Trojan

NEW HijackThis automated log analyzer! Get your logs analyzed INSTANTLY!

Page

If you're not finding what you're looking for please go to this forum and submit a new startup entry.

Key:

"Y" - Normally leave to run at start-up
"N" - Not required - typically infrequently used tasks that can be started manually if necessary
"U" - User's choice - depends whether a user deems it necessary
"X" - Definitely not required - typically viruses, spyware, adware and "resource hogs"
"?" - Unknown

	Startup Name	Process Name	Details
X	*WinLogon	[trojan path] ren time:[random number]	"Added by the VUNDO TROJAN!"
X	180ClientStubInstall	[path to trojan]	"180Solutions adware related"
X	360antiarp	[path to trojan]	"Added by the PASTA.AIB TROJAN!"
X	5p4m	[path to trojan]	"Added by the LITEBOT-C TROJAN!"
X	aaprotect	[path to trojan]	"Added by the BANCBAN-MJ TROJAN!"
X	AddClass	[path to trojan]	"Added by the SECDL-A TROJAN!"
X	Advanced DHTML Enable	[path to trojan]	"Added by the AGENT.GLQ TROJAN!"
X	advap32	[path to trojan]	"Added by the MUTANT.AT TROJAN!"
X	AdwareProMFC	AntiTrojan Pro.exe	AntiTrojan Pro rogue security software - not recommended. Variant of Ad-Ware Pro
X	Allopassw	[path to trojan]	"Added by the RANKY.CU TROJAN!"
U	Anti-Trojan-Watch	ATWatch.exe	Anti-Trojan Watch - trojan detector
X	Anti-Virus Update Scheduler	[path to trojan]	"Added by the SPAMMIT-A TROJAN!"
X	Anti-Virus Update Scheduler V1.39.12R	[path to trojan]	"Added by the HEPLANE or STAPREW.B TROJANS! - different filenames have been spotted; examples: msvc.exe
X	Antivirus Installer	[path to trojan]	"Added by the BADGENT-A TROJAN!"
X	autorundemo	[path to trojan]	"Added by the AGENT-FPX TROJAN!"
X	Autoupdate Service	[path to trojan]	"Added by the AGENT-CB TROJAN!"
X	AVP	[path to trojan]	"Added by the MUTBO-A TROJAN!"
X	avptask	[path to trojan]	"Added by the NOFERE-G TROJAN!"
X	bfxtray	[path to trojan]	"Added by the AGENT-GEB TROJAN!"
X	Blue Service	[path to trojan]	"Added by the BANCOS-BCW TROJAN!"
X	BT	[path to trojan]	"Added by the LITEBOT-B TROJAN!"
X	Bwddwss	[path to trojan]	"Added by the RANKY.BD TROJAN!"
X	CacheLoader	[path to trojan]	"Added by the DLOADER-NZ TROJAN!"
X	Client Server Control Process	[path to trojan]	"Added by the AGENT-HR TROJAN!"
X	clkhost	[path to trojan]	"Added by the WIXUD-B TROJAN!"
X	cmrss	[path to trojan]	"Added by the DLOADER-QQ TROJAN!"
X	ComStart	Trojan Guarder.exe	"TrojanGuarder rogue security software - not recommended"
X	con	[path to trojan]	"Added by the BRAVE-A TROJAN!"
X	Connectivity Tool	[path to trojan]	"Added by the LITEBOT-E TROJAN!"
X	Controladores	[path to trojan]	"Added by the TELEFO-A TROJAN!"
X	cppc	[path to trojan]	"Added by the VB-NV BACKDOOR!"
X	CrashDump	[path to trojan]	"Added by the DROPPER.EAT TROJAN!"
X	CSRSWIN	[trojan filename]	"Added by the WINSHELL.50 TROJAN!"
X	CSRSX	[trojan filename]	"Added by the WINSHELL.50.B TROJAN!"
X	CTime	[path to trojan]	"Added by the HTTPDOS TROJAN!"
X	DCOM Server	[path to trojan]	"Added by the AGENT-CCQ BACKDOOR!"
X	defender	[path to trojan]	"Added by the VB-BAQ TROJAN!"
X	Devicewin	[path to trojan]	"Added by the BANKER-AEV TROJAN!"
X	dfgfdgrergd	[path to trojan]	"Added by the RANKY.CK TROJAN!"
X	DirectX shell driver	[path to trojan]	"Added by the MARKTMAN-B TROJAN!"
X	Disk Keeper	[path to trojan]	"Added by the SMALL-VE TROJAN!"
X	Disk Master	[trojan name]	"Added by the DISTER TROJAN! - a spam relayer"
X	down	[trojan filename]	"Added by the SMALL-QJ TROJAN!"
X	drin	[path to trojan]	"Added by the SMALL.DPB TROJAN!"
X	DSKEY	[path to trojan]	"Added by the STARTER-G TROJAN!"
X	DSS	[path to trojan]	"Added by the DSSDOOR-C TROJAN!"
X	explorer	[path to trojan]	"Added by the AGENT-EU TROJAN!"
X	Explorer 2238	[path to trojan]	"Added by the AGENT-CPI TROJAN!"
X	f94mggfhfghodftdf	[path to trojan]	"Added by the SMALL.JHZ TROJAN!"
X	Firewall auto setup	[path to trojan]	"Added by the AGENT-GLY TROJAN!"
X	Flash Driver	[path to trojan]	"Added by the AGENT.CWVT TROJAN!"
X	Flash Media	[path to trojan]	"Added by the IRCBOT.AUR TROJAN!"
X	Floppy Master	[path to trojan]	"Added by the ZONIT-F TROJAN!"
X	Games Acceleration	[path to trojan]	"Added by the SMUTSRCH-A TROJAN!"
X	gimmygames	[path to trojan]	"Added by the DLOADR-LN TROJAN!"
X	HATAPE	[path to trojan]	"Added by the BANKER-QF TROJAN!"
X	hxadsec	[path to trojan]	"Added by the ADCLICK-AP TROJAN!"
X	ibin	[path to trojan]	"Added by the PERDA-C TROJAN!"
X	ICQMsn	[path to trojan]	"Added by the RANCK-AH TROJAN! The most common example is ""cbfks.exe"" located in %System%"
X	IEXPLORE.EXE	[path to trojan]	"Added by the BANCOS-CJ TROJAN!"
X	Image	"rundll32 [path] [trojan filename]	Install"
X	imonitor	[path to trojan]	"Added by the IMONI-A TROJAN!"
X	Init	[path to trojan]	"Added by the DROPPER.EAT TROJAN!"
X	InstallProgram	[path to trojan]	"Added by the AGENT-HHU TROJAN!"
X	Internal	[trojan filename]	"Added by the SMOTHER and TRANSLAT TROJANS!"
X	Internat	[trojan filename]	"Added by the CMJSPY-Y TROJAN!"
X	internet	[trojan filename].exe	"Added by the MIFENG-D TROJAN!"
X	Internet Connection Wizard	[path to trojan]	"Added by the SMUTSRCH-A TROJAN!"
X	Internet Mail and News	[path to trojan]	"Added by the SMUTSRCH-A TROJAN!"
X	IntSys1	[path to trojan]	"Added by the BANLOA-ASE TROJAN!"
X	Irwftp	[path to trojan]	"Added by the BANCOS-AP TROJAN!"
X	ixproxy	[path to trojan]	"Added by the XORPIX-A TROJAN!"
X	jon315	[path to trojan]	"Added by the MAILBOT-BI TROJAN!"
X	jusched	[path to trojan]	"Added by the BANKER-BWR TROJAN!"
X	keyboard	[path to trojan]	"Added by the DLOADR-AOZ TROJAN!"
X	lameshit	[path to trojan]	"Added by the LOWZONE-H TROJAN!"
X	LanGuard	[path to trojan]	"Added by the DLOADER-VO TROJAN!"
X	lar	[trojan filename]	"Added by the ROXY.C TROJAN!"
X	LetsRock	[path to trojan]	"Added by the RANKY.Y BACKDOOR!"
X	Litebot	[path to trojan]	"Added by the LITEBOT-A TROJAN!"
X	loaddr	[path to trojan]	"Added by the AGENT-DIY TROJAN!"
X	login	[path to trojan]	"Added by the HOTWORD-A TROJAN!"
X	Logo	[path to trojan]	"Added by the DLOADER-RH TROJAN!"
X	MailBlocker	[path to trojan]	"Added by the AGENT-LRJ TROJAN!"
X	mdetect	[path to trojan]	"Added by the SPABOT TROJAN!"
X	MEDIA32	[path to trojan]	"Added by the PURSCAN-Z TROJAN!"
X	Micro Office	[path to trojan]	"Added by the BANCBAN-QC TROJAN!"
X	Microsoft (R) Windows TCP/IP Socket Driver	[path to trojan]	"Added by the PROXY-DD TROJAN!"
X	Microsoft ActiveX Debugger NT	[path to trojan]	"Added by the BANCOS-DO TROJAN!"
X	Microsoft Internet Acceleration Utility	[path to trojan]	"Added by the SMUTSRCH-A TROJAN!"
X	Microsoft Internet Explorer	[path to trojan]	"Added by the BANCBAN-AS TROJAN!"
X	Microsoft Management Console	[path to trojan]	"Added by the SMUTSRCH-A TROJAN!"
X	Microsoft standard protector	[path to trojan]	"Added by the STOX-C TROJAN!"
X	Microsoft WPCEmail	[path to trojan]	"Added by the SNIFFER-N TROJAN!"
X	Microsoft WWW	[path to trojan]	"Added by the AGENT-DRI TROJAN!"
X	MicrosoftUpdates	[path to trojan]	"Added by the DELF-LO TROJAN!"
X	ml34	[path to trojan]	"Added by the MAILBOT-BH TROJAN!"
X	MS Task Manager 32	[trojan filename] .exe	"Added by the RANKY.NF TROJAN!"
X	msbsc	[path to trojan]	"Added by the BANKER-DF TROJAN!"
X	MSDNMess	[path to trojan]	"Added by the RANKY.BA TROJAN!"
X	msmsgss	[path to trojan]	"Added by the RANKY.G BACKDOOR!"
X	Mspatch69	[path to trojan]	"Added by the MPROX TROJAN!"
X	msresear	[path to trojan]	"Added by the WEASYW-B TROJAN!"
X	mssvc	[path to trojan]	"Added by the PSK TROJAN!"
X	Multimedia extensions	[path to trojan]	"Added by the SMUTSRCH-A TROJAN!"
X	Ndpldaemon	[path to trojan]	"Added by the RPCSDBOT-A TROJAN!"
X	Network Host Controller	[path to trojan]	"Added by the WHISPER TROJAN!"
X	Network Security Guard	[path to trojan]	"Added by the COLEM-A TROJAN!"
X	newname	[path to trojan]	"Added by the DRSMARTL-S TROJAN!"
X	Norton Firewall	[path to trojan]	"Added by the BANKER-ET TROJAN!"
X	NTCommLib3	[path to trojan]	"Added by the AGENT-AXB TROJAN!"
X	Ntech.patchs	[trojan filename]	"Added by the LEMIR.G TROJAN!"
X	NTP Server	[path to trojan]	"Added by the RANKY.F TROJAN!"
X	NTupdater	[path to trojan]	"Added by the DIGARIX-D TROJAN!"
X	NvCp1Do	[path to trojan]	"Added by the DWNLDR-GWE TROJAN! The most common filename seen is ""smss.exe"" - which is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup!"
X	NvGraphicsInterface	[path to trojan]	"Added by the BCKDR-QKI BACKDOOR!"
X	NVidia Drivers	[path to trojan]	"Added by the RANCK-R TROJAN! Note - this is not related to any nVidia based motherboard or graphics card"
X	Office Monitor Word Exel R	[trojan filename]	"Added by the IRCBOT-VX TROJAN!"
X	office_update	[path to trojan]	"Added by the DLOADER-ZB TROJAN!"
X	PHIME2OO2ASyst	[path to trojan]	"Added by the DBDOOR-B TROJAN!"
X	PopRock	[path to trojan]	"Added by the AGENT-LNU TROJAN!"
X	prunnet	[path to trojan]	"Added by the AGENT-HVB TROJAN!"
X	qgqqft	[path to Trojan]	"Added by the RANKY.T TROJAN!"
X	rawload	[path to trojan]	"Added by the DARKIRC.QZ TROJAN!"
X	Reeg_	[path to trojan]	"Added by the BANCBAN-AW TROJAN!"
X	REGRUN	[path to trojan]	"Added by the LOWZONE-AH TROJAN!"
X	reseurce	[path to trojan]	"Added by the LINEAGE-AI TROJAN!"
X	rngmf	[path to trojan]	"Added by the RANKY.C TROJAN!"
X	Root_Machine	[path to trojan]	"Added by the BANCBAN-DI TROJAN!"
X	RPCInstall	[path to trojan]	"Added by the AGENT-DQM TROJAN!"
X	RunDll	[path to trojan]	"Added by the DROPPER.EAT TROJAN!"
X	Runner	lsass.exe [trojan filename]	"Added by the DROWSY-B TROJAN! Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
X	RunOnce	[path to trojan]	"Added by the BANCBAN-P TROJAN!"
X	RunOnce2Upd	[path to trojan]	"Added by the MURLO.FI TROJAN!"
X	Safe	[path to trojan]	"Added by the BANKER-DT TROJAN!"
X	schost	[path to trojan]	"Added by the TJSERV.D TROJAN!"
X	scrbmk	[path to trojan]	"Added by the DLOADER-VP TROJAN!"
X	SearchClick	[trojan filename]	"Added by the AGENT-DWR TROJAN!"
X	Service	[trojan filename]	"Added by the KAITEX.E TROJAN!"
X	service32.exe	[path to trojan]	"Added by the DLOADR-AYX TROJAN!"
X	Services	[path to trojan]	"Added by the METEORSHELL TROJAN!"
X	Services	[path to trojan]	"Added by the RANCK-DB TROJAN!"
X	Setup	[path to trojan]	"Added by the DROPPER.EAT TROJAN!"
X	ShareSearcher	[path to trojan]	"Added by the AGENT-FPE TROJAN!"
X	ShutdownWithoutLjiasvt.exe	[path to trojan]	"Added by the BIFROSE.F BACKDOOR!"
X	Somefox	[path to trojan]	"Added by the DWNLDR-HHB TROJAN!"
X	Sound	[path to trojan]	"Added by the DROPPER.EAT TROJAN!"
X	sp	"rundll32 (Path to Trojan DLL)	DllInstall"
X	Spool	[path to trojan]	"Added by the RANKY.R TROJAN!"
X	spoolax	[path to trojan]	"Added by the PERDA-D TROJAN!"
X	sr64	[path to trojan]	"Added by the AGENT.X TROJAN!"
X	Srv32 spool service	[path to trojan]	"Added by the DLOADER-LB TROJAN!"
X	sstata	[path to trojan]	"Added by the RANCK-DF TROJAN!"
X	startemdoit	[path to trojan]	"Added by the DLOADR-AVP TROJAN!"
X	StartUpDate	[path to trojan]	"Added by the BIFROSE.F BACKDOOR!"
X	Streams Drivers	[trojan filename]	"Added by the RESTARTER.E TROJAN!"
X	strto	[path to trojan]	"Added by the KILLAV-AP TROJAN!"
X	stup	[path to trojan]	"Added by the AGENT-CIL TROJAN!"
X	support-reverse-smileys	[trojan filename]	"Added by the LITEBOT TROJAN!"
X	svchosd	[path to trojan]	"Added by the BANCOS-BCX TROJAN!"
X	svchost	[path to trojan]	"Added by the HAZZER TROJAN!"
X	SvcManager	[path to trojan]	"Added by the ZALON-A BACKDOOR!"
X	SymantecFilterCheck	[path to trojan]	"Added by the BANKER-EIN TROJAN!"
X	sysdll	[trojan filename]	"Added by the HUGESOT TROJAN!"
X	SySPower	[path to trojan]	"Added by the BANCBAN-OC TROJAN!"
X	System Update	[path to trojan]	"Added by the AUTOTROJ-D TROJAN!"
X	SystemProcEvent	[trojan filename]	"Added by the IRCBOT.I TROJAN! Filenames used are csrwnd.exe
X	systrans	[path to trojan]	"Added by the STARTPA-GZ TROJAN!"
X	TaskManager	[path to trojan]	"Added by the LDPINCH-CF TROJAN!"
X	taskmgr	[path to trojan]	"Added by the AGENT-ENV TROJAN!"
X	TaskMon	[path to trojan]	"Added by the DROPPER.EAT TROJAN!"
X	taskmrg.exe	[path to trojan]	"Added by the BANCBAN-BN TROJAN!"
X	taskmsgs	[path to trojan]	"Added by the BANCOS-BBW TROJAN!"
X	TheMonitor	[path to trojan]	"Added by the DLOADR-LO TROJAN!"
X	Torjan Program	[path to trojan]	"Added by the LEGMIR-BO TROJAN!"
X	Trojan	TrojanS_P.exe	"Added by the AGENT-CQ TROJAN!"
X	Trojan Guarder Gold Version	Trojan Guarder.exe	"TrojanGuarder rogue security software - not recommended"
U	Trojancheck 6 Guard	tcguard.exe	"TrojanCheck anti-trojan software"
U	TrojanScanner	Trjscan.exe	"Trojan Remover from Simply Super Software. Scans for an removes trojan viruses where anti-virus software may have not detected or removed"
X	TrojansFilter	pgs.exe	"TrojansFilter rogue security software - not recommended. A member of the AVSystemCare family"
X	TrojansFiltre	pgs.exe	"TrojansFiltre
U	TrojanShield	Init.exe	"TrojanShield"
U	TrojanShield Protector	Port.exe	"TrojanShield anti-hacker/anti-trojan software"
X	TrojanSimulator	TSServ.exe	"Trojan Simulator security risk which simulates a trojan infection and may be used to verify whether a virus scanner can properly detect the file"
X	TSystem	[trojan filename]	"Added by the NSYS-A TROJAN!"
X	TurboNet	[path to trojan]	"Added by the RENOS-EA TROJAN!"
X	UPNP	[path to trojan]	"Added by the DROPPER.EAT TROJAN!"
X	UsbD	[path to trojan]	"Added by the CIDRA-F TROJAN!"
X	USBHWINFO	[path to trojan]	"Added by the LOWZONE-I TROJAN!"
X	usbn	[path to trojan]	"Added by the HOGIL-C TROJAN!"
X	ValidData	[path to trojan]	"Added by the RANKY.H TROJAN!"
X	VidiaDrivers	[path to trojan]	"Added by the RANKY.U TROJAN!"
X	Virus Removal Tool	[path to trojan]	"Added by the TOMETA-B TROJAN!"
X	vXCXssdss	[path to trojan]	"Added by the RANCK-BO TROJAN!"
X	Web-cameinst	[path to trojan]	"Added by the RANCK-BP TROJAN!"
X	WheelsMouse	[path to trojan]	"Added by the SOCKSPR-D TROJAN!"
X	Win32 Service	[trojan filename]	"Added by the AGENT-GBO TROJAN!"
X	Win32.Trojan.Downloader	netstat2.exe	"Added by the PAINTER TROJAN!"
X	windows	[path to trojan]	"Added by the AIMWIN TROJAN!"
X	Windows NNT	[path to trojan]	"Added by the RANKY.E TROJAN!"
X	WindowsFY	[path to trojan]	"Added by the FAKEALE-E TROJAN!"
X	WindowsSetup	[path to trojan]	"Added by the EZBOT TROJAN!"
X	WindUpdates	[path to trojan]	"Added by the AGENT.BF TROJAN!"
X	WinLsass	[path to trojan]	"Added by the SCANE WORM!"
X	WinMedia	[path to trojan]	"Added by the ZEROBE-A TROJAN!"
X	winmngr.exe	[path to trojan]	"Added by the AGENT-ZB TROJAN!"
X	winreg_32	[path to trojan]	"Added by the BANKER-DB TROJAN!"
X	winshow	[path to trojan]	"Added by the VB-DXP TROJAN!"
X	WINSYS	[path to trojan]	"Added by the GOLDPLAY TROJAN!"
X	winsysban	[path to trojan]	"Added by the CLICKER-CD TROJAN!"
X	WinSysModule	[path to trojan]	"Added by the AGENT-DIQ TROJAN!"
X	winsysupd	[path to trojan]	"Added by the STARTPA-NI TROJAN!"
X	WintelUpdate	[path to trojan]	"Added by the SMALL-EKW TROJAN!"
X	WinUpgrader	[path to trojan]	"Added by the AGENT-DZ TROJAN!"
X	winzip	[path to trojan]	"Added by the BANCOS.G or BANCOS.K TROJANS! Note - this is not part of the popular WinZip file compression utility"
X	wlm	[path to trojan]	"Added by the BANCOS-BCY TROJAN!"
X	x3yy	[path to trojan]	"Added by the TANNICK TROJAN!"
X	xload	[path to trojan]	"Added by the VB-AGP TROJAN!"
X	XpAspy	[path to trojan]	"Added by the DELF-WH BACKDOOR!"
X	xserv	[path to trojan]	"Added by the STUMPY-A TROJAN!"
X	yyyyyyyy	[path to trojan]	"Added by the MUMUBOY.B TROJAN!"
X	ZagrebLand	[trojan filename]	"Added by the RENOS-EH TROJAN!"
X	Zen.A	[path to trojan]	"Added by the ZOOMEN-A TROJAN!"
X	[trojan filename]	Install.exe	"Added by the BANCBAN-FS TROJAN!"
X	[trojan name]	svchost.exe	"Added by the BANCBAN-CI TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup!"
X	[username] config	[path to trojan]	"Added by the MOSUCK-H TROJAN!"
X	{357AA41A-B7A8-4632-A27D-5B980B25CF43}	[path to trojan]	"Added by the SMALL-EP TROJAN!"

DISCLAIMER: It is assumed that users are familiar with the operating system they are using and comfortable with making the suggested changes. I will not be held responsible if changes you make cause a system failure.

This is NOT a list of tasks/processes taken from Task Manager or the Close Program window (CTRL+ALT+DEL) but a list of startup applications, although you will find some of them listed via this method. Pressing CTRL+ALT+DEL identifies programs that are currently running - not necessarily at startup. For a list of tasks/processes you should try WinTasks 5 Standard/Professional from LIUtilities or the list at AnswersThatWork. Therefore, before ending a task/process via CTRL+ALT+DEL just because it has an "X" recommendation, please check whether it's in MSCONFIG or the registry first. An example would be "svchost.exe" - which doesn't appear in either under normal conditions but does via CTRL+ALT+DEL. If in doubt, don't do anything.