| X | NI.UGDCCZ_0001_N122M0307 | [path to file] | "Installer for the SuspenzorPC Czech rogue privacy tool - see here"
|
| X | NI.UGDCCZ_0001_N122M0511 | [path to file] | "Installer for the SuspenzorPC Czech rogue privacy tool - see here"
|
| X | NI.UGDCCZ_0001_N122M1712 | [path to file] | "Installer for the SuspenzorPC Czech rogue privacy tool - see here"
|
| X | nodriver | AUEKXRZ.EXE | "Added by a variant of the SPYBOT WORM!"
|
| U | Norman ZANDA | ZLH.EXE | "System Tray icon for Norman Antivirus"
|
| Y | Norton Personal Firewall | IntroWiz.exe | Part of Norton Personal Firewall or Norton Internet Security
|
| N | Norton SystemWorks | cfgwiz.exe | Norton System Works configuration wizard. Reportedly a resource hog. Many users find they can live without loading it
|
| X | Norton Wizzard | nwiz.exe | "Added by the GAOBOT.ADV WORM! Note - this is not the valid nVidia application that shares the same name"
|
| U | Notebook Maximizer | maximizer_startup.exe | Toshiba Notebook Maximizer software - adjust settings to save battery power and increase efficiency
|
| X | NTSF Microsoft System | fylez.exe | "Added by a variant of the RBOT WORM!"
|
| X | Numerical Xtermz Agent | 1x32.exe | "Added by the RBOT-FWX WORM!"
|
| N | NvInitialize | "rundll32.exe NvQtwk.dll | NvXTInit" |
| X | NvUpdater | nwiz32.exe | "Added by a variant of the RBOT WORM!"
|
| N | nwiz | nwiz.exe | "Part of NVIDIA's NVIEW Display Management Software - included in drivers for consumer and professional graphics products. This entry runs the ""NVIDIA Display Setup Wizard"" if you connect (or already have connected) an additional display once the drivers have been installed. In later drivers it also loads the ""nView Desktop Manager"" (if you enable it via Control Panel → NVIDIA nView Desktop Manager) if you want to use features such as Hot Keys and Zoom. In both cases nwiz.exe doesn't remain in memory"
|
| X | nwiz | KHATRA.exe | "Added by the ORBINA-A WORM!"
|
| X | nwiz32 | nwiz32.exe | "Added by the SINBANK-A TROJAN!"
|
| X | NZ01 | NZ01.exe | "Added by the SCAR-K TROJAN!"
|
| X | OczyszczaczKomputerza | GDC.exe | "OczyszczaczKomputerza Polish rogue privacy tool - not recommended. A member of the PCPrivacyTool family"
|
| X | oddworldz.exe | oddworldz.exe | "Added by the MULTIDR-EG TROJAN!"
|
| X | Olive System | Szchost.exe | "Added by the MERCURYCAS.A TROJAN!"
|
| X | OpenApizs | zrscbm.exe | "Added by the AGENT.RLH TROJAN!"
|
| X | Optimize Windows | Kuntilanak.exe | "Added by the SILLYFDC WORM!"
|
| X | OPTIMIZER | iexplore.exe | "Added by the EVEVINC BACKDOORNote - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System%"
|
| X | OPTIMIZER | iexplore.exe | "Added by the EVIVINC BACKDOOR! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System%"
|
| X | oz2 | oz2.exe | "Added by the MYDOOM.W WORM!"
|
| N | PC Pitstop Optimize Reminder | Reminder.exe | "Registration reminder for the PC Pitstop Optimize 2.0 system optimizatoon utility by CA. Located in %ProgramFiles%\PCPitstop\Optimize2"
|
| U | PC Pitstop Optimize Scheduler | PCPOptimize.exe | "Scheduler for the Optimize system optimization utility from PC Pitstop"
|
| U | PCPOptimize | PCPOptimize.exe | "Scheduler for the Optimize system optimization utility from PC Pitstop"
|
| U | PicoZip | PicoZipTray.exe | "System tray access to PicoZip - ""an easy to use Zip and UnZip utility that runs on all 32-bit Windows platforms such as Windows 95 |
| N | pictureBUZZTray | swtray.exe | "System Tray access to PictureBUZZ on-line printing software from Streetwise Software. If you use the software set the page you use as a favourite in your browser and run it manually"
|
| X | play ooze | user grim.exe | Added by and unidentified WORM or TROJAN!
|
| X | postSetupCheck | Rundll32.exe gzmrt.dll | "TrafficSol adware variant. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The ""gzmrt.dll"" file is found in %System%"
|
| U | Praize Messenger | itLoad.exe | "Praize IM Christian chat instant messenger"
|
| X | PrizeSurfer | prizesurfer.exe | """PrizeSurfer is the free software that automatically enters you to win cash and prizes just for surfing the web and shopping online!"" Stealth installed malware"
|
| X | Proteçăo de tela | ssmaze.scr | "Added by the BANCBAN-FB TROJAN!"
|
| X | ProtezionefiData | pgs.exe | "ProtezionefiData rogue security software - not recommended. A member of the AVSystemCare family"
|
| X | ProtezioneSoft | SysRep.exe | "ProtezioneSoft |
| X | Qffecdas | vvzxx.exe | "Added by the MULTIDRP.AA TROJAN!"
|
| X | qkoszvd.dll | "rundll32.exe qkoszvd.dll | jwezubg" |
| U | QtZgAcer | QtZgAcer.EXE | Acer Launch Manager - on Acer laptops it supports the dedicated multimedia buttons and allows users to configure their function. If the optional WLAN module and Bluetooth radio are installed the associated buttons can set their operating state
|
| U | QtZpAcer | QtZpAcer.exe | Acer Launch Manager - on Acer laptops it supports the dedicated multimedia buttons and allows users to configure their function. If the optional WLAN module and Bluetooth radio are installed the associated buttons can set their operating state
|
| X | quartz | quartz.exe | "Malware installed by different rogue security software including SpyKillerPro"
|
| X | Quickzip | Ls.exe | MsConnect browser hijacker and dialler
|
| X | QuickZip | lu.exe | MsConnect browser hijacker and dialler
|
| X | RAVEN_VLZS.EXE | RAVEN_VLZS.EXE | "DownloadReceiver parasite - no longer in existence"
|
| X | RavUptkt | agetlktz.exe | "Added by the QQPASS-AJ TROJAN!"
|
| X | RAX SYSTEM | scrigz.exe | "Added by the MYTOB.KR WORM!"
|
| U | razer | razerhid.exe | "Razer gaming mouse/keyboard driver - required if you use the additional features and programmed keys/macros"
|
| X | RBOT v2 with NetAPI exploit traded with billgates I gave my mother Greetz - OG - Bluehell Irc Server | glossary.exe | "Added by the VANEBOT-J WORM!"
|
| X | RealDownload Express | npnzdad.exe | Advertising spyware
|
| U | Reclusa | razerhid.exe | "Microsoft Reclusa (by Razer) gaming keyboard driver - required if you use the additional features and programmed keys/macros"
|
| X | RegFreeze | regfreeze.exe | "RegFreeze rogue spyware remover - not recommended |
| X | Registry Value Name | enzxp.exe | "Added by the RBOT-BAJ WORM!"
|
| U | Remote Management Agent | zenrc32.exe | "Part of Novell's ZENworks - "Complete End-to-End Directory-enabled Network Management". Installed on a managed workstation fo an administrator to remotely manage the workstation. Required if the PC is a managed workstation"
|
| X | REMOVE ME | tbbzxzxcxxcx.exe | "Added by the SDBOT-TA WORM!"
|
| X | reszrv | [8 random letters].exe | "Added by a variant of the SDBOT WORM! See here"
|
| X | RNBz Test | wf32vbc.exe | "Added by the RBOT-AEY WORM!"
|
| Y | Roxio Engine Compatibility Wizard | EngUtil.exe | "Part of the Roxio Easy CD & DVD Creator and Easy Media Creator series of CD/DVD tools - corrects any modification made to the Roxio Engine |
| ? | RSRCMTZ | RSRCMTZ.exe | "??"
|
| X | rzt | rundll32.exe | "Added by the LINEAGE.BDP TROJAN! Note - this is not the legitimate rundll32.exe process |
| U | Salmosa | razerhid.exe | "Razer Salmosa gaming mouse driver - required if you use the additional features and programmed keys/macros"
|
| X | SB13mini | RYZO32.EXE | "Added by the SPYBOT-EJ WORM!"
|
| ? | Scan Wizard | button.exe | "Associated with Scan Wizard as supplied with Microtek scanners - see also the Scanner Detector and Sdetect entries. What does it do and is it required?"
|
| Y | SCHWIZEX | SCHWIZEX.EXE | "Part of ConfigSafe - lets you identify changes to the registry |
| X | scvhost | svzhost.exe | "Added by a variant of the SPYBOT WORM!"
|
| X | SDKCprords | SDKc55rezzz.exe | "Added by the RBOT.VD WORM!"
|
| X | SDKz0r | SDKc55rezzz2.exe | "Added by the SDBOT-UN WORM!"
|
| X | secboot | mszx23.exe | "Added by a variant of the HAXDOOR.BC TROJAN!"
|
| Y | SECWIZ98 | SECWIZ98.EXE | "Security Wizard 98 by Chris Farmer. Offers you a variety of ways to restrict access to many of the programs and settings on your PC. Available here"
|
| X | Serices Hostin | servicez.exe | "Added by the SLENFBOT.MF WORM!"
|
| X | service updaer | qualityz.exe | "Added by an unidentified VIRUS |
| ? | setuzp | setuzp.exe | "??"
|
| N | SFP | vzSFPWin.EXE | Verizon Online Support Center - prompts for online updates
|
| N | Shareaza | Shareaza.exe | "Shareaza P2P client"
|
| U | Shareaza | bindata.exe | "Shareaza P2P client related"
|
| X | SichererSchutz | pgs.exe | "SichererSchutz |
| U | SMSystemAnalyzer | SMSystemAnalyzer.exe | "Part of the Iolo System Mechanic optimization tool"
|
| ? | SmWizard | SmWizard.exe | "SmartWizard MFC Application - associated with C-Media who produce audio chipsets commonly used for on-board sound on motherboards. What does it do and is it required?"
|
| X | Socket Utility | svchostz.exe | "Added by the DAEMONI-E TROJAN!"
|
| N | spc_w | nzspc.exe | "NetZero Search Enhancement related"
|
| U | SpeedOptimizer | spo.exe | "SpeedOptimizer is designed to optimize and speed-up your Internet data transmission including browsing |
| X | SpyHazard | SpyHazard.exe | "SpyHazard rogue spyware remover - not recommended |
| X | startkey | furzi.exe | "Added by the BIFROSE-OK TROJAN!"
|
| X | Startup Configuration | wztoid.exe | "Added by the RBOT-ASD WORM!"
|
| U | Stealth Anonymizer 2.5 | stealth25.exe | "Now named Stealther - proxy server agent that lets you travel the Internet with maximum possible privacy"
|
| U | STOPzilla | Stopzilla.exe | "StopZilla! - pop-up killer"
|
| U | STOPzilla Service | SZNTSVC.EXE | "StopZilla! - pop-up killer"
|
| U | StreamZap Remote | zremote.exe | "StreamZap PC Remote - control Windows Media Player |
| X | SuspenzorPC | GDC.exe | "SuspenzorPC Czech rogue privacy tool - not recommended. A member of the PCPrivacyTool family"
|
| X | Synchronization Agent | mobsynca.exe | "Added by the RANDEX-E WORM!"
|
| U | Synchronization Manager | mobsync.exe | "Microsoft Synchronization Manager for 2K/XP - used to update network copies of materials that were edited offline |
| X | Synchronization Manager | rservers.exe | "Added by the FORBOT-FM WORM!"
|
| X | System | Zap.exe | "Added by the MSNVB-D WORM!"
|
| X | System | systemz.exe | "Added by the VILSEL-B TROJAN!"
|
| X | System Analyzer | lsass32.exe | "Added by the SDBOT.CNI WORM!"
|
| X | System Initialization | msmsgri32.exe | "Added by the RANDEX.D WORM or ROXY or ROXY.B TROJANS!"
|
| X | System Initialization | payload.dat | "Added by the RANDEX.D WORM or ROXY or ROXY.B TROJANS!"
|
| X | System Process Analization | sysproc.exe | "Added by a variant of the RBOT WORM!"
|
| X | System Process Analization Thread | system.exe | "Added by a variant of the RBOT WORM!"
|
| X | System Service | servicez.exe | "Added by the RBOT-AOY WORM!"
|
| X | System Service | b4db0yz.exe | "Added by the RBOT-CLO WORM!"
|
| X | System Updates | szwi.exe | "Added by the RBOT-AXE WORM!"
|
| X | SystemOptimizer2008 | main.exe | "SystemOptimizer2008 rogue optimization utility - not recommended |
| X | Systems Restart | "Rundll32.exe zolk.dll | DllRegisterServer" |
| X | SystemSecurity | zprot32.exe | "Added by the AGENT-FK TROJAN!"
|
| X | SystemTasks | filez.exe | Adult content dialler
|
| X | SystemTasks | sexypicz.exe | Adult content dialler
|
| U | SystemWizard Sniffer | Sniffer.exe | "SystemWizard for Win98/ME from SystemSoft - diagnoses and solves hardware and software problems on a PC"
|
| X | SystemX | nzm.exe | "Added by a variant of the RBOT WORM!"
|
| X | SYSTEMZ Patch | SYSZ.exe | "Added by the ALADINZ.P TROJAN!"
|
| X | SysteZ | d1.exe | "Added by the MSNDIABLO.A WORM!"
|
| U | Systweak Memory Optimizer | memtuneup.exe | "Part of SysTweak Advanced System Optimizer"
|
| X | SyZ | f1.exe | "Added by the MSNDIABLO.A WORM!"
|
| X | Syzmy3 | exp1orer.exe | "Added by the LINEAG-AIO TROJAN! Note the number ""1"" in the filename"
|
| X | SyztMy | expiorer.exe | "Added by the LINEAG-AIN TROJAN!"
|
| U | SZMsgSvc.exe | SZMsgSvc.exe | "StopZilla! - pop-up killer"
|
| U | TabletWizard | SPLSHWRP.EXE | Microsoft Tablet PC Component
|
| U | Tarantula | razerhid.exe | "Razer Tarantula gaming keyboard driver - required if you use the additional features and programmed keys/macros"
|
| X | TemizSurucu | GDC.exe | "TemizSurucu Turkish rogue privacy tool - not recommended. A member of the PCPrivacyTool family"
|
| X | Terminate Popup | ZPU.exe | "Free Popup Killer - foistware proven to install the Regsvc32 homepage hijacker. Also see here"
|
| X | test | zistro.exe | "Added by the KIMAT-C TROJAN!"
|
| X | Think-Adz | [random filename] | "Zeno Think-Adz adware"
|
| U | ThinkPad EasyEject Utility | EzEjMnAp.Exe | "EasyEject Utility for IBM/Lenovo Thinkpad notebooks. Quote: ""The IBM ThinkPad EasyEject Utility makes removing multiple devices from your computer faster and easier by enabling you to stop more than one device at once |
| N | ThinkPad EasyEject Utility | EZEJTRAY.EXE | "System Tray access to the EasyEject Utility for IBM/Lenovo Thinkpad notebooks. Quote: ""The IBM ThinkPad EasyEject Utility makes removing multiple devices from your computer faster and easier by enabling you to stop more than one device at once |
| X | Time Zone Synchronization | wscript zshell.js | "Added by the NETDEX-A TROJAN!"
|
| X | TimeSyncApp | TimeSynchronize.exe | "DealHelper adware"
|
| U | Timezone | TimeZone.exe | "Microsoft Daylight Saving Time Update Utility - see here"
|
| N | TizzleTalk | TizzleTalk.exe | "TizzeTalk is a dialect translator for Yahoo |
| X | tlz | 47681727.exe | Added by an unidentified TROJAN!
|
| U | TMERzCtl.EXE | TMERzCtl.EXE | Toshiba TME (Toshiba Mobile Extension) Control
|
| U | TnPopUp | billbrz.exe | "Related to Technesis ""award-winning solutions for tracking and managing print |
| X | topat | zlip.exe | "Added by the FLOOD-IG TROJAN!"
|
| U | TouchFreeze | TouchFreeze.exe | "TouchFreeze is simple utility for Windows that automatically disables the touchpad on notebooks while you are typing text - so that you can avoid accidentally changing the position of the cursor in your document or clicking on an option"
|
| N | TraySantaCruz | tbctray.exe | Provides quick access via a System Tray icon to the control panel for Turtle Beach's Santa Cruz or VideoLogic's SonicFury soundcards. Available via Start -> Settings -> Control Panel
|
| U | TrueAssistant | TrueWizard.exe | """TrueSwitch makes changing your Internet Service Provider easy. We copy all your personal data to the new account |
| U | TuneUp MemOptimizer | memoptimizer.exe | "Part of ""TuneUp Utilities"" |
| X | TZ Spyware Remover | SpyRem.exe | "TZ Spyware Remover spyware remover - not recommended |
| X | udzok | udzou.exe | "Added by the SDBOT-CUS WORM!"
|
| N | UltimateZip Quick Start | uzqkst.exe | "UltimateZip - file compression utility"
|
| X | Update | Zupdate.exe | "Associated with B3d Projector foistware - see here"
|
| X | Update | hanz.exe | "Added by a variant of the RBOT-GLJ WORM!"
|
| ? | Update for Works | MSWkstz.exe | "Maybe related to later versions of MS Works?"
|
| ? | Updatewiz | updatewiz.exe | "??"
|
| X | USB Driverz2 | msnplus1.exe | "Added by the SDBOT-XQ WORM!"
|
| X | User Sharing Wizard | usnshare.exe | "Added by the SLENFBOT.DF WORM!"
|
| X | uz | uz.exe | "Added by the AGENT-GGH WORM!"
|
| X | VasddwDg | zxXZwd.exe | "Added by the SDBOT-SN WORM!"
|
| X | vccacA | sdaxzl.exe | "Added by the SDBOT-RP WORM!"
|
| N | Verizon Control Pad | cpad.exe | "Control Pad - installed with Verizon DSL accounts. Tool designed to streamline the online experience"
|
| ? | Verizon Custom Uninstall Tracking | InstallHelper.exe | "Verizon related installation tracker. What does it do and is it required?"
|
| U | Verizon Online Support Center | matcli.exe | ""matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address |
| U | VerizonServicepoint.exe | VerizonServicepoint.exe | "Part of Verizon Online Support Manager"
|
| N | VoipZoom | VoipZoom.exe | "VoipZoom - internet telephony utility using the VoIP (Voice over Internet Protocol). Call online friends for free and regular phones either for free (limited use) or low rates. One of a number provided by Betamax - the others generally have different rate plans. Similar to the more popular Skype"
|
| X | vptray analyzing | vptray.exe | "Added by the RIZO.A TROJAN!"
|
| X | vptraya analyzing | vptraya.exe | "Added by the RIZO.A TROJAN!"
|
| X | VxD Driver Initialization | ntsvxd.exe | "Added by the SDBOT-LW WORM!"
|
| U | VZAccess Manager | VZAccess Manager.exe | Verizon Access manager for enterprises
|
| U | VZRemoteCommander | AvRmtCtr.exe | Related to Sony's VAIO Zone Remote Commander
|
| X | w7zip | w7zip.exe | "Added by the BANCBAN-QB TROJAN!"
|
| N | warez | warez.exe | "Warez P2P client"
|
| X | Web Offer | ezPopStub.exe | "eZula TopText adware"
|
| X | Web Offer | ezStub.exe | "eZula TopText adware"
|
| X | Web Offer | EZSTUB22.EXE | "eZula TopText adware"
|
| X | Web Offer | vl_ezstub.exe | "eZula TopText adware"
|
| X | webalize | webalize.exe | "Searchcentrix hijacker"
|
| U | WG111v2 Smart Wizard Wireless Setting | RtlWake.exe | "Configuration utility for the Netgear WG111 54 Mbps Wireless USB 2.0 Adapter that ""provides wireless access to your desktop or notebook PC through the computer's USB port"""
|
| X | What Frenz | FriendEQUALsuX.exe | "Added by the BHARAT.A WORM!"
|
| N | WIAWizardMenu | "RUNDLL32.EXE sti_ci.dll | WiaCreateWizardMenu" |
| X | Win32 | zaq.exe | "Added by the RBOT-GCE WORM!"
|
| X | Win32 Service | bazzi.exe | "Added by the AHKER.E WORM!"
|
| X | Win32.Exploit.mzH | mzrun.exe | "Added by the PAINTER TROJAN!"
|
| X | Wind Optimizer | WindOptimizer.exe | "Wind Optimizer rogue system optimization tool - not recommended |
| X | Windows | Zser.exe | "Added by the CULLER-D WORM!"
|
| X | Windows auto update | bazzi.exe | "Added by the AHKER.E WORM!"
|
| X | Windows Automatical Updater | dcz.exe | "Added by the RBOT.CXS WORM!"
|
| X | Windows Config | ZANBOR.EXE | "Added by the SPYBOT-MH WORM!"
|
| X | Windows DLL Loader | defragfat32z.exe | "Added by the LINKBOT.A WORM!"
|
| X | Windows DLL Loader | defragfatz.exe | "Added by the LINKBOT.H WORM!"
|
| X | Windows File Migration Wizard | HIMENSYST.EXE | "Added by the RBOT-EMO WORM!"
|
| X | Windows haz Layer | [5 random letters].exe | "Added by a variant of the RBOT WORM!"
|
| X | Windows Login Folder | winzep.exe | "Added by the AGOBOT-TZ WORM!"
|
| X | Windows LoL Layer | azypbrx.exe | "Added by the RBOT-GMZ WORM!"
|
| X | Windows modez Verifier | w1nz0zz0.exe | "Added by a variant of the SDBOT WORM!"
|
| X | Windows modez Verifier | Window2.exe | "Added by a variant of the RBOT WORM!"
|
| X | Windows modez Verifier | WindowsLogon.exe | "Added by a variant of the SDBOT WORM!"
|
| X | Windows modez Verifier | Wwuamguard.exe | "Added by the RBOT.EZJ WORM!"
|
| X | Windows modez Verifier | winlogom.exe | "Added by a variant of the RBOT WORM!"
|
| X | Windows modez Verifier | Windows-.exe | "Added by the RBOT-DIO WORM!"
|
| X | Windows modez Verifier | taskmngr.exe | "Added by a variant of the RBOT WORM!"
|
| X | Windows modez Verifier | winl0g0z.exe | "Added by the RBOT-FNB WORM!"
|
| X | Windows modez Verifier | wuamguard.exe | "Added by the RBOT.EZJ BACKDOOR!"
|
| X | Windows Recylinder Check | zwdomsgemw.exe | "Added by the RBOT-EGJ WORM!"
|
| X | Windows Service | private-zone.exe | Added by an unidentified WORM or TROJAN!
|
| X | Windows Service | windowz.exe | "Added by the SDBOT-AYI WORM! Note - dissables the automatic startup of other software and deactivates the Microsoft Internet Connection Firewall (ICF)"
|
| X | Windows Service Agccnt | rmizjgz.exe | "Added by the SDBOT-SIM WORM!"
|
| X | Windows Service Agent | czf.exe | "Added by the RBOT-GAJ WORM!"
|
| X | Windows Service Agent | izszbayz.exe | "Added by the KOLAB.TC WORM!"
|
| X | Windows Service Pack Auto Update | figgaz.exe | "Detected by Kaspersky as the AGENT.BT TROJAN!"
|
| X | Windows Services | servicez.exe | "Added by a variant of the IRCBOT BACKDOOR! See here"
|
| X | Windows Services Layer | winlogz2.exe | "Added by the RBOT-FZE WORM!"
|
| X | WINDOWS SYSTEM | botzor.exe | "Added by the ZOTOB WORM!"
|
| X | WINDOWS SYSTEM By FEnR | windasz-updote.exe | "Added by the MYTOB.LR WORM!"
|
| X | Windows Sz Host | winshvc.exe | "Added by a variant of the SDBOT WORM!"
|
| X | Windows Update | scrigz.exe | "Added by a variant of the IRCBOT BACKDOOR!"
|
| X | Windows Update Manager | bootwiz.exe | Added by the MYBOT WORM!
|
| X | Windows Zero Spooler | nmvcs.exe | "Added by the SLENFBOT.JQ WORM!"
|
| X | Windows-XP-Service-Pack | xpspz.exe | "Added by the SDBOT-AAC WORM!"
|
| X | WindowsFZ | [path to file] | "Added by the DESKTOPHIJACK VIRUS! Also see DESKTOPHIJACK.B TROJAN!"
|
| X | WindowsFZ | A5281300.so | "Variant of the SmitFraud alias FAKEALE-C TROJAN!"
|
| X | WindowsFZ | zloader3.exe | "Variant of the SmitFraud alias FAKEALE-C TROJAN!"
|
| X | WindowsUpdate | Nzil.exe | "Added by the CULLER-C WORM!"
|
| X | Windowz | [original worm filename].vbs | "Added by the NUKIP WORM!"
|
| X | Windowz Update V2.0 | Explorer.exe | "Added by the YODO WORM! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%"
|
| X | Windowz Update V2.0 | updater.exe | "Added by the YODO-C WORM!"
|
| X | Winds Sersc Agts | rzrzncrtz.exe | "Added by the RBOT-GTV WORM!"
|
| U | WinFast Schedule | Wfwiz.exe | Leadtek WinFast TV tuner scheduler and remote control driver - required if you use the latter
|
| X | WinFix service | rsswjzgp.exe | "Added by the RBOT-FAE WORM!"
|
| X | WinGate initialize | WinGate.exe | "Added by the LOVGATE.F WORM!"
|
| X | winlgz2 | winlgz2.exe | "Added by the KILLFIL-Q TROJAN!"
|
| X | WINRUN z | W1NT45K.exe | "Added by the MYTOB.BL WORM!"
|
| X | Wins32 Online | cfgpwnz.exe | "Added by the BROPIA.R WORM!"
|
| X | Winsock2 driver | kgzgjkpcw.exe | "Added by the SDBOT.T TROJAN!"
|
| X | Winsock2 driver | ZONEALARM.EXE | "Added by the SDBOT.T TROJAN! Note - ZONEALARM.EXE is not the valid Zone Labs firewall program"
|
| X | Winsock32driver | ZoneAlarmPr0.exe | "Added by the HACKARMY-B TROJAN!"
|
| X | Winsock32driver | ZoneLockup.exe | "Added by the HACARMY.D TROJAN!"
|
| X | Winsocks2 driver | mznmgr.exe | "Added by a variant of the SDBOT WORM!"
|
| X | WinSrv | SHIZZLE.EXE | "Added by the HOBBIT.C WORM!"
|
| X | WinStabilizer | WinStabilizer.exe | "Added by the AGOBOT-SW WORM!"
|
| X | winui | z.exe | "Added by the KONDELI TROJAN!"
|
| U | WinUtilities Memory Optimizer | ToolMemoryOptimizer.exe | """WinUtilities Memory Optimizer optimizes the memory management of your system and boost-up its performance amazingly!"" MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mind"
|
| X | Winz Firewall | [random filename].exe | "Added by a variant of the SDBOT WORM!"
|
| X | WinZap Check | winzbp.exe | "Added by the RBOT-AWZ WORM!"
|
| X | winzip | [path to trojan] | "Added by the BANCOS.G or BANCOS.K TROJANS! Note - this is not part of the popular WinZip file compression utility"
|
| X | Winzip | [various filenames] | "Added by the LERPA-A WORM! Note - the file name will be one of the following common.exe |
| X | winzip | winzip.exe | "Added by the RBOT.BDA WORM! Note - this is not part of the popular WinZip file compression utility"
|
| X | winzip | ir_ftp.exe | "Added by the BANCBAN-S TROJAN!"
|
| X | Winzip Application | winzip81.exe | "Added by the RBOT-BKZ WORM!"
|
| X | Winzip Compression Utility | Winzip32.exe | "Added by the SDBOT-UI BACKDOOR!"
|
| N | WinZip Quick Pick | WZQKPICK.EXE | "Added with WinZip version 8.1. "The new WinZip Quick Pick taskbar tray icon gives you instant access to WinZip and your Zip files. Just left click the icon to open WinZip |
| X | WinZip Update | WinZip.exe | "Added by a variant of the RBOT WORM! Note - this is not part of the popular WinZip file compression utility"
|
| X | winzip32 | winzip32.exe | "Added by the BANCBAN-OE TROJAN! Note - this is not part of the popular WinZip file compression utility"
|
| X | WinZix Service | wakeservice.exe | "WinZix adware"
|
| X | winzSystam | xly.exe | "Added by a variant of the SDBOT WORM!"
|
| X | win_drivr32 | zxhstn.exe | "Added by the SMALL.CXO TROJAN!"
|
| X | WIZZ | dazzler.exe | "Detected by Kaspersky as the DIALER.IS TROJAN!"
|
| ? | WOOKIT | Shell.exe appLaunchClientZone.shl | "Related to the Wanadoo broadband ISP (now rebranded as Orange). What does it do and is it required?"
|
| X | WOOZ | autodisc.exe | "Added by the AGENT-CPS TROJAN!"
|
| X | Working System Analyzer | syswork.exe | "Added by the FORBOT-FZ WORM!"
|
| X | wtzlank.dll | "rundll32.exe wtzlank.dll | qttwuwc" |
| X | wupdate | wisvccz.exe | "Added by the ORSE-B TROJAN!"
|
| X | www.symantec.com | oz11111.exe | "Added by the MYDOOM.W WORM"
|
| U | WZCBDLService | WZCBDL9X.exe | WZCBDLService Launcher from D-Link - configuration/drivers
|
| X | wzdmg | wzdmg.exe | "Added by a generic downloader TROJAN - see here"
|
| X | wzhelper | wzhelper.exe | "Searchcentrix hijacker"
|
| X | wzservice | hess.exe | Added by the HACKARMY.W TROJAN!
|
| X | wzxzxds | fdfddad.exe | "Added by the RANKY.AB TROJAN!"
|
| N | X-Grabber | sswizard.exe | "ScreenShot Wizard"
|
| X | xcanxbwv | axcvqvzk.exe | "Added by the RANDEX.AR WORM!"
|
| ? | XeroxScanUtility | xrxzipui.exe | "Associated with a Xerox multifunction and/or scanner. What does it do and is it required?"
|
| ? | xkstartup | "RunDll32 InstZ82.dll | SetUsbPrinterPort" |
| X | xzkadsfk10 | afslkfasl10.exe | "Added by the ONLINEG-R TROJAN!"
|
| U | Y'z Shadow | YzShadow.exe | "Y'z Shadow 'adds a shadow effect to the windows in pursuit of the ""beauty of a shadow"". It also allows the user the option of making menus transparent'"
|
| U | Y'z Toolbar | YzToolBar.exe | "Y'z Toolbar ""allows the user to change the toolbar icons in Explorer and Internet Explorer. The user can also create and add their own themes"""
|
| X | ywzizdon | ywzizdon.exe | Free_Scratch_Cards foistware
|
| X | yz.exe | yz.exe | "Added by the VARDO TROJAN!"
|
| X | YZH | YZH.exe | "Added by the LEGMIR-BM VIRUS!"
|
| X | YZH.SYS | YZH.exe | "Added by the PHILIS.C VIRUS!"
|
| X | Z | zmon.exe | "Added by the DELBOT-AO WORM!"
|
| U | z-WrDialer | WrDialer.exe | WinPoet DSL dialer
|
| X | ZaCker | [filename].PIF | "Added by the HOLAR.A WORM!"
|
| X | Zacker | Zacker.exe | "Added by the GEMEL WORM!"
|
| X | ZagrebLand | [trojan filename] | "Added by the RENOS-EH TROJAN!"
|
| X | zango | zango.exe | "180solutions adware"
|
| X | Zango SiteFinder | ZangoSiteFinder.exe | "ZangoSearch adware variant"
|
| X | Zango TvTimes | ZANGOT~1.EXE | "ZangoSearch adware"
|
| X | ZangoOE | OEAddOn.exe | "Zango Search Assistant adware"
|
| X | ZangoSA | ZangoSA.exe | "Zango Search Assistant adware"
|
| X | zanu | zanu.exe | "ZangoSearch adware"
|
| Y | Zapro | Zapro.exe | "Firewall program from Zonelabs - paid for version"
|
| U | Zboard | Zboard.exe | "Ideazon Zboard gaming software"
|
| U | ZboardTray | ZboardTray.exe | "Ideazon Zboard gaming keyboard driver - allows you to customise keyboard functions"
|
| U | zBrowser Launcher | iTouch.exe | "Loads the iTouch configuration settings for supported Logitech keyboards. It's required if your keyboard has shortcut buttons and you use them or have reconfigured them for different functions. It's also required if your keyboard does not have the num lock |
| U | zBrowser Launcher | Commandr.exe | "For a Logitech internet keyboard - loads the software for the shortcut keys on the keyboard. Also used to display your keyboard LEDs on-screen to indicate Caps Lock |
| ? | zcb | zcb.exe | "??"
|
| U | Zcfgsvc | ZCfgSvc.exe | "Zero Config MFC Application |
| U | ZCfgSvc.exe | ZCfgSvc.exe | "Zero Config MFC Application |
| X | zcproo | qssstiej.exe | "Possible homepage hijacker installing a toolbar: http://tdko.com/ |
| X | zcseacrt | [random filename] | "Added by a variant of the SLAPER TROJAN!"
|
| ? | ZDConfig | ZDConfig.exe | "Related to various brands of Wireless USB LAN Adapter - what does it do and is it required?"
|
| N | zdnet | kontiki.exe | "Kontiki Delivery Manager - Windows-based client software that enables secure delivery of content to users' desktops"
|
| N | Zebus | msdc32.exe | Runs a HTML tutorial on the Zebus web-site
|
| X | Zekio Startups | znksvc32.exe | "Added by the AGOBOT-AGI WORM!"
|
| X | Zekio Startups | condll.exe | "Added by the AGOBOT-AGD WORM!"
|
| X | Zen.A | [path to trojan] | "Added by the ZOOMEN-A TROJAN!"
|
| X | Zenet | "rundll32 CNBabe.dll | DllStartup" |
| X | Zeno | [random filename] | "ZenoSearch adware"
|
| X | Zeno | nwinrqez.exe | "Added by the QEXREZ family of TROJANS!"
|
| Y | ZENRC | zenrc32.exe | "The main component of Novell's ZenWorks - "Complete End-to-End Directory-enabled Network Management". Leave well alone"
|
| Y | ZENRC Tray Icon | zentray.exe | "Part of Novell's ZenWorks - "Complete End-to-End Directory-enabled Network Management". Best left alone"
|
| Y | ZENworks Imaging Service | ZISWin.exe | "Imaging Agent. Part of Novell's ZenWorks - "Complete End-to-End Directory-enabled Network Management""
|
| U | Zero PoPup Killer XP | zpk_xp.exe | "Intelligent anti-pop-up software product by Ax-Soft"
|
| U | ZeroAds | 0 | "ZeroAds - culls ads |
| U | ZeroAds | LAS0Ads.exe | "ZeroAds - culls ads |
| U | ZeroAds | Zeroads.exe | "ZeroAds - a popular Internet accelerator and anti-adware application"
|
| U | ZeroSpyware | ZeroSpyware.exe | FBM Software ZeroSpyware 2004 spyware detector and remover
|
| X | zervpack2 | update2.exe | "Added by the SDBOT.WD WORM!"
|
| X | zggjmyd | zggjmyd.exe | "Added by the AFCORE.O BACKDOOR!"
|
| ? | ZGNUBI | ZGNUBI.exe | "??"
|
| X | Zi5 | AntiVirus Update.exe | "Added by the ERKEZ.G WORM!"
|
| U | ZIBMACC | rundll.exe ZIBMACC.INF | ZIBMACC.INF is an IBM file that is only loaded and installed under a recovery operation. The file is a support file for IBM access to the system if needed. You may delete this file. This is as from IBM Technical Support (USA - 800-887-7435)
|
| X | Zinaps7 | Zinaps7.exe | "Zinaps Anti-Spyware 2008 rogue security software - not recommended |
| X | ZincgrubInc | Lsass.exe | "Added by the VOUMIT-A WORM! Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Root%\mirc32"
|
| U | ZingSpooler | ZingSpooler.exe | Was used for a drag and drop program to upload pictures to www.zing.com but Zing has gone out of business. Now used for Sony ImageStation's upload photos to online albums
|
| N | Zinio DLM | ZDLM.EXE | "Zinio - used to read magazines in digital rather than paper format"
|
| N | Zinio DLM | ZinioDeliveryManager.exe | "Related to Zinio used to read magazines in digital rather than paper format"
|
| X | Zip Driver Loader | ZipLoader32.exe | "Added by the OBLIVION TROJAN! This executable is one of the most common but there are more"
|
| X | Zip Driver Loader | msload32.exe | "Added by the OBLIVION TROJAN! This executable is one of the most common but there are more"
|
| U | ZipDisk Icons | IMGICON.EXE | "Displays Iomega icons in Explorer/My Computer |
| N | ZipGenius Clean | zg.exe | "ZipGenius file compression utility"
|
| X | ziphelp | ziphelp.exe | "CoolWebSearch parasite variant"
|
| N | ZipMagic | zm32.exe | "Zip utility by Ontrack. Preloading ZipMagic allows you to access files within a zip archive without unzipping them first"
|
| Y | zlclient | zlclient.exe | "Firewall program from Zonelabs. Pro version inlcudes other online security options"
|
| U | ZLH | ZLH.EXE | "System Tray icon for Norman Antivirus"
|
| U | ZMatrix | matrix.exe | "ZMatrix - ""an animated desktop background which displays streaming characters in a style similar to what was used in the movie 'The Matrix'"""
|
| X | ZNN | znnsvc.exe | "Added by the SDBOT-DAA WORM!"
|
| X | Zolero Translator | ZoleroTranslator.exe | "Zolero Translator - added by Clickspring |
| X | Zonavirus | 0 | "Added by the KITRO.D (or ARGEN.A) WORM!"
|
| X | Zone Alarm | vsmon.exe | "Added by the RBOT.BO WORM! If this was the ZoneAlarm firewall the name column would be TrueVector"
|
| X | zone alarm security | zlclint.exe | "Added by the NIRBOT WORM!"
|
| Y | Zone Labs Client | zlclient.exe | "Firewall program from Zonelabs. Pro version inlcudes other online security options"
|
| X | Zone Labs Client Ex | svchost.exe | "Added by the NETSKY.F WORM! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
|
| X | Zone system | szchost.exe | "Added by the MULTIDR-AC TROJAN!"
|
| Y | ZoneAlarm | zonealarm.exe | "Firewall program from Zonelabs - free version"
|
| X | zonealarm | [random filename] | "Added by an unidentified VIRUS |
| X | Zonealarm | Removeme.exe | "Added by the FORBOT-BG WORM!"
|
| X | Zonealarm | iexplore.exe | "Added by the FORBOT-CP WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System%"
|
| Y | ZoneAlarm Plus | zaplus.exe | "Firewall program from Zonelabs - paid for version"
|
| Y | ZoneAlarm Pro | Zapro.exe | "Firewall program from Zonelabs - paid for version"
|
| X | Zonesoft Cleaner | rnsys.exe | "Added by a variant of the SDBOT WORM!"
|
| U | ZoneUpdate | csrss.exe | "WinSpy surveillance software. Uninstall this software unless you put it there yourself. Note - this is not the same file as the csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ""ComRoot"" subfolder"
|
| U | Zoom | zoom.exe | "Zoom - speeds up Windows startup and manages startup applications"
|
| U | Zooming | ZoomingHook.exe | Toshiba Zooming Utility - found on Toshiba laptops and Tablet PCs. It allows users to zoom in (or magnify) text
|
| U | ZoomingHook | ZoomingHook.exe | Toshiba Zooming Utility - found on Toshiba laptops and Tablet PCs. It allows users to zoom in (or magnify) text
|
| Y | ZPLED | ZPKBDLED.exe | Driver for the Advent ADE-AD2 Wireless Keyboard
|
| X | ZPoint | winmuse.exe | "Added by the DLOADR-VJ TROJAN!"
|
| Y | ZPOINT32 | ZPOINT32.exe | USB graphics/writing tablet driver
|
| X | zSearch | Zstb.exe | "TotalVelocity zSearch parasite"
|
| X | zSecurity Service | szsvc.exe | "Added by the SDBOT-DAB WORM!"
|
| X | zsms | smss.exe | "Added by the BANCOS-CK TROJAN! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
|
| X | zsmscc | rundll32.exe zsmscc071001.dll mymain | "Added by the GENETIK.KQ TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The ""zsmscc071001.dll"" file is found in %System%"
|
| X | zsmscc | rundll32.exe mycc071208.dll mymain | "Added by the AGENT.FZK TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The ""mycc071208.dll"" file is found in %System%"
|
| X | zsmsgs | iservice.exe | "Added by the BANCOS-BU TROJAN!"
|
| X | zsmss | smss.exe | "Added by the BANCOS-DD TROJAN! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
|
| U | zSPGuard | Spguard.exe | ""StartPage Guard (SPG) protects your PC from cyberscam |
| U | ZSScheduler | zsscheduler.dll | "ZeroSpyware from FBM Software"
|
| N | ZSSnp211 | ZSSnp211.exe | "Vmicro webcam USB utility - allows the webcam to initiate data transfer to a program. Create a shortcut and start it manually when needed"
|
| X | ZStart | [various filenames] | "VX2.Transponder parasite updater/installer related"
|
| X | Zstart | cxdxregt.exe | "ZenoSearch adware"
|
| X | zt | rundll32.exe | "Added by the LINEAG-ABA TROJAN! Note - this is not the legitimate rundll32.exe process |
| X | ZtgServerSwitch | server.vbs | ZTGServerswitch is part of Sony's Vaio support agent - designed by Support.com. Not required if the user does not wish to use the Vaio support agent and regarded as spyware
|
| N | Zune Launcher | ZuneLauncher.exe | "Automatically launches the Zune software for Microsoft's Zune media players when they're connected to your PC. The software can be used to manage media |
| N | ZuneLauncher | ZuneLauncher.exe | "Automatically launches the Zune software for Microsoft's Zune media players when they're connected to your PC. The software can be used to manage media |
| N | ZuneŽ | ZuneLauncher.exe | "Automatically launches the Zune software for Microsoft's Zune media players when they're connected to your PC. The software can be used to manage media |
| X | zupacha.exe | zupacha.exe | "Added by the DROPPER-QL TROJAN!"
|
| X | Zupdate | Zupdate.exe | "Associated with B3d Projector foistware - see here"
|
| X | zvb0dl2X8tt | NVUKZ.exe | "Added by the AGENT-LMN TROJAN!"
|
| X | zzb | zzb.exe | "IAGold adware"
|
| X | zzb2 | zzb2.exe | "IAGold adware"
|
| X | zzgshp | gshp.vbs | Homepage hi-jacker that re-defines your IE or Netscape start page
|
| U | zzsecagent | newlock.exe login shutdown | "Part of Access Manager |
| X | zztp | svchost.exe | "Added by the TANNICK.B TROJAN! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup!"
|
| ? | zzz-hpi-boot | hpi-boot.exe | "Associated with HP Photosmart printers"
|
| ? | zzzCamlnSuitelll | setup.exe 46*** | "??"
|
| ? | zzzhpsetup | setup.exe | "??"
|
| N | Z_acamucli wizard | csecwiz.exe | "Setup wizard for the Client Security Software for IBM\Lenovo notebooks. This entry only runs once |
| X | Z_Start | [random filename] | "ZenoSearch adware"
|
| X | [various names] | mozilla-text.exe | "Wareout - malware masquerading as a spyware and dialer remover"
|
| X | [various names] | NopeZ.exe | "Wareout - malware masquerading as a spyware and dialer remover"
|
| X | [various names] | pizda.exe | "Wareout - malware masquerading as a spyware and dialer remover"
|
| X | [various names] | Trayz.exe | "Wareout - malware masquerading as a spyware and dialer remover"
|
| X | [various names] | xwiz.exe | "Wareout - malware masquerading as a spyware and dialer remover"
|
| X | [various names] | zantu.exe | "Wareout - malware masquerading as a spyware and dialer remover"
|
| X | [various names] | zxc.exe | "Wareout - malware masquerading as a spyware and dialer remover"
|
| X | [various names] | ABCXYZ.exe | "Wareout - malware masquerading as a spyware and dialer remover"
|
| X | ^`d}qZxu | ~`d}qzxu3zYF | "Added by the GAOBOT.GEN!POLY WORM!"
|
| X | _ | mzqdd.exe | "Added by the AGENT.BZB TROJAN!"
|
| X | _Hazafibb | [path to file] | "Added by the ZAFI.B WORM!"
|
| X | _mzu_stonedrv2 | _mzu_stonedrv2.exe | "Added by a variant of the DWNLDR-FTB TROJAN!"
|
| X | _mzu_stonedrv3 | _mzu_stonedrv3.exe | "Added by the DWNLDR-FTB TROJAN!"
|
| X | _mzu_stonedrv7 | _mzu_stonedrv7.exe | "Added by a variant of the DWNLDR-FTB TROJAN!"
|
| X | _mzu_stonedrv8 | _mzu_stonedrv8.exe | "Added by the DOWNLOADER-MZU TROJAN!"
|
| X | {05CD0D77-4947-4a56-94FA-0DF0DC644D7B} | sysqyzwud.exe | "Added by the FAKEALERT-AM TROJAN!"
|
| X | {157627A6-2A10-4aa1-B97F-90B8DC6F24AC} | sysqkmwfedz.exe | "Added by the FAKEALERT-AH TROJAN!"
|
| X | {1C-CC-C5-54-ZN} | dwdsregt.exe | "ZenoSearch adware"
|
| X | {2F-FF-F4-4C-ZN} | omdsregk.exe | "ZenoSearch adware"
|
| X | {52-28-8E-E8-ZN} | thinksnet.exe | "Zeno Think-Adz adware"
|
| X | {78B578D7-BCE1-4d83-9CD4-195BC34D8CB3} | syspyukrazv.exe | "Added by the FAKEALERT-AH TROJAN!"
|
| X | {78B578D7-BCE1-4d83-9CD4-195BC34D8CB3} | syssfzvakqg.exe | "Added by the FAKEALERT-AM TROJAN!"
|
| X | {8C-C4-4A-A4-ZN} | dwdsregt.exe | "ZenoSearch adware"
|
| X | {9754B85A-3B34-4969-BE1F-CD03227E9470} | syszweuas.exe | "Added by the FAKEALERT-AM TROJAN!"
|
| X | {A4C928E8-0ABA-4fd3-83DF-23BE54ADF9A4} | sxnwhbvrzc.exe | "Added by the FAKEALERT-AM TROJAN!"
|
| X | {B7-7D-D0-08-ZN} | dwdsregt.exe | "Added by the AGENT-GBC TROJAN!"
|
| X | {DD651081-A909-45ad-BD71-2335B0ADE043} | sysutrnez.exe | "Added by the FAKEALERT-AH TROJAN!"
|
