| X | PersonSecurity | psecurity.exe | "Personal Security rogue security software - not recommended |
| X | PingTimeout Institution | pingchek.exe | "Added by the SDBOT-VY WORM!"
|
| X | PingTimeout Institution | internal.exe | "Added by the SDBOT.BMH WORM!"
|
| U | PlainSight Desktop Calendar | Calendar.exe | "PlainSight Desktop Calendar by Desksware - ""It can display Microsoft® Outlook® data |
| X | Pmedia | winsrvc.exe | "Internet marketing sofware from Permissioned Media Inc as used in E-Card FriendGreetings foistware - see here. Treated by Trend as the FRIENDGRT.B WORM!"
|
| U | PNSetup | PNSetup.exe | "PopNot - pop-up killer"
|
| X | Pofatch | nstrue.exe | "Added by the RANDEX.Z WORM!"
|
| X | PopularScreensaversWallpaper | "rundll32 [path] F3SCRCTR.DLL | LES" |
| U | PP2000 Instaupdate | PPInupdt.exe | Protector Plus anti-virus software - instant update program for virus data updates. Not required if you regularly update virus data manually
|
| X | PreInstall Windows | [path] repcale.exe [path] beird.exe | "Added by a variant of the RANDON.AN WORM! Both files are located in %System%\detr"
|
| Y | PrevxOne | PXConsole.exe | "Prevx intrusion prevention software"
|
| X | Print Scheduler | usnsvc.exe | "Added by a variant of the KOBOT-C WORM!"
|
| X | PrnShare | Wscript.exe prn_share.vbs | "Added by the AUTORUN-AWI WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted. The ""prn_share.vbs"" file is located in %System%"
|
| U | PrnSys Executable | PrnSys.exe | "Print screen utility bundled with some HP printer software - not required |
| X | Protections | ProtEX32.exe | "Ultimate SecuritySuite rogue malware remover - not recommended |
| N | PSIWin2.3 Connection Server | Psconsv.exe | Allows connectivity between a PC and a Psion device. Access can be gained from the Desktop or Start -> Programs
|
| U | Purge with Current Options | PURGEIE.EXE | "PurgeIE from Assistance & Resources for Computing |
| U | PVUnInst1 | PVUnInst1.exe | "Privacy View - privacy software that ensures that all your private computer files |
| U | PyroTrans | pyrobatchftp.exe | """PyroBatchFTP lets you transfer files to/from FTP/SFTP servers in an automatic and unattended way through a simple to learn batch/script language"""
|
| Y | QCDriverInstaller | Lqdsw.exe | "Launches the camera driver setup wizard on the first reboot after installing Logitech's ClickSmart |
| ? | Queensla | Queensla.exe | "??"
|
| N | QuickenSEMessage | Qsemsg.exe | Quicken option
|
| X | QuickInstallPack | QuickInstallPack.exe | "Installed and used by rogue security products such as Cleaner2009 |
| X | QuickInstallPack | CLN_2009FreeInstall.exe | "Installed and used by rogue security products such as Cleaner2009 |
| U | QWS3270 Sessions | sessions.exe | QWS3270 Secure terminal emulation software
|
| X | Random Interface Network Manager | rinsv.exe | "Added by the DELBOT-L WORM!"
|
| X | Rapdatybs | ravseteyns.exe | "Added by the PWS-ACP TROJAN!"
|
| Y | Raptor Mobile | vpnservices.exe | "Symantec VPN Client used to connect to corporate networks. If unchecked |
| X | Real-Tens | Real-Tens.exe | "DownloadWare adware"
|
| X | Reg Service | winsy.exe | "Added by a variant of the SPYBOT WORM!"
|
| X | Reg Service | winslogon.exe | "Added by the AGOBOT-SC WORM!"
|
| X | Regkey for autostart | winservice.exe | "Added by the RBOT-NU WORM!"
|
| X | Regptmens | REGPTMENS.EXE | "Added by the BANCOS-ED TROJAN!"
|
| X | relinson | cmdno.exe | "Added by the DROPPER-PS TROJAN!"
|
| N | reminder-ScanSoft Product Registration | remind32.exe | Registration reminder for ScanSoft products such as PaperPort
|
| X | Remote Procedure Call | winsysrpc.exe | "Added by the SDBOT-PS WORM!"
|
| ? | RjLyraInstaller | setup.exe | "??"
|
| X | RPCInstall | [path to trojan] | "Added by the AGENT-DQM TROJAN!"
|
| X | RpcxWindows Extensions | rpcxwinex.exe | "Added by the RBOT.ACP WORM!"
|
| X | rtkernsw | [random filename] | "Added by a variant of the SLAPER TROJAN!"
|
| X | run | winsys32.exe | "Added by the DELF.CP BACKDOOR!"
|
| X | runs | run.exe | "Added by the RBOT-BWF WORM!"
|
| X | RunSearvices | tread.exe | IESearchToolbar parasite. Identified by Ewido Security Suite (Ewido is now part of AVG Technologies) as the DELF.LF TROJAN!
|
| X | RunServices | runsvc32.exe | "Added by the AGOBOT.QJ WORM!"
|
| X | runservices | services.exe | "Identified as a variant of the SMALL.QO TROJAN! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
|
| X | runsql | runsql.exe | "Added by the DELF.ZWK TROJAN!"
|
| X | runSubvalues | [path to file] | "Added by the DLOADER-QY TROJAN!"
|
| X | runsvc | runsvc.exe | "Added by the SMALL-CF TROJAN!"
|
| U | RunSysd32 | RunSysd32.exe | DesktopShield2000 by Stéphane Groleau. Locks the desktop at bootup so that users cannot bypass the Windows screensaver password. Only essential if using the program and is an optional setting. It can be disabled from within
|
| N | SafeInstall.exe | SAFEIN~1.EXE | Monitors a download and ensures an newer version of a file isn't replaced by an older one
|
| X | SANS Service | sansv.exe | "Added by the VANEBOT-AH WORM!"
|
| U | SansaDispatch | SansaDispatch.exe | "Sansa Updater - ""The Sansa Updater is an application that checks for the latest firmware updates then downloads and installs the firmware to your Sansa device"""
|
| X | SaveDefense | SaveDefense.exe | "SaveDefense rogue security software - not recommended |
| X | SBI | install_sbd_**.exe | "Installer for a number of rogue security products and error fixing tools - where ** represents a 2 letter language code |
| Y | Scanner File Utility | NsCatCom.exe | "Kycocera Mita network copier/printer/scanner process to dump scanned documents onto a workstation"
|
| X | ScanRegistry | nsrvnt.exe | "Added by the NERTE TROJAN! Not to be confused with the real ScanRegistry - which is a vital Windows file. This version has the executable as nsrvnt.exe not scanregw.exe"
|
| N | ScanSoft OmniPage SE 4.0-reminder | Ereg.exe ereg.ini | "Registration reminder for Ominpage SE version 4 from Scansoft (now Nuance)"
|
| N | ScanSoft PaperPort 7 Registration Reminder | NAVBrowser.EXE | "Registration reminder for PaperPort 7 from Scansoft (now Nuance)"
|
| N | ScanSoft PDF Professional 4-reminder | Ereg.exe Ereg.ini | "Registration reminder for PDF Converter Professional version 4 from Scansoft (now Nuance)"
|
| X | ScanSpyware | Scanner.exe | "ScanSpyware rogue security software - not recommended |
| X | ScanSpyware v3.2 | Scanner.exe | "ScanSpyware rogue security software - not recommended |
| X | ScanSpyware v3.5 | Scanner.exe | "ScanSpyware rogue security software - not recommended |
| U | ScanSys32 | sb32mon.exe | "Part of the SpyBuddy keystroke logger/monitoring program - see here. Remove unless you installed it yourself!"
|
| X | Screen Saver | scrnsaver.scr | "Added by the RBOT-AGP WORM!"
|
| X | ScreenSaverPlus | "rundll32.exe MSA64CHK.dll | DllMostrar" |
| X | SDAv | csnss.exe | "Added by the SERFLOG.C WORM!"
|
| X | SdScans** | stup_tmp.#32 | "Added by the SDSCAN.A TROJAN - where ** are random upper case letters"
|
| X | secure socket layer | wins32a.exe | "Added by an IRCBOT TROJAN!"
|
| U | SecurePCSolutionsBootCheck | BootCheck.exe | "1 Click Fixer PLUS from Secure PC Solutions ""takes the guesswork out of locating and solving problems in the Windows registry"""
|
| X | SemanticInsight | SemanticInsight.exe | "RXToolbar adware. Software that displays pop-up/pop-under advertisements when the primary user interface is not visible"
|
| U | Sensiva | Sensiva.exe | "Symbol Commander makes the use of your PC |
| X | Server Runtime Error | unsec.exe | "Added by the SDBOT-DFA WORM!"
|
| X | Service Client | winsvcli.exe | "Added by an unidentified WORM or TROJAN! See here"
|
| X | Service Monitor | msnserve.exe | "Added by the SPYBOT.YQW WORM!"
|
| X | Service Monitor | csnss.exe | "Added by the RBOT.EEH WORM!"
|
| X | Service Process | winset.exe | "Added by a variant of the SPYBOT WORM!"
|
| X | Services | windns.exe | "Added by a variant of the RBOT WORM!"
|
| X | Services Start2 | odcwinst.exe | "Added by the PYSKE-D WORM!"
|
| U | SfWinStartInfo | sfWinStartupInfo.exe | SFIRM32 Online Banking software
|
| U | sginst | sginst.exe | "eAcceleration Stop-Sign security software related. Previously not recommended |
| X | shccde | winssled.exe | "Added by the BUZUS.CQMU TROJAN!"
|
| X | Shell | Explorer.exe winsys32.exe | "Added by the DELF.CP BACKDOOR! Note - do not delete the legitimate Windows Explorer (explorer.exe) which is located in %Windir% and can be used to launch other files. The ""winsys32.exe"" file is located in %Windir%"
|
| X | Shell Extension | spollsv.exe | "Added by the LOVGATE.Z WORM!"
|
| X | SiS Dns | dnssvc.exe | "Added by the DLOADER-UE TROJAN!"
|
| X | sis32 | winsos.exe | "Added by the QQPASS.IA WORM!"
|
| X | SmansaApp | winlogon.exe | "Added by the ROMARIO-A WORM! Note - this is not the legitimate winlogon.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
|
| X | smcserv | winsrv.exe | "Added by the AGOBOT-OU WORM!"
|
| N | Smileycons | smileycons.exe | "Smileycons - free smileys |
| X | SMSERIALWORKERSTARTER | winstrse.exe | "Added by the RENOS.IC TROJAN! Installed with the SpyBurner spyware remover - which is not recommended |
| X | SNInstall | [various filenames] | "Spy Sheriff/SpywareNO malware |
| N | Snsicon | Snsicon.exe | Launches a screensaver program from Second Nature
|
| X | SNSS.EXE | SNSS.EXE | "Nunci premium rate dialer"
|
| Y | SOFTinst | N/A | For Gilat Communications internet satellite systems. Gilat rescue (Satellite system restore). Required if you have this system. Can cause a BSOD (blue screen of death) if left out
|
| X | Sound System | WinSound1.exe | "Added by an unidentified VIRUS |
| X | Spam Blocker for Outlook Express | SBInst.exe | "Hotbar adware"
|
| U | Spyware Nuker Installer | SpywareNukerInstaller.exe | "Spyware remover by TrekBlue. Previously not recommended but the latest version was delisted here"
|
| X | SpywareGuard | deinst_qfe001.exe | "Added by a variant of the Win32.Small TROJAN! - Do NOT confuse with the legitimate SpywareGuard application"
|
| X | SQInstaller | SQInstaller.exe | "Xupiter SQWire toolbar related. Use Spybot S&D |
| X | sqservices | wins32.exe | "Added by the PROGENT-B TROJAN!"
|
| U | SRUUninstall | msiexec.exe | Symantec Network Driver Update - part of LiveUpdate
|
| X | Srv32 spool service | runsrv32.exe | "Topantispyware.com malware - detected by Kaspersky as the SPYRE.B TROJAN!"
|
| X | ssate.exe | winsys.exe | "Added by the BEAGLE.K WORM!"
|
| X | ssgrate.exe | winsystems.exe | "Added by the BAGLEDL-J TROJAN!"
|
| X | SSK Service | winssk32.exe | "Added by the SOBIG.E WORM!"
|
| X | Startup | WinlogonStartup | Unidentified malware
|
| Y | Startup Scan | Sensor.EXE | "AntiVirus Quick Heal - scheduling agent"
|
| X | stcinstaller | id53.exe | "Added by the SCTHOUGHT.L TROJAN!"
|
| U | StopSignSsTsMon | "sstsmon.dll | VerifyStatus" |
| U | StopSignStatus | stopsinfo.dll | "eAcceleration Stop-Sign security software related. Previously not recommended |
| X | STV | winscrne.exe | "Added by a variant of the SDBOT WORM!"
|
| X | Sun Java Console for Windows NT & XP | jconsole.exe | "Added by the VANEBOT-C WORM!"
|
| Y | SunProtectionServer | SunProtectionServer.exe | "CounterSpy antispyware software"
|
| Y | SunServer | SunServer.exe | "CounterSpy antispyware software"
|
| U | SurfinGuard Pro | winsfcm.exe | "SurfinGuard Pro from Finjan - internet protection software |
| X | svwin32 | unninst32.exe | "Added by the AGOBOT-NF WORM!"
|
| X | Sygate Personal Firewall | MSNSRV32.exe | "Added by a variant of the RBOT WORM!"
|
| X | Sygate Personal Firewall | wins.exe | "Added by the RBOT.AOB WORM!"
|
| X | Symantec Antivirus professional | dyndns.exe | "Added by a variant of the FORBOT WORM!"
|
| X | Symantec Antivirus professional | f0dns.exe | "Added by the FORBOT-GT WORM!"
|
| X | Symantec Antivirus professional | flushdns.exe | "Added by a variant of the FORBOT WORM!"
|
| X | syncman | winsync.exe | "Added by the MANCSYN-A TROJAN!"
|
| ? | SynSetup | SynTP.tmp RunOnce.exe | "Probably associated Synaptics touchpads on laptops as for the SynTPEnh and SynTPLpr entries but what does it do and is it required?"
|
| X | Sysnet | snuninst.exe | Unidentified adware
|
| U | SysSense | SysSense.exe | """SysSense is your personal desktop Google AdSense monitor. It keeps your current Google AdSense information in the Windows system tray"". Google AdSense account required"
|
| X | System Applications Profile | sap.exe | "Added by the RBOT-QF WORM!"
|
| X | System Document Application | wins.exe | "Added by the SDBOT.AUB WORM!"
|
| X | System Document Application | winsvc32.exe | "Added by the SDBOT-VA WORM!"
|
| X | System Failure Statistic | cnstat.exe | "Added by the RBOT-LF WORM!"
|
| X | System Manager | winsrv32.exe | Added by an unidentified WORM or TROJAN!
|
| X | System Manager Updates | winsvc.exe | "Added by the AGOBOT.AEM WORM!"
|
| X | System Security Updaters | vsmons.exe | "Added by the RBOT-OW WORM!"
|
| X | System Update2 | winspool.exe | "Added by the AUTOTROJ-C TROJAN!"
|
| X | System Updates | winsci.exe | "Added by a variant of the RBOT WORM!"
|
| X | System Updates Manager | winserv32.exe | "Added by the AGOBOT-AGA WORM!"
|
| X | Systemboot | msnsngr.exe | "Added by a variant of the RBOT WORM!"
|
| X | systemdll.dll | winsys32.exe | "Added by the DELF.CP BACKDOOR!"
|
| U | SystemService | nsserver.exe | "NiceSpy keystroke logger/monitoring program - remove unless you installed it yourself!"
|
| X | systrans | [path to trojan] | "Added by the STARTPA-GZ TROJAN!"
|
| X | systrasx | CONSOLES.EXE | "Added by the SDBOT-NW WORM!"
|
| U | T3Console | T3Console.exe | "Related to T3 Security Suite - prevents unauthorized or inappropriate access to your PC and data"
|
| X | TClock.exe | tclock_install.exe | "TClock - distributed and installed without user permission by other rogue software or malware. TClock contains no uninstall facility through Windows. As TClock is of dubious origin and usefulness |
| X | TCP Monitoring | LanNSvc.exe | "Added by the RANDEX.AAS WORM!"
|
| ? | Tesco Insert Detect | InsDetect.exe | "Part of Tesco Picture Suite. Detects a digital camera is plugged into a USB port or when a memory card with photos is inserted?"
|
| N | Textbridge Instant Access OCR | telepath.exe | "TextBridge from Nuance (was Scansoft). OCR (optical character recognition) software for scanning documents into popular editing applications. Available via Start -> Programs"
|
| ? | TheMainStart | N/A | "??"
|
| U | ThinkVantage Access Connections | ACTray.exe | "System Tray access to the ThinkVantage Access Connections connectivity-assistant program for IBM/Lenovo ThinkPad or 3000 Family notebook computers - ""allowing users to seamlessly switch between wired and wireless environments |
| U | ThinkVantage Access Connections | ACWLIcon.exe | "Part of the ThinkVantage Access Connections connectivity-assistant program for IBM/Lenovo ThinkPad or 3000 Family notebook computers - ""allowing users to seamlessly switch between wired and wireless environments |
| X | this free | winsyst.exe | "Added by the MADAG.A WORM!"
|
| U | TivoTransfer | TivoTransfer.exe | "Tivo Transfer Service. TiVo Desktop is an easy-to-use application that lets you publish and share digital music |
| U | TMA distribution | cfinst.exe | Part of Intel's LANDesk Management Suite 6 and the Common Base Agent (CBA) - used for communicating between the core server and managed clients
|
| X | ToolbarInstall | MirarSetup.exe | "Mirar adware"
|
| X | Transaction Tasker | stdhost.exe | "Added by the SDBOT.HNK BACKDOOR!"
|
| N | Transcode360 | Transcode360Tray.exe | "Designed for WinXP Media Center Edition 2005 and the Xbox 360 |
| U | Transparent | TransparentW.exe | "Utility to turn desktop icon text backgrounds transparent. The last letter defines the icon text color: D= as desktop |
| U | Transparent | TransparentD.exe | "Utility to turn desktop icon text backgrounds transparent. The last letter defines the icon text color: D= as desktop |
| U | Transparent | TransparentB.exe | "Utility to turn desktop icon text backgrounds transparent. The last letter defines the icon text color: D= as desktop |
| U | TransparentIcons | tranicon.exe | "A Tweak-XP component (only in the registered version) |
| U | transtask | transtask.exe | "A Tweak-XP component |
| X | transys | "rundll32.exe transys.dll | start" |
| X | Trojan | TrojanS_P.exe | "Added by the AGENT-CQ TROJAN!"
|
| U | TrojanScanner | Trjscan.exe | "Trojan Remover from Simply Super Software. Scans for an removes trojan viruses where anti-virus software may have not detected or removed"
|
| X | TrojansFilter | pgs.exe | "TrojansFilter rogue security software - not recommended. A member of the AVSystemCare family"
|
| X | TrojansFiltre | pgs.exe | "TrojansFiltre |
| U | TrojanShield | Init.exe | "TrojanShield"
|
| U | TrojanShield Protector | Port.exe | "TrojanShield anti-hacker/anti-trojan software"
|
| X | TrojanSimulator | TSServ.exe | "Trojan Simulator security risk which simulates a trojan infection and may be used to verify whether a virus scanner can properly detect the file"
|
| U | TSClientMSIUninstaller | tscuinst.vbs | "Related to Terminal Services Client Remote Desktop Connection Software from Microsoft"
|
| X | Tsk Mng Hlp | wins32.exe | "Added by the AGOBOT-JB WORM!"
|
| ? | TSService | NSSERVICE.EXE | "??"
|
| X | tvs_re | tvs_re_inst.exe | "BroadcastPC adware"
|
| U | TVTunerLib | TVTLInstTool.exe | Related to Sony installer tool for Sony TV tuner library
|
| X | uninstal | regsvr32 image.dll | "CoolWebSearch parasite variant. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The ""image.dll"" file is found in %System%"
|
| X | Uninstall**** | upd.exe | Adult content based screen saver where **** can be any number
|
| N | UninstallAbility | uability.exe | "UninstallAbility free uninstaller"
|
| X | UninstallHL | PreUninstallHL.exe | "LinkReplacer/FFinder adware"
|
| X | UninstallQL | PreUninstallQL.exe | "LinkReplacer/FFinder adware"
|
| X | Uninstall_TBPS | TBuninst.exe | "WebSearch Toolbar - HuntBar hijacker |
| X | UnSpyPC | UnSpyPC.exe | "UnSpyPC spyware remover - not recommended |
| X | Update Install | Schost.exe | "Added by the GAOBOT.AO WORM!"
|
| X | UpdateCheck | winstall.exe | "Added by the SPYBOT-CY WORM!"
|
| X | updateWins | systrey.exe | "Added by the RANDON WORM!"
|
| X | UPNPService | WinSVCservice.exe | "Added by the AGOBOT.UN WORM!"
|
| X | USB 2.0 Driver | Winsys32.exe | "Added by the AGOBOT-QM WORM!"
|
| X | USB 2.0 Driver | winsystem.exe | "Added by the AGOBOT-QS WORM!"
|
| Y | USB SECURITY DEVICE CoInstaller | JupitCo.exe | "ButterflyMedia USB Flash drive related - required for the password security feature to work"
|
| N | USB2Check | PCLECoInst.dll | "Related to Pinnacle Systems Inc. CoInstaller - you can execute the USB2.0 interface check program (Usb2Check.exe file) to check if your system is a USB2.0 enabled system"
|
| X | User Servicer | usnsrvc.exe | "Added by a variant of the IRCBOT TROJAN! See here"
|
| X | User Sharing Manager | usnsharen.exe | "Added by a variant of the IRCBOT TROJAN! See here"
|
| X | User Sharing Server | usnsrv.exe | "Added by a variant of the IRCBOT TROJAN! See here"
|
| X | User Sharing Services | usnsvc.exe | "Added by a variant of the KOBOT-C WORM!"
|
| X | User Sharing Wizard | usnshare.exe | "Added by the SLENFBOT.DF WORM!"
|
| X | Userfile Sharing Serv | usnsrv.exe | "Added by a variant of the IRCBOT TROJAN! See here"
|
| X | Userfile Sharing Server | usnserv.exe | "Added by a variant of the IRCBOT TROJAN!"
|
| X | usnsvc.exe | usnsvc.exe | "Added by the SPYBOT.AMD WORM!"
|
| X | Ussi | wnscpit.exe | "PurityScan adware"
|
| Y | UTILsInst | N/A | For Gilat Communications internet satellite systems. Gilat rescue (Satellite system restore). Required if you have this system. Can cause a BSOD (blue screen of death) if left out
|
| ? | Verizon Custom Uninstall Tracking | InstallHelper.exe | "Verizon related installation tracker. What does it do and is it required?"
|
| U | VerizonServicepoint.exe | VerizonServicepoint.exe | "Part of Verizon Online Support Manager"
|
| U | Virtual Dimension | VirtualDimension.exe | "Virtual Dimension by Typz - ""a free |
| U | VirtualDimension.exe | VirtualDimension.exe | "Virtual Dimension by Typz - ""a free |
| X | VirusResponseLab2009 | VirusResponseLab2009.exe | "VirusResponse Lab 2009 rogue security software - not recommended |
| X | VirusScanner | mnsys.exe | "Added by the SDBOT-AFQ WORM!"
|
| X | VITAL BOOT PROCESS | taskmnsgr.exe | "Added by the Rbot-VY WORM!"
|
| ? | VMConsole.exe | VMConsole.exe | "Sony VAIO Media Console - installed on the VAIO Media Integrated Server PCs. What does it do and is it required?"
|
| U | VOBID | InstantDrive.exe | "Pinnacle Systems (ex VOB) InstantDrive - creates a virtual CD-ROM drive on the computer's hard drive. Part of InstantCD/DVD burning software"
|
| U | VoodooBanshee | "rundll32.exe 3DBBps.dll | BansheeLoadSettings" |
| X | W32PluginsDownloaderXMLHTTPSelfClearing7520 | wiper.exe | "Added by the PROXYSER-M TROJAN!"
|
| U | Watson Subscriber for SENS Network Notifications | dwtrig20.exe | "Used to launch Microsoft Error Reporting (DW20.exe) - if |
| X | WDNS SYSTEM | nibie.exe | "Added by the MYTOB-BY WORM!"
|
| X | WDNS SYSTEM | skybotx.exe | "Added by the MYTOB-BY WORM!"
|
| X | WDNS SYSTEM | wdns33.exe | "Added by the MYTOB-BY WORM!"
|
| X | Web-cameinst | [path to trojan] | "Added by the RANCK-BP TROJAN!"
|
| X | WebInstall | WebInstall.exe | ClipGenie adware downloader
|
| X | WebInstall2 | WebInstall.exe | ClipGenie adware downloader
|
| X | Win Drivers SSL32 | hpwsnnsbc.exe | "Added by the SPYBOT.MAR WORM!"
|
| X | Win Security | winsecure.exe | "Added by the SLENFBOT.RD WORM!"
|
| X | Win Security 360 | WinSecurity360.exe | "Win Security 360 rogue security software - not recommended |
| X | Win Server | winserv.exe | "Added by the IMISERV.A TROJAN!"
|
| X | Win Server Updt | winserver.exe | "Added by a variant of the IMISERV TROJAN!"
|
| X | Win Sync montr | winsyncupx.exe | "Added by the RBOT.BYJ BACKDOOR!"
|
| X | win32 | winsrv32.exe | "Added by the ADUENT TROJAN! Acts as a hi-jacker redirecting to Surferbar.com and adult content sites"
|
| X | win32 | WinSetup.exe | "Added by the EVILBOT.B TROJAN!"
|
| X | Win32 | msnsrv.exe | "Added by a variant of the SDBOT WORM!"
|
| X | Win32 Console | cmd.exe | "Added by the ABI.C WORM! Note - this is not the legitimate cmd.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
|
| X | Win32 Drivers | winlogons.exe | "Added by the FORBOT-FG WORM!"
|
| X | Win32 exe file | winstr32.exe | "Added by a variant of the SPYBOT WORM!"
|
| X | win32 internet server | winserver.exe | "Added by the DERMON-D TROJAN!"
|
| X | Win32 SSL Driver | winssv.exe | "Added by the FORBOT-BH WORM!"
|
| X | Win32 System Kernel | winservice.exe | "Added by the SDBOT.KIN WORM!"
|
| X | win32 system server | winserver.exe | "Added by the DERMON-A TROJAN!"
|
| X | Win32 USB2 | wins32.exe | "Added by a variant of the RBOT WORM!"
|
| X | Win32 USB2 Driver | winsnd32.exe | "Added by a variant of the SDBOT WORM!"
|
| X | win98 DNS | wingrd.exe | "Added by a variant of the RBOT WORM!"
|
| X | WinDLL (windns32.dll) | "rundll32.exe windns32.dll | start" |
| X | WinDNS | windns32.exe | "Added by the GAOBOT.WX WORM!"
|
| X | Windowfdgfds DLL fgfdg Verifier | winsecure.exe | "Added by a variant of the RBOT WORM!"
|
| X | WindowRegKey update | wins.exe | "Added by the SPYBOT.I WORM!"
|
| X | Windows AdStatus | WinStat.exe | "Added by the BLESHARE!DR VIRUS!"
|
| X | Windows applications server | SysShield.exe | "Added by the unregistered version of Personal Anti Malware rogue security software - not recommended |
| X | Windows Audio Control | ppnsvc.exe | "Added by the HAM TROJAN!"
|
| X | Windows Config | wins.exe | "Added by the SPYBOT.JR WORM!"
|
| X | Windows Console | wkssvc.exe | "Added by the SDBOT-DJX WORM!"
|
| X | Windows Console Component | wrasvc.exe | "Added by a variant of the IRCBOT TROJAN! See here"
|
| X | Windows Console Monitor | [path to worm] | "Added by the KEDEBE WORM!"
|
| X | Windows Console Monitor | gcasAV32.exe | "Added by the KEDEBE-A WORM!"
|
| X | Windows Console Norms | wnbsvc.exe | "Added by a variant of the IRCBOT TROJAN! See here"
|
| X | Windows Console Source | wnbsvc.exe | "Added by a variant of the IRCBOT TROJAN! See here"
|
| X | Windows Database | wiinsvc.exe | "Added by the AGOBOT-RU WORM!"
|
| X | Windows DLL Services | winsvc32.exe | "Added by the RBOT-ZF WORM!"
|
| X | Windows DNS | windns.exe | "Added by the SDBOT-XU WORM!"
|
| X | Windows DNS Daemon | windnsd.exe | "Added by the WOOTBOT.AS WORM!"
|
| X | Windows Domain Name Drivers | windns.exe | "Added by the FORBOT-EP WORM!"
|
| X | Windows Essensials | mvnesc.exe | "Added by a variant of the IRCBOT TROJAN!"
|
| X | Windows Event Service | winserv.exe | "Added by a variant of the IRCBOT BACKDOOR!"
|
| X | Windows Extensions for Win32 | winprgs32.exe | "Added by the SDBOT.AFA WORM!"
|
| X | Windows File Migration Wizard | HIMENSYST.EXE | "Added by the RBOT-EMO WORM!"
|
| X | Windows Generic Services | winsvc32.exe | "Added by the AGOBOT-ZF BACKDOOR!"
|
| X | Windows Genuine Validate | winservicessss.exe | "Added by the IRCBOT.UUI BACKDOOR!"
|
| X | Windows Icons Manager | wicomgr.exe | "Added by the RBOT-AIF WORM!"
|
| X | Windows Incontext | InSearch.exe | "PacerD_Media/Pacimedia.com/Z-Quest adware installer"
|
| X | Windows Insecure | [path to worm] | "Added by the RBOT-FSM WORM!"
|
| X | Windows installer | winstall.exe | "SpySheriff malware. For more information on registry key changes see SPYWAD-E"
|
| X | Windows Installer | ntdll.exe | Added by an unidentified WORM or TROJAN!
|
| X | Windows Installer 1 | msnconfig.exe | "Added by the PURITYSCN.B TROJAN!"
|
| X | Windows Instruction Services | winstruct32.exe | "Added by a variant of the IRCBOT BACKDOOR! See here"
|
| X | Windows Internet Protocol | deinst_qfe001.exe | Added by a variant of the Win32.Small TROJAN!
|
| Y | Windows Live OneCare | winssnotify.exe | "System Tray access to and notifications from Windows Live OneCare - now superseded by Microsoft Security Essentials. ""OneCare helps keep your PC safe and secure while making your life easier. From virus scanning and file backups |
| X | Windows Loader | winServices.pif | "Detected by Kaspersky as the CARDSPY.D TROJAN!"
|
| X | Windows Logical Connection | wcnsvc.exe | "Added by the VIRUT.AO VIRUS!"
|
| X | Windows Management Instrumentation | mwd.exe | "Added by the GRAPS WORM!"
|
| X | Windows Management Instrumentation | [path to file] | "Added by the QEDS-A WORM!"
|
| X | Windows Management Instrumentations | winmg.exe | "Added by the GAOBOT.GW WORM!"
|
| X | Windows Manager | winsrv.exe | "Added by a variant of the AGOBOT/GAOBOT WORM!"
|
| N | Windows Media Powerpoint Helper | NSPPTHLP.EXE | German software (comes with some Toshiba CD writers) that helps convert Powerpoint files to ASF (Streaming Media) files. Available via Start -> Programs
|
| X | Windows Messanger Control Center | winsys.exe | "Added by a variant of the IRCBOT BACKDOOR! See here"
|
| X | Windows Messenger | msnsmgs.exe | "Added by the RBOT-ANJ WORM!"
|
| X | Windows Messenger Service | winsmsgr.exe | "Added by the RBOT-VW WORM!"
|
| X | Windows NetStart Service | winsN2S.exe | "Added by the RBOT-ZX WORM!"
|
| X | Windows NetStart Service2 | winsN2S.exe | "Added by the RBOT-ABN WORM!"
|
| X | Windows NetStart Service2 | winsN2SD.exe | "Added by a variant of the RBOT WORM!"
|
| X | Windows Network Session | nspsvc.exe | "Added by a variant of the IRCBOT BACKDOOR! See here"
|
| X | Windows Networking | winsys32.exe | "Added by the GAOBOT.FL WORM!"
|
| X | Windows NT Login Session Manager | WNSM.EXE | "Added by the RBOT.BIV WORM!"
|
| X | Windows NT Service Name | winshock.exe | "Added by the RBOT-PK WORM!"
|
| X | Windows Printing Driver | WinSpooler.exe | "Added by the ARCHIVARIUS series of WORMS!"
|
| X | Windows Proffesional Security | WinSecure32.exe | "Added by the AGOBOT.VA WORM"
|
| X | Windows Recovery Console | recovery.exe | "Added by the RANSOM.FD WORM!"
|
| X | Windows Registers | winservicess.exe | "Added by a variant of the SDBOT WORM!"
|
| X | Windows Registry Name | winses.exe | "Added by the RBOT-ADB WORM!"
|
| X | Windows Rescue System | winsto.exe | "Added by the SUURCH.CG TROJAN!"
|
| X | Windows Rundll Center | msnsmgr.exe | "Added by the AGENT-LLB TROJAN!"
|
| X | Windows Screensaver | Service.exe | "Added by the KELVIR.P WORM!"
|
| X | WINDOWS SCREENSAVER | ssaver.scr | "Added by the SDBOT-YZ WORM!"
|
| X | Windows Secure Connection | winsc.exe | "Added by the SDBOT.BTN WORM!"
|
| X | Windows Secure Update | WinSecUp.exe | "Added by the RBOT-GCD WORM!"
|
| X | Windows Secure Update | WinSecure.exe | "Added by the RBOT-GDO WORM!"
|
| X | Windows Security | winscure.exe | "Added by the RBOT-BAF WORM!"
|
| X | Windows Security Assistant | winsec.exe | "CoolWebSearch parasite variant"
|
| X | Windows Security Manager | winsecurity.exe | "Added by the AGOBOT-KI WORM!"
|
| X | Windows Security Manager | winsecure.exe | "Affilred adware"
|
| X | Windows Security Tool | WinSecure.exe | "Added by the AGENT-GPY TROJAN!"
|
| X | Windows ServeAd | WinServAd.exe | Windupdates adware variant
|
| X | Windows Server | winserv.exe | "Added by the IRCBOT.AVM BACKDOOR!"
|
| X | Windows Server! | winsvr.exe | "Added by the IRCBOT.AYC BACKDOOR!"
|
| X | Windows Servic2 | winsy.exe | "Added by the RBOT-AIA WORM!"
|
| X | Windows Service | WINSVC.EXE | "Added by the SPYBOT-DH TROJAN!"
|
| X | Windows Service Agent | win32wins.exe | "Added by the RBOT-LOL WORM!"
|
| X | Windows Service help | winservices.exe | "Added by the DROPPER.TT TROJAN!"
|
| X | Windows Service Supply | winsupply.exe | "Added by the SLENFBOT.CZ WORM!"
|
| X | Windows Service Utitity | winsrvc.exe | "Added by the RBOT-ASI WORM!"
|
| X | Windows Services | winsvc32.exe | "Added by the MYTOB-CB WORM!"
|
| X | Windows Services | winsysdll.exe | "Added by a variant of the IRCBOT BACKDOOR! See here"
|
| X | Windows Services | winsyssrv.exe | "Added by a variant of the IRCBOT BACKDOOR! See here"
|
| X | Windows Socket Procedure | WinSock32.exe | "Added by the RBOT-FMX WORM!"
|
| X | Windows Spool | winspool.exe | "Added by a variant of the IRCBOT TROJAN!"
|
| X | Windows Spooler | winsplr.exe | "Added by the SHEUR.ANX TROJAN!"
|
| X | Windows Spools SV | winsv.exe | "Added by the RBOT-AUQ WORM!"
|
| X | Windows Sql Service For Windows 32 Bit | winsql32.exe | "Added by the FORBOT-FC WORM!"
|
| X | Windows SRS Client | winsrs.exe | "Added by the RBOT-BXQ WORM!"
|
| X | Windows SRT Client | winsrt.exe | "Added by the RBOT-BFR WORM!"
|
| X | Windows SSH Client | winssh.exe | "Added by the RBOT-AXC WORM!"
|
| X | Windows SSL File | winssv.exe | "Added by the WOOTBOT.CA WORM!"
|
| X | Windows Startup | winsta~1.exe | "GoHip foistware"
|
| X | Windows Startup | winstartup.exe | "GoHip foistware"
|
| X | Windows Startup | Winsys32.exe | "Added by the RBOT.AAB WORM!"
|
| U | Windows Supervisor | winspvr.exe | "Windows Supervisor surveillance software. Uninstall this software unless you put it there yourself"
|
| X | WINDOWS SVC | winsvc.exe | "Added by the MYTOB-EY WORM!"
|
| X | WINDOWS SYSTEM | wdns33.exe | "Added by the MYTOB-BY WORM!"
|
| X | WINDOWS SYSTEM | winsvc32.exe | "Added by the MYTOB.HH WORM!"
|
| X | Windows System | WINSYS.exe | "Added by the RBOT-AEF WORM!"
|
| X | WINDOWS SYSTEM | winsys33.exe | "Added by the MYTOB.EK WORM!"
|
| X | Windows System | winsys32.exe | "Added by the MYTOB-IS WORM!"
|
| X | WINDOWS SYSTEM | winsvc.exe | "Added by the MYTOB.LM WORM!"
|
| X | WINDOWS SYSTEM | mswins.exe | "Added by the MYTOB.DP WORM!"
|
| X | Windows System 32 | winsys_32.exe | "Added by the RBOT-FTR WORM!"
|
| X | Windows System Configuration | WINSYS32.exe | "Added by the SDBOT.AXK WORM!"
|
| X | WINDOWS SYSTEM Dns | windsns.exe | "Added by the MYTOB.EY WORM!"
|
| X | WINDOWS SYSTEM DNSPOOL | hbmail.exe | "Added by the MYTOB.FW WORM!"
|
| X | Windows System Guard | msns.exe | "Added by the DWNLDR-IGD TROJAN!"
|
| X | Windows System Manager | winsystem.exe | "Added by the RBOT-AN WORM!"
|
| X | Windows System Manager | winsysmgr.exe | "Added by the IRCBOT.BJG BACKDOOR!"
|
| X | Windows System Manager Proc | winsmc.exe | "Added by the RBOT.JH WORM!"
|
| X | Windows System Serivce | winserv.exe | "Added by the RBOT.ACA WORM!"
|
| X | windows system service | winsock.exe | "Added by the RBOT-MR WORM!"
|
| X | Windows System32 | winsys32.exe | "Added by the SDBOT-AHS WORM!"
|
| X | Windows Sz Host | winshvc.exe | "Added by a variant of the SDBOT WORM!"
|
| X | Windows TaskManager Service | windns32.exe | "Added by the AGOBOT-JP WORM!"
|
| X | Windows Time Service Diagnostic Tool | winscrvs.exe | "Added by the RBOT.FTV BACKDOOR!"
|
| X | Windows UDP Control Center | installer.exe | "Added by a variant of the IRCBOT BACKDOOR!"
|
| X | Windows UDP Control Center | msnsmsgrs.exe | "Added by the PUSHBOT.MF WORM!"
|
| X | Windows Update | msnwinsb.exe | "Added by the RBOT-AAH WORM!"
|
| X | windows update | msnsever.exe | "Added by the RBOT-AHN WORM!"
|
| X | Windows Update | msnsupdate.exe | "Added by the RBOT-AXS WORM!"
|
| X | Windows Update | install.exe | "Added by the BANKER-IB TROJAN!"
|
| X | Windows Update | usnsvc.exe | "Added by the KOBOT-C WORM!"
|
| X | Windows Update | msnsa32.exe | "Added by a variant of the IRCBOT BACKDOOR! See here"
|
| X | Windows Update | winsc.exe | "Added by the BUZUS.RYI TROJAN!"
|
| X | Windows Update 32 | winlogons.exe | "Added by the FORBOT-FI WORM!"
|
| X | Windows Update Checker | deinst_qfe001.exe | Added by a variant of the Win32.Small TROJAN!
|
| X | Windows Update Checker | deinst_qfe002.exe | Added by a variant of the Win32.Small TROJAN!
|
| X | Windows Update services | wins32svcs.exe | "Added by a variant of the RBOT WORM!"
|
| X | Windows Update System | mswins.exe | "Added by the IRCBOT.DN WORM!"
|
| X | Windows Updates | w32dns.exe | "Added by the SDBOT-BFW WORM!"
|
| X | Windows Video Drivers | videons32.exe | "Added by the GAOBOT.AZT WORM!"
|
| X | Windows Video Drivers | VIDEONS3.EXE | "Added by the AGOBOT-KZ BACKDOOR!"
|
| X | Windows Vista Transformation | IEXPLORE.exe | "Added by the FORBOT-GV WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System%"
|
| X | Windows xp | Wins.exe | "Added by the RBOT.VH BACKDOOR!"
|
| X | Windows32 Serivces | winser32.exe | "Added by the SPYBOT.AAF WORM!"
|
| X | WindowsFileSystem | winsfs32.exe | "Added by the RBOT-FMQ WORM!"
|
| X | WindowsFirewallSvc | winsvcup.exe | "Added by a variant of the SDBOT WORM!"
|
| X | WindowsInstaller | [path to file] | "Added by the DEDLER-D TROJAN! The most common filenames seen are ""csmss.exe"" and ""csmrs.exe"" |
| X | WindowsRegKey update | windns.exe | "Added by the RBOT.IE WORM!"
|
| X | WindowsRegKey update | winsys.exe | "Added by the RBOT-JY WORM!"
|
| X | WindowsRegKeys update | winsysi.exe | "Added by the SDBOT.WE WORM!"
|
| U | WindowsTranslator | DWinTrsl.exe | "Delta Translator® English < > Portugese (Brazilian) version - ""an automatic |
| U | WindowsTranslator_Espanhol | DWinTrsl.exe | "Delta Translator® Spanish < > Portugese (Brazilian) version - ""an automatic |
| X | WindowsUpdatev4 | w32gins.exe | "Added by an unidentified WORM or TROJAN! Located in the Root folder (C:\) |
| X | WindowsUpdatewinsec | winsec.exe | "Added by a variant of the AGENT-HZ TROJAN!"
|
| X | Windows_Protect | winsystem.exe | "Added by a variant of the RBOT WORM!"
|
| X | Window_Protect | winsi32.exe | "Added by a variant of the RBOT WORM!"
|
| X | windtbs | winsysvc | "Added by the AGOBOT-NH WORM!"
|
| X | winhelp | dns32.exe | "Added by a variant of the RBOT WORM!"
|
| U | winlgn | winsplg.exe | "Related to the Sentry Parental Controls software"
|
| X | winlogins.exe | winlogins.exe | "Added by the OPTIX.H BACKDOOR!"
|
| X | WinMenssage | winmax.exe | "Added by the BANCOS.B TROJAN!"
|
| X | WinMenssage | winmaxy.exe | "Added by the BANCOS TROJAN!"
|
| X | winnsvc | msvc.exe | "Added by the PWS.O TROJAN!"
|
| X | winnt DNS ident | wuamgrd32.exe | "Added by the RBOT-BAU WORM!"
|
| X | winnt DNS ident | iexplorer.exe | "Added by a variant of the RBOT WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe)"
|
| X | winnt DNS ident | pidchk32.exe | "Added by the RBOT-ACY WORM!"
|
| X | winnt DNS ident | windowxp.exe | "Added by a variant of the RBOT WORM!"
|
| X | winnt DNS ident | Winupd32.exe | "Added by the RBOT.AVU WORM!"
|
| X | winnt DNS ident | winupdate32.exe | "Added by a variant of the RBOT WORM!"
|
| X | winnt DNS ident | wuamgrd33.exe | "Added by a variant of the RBOT WORM!"
|
| X | Winnt DNS ident | windowsp.exe | "Added by the RBOT.BAL WORM!"
|
| X | Winnt DNS ident | msnmsrg.exe | "Added by the RBOT.BVQ WORM!"
|
| X | winroot | winsn.exe | "Added by the QQPASS.IA WORM!"
|
| X | Wins Loader5 | Gadu-Gadu.exe | "Added by a variant of the IRCBOT TROJAN! Note - doe not confuse with the Polish language Instant Messaging client also called Gadu-Gadu"
|
| X | Wins Service Driver | winet.exe | "Added by the RBOT-APV WORM!"
|
| X | Wins Update 32 | services32.exe | "Added by the FORBOT-FN WORM!"
|
| X | Wins32 Online | cfgpwnz.exe | "Added by the BROPIA.R WORM!"
|
| X | WinScMngr | winsmc.exe | "Added by the SDBOT-BPZ WORM!"
|
| X | WinSec | winsec16.exe | "Added by the AGOBOT.ZF WORM!"
|
| X | winsecure | winsecure.exe | "Browser hijacker |
| X | WinSecure | [random].exe | "Added by the AGENT-LR TROJAN!"
|
| X | Winsecure Antivirus | Secureantivirus.exe | "Added by a variant of the SPYBOT WORM!"
|
| X | WinSecureAv | pgs.exe | "WinSecureAv rogue security software - not recommended |
| X | WinSecured32 | ssmr.exe | "Added by a variant of the FORBOT WORM!"
|
| X | WinSecurity | uninstall.exe | "Added by the SILLYFDC.BCJ WORM!"
|
| X | Winserv | Winserv.ila | "Added by the NODMIN WORM!"
|
| X | winserver | Server.txt.vbs | "Added by the DELTAD.A WORM!"
|
| X | Winservice | winmain.exe | Adult content related malware
|
| X | winservice | svchost.exe | "Added by the CVK BACKDOOR! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ""services"" sub-folder"
|
| X | WinService | hosth.exe | "Added by the DWNLDR-FUX TROJAN!"
|
| X | WinService | Ttt.exe | "Added by the MSNVB-D WORM!"
|
| X | WinService | WinServ.exe | "Added by the SKOWOR-O WORM!"
|
| U | WinService32 | ssmgr.exe | "007 Spy Software - ""stealthy monitoring program which allows you to secretly track all activities of computer users and automatically deliver logs to you via Email or FTP"""
|
| U | WinService32 | svchost.exe | "007 Spy Software - ""stealthy monitoring program which allows you to secretly track all activities of computer users and automatically deliver logs to you via Email or FTP"""
|
| X | WinServices | WinServices.exe | "Added by the YAHA.K or YAHA.M WORMS!"
|
| X | winservices | bootvfy.exe | Added by an unidentified WORM or TROJAN!
|
| X | winservit | cassl.exe | "Added by the RBOT.ASG WORM!"
|
| X | winservn | winservn.exe | "PurityScan adware"
|
| X | winservs | winservs.exe | "PurityScan adware"
|
| X | WinSetBrowse | BasicUpdate.dll.vbs | "Added by the BISCUIT.A WORM!"
|
| X | winsfc | winsfc.exe | "Added by the WISFC VIRUS!"
|
| X | Winshell | remote.exe | "Added by the MYTOB.LJ WORM!"
|
| X | winshell | windll32lib.exe | "Added by the BAGLE-DM WORM!"
|
| ? | Winshoe | wuadfdqr.exe | "Probably an unidentified VIRUS! Adds itself to 3 registry ""Run"" keys and prevents Task Manager being displayed. This is not the Winshoe IRC Client as the visitor did not have it installed"
|
| X | winshost.exe | winshost.exe | "Added by the TOOSO WORM and variants!"
|
| X | winshow | [path to trojan] | "Added by the VB-DXP TROJAN!"
|
| X | WinShowUpdate | copy [path] winshow.new [path] winshow.dll | "Winshow parasiate related - from the ""RunOnce"" keys it replaces ""winshow.dll"" with a new version"
|
| X | WinSig | NetXP.exe | "Added by the BANKER-FN TROJAN!"
|
| X | WinSistem | Tunggul.vbs | "Added by the VBS.STEMCLOVER WORM!"
|
| X | Winsk system Loader | winsk.exe | "Added by the AGOBOT-IZ WORM!"
|
| X | winskype | winskype.exe | "Added by the BROGGER-C TROJAN!"
|
| U | WinSL | WinSL.exe | "StarLogger keystroke logger/monitoring program - remove unless you installed it yourself!"
|
| X | winsock | svch0st.exe | "Added by the SAGE-A WORM! Note - the filename has the digit 0 rather then the uppercase ""o"""
|
| X | Winsock driver | winnt update.exe | "Added by the SPYBOT-DM TROJAN!"
|
| X | Winsock driver | winnt64.exe | "Added by the SPYBOT-DR WORM!"
|
| X | Winsock Driver | nvscv32.exe | "Added by the AGOBOT-FD WORM!"
|
| X | Winsock Driver | scvhost.exe | "Added by the RBOT.AEU BACKDOOR!"
|
| X | Winsock driver | win.exe | "Added by a variant of the IRCBOT BACKDOOR! See here"
|
| X | Winsock driver | tcpmngr.exe | "Added by the SPYBOT-CK WORM!"
|
| X | Winsock driver | winupdate32.exe | "Added by the SPYBOT-JZ TROJAN!"
|
| X | Winsock Startup | Main2.exe | "Added by a variant of the SDBOT WORM!"
|
| X | winsock.client | winsock.exe | "Added by the DIABLO-M TROJAN!"
|
| X | winsock2 | netsvr.exe | "Added by the AGOBOT.LY WORM!"
|
| X | Winsock2 dlls | W32DLL.EXE | "Added by the SPYBOT-CS BACKDOOR!"
|
| X | Winsock2 driver | SDJOIJE.EXE | "Added by the SPYBOT.DR TROJAN!"
|
| X | Winsock2 driver | MIRC32.exe | "Added by the SPYBUZZ TROJAN!"
|
| X | Winsock2 driver | kgzgjkpcw.exe | "Added by the SDBOT.T TROJAN!"
|
| X | Winsock2 driver | ZONEALARM.EXE | "Added by the SDBOT.T TROJAN! Note - ZONEALARM.EXE is not the valid Zone Labs firewall program"
|
| X | Winsock2 driver | wincfg.scr | "Added by the SPYBOT-E TROJAN!"
|
| X | Winsock2 driver | winupdate.exe | "Added by the SPYBOT-BX WORM!"
|
| X | Winsock2 driver | SPOLSV.EXE | "Added by the SPYBOT-CM WORM!"
|
| X | Winsock2 driver | [random filename] | "Added by members of the SPYBOT family of WORMS! Note - the random filename is located in %System%"
|
| X | Winsock2 driver | sysreq.exe | "Added by the SPYBOT-CC WORM!"
|
| X | Winsock2 driver | WUAUMQR.EXE | "Added by the SPYBOT-DP WORM!"
|
| X | Winsock2 driver | wincfg.exe | "Added by the SPYBOT.CO WORM!"
|
| X | Winsock2 driver | svchorsst.exe | "Added by the SPYBOT-EE WORM!"
|
| X | Winsock2 driver | SYSTEM32.EXE | "Added by the SPYBOT-EG WORM!"
|
| X | Winsock2 driver | dllcfg32.exe | "Added by the SPYBOT.AG WORM!"
|
| X | Winsock2 driver | CFTMON.EXE | "Added by a variant of the IRCBOT BACKDOOR!"
|
| X | Winsock2 driver | ntsys32.exe | "Added by the SPYBOT-DD WORM!"
|
| X | Winsock2 driver | WINNT32.EXE | "Added by the SPYBOT-CN WORM!"
|
| X | Winsock2 driver | PAC.EXE | "Added by the SPYBOT-ET WORM!"
|
| X | Winsock2 driver | winsock2.exe | "Added by the SPYBOT-CT BACKDOOR!"
|
| X | Winsock2 driver | mmtask5.exe | "Added by the SPYBOT-CD WORM!"
|
| X | Winsock2 driver | WWEUMQR.EXE | "Added by the SPYBOT-BY WORM!"
|
| X | Winsock2 driver | IEXPLORE .EXE | "Added by the SPYBOT-AU WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) process as there is a space before the "".exe"""
|
| X | Winsock2 driver | WINSOUND.EXE | "Added by the SPYBOT-H WORM!"
|
| X | Winsock2 Loader | WICONF.EXE | "Added by the SDBOT-LA WORM!"
|
| X | Winsock2 wqr1s | WUAUMQR1.EXE | "Added by the SPYBOT.KD WORM!"
|
| X | Winsock2.dll | WINLODR.SCR | "Added by an unidentified VIRUS |
| X | Winsock32 driver | TESTING.EXE | "Added by the SPYBOT-B WORM!"
|
| X | Winsock32 driver | system32.exe | "Added by the IRCBOT-VT TROJAN!"
|
| X | Winsock32driver | win32server.scr | "Added by the HACARMY TROJAN!"
|
| X | Winsock32driver | sp2XPupdate.exe | "Added by the HACKARMY.S TROJAN!"
|
| X | Winsock32driver | win32server.exe | "Added by the BACKDOOR-AZV TROJAN!"
|
| X | Winsock32driver | ZoneAlarmPr0.exe | "Added by the HACKARMY-B TROJAN!"
|
| X | Winsock32driver | ZoneLockup.exe | "Added by the HACARMY.D TROJAN!"
|
| X | Winsock32driver | win32server.exe | "Added by the HACARMY.F TROJAN!"
|
| X | Winsock32driver | winXPupdate.exe | "Added by the HACKARMY.9728 TROJAN!"
|
| X | Winsock32driver | svchhost.exe | "Added by the HACKARMY.I TROJAN!"
|
| X | Winsock6 MIC driver | ieservicesupd.exe | "Added by the SPYBOT.AFZ WORM!"
|
| X | winsockdriver | tskmg.exe | "Added by the SDBOT.GEN TROJAN or WARPIGS.C WORM!"
|
| X | winsockdriver | winsock2.2.exe | "Added by a variant of the SPYBOT WORM!"
|
| X | winsockdriver | iexplor.exe | "Added by the BLATIC.A WORM!"
|
| X | winsockdriver | winsock3.exe | "Added by the SPYBOT-DO WORM!"
|
| X | winsockdriver | bot.exe | "Added by the WARPIGS-D WORM!"
|
| X | winsockdriver | winsock4.1.exe | "Added by a variant of the IRCBOT TROJAN! See here"
|
| X | winsockdriver | winsock2.exe | "Added by the SPYBOT-AC WORM!"
|
| X | WinSocketComponent | nthost.exe | "Added by an unidentified VIRUS |
| X | Winsocks2 driver | mznmgr.exe | "Added by a variant of the SDBOT WORM!"
|
| U | WINSOS VERIFY | WINSOS.EXE | "WinSOS - ""deletes spyware |
| X | WinSP | [path] REGEDIT.EXE -s [path] sysreg.reg | "Added by the STARTPA-ME TROJAN!"
|
| X | WINSP00L | WINSP00L.EXE | "Added by the AGENT.XAB TROJAN! Notice the digit ""0"" in both columns rather than the upper case ""o"""
|
| X | winspd32dll | winspd32.exe | "Added by a variant of the AGOBOT/GAOBOT WORM!"
|
| X | WinSPF | windrv32.exe | "Added by the MYDOOM.T WORM!"
|
| X | WinSPF | winspf32.exe | "Added by the MYDOOM.S WORM!"
|
| X | Winspl | winsplx.exe | "Added by a variant of the TROLL-A TROJAN!"
|
| X | winsplog | wsmmlog.exe | "Added by the MAILBOT-CA TROJAN!"
|
| X | Winspool | spoolsvr.exe | "Added by a variant of the SDBOT WORM!"
|
| X | WinSpyControl | pgs.exe | "WinSpyControl rogue security software - not recommended. A member of the AVSystemCare family"
|
| X | WinSpyDemo | WinSpyDemo.exe | "WinSpy rogue spyware remover - not recommended"
|
| X | WinSpyKiller | WinSpyKiller.exe | "WinSpyKiller rogue spyware remover - not recommended |
| X | WinSpywareProtect | WinSpywareProtect.exe | "WinSpywareProtect rogue security software - not recommended |
| X | WinSpywareProtect (ver. 5.1) | WinSpywareProtect.exe | "WinSpywareProtect rogue security software - not recommended |
| X | WinSrv | kn0x.exe | "Added by the HOBBIT.F WORM!"
|
| X | WinSrv | SHIZZLE.EXE | "Added by the HOBBIT.C WORM!"
|
| X | Winsrv | winsrv.exe | "Added by the OPASERV.T WORM!"
|
| X | winsrv | winsrv.exe | "Added by the NETSNAK-B TROJAN!"
|
| X | winsrv3 | services.exe | "Added by the NAFBOT-A TROJAN! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
|
| Y | winssnotify | winssnotify.exe | "System Tray access to and notifications from Windows Live OneCare - now superseded by Microsoft Security Essentials. ""OneCare helps keep your PC safe and secure while making your life easier. From virus scanning and file backups |
| X | WinsSystem | syssmss.exe | "Added by the DELF.IG TROJAN!"
|
| X | WinStabilizer | WinStabilizer.exe | "Added by the AGOBOT-SW WORM!"
|
| X | WinStar | IEXPL0RE.exe | "Added by the WOSRIST A TROJAN!"
|
| X | WinStart | services.exe | "Added by the SOBER.O WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\Connection Wizard\Status and note the space at the beginning of the ""Startup Item"" field"
|
| X | WinStart | WinStart.exe | "From IGetNet - turns the IE address bar into a keyword engine piped into IGetNet. In other words |
| X | WinStart | Wscript.exe WinStart.vbs | "Added by the CIAN.C WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted. The ""WinStart.vbs"" file is located in %System%"
|
| X | WinStart | winstart32.exe | "Added by the PUROL WORM!"
|
| X | WinStart | WinStart.pif | "Added by the CONE.E WORM!"
|
| X | winstart | winstart.exe | "Added by the SCKEYLO-AB TROJAN!"
|
| X | WinStart001 | WinStart001.exe | "From IGetNet - turns the IE address bar into a keyword engine piped into IGetNet. In other words |
| X | WinStart001.EXE | WinStart001.exe | "From IGetNet - turns the IE address bar into a keyword engine piped into IGetNet. In other words |
| X | winstats | winstats.exe | "Added by the GARGAFX TROJAN!"
|
| X | Winsta~1 | winsta~1.exe | "GoHip foistware"
|
| X | WinSth16 | WinSth16.exe | "Added by the CAKE WORM!"
|
| X | winstro | RUN32DLL.exe | "Added by the FTP_ANA TROJAN!"
|
| X | winsupdater | winsupdater.exe | "Added by the ALCRA-F WORM!"
|
| X | winsupdatesysmngr64 | winsys64mnger.exe | "Added by the RBOT-BAG WORM!"
|
| X | WinSvc16.exe | WinSvc16.exe | "Added by the SDBOT.FQ TROJAN!"
|
| X | winsvc32 | winsvc32.exe | "Added by the IRCBOT-AEG WORM!"
|
| X | winsvc32.exe | winsvc32.exe | "Added by the GREPAGE TROJAN!"
|
| X | Winsvr | msupd******.exe [*= random digit] | Added by the INJECT.163 TROJAN!
|
| X | Winsvr | [random filename].exe | "Added by the ADCLICK-DK TROJAN!"
|
| X | Winsvr manager | DDEsvr.exe | "Added by the TIRBOT-C WORM!"
|
| X | winsy32.exe | winsy32.exe | "CoolWebSearch parasite variant"
|
| X | winsync | ******.exe reg_run [* = random char] | "Added by a variant of the QOOLOGIC TROJAN!"
|
| U | Winsys | Winsys.exe | "Win-Spy keyboard logger/monitoring software - remove unless you installed it yourself"
|
| X | WINSYS | [path to trojan] | "Added by the GOLDPLAY TROJAN!"
|
| X | winsys | syschost.exe | Added by an unidentified TROJAN!
|
| X | WinSys | winmgmt.com | "Added by the VB.EIW WORM!"
|
| X | WinSys | system.exe | "Added by the DAPROSY WORM!"
|
| X | WinSys32 | Winsys32.exe | "Added by the CIGIVIP TROJAN or RECKUS WORM!"
|
| X | winsys32 Driver | winsys32.exe | "Added by the LOONY-O TROJAN!"
|
| U | WinSysAppMon | WinSysRM.exe | "Home & Family Content Filter related. See here"
|
| X | winsysban | [path to trojan] | "Added by the CLICKER-CD TROJAN!"
|
| U | WinSysCheck | sb32mon.exe | "Part of the SpyBuddy keystroke logger/monitoring program - see here. Remove unless you installed it yourself!"
|
| X | winsyslog lptt01 | winsyslog.exe | "RapidBlaster variant (in a ""Winsyslog"" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here"
|
| X | WinSysM | 371662M.exe | "Added by the WINKO.AO WORM!"
|
| X | WinSysModule | [path to trojan] | "Added by the AGENT-DIQ TROJAN!"
|
| X | WinSysStartUpWKbLw | TaskSystemDll.Exe | "Added by the BACKZAT.G WORM!"
|
| X | WinSyst32 | winsyst32.exe | "Added by the MORB WORM!"
|
| X | WinSystem | winsystem.exe | "Added by the WHITEBAIT WORM!"
|
| U | WinSystem | WinSystems.exe | "CMKeyLogger keystroke logger/monitoring program - remove unless you installed it yourself!"
|
| X | Winsystem | Freevideo5.EXE | "Added by the AGENT.FZS WORM!"
|
| X | winsystem.sys | smss.exe | "Added by the SOBER.K WORM! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\msagent\win32 and note the space at the beginning of the ""Startup Item"" field"
|
| X | WinSystems | winsystems16.exe | "Added by the SDBOT-CZT WORM!"
|
| X | winsystems25 | winsystems.exe | "Added by the RBOT-CNZ WORM!"
|
| X | winsysupd | [path to trojan] | "Added by the STARTPA-NI TROJAN!"
|
| X | WinSysW | 371662L.exe | "Added by the WINKO.AO WORM!"
|
| X | WINTASK | yahooicons.exe | "Added by the MYTOB-HM WORM!"
|
| X | Winupdatee | winsvcc.exe | "Added by the AGENT.AN TROJAN!"
|
| X | WinXP Processor Generator v1.2 | intspnsr32.exe | "Added by the SDBOT.LP WORM!"
|
| X | win_supp00.exe | Win Const.exe | "Added by the ASSASIN-H TROJAN!"
|
| X | Wireless Conections | WireConnect.exe | "Added by the SDBOT-VF WORM!"
|
| X | Wireless Connections | WIRECONNECT.EXE | "Added by the SDBOT-VM WORM!"
|
| N | Wireless Console | wcourier.exe | "ASUS Wireless Console - installed alongside ASUS wireless components and provides additional configuration options for these devices"
|
| N | Wireless Console 2 | wcourier.exe | "ASUS Wireless Console - installed alongside ASUS wireless components and provides additional configuration options for these devices"
|
| N | Wireless Console 3 | wcourier.exe | "ASUS Wireless Console - installed alongside ASUS wireless components and provides additional configuration options for these devices"
|
| N | WLAN Status Tray Applet | WLANSTA.EXE | System Tray icon for checking the status of a Wireless LAN
|
| N | WLANSTA.EXE | WLANSTA.EXE | System Tray icon for checking the status of a Wireless LAN
|
| X | WLWin | WINSYS.EXE | "Added by the NAVER.A WORM!"
|
| X | WMI Standard Event Consumer - Scripting | scrcons32.exe | "Added by the RBOT-GRD WORM!"
|
| X | WMI Standard Event Consumer - Scripting | scrcs.exe | "Added by a variant of the RBOT-GRD WORM!"
|
| U | WMPNSCFG | WMPNSCFG.exe | "Network sharing tool for Windows Media Player 11 for XP & Vista. When using WMP 11 on home network you can choose to share your favorite music |
| X | WN Services | wnsvc.exe | "Added by the KBBOT-A TROJAN!"
|
| X | WNSA | wnsts**.exe [* = random char] | "PurityScan adware"
|
| X | WNSC | wnsin**.exe [* = random char] | "PurityScan adware"
|
| X | Wnsck2 driver | wlogf.exe | "Added by the SPYBOT-AF WORM!"
|
| X | WNSI | wnscp**.exe [* = random char] | "PurityScan adware"
|
| X | WNSI | rwsa.exe | "PurityScan adware"
|
| X | WNSO | WNSO.exe | "Baidu.SoBar adware"
|
| X | WNST | wnsapi**.exe [* = random char] | "PurityScan adware"
|
| X | wntlgns | wntlgns.exe | "CoolWebSearch parasite variant"
|
| X | wormexe | winstart.exe | "Added by the EARLYBIRD WORM!"
|
| X | WPSVC Services | wpnsc.exe | "Added by a variant of the IRCBOT BACKDOOR!"
|
| X | WXcmeinst | [path to file] | "Added by the RANCK-CD TROJAN!"
|
| X | xInsIDE | xInsIDE.exe | "Added by the ADLOAD.BH TROJAN! Note - this should not be confused with the valid IDE configuration utility from JMicron Technology which is normally located in %Windir%\RaidTool and uses the same filename. This one is located in %ProgramFiles%\xInsIDE"
|
| U | xInsIDE | xInsIDE.exe | "JMB36x series IDE (or Parallel ATA) configuration utility from JMicron Technology for their PCI Express to SATA II and PATA Host Controllers. This is normally located in %Windir%\RaidTool"
|
| ? | xkstartup | "RunDll32 InstZ82.dll | SetUsbPrinterPort" |
| X | XMLmedia 10.0 | wmsdkns.exe | "Added by the FAKEALERT TROJAN!"
|
| X | XNSearchAssistant | SrchAsst.exe | iWon Search Assistant - spyware
|
| X | xpsp2install | xpsp2Update.exe | "Added by the AGENT-DPK BACKDOOR!"
|
| X | xpstat | winlogins.exe | "Added by the RBOT-AAR WORM!"
|
| U | XtreamLok License Manager | xl.exe | "License manager for xLok (XtreamLok) - prevents software being reverse engineered"
|
| X | x~{{dybel | x~{{dy8%nsn | "Added by the AGOBOT.DQ WORM!"
|
| X | Yahoo Instant Messengar | YahooMsgr.exe | "Added by the SDBOT.GEN TROJAN!"
|
| U | You've Got Pictures Screensaver | ygpsstra.exe | AOL You've Got Pictures Screensaver
|
| U | ZipDisk Icons | IMGICON.EXE | "Displays Iomega icons in Explorer/My Computer |
| X | ZNN | znnsvc.exe | "Added by the SDBOT-DAA WORM!"
|
| X | Zolero Translator | ZoleroTranslator.exe | "Zolero Translator - added by Clickspring |
| X | Zonesoft Cleaner | rnsys.exe | "Added by a variant of the SDBOT WORM!"
|
| ? | zzzCamlnSuitelll | setup.exe 46*** | "??"
|
| X | [3-4 random letters] | nslookup.exe | "PurityScan adware. Not to be confused with the legitimate nslookup.exe which is found in the System32 folder"
|
| X | [random name] | w?nspool.exe | "PurityScan adware"
|
| X | [trojan filename] | Install.exe | "Added by the BANCBAN-FS TROJAN!"
|
| X | [various names] | ActionScr.exe | "Wareout - malware masquerading as a spyware and dialer remover"
|
| X | [various names] | install2.exe | "Wareout - malware masquerading as a spyware and dialer remover"
|
| X | [various names] | NsCplTray.exe | "Wareout - malware masquerading as a spyware and dialer remover"
|
| X | [various names] | NSYSCPLSTR.exe | "Wareout - malware masquerading as a spyware and dialer remover"
|
| X | [various names] | openstre.exe | "Wareout - malware masquerading as a spyware and dialer remover"
|
| X | [various names] | scanSYS.exe | "Wareout - malware masquerading as a spyware and dialer remover"
|
| X | _WinStart | services.exe | "Added by the SOBER.O WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\Connection Wizard\Status"
|
| X | _winsystem.sys | smss.exe | "Added by the SOBER.K WORM! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\msagent\win32"
|
