current date. The originator's website is no longer available but you can still download it here. Whilst it only uses around 10MB of memory |
| N | Tray Temperature | Weatherbug.exe | "Weatherbug provides current outdoor temperature in the System Tray |
| U | traydate.exe | TRAYDATE.EXE | TrayDate - displays the date as well as the time in the System Tray
|
| X | Trickler | [path to file] | "GAIN adware. Please note that Claria Corporation no longer support GAIN-Supported software - see here"
|
| X | TrojanSimulator | TSServ.exe | "Trojan Simulator security risk which simulates a trojan infection and may be used to verify whether a virus scanner can properly detect the file"
|
| X | ttaa | tata.exe | "Added by the LINEAGE-T TROJAN!"
|
| ? | Tukati | TukatiRedistributor.exe | "Tukati Digital Content Distribution. Is it required?"
|
| X | TurboNet | [path to trojan] | "Added by the RENOS-EA TROJAN!"
|
| ? | Tvwatch | tvwatch.exe | "Associated with the TV-oOut option on Asus AGP or Intel graphics cards. Is it required?"
|
| X | type | bat.exe | "Added by the ANSKYA-A WORM!"
|
| N | TypingSatellite | KBOOST.exe | "Typing Master 2002 background utility that collects typing errors and builds up customised typing lessons for your needs. Available via Start -> Programs"
|
| U | U.S.Robotics WLAN Adapter Configuration Utility | USRWLAN.exe | "U.S.Robotics LAN Adapter - wireless LAN (WLAN) configuration utility"
|
| X | Uate | oocs.exe | "PurityScan adware"
|
| U | UCmore XP - The Search Accelerator | "rundll32.exe UCMTSAIE.dll | DllShowTB" |
| N | UIWatcher | UIWatcher.exe | "Part of the Ashampoo® UnInstaller series from Ashampoo GmbH & Co. KG - including UnInstaller Platinum 2 |
| X | Ultimate Cleaner | UltimateCleaner.exe | "Ultimate Cleaner rogue security software - not recommended |
| X | Ultimate Defender | UltimateDefender.exe | "Ultimate Defender rogue security software - not recommended |
| X | Ultimate Fixer | UltimateFixer.exe | "UltimateFixer rogue system error and cleaning utility - not recommended"
|
| X | Ultimate System Guard | MainFAVProj.exe | "Ultimate System Guard rogue security software - not recommended |
| X | UltimateBuddy | UltimateBuddy.exe | "UltimateBuddy - installs malware |
| X | UltimateServices | ultsvcs.exe | "Added by the AGENT-LGT TROJAN!"
|
| N | UltimateZip Quick Start | uzqkst.exe | "UltimateZip - file compression utility"
|
| X | UpData | wupdata.exe | "Added by the IRCBOT-AA TROJAN!"
|
| X | Update | [original file path] | "Added by the LYNDEGG WORM!"
|
| X | Update | CDUpdater.exe | """Carpe Diem"" adult premium rate dialler related"
|
| X | Update | Sysupd.exe | Added by the SLACKBOT VIRUS!
|
| X | Update | Zupdate.exe | "Associated with B3d Projector foistware - see here"
|
| X | Update | mshtm.exe | Browser hijacker - redirecting to buldog-search.com
|
| X | Update | UPDATE-28062004.exe[25 blank spaces].vbs | "Added by the MIDFIN WORM!"
|
| X | update | winis.exe | "Added by the RBOT-VD WORM!"
|
| X | update | r00t.exe | "Added by the RBOT-ACO WORM!"
|
| X | UPDATE | WinUpdater5.0.vbs | "Added by the GORMLEZ-A WORM!"
|
| X | UpDate | RAuth.exe | "Added by the DLOADER-UL TROJAN!"
|
| X | Update | csrss.exe | "Added by the ADCLICK-AG TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
|
| X | Update | csrss.exe | "Added by the MEHEERWAR TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ""winupdate"" subfolder"
|
| X | Update | lsass.exe | "Added by the ADCLICK-AG TROJAN! Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
|
| X | Update | svchost.exe | "Added by the ADCLICK-AG TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
|
| X | Update | Update.exe | "QuickButton adware"
|
| X | Update | hanz.exe | "Added by a variant of the RBOT-GLJ WORM!"
|
| X | Update | WinUpdate.exe | "Added by the SDBOT-CV BACKDOOR!"
|
| X | Update Checker | winlog.exe | "Added by the IRCBOT-TJ TROJAN!"
|
| X | Update Checker | scvhost.exe | "Added by the AGENT-DSF TROJAN!"
|
| X | update driver | SNDVOL32.EXE | "Added by the SPYBOT-CU BACKDOOR!"
|
| X | Update Explorer | iexploreupd.exe | "Added by a variant of the RBOT WORM!"
|
| X | Update for Windows | [various filenames] | "Added by the LERPA-A WORM! Note - the file name will be one of the following common.exe |
| ? | Update for Works | MSWkstz.exe | "Maybe related to later versions of MS Works?"
|
| N | Update Grokster | WiseUpdt.exe | "Automatically updates the Grokster file sharing software. Beware of adware and spyware when using this type of program |
| X | Update Install | Schost.exe | "Added by the GAOBOT.AO WORM!"
|
| ? | Update local | SetCPQLC.exe | "Running on a Compaq desktop. Any ideas?"
|
| N | Update Manager | UpdateManager.exe | "Searches for updates for the Rogers Yahoo! Browser - can be run manually"
|
| X | update mon sys | updaterar.exe | "Added by a variant of the RBOT WORM!"
|
| X | update run dos | logon.exe | "Added by a variant of the SDBOT WORM!"
|
| X | Update Run MSword | LOGON.EXE | "Added by the RBOT.TY WORM!"
|
| Y | Update Service | Update.exe | "Loaded by Handybits programs such as EasyCrypto. Re-instates itself every time the program is run so best to leave it enabled. Prevent it dialling out via a firewall"
|
| X | update service | svxhost.exe | "Added by the RBOT-MG WORM!"
|
| X | Update Service | winu32.exe | "Added by the RBOT-MG WORM!"
|
| X | update service | winx.exe | "Added by a variant of the RBOT WORM!"
|
| ? | Update TUT | WiseUpdt.exe | "??"
|
| X | Update ver 1.0 | Swap.exe | "Added by the SWAP-C WORM!"
|
| X | Update Windows | EXPLORE.EXE | "Added by a variant of the SDBOT WORM!"
|
| X | Update Windows | EXPLORE.EXE | "Added by a variant of the SDBOT WORM!"
|
| X | Update.exe | ravseuper.exe | "Added by the QQPASS-P TROJAN!"
|
| X | Update32 | configs.exe | "Hijacker |
| X | UpdateCheck | winstall.exe | "Added by the SPYBOT-CY WORM!"
|
| N | UpdateChecker | UpdateChecker.exe | "Checks for new releases available in the popular FileHippo.com repository for any software you may already have installed on your computer. Run manually when required"
|
| X | UpdateComponent | CNF UPD.EXE | Added by the SPYBOT.GEN VIRUS!
|
| ? | UpdateFW | fwdload.exe | "Appears to be firmware update software for a Network Associates ATMbook OC-3 SMF Interface Module?"
|
| ? | UPDATEHOOK | Rundll32.exe | "??"
|
| X | updatelavasoft | updatelavasoft.exe | "CoolWebSearch parasite variant - redirecting to lalasearch.com"
|
| U | UpdateManager | sgtray.exe | "StorageGuard from Veritas (this version by Sonic). Free utility that integrates with Backup MyPC (formerly Backup Exec Desktop) |
| X | UpdateManager | updmanager.exe | "Added by the ANYHOMB.F TROJAN!"
|
| X | UpdateMedia | UpdateMedia.exe | "MediaUpdate foistware"
|
| X | UpdateMgr | updmgr.exe | "SouthBeachTel premium rate adult content dialer"
|
| N | updateMgr | AdobeUpdateManager.exe | Automatic updates for the Adobe Reader file viewer
|
| N | updatemgr.exe | updatemgr.exe | "Once a month |
| X | UPDATEMSN | svhost.exe | Added by an unidentified WORM or TROJAN!
|
| X | updater | wupdater.exe | "KeenVal adware"
|
| ? | updater | updater.exe | "??"
|
| X | Updater | adservernow.exe | "AdServerNow adware"
|
| X | updater | wisvc.exe | "Added by the ORSE-A TROJAN!"
|
| X | UpDaTer | csrss.exe | "Added by the AUTORUN.DIB WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ~A~m~B~u~R~a~D~u~L~� subfolder"
|
| X | Updater Service Process | svhost32.exe | "Added by the AGOBOT.TY WORM!"
|
| X | Updater Service Process | csrss32.exe | "Added by the AGOBOT-GP BACKDOOR!"
|
| X | updater32 | winload32.exe | "Added by the CULT.M WORM!"
|
| X | updatereal | realupdate.exe | Chinese originated adware
|
| X | UpdaterUI | UpdaterUI.exe | "Added by the AGENT-TM TROJAN!"
|
| X | Updates | msupdate.exe | "CoolWebSearch parasite variant"
|
| N | Updates from HP | backweb*****.exe | "See here - ""messaging service that automatically sends you support information |
| N | Updates from HP | Updates from HP.exe | Automatically detects an internet connection and downloads any available updates
|
| X | updatesched | [random filename] | "ZenoSearch adware"
|
| X | UpdateService | wservice.exe | "Added by the DREF-K WORM!"
|
| X | Updatestats | Updatestats.exe | "Statblaster adware"
|
| X | UpdateStats | UpdateStats.exe | "SeekSeek search hijacker related - see here"
|
| N | updatev01 | updatev01.exe | Ultra-networks.com software updater/downloader
|
| X | updatewin | update.exe | "Added by a variant of the SDBOT WORM!"
|
| X | UpdateWin | [random filename] | "Added by the IRCBOT.AZW BACKDOOR!"
|
| X | updateWins | systrey.exe | "Added by the RANDON WORM!"
|
| ? | Updatewiz | updatewiz.exe | "??"
|
| X | UpdateXpSp | MS045-XP2.exe | "Added by the IRCBOT.NY TROJAN!"
|
| X | updatexwin | winxrpc.exe | "Added by the AGOBOT-KJ WORM!"
|
| N | UPDATE~1 | updatemgr.exe | "Once a month |
| X | upddateit | winit.exe | "Added by the RBOT-MS WORM!"
|
| X | UPNP | [path to trojan] | "Added by the DROPPER.EAT TROJAN!"
|
| U | Upromise Update | UpromiseUa.exe | "Updater for the Upromise college savings program"
|
| X | UpToDate | uptodate.exe | "BrowserAid/BrowserPal foistware"
|
| X | uptolate | nucle.exe | Added by a variant of the BIFROSE TROJAN!
|
| X | USB 2.0 Driver | updateXPSPC.exe | "Added by the AGOBOT-RJ WORM!"
|
| X | USB 2.0 Driver | updateXP.exe | "Added by the AGOBOT-QP WORM!"
|
| X | USB 2.0 Driver | UpdateXPSP.exe | "Added by the AGOBOT-QD WORM!"
|
| X | USB 2.1 Driver | winupdate1.exe | "Added by a variant of the RBOT WORM!"
|
| X | USB Driver4 | UpdateXP*.exe [* = random digit] | "Added by a variant of the SDBOT WORM!"
|
| X | USB Drivers1 | msupdate.exe | "Added by a variant of the RBOT WORM!"
|
| ? | USB Hub Keyboard Patch | SKBPATCH.EXE | USB HUB Update
|
| X | USB MS Update | USBS.exe | "Added by a variant of the RBOT WORM!"
|
| X | USB Updates | mservices.exe | "Added by a variant of the SDBOT WORM!"
|
| X | USB Updates | msfirewalls.exe | "Added by a variant of the RBOT WORM!"
|
| X | USB Updates 2 | wugfixx.exe | "Added by a variant of the RBOT WORM!"
|
| X | USBConfigration2 | wmmndir.exe | "Added by the AGOBOT-SV WORM!"
|
| X | UsbD | [path to trojan] | "Added by the CIDRA-F TROJAN!"
|
| X | USBHWINFO | [path to trojan] | "Added by the LOWZONE-I TROJAN!"
|
| X | usbn | [path to trojan] | "Added by the HOGIL-C TROJAN!"
|
| X | user logon | [path to worm] | "Added by the PAHATIA-A WORM!"
|
| N | Usrobotics Online Registration | ?? | Pop-up reminding customers to register their products online at US Robotics
|
| X | UtilisateurSur | SysRep.exe | "UtilisateurSur |
| U | VAIO Update 2 | VAIOUpdt.exe | Related to Sony Vaio Update service
|
| X | ValidData | [path to trojan] | "Added by the RANKY.H TROJAN!"
|
| X | VBS_AUTO_UPDATE | 0548656X.vbs | "Added by the GORMLEZ-A WORM!"
|
| X | VC5MediaPlayer | [path to file] | "Added by the DEDLER-D TROJAN! The most common filenames seen are ""csmss.exe"" and ""csmrs.exe"" |
| X | VCatch | Vcatch.exe | "CommonSearch Vcatch - ""antivirus"" software which actually bundles spy/adware itself!"
|
| X | VCatch Premium | VCatchpre.exe | "VCatch antivirus. Considered spyware itself - see here"
|
| ? | VCDWATCH | VCDWATCH.EXE | "Confirmed as Voyetra CD Watcher as it was found in a Compaq/Voyetra/AS2 directory but what does it do?"
|
| X | Vdat Update | lalaa.exe | "Added by a variant of the RBOT WORM!"
|
| U | Venturi Configurator | ventcfg.exe | "Venturi Wireless mobile broadband configuration utility"
|
| U | VERBATIM STORE 'N' G | verbatim store 'n' go.exe | "Loads the driver for the Verbatim Store'n'Go PRO USB Flash Drive - reportedly required only on systems running Windows 98 and Millennium"
|
| X | Veritas Patch | veritas.exe | "Added by the RBOT-XT WORM!"
|
| U | Verizon Online Support Center | matcli.exe | ""matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address |
| U | versato | versato.exe | """Hot"" button (such as volume and browser control) management and a CD player as supplied with QTronix (as possibly Micro Innovations) keyboards"
|
| X | VGATune | VGATune.exe | "Added by the RBOT-AWM WORM!"
|
| X | Vidcompat | Vidcompat.exe | "Added by the GEMA TROJAN!"
|
| X | VidiaDrivers | [path to trojan] | "Added by the RANKY.U TROJAN!"
|
| X | vietato.exe | vietato.exe | Adult content dialler
|
| U | ViewpointPhotosDeviceConnect | FotomatDeviceConnect.exe | "Related to Viewpoint which is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything ""bad"". This will change from what we know in 2006 according to this article. You can remove it via Start -> Settings -> Control Panel -> Add/Remove Programs list..."
|
| U | Virtuele Katja | VKatja.exe | "Virtuele Katja - have an attractive moviestar parade on your Desktop and help you search the Dutch ""Gouden Gids"" business directory too..."
|
| X | Virus Melt | [path to executable] | "Virus Melt rogue security software - not recommended |
| X | Virus Removal Tool | [path to trojan] | "Added by the TOMETA-B TROJAN!"
|
| X | virusbye | virusbyeUpdater.exe | "VirusBye rogue security software - not recommended"
|
| X | VirusHeat 3.9 | VirusHeat 3.9.exe | "VirusHeat rogue security software - not recommended |
| X | VirusHeat 4.3 | VirusHeat 4.3.exe | "VirusHeat rogue security software - not recommended |
| X | VirusHeat 4.4 | VirusHeat 4.4.exe | "VirusHeat rogue security software - not recommended |
| X | VirusIsolator | VirusIsolator | "VirusIsolator rogue security software - not recommended |
| X | VirusIsolator.exe | VirusIsolator.exe | "VirusIsolator rogue security software - not recommended |
| ? | VirusScanMSC | VsStat.exe | "Part of McAfee VirusScan. System Tray application as with previous versions (were also VsStat.exe) |
| X | VMware User Process | KHATRA.exe | "Added by the AUTOIT.K TROJAN!"
|
| U | VMware Workstation | vmware-tray.exe | "System Tray access to virtual machines (VMs) currently in a ""powered on"" state in VMware Workstation - which ""makes it simple to create and run multiple virtual machines on your desktop or laptop computer"". Can be helpful if VMs are configured to run ""headless"" at Windows startup |
| N | VMware Workstation | hqtray.exe | "VMware Host Network Access Status Tray Application - part of both VMware Player (from version 2.0) and Workstation (until version 6.5) - which allow you to ""run multiple operating systems simultaneously on a single PC."" It's function is uknown at present and it displays no tray icon as the name suggests. Can be disabled without affecting the operation of either product"
|
| X | VnCplUpdate | msdm.exe | "Masssend - spam relayer. Listens on a port for the spammers to feed it a list of addresses and what to send out. More information in
| X | Volume Shadow Configuration | vbmsvc.exe | "Added by the SLENFBOT.DH WORM!"
|
| N | VoyetraTray | vtray.exe | This provides an abbreviated Control Group for the Turtle Beach Montego II sound functions/associated with AudioStation 3 and 32
|
| Y | VsStatEXE | VSSTAT.EXE | From McAfee VirusScan up to version 4.x and Dr Solomon's VirusScan. Communicates between VSSTAT.EXE and the VShield System Scan module. Can be started automatically or available via Start -> Programs
|
| X | vXCXssdss | [path to trojan] | "Added by the RANCK-BO TROJAN!"
|
| X | VxD Driver Initialization | ntsvxd.exe | "Added by the SDBOT-LW WORM!"
|
| X | W32data | eworo.exe | "Added by a variant of the RBOT WORM!"
|
| N | Watch | watch.exe | Found to be used by a Trust USB scanner for auto starting the scanning software when the lid is lifted
|
| U | Watch | 1200UBWATCH.EXE | Button press monitor for the Mustek 1200 UB Scanner
|
| N | Watch Dog Program | watchdog.exe | For Compaq PC's. Associated with Compaq's internet services. Not required if you don't use services provided by them and may not be required even if you do
|
| N | Watchdog | Watchdog.exe | "Definitely part of the Mustek scanner drivers and software (for 600 III EP Plus and maybe others) |
| ? | WatchDog | watchdog.exe | "Part of Motorola ""Mobile Phone Tools"" v3 - in a ""Mobiile Phone Tools"" sub-directory of Program Files"
|
| ? | WatchDog | DVDCheck.exe | "Related to an Intervideo program. What does it do and is it required in startup?"
|
| U | WatcherHelper | WaHelper.exe | "Sierra Wireless Watcher™ - wireless configuration utility"
|
| N | WatchWAN | WatchWAN.exe | "WatchWAN keeps an accurate account of the data that is flowing between your computer and the Internet at any given moment. This readout is presented in both numerical and graphical format |
| U | Watson Subscriber for SENS Network Notifications | dwtrig20.exe | "Used to launch Microsoft Error Reporting (DW20.exe) - if |
| U | WDDMStatus | WDDMStatus.exe | "WD Drive Manager - part of Western Digital's WD SmartWare management software for selected external drives in the My Book and My Passport range. Allows the user see the drive status |
| N | WEATHER | WEATHER.EXE | "Weatherbug provides current outdoor temperature in the System Tray |
| U | Weather Pulse | weatherpulse.exe | "Weather Pulse from Tropic Designs. ""Display popular Satellite images and video from around the globe |
| N | WeatherCast | Weather.exe | Weather reporting in the System Tray. Available via Start -> Programs. Installed via Radlight
|
| N | WeatherEye | WeatherEye.exe | "WeatherEye - desktop weather from TheWeatherNetwork"
|
| X | WeatherOnTray | WeatherOnTray.exe | "Hotbar adware"
|
| X | WeatherOnTray | SbWeatherOnTray.exe | "Hotbar adware"
|
| N | Weatherscope | Weatherscope.exe | "WeatherScope - ""displays your current local temperature in the system tray of your computer (near the clock) whenever you are online!"" Not recommended as it bundles GAIN adware. You can get the adware free version for a whopping $30. Please note that Claria Corporation no longer support GAIN-Supported software - see here"
|
| X | WeatherStudio Desktop | WeatherStudio Desktop.exe | "WeatherStudio adware"
|
| N | WeatherWatcher | ww.exe | "WeatherWatcher - weather reporting in the System Tray"
|
| X | Web-cameinst | [path to trojan] | "Added by the RANCK-BP TROJAN!"
|
| ? | Webcam Go Sti Service Application | wbcgosvc.exe | "Control software for the portable Creative Webcam Go digital camera/PC web cam. What does it do and is it required?"
|
| X | Webcelerator | webcel.exe | "Webcelerator from eAcceleration speeds your Web browsing by both remembering where you have been and anticipating where you will go. Only needed if you find it improves web browsing. Now no longer available and supported and when available was classed as spyware - see here"
|
| X | WebRebates0 | WebRebates0.exe | "WebRebates adware"
|
| X | WebSavingsfromEbates | WebSavingsfromEbatesrun.exe | "Web Savings From Ebates Software |
| X | WebSavingsFromEbates0 | WebSavingsFromEbates0.exe | "Web Savings From Ebates Software |
| X | Website Administrator Info | webadmin.exe | "Added by the FORBOT-FY WORM!"
|
| X | WebSpecials | rundll32 [path] webspec.dll | "WebSpecials spyware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted"
|
| X | WebSUpdater | wupda.exe | "Added by the STARTPAGE.C TROJAN!"
|
| ? | WEPstat | Wepstat.exe | "Cisco Aironet 340 Series PC Card driver. If it can be started manually it shouldn't be required if you don't use the PC card facility regularily - hence the status could be ""U"". Can anybody confirm this?"
|
| X | what ever | decom.exe | "Added by the RBOT-SC WORM!"
|
| X | What Frenz | FriendEQUALsuX.exe | "Added by the BHARAT.A WORM!"
|
| U | WhatPulse | WHATPU~1.EXE | "WhatPulse keeps track of your keystrokes |
| U | WhatPulse | WhatPulse.exe | "WhatPulse collects statistics on how much you type on your computer and sends this information to a server. It is not a keylogger which monitors your keystrokes and what you type - it only counts the number of keystrokes"
|
| X | WheelsMouse | [path to trojan] | "Added by the SOCKSPR-D TROJAN!"
|
| X | Wifi Configuration | wificonfig.exe | "Added by the IRCBOT.AWB BACKDOOR!"
|
| X | Wifi Configuration! | wificonfigs.exe | "Added by the IRCBOT.AWB BACKDOOR!"
|
| U | WildTangent Web Driver updater | wcmdmgrl.exe | "Web Driver delivery system for WildTangent on-line games. Periodically checks for updates - can be disabled within the programs control panel. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case"
|
| ? | win name | stat.exe | "??"
|
| X | Win Patch | ntldr.exe | "Added by the SDBOT-GS WORM!"
|
| X | Win Process Updates | winupdates.exe | "Added by a variant of the SDBOT WORM!"
|
| X | Win Secure Update | [random filename] | "Added by the RBOT-AGI WORM!"
|
| X | win update | wupda32.exe | "Added by the SDBOT.J WORM!"
|
| X | win update | wapdate.exe | "Added by a variant of the RBOT WORM!"
|
| X | Win Update | SysUpdate.exe | "Added by the AGOBOT-TN WORM!"
|
| X | Win Update | oleupdate.exe | "Added by the AGENT-UY TROJAN!"
|
| X | Win Update | msnmger.exe | "Added by the RBOT-GDP WORM!"
|
| X | win update | wupdate.exe | "Added by the RBOT-P BACKDOOR!"
|
| X | Win Updater | WINUPDATER.EXE | "Added by the RBOT.IP WORM!"
|
| X | Win Updator Services | ctfnom.exe | "Added by a variant of the WOOTBOT WORM!"
|
| X | Win Validation Application | DBExecCom.exe | "Added by the VBSILLY-A WORM!"
|
| X | Win32 Configuration | videosd32.exe | "Added by the SDBOT.TT WORM!"
|
| X | Win32 Configuration | dllhelp.exe | "Added by the SDBOT.UL WORM!"
|
| X | Win32 Configuration | mplayer.exe | "Added by the FORBOT-BZ WORM!"
|
| X | Win32 Information Service | crsrs.exe | "Added by the RINBOT.Y WORM!"
|
| X | Win32 Kernel Update | win32update.exe | "Added by the PROXY-BS TROJAN!"
|
| X | Win32 Ms Auto Updater | AutomsUPD.exe | "Added by a variant of the RBOT WORM!"
|
| X | win32 security updates downloader | tskmngr.exe | "Added by a variant of the SDBOT WORM! See here"
|
| X | Win32 Test | bleatest.exe | "Added by a variant of the RBOT WORM!"
|
| X | Win32 Update | svchosts.exe | "Added by a variant of the SDBOT WORM!"
|
| X | Win32 Update | dl32.exe | Added by an unidentified WORM or TROJAN!
|
| X | win32 update service | svchostt.exe | "Added by a variant of the SDBOT WORM!"
|
| X | Win32 USB2 Driver | winupdate.exe | "Added by the AGOBOT.YE WORM!"
|
| X | Win32 USB2 Driver | updatemgr.exe | "Added by a variant of the FORBOT WORM!"
|
| X | Win32.Trojan.Downloader | netstat2.exe | "Added by the PAINTER TROJAN!"
|
| X | win32update | win32update.exe | "Added by the GENOME.AQUV TROJAN!"
|
| X | Win32Updater | KERNAL32.EXE | "Added by the SPYBOT-OK WORM!"
|
| X | Win64 Compatibility Check | load win64.drv | "CoolWebSearch parasite variant"
|
| X | WIN95DEFVIEW | [path to file] | "Added by the DEDLER-D TROJAN! The most common filenames seen are ""csmss.exe"" and ""csmrs.exe"" |
| X | Winamp Update | yhn.exe | "Added by the SDBOT-ACR WORM!"
|
| X | wincrt.exe | [path to worm] | "Added by the STRATIO-HA WORM!"
|
| X | WIND0WS | mella.bat | "Added by the ALLEM WORM!"
|
| X | WinData | services.exe | "Added by the SOBER-AD WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\PoolData and note the space at the beginning of the ""Startup Item"" field"
|
| N | WinDates | windates.exe | "WinDates is a calendar |
| X | WinDLL (wingatey32.exe) | "rundll32.exe wingatey32.exe | start" |
| X | Windosupdate manager | runwin32.exe | "Added by the SDBOT.NNS BACKDOOR!"
|
| X | Window upadate | pe2.exe | "Added by a variant of the RBOT WORM!"
|
| X | window2 | ieupdate.exe | "Added by the FORBOT-BM WORM!"
|
| X | Windowfdgfds DasdLL Verifier | winupdatr.exe | "Added by the AGOBOT.HZ WORM!"
|
| X | Windowfdgfds DasdLL Verifiew | [path to worm] | "Added by the RBOT-GGX WORM!"
|
| X | WindowRegKey update | wins.exe | "Added by the SPYBOT.I WORM!"
|
| X | windows | [path to trojan] | "Added by the AIMWIN TROJAN!"
|
| X | Windows 32 Update | Windows-Update.exe | "Added by a variant of the RBOT WORM!"
|
| U | Windows Accelerators | setup.exe | "KeySpy keystroke logger/monitoring program - remove unless you installed it yourself!"
|
| X | Windows Account Alternation | wauclt.exe | "Added by a variant of the IRCBOT TROJAN! See here"
|
| X | Windows Activate System | syssv.exe | "Added by a variant of the SPYBOT WORM!"
|
| X | Windows AdStatus | WinStat.exe | "Added by the BLESHARE!DR VIRUS!"
|
| X | Windows Application Layer | walg32.exe | "Added by the AGOBOT.ATN WORM!"
|
| X | Windows Application Layer Gateway | walg32.exe | "Added by the AGOBOT-AAZ WORM!"
|
| X | Windows applications server | SysShield.exe | "Added by the unregistered version of Personal Anti Malware rogue security software - not recommended |
| X | windows auto update | msblast.exe | "Added by the BLASTER.B WORM!"
|
| X | windows auto update | penis32.exe | "Added by the BLASTER (or MSBLAST.A) WORM!"
|
| X | Windows Auto Update | winupdater.exe | "Added by the SDBOT.TF WORM!"
|
| X | Windows auto update | bazzi.exe | "Added by the AHKER.E WORM!"
|
| X | Windows auto update | LSASS.exe | "Added by the AHKER.G WORM! Note - this is not the legitimate lsass.exe process |
| X | Windows Auto Updater | WINDOWSUPDATE.EXE | "Added by the SDBOT.PB WORM! Note the space at the beginning of the filename"
|
| X | Windows Automatic Update | wuamgrder.exe | "Added by a variant of the RBOT WORM!"
|
| X | Windows Automatic Updater | windrg.exe | "Added by a variant of the RBOT WORM!"
|
| X | Windows Automatic Updates | dvldr.exe | "Added by the RBOT.MF WORM!"
|
| X | Windows Automatical Updater | dcz.exe | "Added by the RBOT.CXS WORM!"
|
| X | Windows AutomaticUpdater | runddls.exe | "Added by a variant of the RBOT WORM!"
|
| X | windows automation | mslaugh.exe | "Added by the BLASTER.E WORM!"
|
| X | Windows Automation | msdspr.exe | "Added by the SOLAME.A WORM!"
|
| X | Windows Backup Configuration | IEXPLORER.exe | "Added by the GAOBOT.AZ WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe)"
|
| X | Windows Communicator | wincomm.exe | "Added by the AGOBOT-BH WORM!"
|
| X | Windows Communicator for NT/XP | osndyrn.exe | "Added by the SDBOT-CPK WORM! Note - can terminate AV related processes"
|
| X | Windows Configuration | wsys32.exe | "Added by the GAOBOT.FB WORM!"
|
| X | Windows Configuration | wincfg32.exe | "Added by the MYTOB.ED WORM!"
|
| X | Windows Configuration | WINHUB.EXE | "Added by the SPYBOT-CG WORM!"
|
| X | Windows Configuration Loader | asclt.exe | "Added by the SDBOT-OA WORM!"
|
| X | Windows Configuration Loader | msgfix.exe | "Added by the SDBOT-NP WORM!"
|
| X | Windows Configuration System | IExplore.exe | "Added by the RBOT-DDG WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System%"
|
| X | Windows Configuration Utility | winxupdate.exe | "Added by the AGOBOT.LW WORM!"
|
| X | Windows Configurator | winconf.exe | "Added by a variant of the IRCBOT TROJAN!"
|
| X | Windows Console Monitor | [path to worm] | "Added by the KEDEBE WORM!"
|
| X | Windows Core Kernel Update | win32bootcfg.exe | "Added by the RANCK-EL TROJAN!"
|
| X | Windows Data Server | autodisc.exe | "Added by the SPYBOT-CB WORM!"
|
| X | Windows Data Server | [random name].exe | "Added by the SPYBOT-DS WORM!"
|
| X | Windows Database | WinDat.exe | Added by an unidentified WORM or TROJAN!
|
| X | Windows Database | wiinsvc.exe | "Added by the AGOBOT-RU WORM!"
|
| X | Windows Debugging Tools | updatecfg.exe | "Added by the RBOT-AXU WORM!"
|
| X | Windows Default Configuration | svchost.exe | "Added by the DLOADER-U TROJAN! Note - this is not the legitimate svchost.exe process which should not normally figure in Msconfig/Startup!"
|
| X | Windows Defender Updater | wdu*.exe | "Added by a variant of the FakeAlert TROJAN! This infection displays fake Windows Defender alerts which link to spyware-kicker.com"
|
| X | Windows DLL Loader | defragfat32z.exe | "Added by the LINKBOT.A WORM!"
|
| X | Windows DLL Loader | defragfat32pi.exe | "Added by the RBOT-QQ WORM!"
|
| X | Windows DLL Loader | defragfat39.exe | "Added by the POEBOT-C WORM!"
|
| X | Windows DLL Loader | defragfatz.exe | "Added by the LINKBOT.H WORM!"
|
| X | Windows DLL Loader | defragfat32.exe | "Added by the SDBOT-SS WORM!"
|
| X | Windows DLL Loader | defragfat32abc.exe | "Added by the RBOT-RG WORM!"
|
| X | Windows DLL Loader | defragfatx.exe | "Added by the POEBOT-F WORM!"
|
| X | Windows Drive Compatibility | System32Driver32.exe | "Added by the SUPOVA.Z WORM!"
|
| X | Windows Driver Foundation | MTVSCMXT.EXE | "Added by a variant of the RBOT WORM!"
|
| X | Windows driver update | dmsvc32.exe | "Added by the SDBOT-GP BACKDOOR!"
|
| X | Windows driver update | Ipconfig32.exe | "Added by the SDBOT-JV WORM!"
|
| X | Windows drivers update | windowsupdate.exe | "Added by the RBOT-ACE WORM!"
|
| X | Windows Explorer Update Build 1142 | EXPLORER32.EXE | "Added by the KaZaA based KWBOT or KWBOT.Y WORMS!"
|
| X | Windows FAT 32 | WINFAT32B.exe | "Added by the SPYBOT-AGT WORM!"
|
| X | Windows File Migration Wizard | HIMENSYST.EXE | "Added by the RBOT-EMO WORM!"
|
| X | Windows File Verification Service | wfvs.exe | Added by the RANKY.AC TROJAN!
|
| X | Windows Firewall Updater | updatees.exe | "Added by the RBOT-GBX WORM!"
|
| X | Windows Firewall Updater | cronos.exe | "Added by the RBOT-GBY WORM!"
|
| X | Windows Firewall Updater | ctfcom.exe | "Added by the RBOT-GCB WORM!"
|
| X | Windows Firewall Updater | windowsupdate.exe | "Added by the SPYBOT.AVEO WORM!"
|
| X | Windows Fix | integator.exe | "Added by the SDBOT.ZAB WORM!"
|
| X | Windows FormatAd | WinForm.exe | Windupdates adware variant
|
| X | Windows Genuine Validate | winservicessss.exe | "Added by the IRCBOT.UUI BACKDOOR!"
|
| X | Windows Insecure | [path to worm] | "Added by the RBOT-FSM WORM!"
|
| X | Windows Java Update | weatherBug32.exe | "Added by a variant of the RBOT WORM!"
|
| X | Windows Loader | SysUpdate.exe | "Added by a variant of the SDBOT WORM!"
|
| X | Windows Locator | wsass.exe | "Added by the IRCBOT.N TROJAN!"
|
| X | Windows Logon Application | WinIogon.exe | "Added by the LINKBOT.M WORM!"
|
| X | Windows Logon Application | logon.exe | "Added by the POEBOT-J WORM!"
|
| X | Windows Logon Application | services.exe | "Added by the CIADOOR-L TROJAN! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
|
| X | Windows Logon Application | win32help.exe | "Added by the DELBOT-X WORM!"
|
| X | Windows Logon Application | winlogon.exe | "Added by the POEBOT-KW WORM! Note - this is not the legitimate winlogon.exe process |
| X | Windows Logon Application | winamp.exe | "Added by the POEBOT-LR WORM! Note - this is NOT the popular Winamp media player which resides in a ""Winamp"" subdirectory of the Program Files directory"
|
| X | Windows Logon Applicationedc | winlogon.exe | "Added by the DWNLDR-HGR TROJAN! Note - this is not the legitimate winlogon.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %UserProfile%"
|
| X | Windows Logon Applicatonedc | winlogon.exe | "Added by the VB-EBV TROJAN! Note - this is not the legitimate winlogon.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %UserProfile%"
|
| X | Windows Management Instrumentation | mwd.exe | "Added by the GRAPS WORM!"
|
| X | Windows Management Instrumentation | [path to file] | "Added by the QEDS-A WORM!"
|
| X | Windows Management Instrumentations | winmg.exe | "Added by the GAOBOT.GW WORM!"
|
| X | Windows Manager Update Inc | tgb.exe | "Added by the SDBOT-ACM WORM!"
|
| X | Windows Media Player | mpupdata.exe | "Added by the SDBOT.BBG WORM!"
|
| X | Windows Media Player Update | [random filename] | "Added by the RBOT-ET WORM!"
|
| X | Windows media service | Sygate32.exe | "Added by the RBOT.ADE WORM!"
|
| X | Windows Media Updater | crease.exe | "Added by the RBOT-ATI WORM!"
|
| X | Windows Micro Drivers | wupdates32.exe | "Added by the RBOT-AEH WORM!"
|
| X | Windows Microsoft Update | wintask32.exe | "Added by a variant of the SDBOT WORM!"
|
| X | Windows MS Update 32 | fhm.exe | "Added by the IRCBOT.GEN WORM!"
|
| X | Windows MS Update 32 | sucker.exe | "Added by the FORBOT-GJ WORM!"
|
| X | Windows MS Update 32 | jebote.exe | "Added by the FORBOT-GK WORM!"
|
| X | Windows MSN Updates | wnd32.exe | "Added by the IRCBOT-ABA TROJAN!"
|
| X | Windows NNT | [path to trojan] | "Added by the RANKY.E TROJAN!"
|
| X | Windows NT Logon Application | winlogon.scr | "Added by the RBOT-ALP WORM!"
|
| X | Windows NT Update Manager | WINL0G0N.exe | "Added by the AGOBOT-NU WORM! Note that those are zeroes in the filename and not capital ""o"""
|
| X | Windows OLE Automation Server | ole32aut.vbe | "CoolWebSearch parasite variant"
|
| X | Windows Online Updater | dllman.exe | "Added by the RBOT-TE WORM!"
|
| X | Windows Population Logger | winpo32.exe | "Added by the AGENT.YKR WORM!"
|
| X | Windows Process | win_update.exe | "Added by the LASTWORD WORM!"
|
| X | Windows Registry Scan | timeupdate.exe | "Added by the SPYBOT.JE WORM!"
|
| X | Windows Reverse Preperation | winrvp.exe | "Added by the SLENFBOT.CB WORM!"
|
| X | Windows Secure Update | winupser.exe | "Added by the RBOT-GCG WORM!"
|
| X | Windows Secure Update | WinSecUp.exe | "Added by the RBOT-GCD WORM!"
|
| X | Windows Secure Update | load.exe | "Added by the FORBOT-GU WORM!"
|
| X | Windows Secure Update | WinSecure.exe | "Added by the RBOT-GDO WORM!"
|
| X | Windows Security Center Notification App | wscnfty.exe | "Added by a variant of the RBOT WORM!"
|
| X | Windows Security Center Notification Appls | sxe.exe | "Added by the RBOT-GKX WORM!"
|
| X | Windows Security Center Notification Applse | sxes.exe | "Added by the RBOT-GLR WORM!"
|
| X | Windows Security Center Notification Applse | os.exe | "Added by a variant of the RBOT-GLR WORM!"
|
| X | Windows Security Center Notification Applsee | sysecurex.exe | "Added by a variant of the RBOT-GKX WORM!"
|
| X | Windows Security Update | security32.exe | "Affilred adware"
|
| X | Windows Security Update | ndsass.exe | "Added by the RBOT.ESM BACKDOOR!"
|
| X | Windows Serv Patch | Mcaffe2005.exe | "Added by a variant of the RBOT WORM!"
|
| X | Windows Server Client Verification Service | wscvs.exe | "Added by the AGENT.AWC TROJAN!"
|
| X | Windows Server Information | servinfo.exe | "Added by the FORBOT-EN WORM!"
|
| X | Windows Server IP Verification Service | wsivs.exe | "Added by an unidentified WORM or TROJAN! See here"
|
| X | Windows Server Peer Verification Service | wspvs.exe | "Added by a variant of the RANKY TROJAN!"
|
| X | Windows Service | private-zone.exe | Added by an unidentified WORM or TROJAN!
|
| X | Windows Service Host Process | [path to file] | "Added by the EZIO-A WORM!"
|
| X | Windows Service Pack Auto Update | winworks.exe | "Adware downloader - detected by eScan antivirus as the AGENT.BT TROJAN!"
|
| X | Windows Service Pack Auto Update | figgaz.exe | "Detected by Kaspersky as the AGENT.BT TROJAN!"
|
| X | Windows Service Pack Auto Update | ballin.exe | Added by an unidentified WORM or TROJAN!
|
| X | Windows Service Pack Auto Update | del-me.exe | "Adware |
| X | Windows Service Update | livecal.exe | "Added by the SDBOT-DEY WORM!"
|
| X | Windows Service Update | crsss.exe | "Added by the SDBOT.CWX WORM!"
|
| X | Windows Service Update | mswsgs.exe | "Added by the RBOT.FQB WORM!"
|
| X | Windows Services | wupdate.exe | "Added by the GAOBOT.ZT WORM!"
|
| X | Windows Services Certification | svccert.exe | "Added by a variant of the IRCBOT BACKDOOR! See here"
|
| X | Windows Services Ink Platform Tablet Input Subsystem | wsiptis.exe | "Added by the RBOT.APC WORM!"
|
| X | Windows Services Update | svch0st.exe | "Added by a variant of the RBOT WORM! Note - the filename has the digit 0 rather then the uppercase ""o"""
|
| X | Windows Sound Emulator | snd32_win.exe | "Added by the ATNAS.A WORM!"
|
| X | Windows SP2 Update | Sp2update.exe | "Added by the WOOTBOT.BS WORM!"
|
| Y | Windows SteadyState - Bubble Messages | Bubble.exe | "Part of Windows SteadyState |
| Y | Windows SteadyState - Session Timer Notify (UI) | SCTUINotify.exe | "Part of Windows SteadyState |
| X | Windows Svshost Service Update 32 | svcsshost32.exe | "Added by the FORBOT-GD WORM!"
|
| X | WINDOWS SYSTEM | xpupdate.exe | "Added by the ZOTOB-G WORM!"
|
| X | WINDOWS SYSTEM | wupdate.exe | "Added by the MYTOB-HT WORM!"
|
| X | Windows System 32-Bat Service | win32bat.exe | "Added by the MYTOB.FI WORM!"
|
| X | Windows System Configuration | SYSCFG16.EXE | "Added by the WISDOOR-K TROJAN!"
|
| X | Windows System Configuration | Passcfg16.exe | "Added by the DOMWIS-E TROJAN!"
|
| X | Windows System Configuration | Winfrw.exe | "Added by the SOLUFINA TROJAN or the DOMWIS-J WORM!"
|
| X | Windows System Configuration | wincfg.exe | "Added by the AGOBOT.OP WORM!"
|
| X | Windows System Configuration | WINCFG32.EXE | "Added by the AGOBOT-TE WORM!"
|
| X | Windows System Configuration | WinNeth.exe | "Added by the RETHE-A WORM!"
|
| X | Windows System Configuration | nether.exe | "Added by the OPANKI-AB WORM!"
|
| X | Windows System Configuration | WINSYS32.exe | "Added by the SDBOT.AXK WORM!"
|
| X | Windows System Gateway | SPOOLER.EXE | "Added by a variant of the RBOT WORM!"
|
| X | Windows System Restore Configuration | Sblhost.exe | "Added by a variant of the SPYBOT WORM!"
|
| X | WINDOWS SYSTEM UPDATE | xDcc.exe | "Added by the MYOTB-EH WORM!"
|
| X | Windows System Update Tools | upds.exe | "Added by the VANBOT.CX BACKDOOR!"
|
| X | Windows Task Manager Emulator | kennewr.exe | "Added by the SPYBOT-FA WORM!"
|
| X | Windows Taskbar Manager | internat.exe | "Added by the PROTORIDE-H WORM!"
|
| X | Windows Taskbar Manager | [path to file] | "Added by the PROTORIDE.B WORM!"
|
| X | Windows Taskmanager Data | csrrss.exe | "Added by the RBOT-BBH WORM!"
|
| X | Windows Temperate Services | wintmp.exe | "Added by the SLENFBOT.ZW WORM!"
|
| X | Windows TM | pdpatbcyj.exe | "Added by the RBOT.FEF WORM!"
|
| X | Windows Upate | rundll.exe | "Added by the HAKO TROJAN! Note - this is NOT the Win9x/Me system file of the same name as described here"
|
| X | Windows Update | [filename] | "Added by the NORIO TROJAN! Acts as a hi-jacker redirecting to adult content sites"
|
| X | Windows Update | iexplorere.exe | "Added by the GAOBOT.AP WORM!"
|
| X | windows update | uddater.exe | "Added by the LEOX TROJAN!"
|
| X | Windows Update | wudate.exe | "Added by the AGOBOT.ML WORM!"
|
| X | Windows Update | wupdate.exe | "Wengs adware"
|
| X | windows update | sychost.exe | "Added by the LEOX.B WORM!"
|
| X | Windows Update | Wuamgrd.exe | "Added by a variant of the SPYBOT WORM!"
|
| X | Windows Update | inetinf.exe | "Added by a variant of the AGOBOT/GAOBOT WORM!"
|
| X | Windows Update | WindowsUpdate.exe | "Added by the BAYROB-A TROJAN!"
|
| X | Windows Update | host32.exe | "Added by the RBOT-GU WORM!"
|
| X | windows update | wuraclt.exe | "Added by the RBOT-PO WORM!"
|
| X | windows update | Wuanclt.exe | "Added by the RBOT.XZ WORM!"
|
| X | Windows Update | svchosts.exe | "Added by the FRUCTA TROJAN!"
|
| X | Windows Update | ebay.exe | "Added by the GAOBOT.BUU WORM!"
|
| X | Windows Update | windows.exe | "Added by the RBOT-RB WORM!"
|
| X | windows update | wuaurlt.exe | "Added by the RBOT.ADG WORM!"
|
| X | Windows Update | Update.exe | "Added by the DELF-FN TROJAN!"
|
| X | Windows Update | winmguard.exe | "Added by the RBOT-EM WORM!"
|
| X | Windows Update | wuampd.exe | "Added by the RBOT.UM WORM!"
|
| X | windows update | wuarclt.exe | "Added by the RBOT-OF WORM!"
|
| X | Windows Update | winupdate.exe | "Added by the SDBOT-WS WORM!"
|
| X | Windows Update | msnwinsb.exe | "Added by the RBOT-AAH WORM!"
|
| X | Windows Update | scvhost.exe | "Added by the SDBOT-XT WORM!"
|
| X | windows update | Microsoft.exe | "Added by the LMIR.A TROJAN!"
|
| X | Windows Update | mplupdate.exe | "Added by the MOEGA WORM!"
|
| X | windows update | msnsever.exe | "Added by the RBOT-AHN WORM!"
|
| X | Windows Update | taskmr.exe | "Added by the MYTOB-GZ WORM!"
|
| X | Windows Update | update32.exe | "Added by a variant of the RBOT WORM!"
|
| X | Windows Update | wininfo.exe | "Added by the MYTOB.GA WORM!"
|
| X | Windows Update | winlogin.exe | "Added by the BANKER-DV TROJAN!"
|
| X | Windows Update | msnupdates.exe | "Added by the RBOT-ALK WORM! Note - this file has nothing to do with Windows updates or MSN"
|
| X | Windows Update | qtask.exe | "Added by the RBOT-AKU WORM! Note - do not confuse with the Quicken file of the same name as described here"
|
| X | windows update | real.exe | "Added by the LEGMIR-AU WORM!"
|
| X | Windows Update | windowsx.exe | "Added by the BANCD-A TROJAN!"
|
| X | Windows update | wudupdate.exe | "ISTBar adware related"
|
| X | Windows Update | wupdmgr.exe | "Added by the BANCBAN-FC TROJAN and variants!"
|
| X | Windows Update | csrss.exe | "Added by the BANKER-HM TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
|
| X | Windows Update | msnsupdate.exe | "Added by the RBOT-AXS WORM!"
|
| X | Windows Update | XPLoogNT.exe | "Added by the BANCD-B TROJAN!"
|
| X | Windows Update | install.exe | "Added by the BANKER-IB TROJAN!"
|
| X | Windows Update | msi.exe | "Added by the BANKER-XB TROJAN!"
|
| X | Windows Update | Sqltob.exe | "Added by the DASHER.A WORM!"
|
| X | windows update | logonuit.exe | "Added by the LEGMIR-AO TROJAN!"
|
| X | Windows Update | avkir.exe | "Added by the RBOT-GJP WORM!"
|
| X | Windows Update | easypwnt.exe | "Added by a variant of the SDBOT WORM!"
|
| X | Windows Update | MSDEVS30.exe | Added by the SPYBOT.AHC WORM!
|
| X | Windows Update | SecretStub.exe | "Added by the SRAMLER.C WORM!"
|
| X | Windows Update | Winload.exe | "Added by the DEDMIR-A WORM!"
|
| X | Windows Update | taskngr.exe | "Added by a variant of the IRCBOT BACKDOOR! See here"
|
| X | Windows Update | usnsvc.exe | "Added by the KOBOT-C WORM!"
|
| X | Windows Update | win32update.exe | "Added by the SDBOT.FTK WORM!"
|
| X | Windows Update | livesrvs.exe | "Added by a variant of the RBOT WORM!"
|
| X | Windows Update | McAfee.exe | "Added by a variant of the IRCBOT BACKDOOR! See here. Note - this is not a valid McAfee program"
|
| X | Windows Update | McAfee3.exe | "Added by an unidentified WORM or TROJAN! See here"
|
| X | Windows Update | msconfig32.exe | "Added by a variant of the SPYBOT WORM! See here"
|
| X | Windows Update | msnsa32.exe | "Added by a variant of the IRCBOT BACKDOOR! See here"
|
| X | Windows Update | scrigz.exe | "Added by a variant of the IRCBOT BACKDOOR!"
|
| X | Windows Update | winsc.exe | "Added by the BUZUS.RYI TROJAN!"
|
| X | Windows Update | wuauclt32.exe | "Added by the SDBOT.DHY WORM!"
|
| X | Windows Update | dllhostup.exe | "Added by the BANCBAN-NB TROJAN!"
|
| X | Windows Update | explored.exe | "Added by the GAOBOT.MF WORM!"
|
| X | Windows Update | smsscr.exe | "Added by the BANKER-DK TROJAN!"
|
| X | Windows Update | sysdrv.exe | "Added by the AGENT-IYE TROJAN!"
|
| X | Windows Update | winupupdate1.exe | "Added by the RBOT-UV WORM!"
|
| X | Windows Update | klass.exe | "Added by the BIFROSE-ZH TROJAN!"
|
| X | Windows Update | winlogonEvt.exe | "Added by the VB-DXM TROJAN!"
|
| X | Windows update | explore.exe | "Added by the GAOBOT.AL WORM!"
|
| X | Windows Update | fdos.exe | "Added by the RBOT-COG WORM!"
|
| X | Windows Update | leak32x.exe | "Added by the AGENT.ALY BACKDOOR!"
|
| X | Windows update | msb32.exe | "Added by the GAOBOT.CG WORM!"
|
| X | Windows update | svdhost.exe | "Added by the GAOBOT.CG WORM!"
|
| X | Windows Update | tskmngr.exe | "Added by the AGENT.ALY BACKDOOR!"
|
| X | Windows Update | windb32.exe | "Added by the AGENT.ALY BACKDOOR!"
|
| X | Windows update 2005 | [random filename] | "Added by the RBOT.ARP WORM!"
|
| X | Windows Update 32 | winlogons.exe | "Added by the FORBOT-FI WORM!"
|
| X | Windows Update 32 | rempss.exe | "Added by the FORBOT-FW WORM!"
|
| X | Windows Update 32 | slsys.exe | "Added by the FORBOT-FT WORM!"
|
| X | Windows update 32bit | winupd32.exe | "Added by the SDBOT.BE WORM!"
|
| X | Windows Update 63 | shupd64.exe | "Added by the FORBOT-GA WORM!"
|
| X | Windows Update 64 | nbupd64.exe | "Added by a variant of the FORBOT WORM!"
|
| X | Windows Update 64 | WinV.exe | "Added by the FORBOT-FP WORM!"
|
| X | Windows Update Auto Update | wuaumgr.exe | "Added by a variant of the SPYBOT WORM!"
|
| X | Windows Update Automatic Updates | [path to backdoor] | "Added by the VBBOT.AM BACKDOOR!"
|
| X | Windows Update Automation | winuptdate.exe | "Added by a variant of the RBOT WORM!"
|
| X | Windows Update AutoUpdate Client | waucult.exe | "Added by a variant of the RBOT WORM!"
|
| X | Windows Update AutoUpdate Client | wuauclt.exe | "Added by the LAZAR.B TROJAN! Note - this is not the legitimate wuauclt.exe process |
| X | Windows Update AutoUpdate Client Product | wuauct.exe | "Added by the AGOBOT.ACL WORM!"
|
| X | Windows Update Center | svthx.exe | "Added by the STUBBOT.A WORM!"
|
| X | Windows Update Center | W32RSA.exe | Added by an unidentified WORM or TROJAN!
|
| X | Windows Update Check | syslodr.exe | "Added by the SMALL.LU TROJAN!"
|
| X | Windows Update Checker | [random filename] | Adware downloader trojan
|
| X | Windows Update Checker | msupdte32.exe | "Added by the SDBOT-AEF WORM!"
|
| X | Windows Update Checker | deinst_qfe001.exe | Added by a variant of the Win32.Small TROJAN!
|
| X | Windows Update Checker | deinst_qfe002.exe | Added by a variant of the Win32.Small TROJAN!
|
| X | Windows Update Client | wuclient.exe | "Added by the SMALL-RN TROJAN!"
|
| X | Windows Update Client Service | windrvl32.exe | "Added by the AGOBOT-MM TROJAN!"
|
| X | Windows update config | svhost.exe | "Added by the SDBOT-PF WORM!"
|
| X | windows update configurator | svghost.exe | "Added by a variant of the SPYBOT WORM!"
|
| X | windows update configurator | explore.exe | "Added by the SDBOT.RY BACKDOOR!"
|
| X | Windows Update Controller | mwoffice.exe | "Added by the BATTRY-A TROJAN!"
|
| X | Windows Update Draven | draven.exe | "Added by a variant of the SDBOT WORM!"
|
| X | Windows Update Drive | updrvs.exe | "Added by a variant of the SDBOT WORM!"
|
| X | Windows Update Files | dnetc.exe | "Added by an unidentified VIRUS |
| X | Windows Update Firewall System | ctfmoom.exe | "Added by the RBOT-GAN WORM!"
|
| X | Windows Update Firewall System | winmsfw.exe | "Added by the RBOT-EEO WORM!"
|
| X | Windows Update Firewall System | ctfmom.exe | "Added by the SPYBOT.ANDM WORM!"
|
| X | Windows Update GUI Executable x32x | wupdategux32.exe | "Added by the RBOT.CXY WORM!"
|
| X | Windows Update Host | winupsvc.exe | "Added by a variant of the SDBOT WORM!"
|
| X | Windows Update IPv6 Layer | WIN32IPV6.EXE | "Added by the RBOT.DUD WORM!"
|
| X | Windows update loader | xpupdate.exe | "Malware installed by different rogue security software including SpyKillerPro. Also detected as the BRAVE-A TROJAN!"
|
| X | Windows Update Manager | wupdmngr.exe | "Added by the RANDEX.BTB WORM!"
|
| X | Windows Update Manager | Winlog0n.exe | "Added by the AGENT-BO TROJAN!"
|
| X | Windows Update Manager | wupdate.exe | "Added by a variant of the RBOT WORM!"
|
| X | Windows Update Manager | bootwiz.exe | Added by the MYBOT WORM!
|
| X | Windows Update Manager | WindowsUpdateManager.exe | "Added by a variant of the IRCBOT TROJAN!"
|
| X | Windows Update Manager for NT | wupdmgr32.exe | "Added by the SDBOT.AH WORM!"
|
| X | windows update microsoft | updatem.exe | "Added by the RBOT-CHE WORM!"
|
| X | Windows Update Monitoring Service | winupdt.exe | "Added by the RBOT-PL WORM!"
|
| X | Windows Update Process | wmiprvsc.exe | "Added by the SDBOT-CB WORM!"
|
| X | Windows Update Service | csrs.exe | "Added by the AGOBOT-NI WORM!"
|
| X | Windows Update Service | smcg.exe | "Added by the SDBOT.QY WORM!"
|
| X | Windows Update Service | SP00ISS.exe | "Added by the SDBOT-ZH WORM!"
|
| X | Windows Update Service | update32.pif | "Added by the RBOT-ALC WORM!"
|
| X | Windows Update Service | trest.exe | Identified by BitDefender as a variant of the PEED TROJAN!
|
| X | Windows Update Service | wmiprvse32.exe | "Added by the AGOBOT.NI WORM!"
|
| X | Windows Update Service | regscv.exe | "Added by the AGOBOT-AM BACKDOOR!"
|
| X | Windows Update Service | msupdate32.exe | "Added by the DLOADR-CRJ TROJAN!"
|
| X | Windows Update Service 2004/2005 | systemupdate.exe | "Added by the RBOT-JE WORM!"
|
| X | Windows Update services | wins32svcs.exe | "Added by a variant of the RBOT WORM!"
|
| X | Windows Update Services | winupdate32.exe | "Added by a variant of the RBOT WORM!"
|
| X | Windows Update Software | system.exe | "TOFGER.BX spyware"
|
| X | Windows Update SP3 | Windat.EXE | "Added by the RBOT-GTS WORM!"
|
| X | Windows Update Svc | rundll32.exe xpupdate.dll | "ContraVirus rogue security software - not recommended |
| X | Windows Update System | mswins.exe | "Added by the IRCBOT.DN WORM!"
|
| X | Windows Update System Shell | svhostcs32.exe | "Added by the RBOT-AAZ WORM!"
|
| X | Windows Update V6 | [random filename] | "Added by the RBOT-KT WORM!"
|
| X | Windows Update.exe | N/A | Homepage hijacker
|
| X | Windows Updated | spoolsae.exe | "Added by the RBOT-APM WORM!"
|
| X | Windows Updated | updatr.exe | "Added by the RBOT-AYB WORM!"
|
| X | Windows Updater | wupdmgr32.exe | "Added by a variant of the DOS.AUTOCAT TROJAN!"
|
| X | Windows Updater | iexplorerrs.exe | "Added by the RBOT-TN WORM!"
|
| X | Windows Updater | svigost.exe | "Added by the RBOT-VS WORM!"
|
| X | Windows Updater | wupdate.exe | "Added by the WOOTBOT.AJ WORM!"
|
| X | Windows Updater | sdsys.exe | "Added by the FORBOT-JG WORM!"
|
| X | Windows Updater Online | winupdatexx.exe | "Added by a variant of the RBOT WORM!"
|
| X | Windows Updater Servc | xpuupdate.exe | "ContraVirus rogue security software - not recommended |
| X | Windows Updater Service Manager | winupdatr.exe | "Added by a variant of the IRCBOT BACKDOOR!"
|
| X | Windows Updater Services | msnupdate.exe | "Added by a variant of the RBOT WORM!"
|
| X | windows updaters | winupdats.exe | "Added by the SPYBOT-IS WORM!"
|
| X | Windows Updates | lsassx.exe | "Added by a variant of the SDBOT WORM!"
|
| X | Windows Updates | winupd32.exe | "Added by the MYTOB.CE WORM!"
|
| X | Windows Updates | w32dns.exe | "Added by the SDBOT-BFW WORM!"
|
| X | Windows Updates Agent | winupdate.exe | "Added by the SPYBOT.HW WORM!"
|
| X | Windows Updating Service | updating.pif | "Added by the RBOT-ALW WORM!"
|
| X | Windows Upgrate Utility | winulty.exe | "Added by the AUTORUN-ASR WORM!"
|
| X | Windows USB Monitor | servupdate.exe | "Added by the IRCBRUTE.AQ TROJAN!"
|
| X | Windows Virtual Manager | vmnat.exe | "Added by the SILLYFDC.BCB WORM!"
|
| X | Windows Vista Corparation Agent Services | winxp_sp3.exe | "Added by a variant of the IRCBOT TROJAN!"
|
| X | Windows Vista Transformation | IEXPLORE.exe | "Added by the FORBOT-GV WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System%"
|
| X | Windows Workstation | mpci.exe | "Added by a variant of the RBOT WORM!"
|
| X | Windows Workstation | msup32a.exe | "Added by a variant of the SDBOT WORM!"
|
| X | Windows Workstation Service | explore.exe | Added by unknown malware
|
| X | Windows Workstation Service | wkssvc.exe | "Added by the IRCBOT-AAI WORM!"
|
| X | Windows Workstation Service (32-bits) | wkssvc32.exe | "Added by a variant of the SDBOT WORM!"
|
| X | Windows Workstation Service [5.1-2600] | windrm.exe | "Added by the RBOT-CNY WORM!"
|
| X | Windows Workstation Start Service | mslanmgr.exe | "Added by a variant of the RBOT WORM!"
|
| X | Windows XP Automatic Update | wXPupdate.exe | "Added by the RBOT-AFC WORM!"
|
| X | Windows-Xdate | wuamclt32.exe | "Added by the SPYBOT.AMUV WORM!"
|
| X | Windows32 Configuration Loader | msrf32.exe | "Added by the SDBOT-ABX WORM!"
|
| X | Windows32 Net Database | msnd32.exe | "Added by the RBOT-AAL WORM!"
|
| X | WindowsACEbar | acebarupdate.exe | "BarACE adware"
|
| X | WindowsCriticalUpdate | windows_critical_update.exe | "Added by the ASTEF or RESPAN WORMS!"
|
| X | WINDOWSflashbrg | sqldata1.exe | "Added by a variant of the AGENT-IC TROJAN!"
|
| X | WindowsFY | [path to trojan] | "Added by the FAKEALE-E TROJAN!"
|
| X | WindowsFZ | [path to file] | "Added by the DESKTOPHIJACK VIRUS! Also see DESKTOPHIJACK.B TROJAN!"
|
| X | WindowsInstaller | [path to file] | "Added by the DEDLER-D TROJAN! The most common filenames seen are ""csmss.exe"" and ""csmrs.exe"" |
| X | Windows�Updates | Update.exe | "Added by the RBOT.TRA BACKDOOR!"
|
| X | WindowsKeyUpdate | master.exe | "Added by the JOSAM WORM!"
|
| X | WindowsReg% update | [random filename].exe | "Added by the RBOT-HH WORM!"
|
| X | WindowsRegistration | [random filename] | "Added by the RBOT-NO WORM!"
|
| X | WindowsRegKey Autoupdate | [random filename] | "Added by a variant of the RBOT WORM!"
|
| X | WindowsRegKey update | winupdate.exe | "Added by the RBOT-QJ WORM!"
|
| X | WindowsRegKey update | windns.exe | "Added by the RBOT.IE WORM!"
|
| X | WindowsRegKey update | winupdatexx.exe | "Added by the RBOT.LW WORM!"
|
| X | WindowsRegKey update | [random filename] | "Added by the RBOT.QT WORM!"
|
| X | WindowsRegKey update | svchoosts.exe | "Added by the RBOT.ADB WORM!"
|
| X | WindowsRegKey update | svchostc.exe | "Added by the RBOT.IF WORM!"
|
| X | WindowsRegKey update | wdnupdate.exe | "Added by the SDBOT.QX WORM!"
|
| X | WindowsRegKey update | Windowsup.exe | "Added by the SDBOT.PU WORM!"
|
| X | WindowsRegKey update | WINUPDATES.EXE | "Added by the RBOT-MM WORM!"
|
| X | WindowsRegKey update | rkbuouoxfl.exe | "Added by the RBOT-OO WORM!"
|
| X | WindowsRegKey update | winsys.exe | "Added by the RBOT-JY WORM!"
|
| X | WindowsRegKey update | winupdat32.exe | "Added by the RBOT-AGW WORM!"
|
| X | WindowsRegKey update XP | windexv1.exe | "Added by the RBOT-ABM WORM!"
|
| X | WindowsRegKey%$ update | msi332.exe | "Added by the RBOT-IX WORM!"
|
| X | WindowsRegKey%update | ethernet32m.exe | "Added by the RBOT-EN WORM!"
|
| X | WindowsRegKeys update | winsysi.exe | "Added by the SDBOT.WE WORM!"
|
| X | WindowsSetup | [path to trojan] | "Added by the EZBOT TROJAN!"
|
| X | WindowsSystem32 | [path to worm] | "Added by the SDBOT-DFG WORM!"
|
| U | WindowsTranslator | DWinTrsl.exe | "Delta Translator® English < > Portugese (Brazilian) version - ""an automatic |
| U | WindowsTranslator_Espanhol | DWinTrsl.exe | "Delta Translator® Spanish < > Portugese (Brazilian) version - ""an automatic |
| X | WindowsUpdate | windows_update.exe | "Added by the LOFNI WORM!"
|
| X | WindowsUpdate | svchost.exe | "Added by the ASTEF or RESPAN WORMS or AGENT-V TROJAN! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup!"
|
| X | windowsupdate | RPC[RANDOM CHARACTERS].exe | "Added by the IRCBOT.B TROJAN!"
|
| X | WindowsUpdate | USRINIT.EXE | "Added by the MADDIS.B WORM!"
|
| X | windowsupdate | winupdate.exe | "Added by the WARPI WORM!"
|
| X | WindowsUpdate | svchost.exe | "Added by the BDOOR-IK BACKDOOR! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup!"
|
| X | WindowsUpdate | winnnint.exe | Added by an unidentified WORM or TROJAN!
|
| X | WindowsUpdate | [path to file] | "Added by the DUPA-B TROJAN!"
|
| X | WindowsUpdate | svchostw.exe | "Added by the COBFINN_B TROJAN!"
|
| X | WindowsUpdate | Nzil.exe | "Added by the CULLER-C WORM!"
|
| X | WindowsUpdate | Strad.exe | "Added by the CULLER-D WORM!"
|
| X | Windowsupdate | Windowsupdate.exe | "Added by the BANKER.ARK TROJAN!"
|
| X | Windowsupdate | wupdmgr98.exe | "Added by a variant of the IRCBOT BACKDOOR!"
|
| X | WinDOwsUPdate | smss.exe | "Added by the AUTORUN.DIB WORM! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ~A~m~B~u~R~a~D~u~L~� subfolder"
|
| X | windowsupdate | autoupdate.exe | "Added by the IRCBOT-P BACKDOOR!"
|
| X | WindowsUpdate | svdhost.exe | "Added by the AGOBOT-BP WORM!"
|
| X | WindowsUpdate | twain.exe | "Added by the AGENT.BEA TROJAN!"
|
| X | WindowsUpdate renew | iexplore.exe | "Added by the AGENT.QG TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
|
| X | WindowsUpdate Service | wuautlc.exe | "Added by the RBOT-NR WORM!"
|
| X | Windowsupdate Service | csrss.exe | "Added by the BABA-B WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in the root folder (ie |
| X | WindowsUpdatecrss | crss.exe | "Added by a variant of the AGENT-HZ TROJAN!"
|
| X | WindowsUpdateDirect | dupadirect.exe | "Added by the DUPA-C TROJAN!"
|
| X | WindowsUpdatelsasss | lsasss.exe | "Added by a variant of the AGENT-HZ TROJAN!"
|
| X | WindowsUpdatem1 | [path to file] | "Added by the AGENT-AAJ TROJAN!"
|
| X | WindowsUpdatem2 | svchost.exe | "Added by an unidentified WORM or TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup!"
|
| X | WindowsUpdateManager | wupdmng.exe | "Added by the IRCBOT.OE BACKDOOR!"
|
| X | WindowsUpdateNT | svwhost.exe | "Added by the SHELLOT-B TROJAN!"
|
| X | WindowsUpdateR | regserv.exe | "Added by the COBFINN_B TROJAN!"
|
| X | WindowsUpdatesvchostss | svchostss.exe | "Added by the AGENT-HZ TROJAN!"
|
| X | WindowsUpdatev4 | w32gins.exe | "Added by an unidentified WORM or TROJAN! Located in the Root folder (C:\) |
| X | WindowsUpdatewinsec | winsec.exe | "Added by a variant of the AGENT-HZ TROJAN!"
|
| X | WindowsXP Update | windowsxpupdate.exe | "Added by the RBOT-PB WORM!"
|
| X | Windows_Updates | svthost.exe | "Added by a variant of the SPYBOT WORM!"
|
| X | Windowz Update V2.0 | Explorer.exe | "Added by the YODO WORM! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%"
|
| X | Windowz Update V2.0 | updater.exe | "Added by the YODO-C WORM!"
|
| X | Windoxs Update Center | W32RfSA.exe | "Added by a variant of the SDBOT WORM!"
|
| X | WinDriver Configuration | windrvconf.exe | "Added by the AGOBOT-LX TROJAN!"
|
| U | Windstream Broadband Check-up Center | matcli.exe | "Part of the Windstream Broadband service from AllTel. ""matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address |
| X | WindUpdates | [path to trojan] | "Added by the AGENT.BF TROJAN!"
|
| X | WindUpdates | WinUpdt.exe | Windupdates adware variant
|
| U | WINDVDpatch | CTHELPER.EXE | "CTHELPER is a background task that is a plug-in manager for Creative drivers. The theory is that 3rd party manufacturers can use the CTHELPER plug-in interface to produce drivers |
| X | Windws Configuration Loader | LEXPLORE.exe | "Added by the SODABOT WORM!"
|
| U | WinGate Engine Monitor | wgengmon.exe | "WinGate Internet Client Dialup Monitor - component of WinGate proxy server software. Displays the status of the WinGate engine |
| X | WinGate initialize | WinGate.exe | "Added by the LOVGATE.F WORM!"
|
| X | WinKernel | [path to virus] | "Added by the PLEA VIRUS!"
|
| X | winldr | [path to file] | "Added by the VIDLO-P TROJAN!"
|
| X | WinLibUpdate | libupdate.exe | "Added by the BIONET series of TROJANS such as BIONET.31 or BIONET.310"
|
| X | WinLibUpdate32 | libupdate32.exe | Added by the BIONET.405 TROJAN!
|
| X | winlocatorupdate | updatewinlocator.exe | Locator adult content toolbar related
|
| X | winlogon32_ | [path to file] | "Added by the RULAND.A WORM!"
|
| X | WinLsass | [path to trojan] | "Added by the SCANE WORM!"
|
| U | winmatrix.exe | WinMatrixXP.exe | "WinMatrix XP - wallpaper replacement that shows different matrix effects (including flowing matrix codes from 'The Matrix' movie) on your desktop"
|
| X | WinMedia | [path to trojan] | "Added by the ZEROBE-A TROJAN!"
|
| X | winmngr.exe | [path to trojan] | "Added by the AGENT-ZB TROJAN!"
|
| ? | Winnov Status | WvStatus.Exe | "Winnov Video Capture Card related. What does it do and is it required?"
|
| X | winnt DNS ident | winupdate32.exe | "Added by a variant of the RBOT WORM!"
|
| X | winNT updatc | wupgrd.exe | "Added by a variant of the RBOT WORM!"
|
| X | WinPatch Protection | winpatch.exe | Added by an unidentified WORM or TROJAN!
|
| U | WinPatrol | winpatrol.exe | "WinPatrol - ""Manage Startup programs |
| Y | WinPatrol Explorer | WinPatrolEx.exe | "Part of WinPatrol"
|
| U | WinPatrol Monitor | winpatrol.exe | "WinPatrol - ""Manage Startup programs |
| X | Winprocer32 Update | winprocer32.exe | "Added by the RBOT.GW WORM!"
|
| X | winprocessor Update | winprocessor.exe | "Added by the RBOT.IO WORM!"
|
| X | WinReanimator | WinReanimator.exe | "WinReanimator rogue security software - not recommended |
| X | winreg_32 | [path to trojan] | "Added by the BANKER-DB TROJAN!"
|
| X | Winres32vis | [path to worm] | "Added by the THRAX.A WORM!"
|
| X | Wins Update 32 | services32.exe | "Added by the FORBOT-FN WORM!"
|
| X | WinSetBrowse | BasicUpdate.dll.vbs | "Added by the BISCUIT.A WORM!"
|
| X | winshow | [path to trojan] | "Added by the VB-DXP TROJAN!"
|
| X | WinShowUpdate | copy [path] winshow.new [path] winshow.dll | "Winshow parasiate related - from the ""RunOnce"" keys it replaces ""winshow.dll"" with a new version"
|
| X | Winsock driver | winnt update.exe | "Added by the SPYBOT-DM TROJAN!"
|
| X | Winsock driver | winupdate32.exe | "Added by the SPYBOT-JZ TROJAN!"
|
| X | Winsock2 driver | winupdate.exe | "Added by the SPYBOT-BX WORM!"
|
| X | Winsock32driver | sp2XPupdate.exe | "Added by the HACKARMY.S TROJAN!"
|
| X | Winsock32driver | winXPupdate.exe | "Added by the HACKARMY.9728 TROJAN!"
|
| X | WinSP | [path] REGEDIT.EXE -s [path] sysreg.reg | "Added by the STARTPA-ME TROJAN!"
|
| X | winstats | winstats.exe | "Added by the GARGAFX TROJAN!"
|
| X | winsupdater | winsupdater.exe | "Added by the ALCRA-F WORM!"
|
| X | winsupdatesysmngr64 | winsys64mnger.exe | "Added by the RBOT-BAG WORM!"
|
| X | WINSYS | [path to trojan] | "Added by the GOLDPLAY TROJAN!"
|
| X | winsysban | [path to trojan] | "Added by the CLICKER-CD TROJAN!"
|
| X | WinSysModule | [path to trojan] | "Added by the AGENT-DIQ TROJAN!"
|
| X | winsysupd | [path to trojan] | "Added by the STARTPA-NI TROJAN!"
|
| X | WINTASK DLL32 | updatewin | "Added by the MYTOB.NI WORM!"
|
| X | WintelUpdate | [path to trojan] | "Added by the SMALL-EKW TROJAN!"
|
| X | WinTimer | msupdate.cmd | "Hijacker - detected by Kaspersky as the STARTPAGE.TJ TROJAN!"
|
| X | winupated.exe | winupated.exe | "Added by a variant of the SDBOT WORM!"
|
| X | winupdat | winupdat.exe | "Added by the CANBOT.A WORM!"
|
| X | WinUpdate | RBSKQQBO.EXE | "Added by the VBSWG2B.A WORM!"
|
| X | WinUpdate | wmbem.exe | "Added by the REVCUSS.B TROJAN!"
|
| X | WinUpdate | updsys.exe | "Added by a variant of the RBOT WORM!"
|
| X | winupdate | winupdate.exe | "Added by the ALCAN.B WORM!"
|
| X | WinUpdate | svhost.exe | "Added by a variant of the SDBOT WORM!"
|
| X | WinUpdate | svchots.exe | "Added by the SMALL.GXJ TROJAN!"
|
| X | winupdate | jusched.exe | "Added by the DWNLDR-FUX TROJAN! Note that this is not the legitimate Sun Microsystems file (of the same name) which is usually located in %Program Files%\Java\version number\bin. This one is located in %Windir%"
|
| X | Winupdate | lsas.exe | "Added by the COSPET.JR TROJAN!"
|
| X | Winupdate Engine | wupeng.exe | "MalwareCrush rogue security software - not recommended |
| X | WinUpdate Loader | msnnm.exe | "Added by the REVCUSS.C TROJAN!"
|
| X | Winupdate Service | winxp.exe | "Added by the SPYBOT.IR WORM!"
|
| X | winupdate.exe | winupdate.exe | "Added by the RADO TROJAN!"
|
| X | winupdate.reg | winupdate.exe | "Added by the SPYBOT.EAS WORM!"
|
| X | winupdate2846 | vbsystem35.exe msvbrun.exe | "Added by a variant of the MUTIN-C TROJAN!"
|
| X | winupdate86.exe | winupdate86.exe | "Added by the FAKEAV-AHQ TROJAN!"
|
| X | WinUpdateAdministrator | CSRSS.EXE | "Added by the PUNYA-A WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in C:\Application Data\WINDOWS"
|
| X | WinUpdateB | breatle.exe | "Added by the BRATLE.AWORM!"
|
| X | winupdateconn | [path to file] | "Added by the COMBRA-A WORM!"
|
| X | winupdateconn_ | Explorer.EXE | "Added by the COMBRA-B WORM! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%"
|
| X | Winupdatee | winsvcc.exe | "Added by the AGENT.AN TROJAN!"
|
| X | winupdatefiv_ | [path to file] | "Added by the COMBRA.C WORM!"
|
| U | WinUpdateProtection | csrss.exe | "EmployeeWatch is a commercial surveillance software program designed to monitor user activity on a computer. Note - this is not the same file as the csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a subfolder of C:\windowsupdate\ufp"
|
| X | WinUpdater | update.exe | "Added by the STARTPAGE.C TROJAN!"
|
| X | winupdates | winupdates.exe | "Added by the ALCRA-B WORM!"
|
| X | winupdate_ | [path to file] | "Added by the COMDOR.A WORM!"
|
| X | WinUpdating | WinUpdating.exe | "Added by the AGENT-GSC TROJAN!"
|
| X | WinUpgrader | [path to trojan] | "Added by the AGENT-DZ TROJAN!"
|
| X | WinxDiagUpdate | WinxDiagUpdate | "Added by the RBOT.BWQ BACKDOOR!"
|
| X | WinXP fix | [path to file] | "Added by the RANKY.P TROJAN!"
|
| X | WinXP Processor Generator v1.2 | intspnsr32.exe | "Added by the SDBOT.LP WORM!"
|
| X | Winxp update | Cappp.exe | "Added by the RBOT.DKO WORM!"
|
Fatal error: Maximum execution time of 30 seconds exceeded in /home/iamnotag/domains/iamnotageek.com/public_html/startup/search.php on line 252
|
