| X | cmsound | vcpdll.exe | "Added by the TCXMEDI-D downloader TROJAN!"
|
| X | cmsound | vcsystem.exe | "Added by the TCXMEDI-D downloader TROJAN!"
|
| X | cmss | system.exe | "Added by a variant of the RBOT WORM!"
|
| X | cmssapp | iexplore_.exe | "Added by the BANCBAN-CQ TROJAN!"
|
| X | cmssapp | iexplore.exe | "Added by the BANCBAN-GF TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
|
| X | cmssSystemProcess | csmss.exe | "Added by the AGENT-CO TROJAN!"
|
| X | cmssSystemProcess | mcsmss.exe | "Added by the PROXYSER-F TROJAN!"
|
| X | cmssSystemProcess | csms.exe | "Added by the AGENT-Y TROJAN!"
|
| X | CMSystem | CMSystem.exe | "CASClient adware"
|
| ? | COEMsgDisplay | COEMsgDisplay.exe | "Part of HP's PC Common Operating Environment (PC COE) project. Located in %ProgramFiles%\Hewlett-Packard\PC COE. What does it do and is it required?"
|
| X | COM Service | mscom32.com | "Added by the BEASTY.H TROJAN!"
|
| X | COM Service | msynvr.com | "Added by the BEASTY.G TROJAN!"
|
| X | COM Service | msjclh.com | "Added by the BEASTY.E TROJAN!"
|
| X | COM Service | msdrce.com | "Added by the BEASTY.I TROJAN!"
|
| X | COM Service | msflyx.com | "Added by the BEASTDO-O TROJAN!"
|
| X | COM Service | mskwda.com | "Added by the AGENT-JIX TROJAN!"
|
| X | Compaq Service Drivers | amsn.exe | "Added by a variant of the SDBOT WORM!"
|
| X | Compaq Service Drivers | msnt.exe | "Added by the SDBOT.CQL WORM!"
|
| X | Compaq Service Drivers | winmsn.exe | "Added by a variant of the SDBOT WORM!"
|
| X | Compaq Service Drivers | msnsvc.exe | "Added by the RBOT.BKT WORM!"
|
| X | Compaq32 Service Drivers | ms32.exe | "Added by the SDBOT.BWH WORM!"
|
| X | Compaq32 Service Drivers | msconfig32.exe | "Added by the SDBOT-ADC WORM!"
|
| X | Compaq32 Service Drivers | msnt32.exe | "Added by the RBOT.BVF WORM!"
|
| N | COMSMDEXE | comsmd.exe | 3Com tray icon
|
| X | ComStart | Trojan Guarder.exe | "TrojanGuarder rogue security software - not recommended"
|
| X | Configuration | msgfixs.exe | "Added by the SDBOT-NN WORM!"
|
| X | Configuration Loader | msgfix.exe | "Added by the GAOBOT.AUS or SDBOT.J or SDBOT-QG WORMS!"
|
| X | Configuration Loader | msnss.exe | "Added by the GAOBOT.AUS WORM!"
|
| X | Configuration Loader | MSTasks.exe | "Added by the LOADCFG or SDBOT TROJANS!"
|
| X | Configuration Loader | smss32.exe | "Added by the AGOBOT.MB WORM!"
|
| X | Configuration Loader | msgcfgsrv.exe | "Added by a variant of the AGOBOT/GAOBOT WORM!"
|
| X | Configuration Loader | smsai.exe | "Added by the SDBOT-YE WORM!"
|
| X | Configuration Loader | msg.exe | "Added by the SDBOT.BT WORM!"
|
| X | Configuration Loader | msnmsgr.exe | "Added by the SDBOT-SO WORM! Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %System%"
|
| X | Configuration Loader | mservs.exe | "Added by the SDBOT-NM WORM!"
|
| X | Configuration Loader | msgfixy.exe | "Added by the SLINBOT.QW BACKDOOR!"
|
| X | Configuration Loader | msrun.exe | "Added by the AGOBOT-Y WORM!"
|
| X | Configuration Services | mswords.exe | "Added by the SDBOT-YM WORM!"
|
| X | conmswf | conrnbne.exe | "Added by the SDBOT-DEX WORM!"
|
| X | Connector | sms.EXE | "Added by the ExDial-B premium rate adult content dialer"
|
| X | Content List Management Subsystem | clmss.exe | "Added by the SPYBOT-EL WORM!"
|
| X | ContentDownload | "rundll32.exe MSA64CHK.dll | DllMostrar" |
| X | ControlServiceMgr | csmsv.exe | "Added by the AGENT-XC TROJAN!"
|
| X | CoolDownloads | "rundll32.exe MSA64CHK.dll | DllMostrar" |
| X | CoolMP3 | "rundll32.exe MSA64CHK.dll | DllMostrar" |
| X | CPCmscl0ck | CPCmsclock.ExE | "Added by the IRCFLOOD.BF TROJAN!"
|
| X | cpl | msgaol.exe | "Added by the TACTSLAY.C TROJAN!"
|
| U | Creata Mail | JMSrvr.exe | "Creata_Mail. Smileys |
| U | Creative MediaSource Go | CTCMSGo.exe | "Creative MediaSource Go! is a combination of a short-cut bar and launcher for the Creative MediaSource™ player/organizer - which ""enables you to manage your entire digital music collection on both your computer and your Creative portable music player effortlessly"""
|
| U | Creative MediaSource Go | CTCMSGoU.exe | "Creative MediaSource Go! is a combination of a short-cut bar and launcher for the Creative MediaSource™ player/organizer - which ""enables you to manage your entire digital music collection on both your computer and your Creative portable music player effortlessly"""
|
| X | crmssrlt | [random filename] | "Added by a variant of the SLAPER TROJAN!"
|
| X | crsmons | iomssls.exe | "Added by the BACKDR-AU TROJAN!"
|
| X | CSCRS Value Check | MsPMSPSd.exe | "Added by a variant of the SDBOT WORM!"
|
| X | csrss | msmsgs.exe | "Added by the CHODE-J BACKDOOR! Note - this malware uses MSN Messenger (which is located in %Program Files%\Messenger) in the background to propogate itself"
|
| X | csrss | ssms.exe | Added by an unidentified malware
|
| X | ctfmon | msnmsgr.exe | "Added by the BDOOR-JV BACKDOOR! Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %System%"
|
| X | ctfmon.exe | msupdate32.exe | "Spy Sheriff/SpywareNO malware |
| X | Current32 | msnpla.exe | "Added by the SDBOT-DIS WORM!"
|
| X | cvmsyslpd | sdservss.exe | "Added by the MAILBOT-BY TROJAN!"
|
| N | Cyberlink PowerCinema 3.0 | PCMService.exe | "Part of Cyberlink's PowerCinema - which can be used to watch movies |
| X | data | msngs.exe | "Added by the RBOT-ADQ WORM!"
|
| N | DataViz Inc Messenger | DvzIncMsgr.exe | "Installed with DataViz ""Documents to Go"" software"
|
| N | DataViz Messenger | DvzMsgr.exe | "DataViz Documents to Go - "allows you to use your Word |
| X | Debug | SMSS.exe | "DreamAd adware. Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
|
| U | default | mskbw.exe | "PC Surveillance PRO surveillance software. Uninstall this software unless you put it there yourself"
|
| X | DelayLoad | msprint.exe | "Added by a variant of the Win32.Agent.ryo malware - see here"
|
| X | delmsbb | delmsbb.exe | "180Search adware"
|
| X | DescargaBromas | "rundll32.exe MSA64CHK.dll | DllMostrar" |
| X | Desktop | "rundll32.exe msconfd.dll | Restore ControlPanel" |
| X | DesktopUpdate | "rundll32.exe MSA64CHK.dll | DllMostrar" |
| X | Device Configuration Loader | msdvc32.exe | "Added by a variant of the AGOBOT/GAOBOT WORM!"
|
| X | DHCP | smss.exe | "Added by the WINSPY.AG TROJAN! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\display"
|
| X | Dialer | "rundll32.exe MSA32CHK.dll | Reg" |
| X | Disk Defragmentation Loader | pmsvcr.exe | "Added by a variant of the IRCBOT TROJAN!"
|
| X | DiskCheck | msdarkend.exe | Added by an unidentified WORM or TROJAN!
|
| X | Dmsvc32 | Dmsvc32.exe | "Added by the AGOBOT.ABU WORM!"
|
| X | DM_server | dmserver.exe | "Comet Cursor adware"
|
| X | Doggy Style | MsPMSPSd.exe | "Added by the SDBOT-AAP WORM!"
|
| X | DownloadLegalMusic | "rundll32.exe MSA64CHK.dll | DllMostrar" |
| X | DownloadMP3 | "rundll32.exe MSA64CHK.dll | DllMostrar" |
| X | DownloadsAndMP3 | "rundll32.exe MSA64CHK.dll | DllMostrar" |
| X | DRam prosessor | msupdate.exe | "Added by the DELF-FAW TROJAN!"
|
| X | DrCache | MSTDC.EXE | "Added by the BDOOR-JM BACKDOOR!"
|
| X | dreams | server.exe | "Added by a variant of the SDBOT WORM!"
|
| U | DriverMagicLogon | dmschedule.exe | "Part of DriverMagic - ""the easiest way to locate device drivers"""
|
| X | drmsrv32 | stmhosts.exe | "Added by the AGENT.AGWU TROJAN!"
|
| X | DsmSer | dsm.exe | "Added by the SERFLOG.B WORM!"
|
| X | DsmSer | msmpatch.exe | "Added by the SERFLOG.B WORM!"
|
| X | DsmSer | svosm.exe | "Added by the SERFLOG.B WORM!"
|
| X | DsmSer | sysup.exe | "Added by the SERFLOG.B WORM!"
|
| X | dxdiag diagnose | msidxdia.exe | "Added by a variant of the RBOT WORM!"
|
| X | dxmsrv | dxmsrv.exe | Added by an unidentified WORM or TROJAN!
|
| U | ELSA WINman Suite | Winmsuit.exe | "Allows you to totally customize your ELSA graphics card settings |
| X | eMessenger | emsn.exe | "Added by the RBOT.AHO BACKDOOR!"
|
| Y | Emsisoft Anti-Malware | a2guard.exe | "System Tray access to and Anti-Malware Guard feature of Emsisoft Anti-Malware from Emsi Software GmbH - which provides ""comprehensive PC protection against viruses |
| X | emsw.exe | emsw.exe | "Attune HelpExpress - spyware. Disable and uninstall - see here"
|
| X | EntraOcio | "rundll32.exe MSA64CHK.dll | DllMostrar" |
| N | EPSON Background Monitor | STMS.EXE | Supposed to keep an Epson printer ready for quick printing. Users report little difference whether it is on or not
|
| X | ethernet | msnger.exe | "Added by a variant of the SDBOT WORM!"
|
| X | ethernet | msftp.exe | "Added by the SDBOT.BXJ WORM!"
|
| X | ethernet adapter | csrmss.exe | "Added by a variant of the RBOT WORM!"
|
| X | Ethernet Driver | cmsrrs.exe | "Added by a variant of the RBOT WORM!"
|
| X | EventApplicationCmd | smschk.exe | "Added by the IRCBOT-AO TROJAN!"
|
| U | EW Message Server | msg32.exe | Conexant (older versions are Brooktree) Wavestream Message Server - associated with Conexant based audio devices
|
| X | Explorer | msrstart.exe | "Added by the SOPICLICK TROJAN!"
|
| N | Extender Resource Monitor | RMSysTry.exe | "Related to Windows Media Center from Microsoft"
|
| X | FastDownloads | "rundll32.exe MSA64CHK.dll | DllMostrar" |
| U | FieldForms Sync | SyncService.exe | "Resco FieldForms. A solution for building of mobile forms that can be viewed or filled in on the run |
| ? | file indexing service | msfindfile.exe | "New version of MS FindFast and still a resource hog?"
|
| X | FireFox Service Drivers | ssmss.exe | "Added by a variant of the SDBOT WORM!"
|
| X | Firewall Updater | msnupdateit.exe | "Added by the RBOT-AAQ WORM!"
|
| X | FKS v2.0 | msngr.exe | Added by an unidentified WORM or TROJAN!
|
| X | Flash Media | zrpk��'�'%''msn'�%'fix''.exe | "Added by a variant of the IRCBOT BACKDOOR!"
|
| X | Flash Media | skxs��'�'%''msn'�%'fix''.exe | "Added by the AGENT.ZOY TROJAN!"
|
| Y | FltProcess | msinet.exe | "Part of Cyber Patrol internet filtering software to restrict access to certain types of material on the internet. It can be disabled but do not ask how it's done"
|
| U | FMStart | Fmstart.exe | "GFI FAXmaker - native fax connector for Microsoft Exchange Server or for networks |
| X | FMSZ | fmsz.exe | "Added by the FMSZ TROJAN!"
|
| N | Fpx | mnmsrvc.exe | Remote Desktop Sharing service part of Microsoft's Netmeeting allowing users to share items on their screens across remote locations
|
| X | FreeMP3download | "rundll32.exe MSA64CHK.dll | DllMostrar" |
| U | FTMSFLT(USB) | FTMSFLTU.EXE | Fujitsu's Touch Panel Message Notifier
|
| N | GemStRmW | GemStRmW.exe | "For a GemPlus smart card reader. If it doesn't start automatically when you insert the smart card |
| X | Generic Host Process for Win Services | mscvs.exe | "Added by a variant of the SDBOT WORM!"
|
| X | Generic Host Process for WinXP Services | mshelp.exe | "Added by the AGENT-GQP TROJAN!"
|
| X | german.exe | winsystems.exe | "Added by the BAGLEDl-AE TROJAN!"
|
| X | german.exe | wintems.exe | "Added by the BAGLE-AS TROJAN!"
|
| X | GetitAll | "rundll32.exe MSA64CHK.dll | DllMostrar" |
| X | GetMP3 | "rundll32.exe MSA64CHK.dll | DllMostrar" |
| X | GetTheMusic | "rundll32.exe MSA64CHK.dll | DllMostrar" |
| X | GLSetIT32 | msiexec16.exe | "Added by the OPTIX PRO TROJAN!"
|
| X | GLSetT32 | smsiexec.exe | "Added by the OPTIX-D TROJAN!"
|
| X | Gmsvc32 | gmsvc32.exe | "Added by the AGOBOT.ABN WORM!"
|
| X | Graphic Driver | smss32.exe | "Added by a variant of the RBOT WORM!"
|
| X | GreatDownloads | "rundll32.exe MSA64CHK.dll | DllMostrar" |
| X | GsAds | gms2.exe | "PacerD_Media/Pacimedia.com adware"
|
| N | GWMDMMSG | GWMDMMSG.exe | Used with internal modems on Gateway and vprMatrix PCs. This is the "GTW modem messaging applet" and is not required for the modem to work correctly
|
| X | Hardware Monitor Service | mshms.exe | "Added by the WOLLF-A TROJAN!"
|
| X | heomstool | heomstool.exe | "Added by the HEOMS TROJAN!"
|
| ? | HerculesCamService | CamService.exe | "Related to the Hercules Dualpix HD Webcam. What does it do and is it required?"
|
| X | hotefix | msnmanegers.exe | "Added by the IRCBRUTE.AS TROJAN!"
|
| X | hotfix | msnnmaneger.exe | "Added by the WOOTBOT.AF WORM!"
|
| X | HP Desktop | ccappms.exe | "Added by the SDBOT-TG WORM!"
|
| X | Hservice | msservice.exe | "Added by the AUTORUN-KL WORM!"
|
| X | HTTP Tunneling Server | mstunnel.exe | "Added by the RBOT.EDL WORM!"
|
| X | httpd | msgaol.exe | "Added by the TACTSLAY.C TROJAN!"
|
| X | Hyper Start | instantmsgrs.exe | "Added by the RBOT-NH WORM!"
|
| X | I am not Ranky. I am eTunnel! | msyervice.exe | Added by an unidentified WORM or TROJAN!
|
| U | Ibmpmsvc | ibmpmsvc.exe | "Power management driver for IBM laptops. Provides support for the use of four keys on the thinkpad keyboard with blue key tops - Fn |
| X | ICManagement | msic32.exe | "Added by the MSIC BACKDOOR!"
|
| X | ICQMsn | [path to trojan] | "Added by the RANCK-AH TROJAN! The most common example is ""cbfks.exe"" located in %System%"
|
| X | IE6 | ssmss.exe | "Added by the GAOBOT.DXO WORM!"
|
| X | IECheck | MSDTCs.exe | "Added by the TIRBOT-D WORM!"
|
| X | IECheck | mssvp.exe | "Added by the TIRBOT-G WORM!"
|
| X | IEXPLORER | msiecfg.exe | "Added by the BDOOR-JU BACKDOOR or BANCBAN-IP TROJAN!"
|
| X | IISADMINS | systems.exe | "Added by the AGOBOT.U WORM!"
|
| X | IMJPMIG8.2 | msime82.exe | "Added by the VB-CYG WORM!"
|
| X | IMJPMIG8.2 | msime80.exe | "Added by the VB-CYJ TROJAN!"
|
| X | ImMsn | timed.exe | "Added by the WEBDOR.AK TROJAN!"
|
| U | ImScInst | ImScInst.exe | "Microsoft's Input Method Editor which is used to both display and enable the input of characters from East Asian and Right-to-left (e.g. Arabic) languages in e-mails |
| U | ImScInst.exe | ImScInst.exe | "Microsoft's Input Method Editor which is used to both display and enable the input of characters from East Asian and Right-to-left (e.g. Arabic) languages in e-mails |
| U | IMStart | IMStart.exe | "InterMute security software related"
|
| X | InetChk | ms[random value].exe | "Added by the AGENT-IRL TROJAN!"
|
| X | InetMSN | msnet.exe | "Added by a variant of the SDBOT TROJAN!"
|
| X | info | smss.exe | "Added by the VB.EIW WORM! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %System%\inetsrv"
|
| U | InfoPenMSN | InfoPenIM.exe | "InfoPenMSN is a MSN Messenger plugin that allows you to send data written/drawn by hand"
|
| X | Instant Access | "rundll32.exe EGCOMSERVICE_****.dll | InstantAccess [**** = digits]" |
| X | Instant Messenger Service | imservice.exe | "Detected by Kaspersky as the HEUR TROJAN!"
|
| X | instant messengers | instantmsgtr.exe | "Added by the AGOBOT-PC BACKDOOR!"
|
| X | Intec Service Drivers | msmsgrs.exe | "Added by the SDBOT-ADN WORM!"
|
| X | Intec Service Drivers | msmsgredss.exe | "Added by the SDBOT-AGL WORM!"
|
| X | Intec Services Drivers | msupdate22e.exe | "Added by the RBOT-CGC WORM!"
|
| X | Intel Management Services v32 | mstime32.exe | "Added by the AUTORUN-AYG WORM!"
|
| X | Intel Service Drivers | msconfig16.exe | "Added by the MSCONFIG16 TROJAN!"
|
| X | InteliSys | smss.exe | "Advertisingvision adware. Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
|
| X | Internat | msgsrv32.exe | "Added by the NYRUBOT-A BACKDOOR! Note - this is not the legitimate msgsvr32.exe process on a Win9x/Me system which should not appear in MSConfig/startup!"
|
| X | internet | smss.exe | "Added by the MIFENG-K TROJAN! Note - this is not the legitimate smss.exe process which should NOT appear in Msconfig/Startup!"
|
| X | Internet Loader1 | MSInstall61.exe | "Added by the KWBOT.B WORM!"
|
| X | Internet Mail and News | msqdevl.exe | "EasySearch adware"
|
| X | Internet Mail and News | msqdevl1.exe | "Added by the DLOADR-AWD TROJAN!"
|
| X | Internet Security Service | msq32.exe | "Added by the RBOT-GFP WORM!"
|
| X | Internet Security Service | msq23.exe | "Added by the RBOT-GQL WORM!"
|
| X | Internet Security Service | msql23.exe | "Added by the RBOT-GML WORM!"
|
| X | Intersoft Msngr | intersoftmsngr.exe | "Added by the AGOBOT-NW WORM!"
|
| N | ISSI EZUpdate Service | issimsvc.exe | Part of IBM Global Services - used internally by IBM for automatic updating of software and Microsoft patching
|
| X | Java32 Configuration Loader | msnmesgr.exe | "Added by a variant of the RBOT WORM!"
|
| X | JavaScriptMsxrs | Msxrs.exe | "Added by the VB.BL WORM!"
|
| X | jvms.exe | jvms.exe | "Added by the ORCU.B TROJAN!"
|
| X | kamsoft | ckvo.exe | "Added by the GAMANIA-BW TROJAN!"
|
| X | kdmsx | [8 random letters].exe | "Added by the SDBOT.AIJ BACKDOOR!"
|
| X | Kernel Safe Mode | smss.exe | "Added by the 78CRACK-A TROJAN! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
|
| X | KernelFaultCheck | msime.exe | "Added by the TINY-P TROJAN!"
|
| X | KernelFaultChk | sms.exe | "Added by the DEADHAT WORM! Do not confuse with the valid ""kernelfaultcheck"" which runs ""dumprep 0 -k"" or ""dumprep 0 -u"""
|
| X | Kernell | systems.exe | "Added by the TARNO.C TROJAN!"
|
| X | KernellApps32 | smss.exe | "Added by the BANCBAN-AN TROJAN! Note - this is not the legitimate smss.exe process which should not normally figure in Msconfig/Startup!"
|
| U | KONICA MINOLTA magicolor 2400W STD | MSTMON_S.EXE | Konica Minolta Magicolor 2400W colour printer monitor
|
| X | KvmSecure.exe | KvmSecure.exe | "KvmSecure rogue security software - not recommended |
| U | LanguageMonitor | Oplmsb01.exe | OKI Printer language support monitor
|
| X | LEMSRV | lemsrv.exe | "Added by the IRCBOT-TC TROJAN!"
|
| X | Live Messanger | livemsgr.exe | "Added by the RBOT.BXX WORM!"
|
| X | Live Messanger | wllmsngr.exe | "Added by a variant of the IRCBOT BACKDOOR! See here"
|
| X | Live Windows Messenger Version | msnmessage7.7.exe | "Added by a variant of the IRCBOT BACKDOOR! See here"
|
| X | Live Windows Messenger Version | msnmsngrlive.exe | "Added by a variant of the IRCBOT BACKDOOR!"
|
| X | LiveSexCams | LiveSexCams.exe | Premium rate adult content dialler
|
| X | LiveUpdate | smss.exe | "Added by the VB.BAU BACKDOOR! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\isas"
|
| N | LM Status | LMSTATUS.EXE | Xerox WorkCenter XE - language monitor status application
|
| N | LMSTATUS | LMSTATUS.EXE | Xerox WorkCenter XE - language monitor status application
|
| Y | LMSXXD | LMSXXD.exe | Driver for Xerox XD series printer/copiers
|
| X | lnternet Explorer | AMSNDMGR.EXE | "Added by the KWBOT.R WORM! Note that the ""l"" is a lower case ""L"" and not an upper case ""I"""
|
| X | load | msgsr32.exe | "Added by the SDBOT-QR WORM!"
|
| X | load= | msater.exe | "Added by the RETSAM TROJAN!"
|
| X | LoadingAgent | msload32.exe | "Added by the OBLIVION TROJAN! This executable is one of the most common but there are more"
|
| X | LoadManager | msload.exe | "Added by the OPASERV.T WORM!"
|
| X | loadMefs | smss32.exe | "Added by the FLOOD-EL TROJAN!"
|
| N | LoadMSvcmm | msvcmm32.exe | "Auto-update for Movielink - internet movie rental System Tray access"
|
| U | Logitech ClickSmart | LVCOMS.EXE | Entry added when you install Logitech ClickSmart webcam software. It allows the camera to be accessed by both the Logitech software and (amongst others) NetMeeting and Windows Movie Maker. If you don't use the camera on a daily basis create your own shortcut and run it manually when required
|
| U | Logitech ImageStudio | LVCOMS.EXE | Entry added when you install Logitech ImageStudio webcam software. It allows the camera to be accessed by both the Logitech software and (amongst others) NetMeeting and Windows Movie Maker. If you don't use the camera on a daily basis create your own shortcut and run it manually when required
|
| U | Logitech QuickCam | LVCOMS.EXE | Entry added when you install older versions of Logitech QuickCam webcam software. It allows the camera to be accessed by both the Logitech software and (amongst others) NetMeeting and Windows Movie Maker. If you don't use the camera on a daily basis create your own shortcut and run it manually when required
|
| U | Logitech QuickCam | LVComSX.exe | Entry added when you install versions of the Logitech QuickCam webcam software - allows the full camera features (such as face tracking) to be accessed by both the Logitech software and (amongst others) NetMeeting and Windows Movie Maker. If you don't use the camera on a daily basis create your own shortcut and run it manually when required
|
| X | LosMejoresMP3 | "rundll32.exe MSA64CHK.dll | DllMostrar" |
| X | LotsOfGames | "rundll32.exe MSA64CHK.dll | DllMostrar" |
| X | LotsOfJokes | "rundll32.exe MSA64CHK.dll | DllMostrar" |
| X | LSA | msdn.exe | Added by an unidentified malware
|
| X | lsmss.exe | lsmss.exe | "Added by the PROXY-GG TROJAN!"
|
| X | LTM2 | MSGSRV32.EXE | "Added by the LITMUS.A BACKDOOR! Note - this is not the legitimate msgsvr32.exe process on a Win9x/Me system which should not appear in MSConfig/startup! This one is located in %Windir%\Litmus"
|
| X | LTM2 | MSGSRV320.EXE | "Added by the LITMUS.C TROJAN!"
|
| X | LTM2 | MSGSSV32.EXE | "Added by the FC.C TROJAN!"
|
| X | LTM2 | msns6 | "Added by the LITMUS.C TROJAN!"
|
| Y | LTMSG | ltmsg.exe | "Lucent Technologies (now Alcatel-Lucent) WinModem - which uses software rather than hardware |
| N | LTSMMSG | LTSMMSG.exe | "Lucent Tech. Soft Modem Messaging application - may be found on Fujitsu Lifebook |
| X | LTSMSG | Shell32.exe | "Added by the LEMIR.B TROJAN!"
|
| Y | LTWinModem1 | ltmsg.exe | "Lucent Technologies (now Alcatel-Lucent) WinModem - which uses software rather than hardware |
| X | ltwob | msmbw.exe | "Added by the SERFLOG.A WORM!"
|
| Y | LUCENT TECHNOLOGIES ltmsg | ltmsg.exe | "Lucent Technologies (now Alcatel-Lucent) WinModem - which uses software rather than hardware |
| X | Lucky charms CD | mylcuky.exe | "Added by the SDBOT-SP WORM!"
|
| U | LVCOMS | LVCOMS.EXE | "Entry added when you install Logitech's ClickSmart |
| U | LVCOMSX | LVComSX.exe | Entry added when you install versions of the Logitech QuickCam webcam software - allows the full camera features (such as face tracking) to be accessed by both the Logitech software and (amongst others) NetMeeting and Windows Movie Maker. If you don't use the camera on a daily basis create your own shortcut and run it manually when required
|
| Y | lxamsp32 | lxamsp32.exe | Lexmark Scan and Copy Control Program for the X63 (and maybe others) printer/scanner. Required for the scanner to work
|
| X | M S DVD DirectX Dll Drivers | msxdl.exe | "Added by the SDBOT-BJN WORM!"
|
| X | Machine Debug Manager | msdn.exe | "Added by a variant of the RBOT WORM!"
|
| X | Machine Debug Manager | mdms.exe | "Added by the SDBOT-CH WORM!"
|
| X | machine-debugger | mdmsv.exe | "Added by the AGOBOT-BR WORM!"
|
| X | mackfy.exe | msms.exe | "Added by the SDBOT-DID WORM!"
|
| X | MainDownloads | "rundll32.exe MSA64CHK.dll | DllMostrar" |
| X | ManageProtocolCtrl | csmsv.exe | "Added by the LOOKSKY.B TROJAN!"
|
| N | Mass storage check registry | "rundll32.exe MSDServ.dll | check registry" |
| X | MatrixScreenSaver | mss.exe | Unidentified malware
|
| X | MC | wintrims.exe | "Added by the WINTRIM TROJAN!"
|
| U | McAfee SpamKiller | MskAgent.exe | "McAfee SpamKiller - rule-based and list-based spam filter. Available as a stand-alone product or included in older versions of Internet Security and Total Protection"
|
| U | MDSA Sentinel X | smss.exe | "SentinelX surveillance software. Uninstall this software unless you put it there yourself. Note - this is not the same file as the smss.exe process which is always located in %System%. This one is located in %ProgramFiles%\MDSA Software"
|
| X | mdwmdmsp | mdwmdmsp.exe | "Adware - detected by Kaspersky as the AGENT.AM TROJAN!"
|
| X | Media Load | msn32.exe | Added by a unidentified WORM or TROJAN!
|
| X | Media Plug x.1.2 | msdm.exe | Added by the MULDROP.352 VIRUS!
|
| X | Media Server | msdts.exe | "Added by a variant of the IRCBOT TROJAN!"
|
| X | Media Service | msn64.exe | "Added by the SPYBOT.EV WORM!"
|
| X | Media service | msnmsgxr.exe | "Added by the SDBOT.TF WORM!"
|
| X | Media Transfer Protocals | msstc.exe | "Added by a variant of the IRCBOT TROJAN!"
|
| X | Media X Services | MSNGRx.exe | "Added by the RBOT.AUL WORM!"
|
| X | Media-XP-Service-Pack3 | msnzx.exe | "Added by the SDBOT-ACW WORM!"
|
| X | Meeting Connection | comsutil.exe | "Added by the PPDOOR-E TROJAN!"
|
| N | Memory Stick Monitor | MSTAT.exe | "Used with the Sony floppy disk adapter for memory sticks |
| U | Memory Stick Monitor | MSstat.exe | Sony/SmartDisk memorystick-floppydisk-adapter software - allows you to read memorysticks in a normal floppydrive
|
| U | Memory+ | tfimemsr.exe | "Memory optimizer. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mind"
|
| X | MemScanner | MemScanner.exe | "Part of Enigma SpyHunter - not recommended |
| X | Message Queuing | msmqs.exe | "Added by the FREEFORS TROJAN!"
|
| X | Messanger | msgaol.exe | "Added by the TACTSLAY.C TROJAN!"
|
| X | Messenger | Wmsngr.exe | "Added by a variant of the RBOT WORM!"
|
| Y | Messenger | SCANMSG.EXE | "AntiVirus Quick Heal - virus protection"
|
| N | Messenger | MsnMsgr.exe | "Windows Live Messenger (was MSN Messenger) utility - available via the Start menu. Disable by clicking on the ""Show menu"" icon and select Tools → Options → General → deselect ""Automatically run Windows Live Messenger when I log on to Windows"". This is the Windows Defender/Vista MSConfig entry for version 8.*"
|
| N | Messenger | msmsgs.exe | "Windows Messenger instant messenger utility included with Windows 2K/XP. Available via the Start menu. Go to Windows Messenger → Tools → Options → Preferences and uncheck ""Run this program when Windows starts"""
|
| X | Messenger | msnmsgrr.exe | "Added by the RBOT-GYK WORM!"
|
| X | Messenger Block | msngrblock.exe | "Added by the PATOO WORM!"
|
| X | Messenger Gateway | msmgs.exe | "Added by the AGENT-IGK TROJAN!"
|
| X | Messenger Service | msmsgs.exe | "Added by the SDBOT-ZB WORM! Note - this particular msmsgs.exe file is located in %System% and should not be mistaken for the MSN Messenger file of the same name which is located in %Program Files%\Messenger"
|
| X | Messenger start-up | Msgran.exe | "Added by the GRAMOS WORM!"
|
| N | MessengerPlus | MsgPlus.exe | "MessengerPlus - third party MSN Messenger extension that adds a number of useful features. Bundles the hard to remove C2Media LOP adware. The software does offer you a choice during setup - make sure to install MessengerPlus WITHOUT that ""sponsor program""!"
|
| N | MessengerPlus2 | MsgPlus.exe | "MessengerPlus - third party MSN Messenger extension that adds a number of useful features. Bundles the hard to remove C2Media LOP adware. The software does offer you a choice during setup - make sure to install MessengerPlus WITHOUT that ""sponsor program""!"
|
| N | MessengerPlus3 | MsgPlus.exe | "MessengerPlus - third party MSN Messenger extension that adds a number of useful features. Bundles the hard to remove C2Media LOP adware. The software does offer you a choice during setup - make sure to install MessengerPlus WITHOUT that ""sponsor program""!"
|
| X | Micr0s0ft Ms D0s | msdx.exe | "Added by the RBOT-AON WORM!"
|
| X | MICROSFT ANTIVIRUS UPDATE SUPPORT | MSGUPDATED.EXE | "Added by the RBOT-APZ WORM!"
|
| X | Microsft Conf 32 | msaconf.exe | "Added by the RBOT.EYA WORM!"
|
| X | Microsft Confige 32 | msaconfigurez.exe | "Added by the RBOT.CLC WORM!"
|
| X | Microsft Corporation Version 2002.12.2414 | comserv.exe | "Added by a variant of the SLAPER TROJAN!"
|
| X | MICROSFT RAMA UPDATE SUPPORT | MSN32.EXE | "Added by the RBOT-AWJ WORM!"
|
| X | MICROSFT RAMA UPDATE SUPPORT | MSGUPDAT32.EXE | "Added by the RBOT-BBB WORM!"
|
| X | Microsft Remote Procedure Daemon | msrpcd.exe | "Added by a variant of the IRCBOT BACKDOOR!"
|
| X | Microsft Security Monitor Process | mssmppp.exe | "Added by a variant of the IRCBOT BACKDOOR!"
|
| X | Microsft Security Monitor Process | mssmpp.exe | "Added by the SDBOT-DJW WORM!"
|
| X | Microsoft | ssmss.exe | "Added by the RBOT-FZF WORM!"
|
| X | Microsoft | msvchost.exe | "Added by the RBOT-GAW WORM!"
|
| X | Microsoft | msmsger.exe | "Added by a variant of the SDBOT WORM!"
|
| X | Microsoft | MSUPDATE.exe | Added by an unidentified WORM or TROJAN!
|
| X | Microsoft | msngerf.exe | "Added by the RBOT-GLW WORM!"
|
| X | Microsoft | mdms.exe | "Added by the AGENT-GHY TROJAN!"
|
| X | Microsoft (R) Windows Network Security Management Service | nsms.exe | "Added by the RANKY.LC TROJAN!"
|
| X | Microsoft .NET Confingurator | msnconf.exe | "Added by an unidentified VIRUS |
| X | Microsoft Admin Protocal | MSADNIN.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Ansti Update | msie.exe | "Added by the RBOT-LE WORM!"
|
| X | Microsoft Anti Virus Controller | msavc.exe | "Added by a variant of the IRCBOT BACKDOOR! See here"
|
| X | Microsoft Anti Virus Controller | msavc32.exe | "Added by the SDBOT.EPW BACKDOOR!"
|
| X | Microsoft AOL Instant Messenger | MSAOL32.exe | "Added by the RBOT-AAI WORM!"
|
| X | Microsoft Application Manager | msapl32.exe | "Added by the BROPIA-AE TROJAN!"
|
| X | Microsoft AUT Update | MSlti32.exe | "Added by the RBOT-X WORM!"
|
| X | Microsoft AUT Update | MSlti16.exe | "Added by the RBOT.EB WORM!"
|
| X | Microsoft Automatic Update Serivce | msautou.exe | "Added by the RBOT-AOB WORM!"
|
| U | Microsoft Broadband Networking | MSBNTray.exe | Microsoft Broadband Networking Tray Application
|
| X | Microsoft Buffer App | msbuffer.exe | "Added by the SLINBOT.NQ BACKDOOR!"
|
| X | Microsoft checker | MsPMSPTv.exe | "Added by a variant of the SDBOT WORM!"
|
| X | Microsoft Client | mshost.exe | "Added by the RBOT-AND WORM!"
|
| X | Microsoft Client | msclient.exe | "Added by a variant of the IRCBOT BACKDOOR! See here"
|
| X | Microsoft Config | msconf.exe | "Added by the RBOT.PV WORM!"
|
| X | Microsoft Config | MSCONF.EXE | "Added by the RBOT-LG WORM!"
|
| X | Microsoft Config 32 | msconfigx32.exe | Reported as the MSCONFIGX32 TROJAN! Possible Rbot variant
|
| X | Microsoft Config 32bit | mscnfg32.exe | "Added by the RBOT-Z WORM!"
|
| X | Microsoft Config Loader | msconfig32.exe | "Added by the AGOBOT.XX WORM!"
|
| X | Microsoft Config Loader | msrun32.exe | "Added by the AGOBOT-DY WORM!"
|
| X | Microsoft Config Loader | msconf32.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Configoration Service | msconfigs.exe | "Added by the RBOT-ETT WORM!"
|
| X | Microsoft Configs 32 | msgconfigrs.exe | "Added by a variant of the SDBOT WORM!"
|
| X | Microsoft Configuewe | msconfiguwe.exe | "Added by the SDBOT-BPK WORM!"
|
| X | Microsoft Configuration | msconfig32.exe | "Added by the SDBOT.MQ WORM!"
|
| X | Microsoft Configure 32 | msgconfigre.exe | "Added by a variant of the AGOBOT/GAOBOT WORM!"
|
| X | Microsoft Core Support | MSxUP32.exe | "Added by the RBOT-ANR WORM!"
|
| X | Microsoft Corp TLS Certificates | msauth.exe | "Added by the RBOT-GAC WORM!"
|
| X | Microsoft Corporation Svchost Service | mssvc.exe | "Added by a variant of the SDBOT WORM! See here"
|
| X | Microsoft Corporation Svchost Service | mswsc.exe | Added by the AGENT.MAB TROJAN!
|
| X | Microsoft Corporation SYM monitor | mssym.exe | "Added by the RBOT-GDB WORM!"
|
| X | Microsoft CSRSS Service | nsmscrs.exe | "Added by the RBOT-BPT WORM!"
|
| X | Microsoft Cvrt | mscvrt32.exe | "Added by an unidentified VIRUS |
| X | Microsoft Database Handler | mssql32.exe | "Added by the RANDEX.AX WORM!"
|
| X | Microsoft Datalog Application | msdata.exe | "Added by a variant of the SDBOT WORM!"
|
| X | Microsoft Decryption Technology | Msfenoe.exe | "Added by the SPYBOT-DG WORM!"
|
| X | Microsoft Desktop Manager | msdesk32.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Development Debugger | msdev.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Development Services | msdevelop.exe | "Added by the RBOT-FWS WORM!"
|
| X | Microsoft Device Manager | msdevmgr32.exe | "Added by the LATEDA.B TROJAN!"
|
| X | Microsoft Device Manager | mscmtl32.exe | "Added by the AGENT.BMQ BACKDOOR!"
|
| X | Microsoft Diagnostic | msdiag32.exe | "Added by the RBOT-UC WORM!"
|
| X | Microsoft Digital Clock | msclock.exe | "Added by the NACKBOT-D WORM!"
|
| X | Microsoft DLL Verifier | mscon.exe | "Added by the SDBOT.EAH WORM!"
|
| X | Microsoft DNS Query | msdns.exe | "Added by the AGENT-BS TROJAN!"
|
| X | Microsoft Domain Controller | mstc.exe | "Added by the NUGACHE.A WORM!"
|
| X | Microsoft Driver Manager | mswindrv.exe | "Added by the FORBOT-EZ WORM!"
|
| X | Microsoft Driver Setup | msddrv42.exe | "Added by the PALEVO WORM!"
|
| X | Microsoft Driver Setup | mslsrv32.exe | "Added by the SDBOT-DPF TROJAN!"
|
| X | Microsoft driver update | Mshome.exe | Added by the SDBOT.BL WORM!
|
| X | Microsoft EV32 Service | MSev32.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Excel | msexcel.exe | "Added by the RBOT-TQ WORM!"
|
| X | Microsoft Excele | msmsgs.exe | "Added by the AGENT.AJQG TROJAN! Note - this particular msmsgs.exe file is located in %System% and should not be mistaken for the MSN Messenger file of the same name which is located in %Program Files%\Messenger"
|
| X | Microsoft Explorer Service | msexplore.exe | "Added by the IRCBOT.AYB BACKDOOR!"
|
| X | Microsoft Features | ms32cfg.exe | "Added by the RBOT.HO WORM!"
|
| X | Microsoft Features | msie.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Genuine Logon | msnmsg.exe | "Added by the IRCBOT-XH WORM!"
|
| X | Microsoft Gina V Encryption | MSGINAV.EXE | "Added by an unidentified VIRUS |
| X | Microsoft HDCP for NT | msdhcp.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft HDCP for NT and Win9x | msdhcprs.exe | "Added by a variant of the PEERBOT WORM!"
|
| X | Microsoft Help Support | mshelp32.exe | "Addded by the KELVIR-BF WORM!"
|
| X | Microsoft Help SVC | msnmngr.exe | "Added by the SDBOT-PQ WORM!"
|
| X | Microsoft Help System | mshelp32.exe | "CoolWebSearch parasite variant"
|
| X | Microsoft Helpdesk Side | mshelpdsk.exe | "Added by the SPYBOT.ANJJ WORM!"
|
| X | microsoft hotmail monitor | mshotmon.exe | "Added by the MYTOB-FL WORM!"
|
| X | Microsoft Hyptertext Helper | mshtha.exe | "Added by a variant of the SPYBOT WORM!"
|
| X | Microsoft IDCN | mshe1p.exe | Added by an unidentified TROJAN!
|
| X | Microsoft Instant Messenger | msngmsngr32.exe | "Added by the SPYBOTER.GEN TROJAN!"
|
| X | Microsoft Int Service | MsIntSrv.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Internal AntiVirus Systems | dIlhost.exe | "Added by the RBOT-AEV WORM!"
|
| X | Microsoft Internet Explorer | msngrt.exe | "Added by the SDBOT-GU BACKDOOR!"
|
| X | Microsoft Internet Services | Smss32.exe | "Added by the RBOT.MS WORM!"
|
| X | Microsoft IT Update | msupdate.exe | "Added by the RBOT-FE WORM!"
|
| X | Microsoft Java Virtual Machine | MsConfiG.exe | "Added by the FORBOT-DV WORM! Note - this is not the legitimate msconfig.exe which should only appear in Msconfig/Startup if you leave the warning box unchecked after changing an Msconfig entry and rebooting"
|
| X | Microsoft Java Virtual Machine | msjvm.exe | "Added by a variant of the SDBOT WORM!"
|
| X | Microsoft Java Virtual Machine | msjavarxp.exe | "Added by the FORBOT-DL WORM!"
|
| X | Microsoft JavaVM | msjarun.exe | "Added by the RBOT-JW WORM!"
|
| X | Microsoft Kinetik Svc | msftksvc.exe | "Added by the AGENT.AGDO TROJAN!"
|
| X | Microsoft LSA layer | MSLSA32.exe | "Added by the RBOT-AKZ WORM!"
|
| X | Microsoft Macro Protection SubSsy | msacroprots386.exe | "Added by the RBOT-KE WORM!"
|
| X | Microsoft Macro Protection Subsystems | msmacroprotxz.exe | "Added by a variant of the SPYBOT WORM!"
|
| X | Microsoft Macro Protection Subsystems | Msmacroprot32.exe | "Added by the RBOT.KN WORM!"
|
| X | Microsoft Manager | msmanager.exe | "Added by the MYTOB.LF WORM!"
|
| X | Microsoft Media player 9 | msmedia32.exe | "Added by the RBOT-ADO WORM!"
|
| X | Microsoft Message Machine | msmesg32.exe | "Added by the SPYBOT.BI WORM!"
|
| X | Microsoft Messenger Management Controls | msmgmctl.exe | "Added by the RBOT-APA WORM!"
|
| X | Microsoft messenger sd | msngersd.exe | Added by an unidentified TROJAN!
|
| X | Microsoft Messenger Service | msmsg32.exe | "Added by the RBOT.BOK WORM!"
|
| X | Microsoft Messenger XP | MSMSN32.exe | "Added by the RBOT-ZP WORM!"
|
| X | Microsoft MSGPLUS32 Protocol | msgplus32.exe | "Added by a variant of the SPYBOT WORM!"
|
| X | Microsoft MSN 7 Services | msnmsg.exe | "Added by a variant of the IRCBOT BACKDOOR!"
|
| X | Microsoft MSN 7 Services | msnmsger.exe | "Added by a variant of the IRCBOT BACKDOOR!"
|
| X | Microsoft MSN Messenger | msnmnsgr.exe | "Added by a variant of the IRCBOT TROJAN!"
|
| X | Microsoft Msn Messenger | msmsgs.exe | "Added by the BUZUS.AYX TROJAN! Note - this particular msmsgs.exe file is located in %System% and should not be mistaken for the MSN Messenger file of the same name which is located in %Program Files%\Messenger"
|
| X | Microsoft MSN Services | msnsm.exe | "Added by the RBOT.ARV BACKDOOR!"
|
| X | Microsoft MSNGR32 Protocol | msngr32.exe | "Added by a variant of the SPYBOT WORM!"
|
| X | Microsoft msnseru | msnseru.exe | "Added by the RBOT-APB WORM!"
|
| X | Microsoft MsnST | msnst32.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft MSUPDATE | SpoolSvc.exe | "Added by the SXTB-A TROJAN!"
|
| X | Microsoft Netview | mssvc32.exe | "Added by an unidentified VIRUS |
| X | Microsoft Netview Component v5.1 | msnv32.exe | "Added by the RANDEX.F WORM!"
|
| X | Microsoft Network | msnet.exe | "Added by the MOCKBOT.A WORM!"
|
| X | Microsoft Network Services Controller | mmsvc32.exe | "Added by the NANPY-A WORM!"
|
| X | Microsoft Networking Agent For SP2 | msnac32.exe | "Added by the SPYBOT.PEN WORM!"
|
| N | Microsoft Office | Msoffice.exe | Feature included with older versions of MS Office giving you access to common Office functions and optional shortcuts to Office (and other) programs. Some people prefer it but a better way is to create desktop shortcuts if you want access these features and programs quickly. Also available via Start → All Programs
|
| X | Microsoft Office | MSMSGR.exe | "Added by the GAOBOT.BB WORM!"
|
| X | Microsoft Office | msoicons.exe | "Added by the RBOT-ZI WORM! - NOTE - do no confuse with the legitimate Msoicons.exe file described here. The latter wil not be listed among your startups!"
|
| X | Microsoft Office | msoffice32.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Office | msoff.exe | "Added by the RAKER-C TROJAN!"
|
| X | Microsoft Office | msvcp.exe | "Added by the AGENT-XK TROJAN!"
|
| X | Microsoft Office | msmsgr.exe | "Added by the GAOBOT.BB WORM!"
|
| N | Microsoft Office Shortcut Bar | Msoffice.exe | Feature included with older versions of MS Office giving you access to common Office functions and optional shortcuts to Office (and other) programs. Some people prefer it but a better way is to create desktop shortcuts if you want access these features and programs quickly. Also available via Start → All Programs
|
| X | Microsoft Oftice | msmsgs.exe | "Added by the IRCBOT.ALT WORM! Note - this particular msmsgs.exe file is located in %System% and should not be mistaken for the MSN Messenger file of the same name which is located in %Program Files%\Messenger"
|
| X | Microsoft PCI Manager | mspci.exe | "Added by the RBOT.BBG WORM!"
|
| X | Microsoft Proc Driver32 | msprc.exe | "Added by a variant of the WOOTBOT WORM!"
|
| X | Microsoft Procedure Call | MSPCALL.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft QMGR | msnqmgr.exe | "Added by the IRCBOT-S TROJAN!"
|
| X | MicroSoft Remote Secure Service | MSRSS.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft SDKP3 | mswinsdq.exe | "Added by the RBOT-ARY WORM!"
|
| X | Microsoft security adviser | mssadv.exe | "Microsoft Security Adviser rogue security software - not recommended"
|
| Y | Microsoft Security Essentials | msseces.exe | "System Tray access to a notifications from Microsoft Security Essentials which ""provides real-time protection for your home PC that guards against viruses |
| X | Microsoft Security Hot Fix Update | mshotfix.exe | "Affilred adware"
|
| X | Microsoft Security Monitor Process | mssmp.exe | "Added by the RBOT-FUB WORM!"
|
| X | Microsoft Security Monitor Process | msmp.exe | "Added by the RBOT.GKQ WORM!"
|
| X | Microsoft Security Monitor Process | mssm32.exe | "Added by a variant of the IRCBOT TROJAN!"
|
| X | Microsoft Security Monitor Process | msword.exe | "Added by the VIRUT.P VIRUS!"
|
| X | Microsoft Security Monitor Process | mssm32.exe | "Added by a variant of the IRCBOT BACKDOOR!"
|
| X | Microsoft Security Monitor Process | mssmpi32.exe | "Added by a variant of the RBOT WORM! See here"
|
| X | Microsoft Security System | mssecsys.exe | "Added by the IRCBOT-WJ TROJAN!"
|
| X | Microsoft Server Applacations | msnmsg.exe | "Added by the AGOBOT.BBM WORM!"
|
| X | Microsoft Service 32 | mssvc32.exe | "Added by a variant of the IRCBOT TROJAN!"
|
| X | Microsoft Service Information | msnservices.exe | "Added by the RBOT.ID WORM!"
|
| X | Microsoft Service Tools | MStools1.exe | "Added by the RBOT-BHT WORM!"
|
| X | Microsoft Services | Smss32.exe | "Added by the RBOT-AD WORM!"
|
| X | Microsoft Services | msmpserv.exe | "Added by the IRCBOT.BKA BACKDOOR!"
|
| X | Microsoft Services Unitd | MSU32.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Session Manager Subsystem | smss.exe | "Added by the KALEL-D WORM! Note - this is not the legitimate smss.exe process which should NOT appear in Msconfig/Startup!"
|
| N | Microsoft Sound Volume Tool | mssvol.exe | This is a Blue version of the yellow speaker icon on the system tray and is used to edit advanced Sound Features that the MS DSS80 Speakers add. Should be accessible via Start -> Settings -> Control Panel
|
| X | Microsoft SpA Service | msapps.exe | "Added by the RBOT-VI WORM!"
|
| X | Microsoft Support | sys32ms.exe | "Added by the RBOT-AHI WORM!"
|
| X | Microsoft SVC | mssvc.exe | "Added by the BIFROSE-UQ TROJAN!"
|
| X | Microsoft Svchost local services | msnserver.exe | "Added by the RBOT-GPM WORM!"
|
| X | MicroSoft sys32 | sysmsgr32.exe | "Added by a variant of the SPYBOT WORM! See here"
|
| X | Microsoft System | msupdtm.exe | "Added by the SPYBOT.PKC WORM!"
|
| X | Microsoft System | mssys32.exe | "Added by the PETTICK.A WORM!"
|
| N | Microsoft System Configuration Utility | msconfig.exe | Entry that appears when you uncheck an item in the MSConfig Startup group and will disappear if on the next reboot you select the option to not be reminded that you are running in Selective Startup mode. Located in %System% (98/Me/Vista) or %Windir%\PCHealth\HelpCtr\Binaries (XP)
|
| X | Microsoft System Firewall 2006.2 | msmsgr.exe | "Added by a variant of the SDBOT WORM!"
|
| X | Microsoft System Firewall 2006.2 | msnmsgr.exe | "Added by a variant of the SDBOT WORM! Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %System%"
|
| X | Microsoft System Security Agent | MSTSA.EXE | "Added by the RBOT.CCM WORM!"
|
| X | Microsoft System Service Device | mssdh.exe | "Added by a variant of the IRCBOT TROJAN!"
|
| X | Microsoft System Services | msnmgsr.exe | "Added by the KELVIR.K WORM!"
|
| X | Microsoft System Services | msmsgr.exe | "Added by the RBOT-ZH WORM!"
|
| X | Microsoft System32 Update | cmsrg.exe | "Added by the RBOT-GN WORM!"
|
| X | Microsoft Telecoms Center | telcoms.exe | "Added by the IRCBOT.GEN WORM!"
|
| X | Microsoft Telecoms Center | xpfilesys.exe | Added by the RBOT.BCJ TROJAN!
|
| X | Microsoft Telecoms Center | winupn.exe | "Added by a variant of the SDBOT WORM!"
|
| X | Microsoft Telecoms Center | svcchost.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft TTL Verifier | msttl.exe | "Added by the RBOT-GAP WORM!"
|
| X | Microsoft UMA Update | MSuma32.exe | "Added by the RBOT.FS WORM!"
|
| X | Microsoft Updat3 | mswkst32.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Update | mssmgrd.exe | "Added by the SDBOT.JT WORM!"
|
| X | Microsoft Update | msconfg.exe | "Added by the RBOT.H WORM!"
|
| X | Microsoft Update | Mslti32.exe | "Added by the RBOT-LX WORM!"
|
| X | Microsoft Update | Smss32.exe | "Added by the RBOT-CB WORM!"
|
| X | Microsoft Update | msawindows.exe | "Added by the GAOBOT.AFJ WORM!"
|
| X | Microsoft Update | msiwin84.exe | "Added by the GAOBOT.AFJ WORM!"
|
| X | Microsoft Update | msupdate32.exe | "Added by a variant of the SPYBOT WORM!"
|
| X | Microsoft Update | Msnmsngr.exe | "Added by the RBOT.BQS WORM!"
|
| X | Microsoft Update | msupdate32.exe | "Added by the SPYBOT.LZ WORM!"
|
| X | Microsoft Update | ms.exe | "Added by the SDBOT.CC WORM!"
|
| X | Microsoft Update | wuagmsd.exe | "Added by the RBOT-AX WORM!"
|
| X | Microsoft Update | cmss.exe | "Added by the RBOT-ATQ WORM!"
|
| X | Microsoft Update | msupdate.exe | "Added by the BOROBOT-I TROJAN!"
|
| X | Microsoft Update | msnmsgl.exe | "Added by a variant of the SPYBOT WORM! See here"
|
| X | Microsoft Update | msgn.exe | "Added by the RBOT.RQ BACKDOOR!"
|
| X | Microsoft Update 32 | MSupdate32.exe | "Added by a variant of the SPYBOT WORM!"
|
| X | Microsoft Update 32 | mscnfg.exe | "Added by the RBOT-ALM WORM!"
|
| X | Microsoft Update 32 | mssetup32.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Update Control | Ms64.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Update Machine | memstat.exe | "Added by the RBOT-OM WORM!"
|
| X | Microsoft Update Machine | Winmsixp32.exe | "Added by the RBOT.DN WORM!"
|
| X | Microsoft Update Machine | systemse.exe | "Added by the RBOT-BD WORM!"
|
| X | Microsoft Update Machine | TMEMSER.EXE | "Added by the RBOT-NQ WORM!"
|
| X | Microsoft Update Machine | MSOICONS.EXE | "Added by the RBOT.AWS WORM! Note - do no confuse with the legitimate Msoicons.exe file described here. The latter should not normally figure in Msconfig/Startup!"
|
| X | Microsoft Update Machine | psmszw.exe | "Added by the KOLABC.CC WORM!"
|
| X | Microsoft Update Security Patch | mssecurityupdatepatch.exe | Added by the AGENT.EF TROJAN!
|
| X | Microsoft Update Server | mssrv.exe | "Added by an unidentified VIRUS |
| X | Microsoft Update Service | mswin32.exe | "Added by a variant of the SPYBOT WORM!"
|
| X | Microsoft Update Service | msupdate.pif | "Added by the RBOT-AQB WORM!"
|
| X | Microsoft Updater | msconsole.exe | "Added by a variant of the IRCBOT TROJAN!"
|
| X | Microsoft upnp Update | msie.exe | "Added by the RBOT-LQ WORM!"
|
| X | Microsoft USB2 Driver | crmss.exe | "Added by the RBOT-VK WORM!"
|
| X | Microsoft Vertupdate | MSvert32.exe | "Added by the MYTOB-CY WORM!"
|
| X | Microsoft Video Capture Controls | MSsrvs32.exe | "Added by the SDBOT-AAK WORM!"
|
| X | Microsoft Video Controls | tskmsgr.exe | "Added by a variant of the SPYBOT WORM!"
|
| X | Microsoft Virual Machine | sms.exe | "Added by the RBOT-SP WORM!"
|
| X | Microsoft web update | webmsn.exe | "Added by the RBOT-EMQ WORM!"
|
| X | Microsoft Win Corp TLS Verification | mswintls.exe | "Added by the RBOT-GCT WORM!"
|
| X | Microsoft WIN32 DOS | MSdos32.exe | "Added by a variant of the SDBOT WORM!"
|
| X | Microsoft WIN32 Security | MSsec32.exe | "Added by the RBOT-DOQ TROJAN!"
|
| X | Microsoft Windows | mstask0.exe | "Added by the SDBOT.FQ WORM!"
|
| X | Microsoft Windows 16Bit | mswinn16.exe | "Added by a variant of the SPYBOT WORM!"
|
| X | Microsoft Windows 32Bit | mswinn32.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Windows 64 Bit | mswin32.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Windows Client Firewall | msclt.exe | "Added by the VANEBOT-F WORM!"
|
| X | Microsoft Windows Control | mswctl32.exe | "Added by the RBOT.JP WORM!"
|
| X | Microsoft Windows DLL 32-BIT | msncheck32.exe | "Added by the SDBOT-XX WORM!"
|
| X | Microsoft Windows Game Updater | msgame32.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Windows GUI | msmonk32.exe | "Added by the SDBOT-PE WORM!"
|
| X | Microsoft Windows Services | msw32.exe | "Added by the RBOT-FWQ WORM!"
|
| X | Microsoft Windows Session Manager Subsystem | smss.exe | "Added by the PROXYSER-R TROJAN! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
|
| X | Microsoft Windows Storage Machine Service | winms.exe | "Added by the RBOT-AHK WORM!"
|
| X | Microsoft Windows Task Management | mstasks.exe | "Added by a variant of the SDBOT WORM!"
|
| X | Microsoft Windows Task Manger | Mstosk.exe | "Added by the SDBOT-WW WORM!"
|
| X | Microsoft Windows Update | msoffice2.exe | "Added by the RBOT-GB WORM!"
|
| X | Microsoft Windows Update | msnmessenger.exe | "Added by the SDBOT.AJ WORM!"
|
| X | Microsoft Windows Update | msnwun.exe | "Added by the SDBOT-RM WORM!"
|
| X | Microsoft Windows Update | MSNMSGR.EXE | "Added by the SDBOT-WM WORM! Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %System%"
|
| X | Microsoft Windows Update Service | msnmsg.exe | "Added by a variant of the IRCBOT BACKDOOR!"
|
| X | Microsoft Windows Updater | msnupdateit.exe | "Added by the AGOBOT-RL WORM!"
|
| X | Microsoft Windows Updating System | msresource.exe | "Added by the RBOT-EAM WORM!"
|
| X | Microsoft Windows Visual V2.0 | msiutil.exe | "Added by the DELF.JPH TROJAN!"
|
| X | Microsoft Windows W32 Services | mssw32.exe | "Added by a variant of the SPYBOT WORM!"
|
| X | Microsoft Windows WKS Service | mstask0.exe | "Added by the SDBOT.FV WORM!"
|
| X | Microsoft Winsock | mswinsck.exe | "Added by the RBOT-ANK WORM!"
|
| X | Microsoft Winsock Service | msusvc.exe | "Added by the RBOT-ANS WORM!"
|
| X | Microsoft WinUpdate | msupdte.exe | "Added by an unidentified TROJAN! See examples here & here"
|
| X | Microsoft WM | mswm32.exe | "Added by the BCKDR-AM BACKDOOR!"
|
| X | Microsoft XML Service | msxmlx.exe | "Added by the RBOT.KS WORM!"
|
| X | Microsoft Xp Systems loader | winsystem32xp.exe | "Added by the KELVIR.W WORM!"
|
| X | Microsoft Xp Systems loaders | win32xpsys.exe | "Added by the SPYBOT.NYT WORM!"
|
| X | MicrosoftCorp | msnrmgs.exe | "Added by a variant of the IRCBOT BACKDOOR! See here"
|
| X | Microsoftf DDEs Control | msnn.exe | "Added by the RBOT-AXT WORM!"
|
| X | MicrosoftMessenger | msnserv.exe | "Added by the DARKER.M WORM!"
|
| X | Microsoftmsn32.exe | microsoftmsn32.exe | "Added by the CERTIF-C TROJAN!"
|
| X | MicrosoftNAPC | msnrmgs.exe | "Added by a variant of the IRCBOT BACKDOOR! See here"
|
| X | MicroSoftRun | MSCOMM.dll | "Added by the AGENT-DJG TROJAN!"
|
| X | Microsofts Help Services | msnmngr.exe | "Added by the SDBOT-PJ WORM!"
|
| X | Microsofts Updatez | cmsssr.exe | "Added by an unidentified VIRUS |
| X | MicrosoftServiceManager | mstask32.exe | "Added by the YAHA.P WORM!"
|
| X | MicrosoftServiceManager | msupdat.exe | "Added by the YAHA.AA WORM!"
|
| X | Micrsoft Driver | msdriver.exe | "Added by the SDBOT-XD WORM!"
|
| X | Miosf Update | wimsqaad.exe | "Added by the SDBOT.AG TROJAN!"
|
| X | Mircosoft Sockets SP2 | mssck.exe | "Added by the MYTOB.ET WORM!"
|
| X | mload | lxmstart.exe | "Added by an unidentified VIRUS |
| X | mmsass | mmdmm.exe | "Added by the SDBOT.SO WORM!"
|
| X | mmsddlx | [random filename] | "Added by a variant of the SLAPER TROJAN!"
|
| ? | mmsys | recover.exe | "??"
|
| X | MMSystem | "rundll32.exe mmsystem.dll | RunDll32" |
| X | mmxrun | msosa.exe | Added by an unidentified TROJAN or WORM!
|
| X | mmxrun | mswinindex.exe | "TwoSeven spyware"
|
| N | ModemUtility | mdmsetpe.exe | System Tray configuration icon for Aztech modems
|
| X | MoreContent | "rundll32.exe MSA64CHK.dll | DllMostrar" |
| X | mousedrive.exe | instantmsgrs.exe | "Added by the FORBOT-ER WORM!"
|
| N | Movielink Manager Uninstall | msvcmm32.exe | "Auto-update for Movielink - internet movie rental System Tray access"
|
| X | MP3Collection | "rundll32.exe MSA64CHK.dll | DllMostrar" |
| X | MP3download | "rundll32.exe MSA64CHK.dll | DllMostrar" |
| X | MP3files | "rundll32.exe MSA64CHK.dll | DllMostrar" |
| X | MP3freeDownload | "rundll32.exe MSA64CHK.dll | DllMostrar" |
| X | MP3freeDownloads | "rundll32.exe MSA64CHK.dll | DllMostrar" |
| X | MP3nice | "rundll32.exe MSA64CHK.dll | DllMostrar" |
| X | MP3Themes | "rundll32.exe MSA64CHK.dll | DllMostrar" |
| X | MP3ToTheMax | "rundll32.exe MSA64CHK.dll | DllMostrar" |
| X | MPR MSG | mprmsg32.exe | "Added by the MYTOB.CF WORM!"
|
| U | MPSExe | mscifapp.exe | McAfee.com Privacy Service - "combines personal identifiable information (PII) protection with online advertisement blocking and content filtering"
|
| X | ms | svhost32.exe | "Added by the LEGMIR-AQO TROJAN!"
|
| X | MS Agent Protection | ag1.exe | "Added by the IRCBOT.AZ BACKDOOR!"
|
| X | MS AntiSpyware 2009 | msas2009.exe | "MS AntiSpyware 2009 rogue spyware remover - not recommended |
| X | MS Auto-IPSec Protection | MSASP32.exe | "Added by the RBOT-AER WORM!"
|
| X | MS Autoloader 32 | MSAuto32.exe | "Added by the SPYBOT.BD WORM!"
|
| X | Ms Builders | Wupated.exe | "Added by the AGOBOT-SS WORM!"
|
| X | MS Config | msdconfig.exe | "Added by the RBOT-CZH WORM!"
|
| X | MS Config Loader | svchos1.exe | "Added by the AGOBOT.R WORM!"
|
| X | MS Config Loader | MSWin32bck.exe | "Added by the GAOBOT.AA WORM!"
|
| X | MS Config Loader | svcrhost.exe | "Added by a variant of the RBOT WORM!"
|
| X | MS Config Service | Msloader32.exe | "Added by the RBOT-KJ WORM!"
|
| X | MS Config Stream | msasm.exe | "Added by the AGOBOT-BA WORM!"
|
| X | MS Config v12 | mscfg12.exe | "Added by the AGOBOT.YP WORM!"
|
| X | MS Config v13 | lrbz32.exe | "Added by the GAOBOT.AOL WORM!"
|
| X | MS Config v13 | mscfg13.exe | "Added by the AGOBOT.YQ WORM!"
|
| X | Ms configsu | msconfigsu.exe | "Added by a variant of the SDBOT WORM!"
|
| X | MS Configuration | MSFramer.exe | "Added by the RANDEX.OL WORM!"
|
| X | Ms Configuration | microsoftsa32.exe | "Added by the KELVIR.X WORM!"
|
| X | MS Configuration Utility | msconfig32.exe | "Added by the WOOTBOT.DY WORM!"
|
| X | MS DATABASE | MSDATA32.EXE | "Added by a variant of the SDBOT WORM!"
|
| X | MS Decryption Software | active.exe | "MediaTickets adware variant"
|
| X | MS DirectX Sound Drivers | msdrvdx.exe | "Added by the RBOT.BCX WORM!"
|
| X | MS DLL Library Manager | dllsys64.exe | "Added by the RANKY TROJAN!"
|
| X | MS Domain Name Server Deamon | MSDNSD32.exe | "Added by the RBOT-CMZ WORM!"
|
| X | MS Domain Name System | MSWDNS32.exe | "Added by the RBOT-GKY WORM!"
|
| X | MS DVD DirectX Dll Drivers | mdxdl.exe | "Added by the SDBOT-XI WORM!"
|
| X | MS DVD DirectX Sound Drivers | msdrvdx.exe | "Added by the SDBOT-XJ WORM!"
|
| X | MS Explorer | mexplore.exe | "Added by the YAHA.AE WORM!"
|
| X | MS FIREWALL | msfrewall.exe | "Added by the SDBOT-PU WORM!"
|
| X | MS FIREWALL | msfirewall.exe | "Added by the SDBOT-QH WORM!"
|
| X | MS Host | msthost.exe | "Added by the SLENFBOT.AH WORM!"
|
| X | MS Host Manager | ivhost.exe | "Added by the RBOT-BJN WORM!"
|
| X | MS Hosts | msthosts.exe | "Added by a variant of the IRCBOT BACKDOOR! See here"
|
| X | MS HTML | msHtml.exe | "Added by the PESTDOOR.31 TROJAN!"
|
| X | MS HTML | mslat.exe | "Added by the LATINUS.SVR TROJAN!"
|
| X | MS HTML Location Class | MSHTML32.exe | "Added by the RBOT-YD WORM!"
|
| X | MS Initial | mstinitial.exe | "Added by the IRCBOT.ASP BACKDOOR!"
|
| X | MS Internet Executor 32 | MSIXEC32.exe | "Added by the RBOT-AEQ WORM!"
|
| X | MS Internet Explore | MSIEx.exe | "Added by a variant of the RBOT WORM!"
|
| X | MS Java Applets for Windows NT & XP | javaapplet.exe | "Added by the RBOT.BHG WORM!"
|
| X | Ms Java for Windows NT | MS32.exe | "Added by the VANEBOT-H WORM!"
|
| X | Ms Java for Windows NT | msi32java.exe | "Added by the VANEBOT-I WORM!"
|
| X | Ms Java for Windows NT | msjava.exe | "Added by the VANEBOT-E WORM!"
|
| X | Ms Java for Windows NT | msi32info.exe | "Added by the RBOT.AFX WORM!"
|
| X | MS Java for Windows XP & NT | javanet.exe | "Added by the VANEBOT-A WORM!"
|
| X | MS Java Service Wrapper Windows NT & XP | wrapper.exe | "Added by the VANEBOT-D WORM!"
|
| X | Ms Java Update For Windows NT/XP | msijavaupdt32.exe | "Added by the RANDEX.AF WORM!"
|
| X | MS Java virtual machine | javavm.exe | "Added by the RBOT.ABG WORM!"
|
| X | MS LARISSA | MS_LARISSA.exe | "Added by the ASSIRAL.B WORM!"
|
| X | MS lsass Startup | lsass135.exe | "Added by the RBOT.WM WORM!"
|
| ? | MS management console | mms.exe | "Suspicious as the legitimate ""Microsoft Management Console"" is ""mmc.exe"" and not ""mms.exe"" and doesn't normally run at startup"
|
| X | MS Microsoft Socket Deamon | MSSCKD32.exe | "Added by a variant of the RBOT WORM!"
|
| X | MS MSN Menssenger 7.0 | MSMSN7.exe | "Added by the RBOT-ACA WORM!"
|
| X | MS MSN Menssenger 7.0 | MSEXPORT.exe | "Added by a variant of the SDBOT WORM!"
|
| X | MS Network Control | mswin.exe | "Added by the DUMBA TROJAN!"
|
| X | MS Office | Office10.exe | "Added by the VB.DT TROJAN!"
|
| X | ms ownage | winPE.exe | "Added by the RBOT-AJL WORM!"
|
| X | MS Paint | mspainter.exe | "Added by a variant of the IRCBOT BACKDOOR! See here"
|
| X | MS PLUS INC | wpad.exe | "Added by the MYTOB-AN WORM!"
|
| X | Ms Processe Manager | msproc.exe | "Added by the RBOT.ATO WORM!"
|
| X | MS Real Player | RealPlyr.exe | "Added by the RBOT.MR WORM!"
|
| X | MS Registry Service | MSRMS32.exe | "Added by the RBOT-AKP WORM!"
|
| X | MS Remote Procedure Call | msrpc32.exe | "Added by the RBOT-QL WORM!"
|
| X | MS Screen Saver | scrsave.scr | "Added by the RBOT-AGT WORM!"
|
| X | MS Security | systm.pif | "Added by the RBOT-AQN WORM!"
|
| X | MS Security Authority Service | lsass.exe | "Added by the KALEL-B WORM! Note - this is not the legitimate lsass.exe process |
| X | MS Security Hotfix | service5.exe | "Added by the GAOBOT.AG WORM!"
|
| X | MS Security Update 993 | msident.exe | "Added by a variant of the SDBOT WORM!"
|
| X | MS service | msservice.exe | "Added by the RBOT-ZG WORM!"
|
| X | MS Service Drivers | winscv.exe | "Added by the SDBOT-COG WORM!"
|
| X | Ms sock for Windows NT | winser.exe | "Added by a variant of the SDBOT WORM!"
|
| X | MS Sound Config 16bit | sndcfg16.exe | "Added by the SDBOT.MB TROJAN!"
|
| X | Ms Sound Drivers | msdrv.exe | "Added by the SDBOT-WR WORM!"
|
| X | ms spool service | msspooler.exe | "Added by a variant of the RBOT WORM!"
|
| X | Ms Spool32 | MS SPOOL32.EXE | "Added by the ASASSIN TROJAN!"
|
| X | MS SyS Restore | sysrestore.exe | "Added by the RBOT.XM WORM!"
|
| X | MS Sys Security | mswin.pif | "Added by the RBOT-APJ WORM!"
|
| X | MS System Call Function | msscf32.exe | "Added by the RBOT-GBZ WORM!"
|
| X | Ms System Config | Mscfg.exe | "Added by the SDBOT-CCR WORM!"
|
| X | Ms System Config | pcedit.exe | "Added by a variant of the SDBOT WORM!"
|
| X | MS System Security | mswin32.pif | "Added by the RBOT-AOX WORM!"
|
| X | Ms task manager | tskmgr.exe | "Added by the SDBOT.CCD WORM!"
|
| X | MS Task Manager 32 | [trojan filename] .exe | "Added by the RANKY.NF TROJAN!"
|
| X | MS taskbar | crssr.exe | "Added by the RBOT-AGO WORM!"
|
| X | MS taskbar | nts.exe | "Added by the RBOT-AGB WORM!"
|
| X | MS taskbar | taskbars.exe | "Added by the RBOT.BRW WORM!"
|
| X | MS Taskbars | taskbars.exe | "Added by the SDBOT-ACV WORM!"
|
| X | MS taskmanager | tskmgr.exe | "Added by the RBOT-AKA WORM!"
|
| X | MS Time | timezone.exe | "Added by the AGOBOT.ADY WORM!"
|
| X | MS UniX | navupdate64.exe | "Added by the RBOT.CRZ BACKDOOR!"
|
| X | MS Unix Binary | win32ttb.exe | "Added by the SPYBOT.OQ WORM!"
|
| X | MS Unix Binary | msmq2inst.exe | "Added by the RBOT-YF WORM!"
|
| X | MS Unix Binary | msnupdate.exe | "Added by the RBOT-AAM WORM!"
|
| X | MS Unix Binary | outlookexpressupdate.exe | "Added by the RBOT-YU WORM!"
|
| X | MS Unix Binary | Win32Update.exe | "Added by the RBOT-BAS WORM!"
|
| X | MS Unix Binary | Norton2005Update.exe | "Added by a variant of the RBOT WORM!"
|
| X | MS Unix Binary | trmupdate.exe | "Added by the RBOT-ACC WORM!"
|
| X | MS Unix Binary | WinGuard.exe | "Added by the RBOT-ACL WORM!"
|
| X | MS Unix Binary | msnq3insller.exe | "Added by the RBOT.GXH BACKDOOR!"
|
| X | MS Update | syshost.exe | "Added by the EVAMAN-F WORM!"
|
| X | Ms Update WinServices NT/XP | winservnt32.exe | "Added by the VANEBOT-G WORM!"
|
| X | MS UPDATER | update.exe | "Added by the RBOT-VC WORM!"
|
| X | MS Updates | mscache.exe | Spyware web downloader
|
| X | MS Updates | syshosts.exe | "Added by the MYDOOM.Y WORM!"
|
| X | MS Updates | aupd.exe | Spyware web downloader
|
| X | MS Updating Utility | msupdater.exe | "Added by the RBOT-XR WORM!"
|
| X | MS USB 2.0 Windows Support | msusb32.exe | "Added by a variant of the RBOT WORM!"
|
| X | Ms Valud Loader | Svhots.exe | "Added by the AGOBOT-SP WORM!"
|
| X | MS Win32 Network Services | windriver.exe | "Added by the AGOBOT.ADH WORM!"
|
| X | ms window update | ******.exe [* = random character] | "Added by a variant of the RBOT WORM!"
|
| X | MS Windows AOL Driver | MSAOLdrv.exe | "Added by the RBOT-ASP WORM!"
|
| X | MS windows Data list process | MSDATLST.exe | Added by an unidentified WORM or TROJAN!
|
| X | MS Windows Executor Process | MSEXECP32.exe | "Added by a variant of the RBOT WORM!"
|
| X | MS Windows Local Directory | MSWLD32.exe | "Added by a variant of the RBOT WORM!"
|
| X | MS Windows procces 32 | msprocces.exe | "Added by the RBOT-AEZ WORM!"
|
| X | MS Windows Process Class | MSPRCSS32.exe | "Added by the RBOT-YQ WORM!"
|
| X | MS Windows Process Init | MSWPI32.exe | "Added by the RBOT-ASQ WORM!"
|
| X | MS Windows Security Updater | updater.pif | "Added by the RBOT-AKY WORM!"
|
| X | MS Windows System Alert | MSWSA32.exe | "Added by the RBOT-BFN WORM!"
|
| X | MS Windows TASK Service | MSWTASK32.exe | "Added by a variant of the RBOT WORM!"
|
| X | MS Windows Update | scguard.exe | "Added by the RBOT-YZ WORM!"
|
| X | MS WINS Binary | ign32.pif | "Added by the RBOT-ASB WORM!"
|
| X | MS Winsock | msws2_32.exe | "Added by the AKBOT-A TROJAN!"
|
| X | ms************* [* = random digit] | ms*************.exe [* = random digit] | "WINBO adware"
|
| X | Ms**.exe [* = random char] | Ms**.exe [* = random char] | "CoolWebSearch/HomeSearch adware - for examples |
| X | Ms**32.exe [* = random char] | Ms**32.exe [* = random char] | "CoolWebSearch/HomeSearch adware - for examples |
| X | MS-Connect | arr.exe | "Adult content dialler - see here"
|
| X | MS-Connect | cdm.exe | "Adult content dialler - see here"
|
| X | MS-Connect | game.exe | "Adult content dialler - see here"
|
| X | MS-Connect | msite18.exe | "Adult content dialler - see here"
|
| X | MS-Connect | web.exe | "Adult content dialler - see here"
|
| X | MS-DOS Boot Service | Boot32.pif | "Added by the RBOT-AMF WORM!"
|
| X | MS-DOS Security Service | ms-dos.pif | "Added by the RBOT-AMR WORM!"
|
| X | MS-DOS Service | MS-DOS.pif | "Added by the RBOT-AII WORM!"
|
| X | MS-DOS Windows Service | MS-DOS.PIF | "Added by the RBOT-AJW WORM!"
|
| X | MS-HTML | [random filename] | "Added by the LATINUS.15 TROJAN!"
|
| X | MS-patch | msconfig32.exe | "Added by the RBOT-AUF WORM!"
|
| X | MS-patch | mspatch32.exe | "Added by the RBOT-AWF TROJAN!"
|
| X | MS-RunKey | arr.exe | MS-Connect dialler/hijacker
|
| X | ms2src | ms2src.exe | "Added by a TROJAN - see here"
|
| X | MS32DLL | achi.dll.vbs | "Added by the ACHI-A TROJAN!"
|
| X | MS32DLL | Bha.dll.vbs | "Added by the BUTSUR-A WORM!"
|
| X | MS32DLL | MS32DLL.dll.vbs | "Added by the ZODGILA WORM!"
|
| X | MS32DLL | ffqca.exe | "Added by the SDBOT-YD WORM!"
|
| X | MS7531 | ms7531.exe | Homepage hijacker
|
| X | MSACM | msacm.exe | "Added by the OPASERV-O WORM!"
|
| X | msadcheck | msadcheck32.exe | "Browser hijacker |
| X | MSAdmin | jdbgmrg.exe | "Added by the DASMIN.A TROJAN! Note - this is not the valid JDBGMGR.EXE file - see here"
|
| X | MSAgent | mshtm.exe | Browser hijacker - redirecting to buldog-search.com
|
| X | MSAgent | hhnt.exe | "AGENT.JI spyware"
|
| X | MSAgentXP | MSAgentXP.exe | Identified by Ewido Security Suite (Ewido is now part of AVG Technologies) as the REQLOOK.C TROJAN!
|
| U | msaim | msaolim.exe | "MessageSpy keystroke logger/monitoring program - remove unless you installed it yourself!"
|
| X | msappts32 | msappts32.exe | "Added by the ELBURRO-A TROJAN!"
|
| Y | MSASCui | MSASCui.exe | "Main user interface for Microsoft's Windows Defender on XP/Vista - which ""helps protect your computer against pop-ups |
| X | MsAudio | explorer.exe | "Added by the LEGMIR-BY TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%"
|
| X | MsAudio | "MsVM_STI.EXE RunDll32 cmicnfg.cpl | CMICtrlWnd" |
| X | msavsc.exe | msavsc.exe | "Added by the AGENT.ANQ TROJAN!"
|
| X | MSbackups | backups.exe | "Added by the BANLOAD-TL TROJAN!"
|
| X | msbb | msbb.exe | "180Search adware"
|
| X | Msbb.exe | Msbb.exe | "Added by the SDBOT.QJ WORM!"
|
| X | msbcs | msbcs.exe | "Added by the DADOBRA-G TROJAN!"
|
| X | MsBootMgr.exe | MsBootMgr.exe | "Added by the VERIFY TROJAN!"
|
| X | msbsc | [path to trojan] | "Added by the BANKER-DF TROJAN!"
|
| X | msc | msc.exe | "MaCatte Antivirus 2009 rogue security software - not recommended |
| X | msccrt | msccrt.exe | "Added by the PWS-ALA TROJAN!"
|
| X | mscheck | rundll32.exe wincheck071008.dll mymain | "Added by the AGENT.ADXI TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The ""wincheck071008.dll"" file is located in %System%"
|
| X | mschkdf.exe | mschkdf.exe | "Added by a variant of the SDBOT WORM!"
|
| X | MSChoExE | suge.exe | "Added by a variant of the RBOT WORM!"
|
| ? | msci | mcinfo.exe | "McAfee Internet Security related. What does it do and is it required?"
|
| X | msclac | msclac.exe | "Added by the SDBOT-JM WORM!"
|
| X | msclean | msvchost.exe | "Added by the OPANKI-Q WORM!"
|
| X | mscman | mscman.exe | "ClientMan parasite variant"
|
| X | mscms | mscms.exe | "Added by the AGENT-MS TROJAN!"
|
| U | mscn | mscn.exe | Part of the SafeChildNet internet filtering program - required if you use it
|
| X | Mscnt | mscnt.exe | "Added by the DLUCA-C TROJAN!"
|
| X | Mscolour | mscolour.exe | "Added by the GEMA TROJAN!"
|
| X | MSCommX | mscommx.exe | "Added by a variant of the RBOT WORM!"
|
| X | Msconf32 | Msconf32.exe | "Added by the AGOBOT-NR WORM!"
|
| X | MSCONFG32.EXE | MSCONFG32.EXE | "Added by the OPTIX.04.C TROJAN!"
|
| N | MSConfig | msconfig.exe | Entry that appears when you uncheck an item in the MSConfig Startup group and will disappear if on the next reboot you select the option to not be reminded that you are running in Selective Startup mode. Located in %System% (98/Me/Vista) or %Windir%\PCHealth\HelpCtr\Binaries (XP)
|
| X | MSConfig | MSCONFIG32.EXE | "Added by the SPYBOT.B WORM!"
|
| X | msconfig | msconfig.exe | "CoolWebSearch MSConfig parasite variant. Note - this overwrites the legitimate msconfig.exe which should only appear in Msconfig/Startup if you leave the warning box unchecked after changing an Msconfig entry and rebooting"
|
| X | msconfig | msconfig.exe | "Added by the WINUR WORM! Note - this is not the legitimate msconfig.exe which should only appear in Msconfig/Startup if you leave the warning box unchecked after changing an Msconfig entry and rebooting. This one is located in c:\winrun"
|
| X | msconfig | wins.exe | "Added by the RBOT.PF WORM!"
|
| X | MSConfig | MSCONFIG35.EXE | "Added by a variant of the SPYBOT WORM!"
|
| X | msconfig | scvhost.exe | "Added by the AGENT-DSF TROJAN!"
|
| X | msconfig | winlog.exe | "Added by the IRCBOT-TJ TROJAN!"
|
| X | Msconfig | icpldrvx.exe | "Added by the BANLOAD.BFT TROJAN!"
|
| X | msconfig | msconfig.com | "Added by the IRCBOT-SM WORM!"
|
| X | msconfig | msconfig.bat | "Added by the PAHATIA.B WORM!"
|
| X | MSConfig | lssas.exe | "Added by the AUTORUN.CEY WORM!"
|
| X | MSConfig | xwpwqf.exe | "Added by the AGENT-NEW TROJAN!"
|
| X | Msconfig lptt01 | msconfig.exe | "RapidBlaster variant (in a ""msconfig"" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here. Note - this is not the valid Windows Msconfig which has the same executable name"
|
| X | MSConfig Manager | msupdate.exe | "CoolWebSearch parasite variant"
|
| X | Msconfig ml097e | msconfig.exe | "RapidBlaster variant (in a ""msconfig"" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here. Note - this is not the valid Windows Msconfig which has the same executable name"
|
| X | msconfig service | MSupdate32.exe | "Added by a variant of the SPYBOT WORM!"
|
| X | msconfig. | msconf.exe | "Added by the BUZUS-AY WORM!"
|
| X | msconfig.exe | proxy.exe | Added by a variant of the AGENT.AH downloader TROJAN!
|
| X | msconfig.exe | uline.exe | Added by a variant of the AGENT.AH downloader TROJAN!
|
| X | msconfig38 | mssvcc.exe | "Added by the RBOT-BJV WORM!"
|
| X | MSConfig45 | MSConfig45.exe | "Added by the SDBOT.OJ TROJAN!"
|
| X | MSConfigr | jdbgmrg.exe | "Added by the DASMIN.C TROJAN! Note - this is not the valid JDBGMGR.EXE file - see here"
|
| N | MSConfigReminder | msconfig.exe | Entry that appears when you uncheck an item in the MSConfig Startup group and will disappear if on the next reboot you select the option to not be reminded that you are running in Selective Startup mode. This particular entry is specific only to 98/Me and is located in %System%
|
| X | MsConfigs | MsConfigs.exe | "Added by the ALCAN.A WORM!"
|
| X | MSConfigs | RUNDLL64.dll.vbs | "Added by the WEKODE-B WORM!"
|
| X | msconfigurator | ctfsdk.exe | "Added by the DELF-ALS TROJAN!"
|
| X | MSControl28 | crsss.exe | "Added by the SPYBOT.AJX WORM!"
|
| X | MSControl31 | winnsyst.exe | "Added by the RBOT.CFY WORM!"
|
| X | MSControl3d1 | isasse.exe | "Added by the RBOT.CGU WORM!"
|
| X | MSCORE | syscnfg.exe | "Added by an unidentified VIRUS |
| ? | MSCRMStartup | Microsoft.Crm.Application.Hoster.exe | "Related to Microsoft Dynamics CRM integrated solutions for Financial |
| X | Mscsgs | MSCSGS.EXE | "Added by the ZEZER WORM!"
|
| X | Mscsgs32 | MSCSGS32.EXE | "Added by the ZEZER WORM!"
|
| X | mscsvc.exe | mscsvc.exe | "Added by the BANCOS.T TROJAN!"
|
| X | msctfg32 | msctfg32.exe | "Added by the RBOT-TJ WORM!"
|
| X | msctrl.exe | msctrl.exe | "Microsoft Security Adviser rogue security software - not recommended"
|
| X | Msctrl32 | Msctrl32.scr | "Added by the REDIST WORM!"
|
| X | MSCVT | MSCVT.exe | "Added by the SLIDESHOW WORM!"
|
| X | MSDatabla | vadasq.exe | "Added by the LIOTEN.IK WORM!"
|
| X | msdbgm.exe | msdbgm.exe | "Added by the CIMUZ-CQ TROJAN!"
|
| X | MSDcom | MSDcom.exe | "Added by a variant of the SDBOT WORM!"
|
| X | msdefender | msdefender.exe | "Identified as a variant of the PAKES.CMD TROJAN! See here for an example"
|
| X | msdefender.exe | msdefender.exe | "Added by the PAKES.ZL TROJAN!"
|
| X | msdev | msdev.exe | "Added by the FORBOT-CR WORM!"
|
| X | msdev | msconfig.exe | "Added by the AGOBOT.AAU WORM! Note - this is not the legitimate msconfig.exe which should only appear in Msconfig/Startup if you leave the warning box unchecked after changing an Msconfig entry and rebooting"
|
| X | msdev control | msdevctrl.exe | "Added by the SPYBOT.N BACKDOOR!"
|
| X | msdir32 | msdir32.bat | "Added by the ROOKIE-A TROJAN!"
|
| X | msdirect.exe | msdirect.exe | "Added by the CERTIF-L TROJAN!"
|
| X | MSDLL | syscnfg.exe | "Added by an unidentified VIRUS |
| X | Msdmxm | msdmxm.exe | "Added by the DLUCA-DC TROJAN!"
|
| X | MSDN | nese.exe | Added by the SDBOT.AHY WORM!
|
| X | MSDN for Windows NT | msdn.exe | "Added by a variant of the RBOT WORM!"
|
| X | MSDN for Windows NT & WinXP | msdnxp.exe | "Added by the IRCBOT-PE WORM!"
|
| X | MSDN for Windows with NT's | msdn-nt.exe | "Added by the RBOT-EWD WORM!"
|
| X | MSDN HELP | msdn.exe | "Added by the AGOBOT.AIB WORM!"
|
| X | MSDNMess | [path to trojan] | "Added by the RANKY.BA TROJAN!"
|
| X | MSDNN | help.exe | "Added by the AGENT-GBK TROJAN!"
|
| X | MSDOS Security Service | msdos.pif | "Added by the RBOT-AMP WORM!"
|
| X | MSDOS Service | MSDOS.PIF | "Added by the RBOT-AIY WORM!"
|
| X | MSDOS Windows Service | MSDOS.PIF | "Added by the RBOT-AKF WORM!"
|
| X | Msdos32 | Msdos32.pif | "Added by the RECORY WORM!"
|
| X | msdos423 | msdos423.exe | "Added by the MENACE.A WORM!"
|
| X | MSDosdrv | msdosdrv.exe | "Added by the BACROS WORM!"
|
| X | MSDrive | rundll32.exe drvkoc.dll | "Added by a variant of the OP DIALER! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The ""drvmod.dll"" file is found in %System%"
|
| X | MSDrive | rundll32.exe drvmod.dll | "Added by a variant of the OP DIALER! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The ""drvmod.dll"" file is found in %System%"
|
| X | MSDrive | rundll32.exe drvsoh.dll | "Added by a variant of the OP DIALER! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The ""drvmod.dll"" file is found in %System%"
|
| X | MSDRV | NetFilter.exe | "Added by the INTERRUPDATE TROJAN!"
|
| X | msdrvctrl | msdrvctrl.exe | "Added by the VIDCACH-A TROJAN!"
|
| N | MSDTC | msdtc.exe | MS Distributed Transaction Coordinator - handles transactions across multiple servers and is installed by MS Personal Web Server and MS SQL Server
|
| X | Msemu32 | Msemu32.exe | Unidentified spyware/adware/hijacker
|
| X | msennger | l4m3r.exe | "Added by the PROGENT-AF TROJAN!"
|
| X | msennger | ournik.com | "Added by the IRCFLOOD.AL BACKDOOR!"
|
| X | mserv | seres.exe | "Added by the AGENT-LIL WORM!"
|
| X | mservices.exe | mservices.exe | "Added by the SDBOT.WJ WORM!"
|
| X | mset | svchost.exe | "Added by the BIZEX-F TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ""mset"" sub-directory"
|
| X | Msfind | Msfind.exe | "CoolWebSearch parasite variant"
|
| X | MSFind32 | msfind32.exe | "Added by the CAYAM WORM!"
|
| X | msfindosa.exe | msfindosa.exe | "Added by the DOWNLOADER-BS TROJAN!"
|
| X | MSFTP Service Config | r3grun.exe | "Added by a variant of the SDBOT WORM!"
|
| X | msfw.exe | msfw.exe | "Microsoft Security Adviser rogue security software - not recommended"
|
| X | MSFWAVTSM | FTPDev.exe | "Added by the RBOT-ACF WORM!"
|
| X | Msg Fixage | msgfixed.exe | "Added by the SDBOT.ZD WORM!"
|
| X | MsgApi | [path to file] | "Added by the DEDLER-D TROJAN! The most common filenames seen are ""csmss.exe"" and ""csmrs.exe"" |
| X | msgb1 | msgb1.exe | Added by the DLUCA.GEN TROJAN!
|
| N | MsgCenterExe | RealOneMessageCenter.exe | "RealNetworks RealPlayer related - disabling this application will not affect Real Player in any way"
|
| X | msgex32 | msgex32.exe | "Added by the APPFLET-A WORM!"
|
| X | msgina | wuauclt2.exe | "Added by the IYUS-H TROJAN!"
|
| X | Msgmgr | [path to worm] | "Added by the BABYBEAR WORM!"
|
| X | msgmsgs | peremption.exe | "Added by the SDBOT-KU WORM!"
|
| X | msgserv_ | Syss.exe | "Added by the FANTA TROJAN!"
|
| X | msgsm32 | msgsm32.exe | "Added by the RBOT-ASG WORM!"
|
| X | Msgsrv16 | Msgsrv16.exe | "Added by the DELF family of TROJANS!"
|
| Y | MSGSRV32.exe | msgsrv32.exe | "Windows 32-bit VxD Message Server. For more information on its function and why it's needed |
| X | Msgsvc32 | [worm filename] | "Added by the NAUTICAL-A WORM!"
|
| X | MsgSvcMgr32 | cmdzxdll.exe | "Added by the RBOT-AEK WORM!"
|
| X | msgsvr32 | msgsvr32.exe | "Added by the DEADHAT.B WORM! Note - this is not the legitimate msgsvr32.exe process on a Win9x/Me system which should not appear in MSConfig/startup!"
|
| U | MSGTAG | MSGTAG.exe | "MSGTAG is an application that tells you when your emails have been received and opened"
|
| X | Msgtray | sys16.exe | Added by an unknown VIRUS!
|
| X | Mshelp32 | mshelp32.exe | "CoolWebSearch parasite variant"
|
| X | mshmail | mshmail.exe | "Added by the INJECT.JDT TROJAN!"
|
| X | Mshosts | Mshosts.exe | "Added by the STARTPAG.CF TROJAN!"
|
| X | MSHT@ | MSHT@.EXE | "Added by the MAGISTR.A VIRUS!"
|
| X | mshtmll | mshtmll.dll | "Added by the DELF.BAS TROJAN!"
|
| X | MSI Configuration | msiconf.exe | "Added by the AGENT.AKSZ TROJAN!"
|
| X | msiconf.exe | msiconf.exe | Added by a variant of the FAKEALERT TROJAN!
|
| X | msidle | msidle.exe | "Added by the OPASERV-O WORM!"
|
| X | MsIdle32.exe | MsIdle32.exe | "Added by the VERIFY TROJAN!"
|
| X | MSIdll | winmp.exe | "Added by a variant of the RBOT WORM!"
|
| X | MSIE Parsers | MSIE32ab.exe | "Added by the SDBOT.MV WORM!"
|
| X | msiemon.exe | msiemon.exe | "Microsoft Security Adviser rogue security software - not recommended"
|
| X | msiew | mseiw.exe | "Added by the LITTLOG TROJAN!"
|
| X | MSIEXEC | MSIEXEC32.exe | "Added by the AINESEY.A WORM!"
|
| X | MSIEXEC | MSIEXEC.EXE | "Added by the YOSENIO-A VIRUS!"
|
| X | msiexecs | msiexecs.exe | "Added by the SILLYFDC.BBB WORM!"
|
| X | msiexecs.exe | msiexecs.exe | "Added by a variant of the SDBOT WORM!"
|
| X | msig | disk10.exe | "Added by the BANBRA-KF TROJAN!"
|
| X | MsIMMs32 | MsIMMs32.exe | "ONLINEG.GDJ spyware"
|
| X | msimn | msimn.exe | "Added by the AGOBOT.JL WORM!"
|
| X | MSIMN32 | MSIMN32.EXE | "Added by the CWS-M TROJAN!"
|
| ? | MSIN | MSin.exe | "??"
|
| X | Msinet | Msinet.exe | "Added by the RBOT-AOA WORM!"
|
| X | MSInfo | msinfo.exe | "Added by the ALADINZ.M TROJAN!"
|
| X | MSInfo | AVBgle.exe | "Added by the NETSKY.O WORM!"
|
| X | MSInstall | smvss.exe | "Added by the DEDLER-G TROJAN!"
|
| X | msjava service | xpcd.exe | "Added by the SDBOT.VM WORM!"
|
| X | msjdqs | fddwqt.exe | "Added by the SDBOT-PO WORM!"
|
| U | MskAgent | MskAgent.exe | "McAfee SpamKiller - rule-based and list-based spam filter. Available as a stand-alone product or included in older versions of Internet Security and Total Protection"
|
| U | MskAgentexe | MskAgent.exe | "McAfee SpamKiller - rule-based and list-based spam filter. Available as a stand-alone product or included in older versions of Internet Security and Total Protection"
|
| X | MSKCES32 | [random filename] | "Added by the CLONER TROJAN!"
|
| U | MSKDetectorExe | MSKDetct.exe | "Part of McAfee Spamkiller"
|
| X | MSKernel32 | MSKernel32.vbs | "Added by the LOVELETTER (I LOVE YOU) VIRUS!"
|
| X | MSkernel32 | System.exe 4820 | "Added by the TUXDER BACKDOOR!"
|
| U | MSKExe | spamkiller.exe | "McAfee Spamkiller"
|
| X | mskj | mskj.exe | "Added by the KAEMON TROJAN!"
|
| X | mskrider | maskrider.dll.vbs | "Added by the SOLOW-F WORM!"
|
| U | MSKServerExe | MSKSrvr.exe | "Part of McAfee Spamkiller"
|
| X | mslagent | mslagent.exe | "Added by the WINTRIM-F TROJAN!"
|
| X | MSLARISSA | MSLARISSA.pif | "Added by the ASSIRAL.B WORM!"
|
| ? | MSLIB32 | mswatch32.exe | "??"
|
| X | msliveupdate | msliveupdate.exe | "Added by the AGOBOT.ALT WORM!"
|
| X | MSLog | MicrosoftLog.exe | "Added by a variant of the SDBOT WORM!"
|
| X | Mslogon lptt01 | mslogon.exe | "RapidBlaster variant (in a ""Mslogon"" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here"
|
| X | Mslogon ml097e | mslogon.exe | "RapidBlaster variant (in a ""Mslogon"" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here"
|
| X | msm | msm.scr | "Added by the BANKER-EHJ TROJAN!"
|
| X | msmacro32 | msmacro32.exe | Identified as a variant of the AGENT.QB TROJAN!
|
| X | msmacro32 | msmacro64.exe | "Added by a variant of the BACKDOOR-DOQ TROJAN!"
|
| X | MsManager | msmgr32.exe | "Added by the YAHA.AF WORM!"
|
| X | msmanager32 | msmngr32.exe | "Added by the RANDON-R (or WOMANIZ.A) WORM!"
|
| X | msmautoprotect | msmssgs.exe | "Added by the BIFROSE-AJ TROJAN!"
|
| X | msmc | mscpbo.exe | "ClientMan parasite variant"
|
| X | msmc | msgdmf.exe | "ClientMan parasite variant"
|
| X | msmc | msongn.exe | "ClientMan parasite variant"
|
| X | msmc | msmc.exe | "ClientMan parasite variant"
|
| X | msmc | ms****.exe [* = random char] | "ClientMan parasite variant"
|
| X | MSMcAfeee | Avsynmgr32e.exe | "Added by the FRAMAR TROJAN!"
|
| X | MSMcAfeeh | Avsynmgr32h.exe | "Added by the FRANGO TROJAN!"
|
| X | MSMcAfeeS | Avsynmgr32S.exe | "Added by the VOLAC or VOLAC.DR TROJANS!"
|
| X | MSMessnger | msnupd.exe | "Added by the RBOT-ADY WORM!"
|
| ? | msmgr | msmgr.exe | "??"
|
| X | msMGR | rtkmsg.exe | "Added by the SDBOT-BPY WORM!"
|
| X | Msmgt | msmgt.exe | "Total Velocity adware/hijacker"
|
| X | msmmi | msmmi.exe | "Added by the AGENT.RFR TROJAN!"
|
| X | MSMNTGNT | MSMNTGNT.EXE | "Added by the BANKER-IE TROJAN!"
|
| X | MSMNTJBE | MSMNTJBE.EXE | "Added by the BANCOS-EF TROJAN!"
|
| X | MSMNTJNG | MSMNTJNG.EXE | "Added by the GRABER-G TROJAN!"
|
| X | MSMNTMTS | MSMNTMTS.EXE | "Added by the BANKER-GZ TROJAN!"
|
| X | msmon | msmon.exe | "Added by a variant of the GEMA.D TROJAN!"
|
| X | MsMon32 | MsMon32b.exe | "Added by the SDBOT.O BACKDOOR!"
|
| X | MsMovies | MsMovies.exe | "Added by the ALCRA-E WORM!"
|
| ? | MsmqIntCert | regsvr32 /s mqrt.dll | "Microsoft Message Queue Server - Internal Certificate - see here for more info and here for a potential problem. Is it required?"
|
| X | MSMSGNER | [4-8 random letters].exe | "Added by the FOWLDO-GEN TROJAN!"
|
| X | MSMSGNER | zzgf.exe | "Added by the PWS-CCB TROJAN!"
|
| X | MSMSGNER | fgozmox.exe | "Added by the AGENT-EBJ BACKDOOR!"
|
| X | msmsgr | msmsgss.exe | "Detected by Kaspersky as the RBOT.AJJ WORM!"
|
| N | MSMSGS | msmsgs.exe | "Windows Messenger instant messenger utility included with Windows 2K/XP. Available via the Start menu. Go to Windows Messenger → Tools → Options → Preferences and uncheck ""Run this program when Windows starts"""
|
| X | Msmsgs | Msmsgs.exe | "Added by the SILLYFDC-AP WORM! Note - this particular msmsgs.exe file is located in %System% and should not be mistaken for the MSN Messenger file of the same name which is located in %Program Files%\Messenger"
|
| X | MSMsgs | msmessgs.exe | "Added by the SMALL-EW TROJAN!"
|
| X | msmsgs | msmsgs.exe | "Added by the SCLOG-AL TROJAN! Note - this particular msmsgs.exe file is located in %System% and should not be mistaken for the MSN Messenger file of the same name which is located in %Program Files%\Messenger"
|
| X | MSMSGS | winlogon.exe | "Added by the BRONTOK-BS WORM! Note - this is not the legitimate winlogon.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in Documents and Settings\<User>\Local Settings\Application Data\WINDOWS"
|
| X | msmsgs.exe | IEXPLORE.EXE | "Added by the VB.FQX TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System%"
|
| X | MsMsgSrv | msmsgsrv.exe | "Added by the CQO TROJAN!"
|
| X | msmsgss | [path to trojan] | "Added by the RANKY.G BACKDOOR!"
|
| X | MSMsgSvc | MSMSGSVC.exe | "Browser hijacker |
| X | msmsngr | msmsngr.exe | "Added by the DOPBOT-B WORM!"
|
| X | msn | system32.exe | "Added by the KITRO.A WORM!"
|
| X | msn | msnmsg.exe | "Added by the RBOT-GO WORM!"
|
| X | MSN | msnmsgs.exe | "Added by the RBOT-KL WORM! Note - not to be confused with msmsgs.exe |
| X | MSN | ctfmoons.exe | "Added by the SPYBOT.HI WORM!"
|
| X | MSN | msnmesengers.exe | "Added by the RBOT-ME WORM!"
|
| X | MSN | MSN.exe | "Added by the MINIT WORM!"
|
| X | MSN | msnmsgr.exe | "Added by the MYTOB or MYTOB.B WORMS! Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %System%"
|
| X | msn | msnsvc.exe | "Added by a variant of the SDBOT WORM!"
|
| X | MSN | msn16.exe | "Added by the SDBOT-VN WORM!"
|
| X | MSN | msnsgr.exe | Added by an unidentified WORM or TROJAN!
|
| X | MSN | install.exe | "Added by the AGENT-GDO TROJAN!"
|
| X | MSN | netstats.exe | "Added by the IRCBOT.UXP WORM!"
|
| X | MSN | scvhost.exe | "Added by the IRCBOT-ZW WORM!"
|
| X | MSN | wdlrss.exe | "Added by a variant of the SDBOT TROJAN!"
|
| X | MSN | wkssvr.exe | "Added by the PUSHBOT.S WORM!"
|
| X | MSN | Fixdriver.exe | "Added by the SILLYFDC.BBY WORM!"
|
| X | MSN | iTuneshelp.exe | "Added by a variant of the IRCBOT BACKDOOR! See here"
|
| X | MSN | lsass32.exe | "Added by a variant of the IRCBOT BACKDOOR! See here"
|
| X | MSN | msscomd.exe | "Added by a variant of the SPYBOT WORM! See here"
|
| X | MSN | systems.exe | Identified as a variant of the Backdoor.PosionIvy keylogging malware
|
| X | MSN | taskngr.exe | "Added by a variant of the IRCBOT BACKDOOR! See here"
|
| X | MSN | wkssvrs.exe | "Added by a variant of the IRCBOT BACKDOOR! See here"
|
| X | MSN | wksvr.exe | "Added by the IRCBOT-XU WORM!"
|
| X | MSN | wmev.exe | "Added by a variant of the SPYBOT WORM! See here"
|
| X | MSN | kys7r.exe | "Added by the AUTORUN-AR WORM!"
|
| X | MSN | services51651.exe | "Added by the IRCBOT-AAL TROJAN!"
|
| X | Msn | "rundll32.exe ilss32.dll | network" |
| X | msn | winlogon.exe | "Added by the PROSTI.AA BACKDOOR! Note - this is not the legitimate winlogon.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\Media"
|
| X | MSN | msnmsgx.exe | "Added by the RBOT-PZ WORM!"
|
| X | MSN | msservice.exe | "Added by the IRCBOT-ABZ TROJAN!"
|
| X | MSN | smsss.exe | "Added by the BUZUS-D WORM!"
|
| X | MSN | svchost.exe | "Added by the PUSHBOT.FA WORM! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
|
| X | Msn 8.0 Live | msn.exe | "Added by the BANKER.EIE TROJAN!"
|
| X | MSN 9.0 Plus | [random letters].exe | "Added by the RBOT-ALY WORM!"
|
| X | MSN Administration For Windows | msnadp32.exe | "Added by the BROPIA.W WORM!"
|
| X | MSN ang | cssrss.exe | "Added by the FORBOT-CE WORM!"
|
| X | MSN Auto-Updater | msnaupdater.exe | "Added by a variant of the IRCBOT BACKDOOR!"
|
| X | MSN Auto-Updater | msnupdates.exe | "Added by the AUTORUN.WORM.GEN WORM!"
|
| X | MSN BETA | service.exe | "Added by the RBOT.AUU WORM!"
|
| X | MSN Booster | msnbooster.exe | "Added by a variant of the IRCBOT BACKDOOR! See here"
|
| X | Msn Boot | msnbootcfg.exe | "Added by the IRCBOT.BFU BACKDOOR!"
|
| X | MSN Checker | msnchecker.exe | "Added by the SDBOT-AGB WORM!"
|
| X | MSN Client Manager | msnclimgr.exe | "Added by the AUTORUN-FV WORM!"
|
| X | MSN CNF Manager | msncnfmgr.exe | "Added by the VUNDO TROJAN!"
|
| X | MSN Communication Manager | msncommgr.exe | "Added by an unidentified WORM or TROJAN! See here"
|
| X | Msn Config | msngf.exe | "Added by the RBOT-QG WORM!"
|
| X | MSN Configuration | msnconfig.exe | "Added by a variant of the IRCBOT TROJAN!"
|
| X | Msn Configuration Loader | msngms.exe | "Added by the KELVIR.T WORM!"
|
| X | MSN Configuration Loader | msmsncfg.exe | "Added by the AGOBOT-KX BACKDOOR!"
|
| X | MSN CST Manager | mancstmgr.exe | "Added by an unidentified WORM or TROJAN! See here"
|
| X | MSN Database Client | msndbcli.exe | "Added by an unidentified WORM or TROJAN! See here"
|
| X | MSN Debug Mgr | msndebugs.exe | "Added by a variant of the IRCBOT TROJAN!"
|
| X | MSN Explorer | msnexplorer.exe | "Added by the AGENT-CAX TROJAN!"
|
| X | MSN Explorer | explorer..exe | "Dropper for the Ciadoor.cb TROJAN!"
|
| X | MSN File & Folder Sharing App | msnfileshare.exe | "Added by an unidentified WORM or TROJAN! See here"
|
| X | MSN File Configuration | msnfilecfg.exe | "Added by a variant of the IRCBOT BACKDOOR!"
|
| X | MSN File Sharing | msnusr.exe | "Added by the SLENFBOT.AM WORM!"
|
| X | MSN File Sharing Wizard | msnsharewiz.exe | "Added by a variant of the IRCBOT BACKDOOR!"
|
| X | MSN File Sharing! | msnuser.exe | "Added by a variant of the IRCBOT BACKDOOR! See here"
|
| X | MSN Funny Images | imsngsr.exe | "Added by the AGOBOT-TT WORM!"
|
| X | MSN Gaming Zone | Twain.exe | "Added by the AGENT.BEA TROJAN!"
|
| X | MSN Hostn | msnhostn.exe | "Added by a variant of the IRCBOT BACKDOOR!"
|
| N | MSN Internet Access | trayclnt.exe | Quick way to connect to MSN internet service - replaces "MSN Quick View" from V5.6 onwards
|
| X | MSN Live Client | msnlvclient.exe | "Added by the IRCBOT.AWF BACKDOOR!"
|
| X | MSN Live Messanger | msnlivegs.exe | "Added by the RBOT-FSG WORM!"
|
| X | MSN Manager | cvss.exe | "Added by a variant of the SPYBOT WORM!"
|
| X | MSN Manager | mscmgr.exe | Unidentified malware - causes multiple browser windows to open
|
| X | MSN Manager | msnmgrsv.exe | "Added by the IRCBOT.BAZ BACKDOOR!"
|
| X | MSN Manager | usnmsn.exe | "Added by a variant of the IRCBOT TROJAN!"
|
| X | Msn Message Acount Helper 7.7 | msnmessage7.7.exe | "Added by a variant of the IRCBOT BACKDOOR! See here"
|
| X | MSN Message Background loader | [path to worm] | "Added by the RBOT-AIE WORM!"
|
| X | MSN Message Service | msnmsg.exe | "Added by a variant of the IRCBOT BACKDOOR! See here"
|
| X | Msn Messager | msnmsgr.exe | "Added by the DOWNLOADER.19456.C TROJAN! Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %System%"
|
| X | MSN Messager | msnmgr.exe | "Added by the IRCBOT-ACD WORM!"
|
| X | MSN Messages | msnmesg.exe | "Added by the RBOT-ACN WORM!"
|
| X | MSN Messages | msnmessgs.exe | "Added by the SLENFBOT.UC WORM!"
|
| X | MSN Messanger | msnmsng.exe | "Added by the SDBOT.XN WORM!"
|
| X | MSN messanger | msnmsgsm.exe | "Added by the RBOT-FMP WORM!"
|
| X | MSN Messanger | msnmsgsmn.exe | "Added by the RBOT-FOQ WORM!"
|
| X | Msn Messanger | crsss.exe | "Added by a variant of the IRCBOT BACKDOOR!"
|
| X | Msn Messanger | msnmsgem.exe | "Added by the RBOT.BLL BACKDOOR!"
|
| X | MSN Messanger | System.exe | "Added by the IRCBOT-AFX TROJAN!"
|
| X | MSN Messanger Live | winntmsn.exe | "Added by the RBOT-FSO WORM!"
|
| X | Msn Messeng | windns.exe | "Added by a variant of the RBOT WORM!"
|
| X | Msn Messenge | IExplorer.exe | "Added by the DELF-LL TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe)"
|
| X | MSN messenger | messenger.exe | Added by an unidentified TROJAN! Note - this is not the real MSN Messenger
|
| X | Msn Messenger | msnmsgs.exe | "Added by the LOONY-P TROJAN! Note - not to be confused with msmsgs.exe |
| X | MSN Messenger | Reosmsngr.exe | "Added by a variant of the SPYBOT WORM!"
|
| X | MSN MESSENGER | msmmsgr.exe | "Added by the KELVIR.Q WORM!"
|
| X | MSN Messenger | msnmsgr.exe | "Added by the AGOBOT.AOQ WORM! Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %System%"
|
| X | MSN Messenger | msmsgs.exe | "Added by the ZLOB TROJAN! Note - this particular msmsgs.exe file is located in %System% and should not be mistaken for the MSN Messenger file of the same name which is located in %Program Files%\Messenger"
|
| X | MSN Messenger | msnmsngr.exe | "Added by a variant of the RBOT WORM!"
|
| X | MSN Messenger | IExplorer.exe | "Added by the BANKER-EU TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe)"
|
| X | Msn Messenger | msnmsnr.exe | "Added by the BANKER-GG TROJAN!"
|
| X | MSN Messenger | PIC1324.exe | "Added by the CHOKE.C WORM!"
|
| X | MSN Messenger | explorer..exe | "Dropper for the Ciadoor.cb TROJAN!"
|
| X | Msn Messenger | nkbf.exe | "Added by the RBOT-GMQ WORM!"
|
| X | MSN Messenger | live.messenger.com | "Added by the DELF.AOI BACKDOOR!"
|
| X | Msn Messenger | msnmgr.exe | "Added by the AGOBOT.HA WORM!"
|
| X | MSN Messenger | msnmsxp.exe | "Added by the AGOBOT-O WORM!"
|
| N | MSN Messenger | MsnMsgr.exe | "MSN Messenger utility (now replaced by Windows Live Messenger) - available via the Start menu. Disable by clicking on Tools → Options → General → deselect ""Automatically run Messenger when I log on to Windows"""
|
| X | MSN Messenger 32 | msniu.exe | "Added by the RBOT-AWB WORM!"
|
| X | MSN Messenger 323 | msniu3.exe | "Added by the RBOT-AXB WORM!"
|
| X | MSN Messenger 6.2 | tyd.exe | "Added by a variant of the RBOT WORM!"
|
| X | MSN MESSENGER 9.0 | messengerr.exe | "Added by a variant of the RBOT WORM!"
|
| X | MSN Messenger BETA 7 | bbsdf.exe | "Added by the RANKY.AA TROJAN! Note - this is not a valid MSN Messenger variant"
|
| X | MSN Messenger Inbox Loader | msninbox.exe | "Added by the SLENFBOT.YG WORM!"
|
| X | MSN Messenger Live Login | msnmessengerlive.exe | "Added by an unidentified WORM or TROJAN! See here"
|
| X | MSN Messenger Live Windows | messengerlive.exe | "Added by an unidentified WORM or TROJAN! See here"
|
| X | MSN messenger service | mssgs.exe | Added by an unidentified TROJAN!
|
| X | Msn Messenger Service | msnmsg.exe | "Added by the SDBOT.BMU WORM!"
|
| X | MSN Messenger Service Starter | msnmgsr.exe | "Added by the RBOT-AOS WORM!"
|
| X | MSN Messenger Service Startup | msnservice.exe | "Added by a variant of the RBOT WORM! See here"
|
| X | MSN Messenger Services | msnmgr.exe | "Added by the RBOT.ADF TROJAN!"
|
| X | MSN Messenger Services | msnmgr.exe | "Added by a variant of the IRCBOT BACKDOOR! See here"
|
| X | Msn Messenger Update | msnupdate.exe | "Added by a variant of the RBOT WORM!"
|
| X | Msn Messenger update | msnservice.exe | "Added by a variant of the IRCBOT BACKDOOR!"
|
| X | MSN Messenger User Controls | msmsgr.exe | "Added by the KELVIR.HI WORM!"
|
| X | Msn Messengers | MSNMSGR.EXE | "Added by the RBOT.KX WORM! Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %System%"
|
| X | MSN Messengger | MsRun32.exe | "Added by the IMAUT.CO WORM!"
|
| X | Msn Messsenger | regsvr.exe | "Added by the AGENT-GXM TROJAN!"
|
| X | MSN MMISSENGER | mssmmspgr.exe | "Added by the KELVIR.AJ WORM!"
|
| X | MSN P2P Manager | msnp2pmgr.exe | "Added by the SLENFBOT.YH WORM!"
|
| X | Msn Patch | msndp.exe | "Added by the RBOT.AAI WORM!"
|
| X | Msn Patches | msndr.exe | "Added by a variant of the SDBOT WORM!"
|
| X | Msn Plus Updater | msnplus.exe | "Added by the RBOT-MU WORM!"
|
| X | MSN Popup Blocker | msnpopblck.exe | "Added by a variant of the IRCBOT BACKDOOR! See here"
|
| X | Msn Processe Manager | msni32.exe | "Added by the RBOT-ADX WORM!"
|
| N | MSN Quick View | Msndc.exe | Quick way to connect to MSN internet service
|
| X | MSN Registry loader | msmnwin.exe | "Added by the KELVIR.FK WORM!"
|
| X | MSN Router | msnrouter.exe | "Added by a variant of the IRCBOT BACKDOOR! See here"
|
| X | MSN RPC Manager | msnrpcmgr.exe | "Added by an unidentified WORM or TROJAN! See here"
|
| X | MSN Rx Manager | msnrxmgr.exe | "Added by an unidentified WORM or TROJAN! See here"
|
| N | MSN Search Toolbar | WindowsSearch.exe | "System Tray access to Windows Desktop Search for XP from Microsoft - which adds additional search options including a search box on the Taskbar. For this version |
| X | MSN Security Agent | msnsecure.exe | "Added by a variant of the IRCBOT BACKDOOR!"
|
| X | MSN Serv | msmsnserv.exe | "Added by the IRCBOT.AVF BACKDOOR!"
|
| X | Msn Serv | msnserv.exe | "Added by a variant of the IRCBOT BACKDOOR! See here"
|
| X | MSN Server | msmsnserver.exe | "Added by the IRCBOT.AUS BACKDOOR!"
|
| X | MSN service | msnmgr16.exe | "Added by a variant of the RBOT WORM!"
|
| X | MSN Service | amsnmsgrs.exe | "Added by a variant of the SDBOT WORM!"
|
| X | Msn Service | matrixcam.exe | "Added by the MYTOB.JH WORM!"
|
| X | Msn Service | raloded.exe | "Added by the MYTOB-DY WORM!"
|
| X | MSN service | msnmsgr16.exe | "Added by the RBOT-RZ WORM!"
|
| X | MSN service | NTDKRN.EXE | "Added by the RBOT.UJ WORM!"
|
| X | MSN Service | msnsvc.exe | "Added by the SLENFBOT.EG WORM!"
|
| X | MSN Service Updates | winproc.exe | "Added by the KELVIR-BB WORM!"
|
| X | MSN Service Utilities | nkn.exe | "Added by the KELVIR-BC WORM!"
|
| X | MSN Service! | msnservice.exe | "Added by a variant of the RBOT WORM! See here"
|
| X | MSN Servicer | msnsrv.exe | "Added by a variant of the IRCBOT TROJAN!"
|
| X | MSN Servicer | msnservicer.exe | "Added by the SLENFBOT.PQ WORM!"
|
| X | MSN Services | msnserv.exe | "Added by a variant of the IRCBOT BACKDOOR! See here"
|
| X | MSN Services | msnservice.exe | "Added by the IMPARD-A TROJAN!"
|
| X | MSN Settings | msnsettings.exe | "Added by the IRCBOT.AWH BACKDOOR!"
|
| X | MSN Settings Manager | msnsetmg.exe | "Added by an unidentified WORM or TROJAN! See here"
|
| X | MSN Setup | MSN.msn | "Added by the JAMBU WORM!"
|
| X | MSN Software | msnsoftware.exe | "Added by the IRCBOT.AWD BACKDOOR!"
|
| X | MSN Start | msnmsgr7.exe | "Added by the RBOT-PH WORM!"
|
| X | Msn Startup | msnstartup.exe | "Added by the ARBOT.AA WORM!"
|
| N | MSN Toolbar | mswinext.exe | "MSN Toolbar from version 4.* onwards (now known as Bing Bar from version 5.* onwards). This entry loads the toolbar into memory at start-up before you open your internet browser. Not required - it will load with the browser and remains in memory after the browser is closed"
|
| X | MSN Tray Monitor | msnmsgr.exe | "Added by the SDBOT.FKX WORM! Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %System%\inetsrv"
|
| X | MSN Update | mscon.exe | "Added by the RBOT-QA WORM!"
|
| X | MSN Update | msn32.exe | "Added by the RBOT.AHN WORM!"
|
| X | MSN Update | DLLCON.EXE | "Added by the RBOT-EA WORM!"
|
| X | MSN Update Cfg | msnupdbt.exe | "Added by an unidentified WORM or TROJAN! See here"
|
| X | MSN Update Client | msnupdater.exe | "Added by a variant of the IRCBOT BACKDOOR!"
|
| X | MSN Update Client | msnupdcli.exe | "Added by a variant of the IRCBOT BACKDOOR!"
|
| X | Msn Update Manager (Sp2) | MSMSGS.EXE | "Added by the AGOBOT-NL WORM! Note - this particular msmsgs.exe file is located in %System% and should not be mistaken for the MSN Messenger file of the same name which is located in %Program Files%\Messenger"
|
| X | Msn Update Service | userx.exe | "Added by the MYTOB.JF WORM!"
|
| X | MSN Update Service | msnupdsv.exe | "Added by a variant of the IRCBOT BACKDOOR! See here"
|
| X | Msn Update SUPPORT | [random filename] | "Added by the RBOT-BPS WORM!"
|
| X | MSN Updater | msnms.exe | "Added by the FORBOT-CG WORM!"
|
| X | Msn Updater | msnplugins.exe | "Added by the RBOT-HS WORM!"
|
| X | Msn Updater | windatemanager.exe | "Added by the SDBOT.TS WORM!"
|
| X | MSN UPDATERS | virtualmemory.exe | "Added by the RBOT-JK WORM!"
|
| X | MSN Updating | msnupdate.exe | "Added by the QHOST.AEI TROJAN!"
|
| X | msn upddate | mesenger.exe | "Added by the RBOT-AVZ WORM!"
|
| X | MSN User | mymsnusr.exe | "Added by the IRCBOT.AVD BACKDOOR!"
|
| X | MSN User Server | msnserver.exe | "Added by a variant of the IRCBOT BACKDOOR! See here"
|
| X | MSN User Server! | msnservices.exe | "Added by a variant of the IRCBOT BACKDOOR! See here"
|
| X | MSN User Service | msnsvc.exe | "Added by the SLENFBOT.NS WORM!"
|
| X | MSN User Service! | msnserv.exe | "Added by a variant of the IRCBOT BACKDOOR! See here"
|
| X | MSN User Services | msnuserv.exe | "Added by a variant of the IRCBOT BACKDOOR! See here"
|
| X | MSN User Svc | msnusnsvc.exe | "Added by the IRCBOT.AVV BACKDOOR!"
|
| U | MSN Video Enhanced | MSNVE.exe | """MSN Video Enhanced can play videos that have dramatically improved video quality and sound. It can play the latest high-quality videos at the best possible quality."" No longer appears to exist"
|
| N | MSN Webcam Recorder | ml20gui.exe | """MSN Webcam Recorder is a tool that allows you to record video streamed to and from your computer by MSN Messenger's Webcam Feature"""
|
| X | msn.exe | son.exe | "Added by the STARTPA-GS TROJAN!"
|
| X | MSN32 X Service | MSN32x.EXE | Added by an unidentified WORM!
|
| X | MSN6.1 Auto-Updater | v6msn.exe | "Added by the AUTORUN-MM WORM!"
|
| X | MSN8m Startup | msn8m.exe | "Added by a variant of the RBOT WORM!"
|
| X | msnager32 | svchostt.exe | "Added by the WOMANIZ.E TROJAN!"
|
| N | msnappau | msnappau.exe | "Updater for the MSN toolbar that can be downloaded onto IE. Calls home every day or so to ""update"" the toolbar"
|
| X | Msnarrator | msnarrator.exe | "Added by the NARAT.A TROJAN! - also identified as MPGCOM Toolbar adware"
|
| X | MSNavWH | MSWkwrH.exe | "Added by the ANAV-A WORM!"
|
| X | msndrvsys | msndrvsys.exe | "Added by the BROGGER-D TROJAN!"
|
| X | MSNET | msnet.exe | "Added by the BOA WORM!"
|
| X | MsnExplorer | winagent.exe | "Added by the BDOOR-EQ BACKDOOR!"
|
| X | MsnExplorer | MSEXPLOREN.EXE | "Added by the BDOOR-EB BACKDOOR!"
|
| X | MsnExplorer | SHCH.EXE | "Added by the BDOOR-EB BACKDOOR!"
|
| X | MsnExplorer | SVCHST.EXE | "Added by the BDOOR-EB BACKDOOR!"
|
| X | MsnExplorer | msnexploren.exe | "Added by the TACTSLAY.B TROJAN!"
|
| X | MsnExplorer | sdhch.exe | "Added by the TACTSLAY.B TROJAN!"
|
| ? | MsnFixer | msnfixjs.js | "Located in the HPbinmsnfix directory of a HP PC"
|
| X | MSNGrabber | MSNgrabber.exe | "Added by the ENVID.A WORM!"
|
| X | msngta32 | msngta32.exe | "Added by a variant of the RBOT WORM!"
|
| N | MSNIA | MSNIASVC.EXE | Added with MSN version 9. Resets certain internet settings upon bootup and can't be disabled via MSCONFIG
|
| X | msnload32.exe | msnload32.exe | "Added by the BANCOS.M TROJAN!"
|
| X | MSNMESENGER | Main.exe | "Added by the PRORAT TROJAN!"
|
| X | msnmessenger | msnmessenger.exe | "Added by the BANCBAN-KJ TROJAN!"
|
| X | MsnMessengerSvc | msnmsgr.exe | "Added by a variant of the RBOT WORM! Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %System%"
|
| X | msnmgnr | msnmgnr.exe | "Added by the KOLAB.TC WORM!"
|
| X | msnmgr | msnmgr.exe | "Added by the BIFROSE-K WORM!"
|
| U | MsnMonitor | MsnMonitor.exe | "MSN Messenger Monitor Sniffer surveillance software for the MSN instant messenger. Uninstall this software unless you put it there yourself"
|
| X | msnmsg | asgag.exe | "CoolWebSearch parasite variant"
|
| X | msnmsg | TBC.exe | Added by an unidentified TROJAN!
|
| X | msnmsg | msnmsg.exe | "Added by the BANKER-CLX TROJAN!"
|
| X | msnmsg.exe | mscmd32.exe | Added by a variant of the AGENT.AH TROJAN!
|
| X | msnmsg.exe | msnmsg.exe | "Added by the BANCBAN-KN TROJAN!"
|
| X | msnmsgq32 | msnmsgq.exe | "Added by the TACTSLAY.H TROJAN!"
|
| X | msnmsgq32 | msnmsgq32.exe | "Added by the TACTSLAY.F TROJAN!"
|
| X | msnmsgq32 | sssasasb32.exe | "Added by the TACTSLAY.F TROJAN!"
|
| N | msnmsgr | msnmsgr.exe | "Windows Live Messenger or the older MSN Messenger utility - available via the Start menu. For Windows Live Messenger |
| X | MsnMsgr | MsnMsgrs.exe | "Added by the NETSKY.AD WORM!"
|
| X | MsnMsgr | msnmsgr.exe | "Added by the ANNEW-FAM WORM! Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %System%"
|
| X | Msnmsgr.exe | lsass.exe | "Added by the DWNLDR-GWE TROJAN! Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in the root directory (i.e. C:\ or D:\)"
|
| X | msnmsgr32-.exe | msnmsgr-.exe | "Added by a variant of the SPYBOT WORM!"
|
| X | MSNMSGR5 | MSNMSGR5.exe | "Added by the RBOT.PQ WORM!"
|
| X | MSNMSGRE | swef.bat | IRC backdoor TROJAN or WORM!
|
| X | MSNMSGRR | swin.bat | IRC backdoor TROJAN or WORM!
|
| X | MSNMSGRS | swe.bat | IRC worm or backdoor trojan!
|
| X | MSNMSGRS | swiss.bat | IRC worm or backdoor trojan!
|
| X | MSNMSGRS1 | swed.bat | IRC backdoor TROJAN or WORM!
|
| X | msnmsgs.exe | msnmsgs.exe | "Added by the BANKER-HK TROJAN! Note - not to be confused with msmsgs.exe |
| X | msnmsgsgs | msnmsgsgs.exe | "Added by the ""Catal"" alias Spy.Delitall.B backdoor TROJAN!"
|
| X | msnmsgy | [path to file] | "Added by the BANKER-EQ TROJAN!"
|
| X | msnnt | winampb.exe | "Chinese originated adware - detected by Kaspersky as the AGENT.TL TROJAN!"
|
| X | msnnt | winampf.exe | Added by the SMALL.DTS TROJAN!
|
| X | MSNPluginSrIvcs | n3vasap23.exe | "Added by a variant of the RBOT WORM!"
|
| X | MSNPluginSrvcs | p6.exe | "Added by the SDBOT.AKJ or RBOT-VJ WORMS!"
|
| X | MSNPluginSrvcs | sagate.exe | "Added by the SDBOT.AKJ WORM!"
|
| X | MSNPlus | msnplus.exe | "Added by the BANKER-DAN TROJAN!"
|
| X | MSNS PLUS XP2 | msdupd.exe | "Added by the RBOT-BCE WORM!"
|
| X | msnsched2 | msnsched2.exe | "Added by the SPYBOT.NNT WORM!"
|
| X | msnscr.exe | msnscr.exe | "Added by the CERTIF-P TROJAN!"
|
| X | MSNService | MSNService.exe | "Added by the CARPET.C WORM!"
|
| X | msnsgs | msnsgs.exe | "Added by the CHEUKO-B TROJAN!"
|
| X | msnshed | msnshed.exe | "Added by the RBOT-YN WORM!"
|
| X | msnsmgr | MsnMsr.exe | "Added by the LOONY-N TROJAN!"
|
| N | msnsyslog | msnappm.exe | "Related to Messenger Applications. When you uninstall the trial version the msnappm keeps saying (You have xx days left) this is adware and it very annoying"
|
| X | MSNSysRestore | pc32.exe | Added by a variant of the MASTAK VIRUS!
|
| X | msnToolbaar | msnmsgesc.exe | "Added by the RBOT.BMF WORM!"
|
| X | msnupdt | kolie.exe | "Added by a variant of the RBOT WORM!"
|
| X | MsnWin | messagewin.exe | "Added by the BANCBAN-D TROJAN!"
|
| N | MSN® Toolbar | mswinext.exe | "MSN Toolbar from version 4.* onwards (now known as Bing Bar from version 5.* onwards). This entry loads the toolbar into memory at start-up before you open your internet browser. Not required - it will load with the browser and remains in memory after the browser is closed"
|
| X | MSObject32 | MSObject32.js | "Added by the PUN TROJAN!"
|
| X | Msoffice | msoffice.hta | Hijacker - redirecting to Searchdot.net
|
| X | MSOffice | services.exe | "Added by the DLOADER-EU TROJAN! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in an ""MSOffice"" subfolder"
|
| X | msoffice | msoffice.exe | "Added by the LIKASIMAL WORM!"
|
| X | MSOffice32 | msjcf.exe | "Added by the RAKER-A TROJAN!"
|
| X | MSOfficeCfg | msocfg.exe | Premium rate adult content dialer
|
| X | MSOfficeCfg | navchk.exe | Premium rate adult content dialer
|
| X | MSOfficeCfg | qservice.exe | Premium rate adult content dialer
|
| X | MSOfficeCfg | shman.exe | Premium rate adult content dialer
|
| X | MSOfficeCfg | ssvr.exe | Premium rate adult content dialer
|
| X | msoffwz | msoffwz.EXE | "Added by the BANCBAN-HQ TROJAN!"
|
| X | msoft-updater23 | mssysstems.exe | "Added by the RBOT-ATU WORM!"
|
| X | msoft-updater23 | slssystem.exe | "Added by the RBOT-ASR WORM!"
|
| X | MSOleath32 | winss.exe | "Added by the KATHER TROJAN!"
|
| X | MSOOBD | MSOOBD.EXE | "Added by the MAGISTR.A VIRUS!"
|
| X | msoupdater | msoupdater.exe | "Added by the DLOADER.GBD TROJAN!"
|
| X | mspaint.exe | check32.exe | "Added by the AGENT.AH TROJAN!"
|
| X | Mspatch69 | [path to trojan] | "Added by the MPROX TROJAN!"
|
| X | Mspatch89 | cnqmax.exe | "Added by the RANDEX.P WORM!"
|
| X | MSPetServ | PET32.EXE | "Added by the IRCBOT-VE WORM!"
|
| X | msping | msping.exe | "Added by the FLOODBLACK TROJAN!"
|
| X | msping.exe | msping.exe | "Added by the BDOOR-MZ BACKDOOR!"
|
| X | MSPluginSrvc | p3.exe | "Added by the RBOT-WV WORM!"
|
| X | MSPLUS | msplus32.exe | "Added by the MYTOB-AM or MYTOB-CL WORMS!"
|
| X | MSPP System Update 64 | wiaadmgr.exe | "Detected by Kaspersky as the RANKY.GEN TROJAN!"
|
| X | MSPQFile | MSA****.TMP [* = random char] | Homepage hijacker
|
| X | MsPrint32D | MsPrint32D.exe | "Added by the WINKO.AO WORM!"
|
| X | MSPRO32 | [path to worm] | "Added by the IBERIO WORM!"
|
| X | MSPRO32 | pnp.exe | "Added by the ZOTOB.O WORM!"
|
| X | MSprotect.exe | MSprotect.exe | "Added by the DABYREV.A VIRUS!"
|
| U | mspwr | pupstman.exe | """Transparent icon background"" feature of Ashampoo'sPowerUp XP (WinNT/2K/XP) and PowerUp Deluxe (Win98/Me)"
|
| U | mspwr | pupxpman.exe | "Related to Ashampoo's PowerUp XP"
|
| U | mspwr | pwrupst.exe | "Ashampoo's PowerUp XP is a ""tool for fine-tuning your Windows NT4 |
| U | mspwr | PuXpMan2.exe | "System Tray access to the Ashampoo® PowerUp XP Platinum 2 tweaking utility from Ashampoo GmbH & Co. KG - which includes (amongst others) one-click tuning |
| U | MSPY2002 | ImScInst.exe | "Microsoft's Input Method Editor which is used to both display and enable the input of characters from East Asian and Right-to-left (e.g. Arabic) languages in e-mails |
| X | msqssr | msqssr.exe | "Detected by Kaspersky as the DLUCA.GEN TROJAN!"
|
| X | MSR | msr.exe | "Added by the AGOBOT.RT WORM!"
|
| X | Msrc | Msrc.exe | Added by the KRYPTONIC GHOST TROJAN!
|
| X | msrdc | msrdc.exe | "Added by the SDBOT-CXO WORM!"
|
| X | msreg.exe | msrege.exe | "Added by the ZINX TROJAN!"
|
| X | msReg32 Loader | msreg32.exe | "Added by the AGOBOT.IU WORM!"
|
| X | MSREGIT | Msgp.exe | "Added by the KRYPGHOS.13 TROJAN!"
|
| U | MSRegScan | SGP.exe | "SpyGator surveillance software. Uninstall this software unless you put it there yourself"
|
| U | MSRegScan | SSDemo.exe | "SupremeSpy surveillance software. Uninstall this software unless you put it there yourself"
|
| U | MSRegScan | ETNKL.exe | "ComKeylogger surveillance software. Uninstall this software unless you put it there yourself"
|
| U | MSRegScan | KSPDemo.exe | "KeyStalker PRO surveillance software. Uninstall this software unless you put it there yourself"
|
| U | MSRegScan | DDSSDemo.exe | "SystemSleuth surveillance software. Uninstall this software unless you put it there yourself"
|
| U | MSRegScan | ESP+.exe | "ESP surveillance software. Uninstall this software unless you put it there yourself"
|
| U | MSRegScan | ESPDemo.exe | "Eye Spy Pro surveillance software. Uninstall this software unless you put it there yourself"
|
| U | MSRegScan | SBPDemo.exe | "SpyBoss Pro surveillance software. Uninstall this software unless you put it there yourself"
|
| U | MSRegScan | YEKPND.exe | "EyeCandy Computer Monitor surveillance software. Uninstall this software unless you put it there yourself"
|
| U | MSRegScan | YKPND.exe | "YKPMD surveillance software. Uninstall this software unless you put it there yourself"
|
| X | MSRegSvc | regsvc32.exe | Homepage hijacker that changes your homepage to an adult content site
|
| X | msresear | [path to trojan] | "Added by the WEASYW-B TROJAN!"
|
| X | msresearch | msresearch.exe | "TROJAN! - 180SearchAssistant adware related"
|
| X | msresearch | tool3.exe | "Spy Sheriff/SpywareNO malware |
| X | msrundll | msrund1l32.exe | "Added by the BINGHE TROJAN!"
|
| X | msrunocx32 | msrunocx32.exe | "Added by the SKUS WORM!"
|
| X | Mss Serv | msssrv.exe | "Added by the SLENFBOT.AA WORM!"
|
| X | Mss VC | mssvc.exe | "Added by the OPANKI.AB WORM!"
|
| X | mssaru | mssaru.exe | "Added by the AGENT.AM TROJAN! Note - example names include ""XviD"" |
| X | msscan.exe | msscan.exe | "Microsoft Security Adviser rogue security software - not recommended"
|
| U | MSSCDL | MSSCDLL.exe | "SpyCapture keystroke logger/monitoring program - remove unless you installed it yourself!"
|
| X | mssdbsrv | msupdtck.exe | Added by a variant of a password stealing TROJAN!
|
| Y | MSSE | msseces.exe | "System Tray access to a notifications from Microsoft Security Essentials which ""provides real-time protection for your home PC that guards against viruses |
| Y | msseces | msseces.exe | "System Tray access to a notifications from Microsoft Security Essentials which ""provides real-time protection for your home PC that guards against viruses |
| X | msserrv32 | msserrv32.exe | "Added by the STRATION.DW WORM!"
|
| X | msserv | msserv.exe | "Added by the BLACKLOG-A TROJAN!"
|
| X | msserv | lvsrev.exe | "Added by the BROWMON-B TROJAN!"
|
| X | msserv32 | msserv32.exe | "Added by the RBOT-ACK WORM!"
|
| X | MsServer | msfun80.exe | "Added by the VB-CYG WORM!"
|
| X | MSServer | "Rundll32.exe [random].dll | #1" |
| X | MsServer | msfir80.exe | "Added by the VB-CYJ TROJAN!"
|
| X | msservice | msserv.exe | "Added by the HYD WORM!"
|
| X | MSService_v1.0 | realsched.exe | "EHU adware. Note - this is not the legitimate RealOne Player (realsched.exe) application of the same name"
|
| X | MSService_v1.0 | vfp02.exe | "NewWeb adware"
|
| X | mssfos | sfool.exe | "Added by the RANDEX.EUS WORM!"
|
| X | MSSGisg | [path to file] | "Added by the RANKY.N TROJAN!"
|
| X | Msshield.exe | Msshield.exe | "Added by a variant of the IRCBOT TROJAN!"
|
| X | MSShow | MSShow.exe | "Added by the QQROB-M TROJAN!"
|
| X | MSSHVC | MSSHVC.exe | "Added by the NUFFY.A WORM!"
|
| X | mssonfig | winupdate.exe | "Added by a variant of the SDBOT WORM!"
|
| X | mssoul | msmscc2.exe | "Added by the DAPIZL.A banker WORM! (A ""banker worm"" is designed to pillage banking information and send it back to the perpetrators!)"
|
| X | mssoul | msmscc.exe | "Added by the BANCOS.HKT TROJAN!"
|
| X | mssp3 | mssp22.exe | "Added by the IBANK-D TROJAN!"
|
| X | MSSQL | Mssql.exe | "Added by the SDBOT TROJAN!"
|
| X | MSSQL for Windows NT & XP | mssqlsnt.exe | "Added by a variant of the SDBOT WORM!"
|
| X | MSSQL Manager | mssqlmgr.exe | "Added by the RBOT-BWU WORM!"
|
| N | mssSort | msssort.exe | "Maxtor (now Seagate) ""Drag and Sort"" for their external storage - ""Just drag documents onto the Shared Storage II icon and Maxtor's Drag and Sort organizes your files |
| X | Msstart | msstart.exe | "Added by the LIVUP.C TROJAN!"
|
| X | MSStartOptimizer | Iexpres.exe | "Added by the DASMIN-E TROJAN!"
|
| X | MSStartOptimizer | WINUPD.EXE | "Added by the DASMIN-E TROJAN!"
|
| X | MSStartOptimizer | SCVHOST.EXE | "Added by the DASMIN-E TROJAN!"
|
| X | msstask | msstask.exe | "Added by the MYPARTY WORM!"
|
| X | mssurfer lptt01 | mssurfer.exe | "RapidBlaster variant (in a ""surfer"" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here"
|
| X | mssurfer ml097e | mssurfer.exe | "RapidBlaster variant (in a ""surfer"" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here"
|
| X | mssvc | [path to trojan] | "Added by the PSK TROJAN!"
|
| X | MSSVC | svcsys.exe | "Added by the FATOOS-C TROJAN!"
|
| Y | MSSVC.EXE | MSSVC.EXE | "StealthDisk - hides folders |
| X | mssvc32 | mssvc32.exe | "Added by the AGOBOT-ME WORM!"
|
| X | mssync20 | mssync20.exe | "Added by the LDPINC-QC TROJAN!"
|
| X | mssys | mssys.exe | "Added by the MYSS.B TROJAN!"
|
| X | mssysint | Iexplore .exe | "Added by the PWSTEAL.ABCHLP and PSPIDER.310.B TROJANS! Note - this is not the legitimate Internet Explorer (iexplore.exe) process as there is a space before the "".exe"""
|
| X | mssysint | comime.exe | "Added by the NETSNAKE-I TROJAN!"
|
| X | mssyslanhelper | msmsgri32.exe | "Added by the RANDEX.D WORM!"
|
| X | MsSystem | msdos.exe | "Adult content downloader - see here"
|
| X | MsSystem | mssys.exe | "Added by the VANTA.A TROJAN!"
|
| X | MSSYSTEM | svcsys.exe | "Added by the FATOOS-C TROJAN!"
|
| U | Mstapi | Mstapi.exe | Keystroke logger/monitoring program - remove unless you installed it yourself!
|
| X | Mstask | mstask.exe | "Added by the OPASERV.N WORM! Note - this is not the legitimate mstask.exe system file and the executable resides in %Windir%"
|
| X | mstask | mstask.exe | "Browser hijacker - redirecting to find-more.net. Note - this is not the legitimate mstask.exe system file"
|
| X | MSTask | run dll.exe | "Yuupsearch adware"
|
| X | MStask | svchost.exe | "Added by the LDPINCH-BV TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
|
| X | MsTask | wstask32.exe | "Added by the MYTOB-FE WORM!"
|
| X | Mstask | kernel32.exe | "Added by the STAP-C WORM!"
|
| X | Mstask | MSDTC.exe | "Added by the STAP-D WORM!"
|
| X | MSTask Monitor | mstaskmon.exe | "Added by the SDBOT-LU WORM!"
|
| X | Mstask32driver | Mstask32.exe | "Added by the LOONY-D TROJAN!"
|
| X | MSTaskbar 32 | tbsvc32.exe | "Added by the RBOT.BQZ WORM!"
|
| X | mstasks | mstasks.exe | "Added by the MULTIDR-AY TROJAN!"
|
| ? | Mstcgww | MSTCGWW.EXE | "??"
|
| X | mstds.exe | mstds.exe | "Added by the IPTABLES TROJAN!"
|
| X | mstg32.exe | mstg32.exe | Added by the AGENT.BI TROJAN!
|
| N | MSTMON_N | MSTMON_N.EXE | Generates an error message on startup if a Konica Minolta printer is not turned on and ready
|
| N | MSTMON_Q | MSTMON_Q.exe | Generates an error message on startup if the Konica Minolta PagePro 1350W printer is not turned on and ready
|
| X | Mstng32 | MSTng32.exe | "Added by the TANG WORM!"
|
| X | MSTray | rundll.exe | "Added by the BAMER-B TROJAN! Note - this is NOT the Win9x/Me system file of the same name as described here"
|
| X | mstsdsc.exe | mstsdsc.exe | "Added by the CIMUZ-CD TROJAN!"
|
| X | msupd | msupd.exe | "Added by the IEACCESS DIALER!"
|
| X | MSUpdate | wupd.exe | "Added by the ALADINZ.M TROJAN!"
|
| X | MSUpdate | svchosthlp.exe | "Added by the BLASTER.T WORM!"
|
| X | msupdate | msupdate.exe | "Added by the RBOT-MZ WORM!"
|
| X | MSUpdate | criticalUpdate.exe | "Affilred adware"
|
| X | msupdate | update.exe | "Added by a variant of the SDBOT WORM!"
|
| X | Msupdate | expIorer.exe | "Added by the TACTSLAY.A TROJAN!"
|
| X | Msupdate | outIook.exe | "Added by the TACTSLAY.A TROJAN!"
|
| X | Msupdate | svchosts.exe | "Added by a variant of the TACTSLAY TROJAN!"
|
| X | Msupdate | svcrhost.exe | "Added by the TACTSLAY.A TROJAN!"
|
| X | Msupdate | svcshost.exe | "Added by the TACTSLAY.A TROJAN!"
|
| X | MSupdate.exe | N/A | "CoolWebSearch parasite variant - resets home page to an adult content site"
|
| X | MSUpdateDevKit | axfd.exe | "Added by the SDBOT-ZD WORM!"
|
| X | msupdater | msupdater.exe | "Added by a variant of the Storm/Nuwar/Zhelatin WORM! See here for an example"
|
| X | MsUpdater System | udpsys32.exe | "Added by the RBOT.AAA WORM!"
|
| X | MSupdater.exe | N/A | "CoolWebSearch parasite variant. Installs the Winshow.dll browser plugin"
|
| X | msupdater25 | lsasser.exe | "Added by the RBOT-ATS WORM!"
|
| X | msupdates | msupdt.exe | "Added by the RBOT-JO WORM!"
|
| X | MSUpdSrv | msupdsrv.exe | "Browser hijacker |
| X | msupdtwiz | msupdtwiz.exe | "Added by the STRATION.DD WORM!"
|
| X | msurl | msurl32.exe | "Added by the CRYPTER.A TROJAN!"
|
| X | msuser32.exe | msuser32.exe | "Added by the ANDROV TROJAN!"
|
| X | MsVBdll | sys32dll.exe | "Added by the AIMDES.B or AIMDES.C WORMS!"
|
| X | MsVBdll | MsVBdll.pif | "Added by the AIMDES.A WORM!"
|
| X | MSVBVM60 | MSVBVBM60.pif | "Added by the SCOLD-B WORM!"
|
| X | msvc32 | msvc32.exe | "ClientMan parasite variant"
|
| X | msvc32 | msvc32.exe | "Added by the AGOBOT-NT WORM!"
|
| X | msvcav | msvcav.exe | "Added by the AGENT-ACR TROJAN!"
|
| X | msvcc | msvchost.exe | "Added by the XOMBE TROJAN!"
|
| X | msvcc25 | svcchost.exe | "Added by a variant of the SDBOT WORM!"
|
| X | msvcc25 | salvage.exe | "Added by a variant of the SDBOT WORM!"
|
| X | msvcc25 | svcchost.exe | "Added by the SDBOT-CSE WORM!"
|
| X | msvccc66 | svcchosst.exe | "Added by the RBOT-GLS WORM!"
|
| X | msvccc66 | dload.exe | "Added by a variant of the RBOT WORM!"
|
| X | msvchost | msvchost.exe | "Added by the IRCBOT-AV WORM!"
|
| X | MsvcService | msvcs.exe | "Added by the RBOT-RK WORM!"
|
| X | msvecurity | msvecurity.exe | "Added by the DORF-BO WORM!"
|
| X | MSVersion | INTERNETFEATURES.exe | "Added by the POPMON.A TROJAN! - also known as PopMonster adware"
|
| X | MSVersion | clrschp038.exe | "Added by the POPMON.A TROJAN! - also known as PopMonster adware"
|
| X | msvhost | aig.exe | "Added by the AIMBOT-BC TROJAN!"
|
| X | msvload32 | msvload32.exe | "Added by the RBOT-ACI WORM!"
|
| X | msvps | msvps.exe | "Added by the AGOBOT.ALI WORM!"
|
| X | msvsc32 | msdev.exe | "Added by the RBOT-GJ WORM!"
|
| X | MSVsmt | rpcxctx.exe | Added by an unidentified WORM or TROJAN!
|
| X | msvsrv32 | msvsrv32.exe | "Added by the AGOBOT-KM WORM!"
|
| X | msvss | msvss.exe | "Added by a variant of the RBOT WORM!"
|
| X | MSVSync | videosync.exe | "Added by a variant of the SPYBOT WORM!"
|
| X | msvupdater | msvupdater.exe | "Added by a variant of the Storm/Nuwar/Zhelatin WORM! See here for an example"
|
| X | MSVXD | MSVXD.EXE | "Added by the DATOM.A WORM!"
|
| X | mswave | mswave.exe | "Added by the CRYPTER.A TROJAN!"
|
| X | Mswavedll | mswavedll.exe | "Added by the CRYPTER-C TROJAN!"
|
| U | MSwheel | mswheel.exe | Microsoft Intellipoint software for their Intellimouse series of mice - required if you use non-standard Windows driver features
|
| X | mswiiz32 | mswiiz32.exe | "Added by the STRATION.DH WORM!"
|
| X | mswiizz32 | mswiizz32.exe | "Added by the STRATION.DL WORM!"
|
| X | MSWin | mswin.exe | "Added by the BANKER-CU TROJAN!"
|
| X | Mswincfg | Mswincfg32.exe | "Added by the CYBRSPY.D TROJAN!"
|
| X | MsWindows DRT Drivers | wsdrt32.exe | "Added by the RBOT.ALT WORM!"
|
| X | MsWindows SSL Drivers | mssl32.exe | "Added by the SPYBOT.API WORM!"
|
| X | MSWindows SysCl | mscl32.exe | "Added by the RBOT.AHI WORM!"
|
| X | MsWindows SysDate | sysmsvc.exe | "Added by the SPYBOT.FCD WORM!"
|
| X | MSWindows Syspg | mspg32.exe | "Added by the RBOT-TB WORM!"
|
| X | MSWindowsUpdate | Systern.exe | "Added by the RBOT-AFD WORM!"
|
| X | MSWindowsUpdate | mswinup.exe | "Added by a variant of the SDBOT WORM!"
|
| N | mswinext | mswinext.exe | "MSN Toolbar from version 4.* onwards (now known as Bing Bar from version 5.* onwards). This entry loads the toolbar into memory at start-up before you open your internet browser. Not required - it will load with the browser and remains in memory after the browser is closed"
|
| X | MSWinlogon | SynCor.exe | "Added by the AGENT-FZL TROJAN!"
|
| X | MSWinlogon | winlogon.exe | "Added by the AGENT-FZM TROJAN! Note - this is not the legitimate winlogon.exe process which is always located in %System% and should not normally figure in Msconfig/Startup!"
|
| X | Mswinpid32 | mswinpid32.exe | Added by the LAPOS.A TROJAN! This is a keylogger which emails back to China PayPal passwords and account information - thus allowing the perpetrators to steal PayPal funds in the name of the victim!
|
| X | MSWinSrv | MSWinSrv.exe | "Added by the MTRON TROJAN!"
|
| X | MSWinSrv32 | MSWinSrv32.exe | "Added by the MTRON-B TROJAN!"
|
| X | MSWinupd | winupd.exe | "Added by the DLOADER-YE or DLOADR-AAA or DLOADER-ZF TROJANS - and others"
|
| X | MSWinupdate | winupdate.exe | "Added by the DLOADR-AAW TROJAN!"
|
| X | MsWinVgr | msvgr.exe | "Added by the MYTOB.LE WORM!"
|
| X | mswiz32 | mswiz32.exe | "Added by the STRATIO-BG WORM!"
|
| X | mswkork Service | msework.exe | "Added by a variant of the RBOT WORM!"
|
| X | msword | msword.exe | "Added by the RBOT-ADR WORM!"
|
| X | msword | docx.exe | "Added by the CODOX-A WORM!"
|
| X | msword98 | msword98.exe | "Added by the AGENT-KUO TROJAN!"
|
| X | MSWorld | msworld.exe | "Added by the AGENT.DED TROJAN!"
|
| X | mswspl | [random filename] | "Added by the SMALL.IQ TROJAN!"
|
| X | mswspl | searchbarcash.exe | SearchBarCash adware
|
| X | mswspl | vnmispoisn downloader.exe | SearchBarCash adware variant
|
| X | mswspl | plugin1.exe | "Added by the SMALL.IQ TROJAN!"
|
| X | MSWTL32 | MSATL32.exe | "Added by an unidentified WORM or TROJAN! See here"
|
| X | MSWUpdate | [path to worm] | "Added by the SILLYFD-V WORM! The most common filename is lsass.exe but it not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup!"
|
| X | msxct | msxct.exe | "eXact Advertising (NaviSearch |
| X | MSxmlHpr | "RUNDLL32.EXE [path] msxm192z.dll | w" |
| X | MsXSLT | msxslt3.exe | "Added by the AGENT.AZMU TROJAN!"
|
| X | Msy Startups | msyh32.exe | "Added by the AGOBOT-QC WORM!"
|
| X | Msy1 Startups | msyj32.exe | "Added by the AGOBOT-QQ WORM!"
|
| X | msys lptt01 | msys.exe | "RapidBlaster variant (in a ""Msyss"" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here"
|
| X | Msys32 | morfitwebentrance.exe | "Morfit ADjectPager - ""uses home page rental technology for generating revenues"". Homepage hi-jacker that re-defines your IE or Netscape start page as http://www.web-entrance.com/. Any installed application including this must be un-installed before you can reset your homepage"
|
| X | MSysDrv | msdrv.exe | Added by the VB.WF TROJAN!
|
| X | ms_anti_spyware | mwfirewall.exe | "Added by the GAMQOWI TROJAN!"
|
| X | ms_anti_spywarebxp | mwfirebpx.exe | "Added by the SURILA-D TROJAN!"
|
| X | ms_anti_spywarebxp | mwfibpx.exe | "Added by the SURILA-J TROJAN!"
|
| X | MS_LARISSA | MS_LARISSA.exe | "Added by the ASSIRAL WORM!"
|
| X | MS_NETD_WIN32 | netd32.EXE | "Added by the RANDEX.F WORM!"
|
| X | MS_SETUP.EXE | MS_SETUP.EXE | "Added by the CHARGE TROJAN!"
|
| X | MS_Update Check | wdfmgr.exe | "Added by the AGOBOT-TB WORM!"
|
| X | MS_update_0704_KB74073.exe | MS_update_0704_KB74073.exe | "Added by a variant of the UPDATEKB TROJAN!"
|
| X | Multimedia extensions | mservice.exe | "EasySearch adware"
|
| X | Multimedia extensions | mservice1.exe | "Added by the DLOADR-AWD TROJAN!"
|
| X | MULTIMEDIA KEYBOARD88 | smss.exe | "Added by the SILLYFDC WORM! Note - this is not the legitimate smss.exe process which should not normally figure in Msconfig/Startup!"
|
| N | mumservice | mumservice.exe | "Software updater for Motorola products"
|
| ? | mxomssmenu | maxmenumgr.exe | "Related to Maxtor's One Touch series of external hard drives. What does it do and is it required?"
|
| X | My Agent | msagent.exe | "Added by the NEGASMS.A TROJAN!"
|
| X | My App | SMSSvc.exe | "Added by the NEGASMS.A TROJAN!"
|
| X | My Security Engine | MS[random characters].exe | "My Security Engine rogue security software - not recommended |
| X | My Security Wall | MS[random characters].exe | "My Security Wall rogue security software - not recommended |
| X | My Supervisor | MSup1bf7.exe | "My Supervisor rogue system suite - not recommended |
| X | MySLScan | msvc32.exe | "Added by the FORBOT-EH WORM!"
|
| X | Name Server | mswins.exe | "Added by a variant of the SDBOT WORM!"
|
| X | NarmonVirusAnti | smss.exe | "Added by the AUTORUN-DV WORM! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ~A~m~B~u~R~a~D~u~L~ subfolder"
|
| X | NAV Agent | systems.exe | "Added by the TARNO.C TROJAN! Note - this is not the valid Norton Antivirus entry of the same name"
|
| X | NAV Auto Protect | msfwe1.exe | "Added by a variant of the RBOT WORM!"
|
| X | NAV Auto Update | iamsad.exe | "Added by the SPYBOT-CE BACKDOOR!"
|
| X | ndlhosta | uiremsyl.exe | "Added by a variant of the SDBOT WORM!"
|
| N | Nero PhotoShow Media Manager | mssysmgr.exe | "Nero rebranded version of Simple Star's PhotoShow photo editing and organizing software |
| X | NeroFileCheck | msjavam32.exe | "Added by the AGOBOT.AKM WORM!"
|
| X | NeroUpdate Check | msjava.exe | "Added by the AGOBOT.AMH WORM!"
|
| U | netmsg | netmsg.exe | "Net_Message is a small tool to send messages across the network |
| X | network device driver | msfirewall.exe | "Added by the DELF-LB TROJAN!"
|
| X | Network Host Service | msmnart32.exe | "Added by the RBOT-CJV WORM!"
|
| X | NewDownloads | "rundll32.exe MSA64CHK.dll | DllMostrar" |
| X | NewMP3 | "rundll32.exe MSA64CHK.dll | DllMostrar" |
| X | NiceDownloads | "rundll32.exe MSA64CHK.dll | DllMostrar" |
| X | NiceMP3 | "rundll32.exe MSA64CHK.dll | DllMostrar" |
| Y | NMSSupport | IntelHCTAgent.exe | "Network monitor for Intel® Hub Connect Technology"
|
| ? | NMSSvc | NMSSVC.EXE | NIC Management Service - diagnostics program for Intel Pro family network cards
|
| Y | NMSVC | nmSvc.exe | "Covenant Eyes - surveillance software that creates records of everything people do on a computer |
| U | Nokia M Platform | NokiaMServer.exe | "Part of the Nokia Music music manager |
| U | NokiaMServer | NokiaMServer.exe | "Part of the Nokia Music music manager |
| X | none | pmsngr.exe | "Added by the ZLOB.MEDIA-CODEC TROJAN! This purports to be a Windows Media Player upgrade (with names such as ""iCodecPack"" |
| X | NordBull | msa.exe | "Added by the DLOADR-CSV TROJAN!"
|
| X | Norton Drive Protection | msdt32.exe | "Added by the FORBOT-GB WORM! Note - this not a valid Norton program!"
|
| X | Nortons AVS Systems | arse.exe | "Added by the RBOT.AWY WORM!"
|
| X | notepad.exe | msmsgs.exe | "Added by the ZLOB TROJAN and variants! Note - this particular msmsgs.exe file is located in %System% and should not be mistaken for the MSN Messenger file of the same name which is located in %Program Files%\Messenger"
|
| X | ntmsevt | ntmsevt.exe | "Added by the STOPED-B TROJAN"
|
| X | NumberOneMP3 | "rundll32.exe MSA64CHK.dll | DllMostrar" |
| X | NvCplDaemon | msmsgrs.exe | "Added by the DLOADER-YI TROJAN!"
|
| X | NvCplScan | msc32.exe | "Added by the FORBOT-DD WORM!"
|
| X | NVIDIA Driver | MSPMSPSU.EXE | "Added by the WOOTBOT.Y WORM!"
|
| X | nvmsgdwn | NVMSGDWN.EXE | "Added by the GRABER-D TROJAN!"
|
| X | NvMsnW | Isass.exe | "Added by the BROPIA.K WORM!"
|
| U | nwrecmsg | nwrecmsg.exe | "Broadcast message handler part of Novell Netware that displays server |
| X | OfficeDeamon | msorunner.exe | "Added by a variant of the TACTSLAY TROJAN!"
|
| X | Offices | msnmgd32.exe | "Added by the FORBOT-DV WORM!"
|
| X | OfficeWord Monitor | msn32.exe | "Added by the RBOT-GUE WORM!"
|
| X | Office_app | msnmrgs.exe | Added by a variant of the VBBANC-A TROJAN!
|
| X | OpenMstart | [path to dialler] | """Switch-E"" premium rate adult content dialer"
|
| X | OS Security | mswind32.pif | "Added by the RBOT-ASU WORM!"
|
| X | Outlook Express | msinm.exe | "Added by a variant of the RBOT WORM!"
|
| ? | pagmstart | client.exe | "??"
|
| N | PCMService | PCMService.exe | "Part of Cyberlink's PowerCinema - which can be used to watch movies |
| X | Performs peer to peer connection | WinPTTP.exe | "Added by the RBOT-GMI WORM!"
|
| N | PhotoShow Deluxe Media Manager | mssysmgr.exe | "Simple Star PhotoShow Deluxe photo editing and organizing software |
| X | picview | msnmsgr.exe | "Added by the BANLOA-AF TROJAN! Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %Windir%"
|
| U | Planlægningsagent | mstask.exe | "Windows Task Scheduler (on Danish language versions of Windows) - displayed as a box with a stopwatch in the System Tray. Required if you have regularly scheduled tasks like defragmenting |
| ? | PLoader | umsd.exe | "USB Mass Storage Disk related tray icon. Is it required?"
|
| X | Plug And Play | msnmsg.exe | "Added by the RBOT-ID WORM!"
|
| X | pmsngr.exe | pmsngr.exe | "Added by the ZLOB.MEDIA-CODEC TROJAN! This purports to be a Windows Media Player upgrade (with names such as ""iCodecPack"" |
| X | PostSetupCheck | Rundll32.exe cpmsky.dll | "TrafficSol adware variant. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The ""cpmsky.dll"" file is found in %System%"
|
| ? | Primsta | Primsta.exe | "Linksys Wireless CompactFlash Card driver related. Is it required?"
|
| X | printerdrv | vdms.exe | "Added by the OPTIXKIL.30 TROJAN!"
|
| X | Printing Driver | msprint.exe | "Added by the RBOT.JH WORM!"
|
| U | PRISMSTA.EXE | PRISMSTA.EXE | Creates a system tray icon for accessing information about Intersil Prism Wireless Settings. Intersil silicon is used by Trendware/Trendnet for example
|
| U | PRISMSVR | PRISMSVR.EXE | Configuration and settings utility for PRISM chipset based wireless modems such as the 2Wire Wireless Gateway (2701HG) and Siemens Gigaset USB Adapter
|
| U | PRISMSVR.EXE | PRISMSVR.EXE | Configuration and settings utility for PRISM chipset based wireless modems such as the 2Wire Wireless Gateway (2701HG) and Siemens Gigaset USB Adapter
|
| X | Protected Storage | RUNDLL32.EXE MSSIGN30.DLL ondll_reg | "Added by the LOVGATE-W WORM! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted"
|
| X | ProtocolDiskChk | ssrms.exe | "Added by the BDOOR-ML BACKDOOR!"
|
| Y | PSIMSVC | PSIMSVC.exe | "Part of Panda Antivirus and Internet Security"
|
| X | q36i36O | lms2cenu.exe | Added by the SECONDTHOUGHT VIRUS!
|
| U | QDM | QdmStart.exe | "QDM (QDI Desktop Manager) - part of QDI ManageEasy for QDI's series of motherboards for monitoring PSU |
| U | QDMStart | QdmStart.exe | "QDM (QDI Desktop Manager) - part of QDI ManageEasy for QDI's series of motherboards for monitoring PSU |
| X | QTSvc | msocfg.exe | Premium rate adult content dialler
|
| N | QuickenSEMessage | Qsemsg.exe | Quicken option
|
| X | QuickSet | mmspng.exe | Added by a variant of the IROFFER.Z TROJAN!
|
| X | R | rundll32.exe msprt.dll | "Chinese originated browser hijacker - redirecting to 4199.com Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted"
|
| X | RavTime | Mstray.exe | "Added by the WUKILL.A WORM!"
|
| N | RealPlayer2 | MsgCenterExe | "RealNetworks RealPlayer related - disabling this application will not affect Real Player in any way"
|
| X | Recoveru systems | svchost.exe | "Added by the SMALL.DDX TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Temp%"
|
| X | RecycleSTR | msreg32.exe | "Added by the RBOT-TC WORM!"
|
| X | Registration Service | msvdm6.exe | "Added by the SDBOT-HE TROJAN!"
|
| X | Registry Value Name Start | MsPMSPSa.exe | "Added by a variant of the SDBOT WORM!"
|
| X | REGMSYS | [path to file] | "Added by the LOWZONE-AX TROJAN!"
|
| X | RegSvr32 | msmsgs.exe | "Added by the ZLOB.B TROJAN! Note - this particular msmsgs.exe file is located in %System% and should not be mistaken for the MSN Messenger file of the same name which is located in %Program Files%\Messenger"
|
| X | Remote Event System | resmsvc.exe | "Added by the IRCBOT.YF BACKDOOR!"
|
| X | Remote Procedure Calls | mswinrpc.exe | "Added by the RBOT.KJ WORM!"
|
| X | Remote Procedure Calls | mswinc.exe | "Added by the RBOT-IT WORM!"
|
| X | Remote Services Manager | msrmsvc.exe | "Added by the SLENFBOT.AJ WORM!"
|
| X | Remove 54tr10 | smss.exe | "Added by the BRONTOK-CH WORM! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in Documents and Settings\<User>\Local Settings\Application Data"
|
| ? | RemStart | remstart.exe | "Part of McAfee's Remote Desktop 32 Agent application. What does it do and is it required?"
|
| X | rollbk | msmpatch.exe | "Added by the SERFLOG.B WORM!"
|
| ? | Roxio Engine | MSMNGR32.EXE | "Not believed to be a valid Roxio program - more likely a variant on the WOMANIZ.A TROJAN!"
|
| X | RPC | MSschost.exe | "Added by a variant of the AGOBOT/GAOBOT WORM!"
|
| X | RPC DCOM Vulnerability Patch | msgfix.exe | "Added by the RBOT.S WORM!"
|
| X | RPCserv32g | MSDEFR.EXE | "Added by the BOBAX.AD WORM!"
|
| X | rrmso | bqhrmug.exe | "Added by the AGENT-GYY TROJAN!"
|
| X | Run Msn Messenger | msnmgr.exe | "Added by the AGOBOT.HA WORM!"
|
| X | Run MSupdt32 | wscript MSupdt32.vbs | "Added by the CASER WORM!"
|
| U | run= | ramsys.exe | "Advanced Startup Manager from Rays Lab"
|
| Y | run= | smsrun16.exe | "Microsoft Systems Management Server (SMS) related - program that reads SMSRUN16.INI on clients running Win 3.1 |
| X | run= | msoffice.exe | "Added by the ADWARELOADER TROJAN! Note - do not confuse with the legitimate Microsoft Office file |
| X | rundll32 | MSDTC.exe | "Added by the STAP-E WORM!"
|
| X | Rundll32_7 | "rundll32.exe MSIEFR40.DLL | DllRunServer" |
| X | RunOnce | [path to mstask32.exe] | "Added by the DELF-IA TROJAN!"
|
| X | RunOnceEx | sms.exe | IESearchToolbar parasite. Identified by Ewido Security Suite (Ewido is now part of AVG Technologies) as the DELF.LF TROJAN!
|
| X | Sakemsneql | simenu.exe | "Added by the SDBOT.BTO WORM!"
|
| X | Samsong | Samsong.exe | "Added by the SDBOT.BNE WORM!"
|
| X | Samsung | Samsungs.exe | "Added by an IRC TROJAN variant!"
|
| U | Samsung MJC-900 Series Monitor | "RUNDLL32.EXE SMMASHLL.DLL | AutoUpdatePnPValue" |
| U | Samsung PanelMgr | SSMMgr.exe | "Monitors ink levels |
| U | SamsungSM PanelMgr | SSMMgr.exe | "Monitors ink levels |
| X | scan | mscman.exe | "ClientMan parasite variant"
|
| X | Scan Register | ssms.exe | "Added by the RBOT-AT WORM!"
|
| X | ScheduIr | msexploren.exe | "Added by a variant of the SDBOT WORM!"
|
| X | Scheduler | MSMSGS.EXE | "Added by the HOSTBANK-A TROJAN! Note - this particular msmsgs.exe file is located in %System%\Config and should not be mistaken for the MSN Messenger file of the same name which is located in %Program Files%\Messenger"
|
| X | Scheduler | msnexploren.exe | "Added by the TACTSLAY.B TROJAN!"
|
| U | SchedulingAgent | mstask.exe | "MS Scheduling Agent in Win98/Me/2K - displayed as a box with a stopwatch in the System Tray that is only needed if you have regular scheduled disk defragmenting |
| U | SchedulingAgent | mstinit.exe | "MS Scheduling Agent in WinNT - displayed as a box with a stopwatch in the System Tray that is only needed if you have regular scheduled disk defragmenting |
| X | SchedulingAgent | mstask.exe | Added by unidentified MALWARE! Note - this is not the MS Scheduling Agent in Win98/Me/2K. This one also loads via the HKLM\RunServices registry key but is located in %System% on a WinXP machine - where a file of that name does not normally exist
|
| X | SchedulingAgent | mstasks.exe | "Added by the MSIC BACKDOOR!"
|
| U | Screen Guard Message Scan | sgms.exe | "Part of Access Denied security and privacy software"
|
| X | ScreenSaverPlus | "rundll32.exe MSA64CHK.dll | DllMostrar" |
| ? | SDMSSplash | launcher.exe | "Part of HP's Smart Desktop Management System - ""Preloaded on select business desktops |
| X | SearchMP3 | "rundll32.exe MSA64CHK.dll | DllMostrar" |
| X | secboot | mszx23.exe | "Added by a variant of the HAXDOOR.BC TROJAN!"
|
| X | SecureLogin | Mslg32.exe | "Added by the REDZED WORM!"
|
| X | secures23 | mssecure.exe | "Added by the AGOBOT-ABY WORM!"
|
| X | Security Accounts Manager SM | samsm.exe | "Added by the SPYBOT.JE WORM!"
|
| X | Security Agent Manager | mssams.exe | "Added by the RBOT-SV WORM!"
|
| X | Security Patch | scmss.exe | "Added by the RBOT-ZW WORM!"
|
| X | Security Patches | msnkn.exe | "Added by the RBOT.WW WORM!"
|
| U | SeMS | SeMS.exe | "PCsms - tool that enables you to send sms text messages from your PC to any UK mobile phone"
|
| X | serpe | msmbw.exe | "Added by the SERFLOG.A WORM!"
|
| X | Server Runtime Process | wbemstest.exe | "Added by the SDBOT-DDB WORM!"
|
| X | Service Drivers | msnpg.exe | "Added by the RBOT.BMD WORM!"
|
| X | Service Drivers | MSNMEssenger.exe | "Added by a variant of the RBOT WORM!"
|
| X | Service Monitor | msnfilen.exe | "Added by the RBOT-ALE WORM!"
|
| X | Service Monitor | javams32.exe | "Added by the DELF-NK TROJAN!"
|
| X | Service Monitor | javams64.exe | "Added by the SDBOT-AFO WORM!"
|
| X | Service Monitor | msnserve.exe | "Added by the SPYBOT.YQW WORM!"
|
| X | Service Process | smss.exe | "Added by the DCMBOT-E TROJAN! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ""config"" subfolder"
|
| X | Services | mshost.exe | "Added by the LANFILT-J TROJAN!"
|
| X | Services Process | smss.exe | "Added by the SMALL-EK TROJAN! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ""config"" subfolder"
|
| X | Services.dll | smss.exe | "Added by the SOBER-L WORM! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\msagent\system and note the space at the beginning of the ""Startup Item"" field"
|
| X | Session Manager Subsystem | smssa.exe | "Added by the RBOT-AGS WORM!"
|
| X | Shell | explorer.exe msbnc.exe | "Added by the AGENT-PL BACKDOOR! Note - do not delete the legitimate Windows Explorer (explorer.exe) which is located in %Windir% and can be used to launch other files. The ""msbnc.exe"" file is located in %System%"
|
| X | Shell | smsc.exe | "Added by the BANCBAN-OY TROJAN!"
|
| X | Shell | Explorer.exe smssnt.exe | "Added by the AGOBOT.EE TROJAN! Note - do not delete the legitimate Windows Explorer (explorer.exe) which is located in %Windir% and can be used to launch other files. The ""smssnt.exe"" file is located in %System%"
|
| X | ShellApi | SHELLMSN.EXE | "Added by the NETDEV.B TROJAN!"
|
| ? | ShowIcon_Justrams_USB Product Driver v2.12r012 | shwicon.exe | "Related to Just Rams USB product driver. Is it required?"
|
| N | Simple Star PhotoShow Media Manager | mssysmgr.exe | "Simple Star PhotoShow photo editing and organizing software |
| U | SimpLite-MSN | SimpLite-MSN.exe | Required if you use the SimpLite add-on to MSN Messenger (SimpLite adds encryption to the instant messaging service)
|
| X | Sistema de Comm | conmsyrtl.exe | "Added by the AGENT-LMV TROJAN!"
|
| X | slmss | slmss.exe | "SeekSeek search hijacker related - see here"
|
| X | SmallAndSecure | mssecure.exe | "Added by the RBOT.CU WORM!"
|
| X | SMS | iro.bat | "Added by the IROFFER.CT TROJAN!"
|
| U | SMS Application Launcher | LAUNCH32.EXE | "Microsoft Systems Management Server - used to manage computers on a network remotely"
|
| U | SMS Client Service | clisvc95.exe | "When the SMS Client service starts on a domain controller |
| X | Sms System32 | SmsSystem32.exe | Unidentified malware
|
| U | SMS Win9x Message Agent | SMSMsg.exe | This program assigns a user to a Systems Management Server site
|
| N | SmsDiscount | SmsDiscount.exe | "SmsDiscount - free internet telephony utility using the VoIP (Voice over Internet Protocol). Call online friends for free and regular phones either for free (limited use) or low rates. One of a number provided by Betamax - the others generally have different rate plans. Similar to the more popular Skype"
|
| N | Smserial | sm56hlpr.exe | Helper utility for Motorola based SM56 software modems - resides in the System Tray
|
| X | SMSERIALSTARTER | win32st.exe | "Added by the FAKEALERT-AH TROJAN! Installed with the SpyBurner spyware remover - which is not recommended |
| X | SMSERIALWORKERSTART | shellexcon.exe | "Added by the FAKEALERT-AH TROJAN! Installed with the SpyBurner spyware remover - which is not recommended |
| X | SMSERIALWORKERSTARTER | winstrse.exe | "Added by the RENOS.IC TROJAN! Installed with the SpyBurner spyware remover - which is not recommended |
| X | SMSERIALWORKSTARTER | comsysobj.exe | "Added by the FAKEALERT-AH TROJAN! Installed with the SpyBurner spyware remover - which is not recommended |
| X | smsger | Win.exe | "Added by a variant of the SDBOT WORM!"
|
| N | SMSI Loader | SMLoader.exe | "Smith Micro HotFax - fax software"
|
| X | smsm | smsm.exe | "Added by the BANKER-CO TROJAN!"
|
| X | smsrv | smsrv.exe | "Added by the AGOBOT-SX WORM!"
|
| X | SMSS | smss.exe | "Added by the FLOOD.F BACKDOOR! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ""Catroot"" subfolder"
|
| X | smss | [path to smss.exe] | "Added by the ALADINZ.F TROJAN! Note - this is not the legitimate smss.exe process which should NOT appear in Msconfig/Startup!"
|
| X | smss | smss.exe | "Added by the AGENT-TR TROJAN! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
|
| X | smss | smss.exe | "Added by the BOROBOT-J TROJAN and variants! Note - this is not the legitimate smss.exe process which should not normally figure in Msconfig/Startup!"
|
| X | Smss | ssms.exe | "Added by the RBOT.OP WORM!"
|
| X | Smss Host | smhost.exe | "Added by the IRCBOT-ACC TROJAN!"
|
| X | smss.exe | csrss.exe | "Added by the DALBUG WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
|
| X | Smss.exe driver | winupd32.exe | "Added by the SDBOT.MI BACKDOOR!"
|
| X | smss32.exe | smss32.exe | "Added by the FAKEAV-ATH TROJAN!"
|
| X | smssLevel4 | smss.exe | "Unidentified malware! ! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %ProgramFiles%\Windows Media Player\Skins\WindowsMediaSkin\Data\Level4"
|
| X | SMSSS | smsss.exe | "Added by the SDBOT.ZD WORM!"
|
| X | SMSSS Loader | smsss.exe | "Added by the AGOBOT.MQ WORM!"
|
| X | SMSSU | SMSSU.EXE | "Added by the STARTPAGE.O TROJAN!"
|
| U | SMSTray | SMSTray.exe | System tray access to Samsung Media Studio
|
| X | SMSvc32 | smsvc32.exe | "Added by the AGOBOT-OL WORM!"
|
| X | smsys | Explorer.exe | "Added by the CLICKER-C BACKDOOR! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in a ""Template"" subfolder"
|
| X | smsys | vi.exe | Adult content dialler
|
| U | SMSystemAnalyzer | SMSystemAnalyzer.exe | "Part of the Iolo System Mechanic optimization tool"
|
| X | sms_msn | sms_msn.exe | Added by an unknown WORM or TROJAN!
|
| X | sms_msn40 | sms_msn40.exe | Added by an unknown WORM or TROJAN infection
|
| X | SN Messenger | msnmsgr.exe | "Added by the RBOT-AVP WORM! Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %System%"
|
| X | Sonic RecordNow! | smsc.exe | "Added by a variant of the SDBOT WORM!"
|
| X | SoundView | msdview32.exe | Trojan downloader
|
| U | Spam Sleuth | SpamSleuth.exe | Spam Sleuth E-mail spam detection program
|
| U | SpamSubtract | SpamSubtract.exe | "Intermute SpamSubtract - junk email detection and removal program"
|
| U | spamsubtract | SpamSub.exe | InterMute™ SpamSubtract - junk email detection and removal program. InterMute™ is now part of Trend Micro and their products are no longer supported
|
| X | Spooler Subsystem Application | smss.exe | "Added by the IRCBOT-ZO TROJAN! Note - the legitimate smss.exe process should not normally figure in Msconfig/Startup!"
|
| X | spoolms | spoolms.exe | "Added by the LEGMIR-ARO TROJAN!"
|
| X | spoolsvr32 | csmss.exe | "Added by the AGENT-AU TROJAN!"
|
| X | spoolsvr32 | csmss32.exe | "Added by a variant of the AGENT-AU TROJAN!"
|
| X | Spore | MsNews.vbs | "Added by the SORPE.A WORM!"
|
| U | SRUUninstall | msiexec.exe | Symantec Network Driver Update - part of LiveUpdate
|
| X | ssgrate.exe | winsystems.exe | "Added by the BAGLEDL-J TROJAN!"
|
| X | ssgrate.exe | wintems.exe | "Added by the MITGLIEDER.Q TROJAN!"
|
| X | SSL Manager | amsnmsgs.exe | "Added by a variant of the SDBOT WORM!"
|
| X | ssms.exe | SSMS.EXE | "Added by the GISMOR WORM!"
|
| X | ssms.exe | winn.exe | "Added by the SDBOT-DHE WORM!"
|
| X | ssmss | ssmss.exe | "Added by the AGENT-MOF TROJAN!"
|
| X | sssasasb32 | msnmsgq32.exe | "Added by the TACTSLAY.F TROJAN!"
|
| X | start uploading | smsss.exe | "Added by a variant of the SDBOT WORM!"
|
| X | Start Uppings | mssupdate.exe | "Added by a variant of the RBOT WORM!"
|
| X | Start Xp Setup | msxp.exe | "Added by the RBOT.AKK WORM!"
|
| X | startkey | rtfmsv.exe | "Added by the EDEPOL-C TROJAN!"
|
| X | StartKey | msnmsie.exe | "Added by the BIFROSE.M BACKDOOR!"
|
| X | StartMenu | msgaol.exe | "Added by the TACTSLAY.C TROJAN!"
|
| U | StormCodec_Helper | StormSet.exe | "Storm Codec is a codec pack for Windows"
|
| X | Streams Drivers | [trojan filename] | "Added by the RESTARTER.E TROJAN!"
|
| X | strmsnmgrs | msnxmsgrsc.exe | "Added by the SDBOT.JDR WORM!"
|
| X | strmsnmsgr | msnmsgrs.exe | "Added by the RBOT-ACQ WORM!"
|
| X | strmsnmsgrs | msnmsgrsc.exe | "Added by a variant of the RBOT WORM!"
|
| X | strmsnnms | msnmegrs.exe | "Added by the SDBOT-YU TROJAN!"
|
| X | strmsnnrs | msnmcgrs.exe | "Added by the RBOT-ACT TROJAN!"
|
| X | strmsoums | msnmegrse.exe | "Added by the SDBOT-ZK TROJAN!"
|
| X | stxrmsgms | mstats.exe | "Added by the IRCBOT-AE TROJAN!"
|
| X | superslut | msslut32.exe | "Added by the SLUTER-A WORM!"
|
| X | SVC Socks | mstaskm.exe | "CoolWebSearch parasite variant"
|
| X | SvcH0st | msexploren.exe | "Added by the BACKDOOR-CGZ TROJAN!"
|
| X | SvcH0st | msnexploren.exe | "Added by the TACTSLAY.B TROJAN!"
|
| X | svshost32 | msgrsv32.exe | Added by the RANKY.AJ TROJAN!
|
| X | svshostdriver | msnmessengerupdate.exe | "Added by the SDBOT-BI BACKDOOR!"
|
| X | SwimSuitNetwork | SwimSuitNetwork.exe | Advertising spyware
|
| X | syelimS-esreveR-troppuS | [filename] | "Added by the LITBOT.C TROJAN!"
|
| X | Sygate Personal Firewall | MSNSRV32.exe | "Added by a variant of the RBOT WORM!"
|
| X | Sygate Personal Firewall | msnmsgrs.exe | "Added by the RBOT.XN WORM!"
|
| X | SyncManager | msorunner.exe | "Added by a variant of the TACTSLAY TROJAN!"
|
| X | SysCom | msnmsgr.exe | "Added by the BANK-AF TROJAN! Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%MSN Messenger or %ProgramFiles%Windows LiveMessenger. This one is located in %Windir%\system"
|
| ? | SysComp | mssdnl.com | "Unknown but suspect as *.com are not usually run at start up and the name isn't recognized"
|
| X | Sysctrls | mscntrl.exe | "Added by the KOLABC.BB WORM!"
|
| X | SysCVMS.exe | SysCVMS.exe | "Added by the SMALL.CBA TROJAN!"
|
| X | Sysgate Personal Firewall | syst3ms.exe | "Added by a variant of the IRCBOT TROJAN!"
|
| X | sysmem | mmsete.exe | "Added by the NOPIR.C WORM!"
|
| X | SysMemory manager | mdms.exe | "Added by the CIMUZ-D TROJAN!"
|
| X | Sysmon | msnmssgs.exe | "Added by the SDBOT.FK WORM!"
|
| X | SysmonLog | mslog.exe | "Added by the AGENT.AOV TROJAN!"
|
| X | sysmss | sysems.exe | "Added by a variant of the SLAPER TROJAN!"
|
| X | sysPersonalFirewall | msnmssgr.exe | "Added by a variant of the RBOT WORM!"
|
| Y | SysPool | Mssvc.exe | "StealthDisk - hides folders |
| X | SysPool | MSSVC32.EXE | "Added by the BANCBAN-IO TROJAN!"
|
| X | system | systemsearch.hta | Jetseeker.com hijacker
|
| X | System | smss.exe | "Added by the AGENT.EP BACKDOOR! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
|
| X | System Backup | msystem.exe | Adult content dialler
|
| X | System Config Manager | smssl.exe | "Added by the AGOBOT-ZJ WORM!"
|
| X | System Document Application | msdocument.exe | "Added by the RANDEX.COX WORM!"
|
| X | System Efficiency Monitor | mscedit32.exe | "Added by the SDBOT.P TROJAN!"
|
| X | System Efficiency Monitor | mscommand.exe | "Added by the KWBOT.P WORM!"
|
| X | System Efficiency Monitor | msedit32.exe | "Added by the STEPH-B WORM!"
|
| X | System Information Manager | Msbb.exe | "Added by the SLINBOT.YR BACKDOOR!"
|
| X | System Information Manager | mslog.exe | "Added by the DELF.AKO TROJAN!"
|
| X | System Initialization | msmsgri32.exe | "Added by the RANDEX.D WORM or ROXY or ROXY.B TROJANS!"
|
| X | System Loader | systems.exe | "Added by the AGOGBOT-FI WORM!"
|
| X | System Management Service | smsc.exe | "Added by the RBOT-ANN WORM!"
|
| X | System Messenger | SYSMSG32.EXE | "Added by the SPYBOT-DK WORM!"
|
| X | System MScvb | mscvb32.exe | "Added by the SOBIG.C WORM!"
|
| X | System Service | MSREXE.EXE | "Added by the AML TROJAN!"
|
| X | System Service | systems.exe | "Added by the AGOBOT.VZ WORM!"
|
| X | System Service | msnwindows.exe | "Added by the SPYBOT.YCL WORM!"
|
| X | System Service | msnxpexe.exe | "Added by the RBOT-AUA WORM!"
|
| X | System Services | ssms.exe | "Added by a variant of the RBOT WORM!"
|
| X | System Session Manager | smss.exe | "Added by the KALEL-E WORM! Note - this is not the legitimate smss.exe process which should NOT appear in Msconfig/Startup!"
|
| X | System Stats | SystemStats.exe | "Added by a variant of the WOOTBOT WORM!"
|
| X | System Tray | msccn32.exe | "Added by the SOBIG.B WORM! Warning - spreading via infected E-mail attachments with the sender address faked as support@microsoft.com! Note - this is not the legitimate systray.exe process"
|
| X | System Update | mssetupconf.exe | "Added by the RBOT.DLC WORM!"
|
| X | System Update Application | msbuffer.exe | "Added by the SDBOT.AFF WORM!"
|
| X | System Updates 4 | mssysfix.exe | "Added by the RBOT-ADU WORM!"
|
| X | System-Config | msptmf32.com | "Added by the LIOTEN.FA WORM!"
|
| X | System51616 | msnmsgesser.exe | "Added by a variant of the PUSHBOT WORM! A family of worms that spread using MSN Messenger"
|
| X | SystemBoot | Mshta.exe ...filename.hta | Adult content dialler
|
| X | Systemboot | msnsngr.exe | "Added by a variant of the RBOT WORM!"
|
| X | systemdrv | ms32sys.exe | "Added by an unidentified WORM or TROJAN - most likely GAOBOT variant"
|
| X | Systems | scchost.exe | "Added by the DAEMOZ.A TROJAN!"
|
| X | Systems | svch0st.exe | "Added by the MYDOOM.BI WORM!"
|
| X | Systems | Systems.exe | "Added by the BANKBOA-A TROJAN!"
|
| X | Systems | itDDD.exe | "Added by the DLOADER-PP TROJAN!"
|
| X | Systems | sescmgr.exe | "Added by the DWNLDR-GAH TROJAN!"
|
| X | Systems | spoolsvc.exe | "Added by the DLOADR-SW TROJAN!"
|
| X | Systems | sysmon.exe | "Added by the VIXUP-BI WORM!"
|
| X | Systems Backups | windrives.exe | "Added by the AGOBOT-RB WORM!"
|
| X | Systems Restart | slchost.exe | "Added by the MULTIDROP.C TROJAN!"
|
| X | Systems Restart | spchost.exe | Added by an unidentified WORM or TROJAN!
|
| X | Systems Restart | "Rundll32.exe beem.dll | DllRegisterServer" |
| X | Systems Restart | "Rundll32.exe snim.dll | DllRegisterServer" |
| X | Systems Restart | "Rundll32.exe zolk.dll | DllRegisterServer" |
| X | Systems Restart | "Rundll32.exe boln.dll | DllRegisterServer" |
| X | Systems Service | drivex.exe | "Added by a variant of the RBOT WORM!"
|
| X | systems usb driver | Windows2.exe | "Added by a variant of the RBOT WORM!"
|
| U | Systems.exe | Systems.exe | "Keyboard Spectator - monitoring software that creates records of everything people do on a computer |
| U | systems.exe | systems.exe | "KGBSpy is a commercial surveillance software program. It logs keystrokes |
| U | SystemSafe | Syssafe.exe | "System Safety Monitor - system monitoring tool with additional application firewalling"
|
| X | SYSTEMSars32 | csrss.exe | "Added by the AHLEM.A WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
|
| X | SystemSAS | System32.exe | "Added by the KWBOT.C WORM!"
|
| X | systemscroot | systembin.exe | "Added by a variant of the RBOT WORM!"
|
| X | SystemSearch | regedit.exe -s ie.reg | "Installs a Seachxl.com browser page hijack. Note that the Windows registry editor (regedit.exe) is a legitimate Microsoft file located in %Windir% and shouldn't be deleted. The file ""ie.reg"" is located in the root folder (ie |
| X | SystemSearch | regedit.exe -s sys.reg | "Installs a i--search.com browser page hijack. Note that the Windows registry editor (regedit.exe) is a legitimate Microsoft file located in %Windir% and shouldn't be deleted. The file ""sys.reg"" is located in %Windir%"
|
| X | SystemSecurity | zprot32.exe | "Added by the AGENT-FK TROJAN!"
|
| X | SystemService | msocfg.exe | Premium rate adult content dialler
|
| X | SystemService | navchk.exe | Premium rate adult content dialler
|
| X | SystemService | qservice.exe | Premium rate adult content dialler
|
| X | SystemService | shman.exe | Premium rate adult content dialler
|
| U | SystemService | nsserver.exe | "NiceSpy keystroke logger/monitoring program - remove unless you installed it yourself!"
|
| X | SystemSettingf | TRUG.vbs | "Added by the TRUG.B MACRO!"
|
| U | SystemSuite Task Manager | MXTASK.EXE | "vcom (nee Ontrack) SystemSuite - PC maintenance and security. Use the program's configuration options to enable only the parts you want running all the time - such as Virusscanner Pro"
|
| X | SystemSv12 | newmaxxsv234.exe | "Added by the TIBS-TS TROJAN!"
|
| X | SystemSv121 | n2ewma1xxsv234.exe | "Added by the TIBS.TJ TROJAN!"
|
| X | SystemTray | mssgl2.exe | "Added by a variant of the IRCBOT TROJAN!"
|
| X | Systesms.exe | systesms.exe | "Added by the RBOT-HI WORM!"
|
| X | SystrayServices | Msxpw.exe | "Added by the CITOR WORM!"
|
| X | SysUtils | smss.exe | "Added by the AUTORUN-AWW WORM! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %UserProfile%"
|
| U | SZMsgSvc.exe | SZMsgSvc.exe | "StopZilla! - pop-up killer"
|
| X | TakeMP3 | "rundll32.exe MSA64CHK.dll | DllMostrar" |
| X | taskmgr.exe | paintms.exe | Added by a variant of the AGENT.AH TROJAN!
|
| X | taskmngr | [path] msnve.exe [path] task.exe | "Added by the FLOOD-EK TROJAN!"
|
| X | taskmsgs | [path to trojan] | "Added by the BANCOS-BBW TROJAN!"
|
| X | TCPIP Protocol | mstcpip.exe | "Added by the SDBOT-LR WORM!"
|
| X | Terminal Services | mstscc.exe | "Added by the SDBOT-CZW WORM!"
|
| X | Testing 123 | msdata.dat | "Added by the NITS.A WORM!"
|
| X | TheBestMP3 | "rundll32.exe MSA64CHK.dll | DllMostrar" |
| X | ThemeMP3 | "rundll32.exe MSA64CHK.dll | DllMostrar" |
| X | Timer | msncomm.exe | "Added by the WEBDOR.AK TROJAN!"
|
| X | Tok-Cirrhatus | smss.exe | "Added by the BRONTOK-A WORM and variants! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %AppData%"
|
| X | Tok-Cirrhatus-2784 | smss.exe | "Added by the BRONTOK-S WORM! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %AppData%"
|
| X | Topic MSNGR32 | MSNGR32.com | "Added by a variant of the IRCBOT TROJAN!"
|
| X | Torjan Program | smss.exe | "Added by the WOWCRAFT.B TROJAN! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
|
| U | TSClientMSIUninstaller | tscuinst.vbs | "Related to Terminal Services Client Remote Desktop Connection Software from Microsoft"
|
| N | TSMsger | TSMsger.exe | "Epson scannner software - required for ""one-touch"" operation. Can be launched manually"
|
| U | TWarnMsg | twarnmsg.exe | "Toshiba System Warning Function for Windows 98 |
| X | tymsetvc | osskhbd.exe | "Added by the MAILBOT-BW TROJAN!"
|
| X | Update | mshtm.exe | Browser hijacker - redirecting to buldog-search.com
|
| ? | Update for Works | MSWkstz.exe | "Maybe related to later versions of MS Works?"
|
| X | Update Run MSword | LOGON.EXE | "Added by the RBOT.TY WORM!"
|
| X | UPDATEMSN | svhost.exe | Added by an unidentified WORM or TROJAN!
|
| X | Updates | msupdate.exe | "CoolWebSearch parasite variant"
|
| X | UpdateXpSp | MS045-XP2.exe | "Added by the IRCBOT.NY TROJAN!"
|
| X | UsB driver | msjavx86.exe | "Added by the AGOBOT-PQ WORM!"
|
| X | USB Drivers1 | msupdate.exe | "Added by a variant of the RBOT WORM!"
|
| X | USB Driverz2 | msnplus1.exe | "Added by the SDBOT-XQ WORM!"
|
| X | USB MS Update | USBS.exe | "Added by a variant of the RBOT WORM!"
|
| X | USB Updates | mservices.exe | "Added by a variant of the SDBOT WORM!"
|
| X | USB Updates | msfirewalls.exe | "Added by a variant of the RBOT WORM!"
|
| X | UsbD | smss32.exe | "Adware - detected by Kaspersky as the AGENT.CJ TROJAN!"
|
| X | USBDrives | msfirewalI.exe | "Added by the RBOT-ABP WORM!"
|
| X | USBHWDRV | msdc.exe | "Added by a variant of the LOWZONE-I TROJAN!"
|
| X | User Messages | usrmsg.exe | "Added by a variant of the IRCBOT TROJAN! See here"
|
| X | User Messages Manager | usnmsgs.exe | "Added by a variant of the IRCBOT TROJAN! See here"
|
| X | User Messenger Manager | usnmsgr.exe | "Added by a variant of the IRCBOT TROJAN! See here"
|
| X | userd | systems.com | "Added by the OUTLAW-A WORM!"
|
| X | userinit | smss.exe | "Added by the DLOADR-B TROJAN! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
|
| X | UtilitiesAndSoftware | "rundll32.exe MSA64CHK.dll | DllMostrar" |
| X | vcmicrec | msccsed.exe | "Added by the MAILBOT-CE TROJAN!"
|
| N | Vegas Palms - Launcher | Launcher.exe | "Vegas Palms on-line cassino"
|
| Y | Vet Alert | vetmsg9x.exe | "Computer Associates "InnoculateIT" and Vet Anti-Virus virus software"
|
| Y | Vet Alert | VETMSG.EXE | "Computer Associates Vet Anti-Virus software"
|
| Y | VetAlert | VETMSG.EXE | "Computer Associates Vet Anti-Virus software"
|
| X | VFW Encoder/Decoder Settings | RUNDLL32.exe MSSIGN30.DLL ondll_reg | "Added by the LOVGATE-W WORM! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted"
|
| X | Video Driver | Msregdrv32.exe | "Added by the SPIGOT BACKDOOR!"
|
| X | Video Process | MS32x16.exe | "Added by the RBOT.RH WORM!"
|
| X | Video Process | MSlti64.exe | "Added by the AGOBOT.UE WORM!"
|
| X | Video Process | msn5.exe | "Added by the AGOBOT-TW WORM!"
|
| X | Video Process | MStli32s.exe | "Added by the RBOT-GAD WORM!"
|
| X | Video Processor | msconfsys88.exe | "Added by the AGOBOT-QG WORM!"
|
| X | Virscanner | smss.exe | "Added by the DWNLDR-GWE TROJAN! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
|
| ? | VirusScanMSC | VsStat.exe | "Part of McAfee VirusScan. System Tray application as with previous versions (were also VsStat.exe) |
| X | VisualStudio | msorunner.exe | "Added by a variant of the TACTSLAY TROJAN!"
|
| X | vmsnGraber | VMSNGRABER.EXE | "Added by the ENVID.B WORM!"
|
| X | vmss | vmss.exe | "Delfin Media Viewer or ""Promulgate"" adware variant"
|
| X | VnCplUpdate | msdm.exe | "Masssend - spam relayer. Listens on a port for the spammers to feed it a list of addresses and what to send out. More information in
| X | Volume Shadow Configuration | vbmsvc.exe | "Added by the SLENFBOT.DH WORM!"
|
| X | vssms32 | vssms32.exe | "Added by the BCKDR-LBF BACKDOOR!"
|
| U | WAWifiMessage | WiFiMsg.exe | """HP Wireless Assistant is a user application that provides a method for controlling the enablement of individual wireless devices (such as Bluetooth or WLAN devices) and that shows the state of the radios for these wireless devices"""
|
| U | WDDMStatus | WDDMStatus.exe | "WD Drive Manager - part of Western Digital's WD SmartWare management software for selected external drives in the My Book and My Passport range. Allows the user see the drive status |
| X | Web Service | MSXMIDI.EXE | "CoolWebSearch parasite variant |
| X | Win INI 32 | msrp32.exe | "Added by the RBOT-FZC WORM!"
|
| X | Win Security | msw32.pif | "Added by the RBOT-AQT WORM!"
|
| X | Win startup | mscfg32.exe | "Added by the SPYBOT-AE WORM!"
|
| X | Win TaskLoader | msgmr.exe | "Added by the MYTOB.L WORM!"
|
| X | Win Update | msnmger.exe | "Added by the RBOT-GDP WORM!"
|
| X | Win32 | msnsrv.exe | "Added by a variant of the SDBOT WORM!"
|
| X | Win32 Cnfg32 | msconfgh.exe | "Added by the MYTOB.NB WORM!"
|
| X | Win32 FRT Driver | msfr32.exe | "Added by the WOOTBOT.EJ WORM!"
|
| X | Win32 Ms Auto Updater | AutomsUPD.exe | "Added by a variant of the RBOT WORM!"
|
| X | Win32 NVIDIA Driver | MSPMSPSU.EXE | "Added by a variant of the WOOTBOT.Y WORM!"
|
| X | win32 regedit | msn32.exe | Added by an unidentified WORM or TROJAN!
|
| X | Win32 Secure | msconfigsvc.exe | "Added by a variant of the SDBOT WORM!"
|
| X | Win32 USB2 Driver | smsc.exe | "Added by the SDBOT.FO WORM!"
|
| X | Win32 USB2 Driver | msn.exe | "Added by the FORBOT-EX WORM!"
|
| X | Win32 Word Services | msword32.exe | "Added by a variant of the RBOT WORM!"
|
| X | win32servv | ms1.exe | "iSearch adware"
|
| X | WinAmpAgent | Msexploren.exe | "Added by the BDOOR-EB BACKDOOR! Note - this is NOT the popular Winamp media player which has a different filename"
|
| X | WinAmpAgent | msnexploren.exe | "Added by the TACTSLAY.B TROJAN!"
|
| X | WinApp32 | msapp.exe | "Added by the RSBOT TROJAN!"
|
| X | WinCSRSS | MSGRT32.EXE | "Added by the REWINDO-A TROJAN!"
|
| X | Wind River Systems | vxworks.exe | "Added by the ACKANTTA WORM! Note that this is not related to the VxWorks platform from Wind River"
|
| X | Wind Security | mswi32.pif | "Added by the RBOT-ARH WORM!"
|
| X | WinDLL (csmss.exe) | "rundll32.exe CSMSS.EXE | start" |
| X | WinDLL (slmss.exe) | "rundll32.exe slmss.exe | start" |
| X | WinDLL (smms.exe) | "rundll32.exe smms.exe | start" |
| X | WinDll (sslms.exe) | "rundll32.exe sslms.exe | start" |
| X | Window Msn Live Messanger | msnmsgsls.exe | "Added by the RBOT.BJD BACKDOOR!"
|
| X | Windows | msdos98.exe | Added by the PWSTEAL TROJAN!
|
| X | Windows | smss.exe | "Added by the BANCBAN-QF TROJAN! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
|
| X | WINDOWS | ymssgr.exe | "Added by the BCKDR-PS BACKDOOR! Note - deactivates the Microsoft\Internet Connection Firewall (ICF)"
|
| X | windows auto update | msblast.exe | "Added by the BLASTER.B WORM!"
|
| X | windows automation | mslaugh.exe | "Added by the BLASTER.E WORM!"
|
| X | Windows Automation | msdspr.exe | "Added by the SOLAME.A WORM!"
|
| X | Windows backup | systemss.exe | "Added by a variant of the SPYBOT WORM!"
|
| X | Windows Bootup | ms-wks32.exe | "Added by the RBOT-AFM WORM!"
|
| X | Windows bypass security SMSS Service | SbiCvy.exe | "Added by the RBOT-GRF WORM!"
|
| X | Windows CODE Fix Msy Startups | msyh32.exe | "Added by the AGOBOT.AKK WORM!"
|
| X | Windows Config Connection | msicll.exe | "Added by the RBOT-EXQ WORM!"
|
| X | Windows Configuration Loader | msgfix.exe | "Added by the SDBOT-NP WORM!"
|
| X | Windows Console Norms | wnbsvc.exe | "Added by a variant of the IRCBOT TROJAN! See here"
|
| X | Windows Dcom2 Fix | mscom32.exe | "Added by the RBOT-QT WORM!"
|
| X | Windows Debugger | msdbg32.exe | "Added by a variant of the RBOT WORM!"
|
| Y | Windows Defender | MSASCui.exe | "Main user interface for Microsoft's Windows Defender on XP/Vista - which ""helps protect your computer against pop-ups |
| X | Windows DotFix live | msdotfix.exe | "Added by the IRCBOT.XGK BACKDOOR!"
|
| X | Windows Driver Services | msdrvs32.exe | "Added by the WOOTBOT.L WORM!"
|
| X | Windows driver update | dmsvc32.exe | "Added by the SDBOT-GP BACKDOOR!"
|
| X | Windows Drivers | ssms.exe | "Added by the RBOT-AT WORM!"
|
| X | Windows Email Server | wmserv.exe | "Added by the FOUNDU-AWORM!"
|
| X | Windows Firewall Manager | msfw.exe | "Added by the RBOT.WR WORM!"
|
| X | Windows firewall manager | msguard.exe | "Added by a variant of the RANDEX.GEL WORM!"
|
| X | Windows Fixes Systems | elite.exe | "Added by the MYTOB.EG WORM!"
|
| X | Windows Generic Proc | procmsg.exe | "Added by the ALLIM.B WORM!"
|
| X | Windows iMessenger Messenger | winimsg.exe | "Added by the ALLIM.A WORM!"
|
| X | Windows Installer 1 | msnconfig.exe | "Added by the PURITYSCN.B TROJAN!"
|
| X | Windows kev Messenger | mskev.exe | "Added by the SDBOT-XV WORM!"
|
| X | Windows Live | msgnms.exe | "Added by the XPACK.AV TROJAN!"
|
| X | Windows Live Client | msnclient.exe | "Added by a variant of the IRCBOT TROJAN! See here"
|
| X | Windows Live Messages | msgnlive.exe | "Added by the AGENT.AYH WORM!"
|
| X | Windows Live Messenger | msnmsgr.exe | "Added by a variant of the RBOT WORM! Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %System%"
|
| X | Windows live Messenger | msn.com | "Added by the IRCBOT-AAV WORM!"
|
| X | Windows Live Messenger | msnlive.exe | "Added by the RBOT.BMV BACKDOOR!"
|
| N | Windows Live Messenger | msnmsgr.exe | "Windows Live Messenger (was MSN Messenger) utility - available via the Start menu. Disable by clicking on the ""Show menu"" icon and select Tools → Options → Sign In → deselect ""Automatically run Windows Live Messenger when I log on to Windows"". This is the Windows Defender/Vista MSConfig entry for version 14.*"
|
| X | Windows Live Messenger | msnd.exe | "Added by the BCKDR-QQQ BACKDOOR!"
|
| X | Windows Live Messenger Addon | wllivemsngr.exe | "Added by a variant of the SDBOT WORM! See here"
|
| X | Windows Live Messenger Servicer | msmgslive.exe | "Added by a variant of the IRCBOT TROJAN! See here"
|
| X | Windows Live Messenger Services | msgrlive.exe | "Added by a variant of the IRCBOT TROJAN! See here"
|
| X | Windows Live Messenger! | livemsngr.exe | "Added by the IRCBOT.AWE BACKDOOR!"
|
| X | Windows Live Messenger! | msgrlive.exe | "Added by a variant of the IRCBOT TROJAN! See here"
|
| X | Windows Live Msgs | wlivemsg.exe | "Added by a variant of the IRCBOT TROJAN! See here"
|
| X | Windows Live Msgs! | wlivemsgs.exe | "Added by a variant of the IRCBOT TROJAN! See here"
|
| X | Windows Live Service | msnlive.exe | "Added by the SLENFBOT.DI WORM!"
|
| X | Windows live Support | wlmsngr.exe | "Added by the RBOT-BKL WORM!"
|
| X | Windows Login | lmss.exe | "Added by the AGOBOT-JA WORM!"
|
| X | Windows Login | msnmsgr.exe | "Added by the AGOBOT-UC WORM! Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %System%"
|
| X | Windows Login | lms.exe | "Added by the AGOBOT-IC WORM!"
|
| X | Windows Media Center | smss.exe | "Added by the WARBOT TROJAN! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
|
| X | Windows Media Driver | msnger.exe | "Added by a variant of the RBOT WORM!"
|
| X | Windows Media Player | msa.exe | "Added by the RBOT-SI WORM!"
|
| X | Windows Media Player | msams.exe | "Added by the RBOT.AHR WORM!"
|
| X | Windows Media Player | msass43.exe | "Added by the RBOT-RT WORM!"
|
| X | Windows Media Server | wmserv.exe | "Added by a variant of the IRCBOT BACKDOOR! See here"
|
| X | Windows Media Server! | wmserver.exe | "Added by a variant of the IRCBOT BACKDOOR! See here"
|
| X | Windows Memory Sharing | memshare.exe | "Added by the IRCBRUTE.AG TROJAN!"
|
| X | Windows Memory Sharing | memshr.exe | "Added by the IRCBOT.MC BACKDOOR!"
|
| X | Windows Messenger | msnsmgs.exe | "Added by the RBOT-ANJ WORM!"
|
| X | Windows Messenger | msnmsg.exe | "Added by the SPYBOT.BV WORM!"
|
| X | Windows Messenger Live MSN | winlivemsnmessenger.exe | "Added by a variant of the IRCBOT BACKDOOR!"
|
| X | Windows Messenger Live Startup | windowslivemsn.exe | "Added by an unidentified WORM or TROJAN! See here"
|
| X | Windows Messenger Live Startup | windowsmsnlive.exe | "Added by the DELF.DAX TROJAN!"
|
| X | Windows Messenger Messenger | winmsg.exe | "Added by the VELKBOT.A WORM!"
|
| X | Windows Messenger Service | winsmsgr.exe | "Added by the RBOT-VW WORM!"
|
| X | Windows Messenger Share | wmssvc.exe | "Added by a variant of the IRCBOT TROJAN! See here"
|
| X | Windows ms Drivers | msnup32.exe | "Added by the SDBOT-AAL WORM!"
|
| X | Windows MS Update 32 | fhm.exe | "Added by the IRCBOT.GEN WORM!"
|
| X | Windows MS Update 32 | sucker.exe | "Added by the FORBOT-GJ WORM!"
|
| X | Windows MS Update 32 | jebote.exe | "Added by the FORBOT-GK WORM!"
|
| X | Windows MSConfig Startup Logger | winlog.exe | "Added by the RBOT.BCU WORM!"
|
| X | Windows MSN | MSN.msn | "Added by the TRIXCU.A WORM!"
|
| X | Windows Msn Live Messanger | msnmsgsman.exe | "Added by a variant of the SDBOT WORM!"
|
| X | Windows MSN Live Messanger | wmsnlive.exe | "Added by the RBOT.BMV BACKDOOR!"
|
| X | Windows MSN Live Messanger | livemsngs.exe | "Added by a variant of the SPYBOT WORM! See here"
|
| X | Windows MSN Live Messenger | winlivemsn.exe | "Added by an unidentified WORM or TROJAN! See here"
|
| X | Windows MSN Live Messenger | winmessengerlive.exe | "Added by the IRCBOT.EAD BACKDOOR!"
|
| X | Windows MSN Updates | wnd32.exe | "Added by the IRCBOT-ABA TROJAN!"
|
| X | Windows MSN2 XP | swchost.exe | "Added by the KOLAB.AA WORM!"
|
| X | Windows MSX drivers | winmsx.exe | "Added by the RBOT-AYG TROJAN!"
|
| X | Windows Network Controller | winmms32.exe | "Added by the FORBOT-ED WORM!"
|
| X | Windows Network Controller | winmms32.exe.exe | "Added by the FORBOT-ED WORM!"
|
| X | Windows Network Service | Msconf32.exe | "Added by a variant of the RBOT WORM!"
|
| X | Windows Performance Monitor | wmscupd.exe | "Added by the IRCBOT_GEN WORM!"
|
| X | Windows Portable Device Drivers | MSKSVRVS.EXE | "Added by a TROJAN - see here"
|
| X | Windows Portable Devices | MSKSVRTSS.EXE | "Added by the SPYBOT.APEO WORM!"
|
| X | Windows Processe Manager | mspn32.exe | "Added by the RBOT.AXO WORM!"
|
| X | Windows Recylinder Check | zwdomsgemw.exe | "Added by the RBOT-EGJ WORM!"
|
| X | Windows Registry | msnmsg.exe | "Added by a variant of the RBOT WORM!"
|
| X | Windows Rundll Center | msnsmgr.exe | "Added by the AGENT-LLB TROJAN!"
|
| X | Windows Rundll Center | msmsgrs.exe | "Added by the IRCBOT-AFA WORM!"
|
| X | Windows Scheduler | wmscheduler.exe | "Added by a variant of the SDBOT WORM! See here"
|
| X | Windows Secure Messaging System | msnmsgrsrvc.exe | "Added by the RBOT-RE WORM!"
|
| X | Windows Secure Services | ssms.exe | "Added by the RBOT-GAR WORM!"
|
| X | Windows Security | ms32.pif | "Added by the RBOT-ARN WORM!"
|
| X | Windows Service Agent | msnmagr.exe | "Added by a variant of the SLAPER TROJAN!"
|
| X | Windows Service Agent | wmscc.exe | "Added by the RBOT-GQP WORM!"
|
| X | Windows Service Agent | msngear.exe | "Added by the RBOT.AHW BACKDOOR!"
|
| X | Windows Service Agent | msngerr.exe | "Added by the RBOT.EOZ WORM!"
|
| X | Windows Service Agent | lcaqmsp.exe | "Added by the RBOT.WFR BACKDOOR!"
|
| X | Windows Service Agent | msnmsgr.exe | "Added by the RBOT.ABIK BACKDOOR! Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %System%"
|
| X | Windows Service Manager | msgs.exe | "Added by the OSCABOT-E WORM!"
|
| X | Windows Service Manager | msnmrg.exe | "Added by the OSCABOT-G WORM!"
|
| X | Windows Service oi worms | [6 random letters].exe | "Added by the SYSTEMHI.OS TROJAN!"
|
| X | Windows Service Update | mswsgs.exe | "Added by the RBOT.FQB WORM!"
|
| X | Windows Services | scmsg.exe | "Added by a variant of the SDBOT WORM!"
|
| X | Windows Services | smsc.exe | "Added by a variant of the SDBOT WORM!"
|
| X | Windows Services Agent | msngears.exe | "Added by the VB-EMS TROJAN!"
|
| X | Windows Services Layer | sslms.exe | "Added by the RBOT-GAH WORM!"
|
| X | Windows Session Manager | smss32.exe | "Added by a variant of the RBOT WORM!"
|
| X | Windows Session Manager Subsystem | smss.exe | "Added by the KALEL-B WORM! Note - this is not the legitimate smss.exe process which should NOT appear in Msconfig/Startup!"
|
| X | windows shellext.32 | mschost.exe | "Added by the BLASTER.K WORM!"
|
| X | Windows smss service | service.exe | "Added by the AGENT-FPY TROJAN!"
|
| X | Windows Spoolsrv Service | spoolmsv.exe | "Added by the SDBOT-ZS WORM!"
|
| X | Windows sq Drivers | winmsn32.exe | "Added by the RBOT-ADI WORM!"
|
| X | Windows Streams Server | localsrv.exe | "Added by the SDBOT.LN WORM!"
|
| X | Windows SysNotify | mssecc.exe | "Added by the AGENT-GFR TROJAN!"
|
| X | WINDOWS SYSTEM | msdev32.exe | "Added by the MYTOB.EH WORM!"
|
| X | WINDOWS SYSTEM | smsc.exe | "Added by the MYTOB-BR WORM!"
|
| X | WINDOWS SYSTEM | msnl.exe | "Added by the MYTOB.IK WORM!"
|
| X | WINDOWS SYSTEM | msn32.exe | "Added by the MYTOB-FX WORM!"
|
| X | WINDOWS SYSTEM | mswins.exe | "Added by the MYTOB.DP WORM!"
|
| X | Windows System Guard | msdn.exe | "Added by the FAKEAV-BJD TROJAN!"
|
| X | Windows System Guard | msng.exe | "Added by the EGGDROP-BO WORM!"
|
| X | Windows System Guard | msns.exe | "Added by the DWNLDR-IGD TROJAN!"
|
| X | Windows System Manager | smsc.exe | "Added by a variant of the RBOT WORM!"
|
| X | Windows System Manager Loader | smsls.exe | "Added by the AGOBOT.TF WORM!"
|
| X | WINDOWS SYSTEM mscdvvs | mscdvvs.exe | "Added by the MYTOB.MD WORM!"
|
| U | Windows System Tray | msni.exe | "Iambigbrother monitoring software"
|
| X | Windows Systems16 | winjews16.exe | "Added by the SDBOT-CXT WORM!"
|
| X | Windows Task Mgr | mstasks.exe | "Added by the IRCBOT.UN BACKDOOR!"
|
| X | Windows Task Mgr! | mstasker.exe | "Added by the IRCBOT.OE BACKDOOR!"
|
| X | Windows Time | tmservice.exe | "Added by a variant of the RBOT-YK WORM!"
|
| X | Windows UDP Control Center | msnmngs.exe | "Added by a variant of the IRCBOT BACKDOOR! See here"
|
| X | Windows UDP Control Center | msnpd.exe | "Added by the SDBOT.EBA BACKDOOR!"
|
| X | Windows UDP Control Center | mswinudpmgr32.exe | "Added by a variant of the IRCBOT BACKDOOR! See here"
|
| X | Windows UDP Control Center | winmsn.exe | "Added by the SDBOT.EBA BACKDOOR!"
|
| X | Windows UDP Control Center | winudpmsgr.exe | "Added by the SDBOT.GAV WORM!"
|
| X | Windows UDP Control Center | msnsmsgrs.exe | "Added by the PUSHBOT.MF WORM!"
|
| X | Windows Update | msnwinsb.exe | "Added by the RBOT-AAH WORM!"
|
| X | windows update | msnsever.exe | "Added by the RBOT-AHN WORM!"
|
| X | Windows Update | msnupdates.exe | "Added by the RBOT-ALK WORM! Note - this file has nothing to do with Windows updates or MSN"
|
| X | Windows Update | msnsupdate.exe | "Added by the RBOT-AXS WORM!"
|
| X | Windows Update | msi.exe | "Added by the BANKER-XB TROJAN!"
|
| X | Windows Update | MSDEVS30.exe | Added by the SPYBOT.AHC WORM!
|
| X | Windows Update | msconfig32.exe | "Added by a variant of the SPYBOT WORM! See here"
|
| X | Windows Update | msnsa32.exe | "Added by a variant of the IRCBOT BACKDOOR! See here"
|
| X | Windows Update | smsscr.exe | "Added by the BANKER-DK TROJAN!"
|
| X | Windows update | msb32.exe | "Added by the GAOBOT.CG WORM!"
|
| X | Windows Update Checker | msupdte32.exe | "Added by the SDBOT-AEF WORM!"
|
| X | Windows Update Firewall System | winmsfw.exe | "Added by the RBOT-EEO WORM!"
|
| X | Windows Update Service | msupdate32.exe | "Added by the DLOADR-CRJ TROJAN!"
|
| X | Windows Update System | mswins.exe | "Added by the IRCBOT.DN WORM!"
|
| X | Windows Updater Services | msnupdate.exe | "Added by a variant of the RBOT WORM!"
|
| X | Windows USBD | msifirewall.exe | Added by an unidentified WORM or TROJAN!
|
| X | Windows Workstation | msup32a.exe | "Added by a variant of the SDBOT WORM!"
|
| X | Windows Workstation Start Service | mslanmgr.exe | "Added by a variant of the RBOT WORM!"
|
| X | Windows32 Configuration Loader | msrf32.exe | "Added by the SDBOT-ABX WORM!"
|
| X | Windows32 Messenger Service | msmsgv.exe | "Added by the RBOT.ANS WORM!"
|
| X | Windows32 Net Database | msnd32.exe | "Added by the RBOT-AAL WORM!"
|
| X | WindowsRegKey%$ update | msi332.exe | "Added by the RBOT-IX WORM!"
|
| X | Windowss Service Agent | mssngear.exe | "Added by the RBOT.KGU BACKDOOR!"
|
| X | WindowsSystem32 | msnmssgr.exe | "Added by the AGENT.ALY BACKDOOR!"
|
| X | WindowsSystem32 | msn_kilo.exe | "Added by the AGENT.ALY BACKDOOR!"
|
| X | WindowsSystem32 | msnmgaer.exe | "Added by the AGENT.ALY BACKDOOR!"
|
| X | WinDOwsUPdate | smss.exe | "Added by the AUTORUN.DIB WORM! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ~A~m~B~u~R~a~D~u~L~� subfolder"
|
| X | WinDynManager | amsnmsg.exe | "Added by the SDBOT-IA BACKDOOR!"
|
| X | Winhlp32 | Wscript.exe Msexec32.vbs | "Added by the GANT.B WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted. The ""Msexec32.vbs"" file is found in %System%"
|
| X | winlogin.exe | mspaint.exe | Added by a variant of the AGENT.AH TROJAN!
|
| X | winlogon | msreg32.exe | "Added by the SDBOT.EO WORM!"
|
| X | winlogon.exe | msole32.exe | "Adware |
| X | WinMedia | msupd******.exe [*= random digit] | Added by the INJECT.163 TROJAN!
|
| X | Winmsg | winwork.exe | "Added by the GAOBOT.GEN!POLY WORM!"
|
| X | WinMsg | winmsgr.exe | "Added by the DLOADR-AS TROJAN!"
|
| X | Winmsg | winwork8.exe | "Added by the AGOBOT-GC WORM!"
|
| X | WinMsrv32 | WinMsrv32.exe | "Added by the GAOBOT.AFJ WORM!"
|
| X | winnsvc | msvc.exe | "Added by the PWS.O TROJAN!"
|
| X | Winnt DNS ident | msnmsrg.exe | "Added by the RBOT.BVQ WORM!"
|
| X | winrun | msconfig.exe | "Added by the WINUR WORM! Note - this is not the legitimate msconfig.exe which should only appear in Msconfig/Startup if you leave the warning box unchecked after changing an Msconfig entry and rebooting. This one is located in c:\winrun"
|
| X | WinsSystem | syssmss.exe | "Added by the DELF.IG TROJAN!"
|
| X | Winsvr | msupd******.exe [*= random digit] | Added by the INJECT.163 TROJAN!
|
| U | WinSystem | WinSystems.exe | "CMKeyLogger keystroke logger/monitoring program - remove unless you installed it yourself!"
|
| X | winsystem.sys | smss.exe | "Added by the SOBER.K WORM! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\msagent\win32 and note the space at the beginning of the ""Startup Item"" field"
|
| X | WinSystems | winsystems16.exe | "Added by the SDBOT-CZT WORM!"
|
| X | winsystems25 | winsystems.exe | "Added by the RBOT-CNZ WORM!"
|
| X | WINTASK | msmgrxp.exe | "Added by the MYTOB.AQ WORM!"
|
| X | WINTASK | msvhost.exe | "Added by the MYTOB-AR WORM!"
|
| X | WINTASK DLL32 | smsrss.exe | "Added by the MYTOB.BS WORM!"
|
| X | WinTimer | msupdate.cmd | "Hijacker - detected by Kaspersky as the STARTPAGE.TJ TROJAN!"
|
| X | Wintl | msdred.exe | Identified as a variant of the Trojan-Spy.Win32.Agent.cch malware
|
| X | WinUpdate Loader | msnnm.exe | "Added by the REVCUSS.C TROJAN!"
|
| X | winupdate2846 | vbsystem35.exe msvbrun.exe | "Added by a variant of the MUTIN-C TROJAN!"
|
| X | winystems25 | winystems.exe | "Added by a variant of the SDBOT WORM!"
|
| X | WMDM PMSP Service | cssrss.exe | "Added by the KNOCKIT-A TROJAN!"
|
| X | wms3 | wms3.exe | "Added by the LEGMIR-AQG TROJAN!"
|
| X | WMSDOS-ServicePack2 | cmd.exe /c C:WMSDOS.sys | "Detected by Bitdefender as the DELF.OFC TROJAN! See here. Note that cmd.exe is a legitimate Microsoft file normally located in %System% and shouldn't be deleted"
|
| X | wmsrc.exe | wmsrc.exe | "PrivacyRedeemer rogue privacy program - not recommended |
| X | wmsys32 | wmsys32.exe | "Added by the BANPAES.B TROJAN!"
|
| ? | WM_LOGIN | MSGLOGIN.EXE | "Part of McAfee Firewall. What is it for and is it needed?"
|
| X | Worms | logon.bat | "Added by the DELMP3-A WORM!"
|
| X | WSAConfiguration | msnote30.exe | "Added by the AGOBOT-KF BACKDOOR!"
|
| X | wsc | mstdl.exe | "MaCatte Antivirus 2009 rogue security software - not recommended |
| X | WSSVC | smsc.exe | "Added by the AUTORUN-AGA WORM!"
|
| U | XE 8x LM Status | lmsxxe.exe | Xerox XE8 series laser printer status monitor
|
| X | XML Service | msxml.exe | "Added by the RBOT-HD WORM!"
|
| X | XMLmedia 10.0 | wmsdkns.exe | "Added by the FAKEALERT TROJAN!"
|
| X | xmstart | xuming.exe | "Added by the GMIN-A WORM!"
|
| X | xpsystem | MSXMIDI.EXE | "CoolWebSearch parasite variant |
| X | xswdmse | [8 random letters].exe | "Added by a variant of the SPYBOT WORM! See here"
|
| ? | XWMSUSBAPI | XWMSAPI.EXE | "Part of the installation of a Xerox WorkCentre printer/scanner. Is it required?"
|
| X | Yahoo Instant Messengar | YahooMsgr.exe | "Added by the SDBOT.GEN TROJAN!"
|
| X | Yahoo Messenger | Yahoomsg.exe | Added by an unidentified WORM or TROJAN!
|
| X | Yahoo! Messanger | ymsngr32.exe | "Added by the WOOTBOT.HY WORM! Note - this should not be confused with Yahoo! Messenger"
|
| X | yahoomsgr | Yahoomsngr.exe | "Added by the AGOBOT.AKZ WORM!"
|
| N | YeppStudioAgent | SamsungMediaStudioAgent.exe | "Samsung Media Studio MP3 player file management software - see here for an example"
|
| X | YhooUapdates | ymssmsgs.exe | "Added by a variant of the SMALL_K TROJAN!"
|
| X | YhooUpdates | ymsmsgs.exe | "Added by the SMALL_K TROJAN!"
|
| X | YourMP3 | "rundll32.exe MSA64CHK.dll | DllMostrar" |
| N | Zebus | msdc32.exe | Runs a HTML tutorial on the Zebus web-site
|
| X | Zip Driver Loader | msload32.exe | "Added by the OBLIVION TROJAN! This executable is one of the most common but there are more"
|
| X | zsms | smss.exe | "Added by the BANCOS-CK TROJAN! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
|
| X | zsmscc | rundll32.exe zsmscc071001.dll mymain | "Added by the GENETIK.KQ TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The ""zsmscc071001.dll"" file is found in %System%"
|
| X | zsmscc | rundll32.exe mycc071208.dll mymain | "Added by the AGENT.FZK TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The ""mycc071208.dll"" file is found in %System%"
|
| X | zsmsgs | iservice.exe | "Added by the BANCOS-BU TROJAN!"
|
| X | zsmss | smss.exe | "Added by the BANCOS-DD TROJAN! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
|
| X | [random characters] | rsbmsc.exe | "Detected by AntiVir antivirus as the BDS/Agent.adt TROJAN!"
|
| X | [random name] | msiexec.exe | "PurityScan adware. Do not confuse with the legitimate Windows® Installer (msiexec.exe) process which is always located in %System% and should not figure in Msconfig/Startup!"
|
| X | [various names] | msdos32.exe | Added by a variant of the AGENT.AH TROJAN!
|
| X | [various names] | msag.exe | "Wareout - malware masquerading as a spyware and dialer remover"
|
| X | [various names] | ms-its.exe | "Wareout - malware masquerading as a spyware and dialer remover"
|
| X | [various names] | MsNetHelper.exe | "Wareout - malware masquerading as a spyware and dialer remover"
|
| X | [various names] | MSTCPDLL.exe | "Wareout - malware masquerading as a spyware and dialer remover"
|
| Y | _AntiSpyware | MssCli.exe | "Part of McAfee AntiSpyware"
|
| X | _Cat1 | nmmst.exe | "Added by the SMALL.SD TROJAN!"
|
| X | _Cat2 | nmstt.exe | "Added by the SMALL-DT TROJAN!"
|
| X | _Cat3 | msmsgrxp.exe | "Added by a variant of the SMALL-DT downloader TROJAN"
|
| X | _Cat4 | msmsgr2.exe | "Added by the SMALL-EB TROJAN!"
|
| X | _Services.dll | smss.exe | "Added by the SOBER-L WORM! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\msagent\system"
|
| X | _winsystem.sys | smss.exe | "Added by the SOBER.K WORM! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\msagent\win32"
|
|
