nsys

NEW HijackThis automated log analyzer! Get your logs analyzed INSTANTLY!

Page

If you're not finding what you're looking for please go to this forum and submit a new startup entry.

Key:

"Y" - Normally leave to run at start-up
"N" - Not required - typically infrequently used tasks that can be started manually if necessary
"U" - User's choice - depends whether a user deems it necessary
"X" - Definitely not required - typically viruses, spyware, adware and "resource hogs"
"?" - Unknown

	Startup Name	Process Name	Details
X	@	winsys32.exe	"Added by the DELF.CP BACKDOOR! Note that the entry under the Startup Item/Name field my be blank"
X	blah service	winsysengine.exe	"Added by the RBOT-KI WORM!"
X	Config Loadr	winsys32.exe	"Added by the AGOBOT-HN WORM!"
X	Configuration Loader	WinSys32ys.exe	"Added by the SDBOT.BCS WORM!"
X	Configuration Loader Service	Winsys32.exe	"Added by the RBOT-YV WORM!"
X	Device Management	wnsystem.exe	"Added by the AGOBOT-LH WORM!"
X	german.exe	winsystems.exe	"Added by the BAGLEDl-AE TROJAN!"
X	I am not Ranky. I am eTunnel!	winsys.exe	Added by an unidentified WORM or TROJAN!
X	InSysSecure	InSysSecure.exe	"InSysSecure rogue security software - not recommended
X	loadwin	winsys.exe	"Added by the QQPASS-J TROJAN!"
U	LogMeIn GUI	LogMeInSystray.exe	"RemotelyAnywhere is a remote administration and remote control solution for Windows. It allows access to the host computer via the network (the LAN
X	Microsoft	winsys32.exe	"Added by the RBOT-GSQ WORM!"
X	Microsoft IT Update	winsyst32.exe	"Added by the RBOT-FC WORM!"
X	Microsoft Security Monitor Process	winsys32.exe	"Added by the VIRUT.N VIRUS!"
X	Microsoft Security Monitor Process	winsyss32.exe	"Added by the RBOT.AEU BACKDOOR!"
X	Microsoft System Monitor	monsys.exe	"Added by the IRCBOT-YV TROJAN!"
X	Microsoft Update	winsys32.exe	"Added by the RBOT.BD WORM!"
X	Microsoft Update	winsys.exe	"Added by the RBOT-GV WORM!"
X	Microsoft Update	winsyst.exe	"Added by the RBOT-DL WORM!"
X	Microsoft Updater	winsys32.exe	"Added by the RBOT.RL WORM!"
X	Microsoft Windows Service	winsys.exe	"Added by the RBOT-ADP WORM!"
X	Microsoft Xp Systems loader	winsystem32xp.exe	"Added by the KELVIR.W WORM!"
X	MSControl31	winnsyst.exe	"Added by the RBOT.CFY WORM!"
N	msnsyslog	msnappm.exe	"Related to Messenger Applications. When you uninstall the trial version the msnappm keeps saying (You have xx days left) this is adware and it very annoying"
X	MSNSysRestore	pc32.exe	Added by a variant of the MASTAK VIRUS!
U	nsys	nsys.exe	"NetSpy keystroke logger/monitoring program - remove unless you installed it yourself!"
X	nsys32	nsys32.exe	"Added by the AGOBOT-SU WORM!"
N	NSystemMonitor	Symmon.exe	Norton Uninstall Deluxe - monitors programs being installed and logs them for removing later. Available via Start -> Programs for manual logging
U	PrnSys Executable	PrnSys.exe	"Print screen utility bundled with some HP printer software - not required
X	Remote Procedure Call	winsysrpc.exe	"Added by the SDBOT-PS WORM!"
X	run	winsys32.exe	"Added by the DELF.CP BACKDOOR!"
U	RunSysd32	RunSysd32.exe	DesktopShield2000 by Stéphane Groleau. Locks the desktop at bootup so that users cannot bypass the Windows screensaver password. Only essential if using the program and is an optional setting. It can be disabled from within
U	ScanSys32	sb32mon.exe	"Part of the SpyBuddy keystroke logger/monitoring program - see here. Remove unless you installed it yourself!"
X	Shell	Explorer.exe winsys32.exe	"Added by the DELF.CP BACKDOOR! Note - do not delete the legitimate Windows Explorer (explorer.exe) which is located in %Windir% and can be used to launch other files. The ""winsys32.exe"" file is located in %Windir%"
X	ssate.exe	winsys.exe	"Added by the BEAGLE.K WORM!"
X	ssgrate.exe	winsystems.exe	"Added by the BAGLEDL-J TROJAN!"
X	systemdll.dll	winsys32.exe	"Added by the DELF.CP BACKDOOR!"
X	this free	winsyst.exe	"Added by the MADAG.A WORM!"
X	transys	"rundll32.exe transys.dll	start"
X	USB 2.0 Driver	Winsys32.exe	"Added by the AGOBOT-QM WORM!"
X	USB 2.0 Driver	winsystem.exe	"Added by the AGOBOT-QS WORM!"
X	VirusScanner	mnsys.exe	"Added by the SDBOT-AFQ WORM!"
X	Windows File Migration Wizard	HIMENSYST.EXE	"Added by the RBOT-EMO WORM!"
X	Windows Messanger Control Center	winsys.exe	"Added by a variant of the IRCBOT BACKDOOR! See here"
X	Windows Networking	winsys32.exe	"Added by the GAOBOT.FL WORM!"
X	Windows Services	winsysdll.exe	"Added by a variant of the IRCBOT BACKDOOR! See here"
X	Windows Services	winsyssrv.exe	"Added by a variant of the IRCBOT BACKDOOR! See here"
X	Windows Startup	Winsys32.exe	"Added by the RBOT.AAB WORM!"
X	Windows System	WINSYS.exe	"Added by the RBOT-AEF WORM!"
X	WINDOWS SYSTEM	winsys33.exe	"Added by the MYTOB.EK WORM!"
X	Windows System	winsys32.exe	"Added by the MYTOB-IS WORM!"
X	Windows System 32	winsys_32.exe	"Added by the RBOT-FTR WORM!"
X	Windows System Configuration	WINSYS32.exe	"Added by the SDBOT.AXK WORM!"
X	Windows System Manager	winsystem.exe	"Added by the RBOT-AN WORM!"
X	Windows System Manager	winsysmgr.exe	"Added by the IRCBOT.BJG BACKDOOR!"
X	Windows System32	winsys32.exe	"Added by the SDBOT-AHS WORM!"
X	WindowsRegKey update	winsys.exe	"Added by the RBOT-JY WORM!"
X	WindowsRegKeys update	winsysi.exe	"Added by the SDBOT.WE WORM!"
X	Windows_Protect	winsystem.exe	"Added by a variant of the RBOT WORM!"
X	windtbs	winsysvc	"Added by the AGOBOT-NH WORM!"
X	winsupdatesysmngr64	winsys64mnger.exe	"Added by the RBOT-BAG WORM!"
U	Winsys	Winsys.exe	"Win-Spy keyboard logger/monitoring software - remove unless you installed it yourself"
X	WINSYS	[path to trojan]	"Added by the GOLDPLAY TROJAN!"
X	winsys	syschost.exe	Added by an unidentified TROJAN!
X	WinSys	winmgmt.com	"Added by the VB.EIW WORM!"
X	WinSys	system.exe	"Added by the DAPROSY WORM!"
X	WinSys32	Winsys32.exe	"Added by the CIGIVIP TROJAN or RECKUS WORM!"
X	winsys32 Driver	winsys32.exe	"Added by the LOONY-O TROJAN!"
U	WinSysAppMon	WinSysRM.exe	"Home & Family Content Filter related. See here"
X	winsysban	[path to trojan]	"Added by the CLICKER-CD TROJAN!"
U	WinSysCheck	sb32mon.exe	"Part of the SpyBuddy keystroke logger/monitoring program - see here. Remove unless you installed it yourself!"
X	winsyslog lptt01	winsyslog.exe	"RapidBlaster variant (in a ""Winsyslog"" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here"
X	WinSysM	371662M.exe	"Added by the WINKO.AO WORM!"
X	WinSysModule	[path to trojan]	"Added by the AGENT-DIQ TROJAN!"
X	WinSysStartUpWKbLw	TaskSystemDll.Exe	"Added by the BACKZAT.G WORM!"
X	WinSyst32	winsyst32.exe	"Added by the MORB WORM!"
X	WinSystem	winsystem.exe	"Added by the WHITEBAIT WORM!"
U	WinSystem	WinSystems.exe	"CMKeyLogger keystroke logger/monitoring program - remove unless you installed it yourself!"
X	Winsystem	Freevideo5.EXE	"Added by the AGENT.FZS WORM!"
X	winsystem.sys	smss.exe	"Added by the SOBER.K WORM! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\msagent\win32 and note the space at the beginning of the ""Startup Item"" field"
X	WinSystems	winsystems16.exe	"Added by the SDBOT-CZT WORM!"
X	winsystems25	winsystems.exe	"Added by the RBOT-CNZ WORM!"
X	winsysupd	[path to trojan]	"Added by the STARTPA-NI TROJAN!"
X	WinSysW	371662L.exe	"Added by the WINKO.AO WORM!"
X	WLWin	WINSYS.EXE	"Added by the NAVER.A WORM!"
X	Zonesoft Cleaner	rnsys.exe	"Added by a variant of the SDBOT WORM!"
X	[various names]	NSYSCPLSTR.exe	"Wareout - malware masquerading as a spyware and dialer remover"
X	[various names]	scanSYS.exe	"Wareout - malware masquerading as a spyware and dialer remover"
X	_winsystem.sys	smss.exe	"Added by the SOBER.K WORM! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\msagent\win32"

DISCLAIMER: It is assumed that users are familiar with the operating system they are using and comfortable with making the suggested changes. I will not be held responsible if changes you make cause a system failure.

This is NOT a list of tasks/processes taken from Task Manager or the Close Program window (CTRL+ALT+DEL) but a list of startup applications, although you will find some of them listed via this method. Pressing CTRL+ALT+DEL identifies programs that are currently running - not necessarily at startup. For a list of tasks/processes you should try WinTasks 5 Standard/Professional from LIUtilities or the list at AnswersThatWork. Therefore, before ending a task/process via CTRL+ALT+DEL just because it has an "X" recommendation, please check whether it's in MSCONFIG or the registry first. An example would be "svchost.exe" - which doesn't appear in either under normal conditions but does via CTRL+ALT+DEL. If in doubt, don't do anything.