Support Forum Articles File Help Startup DB Tips Service DB Hijack This! Analyzer

 

NEW HijackThis automated log analyzer! Get your logs analyzed INSTANTLY!

If you're not finding what you're looking for please go to this forum and submit a new startup entry.

Key:

  • "Y" - Normally leave to run at start-up
  • "N" - Not required - typically infrequently used tasks that can be started manually if necessary
  • "U" - User's choice - depends whether a user deems it necessary
  • "X" - Definitely not required - typically viruses, spyware, adware and "resource hogs"
  • "?" - Unknown



Startup Name Process Name Details
XMicrosoft Windows Servicesmsw32.exe"Added by the RBOT-FWQ WORM!"
XMicrosoft Windows ServicesSersices.exe"Added by the SDBOT-NO WORM!"
XMicrosoft Windows Services Edtssvvcchhoosst.exe"Added by the RBOT-FYF TROJAN!"
XMicrosoft Windows Services Edtdllrun32.exe"Added by the RBOT-GAF WORM!"
Xsvhost windows servicessvhost8.exe"Added by the RBOT-WQ WORM!"
XWindows Servicesservice.exe"Added by the RANDEX.R WORM!"
XWindows Servicessvchosts.exe"Added by the AGOBOT-KL TROJAN!"
XWindows ServicesExplorer.exe"Added by the SDBOT-WT WORM! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%"
XWindows ServicesNetworkDriver32.exe"Added by the RBOT-ACR WORM!"
XWindows Servicesscmsg.exe"Added by a variant of the SDBOT WORM!"
XWindows Servicesscvhoste.exe"Added by the SPYBOT.OBZ WORM!"
XWindows Serviceswinsvc32.exe"Added by the MYTOB-CB WORM!"
XWindows ServicesNetworkDrivers.exe"Added by the SDBOT-YO WORM!"
XWindows Servicessmsc.exe"Added by a variant of the SDBOT WORM!"
XWindows Servicesspoolsvc.exe"Added by the SDBOT.CPZ WORM!"
XWindows Servicesiexplore.exe"Added by the RBOT-WE WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System%"
XWindows Servicesavsrv32.exe"Added by a variant of the IRCBOT BACKDOOR!"
XWindows Servicesservicez.exe"Added by a variant of the IRCBOT BACKDOOR! See here"
XWindows Servicesw32edus.exe"Added by a variant of the IRCBOT BACKDOOR! See here"
XWindows Servicesw32service.exe"Added by the AUTORUN-FU WORM!"
XWindows Servicesw32services.exe"Added by the AUTORUN-FT WORM!"
XWindows Serviceswinlogon.exe"Added by a variant of the IRCBOT BACKDOOR! Note - this is not the legitimate winlogon.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
XWindows Serviceswinsysdll.exe"Added by a variant of the IRCBOT BACKDOOR! See here"
XWindows Serviceswinsyssrv.exe"Added by a variant of the IRCBOT BACKDOOR! See here"
XWindows Serviceswinudp.exe"Added by a variant of the IRCBOT BACKDOOR!"
XWindows Servicesfilename.exe"Added by the SDBOT.FSK BACKDOOR!"
XWindows Servicessvhost33.exe"Added by the RBOT.AFN WORM!"
XWindows Servicesservices.exe"Added by the AGENT-MVC TROJAN! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
XWindows Serviceswupdate.exe"Added by the GAOBOT.ZT WORM!"
XWindows Services Agantregs32.exe"Added by the SDBOT-DIK WORM!"
XWindows Services Aganters[10 random letters].exe"Added by the RBOT.CUN WORM!"
XWindows Services Agentmsngears.exe"Added by the VB-EMS TROJAN!"
XWindows Services alges2[8 random letters].exe"Added by a variant of the RBOT WORM!"
XWindows Services B-Runnersvcbrun.exe"Added by a variant of the IRCBOT BACKDOOR! See here"
XWindows Services B-Runnersvcbrunner.exe"Added by the IRCBOT.BYV BACKDOOR!"
XWindows Services Certificationsvccert.exe"Added by a variant of the IRCBOT BACKDOOR! See here"
XWindows Services Guidesvcguide.exe"Added by the SLENFBOT.KQ WORM!"
XWindows Services Guidesvcguides.exe"Added by the SHEUR.YS BACKDOOR!"
XWindows Services Hostsvchost.exe"Added by the CONE or CONE.E WORMS! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup!"
XWindows Services Hostssvhosts.exe"Added by the SDBOT-YH TROJAN!"
XWindows Services Ink Platform Tablet Input Subsystemwsiptis.exe"Added by the RBOT.APC WORM!"
XWindows Services Jogsvcjog.exe"Added by the AGENT.ALWZ WORM!"
XWindows Services Jogsvcjogg.exe"Added by the AGENT.QAF WORM!"
XWindows Services Jogersvcjoger.exe"Added by the RBOT.CAT WORM!"
XWindows Services Joggingsvcjogging.exe"Added by a variant of the IRCBOT BACKDOOR! See here"
XWindows Services Jogingsvcjoging.exe"Added by the IRCBOT.AVI BACKDOOR!"
XWindows Services Layerwinlogz2.exe"Added by the RBOT-FZE WORM!"
XWindows Services Layerwinl0g0.exe"Added by the RBOT-FZQ WORM!"
XWindows Services Layersslms.exe"Added by the RBOT-GAH WORM!"
XWindows Services M7ctfmon32.exe"Added by the AGENT.WOH TROJAN!"
XWindows Services Towersvctowers.exe"Added by the IRCBOT.AGJ BACKDOOR!"
XWindows Services Towersvctowing.exe"Added by the SLENFBOT.LA WORM!"
XWindows Services Updatesvch0st.exe"Added by a variant of the RBOT WORM! Note - the filename has the digit 0 rather then the uppercase ""o"""


DISCLAIMER: It is assumed that users are familiar with the operating system they are using and comfortable with making the suggested changes. I will not be held responsible if changes you make cause a system failure.

This is NOT a list of tasks/processes taken from Task Manager or the Close Program window (CTRL+ALT+DEL) but a list of startup applications, although you will find some of them listed via this method. Pressing CTRL+ALT+DEL identifies programs that are currently running - not necessarily at startup. For a list of tasks/processes you should try WinTasks 5 Standard/Professional from LIUtilities or the list at AnswersThatWork. Therefore, before ending a task/process via CTRL+ALT+DEL just because it has an "X" recommendation, please check whether it's in MSCONFIG or the registry first. An example would be "svchost.exe" - which doesn't appear in either under normal conditions but does via CTRL+ALT+DEL. If in doubt, don't do anything.