| U | PicoZip | PicoZipTray.exe | "System tray access to PicoZip - ""an easy to use Zip and UnZip utility that runs on all 32-bit Windows platforms such as Windows 95 |
| X | PIPE SYSTEM | pipe.exe | "Added by the MYTOB-FF WORM!"
|
| N | PowerStrip | powerstrip.exe | "PowerStrip is a Video Mode Editor to allow special Refresh Rates and Tweaking of Video Settings"
|
| N | PowerStrip | PSTRIP.EXE | "PowerStrip is a Video Mode Editor to allow special Refresh Rates and Tweaking of Video Settings"
|
| X | Printer | dipset.exe | "Added by a variant of the FBSR TROJAN!"
|
| X | PrnShare | Wscript.exe prn_share.vbs | "Added by the AUTORUN-AWI WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted. The ""prn_share.vbs"" file is located in %System%"
|
| ? | Ptipbmf | "rundll32.exe ptipbmf.dll | SetWriteCacheMode" |
| U | PtiuPbmd | "Rundll32.exe ptipbm.dll | SetWriteBack" |
| N | Q152404 | wsript.exe Q152404.VBS | Appears to run Scandisk at bootup on NEC PCs
|
| X | Quickzip | Ls.exe | MsConnect browser hijacker and dialler
|
| X | QuickZip | lu.exe | MsConnect browser hijacker and dialler
|
| X | Real Internet Player | Reaiplay.exe | "Added by a variant of the SPYBOT WORM!"
|
| N | Reclip | reclip.exe | "Reclip Popup Clipboard manager"
|
| X | Reg Service | ipcfg.exe | "Added by the AGOBOT-SO WORM!"
|
| X | Registry | wscript.exe ShakiraPics.jpg.vbs | "Added by the VBSWG.AQ WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted. The ""ShakiraPics.jpg.vbs"" file is located in %Windir%"
|
| ? | roketpipe | rpclient.exe | "??"
|
| X | Run MSupdt32 | wscript MSupdt32.vbs | "Added by the CASER WORM!"
|
| ? | run= | wallflip.exe | "Desktop wallpaper changer?"
|
| U | Rundll32 | "Rundll32.exe ptipbm.dll | SetWriteBack" |
| ? | rundll32 | "rundll32.exe ptipbmf.dll | SetWriteCacheMode" |
| X | S3 Internal Chip | s3serv.exe | "Added by the AGOBOT-DD WORM!"
|
| X | S3 Internal Chip | s3chip3.exe | "Added by the AGOBOT-FW WORM!"
|
| X | SafeStrip | SafeStrip.exe | "SafeStrip rogue security software - not recommended |
| X | SafeStripReminder | SafeStripReminder.exe | "SafeStrip rogue security software - not recommended |
| U | SafetyNet | ipcTray.exe | "Safety.Net from Netveda - ""offers Internet security |
| U | SafetyNet_Notifier | ipcLn.exe | "Safety.Net from Netveda - ""offers Internet security |
| N | ScanSoft OmniPage SE 4.0-reminder | Ereg.exe ereg.ini | "Registration reminder for Ominpage SE version 4 from Scansoft (now Nuance)"
|
| X | scApp | wmiprvse.exe | "Added by the SILLYFDC-AW WORM!"
|
| ? | script | script.bat | "Maybe associated with DOS on a Win9x machine"
|
| Y | ScriptBlocking | SBServ.exe | "Update to Norton AntiVirus 2001. Detects certain types of script-based viruses without the need for specific virus definitions - such as JavaScript and VBScript. This will help protect you from these viruses even before virus definitions are available. Note - some users complain of problems once the update is installed - refer here for more information"
|
| Y | ScriptSentry | Scriptsentry.exe | "Script Sentry from Jason's Toolbox. Blocks malicious scripts and allows safe scripts to run. Only required if you want it to check the file associations it guards at startup. It will function regardlessly"
|
| X | Security Update Service | wmiprvce.exe | "Added by the AGOBOT.ZW WORM!"
|
| ? | SetCacheMode | "rundll32.exe ptipbmf.dll | SetWriteCacheMode" |
| X | SfKg6wIP | [random filename] | Identified as a variant of the TrojanDownloader.Matcash malware
|
| X | SfKg6wIPu | [random filename] | Identified as a variant of the TrojanDownloader.Matcash malware
|
| N | SipDiscount | SipDiscount.exe | "SipDiscount - internet telephony utility using the VoIP (Voice over Internet Protocol). Call online friends for free and regular phones either for free (limited use) or low rates. One of a number provided by Betamax - the others generally have different rate plans. Similar to the more popular Skype"
|
| U | SIPPS | SIPPS.exe | Web.de Internet phone utility
|
| Y | slipcore | slipcore.exe | "Core module for Slipstream - internet acceleration through compression/decompression techniques |
| Y | slipgui | slipgui.exe | "User interface for Slipstream - internet acceleration through compression/decompression techniques |
| Y | SlipStream | slipcore.exe | "Core module for Slipstream - internet acceleration through compression/decompression techniques |
| N | Smith Micro try | smiptray.exe | Smith Micro shared files. Comes with D-Link web cam
|
| U | Snippet | SnippingTool.exe | "The Snipping Tool (part of the Experience Pack for Tablet PC) allows you to easily ""cut out"" anything on screen and share it with other people. The whole screen becomes an ""inkable"" surface that you can add comments to and mark up however you like. You can then save that annotated image to use later |
| X | Software | cipsn.exe | "Added by the FORBOT-DM WORM!"
|
| N | SparVoip | SparVoip.exe | "SparVoip - free internet telephony utility using the VoIP (Voice over Internet Protocol). Call online friends for free and regular phones either for free (limited use) or low rates. One of a number provided by Betamax - the others generally have different rate plans. Similar to the more popular Skype"
|
| X | SPINX | Wscript.exe OXNEY.B.VBS | "Added by the YENO.B and YENO.C WORMS! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted. The ""OXNEY.B.VBS"" file is located in %System%"
|
| X | spysnipe | spysnipe.exe | "SpySnipe rogue security software - not recommended"
|
| X | SpyViperDemo | SpyViperDemo | "SpyViper rogue spyware remover - not recommended |
| X | Syntax Script | systacq.exe | "Added by the SDBOT.AI WORM!"
|
| X | Syntax Script | saskatcw.exe | "Added by the SDBOT-TE WORM!"
|
| X | System | winipck.exe | "Added by the RBOT-TK WORM!"
|
| X | System IP | systemip.exe | "Added by a variant of the IRCBOT BACKDOOR! See here"
|
| X | System Update Service | wmiprvsa.exe | "Added by the AGOBOT-RG TROJAN!"
|
| X | System Update Service | wmiprvsv.exe | "Added by the AGOBOT.YG WORM!"
|
| X | System Updater Process | wmiprvsw.exe | "Added by the AGOBOT-IL WORM!"
|
| X | System Updater Service | wmiprvsw.exe | "Added by the GAOBOT.AFC WORM!"
|
| U | TabletTip | tabtip.exe | This is the Tablet PC Input Panel for Windows XP Tablet PC Edition. This utility allows you to use a pen (in conjunction with a touchscreen or tablet) to enter text into a document or input field (such as a URL in a browser) using either handwriting or the on-screen keyboard. This utility is also included with Windows 7 and Vista but only appears to run at startup if using the XP Tablet PC version. This cannot be confirmed at present
|
| X | TCPIP Protocol | mstcpip.exe | "Added by the SDBOT-LR WORM!"
|
| X | tcpipmon | tcpipmon.exe | "Added by the CLICKER-EF TROJAN!"
|
| X | tcpippui | tcpippui.exe | "Added by the RBOT-APS WORM!"
|
| X | tcpippui32 | tcpippui32.exe | "Added by the RBOT-ART WORM!"
|
| X | tcpipsvc.exe | tcpipsvc.exe | "Added by the AGOBOT-PG WORM!"
|
| X | Time Zone Synchronization | wscript zshell.js | "Added by the NETDEX-A TROJAN!"
|
| X | tipguard.exe | tipguard.exe | "Privacy Commander rogue privacy program - not recommended |
| N | Tips | mousetips.exe | Suggests tips on using your mouse
|
| X | topat | zlip.exe | "Added by the FLOOD-IG TROJAN!"
|
| N | UltimateZip Quick Start | uzqkst.exe | "UltimateZip - file compression utility"
|
| U | UniPrint | SetDfltSettings.exe | "Drivers for Uniprint |
| ? | USBToolTip | USBTip.exe | "Related to Pinnacle Systems Inc. What does it do and is it required?"
|
| X | VBS.Ipnuker@mm | [worm filename].vbs | "Added by the NUKIP WORM!"
|
| X | vipantispyware | vipantispyware.exe | "VipAntiSpyware rogue spyware remover - not recommended"
|
| U | VisualTaskTips | VisualTaskTips.exe | """Visual Task Tips is a lightweight shell enhancement utility. It provides thumbnail preview image for each task in the Windows Taskbar"""
|
| U | VisualTooltip | VisualToolTip.exe | "Related to VisualTooltip. Shows a thumbnail of a window by placing the mouse cursor over a button on the taskbar"
|
| U | voip phone | voip phone.exe | "Related to Acer Bluetooth VoIP phone - as optionally supplied with some of their notebooks such as the TravelMate 8200"
|
| N | VoipBuster | VoipBuster.exe | "VoipBuster - free internet telephony utility using the VoIP (Voice over Internet Protocol). Call online friends for free and regular phones either for free (limited use) or low rates. One of a number provided by Betamax - the others generally have different rate plans. Similar to the more popular Skype"
|
| N | VoipBusterPro | VoipBusterPro.exe | "VoipBusterPro - internet telephony utility using the VoIP (Voice over Internet Protocol). Call online friends for free and regular phones either for free (limited use) or low rates. One of a number provided by Betamax - the others generally have different rate plans. Similar to the more popular Skype"
|
| N | VoipCheap | VoipCheap.exe | "VoipCheap - free internet telephony utility using the VoIP (Voice over Internet Protocol). Call online friends for free and regular phones either for free (limited use) or low rates. One of a number provided by Betamax - the others generally have different rate plans. Similar to the more popular Skype"
|
| N | VoipCheapCom | VoipCheapCom.exe | "VoipCheapCom - free internet telephony utility using the VoIP (Voice over Internet Protocol). Call online friends for free and regular phones either for free (limited use) or low rates. One of a number provided by Betamax - the others generally have different rate plans. Similar to the more popular Skype"
|
| N | VoipDiscount | VoipDiscount.exe | "VoipDiscount - free internet telephony utility using the VoIP (Voice over Internet Protocol). Call online friends for free and regular phones either for free (limited use) or low rates. One of a number provided by Betamax - the others generally have different rate plans. Similar to the more popular Skype"
|
| N | VoipHit | VoipHit.exe | "VoipHit - free internet telephony utility using the VoIP (Voice over Internet Protocol). Call online friends for free and regular phones either for free (limited use) or low rates. One of a number provided by Betamax - the others generally have different rate plans. Similar to the more popular Skype"
|
| N | VoipRaider | VoipRaider.exe | "VoipRaider - free internet telephony utility using the VoIP (Voice over Internet Protocol). Call online friends for free and regular phones either for free (limited use) or low rates. One of a number provided by Betamax - the others generally have different rate plans. Similar to the more popular Skype"
|
| N | VoipStunt | VoipStunt.exe | "VoipStunt - free internet telephony utility using the VoIP (Voice over Internet Protocol). Call online friends for free and regular phones either for free (limited use) or low rates. One of a number provided by Betamax - the others generally have different rate plans. Similar to the more popular Skype"
|
| N | Voipwise | Voipwise.exe | "Voipwise - free internet telephony utility using the VoIP (Voice over Internet Protocol). Call online friends for free and regular phones either for free (limited use) or low rates. One of a number provided by Betamax - the others generally have different rate plans. Similar to the more popular Skype"
|
| N | VoipZoom | VoipZoom.exe | "VoipZoom - internet telephony utility using the VoIP (Voice over Internet Protocol). Call online friends for free and regular phones either for free (limited use) or low rates. One of a number provided by Betamax - the others generally have different rate plans. Similar to the more popular Skype"
|
| Y | VPNClient | ipigclient.exe | "iOpus Private Internet Gateway (iPIG) client. 'Using powerful 256-bit AES encryption technology |
| X | W32PluginsDownloaderXMLHTTPSelfClearing7520 | wiper.exe | "Added by the PROXYSER-M TROJAN!"
|
| X | w7zip | w7zip.exe | "Added by the BANCBAN-QB TROJAN!"
|
| U | wait4IP | wait4IP.exe | "Packard Bell net2Plug allows you to network PCs anywhere in your house"
|
| U | wfips | iphider.exe | "ICQ (messaging/chat program) anti-bomb software. ""WFIPS is anti-bomb software for safeguarding ICQ Bomb before the bombing. 'ICQ Defoolder' is a tool for removing ICQ bomb after being exposed."" For more information about ICQ bombs see here"
|
| X | WIN3S2SNDS | winiprtx.exe | "Added by the AGENT.DN TROJAN - known to BOClean as ""CWS/INDEX"" |
| X | Windows driver update | Ipconfig32.exe | "Added by the SDBOT-JV WORM!"
|
| X | Windows Firewall | ipservice32.exe | "Added by a variant of the RBOT WORM!"
|
| U | Windows IP Security | ipsec.exe | "Related to the VPN IPSec utility - used to create Security Policy (SP) entries and Security Association (SA) entries in the kernel"
|
| X | Windows IP Security Service | ipsecs.exe | "Added by the RBOT.BPW WORM!"
|
| X | Windows IPv6 Drivers | wipv6.exe | "Added by the SDBOT-VJ WORM!"
|
| X | Windows JavaScript Daemon | Winjsd.exe | "Added by the WOOTBOT.AF WORM!"
|
| X | Windows Relay Service | ipcbind.exe | "Added by the DELFINJECT.F TROJAN!"
|
| X | Windows Secure Fix | iPodFixer.exe | "Added by the WOOTBOT.BM BACKDOOR!"
|
| X | Windows Server IP Verification Service | wsivs.exe | "Added by an unidentified WORM or TROJAN! See here"
|
| X | Windows Service Agent | WinTcpip.exe | "Added by the SPYBOT.AP WORM!"
|
| X | Windows Services Ink Platform Tablet Input Subsystem | wsiptis.exe | "Added by the RBOT.APC WORM!"
|
| X | Windows Sound Verifier | WinIp32.exe | "Added by the RBOT-FMO WORM!"
|
| X | Windows TCP/IP | wintcp.exe | "Added by the AGOBOT-ZH WORM!"
|
| X | Windows Update IPv6 Layer | WIN32IPV6.EXE | "Added by the RBOT.DUD WORM!"
|
| X | Windows Update Process | wmiprvsc.exe | "Added by the SDBOT-CB WORM!"
|
| X | Windows Update Service | wmiprvse32.exe | "Added by the AGOBOT.NI WORM!"
|
| X | Windows-TCP-IP | rfkampig.exe | "Added by the GIPMA TROJAN!"
|
| X | WindowsIPRelay | winipsvc.exe | "Added by the IRCBOT-AAA WORM!"
|
| U | WinFlip | WinFlip.exe | "WinFlip from Tokyo Downstairs - a 'Flip-3D' task switcher alternative to the standard Alt+Tab on Windows XP that adds the equivalent 'Aero' feature from Windows 7 and Vista. You can either click on the tray icon |
| U | WinFlip.exe | WinFlip.exe | "WinFlip from Tokyo Downstairs - a 'Flip-3D' task switcher alternative to the standard Alt+Tab on Windows XP that adds the equivalent 'Aero' feature from Windows 7 and Vista. You can either click on the tray icon |
| X | Winhlp32 | Wscript.exe Msexec32.vbs | "Added by the GANT.B WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted. The ""Msexec32.vbs"" file is found in %System%"
|
| X | winipsec | winipsec.exe | Unidentified malware
|
| X | WINLOGON | wscript.exe WINLOGON.vbs | "Added by the YSPAN.F WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted. The ""WINLOGON.vbs"" file is found in %System%"
|
| X | winmgmt | wmiprvse.exe | "Added by the AGENT-GHP TROJAN!"
|
| X | winpipe | winpipe.exe | Browser hijacker redirecting to wow-access.com
|
| X | WinStart | Wscript.exe WinStart.vbs | "Added by the CIAN.C WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted. The ""WinStart.vbs"" file is located in %System%"
|
| X | winzip | [path to trojan] | "Added by the BANCOS.G or BANCOS.K TROJANS! Note - this is not part of the popular WinZip file compression utility"
|
| X | Winzip | [various filenames] | "Added by the LERPA-A WORM! Note - the file name will be one of the following common.exe |
| X | winzip | winzip.exe | "Added by the RBOT.BDA WORM! Note - this is not part of the popular WinZip file compression utility"
|
| X | winzip | ir_ftp.exe | "Added by the BANCBAN-S TROJAN!"
|
| X | Winzip Application | winzip81.exe | "Added by the RBOT-BKZ WORM!"
|
| X | Winzip Compression Utility | Winzip32.exe | "Added by the SDBOT-UI BACKDOOR!"
|
| N | WinZip Quick Pick | WZQKPICK.EXE | "Added with WinZip version 8.1. "The new WinZip Quick Pick taskbar tray icon gives you instant access to WinZip and your Zip files. Just left click the icon to open WinZip |
| X | WinZip Update | WinZip.exe | "Added by a variant of the RBOT WORM! Note - this is not part of the popular WinZip file compression utility"
|
| X | winzip32 | winzip32.exe | "Added by the BANCBAN-OE TROJAN! Note - this is not part of the popular WinZip file compression utility"
|
| X | WIP Config GUI | Winipcfgs.exe | "Added by the RBOT-CN WORM!"
|
| X | WMI Standard Event Consumer - Scripting | scrcons32.exe | "Added by the RBOT-GRD WORM!"
|
| X | WMI Standard Event Consumer - Scripting | scrcs.exe | "Added by a variant of the RBOT-GRD WORM!"
|
| X | wmiprevse | wmiprevse.exe | "Added by the BANKER-EPN TROJAN!"
|
| X | wmiprv | wmiprv.exe | "Added by the RBOT-WM WORM!"
|
| X | wscript.exe | vabian.vbs | "Added by the VABI VIRUS!"
|
| X | wupipenimi | "Rundll32.exe jinorije.dll | s" |
| X | wupipenimi | "Rundll32.exe luyenofe.dll | s" |
| X | wupipenimi | "Rundll32.exe poyimimu.dll | s" |
| X | wupipenimi | "Rundll32.exe siremase.dll | s" |
| X | wupipenimi | "Rundll32.exe tamuyiko.dll | s" |
| ? | XeroxScanUtility | xrxzipui.exe | "Associated with a Xerox multifunction and/or scanner. What does it do and is it required?"
|
| U | XSC SIP Client | X-Lite.exe | """CounterPath's X-Lite 3.0 is the market's leading free SIP based softphone available for download"". For VOIP and broadband users"
|
| N | Yankee Clipper III | YankClip.exe | "Yankee Clipper III - 'A super powerful Windows clipboard extender/memory - now in its third generation. Handles Pictures |
| X | Zip Driver Loader | ZipLoader32.exe | "Added by the OBLIVION TROJAN! This executable is one of the most common but there are more"
|
| X | Zip Driver Loader | msload32.exe | "Added by the OBLIVION TROJAN! This executable is one of the most common but there are more"
|
| U | ZipDisk Icons | IMGICON.EXE | "Displays Iomega icons in Explorer/My Computer |
| N | ZipGenius Clean | zg.exe | "ZipGenius file compression utility"
|
| X | ziphelp | ziphelp.exe | "CoolWebSearch parasite variant"
|
| N | ZipMagic | zm32.exe | "Zip utility by Ontrack. Preloading ZipMagic allows you to access files within a zip archive without unzipping them first"
|
| X | [various names] | cnftips.exe | "Wareout - malware masquerading as a spyware and dialer remover"
|
