|
|
Startup Name
| Process Name
| Details |
| X | 456655 | explorer.exe | "Added by the BIFROSE-DE TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%"
|
| X | ccreg | explorer.exe | "Added by the ZCREW BACKDOOR! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%"
|
| X | Config Loadatiorin | I3Explorer.exe | "Added by the SDBOT.H TROJAN!"
|
| X | Explore | Explorer.exe | "Added by the IRC.FLOOD.G BACKDOOR! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%"
|
| U | explorer | explorer.exe | "Starts Windows Explorer. Unless this has been manually added to startups or added by another program it could be a virus such as PE_BISTRO or DVLDR or MYDOOM.C. Note that it is also not the explorer.exe task/service you'll see when via CTRL+ALT+DEL"
|
| X | explorer | explorer.exe | "Added by the KEYLOG-AK TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%\service"
|
| X | EXPLORER | EXPLORER.exe | "Added by the NETHIEF-P TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%\ShellExt"
|
| X | explorer | explorer.exe | "Added by the BLOCKEY-A TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%\config"
|
| X | Explorer | Windows Explorer.exe | "Added by the SILLYFDC-I WORM!"
|
| X | Explorer lptt01 | explorer.exe | "RapidBlaster variant (in a ""explorer"" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here.Note - this is not the legitimate Windows Explorer (explorer.exe) which would not normally appear in Msconfig/Startup unless you added it manually!"
|
| X | Explorer ml097e | explorer.exe | "RapidBlaster variant (in a ""explorer"" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here.Note - this is not the legitimate Windows Explorer (explorer.exe) which would not normally appear in Msconfig/Startup unless you added it manually!"
|
| X | explorer.exe | explorer.exe | "Added by the AGENT-EW or PWS-CY TROJANS! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%"
|
| X | explorer.exe | explorer.exe | "Added by the DELF-ACL TROJAN! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in the Program Files folder"
|
| X | Explorer.exe | csrss.exe | "Added by the JUEGO-B WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %AppData%\Microsoft"
|
| X | Explorer6.1.EXE | Explorer.exe | Added by the MYDOOM.B WORM! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually!
|
| X | ExplorerTask | explorer.exe | "Added by the ZCREW-B BACKDOOR! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in the ""Fonts"" sub-folder"
|
| X | IE configure | explorer.exe | "Added by the LINEAGE-C TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually!"
|
| X | IExplorer | IExplorer.EXE | "Added by the BANCOS-CH TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe)"
|
| X | Iexplorer | explorer.exe | "Added by the ZAPCHAS-AC TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%"
|
| X | iexplorer lptt01 | iexplorer.exe | "RapidBlaster variant (in a ""iexplorer"" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here"
|
| X | iexplorer ml097e | iexplorer.exe | "RapidBlaster variant (in a ""iexplorer"" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here"
|
| X | Iexplorer.exe | Iexplorer.exe | "Added by the BANCBAN-EN TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe)"
|
| X | Internet Explorer | iexplorer.exe | "Added by the LORSIS WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe)"
|
| X | Internet Explorer | IExplorer.exe | "Added by the NETHIEF-O BACKDOOR! Note - this is not the legitimate Internet Explorer (iexplore.exe)"
|
| X | Internet Explorer Agent | iexplorer.exe | "Added by the AGENT-BH TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe)"
|
| X | Internet Explorer Updater | iexplorer.exe | "Added by the REUR.B WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe)"
|
| X | Internet_Explorer.exe | Internet_Explorer.exe | "Added by the BANKER-END TROJAN!"
|
| X | irwftp | iexplorer.exe | "Added by the BANKER-AN TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe)"
|
| X | kernel32sys.dll | IEXPLORER.exe | "Added by the RBOT-MK WORM!"
|
| U | klp | explorer.exe | "ComSurveilSys keystroke logger/monitoring program - remove unless you installed it yourself!"
|
| X | load | explorer.exe | "Added by the LINEAGE-OZ TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%"
|
| X | load | WinExplorer.exe | "Added by the VB.EIW WORM!"
|
| X | Loadab1 | explorer.exe | "Added by the LINEAGE-AJ TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %ProgramFiles%"
|
| X | loadMecq0 | explorer.exe | "Added by the MUMUBOY.C TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %ProgramFiles%"
|
| X | loadMect1 | explorer.exe | "Added by the LINEAGE-L TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %ProgramFiles%"
|
| X | MicroCQ0 | explorer.exe | "Added by the LINEAGE-AK TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %ProgramFiles%"
|
| X | Microsoft | Explorer.exe | "Added by a variant of the RBOT WORM! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%"
|
| X | Microsoft Automatic Updater | Explorer.exe | "Added by the RBOT-SG WORM! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%"
|
| X | Microsoft Explorer | explorer.exe | "Added by the POEBOT-LY WORM! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%"
|
| X | Microsoft Inc. | iexplorer.exe | "Added by the LOVGATE.E WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe)"
|
| X | Microsoft Inc. | iexplorer.exe... | "Added by the LOVGATE.AO WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe)"
|
| X | Microsoft Internet Exp | iiexplorer.exe | "Added by the RBOT-KX WORM!"
|
| X | Microsoft Internet Explorer | iexplorer.exe | "Added by the SDBOT-XN WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe)"
|
| X | Microsoft Synchronization Manager | explorer.exe | "Added by the SDBOT-AEA WORM! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%"
|
| X | Microsoft Update | explorer.exe | "Added by the RBOT.AEU BACKDOOR! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%"
|
| X | Microsoft Update 32 | explorer.exe | "Added by the RBOT-ARF WORM! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%"
|
| X | Microsoft Windows Explorer | iexplorer.exe | "Added by a variant of the RBOT WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe)"
|
| X | Microsoft Windows XP/2K Explorer | winexplorer.exe | "Added by a variant of the IRCBOT BACKDOOR! See here"
|
| X | Miscrosoft Windows Explorer | IEEXPLORER.exe | Reported as the SDBOT.YX WORM!
|
| X | MMB2 | explorer.exe | Added by an unidentified WORM or TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%
|
| X | MsAudio | explorer.exe | "Added by the LEGMIR-BY TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%"
|
| X | MSN Explorer | msnexplorer.exe | "Added by the AGENT-CAX TROJAN!"
|
| X | Msn Messenge | IExplorer.exe | "Added by the DELF-LL TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe)"
|
| X | MSN Messenger | IExplorer.exe | "Added by the BANKER-EU TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe)"
|
| X | Navegate | iiexplorer.exe | "Added by the BANCBAN-OP TROJAN!"
|
| X | NvCplDaemon | Xplorer.exe | "Added by the ORBINA-A WORM!"
|
| X | print sharing | [path] hidden32.exe [path] explorer.exe | "Added by the ZCREW.B BACKDOOR! Note - the legitimate Windows Explorer (explorer.exe) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually!"
|
| X | Ravshell | IEXPLORER.EXE | "Added by the AGENT.URZ TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe)"
|
| X | RpcLocator | explorer.exe | "Added by the RBOT-GSA WORM! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%"
|
| X | Services | iexplorer.exe | Added by an unidentified WORM or TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe)
|
| X | Shell | Explorer.exe sound_drive16.exe | "Added by the GP BACKDOOR! Note - do not delete the legitimate Windows Explorer (explorer.exe) which is located in %Windir% and can be used to launch other files. The ""sound_drive16.exe"" file is located in %System%"
|
| X | Shell | "Explorer.exe | msmsgs.exe" |
| X | Shell | Explorer.exe svchost.exe | "Added by the DOYORG BACKDOOR! Note - do not delete the legitimate Windows Explorer (explorer.exe) which is located in %Windir% and can be used to launch other files. The legitimate svchost.exe process is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
|
| X | shell | explorer.exe | "Added by the KAKKEYS TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%"
|
| X | Shell | Explorer.exe iexplore.exe | "Added by the KIPIS-U WORM! Note - do not delete the legitimate Windows Explorer (explorer.exe) which is located in %Windir% and can be used to launch other files. The legitimate Internet Explorer (iexplore.exe) is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System%\Microsoft"
|
| X | Shell | Explorer.exe winupdate.exe | "Added by the AGENT-FD TROJAN! Note - do not delete the legitimate Windows Explorer (explorer.exe) which is located in %Windir% and can be used to launch other files. The ""winupdate.exe"" file is located in %System%"
|
| X | Shell | Explorer.exe [path] ibm[RANDOM 5 DIGIT NUMBER].exe | "Added by the ANSERIN TROJAN! Note - do not delete the legitimate Windows Explorer (explorer.exe) which is located in %Windir% and can be used to launch other files"
|
| X | Shell | Explorer.exe winsys32.exe | "Added by the DELF.CP BACKDOOR! Note - do not delete the legitimate Windows Explorer (explorer.exe) which is located in %Windir% and can be used to launch other files. The ""winsys32.exe"" file is located in %Windir%"
|
| X | Shell | explorer.exe msbnc.exe | "Added by the AGENT-PL BACKDOOR! Note - do not delete the legitimate Windows Explorer (explorer.exe) which is located in %Windir% and can be used to launch other files. The ""msbnc.exe"" file is located in %System%"
|
| X | Shell | Explorer.exe kbdsys.exe | "Added by the DAPROSY WORM! Note - do not delete the legitimate Windows Explorer (explorer.exe) which is located in %Windir% and can be used to launch other files. The ""kbdsys.exe"" file is located in %AppData%\Microsoft\Keyboard"
|
| X | Shell | Explorer.exe init32m.exe | "Added by the DLSW-B TROJAN! Note - do not delete the legitimate Windows Explorer (explorer.exe) which is located in %Windir% and can be used to launch other files. The ""init32m.exe"" file is located in %System%"
|
| X | Shell | Explorer.exe smssnt.exe | "Added by the AGOBOT.EE TROJAN! Note - do not delete the legitimate Windows Explorer (explorer.exe) which is located in %Windir% and can be used to launch other files. The ""smssnt.exe"" file is located in %System%"
|
| X | Shell32 | explorer.exe | "Added by the SDBOT-NF WORM! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%"
|
| X | smsys | Explorer.exe | "Added by the CLICKER-C BACKDOOR! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in a ""Template"" subfolder"
|
| X | startkey | explorer.exe | "Added by the BCKDR-MLD BACKDOOR! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%"
|
| X | Sustem | explorer.exe | "Added by an unidentified VIRUS |
| X | SustemUpdate | explorer.exe | "Added by an unidentified VIRUS |
| X | svchost | [path to explorer.exe] | "Added by the UNREAL-A TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually!"
|
| X | syscheck | iexplorer.exe | Added by the AGENT.DM TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe)
|
| X | sysconfig | iexplorer.exe | "Added by the CULT.C WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe)"
|
| X | sysMett1 | explorer.exe | "Added by the LEGMIR-Y TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %ProgramFiles%"
|
| X | system | Explorer.exe | "Added by the GRAYBIRD BACKDOOR! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%"
|
| X | System Update2 | explorer.exe | "Added by the AUTOTROJ-C TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%"
|
| X | Systray | w32explorer.exe | "Added by the RBOT-AJY WORM!"
|
| X | sys_Runtt1 | explorer.exe | "Added by the LINEAGE-M TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %ProgramFiles%"
|
| X | taskmgr | explorer.exe | "Added by the ZAPCHAS-AC TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%"
|
| X | VMware Tools | Xplorer.exe | "Added by the AUTOIT.K TROJAN!"
|
| X | Windows | explorer.exe | "Added by the POEBOT-J WORM! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%"
|
| X | Windows Backup Configuration | IEXPLORER.exe | "Added by the GAOBOT.AZ WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe)"
|
| X | Windows Explorer | EEXPLORER.EXE | "Added by a variant of the SPYBOT WORM!"
|
| X | Windows Explorer | explorer.exe | "Added by the POEBOT-J WORM! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%"
|
| X | Windows Explorer | Windows Explorer.EXE | "Added by the VB-EBA WORM!"
|
| X | Windows Explorer Key | explorer.exe | "Added by the IRCBOT-YB WORM! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%"
|
| X | Windows Explorer.exe | Explorer.exe | "Added by the FALTER-A TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%"
|
| X | Windows Services | Explorer.exe | "Added by the SDBOT-WT WORM! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%"
|
| X | Windows System32 | explorer.exe | "Added by the OPANKI-V WORM! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is also copied to %System%"
|
| X | Windows Taskmanager | iexplorer.exe | "Added by a variant of the IRCBOT BACKDOOR! See here. Note - this is not the legitimate Internet Explorer (iexplore.exe)"
|
| X | Windowz Update V2.0 | Explorer.exe | "Added by the YODO WORM! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%"
|
| X | Winlogon Shell | Explorer.exe svchost.exe | "Added by the KIPIS.M WORM! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ""1032"" sub-folder"
|
| X | winnt DNS ident | iexplorer.exe | "Added by a variant of the RBOT WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe)"
|
| X | WINTASK | iexplorer.exe | "Added by the MYTOB-CH WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe)"
|
| X | WinUPD32 | explorer.exe | "Added by an unidentified VIRUS |
| X | winupdateconn_ | Explorer.EXE | "Added by the COMBRA-B WORM! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%"
|
| X | WinVNC | iexplorer.exe | "Added by the EVIVINC BACKDOOR! Note - this is not the legitimate Internet Explorer (iexplore.exe)"
|
| X | WksSVC | EXPLORER.exe | "Added by the MYTOB-BW WORM! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%"
|
| X | Xplorer | Xplorer.exe | "Added by the AUTOIT-BP WORM!"
|
| X | [random number] | explorer.exe | "Added by the KEYLOG-AN TROJAN! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%\service"
|
