| X | RegRun | mActiveX.exe | "Adware downloader - also detected as a variant of the LOWZONES.BW or AGENT.RD TROJANS!"
|
| X | Required Service Drivers | micront.exe | "Added by the RBOT-ABD WORM!"
|
| U | RightFAX Print-to-Fax Driver | FaxCtrl.exe | "Part of RightFAX from Captaris - ""the proven market leader in fax server and document delivery software"""
|
| U | RivaTuner | RivaTuner.exe | "RivaTuner is a tweaking utility for NVIDIA (and to a lesser extent AMD/ATI) chipset based graphics cards. This startup entry is for XP and can appear twice - with registry key names of ""RivaTuner"" and ""RivaTunerStartupDaemon"" respectively. The former minimizes it to the System Tray and is primarily required only if you want to use the ""Launcher"" or monitoring options. The latter applies overclocking changes to clocks and memory (for example) at startup and then exits. See the FAQ for more information"
|
| U | RivaTuner | RivaTunerWrapper.exe | "RivaTuner is a tweaking utility for NVIDIA (and to a lesser extent AMD/ATI) chipset based graphics cards. This startup entry is for Vista and can appear twice - with registry key names of ""RivaTuner"" and ""RivaTunerStartupDaemon"" respectively. Both load the main application (RivaTuner.exe). The former minimizes it to the System Tray and is primarily required only if you want to use the ""Launcher"" or monitoring options. The latter applies overclocking changes to clocks and memory (for example) at startup and then exits. See the FAQ for more information"
|
| U | RivaTuner Application | RivaTuner.exe | "RivaTuner is a tweaking utility for NVIDIA (and to a lesser extent AMD/ATI) chipset based graphics cards. This startup entry is for XP and can appear twice - with registry key names of ""RivaTuner"" and ""RivaTunerStartupDaemon"" respectively. The former minimizes it to the System Tray and is primarily required only if you want to use the ""Launcher"" or monitoring options. The latter applies overclocking changes to clocks and memory (for example) at startup and then exits. See the FAQ for more information"
|
| U | RivaTunerStartupDaemon | RivaTuner.exe | "Part of RivaTuner - a tweaking utility for NVIDIA (and to a lesser extent AMD/ATI) chipset based graphics cards. This entry is for XP and applies overclocking changes to clocks and memory (for example) at startup and then exits. See the FAQ for more information"
|
| U | RivaTunerStartupDaemon | RivaTunerWrapper.exe | "Part of RivaTuner - a tweaking utility for NVIDIA (and to a lesser extent AMD/ATI) chipset based graphics cards. This entry is for Vista and loads the main application (RivaTuner.exe) to apply overclocking changes to clocks and memory (for example) at startup and then exits. See the FAQ for more information"
|
| U | RivaTunerWrapper Application | RivaTunerWrapper.exe | "RivaTuner is a tweaking utility for NVIDIA (and to a lesser extent AMD/ATI) chipset based graphics cards. This startup entry is for Vista and can appear twice - with registry key names of ""RivaTuner"" and ""RivaTunerStartupDaemon"" respectively. Both load the main application (RivaTuner.exe). The former minimizes it to the System Tray and is primarily required only if you want to use the ""Launcher"" or monitoring options. The latter applies overclocking changes to clocks and memory (for example) at startup and then exits. See the FAQ for more information"
|
| X | Roam04 | ActiveX.exe | "Added by the ROAMER-A TROJAN!"
|
| X | RPC Drivers | rpcall.exe | "Added by the SDBOT.FLY WORM!"
|
| X | RSPC Driver | [random filename].exe | "Added by the RBOT-SN WORM!"
|
| X | RSPC Driver D | [random filename] | "Added by a variant of the RBOT WORM!"
|
| X | SafeHardDrive | SysRep.exe | "SafeHardDrive rogue system error and cleaning utility - not recommended |
| U | SDAutoLiveupdate | LiveUpdateSD.exe | "Spyware Detector - spyware remover. Initially not recommended due to false positives but the later versions have since improved - see here"
|
| X | secdrive.exe | secdrive.exe | "Added by a variant of the SPYBOT WORM! See here"
|
| X | Secure AntiVirus Pro | av.exe | "Secure AntiVirus Pro rogue security software - not recommended |
| X | Security Antivirus | SA[random characters].exe | "Security Antivirus rogue security software - not recommended |
| X | Security Antivirus Xp 1 | inetfor.exe | "Added by the SDBOT.BAV WORM!"
|
| U | Sensiva | Sensiva.exe | "Symbol Commander makes the use of your PC |
| X | Service Drivers | msnpg.exe | "Added by the RBOT.BMD WORM!"
|
| X | Service Drivers | PC.EXE | "Added by the SDBOT-WK WORM!"
|
| X | Service Drivers | Compt.exe | "Added by the RBOT-ZJ WORM!"
|
| X | Service Drivers | abl.exe | "Added by the SDBOT-YX WORM!"
|
| X | Service Drivers | MSNMEssenger.exe | "Added by a variant of the RBOT WORM!"
|
| X | Service Host Driver | svchost.exe | "Added by the HITON TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
|
| X | ServicesActive | cssrs.exe | "Added by the AGOBOT-GB BACKDOOR!"
|
| X | Shell | Explorer.exe sound_drive16.exe | "Added by the GP BACKDOOR! Note - do not delete the legitimate Windows Explorer (explorer.exe) which is located in %Windir% and can be used to launch other files. The ""sound_drive16.exe"" file is located in %System%"
|
| ? | ShowIcon_Justrams_USB Product Driver v2.12r012 | shwicon.exe | "Related to Just Rams USB product driver. Is it required?"
|
| X | SichererAntivirus | pgs.exe | "SichererAntivirus |
| X | Smart Antivirus-2009.exe | Smart Antivirus-2009.exe | "Smart Antivirus 2009 rogue security software - not recommended |
| X | Smss.exe driver | winupd32.exe | "Added by the SDBOT.MI BACKDOOR!"
|
| U | SoftK56 Modem Driver | carpserv.exe | "Associated with Zoltrix and Conexant modems - enables the internal modem speaker |
| X | SolelunaAntiVirus | pgs.exe | "SolelunaAntiVirus rogue security software - not recommended. A member of the AVSystemCare family"
|
| X | SoundMax Audio Drivers | SndMAX.exe | "Added by a variant of the SDBOT WORM!"
|
| X | startkey | antivir.exe | "Added by the BIFROSE-TO TROJAN!"
|
| U | StayAlive | StayAlive.Exe | "Part of RealSPEED - tweaking utility to speed-up your internet connection. Stay connected even after a period of inactivity on the net"
|
| U | StayAlive | sa.exe | "StayAlive from TFI Technology. "This top-notch tool intercepts crashes when they happen |
| X | Streams Drivers | [trojan filename] | "Added by the RESTARTER.E TROJAN!"
|
| X | svshostdriver | svshost.exe | "Added by the SDBOT-HN TROJAN!"
|
| X | svshostdriver | msnmessengerupdate.exe | "Added by the SDBOT-BI BACKDOOR!"
|
| X | Symantec Antivirus professional | dfrgfrat.exe | "Added by a variant of the FORBOT WORM!"
|
| X | Symantec Antivirus professional | autoformat.exe | "Added by a variant of the FORBOT WORM!"
|
| X | Symantec Antivirus professional | dyndns.exe | "Added by a variant of the FORBOT WORM!"
|
| X | Symantec Antivirus professional | f0dns.exe | "Added by the FORBOT-GT WORM!"
|
| X | Symantec Antivirus professional | flushdns.exe | "Added by a variant of the FORBOT WORM!"
|
| X | Symantec Antivirus professional | for.exe | "Added by a variant of the FORBOT WORM!"
|
| X | Symantec Antivirus professional | regedit.exe | "Added by a variant of the FORBOT WORM! Note - this is not the valid Windows registry editor which resides in %Windir% and will not normally figure in Msconfig/Startup! This version resides in %System%"
|
| X | Symantec Antivirus professional | Symantex.exe | "Added by a variant of the FORBOT WORM!"
|
| X | Symantec Antivirus professional | windows .exe | "Added by a variant of the FORBOT WORM!"
|
| X | Symantec Antivirus professional | Winhp32.exe | "Added by a variant of the FORBOT WORM!"
|
| X | Symantec Antivirus professional | winudp.exe | "Added by a variant of the WOOTBOT WORM! See here"
|
| X | Symantec Antivirus professional | xplrer.exe | "Added by a variant of the FORBOT WORM!"
|
| U | Symantec NetDriver Monitor | SNDMon.exe | "Part of Symantec's LiveUpate (eg |
| U | Symantec NetDriver Warning | SNDWarn.exe | Part of Symantec Live Update - displays the warning when you need to update the firewall database
|
| U | SymKeepAlive | CKA.exe | "Part of Norton SystemWorks 2003 - keeps a dial-up modem connection alive"
|
| U | Synaptics Pointing Device Driver | SynTPEnh.exe | "Synaptics TouchPad Enhancements - included with drivers for Synaptics based TouchPads |
| X | SysAntivirus 2009 | sysav.exe | "SysAntivirus 2009 rogue security software - not recommended |
| X | sysftray2 | bolivar19.exe | "Added by the KOOBFACE.I WORM!"
|
| X | SysLive | SysLive.exe | "Added by the EXPICHU WORM!"
|
| X | SysRes | WWE DIVAS.exe | "Added by the ELIPTER.D WORM!"
|
| X | System | antivirus.vbe | "Added by the AUTORUN-AYI WORM!"
|
| X | System 64 Driver for Games | sys64dvr.exe | "Added by the SDBOT TROJAN!"
|
| X | System driver | Messenger.exe | "Added by the WOOTBOT.GI WORM!"
|
| X | System Drivers | wingmt.exe | "Added by the SDBOT-MG WORM!"
|
| X | System Drivers | cpsq32.exe | "Added by the SDBOT.AXH WORM!"
|
| X | System Drivers | sysdrv32.exe | "Added by the AGOBOT-ZX WORM!"
|
| X | System File Drivers | nvsysvc32.exe | "Added by the AGOBOT.WJ WORM!"
|
| X | System Servlce | live.exe | "Added by the IRCBOT-GX WORM!"
|
| X | System32-Driver | csrs32.exe | "Added by the SDBOT-CP BACKDOOR!"
|
| X | SystemDrive | maxpaynow1.exe | "Added by the TIBS.BKU TROJAN!"
|
| X | SystemDriver | csrss.exe | "Added by the ASCETIC.B TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\addins\explorer"
|
| X | SystemDriverCheck | svchost.exe | "Added by the DELF-KR TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ""DriverLoad"" sub-directory of the Root folder (C:\) |
| X | SystemDriverLoad | svchost.exe | "Added by the DELF-KR TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ""DriverLoad"" sub-directory of the Root folder (C:\) |
| X | Systems Backups | windrives.exe | "Added by the AGOBOT-RB WORM!"
|
| X | Systems Service | drivex.exe | "Added by a variant of the RBOT WORM!"
|
| X | systems usb driver | Windows2.exe | "Added by a variant of the RBOT WORM!"
|
| X | Systray driver | systray.exe | "Added by the MUTEBOT TROJAN! Note - this is not the legitimate systray.exe process"
|
| X | Taskmon driver | winampa.exe | "Added by the LOONY-I TROJAN! Note - this is NOT associated with the popular Winamp media player. The valid file for the Winamp Agent resides in a ""Winamp"" subdirectory of %ProgramFiles% whereas this file is located in %System%"
|
| Y | tcactive | tca.exe | "Part of The Cleaner from MooSoft - stops virus trojans before they can do any damage"
|
| U | The Easy Bee's Hive | ATCEgSvr.exe | "The Easy Bee is a software that allows you to record Internet navigation sequences |
| Y | ThinkVantage Active Protection System | TpShocks.exe | "Part of the Active Protection System found on some IBM/Lenovo Thinkpad models - including the T |
| N | Tivoli | LCFEP.EXE | "Tivoli 'TME' System Tray icon - ""'lcfep' is the program that displays statistics about the Endpoint. Apparently stopping/removing this process has no impact on the Endpoint itself which will continue to function normally"""
|
| ? | TivoNotify | TiVoNotify.exe | "Part of Tivo Desktop. What does it do and is it required?"
|
| U | TivoServer | TiVoServer.exe | "Tivo Server - installed with the TiVo Home Media Option. It streams audio files to your television/home theater from your PC"
|
| U | TivoTransfer | TivoTransfer.exe | "Tivo Transfer Service. TiVo Desktop is an easy-to-use application that lets you publish and share digital music |
| X | TkNetDriver Monitor | lexbce.exe | "Added by the SDBOT-ADF WORM!"
|
| X | TmNetDriver Monitor | exbce.exe | "Added by the SDBOT-ABR WORM!"
|
| X | TRE AntiVirus | treav.exe | "TRE AntiVirus rogue security software - not recommended |
| Y | Trend Micro AntiVirus 2007 | tavui.exe | "Part of Trend Micro AntiVirus 2007"
|
| Y | TrendMicro Antivirus | Aveagent.exe | Virus scanner
|
| X | TrustedAntivirus | pgs.exe | "TrustedAntivirus rogue security software - not recommended. A member of the AVSystemCare family"
|
| X | tyack drive | tyack.pif | "Added by the RBOT-AMT WORM!"
|
| X | Unigray | Unigray Antivirus.exe | "Unigray Antivirus rogue security software - not recommended"
|
| X | Universal Plug & Play devices | WinUPPD.exe | Added by an unidentified WORM/TROJAN!
|
| X | Universal USB Service | svchost32.exe | "Added by the KELVIR.R WORM!"
|
| X | update driver | SNDVOL32.EXE | "Added by the SPYBOT-CU BACKDOOR!"
|
| X | USB 2.0 Driver | updateXPSPC.exe | "Added by the AGOBOT-RJ WORM!"
|
| X | USB 2.0 Driver | Winsys32.exe | "Added by the AGOBOT-QM WORM!"
|
| X | USB 2.0 Driver | updateXP.exe | "Added by the AGOBOT-QP WORM!"
|
| X | USB 2.0 Driver | winsystem.exe | "Added by the AGOBOT-QS WORM!"
|
| X | USB 2.0 Driver | UpdateXPSP.exe | "Added by the AGOBOT-QD WORM!"
|
| X | USB 2.1 Driver | winupdate1.exe | "Added by a variant of the RBOT WORM!"
|
| X | UsB driver | msjavx86.exe | "Added by the AGOBOT-PQ WORM!"
|
| X | USB Driver4 | UpdateXP*.exe [* = random digit] | "Added by a variant of the SDBOT WORM!"
|
| X | USB Drivers1 | msupdate.exe | "Added by a variant of the RBOT WORM!"
|
| X | USB Driverz2 | msnplus1.exe | "Added by the SDBOT-XQ WORM!"
|
| X | USBDrives | msfirewalI.exe | "Added by the RBOT-ABP WORM!"
|
| X | USD Driver | ccrss.exe | "Added by the SDBOT.BFH WORM!"
|
| U | VDrive2 | WebLifeDisk.exe | "EarthLink WebLife Disk - ""Consumers can quickly save files from their desktop into WebLife Disk |
| X | VgaDriver | RsrVga32.exe | "Added by the KEYLOG-AH TROJAN!"
|
| X | Video Card Driver (do not remove) | tsasi.exe | "Added by the SPYBOT-EF WORM!"
|
| X | Video Driver | svchost.exe | "Added by an unidentified WORM or TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup!"
|
| X | Video Driver | Msregdrv32.exe | "Added by the SPIGOT BACKDOOR!"
|
| X | Video Multimedia Driver | ndrives32.exe | "Added by the RBOT-DK WORM!"
|
| X | Video Process | Nivopsvc.exe | "Added by the AGOBOT-GT WORM!"
|
| X | VideoDriver | [filename] | "Added by the GSPOT20.A TROJAN!"
|
| X | VideoDriver | videodrv.exe | "Added by the MIMAIL.A WORM!"
|
| X | VideoDriver | gspotbot.exe | "Added by the SPIGOT.C TROJAN!"
|
| X | VideoDriverHook | vmdriver.exe | "Added by the BCKDR-PSS BACKDOOR!"
|
| X | VidiaDrivers | [path to trojan] | "Added by the RANKY.U TROJAN!"
|
| X | VIEW POINT DRIVERS | phqghum.exe | "Added by the RBOT.BRX WORM!"
|
| X | VIEW POINT DRIVERS FOR WIN32 | phqghu.exe | "Added by a variant of the RBOT WORM!"
|
| U | ViivMonitor | ViivMonitor.exe | "Related to Intel Media Share Software. ""Stream or download media files from your Intel® Core®2 Processor with Viiv® technology-based PC"""
|
| N | VirtualCloneDrive | VCDDaemon.exe | "Virtual Clone Drive |
| N | VirtualDrive | VDTask.exe | "VirtualDrive from Farstone - virtual CD/DVD drive emulator. Available via Start → Programs"
|
| X | VistaDrive | VistaDrive.exe | "VistaDrive malware"
|
| X | VividGalut | VividGalut.exe | Adult content related web downloader
|
| X | VMount drive | vmount.exe | "Added by the RIZO.A TROJAN!"
|
| U | VOBID | InstantDrive.exe | "Pinnacle Systems (ex VOB) InstantDrive - creates a virtual CD-ROM drive on the computer's hard drive. Part of InstantCD/DVD burning software"
|
| X | VxD Driver Initialization | ntsvxd.exe | "Added by the SDBOT-LW WORM!"
|
| N | WaveTop Receiver 1 | N/A | "WaveTop - ""Get push content from TV without an Internet connection"" - now possibly a defunct system in the US included as an optional part of WebTV in Win98"
|
| N | WaveTop Receiver 2 | N/A | "WaveTop - ""Get push content from TV without an Internet connection"" - now possibly a defunct system in the US included as an optional part of WebTV in Win98"
|
| U | WD Drive Manager | WDBtnMgrUI.exe | "System Tray access to the WD Drive Manager management software for selected external drives in the My Book and My Passport range. Hovering over the icon displays health status (temperature |
| X | WEB DRIVERS FOR WIN32 | phqgh.exe | "Added by a variant of the RBOT WORM!"
|
| N | WebDrive | webdrive.exe | "System Tray access to WebDrive from South River Technologies |
| N | WebDriveTray | webdrive.exe | "System Tray access to WebDrive from South River Technologies |
| U | websaverlive | websaverlive.exe | "WebSaver Live! is a companion program to Websaver that retrieves information from the Internet on a schedule and displays it on your screen when your computer is idle"
|
| U | WildTangent Web Driver updater | wcmdmgrl.exe | "Web Driver delivery system for WildTangent on-line games. Periodically checks for updates - can be disabled within the programs control panel. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case"
|
| X | Win Antivir 2008 | Win Antivir 2008.exe | "Win Antivir 2008 rogue security software - not recommended |
| X | Win Antivirus 2008 | Win Antivirus 2008.exe | "Win Antivirus 2008 rogue security software - not recommended |
| X | Win Drivers SSL | hpws.exe | "Added by the IRCBOT.67098 WORM!"
|
| X | Win Drivers SSL | TASKMAN4.exe | "Added by a variant of the RBOT WORM!"
|
| X | Win Drivers SSL32 | hpwsnnsbc.exe | "Added by the SPYBOT.MAR WORM!"
|
| X | Win USB 2.0 USB Driver | HPPrint.exe | "Added by the SPYBOT.DNB WORM!"
|
| X | Win32 Driver | svchosts.exe | "Added by the FORBOT-FD WORM!"
|
| X | Win32 Driver | sysmls.exe | "Added by the MYTOB.JH WORM!"
|
| X | Win32 Drivers | winlogons.exe | "Added by the FORBOT-FG WORM!"
|
| X | Win32 DRK Driver | wdrk32.exe | "Added by the WOOTBOT.CY WORM!"
|
| X | Win32 Firewall Driver | winfw.exe | "Added by a variant of the RBOT WORM!"
|
| X | Win32 Firewall Drivers | winfirewall.exe | "Added by the WOOTBOT.GX WORM!"
|
| X | Win32 FireWire Driver | CTHELPER32.EXE | "Added by the WOOTBOT TROJAN!"
|
| X | Win32 FRT Driver | msfr32.exe | "Added by the WOOTBOT.EJ WORM!"
|
| X | Win32 LSA Driver | lsa.exe | "Added by the FORBOT-FJ WORM!"
|
| X | Win32 NDIS Driver | xpndis.exe | "Added by a variant of the RBOT WORM!"
|
| X | Win32 NDIS Driver | Ndistcp.exe | "Added by the WOOTBOT.EU WORM!"
|
| X | Win32 Network Driver | crss.exe | "Added by a variant of the AGOBOT/GAOBOT WORM!"
|
| X | Win32 NVIDIA Driver | MSPMSPSU.EXE | "Added by a variant of the WOOTBOT.Y WORM!"
|
| X | Win32 SSL Driver | winssv.exe | "Added by the FORBOT-BH WORM!"
|
| X | Win32 Svchosts Driver | svchosts.exe | "Added by the FORBOT-FO WORM!"
|
| X | Win32 USB Driver | winxpinit.exe | "Added by the SDBOT.AA TROJAN!"
|
| X | Win32 USB Driver | mvsecn.exe | "Added by the FORBOT-BK WORM!"
|
| X | Win32 Usb Driver | svhosint32.exe | "Added by the FORBOT-BE or FORBOT-J WORMS!"
|
| X | Win32 Usb Driver | usb32.exe | "Added by the SDBOT-OV WORM!"
|
| X | Win32 Usb Driver | AvpG.exe | "Added by the FORBOT-BX WORM!"
|
| X | Win32 USB Driver | rundll.exe | "Added by the FORBOT-BN WORM! Note - this is NOT the Win9x/Me system file of the same name as described here"
|
| X | Win32 USB2 Driver | win32usb.exe | "Added by the SPYBOT.DHV WORM!"
|
| X | Win32 USB2 Driver | smsc.exe | "Added by the SDBOT.FO WORM!"
|
| X | Win32 USB2 Driver | svchosting.exe | "Added by the FORBOT-J or SDBOT.HU WORM!"
|
| X | Win32 USB2 Driver | sys32.exe | "Added by the WOOTBOT.X WORM!"
|
| X | Win32 USB2 Driver | sys32snd.exe | "Added by the FORBOT-AN WORM!"
|
| X | Win32 USB2 Driver | wind32.exe | "Added by the FORBOT-AH WORM!"
|
| X | Win32 USB2 Driver | winupdate.exe | "Added by the AGOBOT.YE WORM!"
|
| X | Win32 USB2 Driver | updatemgr.exe | "Added by a variant of the FORBOT WORM!"
|
| X | Win32 USB2 Driver | winsnd32.exe | "Added by a variant of the SDBOT WORM!"
|
| X | Win32 USB2 Driver | msn.exe | "Added by the FORBOT-EX WORM!"
|
| X | Win32 USB2 Driver | syscfg32.exe | "Added by the FORBOT-R WORM!"
|
| X | Win32 USB2 Driver | algg.exe | "Added by the TIBS.BF WORM!"
|
| X | Win32 USB2 Driver | usb2.exe | "Added by the FORBOT-Y WORM!"
|
| X | Win32 USB2 Driver | winusb32.exe | "Added by the FORBOT-M WORM!"
|
| X | Win32 USB2.0 Driver | 386.exe | "Added by the IRCBOT.D WORM!"
|
| X | Win32 USB2.0 Driver | rundll16.exe | "Added by the WOOTBOT.H WORM!"
|
| X | Win32 USB2.0 Driver | w32usb2.exe | "Added by the SPYBOT.DN WORM!"
|
| X | Win32 USB2.0 Driver | service.exe | "Added by the SDBOT-QF WORM!"
|
| X | Win32 USB3 Driver | win32tool.exe | "Added by a variant of the RBOT WORM!"
|
| X | Win32 Wmls Driver | winitr32.exe | "Added by the WOOTBOT.B WORM!"
|
| X | winactive | WINACTIVE.EXE | "WinActive variant of the LOP.com hijacker"
|
| X | WinActiveJ | WinActiveJ.exe | Added by the ROTARRAN VIRUS!
|
| X | WinAntivirus | AVSVC.EXE | "Part of the WinAntiVirus Pro 2005 rogue security software when installed in Win98/Me - not recommended |
| X | WinAntiVirus Pro 2007 | WinAv.exe | "WinAntiVirus Pro 2007 rogue security software - not recommended |
| X | WinAntiVirusPro2006 | WinAV.exe | "WinAntiVirus Pro 2006 rogue security software - not recommended |
| X | Wind River Systems | vxworks.exe | "Added by the ACKANTTA WORM! Note that this is not related to the VxWorks platform from Wind River"
|
| X | WinDLL (mysnlive.exe) | "rundll32.exe mysnlive.exe | start" |
| X | WinDLL (redyLive.exe) | "rundll32.exe redyLive.exe | start" |
| X | Window Msn Live Messanger | msnmsgsls.exe | "Added by the RBOT.BJD BACKDOOR!"
|
| X | Windows Activate System | syssv.exe | "Added by a variant of the SPYBOT WORM!"
|
| X | Windows Anti-Virus Built 32 | AntiVirus32.exe | "Added by the SDBOT-BG WORM!"
|
| X | Windows Domain Name Drivers | windns.exe | "Added by the FORBOT-EP WORM!"
|
| X | Windows DotFix live | msdotfix.exe | "Added by the IRCBOT.XGK BACKDOOR!"
|
| X | Windows Drive Compatibility | System32Driver32.exe | "Added by the SUPOVA.Z WORM!"
|
| X | Windows Driver | winxpdriver.exe | "Added by the WOOTBOT.EE WORM!"
|
| X | Windows Driver | windrive.exe | "Added by a variant of the IRCBOT BACKDOOR! See here"
|
| X | Windows Driver Adapter | svchost.exe | "Added by the ANTINNY-K WORM! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ""drivers"" subfolder"
|
| X | Windows Driver Foundation | MTVSCMXT.EXE | "Added by a variant of the RBOT WORM!"
|
| X | Windows Driver Services | msdrvs32.exe | "Added by the WOOTBOT.L WORM!"
|
| X | Windows Driver Sup | windvrhost.exe | "Added by a variant of the IRCBOT BACKDOOR! See here"
|
| X | Windows driver update | dmsvc32.exe | "Added by the SDBOT-GP BACKDOOR!"
|
| X | Windows driver update | Ipconfig32.exe | "Added by the SDBOT-JV WORM!"
|
| X | Windows Driver! | windriver.exe | "Added by a variant of the IRCBOT BACKDOOR! See here"
|
| X | Windows Drivers | ssms.exe | "Added by the RBOT-AT WORM!"
|
| X | Windows drivers update | windowsupdate.exe | "Added by the RBOT-ACE WORM!"
|
| X | Windows HP Drivers | hpdmws.exe | "Added by the SDBOT.AQU WORM!"
|
| X | Windows IPv6 Drivers | wipv6.exe | "Added by the SDBOT-VJ WORM!"
|
| X | Windows Live | msgnms.exe | "Added by the XPACK.AV TROJAN!"
|
| X | Windows Live | WindowsLive.exe | "Added by the REALBOT-A WORM!"
|
| X | Windows Live Care.exe | WindowsLiveCare.exe | "Added by unidentfied MALWARE - see here! Do not confuse with Microsoft's Windows Live OneCare security software which is found in %ProgramFiles%\Microsoft Windows OneCare Live. This one is found in %System% and runs from both the HKLM\Run & HKLM\RunServices registry keys"
|
| X | Windows Live Client | msnclient.exe | "Added by a variant of the IRCBOT TROJAN! See here"
|
| U | Windows Live Family Safety Filter | fsui.exe | "System Tray access to and notifications from Windows Live Family Safety - optionally installed as part of Windows Live Essentials. ""With Family Safety |
| X | Windows Live Manager | winlivemgr.exe | "Added by the SHEUR.EB TROJAN!"
|
| X | Windows Live Messages | msgnlive.exe | "Added by the AGENT.AYH WORM!"
|
| X | Windows Live Messenger | msnmsgr.exe | "Added by a variant of the RBOT WORM! Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %System%"
|
| X | Windows live Messenger | msn.com | "Added by the IRCBOT-AAV WORM!"
|
| X | Windows Live Messenger | msnlive.exe | "Added by the RBOT.BMV BACKDOOR!"
|
| X | windows Live Messenger | iexplore.exe | "Added by the BCKDR-QTS BACKDOOR! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
|
| N | Windows Live Messenger | msnmsgr.exe | "Windows Live Messenger (was MSN Messenger) utility - available via the Start menu. Disable by clicking on the ""Show menu"" icon and select Tools → Options → Sign In → deselect ""Automatically run Windows Live Messenger when I log on to Windows"". This is the Windows Defender/Vista MSConfig entry for version 14.*"
|
| X | Windows Live Messenger | [random].exe | "Added by the RBOT-GVL WORM!"
|
| X | Windows Live Messenger | msnd.exe | "Added by the BCKDR-QQQ BACKDOOR!"
|
| X | Windows Live Messenger 8.12 | ctfmon.exe | "Added by the LIPARK-A WORM! Note - this is not the legitimate ctfmon.exe process associated with alternate text inputs which is always located in %System%. This one is located in %UserProfile%"
|
| X | Windows Live Messenger Addon | wllivemsngr.exe | "Added by a variant of the SDBOT WORM! See here"
|
| X | Windows Live Messenger Servicer | msmgslive.exe | "Added by a variant of the IRCBOT TROJAN! See here"
|
| X | Windows Live Messenger Services | msgrlive.exe | "Added by a variant of the IRCBOT TROJAN! See here"
|
| X | Windows Live Messenger! | livemsngr.exe | "Added by the IRCBOT.AWE BACKDOOR!"
|
| X | Windows Live Messenger! | msgrlive.exe | "Added by a variant of the IRCBOT TROJAN! See here"
|
| X | Windows Live Msgs | wlivemsg.exe | "Added by a variant of the IRCBOT TROJAN! See here"
|
| X | Windows Live Msgs! | wlivemsgs.exe | "Added by a variant of the IRCBOT TROJAN! See here"
|
| Y | Windows Live OneCare | winssnotify.exe | "System Tray access to and notifications from Windows Live OneCare - now superseded by Microsoft Security Essentials. ""OneCare helps keep your PC safe and secure while making your life easier. From virus scanning and file backups |
| X | Windows Live Service | msnlive.exe | "Added by the SLENFBOT.DI WORM!"
|
| X | Windows Live Servicer | usrserv.exe | "Added by the SMALL.LU BACKDOOR!"
|
| X | Windows live Support | wlmsngr.exe | "Added by the RBOT-BKL WORM!"
|
| U | Windows Live Sync | WindowsLiveSync.exe | "Windows Live Sync from Microsoft (formerly known as Windows Live FolderShare) - ""a free-to-use internet-based file synchronization application by Microsoft that is designed to allow files and folders between two or more computers be in sync with each other on Windows (Vista and later) and Mac OS X based computers"""
|
| U | Windows Live™ OneCare™ Family Safety | fssui.exe | "System Tray access to and notifications from Windows Live OneCare Family Safety - part of the Live OneCare range and now superseded by Windows Live Family Safety which is part of Windows Live Essentials. Allows you to decide how your kids experience the Internet by limiting searches |
| X | Windows Loader Service | civsc.exe | "Added by a variant of the RBOT WORM!"
|
| X | Windows Media Driver | msnger.exe | "Added by a variant of the RBOT WORM!"
|
| X | Windows Memory Drivers | memretain.exe | "Added by a variant of the IRCBOT TROJAN!"
|
| X | Windows Messenger Fileshare | wivsvc.exe | "Added by the SILLYIM WORM!"
|
| X | Windows Messenger Live MSN | winlivemsnmessenger.exe | "Added by a variant of the IRCBOT BACKDOOR!"
|
| X | Windows Messenger Live Startup | windowslivemsn.exe | "Added by an unidentified WORM or TROJAN! See here"
|
| X | Windows Messenger Live Startup | windowsmsnlive.exe | "Added by the DELF.DAX TROJAN!"
|
| X | Windows Micro Drivers | wupdates32.exe | "Added by the RBOT-AEH WORM!"
|
| X | Windows ms Drivers | msnup32.exe | "Added by the SDBOT-AAL WORM!"
|
| X | Windows Msn Live Messanger | msnmsgsman.exe | "Added by a variant of the SDBOT WORM!"
|
| X | Windows MSN Live Messanger | wmsnlive.exe | "Added by the RBOT.BMV BACKDOOR!"
|
| X | Windows MSN Live Messanger | livemsngs.exe | "Added by a variant of the SPYBOT WORM! See here"
|
| X | Windows MSN Live Messenger | winlivemsn.exe | "Added by an unidentified WORM or TROJAN! See here"
|
| X | Windows MSN Live Messenger | winmessengerlive.exe | "Added by the IRCBOT.EAD BACKDOOR!"
|
| X | Windows MSX drivers | winmsx.exe | "Added by the RBOT-AYG TROJAN!"
|
| X | Windows Nivedia Driver | sysMGT.exe | "Added by a variant of the RBOT WORM!"
|
| X | Windows Portable Device Drivers | MSKSVRVS.EXE | "Added by a TROJAN - see here"
|
| X | Windows Printing Driver | WinPrint.exe | "Added by a variant of the RBOT WORM!"
|
| X | Windows Printing Driver | WinSpooler.exe | "Added by the ARCHIVARIUS series of WORMS!"
|
| X | Windows Printing Driver | ciadvs.exe | "Added by the BUZUS-M TROJAN!"
|
| X | Windows Printing Driver | ciadvss.exe | "Added by the ARCHIVARIUS series of WORMS!"
|
| X | Windows Printing Driver | gpedits.exe | "Added by the DCKEYG.A WORM!"
|
| X | Windows Server Drivers | syssrv.exe | "Added by a variant of the IRCBOT TROJAN! See here"
|
| X | Windows Server IP Verification Service | wsivs.exe | "Added by an unidentified WORM or TROJAN! See here"
|
| X | Windows Service | private-zone.exe | Added by an unidentified WORM or TROJAN!
|
| X | Windows Service Update | livecal.exe | "Added by the SDBOT-DEY WORM!"
|
| X | Windows Services | NetworkDriver32.exe | "Added by the RBOT-ACR WORM!"
|
| X | Windows Services | NetworkDrivers.exe | "Added by the SDBOT-YO WORM!"
|
| X | Windows Sound Driver | SndMon32.exe | "Added by a variant of the SPYBOT WORM!"
|
| X | Windows sq Drivers | winmsn32.exe | "Added by the RBOT-ADI WORM!"
|
| X | Windows SSL Secondary Drivers | SSL32Dr.exe | "Added by the SDBOT.ASQ WORM!"
|
| X | Windows Stand Sound Drivers | Sounddrv.exe | "Added by the SDBOT-XF WORM!"
|
| X | Windows Storm-Memory Drivers | memorystorm.exe | "Added by the SLENFBOT.CO WORM!"
|
| X | Windows System Drivers | sysretain.exe | "Added by the SLENFBOT.BY WORM!"
|
| X | Windows System Serivce | winserv.exe | "Added by the RBOT.ACA WORM!"
|
| X | Windows System-Control Drivers | syscontrl.exe | "Added by a variant of the IRCBOT BACKDOOR! See here"
|
| X | Windows System32 Driver | clsass32.exe | "Added by the SDBOT-AGG WORM!"
|
| X | Windows UDP Control Center | winlive32.exe | "Added by a variant of the IRCBOT BACKDOOR! See here"
|
| X | Windows Update | livesrvs.exe | "Added by a variant of the RBOT WORM!"
|
| X | Windows Update Drive | updrvs.exe | "Added by a variant of the SDBOT WORM!"
|
| X | Windows USB 2.0 Driver | usbtskmgr.exe | "Added by the RBOT-BKG WORM!"
|
| X | Windows USB 2.0 Driver | usb2ctrl.exe | "Added by the RBOT-BIW WORM!"
|
| X | Windows USB 2.0 Driver | usbservice.exe | "Added by the RBOT-BLF WORM!"
|
| X | Windows USB Control Driver | iexplore.exe | "Added by a variant of the IRCBOT BACKDOOR! See here. Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
|
| X | Windows USB Driver Support | Windowsusb.exe | "Added by a variant of the SPYBOT WORM!"
|
| X | Windows User Mode Driver Manager | wdfmrg.exe | "Added by the SDBOT-ZN WORM!"
|
| X | Windows Video Drivers | videons32.exe | "Added by the GAOBOT.AZT WORM!"
|
| X | Windows Video Drivers | VIDEONS3.EXE | "Added by the AGOBOT-KZ BACKDOOR!"
|
| X | Windows32 Serivces | winser32.exe | "Added by the SPYBOT.AAF WORM!"
|
| X | WindowsHive | rpcc.exe | "Added by the DLENA-A TROJAN!"
|
| X | Windows_Serivce | SERVICE.exe | "Added by the WOOTBOT.AH WORM!"
|
| X | WinDriv32 | WinDriv32.exe | "Added by the SMALL-BA TROJAN!"
|
| X | WinDriver Configuration | windrvconf.exe | "Added by the AGOBOT-LX TROJAN!"
|
| X | WinDrives | WinDrives.EXE | "Added by the SMALL.DIG WORM!"
|
| X | WinRunners | WinDrivers.exe | "Added by the DULOAD.C WORM!"
|
| X | Wins Service Driver | winet.exe | "Added by the RBOT-APV WORM!"
|
| X | Winsecure Antivirus | Secureantivirus.exe | "Added by a variant of the SPYBOT WORM!"
|
| X | Winsock driver | winnt update.exe | "Added by the SPYBOT-DM TROJAN!"
|
| X | Winsock driver | winnt64.exe | "Added by the SPYBOT-DR WORM!"
|
| X | Winsock Driver | nvscv32.exe | "Added by the AGOBOT-FD WORM!"
|
| X | Winsock Driver | scvhost.exe | "Added by the RBOT.AEU BACKDOOR!"
|
| X | Winsock driver | win.exe | "Added by a variant of the IRCBOT BACKDOOR! See here"
|
| X | Winsock driver | tcpmngr.exe | "Added by the SPYBOT-CK WORM!"
|
| X | Winsock driver | winupdate32.exe | "Added by the SPYBOT-JZ TROJAN!"
|
| X | Winsock2 driver | SDJOIJE.EXE | "Added by the SPYBOT.DR TROJAN!"
|
| X | Winsock2 driver | MIRC32.exe | "Added by the SPYBUZZ TROJAN!"
|
| X | Winsock2 driver | kgzgjkpcw.exe | "Added by the SDBOT.T TROJAN!"
|
| X | Winsock2 driver | ZONEALARM.EXE | "Added by the SDBOT.T TROJAN! Note - ZONEALARM.EXE is not the valid Zone Labs firewall program"
|
| X | Winsock2 driver | wincfg.scr | "Added by the SPYBOT-E TROJAN!"
|
| X | Winsock2 driver | winupdate.exe | "Added by the SPYBOT-BX WORM!"
|
| X | Winsock2 driver | SPOLSV.EXE | "Added by the SPYBOT-CM WORM!"
|
| X | Winsock2 driver | [random filename] | "Added by members of the SPYBOT family of WORMS! Note - the random filename is located in %System%"
|
| X | Winsock2 driver | sysreq.exe | "Added by the SPYBOT-CC WORM!"
|
| X | Winsock2 driver | WUAUMQR.EXE | "Added by the SPYBOT-DP WORM!"
|
| X | Winsock2 driver | wincfg.exe | "Added by the SPYBOT.CO WORM!"
|
| X | Winsock2 driver | svchorsst.exe | "Added by the SPYBOT-EE WORM!"
|
| X | Winsock2 driver | SYSTEM32.EXE | "Added by the SPYBOT-EG WORM!"
|
| X | Winsock2 driver | dllcfg32.exe | "Added by the SPYBOT.AG WORM!"
|
| X | Winsock2 driver | CFTMON.EXE | "Added by a variant of the IRCBOT BACKDOOR!"
|
| X | Winsock2 driver | ntsys32.exe | "Added by the SPYBOT-DD WORM!"
|
| X | Winsock2 driver | WINNT32.EXE | "Added by the SPYBOT-CN WORM!"
|
| X | Winsock2 driver | PAC.EXE | "Added by the SPYBOT-ET WORM!"
|
| X | Winsock2 driver | winsock2.exe | "Added by the SPYBOT-CT BACKDOOR!"
|
| X | Winsock2 driver | mmtask5.exe | "Added by the SPYBOT-CD WORM!"
|
| X | Winsock2 driver | WWEUMQR.EXE | "Added by the SPYBOT-BY WORM!"
|
| X | Winsock2 driver | IEXPLORE .EXE | "Added by the SPYBOT-AU WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) process as there is a space before the "".exe"""
|
| X | Winsock2 driver | WINSOUND.EXE | "Added by the SPYBOT-H WORM!"
|
| X | Winsock32 driver | TESTING.EXE | "Added by the SPYBOT-B WORM!"
|
| X | Winsock32 driver | system32.exe | "Added by the IRCBOT-VT TROJAN!"
|
| X | Winsock32driver | win32server.scr | "Added by the HACARMY TROJAN!"
|
| X | Winsock32driver | sp2XPupdate.exe | "Added by the HACKARMY.S TROJAN!"
|
| X | Winsock32driver | win32server.exe | "Added by the BACKDOOR-AZV TROJAN!"
|
| X | Winsock32driver | ZoneAlarmPr0.exe | "Added by the HACKARMY-B TROJAN!"
|
| X | Winsock32driver | ZoneLockup.exe | "Added by the HACARMY.D TROJAN!"
|
| X | Winsock32driver | win32server.exe | "Added by the HACARMY.F TROJAN!"
|
| X | Winsock32driver | winXPupdate.exe | "Added by the HACKARMY.9728 TROJAN!"
|
| X | Winsock32driver | svchhost.exe | "Added by the HACKARMY.I TROJAN!"
|
| X | Winsock6 MIC driver | ieservicesupd.exe | "Added by the SPYBOT.AFZ WORM!"
|
| X | winsockdriver | tskmg.exe | "Added by the SDBOT.GEN TROJAN or WARPIGS.C WORM!"
|
| X | winsockdriver | winsock2.2.exe | "Added by a variant of the SPYBOT WORM!"
|
| X | winsockdriver | iexplor.exe | "Added by the BLATIC.A WORM!"
|
| X | winsockdriver | winsock3.exe | "Added by the SPYBOT-DO WORM!"
|
| X | winsockdriver | bot.exe | "Added by the WARPIGS-D WORM!"
|
| X | winsockdriver | winsock4.1.exe | "Added by a variant of the IRCBOT TROJAN! See here"
|
| X | winsockdriver | winsock2.exe | "Added by the SPYBOT-AC WORM!"
|
| X | Winsocks2 driver | mznmgr.exe | "Added by a variant of the SDBOT WORM!"
|
| X | winsys32 Driver | winsys32.exe | "Added by the LOONY-O TROJAN!"
|
| X | WinTask driver | wintask.exe | "Added by the DLOADER-NA TROJAN!"
|
| U | wintective | wintective.exe | "Wintective logs keystrokes |
| X | winupdatefiv_ | [path to file] | "Added by the COMBRA.C WORM!"
|
| X | Win_api_driver | system.exe | "Added by the REVIRD TROJAN!"
|
| X | WIN_DRIVR32 | shchostv.exe | "Added by a TROJAN - see here"
|
| X | win_drivr32 | zxhstn.exe | "Added by the SMALL.CXO TROJAN!"
|
| X | wistaantivirus | wistaantivirus.exe | "Wista Antivirus rogue security software - not recommended |
| X | Wlan Driver | avscan.exe | "Added by the WOOTBOT.DH WORM!"
|
| X | WLiveCD.exe | WLiveCD.exe | "Added by the VB-EQI TROJAN!"
|
| X | Wnsck2 driver | wlogf.exe | "Added by the SPYBOT-AF WORM!"
|
| X | Wstat32 driver | Wstat32.exe | "Added by the LOONBOT TROJAN!"
|
| X | Wupdate driver | [various filenames] | "Added by a variant of the SPYBOT WORM!"
|
| X | Wupdate driver | wupdadte.exe | "Added by the SPYBOT-CQ WORM!"
|
| X | XP Antivirus | xpantivirus.exe | "XPAntivirus rogue security software - not recommended |
| X | XP Antivirus | xpa.exe | "XP Antivirus rogue security software - not recommended"
|
| X | XPAntivirus | XPAntivirus.exe | "XPAntivirus rogue security software - not recommended |
| X | XTN Service Drivers | winxtn.exe | "Added by the SDBOT-YK WORM!"
|
| N | YLive.exe | Ylive.exe | "Yahoo! Assistant (formerly 3721 Internet Assistant) - not recommended"
|
| X | YourPrivacyGuard | GDC.exe | "YourPrivacyGuard rogue privacy tool - not recommended |
| X | Zi5 | AntiVirus Update.exe | "Added by the ERKEZ.G WORM!"
|
| N | Zinio DLM | ZinioDeliveryManager.exe | "Related to Zinio used to read magazines in digital rather than paper format"
|
| X | Zip Driver Loader | ZipLoader32.exe | "Added by the OBLIVION TROJAN! This executable is one of the most common but there are more"
|
| X | Zip Driver Loader | msload32.exe | "Added by the OBLIVION TROJAN! This executable is one of the most common but there are more"
|
| X | [various names] | driver32.exe | "Added by a variant of the SDBOT WORM!"
|
| X | [various names] | driver64.exe | "Wareout - malware masquerading as a spyware and dialer remover"
|
| X | _pnd_Panda Antivirus | _pnd_*****.exe [* = random char/digit] | Added by the AGENT.NAK TROJAN!
|
| X | _SystemDriver | csrss.exe | "Added by the ASCETIC.B TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\addins\explorer"
|
| U | {B179023B-6238-4499-8F26-CD73E9D90E0A} | MacDrive.exe | "MacDrive 7 from Mediafour Corporation - ""enables anyone using Windows Vista |
