| X | LiveUpdate32 | services.exe | "Added by the VB.BAU BACKDOOR! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\isas"
|
| X | lk3h1 | [path to file] | "Added by the MOSUCK-G TROJAN!"
|
| ? | LLMODCL2 | "rundll.exe setupx.dll | InstallHinfSection ..LLMODCL2.INF" |
| U | LManager | QtZpAcer.exe | Acer Launch Manager - on Acer laptops it supports the dedicated multimedia buttons and allows users to configure their function. If the optional WLAN module and Bluetooth radio are installed the associated buttons can set their operating state
|
| U | LManager | HotkeyApp.exe | "Programmable keys on Acer |
| U | LManager | CPLBCL53.EXE | System Tray icon found on Acer Travelmate laptops that allow you control access to the Internet and email buttons and other computer configurations
|
| X | lMAPl | lMAPl.exe | "Added by the AGOBOT-RE WORM!"
|
| ? | lmpdpsrv | lmpdpsrv.exe | "Related to a Lexmark printer/scanner. Printer sharing server? Is it required?"
|
| X | lnternet Explorer | AMSNDMGR.EXE | "Added by the KWBOT.R WORM! Note that the ""l"" is a lower case ""L"" and not an upper case ""I"""
|
| X | lnternet Update | lExplore.exe | "Added by the RBOT-GRH WORM! Note - the executable is spelt with a lower case ""L"" rather than an lower or upper case ""i"" which is the case with Internet Explorer"
|
| X | load | [path to worm] | "Added by the KELVIR.AI WORM!"
|
| X | load | explorer.exe | "Added by the LINEAGE-OZ TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%"
|
| X | load | ctftpscr32.exe | "Added by the AGENT-FPN TROJAN!"
|
| X | load | WinExplorer.exe | "Added by the VB.EIW WORM!"
|
| X | Load-Guard | Wscript.exe LGuarg.exe.vbs | "Added by the YENO.B and YENO.C WORMS! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted. The ""LGuarg.exe.vbs"" file is located in %Windir%"
|
| U | load= | esspk.exe | "Speakerphone capability through a soundcard for an ESS modem"
|
| N | load= | HPWHRC.EXE | Loads the Status Window software for the HP Laserjet printers
|
| ? | load= | WPSLOAD.EXE | "Windows printing system that comes with the setup for Canon BJC series on the manufacturer's disk"
|
| Y | load= | wpshrc.exe | Required to prevent configuration errors on a Compaq LBP-660 and LBP-460 parallel port laser printers (and maybe others)
|
| X | load= | Spoolsv.exe | "Added by the CIADOOR.B TROJAN! Note - this is not the legitimate spoolsv.exe which is always located in %System%. This one is located in %Windir%"
|
| X | load= | dapdll.exe | "Added by the ATAK.E WORM!"
|
| X | Loadab1 | explorer.exe | "Added by the LINEAGE-AJ TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %ProgramFiles%"
|
| X | LoadDBackUp | BcTool.exe | "Added by the GIBE WORM!"
|
| X | loaddr | [path to trojan] | "Added by the AGENT-DIY TROJAN!"
|
| Y | LoadDvpApi9x | DVPAPI9X.exe | Command AntiVirus for Windows 95/98/Me
|
| X | loader | WMPLAYER.EXE | Unknown baddie - WMPLAYER.EXE is stored in the location and uses the same name as Windows Media Player but that valid Windows program doesn't load at startup
|
| X | Loaders | HeIp.exe | "Added by the SDBOT-ADB WORM!"
|
| X | LoadingAgent | ZipLoader32.exe | "Added by the OBLIVION TROJAN! This executable is one of the most common but there are more"
|
| X | loadMecq0 | explorer.exe | "Added by the MUMUBOY.C TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %ProgramFiles%"
|
| X | loadMect1 | explorer.exe | "Added by the LINEAGE-L TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %ProgramFiles%"
|
| X | LoadPFW | wmimgr.exe | "Added by the QEDS-B WORM!"
|
| X | LoadPowerProfile | ASDAPI.EXE | "Added by the CABRO TROJAN! Not to be confused with the valid LoadPowerProfile entry where the command is Rundll32.exe powrprof.dll"
|
| U | LoadPowerProfile | Rundll32.exe powrprof.dll | "Power management specifics such as monitor shut-off |
| X | LoadPowerProfile | Rundll.exe powerprof.dll | "Added by the LOXOSCAM TROJAN! Note - do not confuse with the valid LoadPowerProfile entry! Notice that the infected version uses ""Rundll.exe"" whereas the uninfected version uses ""Rundll32.exe"""
|
| X | LoadPowerProfile | rundl.exe | "Added by the TOFAZZOL TROJAN! Not to be confused with the valid LoadPowerProfile entry where the command is Rundll32.exe powrprof.dll"
|
| X | LoadPowerProfile | Rundll32.exe | "Added by the MIROOT WORM! Note - do not confuse with the valid LoadPowerProfile entry which has ""powrprof.dll"" appended to the command/data line"
|
| X | LoadPowerScheme | rundll32.exe powerprof.dll CheckPowerProfile | "Ulubione adult content dialer. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted"
|
| X | loads.exe | suploads.exe | "Added by the AGENT-BZ TROJAN!"
|
| X | LoadService | Rest In Peace | "Added by the KANGAROO-A WORM!"
|
| X | LoadSIPS | "rundll32.exe SIPSPI32.dll | SIPSPI32" |
| X | Local Area Network | OpenGL.exe | "Added by a variant of the RBOT WORM!"
|
| X | LOCAL INTERNET WEB DRIVERS FOR WIN32 | phqghume.exe | "Added by a variant of the RBOT WORM!"
|
| X | Local Page | http://find.naupoint.com | "Naupoint browser hijacker"
|
| U | LocalProxy | proxy4free.exe | """ProxyTools is a package of Perl network utilities designed mainly to assist those whose Internet access is censored |
| U | Lock My PC | lockpc.exe | "Lock My PC - a tool for quick computer locking when you leave it unattended. It shows a lock screen |
| U | Logan_S2P | Scan2pc.exe | Scan to PC application for the scanning function of the Samsung SCX-4500 Series multifunction printer
|
| N | Logiciel de transfert d'images KODAK | pts.exe | Looks for Kodak camera connection and media insertion. Available via Start -> Programs
|
| X | login | [path to trojan] | "Added by the HOTWORD-A TROJAN!"
|
| X | Login Service | [path to file] | "Added by the MIGMAF TROJAN!"
|
| X | LoginPassport | Lgnpsp32.exe | "Added by the REDIST.C WORM!"
|
| Y | Logitech | Communications_Helper.exe | "Entry added when you install versions of the Logitech QuickCam webcam software. Used to interface your webcam with third party chat and voice programs such as instant messaging clients and Skype. Also |
| N | Logitech . Product Registration | eReg.exe | "Registration reminder from Leader Technologies for Logitech software such as SetPoint for their range of wired and wireless keyboards and pointing devices (mice |
| X | Logitech Desktop | ApPache.exe | "Added by the RBOT-YP WORM!"
|
| X | Logitech Desktop | IPCONN.EXE | "Added by the SDBOT-WE WORM!"
|
| X | Logitech Desktop Controller | wrcam.exe | "Added by a variant of the RBOT WORM!"
|
| N | Logitech Desktop Messenger | setup-8876480.exe | "Installer for Logitech Desktop Messenger included with older versions of the software for Logitech products - which automatically checks for software upgrades and new products |
| N | Logitech Desktop Messenger | ldmconf.exe | "Installed with older versions of the software for Logitech products. Configures the options for Logitech Desktop Messenger to activate notifications about software upgrades and/or new products |
| N | Logitech Desktop Messenger | LogitechDesktopMessenger.exe | "Installed with the software for Logitech products. Automatically checks for software upgrades and new products |
| N | Logitech Desktop Messenger Agent | ldmconf.exe | "Installed with older versions of the software for Logitech products. Configures the options for Logitech Desktop Messenger to activate notifications about software upgrades and/or new products |
| U | Logitech Hardware Abstraction Layer | KHALMNPR.EXE | "Part of Logitech's SetPoint control software for their range of wired and wireless keyboards and pointing devices (mice |
| U | Logitech SetPoint | KEM.exe | Keyboard and mouse drivers and utilities for Logitech's latest products - supersedes iTouch and MouseWare on their older products. Required if you use special features such as multimedia keys
|
| U | Logitech SetPoint | KHALMNPR.EXE | "Part of Logitech's SetPoint control software for their range of wired and wireless keyboards and pointing devices (mice |
| U | Logitech SetPoint | Setpoint.exe | "Logitech SetPoint control software for their range of wired and wireless keyboards and pointing devices (mice |
| N | Logitech Wakeup | lgwakeup.exe | Loads at startup and monitors the scanner. When a document is inserted in the scanner the wakeup program feeds the document a fraction of a inch into the scanner and then it launches the control center software. From the control center you can select whether to fax or copy or print the scanned documents. If you uncheck the Logitech wakeup software from the startup it no longer launches the control center or feeds the document a fraction of an inch. You can manually launch the control center software via Start ->Programs and still be able to scan images
|
| Y | LogitechCommunicationsManager | Communications_Helper.exe | "Entry added when you install versions of the Logitech QuickCam webcam software. Used to interface your webcam with third party chat and voice programs such as instant messaging clients and Skype. Also |
| N | LogitechDesktopMessenger | LogitechDesktopMessenger.exe | "Installed with the software for Logitech products. Automatically checks for software upgrades and new products |
| U | LogitechGalleryRepair | ISStart.exe | "Installed with Logitech's ImageStudio webcam software. The exact purpose of this startup entry is unknown at present |
| Y | LogitechRegisterVideoApplications | InstallHelper.exe | Entry added when you install versions of the Logitech QuickCam webcam software and used to register video applications that can use the webcam on the first reboot after installing the software
|
| N | LogitechSoftwareUpdate | ManifestEngine.exe | "Automatic updater for versions of Logitech QuickCam webcam software. Check for updates via the System Tray icon - see the LogitechVideoTray entry"
|
| U | LogitechVideoRepair | ISStart.exe | "Installed with Logitech's QuickSmart and QuickCam (older versions) webcam software. The exact purpose of this startup entry is unknown at present |
| U | LogitechVideo[inspector] | InstallHelper.exe | Entry added when you install versions of the Logitech QuickCam webcam software and used to monitor and register video applications that can use the webcam. It isn't normally running but you could disable it and re-enable it before you install supported applications
|
| X | Logo | [path to trojan] | "Added by the DLOADER-RH TROJAN!"
|
| X | Logonrepclient1 | CSRSS.EXE | "Added by the BRONTOK-BT WORM and variants! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in Documents and Settings\<User>\Local Settings\Application Data\WINDOWS"
|
| Y | Look 'n' Stop | looknstop.exe | "Look 'n' Stop personal firewall"
|
| X | Lookup_Sys | lookupsys.exe | P04n trojan
|
| X | LosMejoresMP3 | "rundll32.exe MSA64CHK.dll | DllMostrar" |
| N | Lotus Organizer EasyClip | easyclip.exe | ""The Easy Clip icon automates the collection of information from sources such as e-mail to create an Organizer address |
| X | LotusHlp | LotusHlp.exe | "Added by the WINKO.AO WORM!"
|
| N | LowRateVoip | LowRateVoip.exe | "LowRateVoip - free internet telephony utility using the VoIP (Voice over Internet Protocol). Call online friends for free and regular phones either for free (limited use) or low rates. One of a number provided by Betamax - the others generally have different rate plans. Similar to the more popular Skype"
|
| X | LowRiskFileTypes | sysguard.exe | "Added by the FAKEAV-UY TROJAN!"
|
| X | LowVersionSupport | [filename] | "Added by the LASTRAS TROJAN!"
|
| U | LPMailChecker | LPMLCHK.exe | "Part of Lenovo's ThinkVantage® Productivity Center on their ThinkPad notebooks or ThinkCentre desktops. Checks for incoming e-mail and blinks the ThinkVantage button LED"
|
| U | LPManager | LPMGR.exe | "Part of Lenovo's (was IBM) ThinkVantage Productivity Center - ""guides you to a host of information and tools to help you set up |
| X | Lpr | Lpr123.exe | "Added by the REMPSTEAL password stealer TROJAN!"
|
| X | Lpr123 | Lpr123.exe | "Added by the REMPSTEAL password stealer TROJAN!"
|
| U | LPS | Lps.exe | "Local Port Scanner - ""With LPS you're able to check your computer for open or listening ports"""
|
| U | LPtask | lptask.exe | "Program Lock It And Protect Pro - lock and protect your folders from being opened |
| N | LS120 Superdisk | ?? | "Supposed to accelerate transfer rate on LS-120 |
| X | LSA Shell (Export Version) | LSASS.exe | "Added by the AHKER.K WORM and variants. Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
|
| X | lsass | [path to lsass.exe] | "Added by the ALADINZ.F TROJAN! Note - this is not the legitimate lasss.exe process which should NOT appear in Msconfig/Startup!"
|
| X | LSASS 32 | ISASS32.pif | "Added by the ASSIRAL-C WORM!"
|
| X | lsass2k Update | lsass2k.exe | "Added by a variant of the RBOT WORM!"
|
| U | LSPFix | LSPmonitor.exe | "eAcceleration Stop-Sign security software related. Previously not recommended |
| X | lspins | igps.exe | "Detected by Kaspersky as the VB.KC TROJAN!"
|
| U | LSPmonitor | LSPmonitor.exe | "eAcceleration Stop-Sign security software related. Previously not recommended |
| X | Lssas Monitoring Startup | LSSAS.EXE | "Added by the RBOT.XJ WORM!"
|
| U | LtcyCfgApply | LtcyCfg.exe | "PCI Latency Tool - ""Utility to set PCI Latency and possibly prevent game stutter or improve FPS"" for older AGP/PCI graphics cards"
|
| X | LTM2 | MPGSRV32.EXE | "Added by the LITMUS.201 TROJAN!"
|
| X | LTM2 | winupdate.exe | "Added by the LITMUS.203 TROJAN!"
|
| Y | Lto Manager | DesktopLtoManager.exe | "Related to Global Positioning System (GPS) found on HP iPAQ hw6500 unit and others"
|
| X | lup | lup.exe | "Added by the IRCBOT_GEN WORM!"
|
| Y | Lusetup | LUSetup.exe | "Symantec LiveUpdate installer - required to install a new version of the application. Will only run once |
| U | LWBKEYBOARD | KbdAp32A.exe | Keyboard utility for a Labtec brand (and possibly others) keyboard. If you disable this entry you will not be able to use any of the keyboard hotkeys or other non-standard functions on the keyboard
|
| N | Lwinst Run Profiler | lwtest.exe | Logitech Wingman Profiler for the Logitech joysticks. Available via Start -> Programs
|
| Y | lxamsp32 | lxamsp32.exe | Lexmark Scan and Copy Control Program for the X63 (and maybe others) printer/scanner. Required for the scanner to work
|
| Y | LXBSCATS | "rundll32 [path] LXBStime.dll | _RunDLLEntry@16" |
| Y | LXBTCATS | "rundll32 [path] LXBTtime.dll | _RunDLLEntry@16" |
| Y | LXBUCATS | "rundll32 [path] LXBUtime.dll | _RunDLLEntry@16" |
| Y | LXBXCATS | "rundll32 [path] LXBXtime.dll | _RunDLLEntry@16" |
| Y | LXBYCATS | "rundll32 [path] LXBYtime.dll | _RunDLLEntry@16" |
| Y | LXCCCATS | "rundll32 [path] LXCCtime.dll | _RunDLLEntry@16" |
| U | LXCDCATS | "rundll32 [path] LXCDtime.dll | _RunDLLEntry@16" |
| Y | LXCECATS | "rundll32 [path] LXCEtime.dll | _RunDLLEntry@16" |
| Y | LXCFCATS | "rundll32 [path] LXCFtime.dll | _RunDLLEntry@16" |
| Y | LXCGCATS | "rundll32 [path] LXCGtime.dll | _RunDLLEntry@16" |
| Y | LXCJCATS | "rundll32 [path] LXCJtime.dll | _RunDLLEntry@16" |
| Y | LXCQCATS | "rundll32 [path] LXCQtime.dll | _RunDLLEntry@16" |
| Y | LXCRCATS | "rundll32 [path] LXCRtime.dll | _RunDLLEntry@16" |
| Y | LXCTCATS | "rundll32 [path] LXCTtime.dll | _RunDLLEntry@16" |
| Y | LXCYCATS | "rundll32 [path] LXCYtime.dll | _RunDLLEntry@16" |
| Y | LXDBCATS | "rundll32 [path] LXDBtime.dll | _RunDLLEntry@16" |
| Y | LXDCCATS | "rundll32 [path] LXDCtime.dll | _RunDLLEntry@16" |
| Y | LXDDCATS | "rundll32 [path] LXDDtime.dll | _RunDLLEntry@16" |
| Y | LXDICATS | "rundll32 [path] LXDItime.dll | _RunDLLEntry@16" |
| U | LXDJCATS | "rundll32 [path] LXDJtime.dll | _RunDLLEntry@16" |
| N | LXSUPMON | LXSUPMON.EXE | "Lexmark printer related. The printer should work fine without it but what does it do?"
|
| U | LyraHD2TrayApp | LYRAHD2TrayApp.exe | Related to RCA Lyra MP3 Player
|
| X | LzioMediaUpdater | LzioMediaUpdater.exe | "LZIO.com adware downloader"
|
| ? | M Player Post Installer | postinstallm.exe | "??"
|
| U | M-Audio MobilePre Control Panel Launcher | MPTask.exe | "Control Panel Launcher for MobilePre USB bus-powered preamp and audio interface from M-Audio"
|
| X | M1cr0s0ft Upd4t4zS | update32.exe | "Added by the RBOT-MI WORM!"
|
| X | M3Development_WhenUSave_Installer | M3Development_WhenUSave_Installer.exe | "WhenU.Save adware"
|
| U | MacDrive application | MacDrive.exe | "MacDrive 7 from Mediafour Corporation - ""enables anyone using Windows Vista |
| ? | MacDrive7.0.4TimeOutPatch | TimeOutPatch.EXE | "Part of MacDrive 7 from Mediafour Corporation - ""enables anyone using Windows Vista |
| X | Macfee Security Patch | Mpfsheild.exe | "Added by the RBOT-NP WORM!"
|
| X | Machine Update Soft | wusas.exe | Added by an unidfentified WORM!
|
| X | machine-debugger | WMIPRVSW.exe | "Added by the AGOBOT.WW WORM!"
|
| X | Macromedia 8 | Flash Player.exe | "Added by the JAMBU-A WORM!"
|
| X | Macromedia Critical Updater | rarww.exe | "Added by a variant of the RBOT WORM!"
|
| X | Macromedia Drive | Iexplor32.exe | "Added by a variant of the RBOT WORM!"
|
| X | Macromedia Flash Update | scvhost.exe | "Added by a variant of the RBOT WORM!"
|
| U | MacroPhone | macrophone.exe | "MacroPhone is a network based telephony application that ""allows you to handle server based voice mail and fax functions for all users in your company"" and ""offers many related functions |
| U | MacroPhone Client | macrophone.exe | "MacroPhone is a network based telephony application that ""allows you to handle server based voice mail and fax functions for all users in your company"" and ""offers many related functions |
| N | Macrovision Update Service | issch.exe | "InstallShield is used by a number of software producers to install their programs and manage software updates. This entry runs scheduled searches for and performs any updates to supported installed software so you're always working with the most current version. Manually check for software updates for installed programs on a regular basis"
|
| N | Macrovision Update Service | ISUSPM.exe | "InstallShield is used by a number of software producers to install their programs and manage software updates. This entry searches for and performs any updates to supported installed software so you're always working with the most current version. Manually check for software updates for installed programs on a regular basis"
|
| U | MAFWTaskbarApp | MAFWTray.exe | Drivers for the M-Audio Firewire Audiophile - Interface
|
| X | Magicantispy | Magicantispy.exe | "Magicantispy rogue spyware remover - not recommended |
| U | MagicKeyboard | PreMKBD.exe | "Related to Samsung laptops. Provides ability to program keys to perform specific functions"
|
| X | MailBlocker | [path to trojan] | "Added by the AGENT-LRJ TROJAN!"
|
| Y | MailScan Dispatcher | Launch.exe | "MicroWorld MailScan Dispatcher splits each e-mail message into various components such as the header |
| ? | Main Executable (HP) | HP05T0R5.exe | "HP (Hewlett-Packard) related. Maybe related to printers. Now - what does it do?"
|
| X | Major Microsoft Windows Driver Boot loader | bpool.exe | "Added by the MYTOB.AJ WORM!"
|
| U | Malware Sweeper | MalSwep.exe | "Malware Sweeper - ""Protects the user from malicious malware and monitors the sanity of the running programs"""
|
| X | Malware-Wipe | Malware-Wipe.exe | "MalwareWipe rogue security software variant - not recommended |
| X | Malware-Wiped | Malware-Wiped.exe | "MalwareWipe rogue security software variant - not recommended |
| Y | Malwarebytes' RogueRemover PRO | RogueRemoverPRO.exe | "Part of Malwarebytes' RogueRemover PRO - the realtime ""RogueMonitor will alert you before you download a rogue application keeping you safe and secure before trouble occurs."" Now discontinued and the funtionality is included in Malwarebytes' Anti-Malware"
|
| X | MalwareProMFC | MalwarePro.exe | "MalwarePro rogue security software - not recommended |
| X | MalwareStopper | MalwareStopper.exe | "Malware Stopper rogue security software - not recommended"
|
| X | MalwaresWipeds | MalwareWipeds.exe | "MalwareWipe rogue security software variant - not recommended |
| X | MalwareWipe | MalwareWipe.exe | "MalwareWipe rogue security software - not recommended |
| X | MalwareWiped | MalwareWiped.exe | "MalwareWipe rogue security software variant - not recommended |
| X | MalwareWiped 5.5 | MalwareWiped 5.5.exe | "MalwareWipe rogue security software variant - not recommended |
| X | MalwareWiped 5.6 | MalwareWiped 5.6.exe | "MalwareWipe rogue security software variant - not recommended |
| X | MalwareWiped 5.7 | MalwareWiped 5.7.exe | "MalwareWipe rogue security software variant - not recommended |
| X | MalwareWiped 5.8 | MalwareWiped 5.8.exe | "MalwareWipe rogue security software variant - not recommended |
| X | MalwareWiped 6.1 | MalwareWiped 6.1.exe | "MalwareWipe rogue security software variant - not recommended |
| X | MalwareWiped 6.2 | MalwareWiped 6.2.exe | "MalwareWipe rogue security software variant - not recommended |
| X | MalwareWiped 6.3 | MalwareWiped 6.3.exe | "MalwareWipe rogue security software variant - not recommended |
| X | MalwareWiped 6.4 | MalwareWiped 6.4.exe | "MalwareWipe rogue security software variant - not recommended |
| X | MalwareWiped 6.9 | MalwareWiped 6.9.exe | "MalwareWipe rogue security software variant - not recommended |
| X | MalwareWipeds | MalwareWipeds.exe | "MalwareWipe rogue security software variant - not recommended |
| X | MalwareWipePro | MalwareWipePro.exe | "MalwareWipe rogue security software variant - not recommended |
| X | MalwareWiper | MalwareWiper.exe | "MalwareWipe rogue security software variant - not recommended |
| X | ManageProtocolCtrl | csmsv.exe | "Added by the LOOKSKY.B TROJAN!"
|
| X | MapEDC | MapEDC.exe | "Added by the WaveRevenue-McBoo TROJAN!"
|
| X | MapiDrv | mpisvc.exe | "Added by the MIPSIV TROJAN!"
|
| X | mapisvc32 | mapisvc32.exe | "Added by the KX VIRUS and also recognised by Symantec as FPAI adware"
|
| X | Mapiyasha | Mapiyasha.exe | "Added by the SILLYFDC-DM WORM!"
|
| U | Maple_S2P | Scan2pc.exe | Scan to PC application for the scanning function of the Samsung CLX-216x Series multifunction printers
|
| X | Martini | pinmart.exe | "Added by a variant of the SDBOT WORM!"
|
| X | Mascro soft SDK updates2 | SDKrepair2.exe | "Added by the SDBOT.BXM WORM!"
|
| X | Master Card Updaate 32 | Mastercard32.exe | "Added by a variant of the RBOT WORM!"
|
| U | Master Volume Spy | MASTERVOLUMESPY.EXE | "Volume control for the Gateway Destination ""DestiVu"" media interface"
|
| X | MasterBoot Switch | popupkill.exe | "Added by a variant of the RBOT WORM!"
|
| U | Matador | mantispm.exe | "MailFrontier Desktop (Matador) email spam blocker software"
|
| N | Matrox Powerdesk | PDesk.exe | """Matrox PowerDesk software provides extra multi-display desktop management controls"""
|
| N | Matrox PowerDesk 8 | matrox.powerdesk.exe | """Matrox PowerDesk software provides extra multi-display desktop management controls"""
|
| N | Matrox PowerDesk SE | Matrox.PowerDesk SE.exe | "Matrox PowerDesk SE - multi-display desktop management controls"
|
| X | MAV_check | mav_startupmon.exe | "Part of the WinAntiVirus Pro 2007 rogue security software - not recommended |
| X | mav_startupmon | mav_startupmon.exe | "Part of the WinAntiVirus Pro 2007 rogue security software - not recommended |
| X | MaxAntiSpy | MaxAntiSpy.exe | "MaxAntispy Russian rogue spyware remover - not recommended"
|
| Y | MayaPan | MayaPan.Exe | "Audiotrak Maya soundcard driver"
|
| X | mb2np | [random filename] | Added by the IRCBOT.TJ WORM!
|
| U | MBProbe | mbrpobe.exe | "MBProbe - only needed if you overclock your system and want to keep a check on system temperatures/voltages/etc. Available via Start -> Programs"
|
| X | McAfee Antivirus Protection | mcafeeAV.exe | "Added by a variant of the RBOT WORM!"
|
| Y | McAfee Application Installer | mcappins.exe | Used by older versions of McAfee internet security related products to clean up installation files that are no longer required once the product is installed. This entry will normally only appear once the product has been installed before the system is rebooted
|
| X | Mcafee Auto Protect | mcafeshield.exe | "Added by the RBOT-UH WORM!"
|
| U | McAfee Backup | McAfeeDataBackup.exe | "McAfee Online Backup (formerly Data Backup) - ""takes the hassle out of manually backing up all of your valuable digital files - from Microsoft Outlook email and contacts to treasured family photos"". Available as a stand-alone product or included in Internet Security and Total Protection"
|
| U | McAfee Backup and Restore | McAfeeDataBackup.exe | "McAfee Online Backup (formerly Data Backup) - ""takes the hassle out of manually backing up all of your valuable digital files - from Microsoft Outlook email and contacts to treasured family photos"". Available as a stand-alone product or included in Internet Security and Total Protection"
|
| U | McAfee Data Backup | LogOnHook.exe | "Part of McAfee Data Backup (now Online Backup) - which ""takes the hassle out of manually backing up all of your valuable digital files - from Microsoft Outlook email and contacts to treasured family photos"". Available as a stand-alone product or included in Internet Security and Total Protection. The exact purpose of this entry is unknown at present but it unloads after startup"
|
| U | McAfee Data Backup | McAfeeDataBackup.exe | "McAfee Data Backup (now Online Backup) - ""takes the hassle out of manually backing up all of your valuable digital files - from Microsoft Outlook email and contacts to treasured family photos"". Available as a stand-alone product or included in Internet Security and Total Protection"
|
| Y | McAfee Desktop Firewall Tray | FireTray.exe | "McAfee Desktop Firewall"
|
| Y | McAfee Family Protection | mfp.exe | "McAfee Family Protection - which 'is easy-to-use and built to empower parents to say ""yes"" to their children's online interests while protecting them as they learn and explore' and ""protects children of all ages from exposure to inappropriate content |
| Y | McAfee Firewall | CPD.EXE | Firewall bundled with McAfee VirusScan 6.*. Can also be listed as CPD_EXE
|
| Y | McAfee Managed Desktop Agent | MYAGTSVC.EXE | "Part of the now obsolete McAfee Managed VirusScan anti-virus and anti-spyware security tool for small businesses. Starts via a registry ""RunServices"" key on Windows 98/Me and as a service on Windows NT/2K/XP"
|
| U | McAfee Online Backup | MOBKstat.exe | "System Tray access to McAfee Online Backup (formerly Data Backup) - ""takes the hassle out of manually backing up all of your valuable digital files - from Microsoft Outlook email and contacts to treasured family photos"". Available as a stand-alone product or included in Internet Security and Total Protection"
|
| U | McAfee Online Backup Status | MOBKstat.exe | "System Tray access to McAfee Online Backup (formerly Data Backup) - ""takes the hassle out of manually backing up all of your valuable digital files - from Microsoft Outlook email and contacts to treasured family photos"". Available as a stand-alone product or included in Internet Security and Total Protection"
|
| X | McAfee Online virus Scanner | avp.exe | "Added by the RBOT-GCV WORM! Not to be confused with Kaspersky anti-virus and AOL's Active Virus Shield (by Kaspersky) - found in either a Kaspersky or AOL sub-directory"
|
| U | McAfee QuickClean Imonitor | Plguni.exe | "Part of McAfee's QuickClean - which removes internet clutter and unwanted programs. This entry monitor changes made to the registry so that they can be undone later using QuickClean - such as removing programs. QuickClean is now integrated into their Total Protection |
| Y | McAfee SecurityCenter | McUpdate.exe | Automatic virus definition and software updates/upgrades for older versions of McAfee VirusScan and the now obsolete McAfee VirusScan Online
|
| U | McAfee SpamKiller | MskAgent.exe | "McAfee SpamKiller - rule-based and list-based spam filter. Available as a stand-alone product or included in older versions of Internet Security and Total Protection"
|
| X | McAfee Windows Protection | mcafee32.exe | "Added by a variant of the SPYBOT WORM!"
|
| U | McAfee.InstantUpdate.Monitor | RuLaunch.exe | "Instant Updater for McAfee's VirusScan |
| U | McAfeeDataBackup | McAfeeDataBackup.exe | "McAfee Online Backup (formerly Data Backup) - ""takes the hassle out of manually backing up all of your valuable digital files - from Microsoft Outlook email and contacts to treasured family photos"". Available as a stand-alone product or included in Internet Security and Total Protection"
|
| X | MCAFEEIPS | setup.exe | "Added by the WHITEWELL TROJAN!"
|
| X | McAfeeScanPlus | McAfeeScanPlus.exe | "Added by the MEPCOD TROJAN! This trojan file does not belong to any McAfee Antivirus Software and is found in the Windows or Winnt folder"
|
| Y | McAfeeUpdaterUI | UpdaterUI.exe | McAfee common updater user interface
|
| Y | McAfeeUpdaterUI | UdaterUI.exe | Updater user interface for McAfee's VirusScan Enterprise corporate anti-virus and anti-spyware security tool
|
| Y | mcappins | mcappins.exe | Used by older versions of McAfee internet security related products to clean up installation files that are no longer required once the product is installed. This entry will normally only appear once the product has been installed before the system is rebooted
|
| X | mceipww | [8 random letters].exe | "Added by the ZHELATIN.EQ WORM!"
|
| N | MCPLaunch | MCPLaunch.exe | "Launcher for Message Center Plus ""which alerts you when conditions arise on your computer that require your attention"" on IBM/Lenovo ThinkCentre desktops |
| X | Mcrosoftr Update | Mcrosoftr.exe | "Added by a variant of the RBOT WORM!"
|
| Y | McUpdate | McUpdate.exe | Automatic virus definition and software updates/upgrades for older versions of McAfee VirusScan and the now obsolete McAfee VirusScan Online
|
| Y | MCUpdateExe | McUpdate.exe | Automatic virus definition and software updates/upgrades for older versions of McAfee VirusScan and the now obsolete McAfee VirusScan Online
|
| X | MCX Update | wisp.exe | "Added by the RBOT-AQH WORM!"
|
| X | MCX Updte | scorti.exe | "Added by the RBOT-ARP WORM!"
|
| X | MD IE Plugin | md.exe | "Marketdart spyware"
|
| X | MD IE Plugin | winy.exe | Adware
|
| U | MDDiskProtect | MDDiskProtect.exe | "Part of MacDrive 6 CrossStripe Edition from Mediafour Corporation - ""a perfect way to share files between Mac OS and Windows."" Unlike the standard version of MacDrive 7 |
| U | MDDiskProtect.exe | MDDiskProtect.exe | "Part of MacDrive 6 CrossStripe Edition from Mediafour Corporation - ""a perfect way to share files between Mac OS and Windows."" Unlike the standard version of MacDrive 7 |
| X | mdetect | [path to trojan] | "Added by the SPABOT TROJAN!"
|
| X | mdwmdmsp | mdwmdmsp.exe | "Adware - detected by Kaspersky as the AGENT.AM TROJAN!"
|
| X | Media Adapter | bitblt.exe | "Added by the HANSAH-A WORM!"
|
| U | Media Card Companion Monitor | MCC Monitor.exe | "Monitor for Media Card Companion from ArcSoft. ""Automates the tedious processes associated with downloading and sharing files from digital cameras |
| U | Media Codec Update Service | update.exe | "Windows Essentials Codec Pack 1.0 is a collection of the most commonly needed video and audio codecs. This program allows keeps these codecs updated"
|
| X | Media Pass | MediaPassK.exe | "WindUpdates MediaPass adware"
|
| X | Media Pass | MediaPass.exe | "WindUpdates MediaPass adware"
|
| X | Media Player | media.exe | "Added by the FLDMEDIA-A TROJAN!"
|
| X | Media Player | wmplayer.exe | "Added by a variant of the AGOBOT.BM WORM! Note - this is not the valid Windows Media Player as the file is located in %System% rather than %ProgramFiles%\Windows Media Player"
|
| X | Media Player | Sysdll.exe | "Added by the BANKER-BR TROJAN!"
|
| X | Media Player | Sysnet.exe | "BANKER.MW spyware"
|
| X | Media Player Update | xpsp1mfh.exe | "Added by a variant of the RBOT WORM!"
|
| X | Media Plug x.1.2 | msdm.exe | Added by the MULDROP.352 VIRUS!
|
| X | Media service | notpad.exe | "Added by a variant of the AGOBOT/GAOBOT WORM!"
|
| X | Media Software UPdater | sscs.exe | "Added by the RBOT-ABE WORM!"
|
| X | Media Transfer Protocals | msstc.exe | "Added by a variant of the IRCBOT TROJAN!"
|
| X | Media-XP-Service-Pack3 | msnzx.exe | "Added by the SDBOT-ACW WORM!"
|
| X | MEDIA32 | [path to trojan] | "Added by the PURSCAN-Z TROJAN!"
|
| U | Mediafour MacDrive | MDDiskProtect.exe | "Part of MacDrive 6 CrossStripe Edition from Mediafour Corporation - ""a perfect way to share files between Mac OS and Windows."" Unlike the standard version of MacDrive 7 |
| U | Mediafour XPlay Tray Notification Icon | Xptryicn.exe | "Mediafour Xplay - allows you to use an Apple iPod digital music player with a PC running Windows. If not used regularily start manually before connecting the iPod"
|
| U | Mediafour XPlay Tray Notification Icon | Xptryicn.exe | "Xplay 2 from Mediafour Corporation - ""expands what you can do with any iPod |
| X | mediamotor.exe | mmups.exe | "Added by the AGENT-BY TROJAN!"
|
| X | MediaPath | Proyecto1.exe | "Added by the GRUEL WORM!"
|
| X | MediaPath | Root.exe | "Added by the GRUEL WORM!"
|
| X | MediaPipe P2P Loader | mpp2pl.exe | "MediaPipe peer-to-peer file swapping program also reported as a hijacker"
|
| X | mediaplayer.exe | mediaplayer.exe | "Added by the BANKER-EUT TROJAN! The file is located in %Windir%\Sun\Java\Deployment\logs"
|
| X | mediaplayer.exe | mediaplayer.exe | "Added by the BANKER.AOVZ TROJAN! The file is located in %Windir%\msagent\gf"
|
| X | MediaPlayeS | MediaPlayer_update.exe | "Added by the STARTER-K TROJAN!"
|
| X | mediapluscash.exe | mediapluscash.exe | "MediaGateway adware"
|
| X | MediaXPServicePack | mxpsp.exe | "Added by the SDBOT.CDT WORM!"
|
| U | MEDIC | sprtcmd.exe /P MEDIC | "Self-help support tool for an unidentified high-speed internet provider (provided by SupportSoft |
| U | medicsp2 | sprtcmd.exe /P medicsp2 | "Self-help support tool for an unidentified high-speed internet provider (provided by SupportSoft |
| U | MegaPanel | HSTrans.exe | "Homescan Internet Transporter - part of ACNielson Homescan. Recognizes when the ACNielsen Homescan Scanner is attached to the computer and allows it to transmit scanner information to ACNielsen"
|
| X | MegaVirusKit | pgs.exe | "MegaVirusKit rogue security software - not recommended. A member of the AVSystemCare family"
|
| ? | meidntpa | vqgdpfrs.exe | "??"
|
| X | MemConfig | SetupIE.com | "Added by the TAPLAK WORM!"
|
| X | Memory Manager | memorymanager.pif | "Added by the DELF-JJ TROJAN!"
|
| U | MemoryZipperPlus | memzip.exe | "Memory Zipper Plus - ""optimizes the memory management of your system and boost-up its performance amazingly!"""
|
| X | MenaceSecure | pgs.exe | "MenaceSecure rogue security software - not recommended. A member of the AVSystemCare family"
|
| N | MenuSnap | MenuSnap.exe | "MenuSnap from Rietta Solutions. Utility that re-orders your Start Menu items alphabetically. You may not want this utility if you're able to do this manually by selecting Start -> Programs and right-clicking and choosing "Sort by Name" if availabe"
|
| N | Message Center Plus | MCPLaunch.exe | "Launcher for Message Center Plus ""which alerts you when conditions arise on your computer that require your attention"" on IBM/Lenovo ThinkCentre desktops |
| X | Messenger Explorer | m41n.exe | "Added by the SDBOT-SA BACKDOOR!"
|
| X | Messenger Protocol | netsender.exe | "Added by the SDBOT-ACC WORM!"
|
| X | Messenger Service Updater | svshost.exe | "Added by the MYTOB.GC WORM!"
|
| X | Messenger start-up | Msgran.exe | "Added by the GRAMOS WORM!"
|
| X | Messenger6 | command.pif | "Added by the INZAE.B WORM!"
|
| N | MessengerPlus | MsgPlus.exe | "MessengerPlus - third party MSN Messenger extension that adds a number of useful features. Bundles the hard to remove C2Media LOP adware. The software does offer you a choice during setup - make sure to install MessengerPlus WITHOUT that ""sponsor program""!"
|
| N | MessengerPlus2 | MsgPlus.exe | "MessengerPlus - third party MSN Messenger extension that adds a number of useful features. Bundles the hard to remove C2Media LOP adware. The software does offer you a choice during setup - make sure to install MessengerPlus WITHOUT that ""sponsor program""!"
|
| N | MessengerPlus3 | MsgPlus.exe | "MessengerPlus - third party MSN Messenger extension that adds a number of useful features. Bundles the hard to remove C2Media LOP adware. The software does offer you a choice during setup - make sure to install MessengerPlus WITHOUT that ""sponsor program""!"
|
| X | MeTaLRoCk (irc.musirc.com) has sex with printers | metalrock-is-gay.exe | "Added by the RANDEX.Q WORM!"
|
| X | MeuPrograma | accwizz.exe | "Added by the RULAND.A WORM!"
|
| X | mfhsornwnduy | regsvr32.exe gisyflngpshcvuakv.dll | "Pro AntiSpyware 2009 rogue spyware remover - not recommended |
| Y | mfp | mfp.exe | "McAfee Family Protection - which 'is easy-to-use and built to empower parents to say ""yes"" to their children's online interests while protecting them as they learn and explore' and ""protects children of all ages from exposure to inappropriate content |
| U | MFP PanelMgr | SSMMgr.exe | "Monitors ink levels |
| Y | MFP Server Agent | MFPAgent.exe | "Multi Function Printer (MFP) Server Agent for Belkin's Wirless G All-in-One Print Server and ZyXEL's NPS-520"
|
| U | MFP1815_S2P | Scan2pc.exe | Scan to PC application for the scanning function of the Dell Laser MFP 1815 multifunction printer
|
| N | MGA_CD_Install | mgasetup.exe | Matrox Millennium video driver. Not required once drivers installed
|
| X | mgmtapi | mgmtapi.exe | Unidentified malware
|
| X | Micosoft Startup | syscall.exe | "Added by the SDBOT-JI WORM!"
|
| X | Micosoft Startup | systall.exe | "Added by the SDBOT-GM BACKDOOR!"
|
| X | Micr Update | soundblaster.exe | "Added by the SDBOT.NP WORM!"
|
| X | Micr Update System | upwin.exe | "Added by the SDBOT.YS WORM!"
|
| X | Micr0s0ft Upd4t4z | svchost32.exe | "Added by the RBOT.ALF WORM!"
|
| X | Micrcoft Exploerer | spoolsal.exe | "Added by the RBOT-AKK WORM!"
|
| X | Micrcoft Exploerer | svchose.exe | "Added by the RBOT-ASL WORM!"
|
| X | Micrcoft Updat | spoolsae.exe | "Added by the RBOT-AIB WORM!"
|
| X | Micrcoft Updat | spoolsaex.exe | "Added by the RBOT-AJM WORM!"
|
| X | Micrcoft Updat | Internet.exe | "Added by the RBOT-ANA WORM!"
|
| X | Micro CRC Protocol | scrc32.exe | "Added by a variant of the SDBOT WORM!"
|
| X | Micro Office | [path to trojan] | "Added by the BANCBAN-QC TROJAN!"
|
| X | Micro Process | appconf.exe | Added by an unidentified WORM or TROJAN!
|
| X | Micro Update | dailin.exe | "Added by the RBOT-ER WORM!"
|
| N | Microangelo Desktop | Muamgr.exe | "Using MicroAngelo On Display |
| X | MicroCQ0 | explorer.exe | "Added by the LINEAGE-AK TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %ProgramFiles%"
|
| X | Microfinder lptt01 | mcf.exe | "RapidBlaster variant (in a ""mcf"" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here"
|
| X | Microfot Update | winldx32.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microft Exploerer | spoolsac.exe | "Added by the RBOT-AMD WORM!"
|
| X | Microft Update 32 | winssx.exe | "Added by the RBOT-AQS WORM!"
|
| X | Micromedia Flash Update | wdfmrg.exe | "Added by a variant of the SDBOT WORM!"
|
| X | Micromedia Flash Update | xptxt.exe | "Added by the RBOT-GAB WORM!"
|
| X | Microoft Timing | pupdate.exe | "Added by a variant of the RBOT WORM!"
|
| X | MICROSFT ANTIVIRUS UPDATE SUPPORT | [random 10-letter filename].EXE | "Added by the RBOT-AQA WORM!"
|
| X | MICROSFT ANTIVIRUS UPDATE SUPPORT | MSGUPDATED.EXE | "Added by the RBOT-APZ WORM!"
|
| X | Microsft Corporation Version 2001.12.4414 | comrel.exe | "Added by a variant of the SDBOT TROJAN!"
|
| X | Microsft Corporation Version 2002.12.2414 | comserv.exe | "Added by a variant of the SLAPER TROJAN!"
|
| X | MICROSFT MX UPDATE SUPPORT | taskmngrs.exe | "Added by the RBOT-AUZ WORM!"
|
| X | MICROSFT MX UPDATE SUPPORT | winmx32.EXE | "Added by the IRCBOT-FD WORM!"
|
| X | MICROSFT RAMA UPDATE SUPPORT | [random filename] | "Added by the RBOT-ASM or RBOT-AUW WORMS!"
|
| X | MICROSFT RAMA UPDATE SUPPORT | MSN32.EXE | "Added by the RBOT-AWJ WORM!"
|
| X | MICROSFT RAMA UPDATE SUPPORT | mtakthmyn.EXE | "Added by the RBOT-AUJ WORM!"
|
| X | MICROSFT RAMA UPDATE SUPPORT | MSGUPDAT32.EXE | "Added by the RBOT-BBB WORM!"
|
| X | Microsft Remote Procedure Daemon | msrpcd.exe | "Added by a variant of the IRCBOT BACKDOOR!"
|
| X | Microsft Security Monitor Process | cmh.exe | "Added by the EGGDROP.V WORM!"
|
| X | Microsft Security Monitor Process | mssmppp.exe | "Added by a variant of the IRCBOT BACKDOOR!"
|
| X | Microsft Security Monitor Process | mssmpp.exe | "Added by the SDBOT-DJW WORM!"
|
| X | Microsft Updtes | sarvice.exe | "Added by a variant of the SDBOT WORM!"
|
| X | Microsft Upgraed | [random filename].exe | "Added by a variant of the SDBOT WORM!"
|
| X | Microsft Windows Adapter 5.1.3013 | [random filename] | "Added by the SMALL.HIT TROJAN!"
|
| X | microsft windows updates | mwupdate32.exe | "Added by a variant of the TOXBOT/CODBOT WORM!"
|
| X | Microsoft | iexplore.exe | "Added by the QQROB-R TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System%"
|
| X | Microsoft | lsass.ppf | "Added by the RBOT-GAA WORM!"
|
| X | Microsoft | MSUPDATE.exe | Added by an unidentified WORM or TROJAN!
|
| X | Microsoft | updater.exe | "Added by the RBOT-GHP WORM!"
|
| X | Microsoft | Explorerr.exe | "Added by the IRCBOT-WG TROJAN!"
|
| X | Microsoft | kasperskyLive32.exe | "Added by the RBOT-GRT WORM!"
|
| X | Microsoft | WinSecUp.exe | "Added by the RBOT-GPL WORM!"
|
| X | Microsoft | wplayer.exe | "Added by the IRCBOT-ABP TROJAN!"
|
| X | Microsoft | Explorer.exe | "Added by a variant of the RBOT WORM! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%"
|
| X | Microsoft | winampaa.exe | "Added by a variant of the IRCBOT BACKDOOR! See here"
|
| X | Microsoft | MicrosoftCorporation.exe | "Added by the KILLFILES.AED TROJAN!"
|
| X | Microsoft (C) HTML Application host | [random filename] | "Added by the RBOT-YB WORM!"
|
| X | Microsoft (R) Windows Configuration Backup Service | svchost.exe | "Added by the RANKY.X TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in either a ""config"" |
| X | Microsoft (R) Windows Network Latency Controller | 1.tmp | "Added by a generic password stealer TROJAN - see here"
|
| X | Microsoft (R) Windows Network Latency Controller | sp2vc.exe | "Added by a generic password stealer TROJAN - see here"
|
| X | Microsoft (R) Windows Protected Content Restoration Service | services.exe | "Added by the AGENT.AGV BACKDOOR! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\etc"
|
| X | Microsoft (R) Windows Protocol Deployment Manager | [random].tmp | Added by an unidentified WORM or TROJAN!
|
| X | Microsoft (R) Windows TCP/IP Socket Driver | [path to trojan] | "Added by the PROXY-DD TROJAN!"
|
| X | Microsoft (R) Windows TCP/IP Socket Layer | services.exe | "Added by the RBOT.ARM WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\winsock"
|
| X | Microsoft (R) Windows Update Service | wuauclt.exe | "Added by a variant of the SDBOT WORM! Note - this is not the legitimate wuauclt.exe process |
| X | Microsoft (R) Windows Vista/NT Runtime Compatibility Service | nrcs.exe | "Added by the RANKY.X TROJAN!"
|
| X | Microsoft 16Bit Update | wuapdate16.exe | "Added by the RBOT.CZ WORM!"
|
| X | Microsoft 64 Bit Runtime Updater | wupdt64.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft ActiveX Debugger NT | [path to trojan] | "Added by the BANCOS-DO TROJAN!"
|
| X | Microsoft Admin Protocal | MSADNIN.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft ALG32 Protocol | alg32.exe | "Added by a variant of the SPYBOT WORM!"
|
| X | Microsoft ALGXP Protocol | alg32.exe | "Added by a variant of the SDBOT WORM!"
|
| X | Microsoft Ansti Update | msie.exe | "Added by the RBOT-LE WORM!"
|
| X | Microsoft Anti-Spy | [random filename] | "Added by a variant of the SDBOT WORM!"
|
| X | Microsoft AntiSpyware | Bazzi.exe | "Added by the AHKER.J WORM!"
|
| X | Microsoft AntiSpyware | KT06.pif | "Added by the IRCBOT.GEN WORM!"
|
| X | Microsoft AOL32 Protocol | aol32.exe | "Added by a variant of the SPYBOT WORM!"
|
| X | Microsoft Application Center | mappc.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Application Manager | msapl32.exe | "Added by the BROPIA-AE TROJAN!"
|
| X | Microsoft AUT Update | MSlti32.exe | "Added by the RBOT-X WORM!"
|
| X | Microsoft AUT Update | MSlti16.exe | "Added by the RBOT.EB WORM!"
|
| X | Microsoft auto update | winupdate.exe | "Added by the BMBOT TROJAN!"
|
| X | Microsoft Auto Update | WINHLP16.EXE | "Added by the RBOT.GY WORM!"
|
| X | Microsoft auto update | wuauclt.exe | "Added by the CULT-B TROJAN! Note - this is not the legitimate wuauclt.exe process |
| X | Microsoft Automatic Update Serivce | msautou.exe | "Added by the RBOT-AOB WORM!"
|
| X | Microsoft Automatic Updater | Explorer.exe | "Added by the RBOT-SG WORM! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%"
|
| X | Microsoft AutoUpdater | svhost.exe | "Added by the RBOT.QG WORM!"
|
| X | Microsoft Buffer App | msbuffer.exe | "Added by the SLINBOT.NQ BACKDOOR!"
|
| X | Microsoft checker | MsPMSPTv.exe | "Added by a variant of the SDBOT WORM!"
|
| X | Microsoft Client Pc | spoolsrv.exe | "Added by the RBOT-AQM WORM!"
|
| X | Microsoft Com Port Manager | svdhost.exe | "Added by the SDBOT-NI WORM!"
|
| X | Microsoft Connection Manager Monitor | cmmon.pif | "Added by the RBOT-AKV WORM!"
|
| X | Microsoft Core Support | MSxUP32.exe | "Added by the RBOT-ANR WORM!"
|
| X | Microsoft Core Support | [random filename] | "Added by a variant of the RBOT TROJAN!"
|
| X | Microsoft Corp | svchost.exe | "Added by the PUSHBOT.QD WORM! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
|
| X | Microsoft Corp SQL Certificates | sqlcer.exe | "Added by the ZYBOT-C WORM!"
|
| X | Microsoft Corp SSL Certificates | windowz.exe | "Added by the RBOT-GCZ WORM!"
|
| X | Microsoft Corp TLS Certificates | msauth.exe | "Added by the RBOT-GAC WORM!"
|
| X | Microsoft Corp Updates | wupdates.exe | "Added by the RBOT-AUU WORM!"
|
| X | Microsoft Corp. Host Services | svchosl.exe | "Added by the RBOT-FMZ WORM!"
|
| X | Microsoft Corporaticn SQL Handler | sqlhandler.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Corporation | [random filename] | "Added by various VIRUSES |
| X | Microsoft Corporation | jview.exe | "Added by the RBOT-AOD WORM!"
|
| X | Microsoft Corporation Svchost Service | mssvc.exe | "Added by a variant of the SDBOT WORM! See here"
|
| X | Microsoft Corporation Svchost Service | mswsc.exe | Added by the AGENT.MAB TROJAN!
|
| X | Microsoft Corporation SYM monitor | mssym.exe | "Added by the RBOT-GDB WORM!"
|
| X | Microsoft CP Web Manager | webcp.exe | "Added by the IRCBOT.HP TROJAN!"
|
| X | Microsoft CPU Over Heat Manager | CPU.exe | "Added by a variant of the IRCBOT TROJAN!"
|
| X | Microsoft CPXP Protocol | cpxp.exe | "Added by the RBOT.ATP WORM!"
|
| X | Microsoft CSRSS32 Protocol | csrss32.exe | "Added by a variant of the AGOBOT/GAOBOT WORM!"
|
| X | Microsoft CSRSS386 Protocol | csrss386.exe | "Added by a variant of the SPYBOT WORM!"
|
| X | Microsoft Data Helper | cihost.exe | "Malware |
| X | Microsoft Datalog Application | msdata.exe | "Added by a variant of the SDBOT WORM!"
|
| X | Microsoft DDE Control | wupades.exe | "Added by a variant of the SDBOT WORM!"
|
| X | Microsoft DDEs Control | Erun.pif | "Added by the RBOT-AMU WORM!"
|
| X | Microsoft Decryption Technology | Msfenoe.exe | "Added by the SPYBOT-DG WORM!"
|
| X | Microsoft Desktop Manager | msdesk32.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Dev | iexplorer32.exe | "Added by a variant of the AGOBOT/GAOBOT WORM!"
|
| X | Microsoft Development Debugger | msdev.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Development Services | msdevelop.exe | "Added by the RBOT-FWS WORM!"
|
| X | Microsoft Digital Cryptors | mdigits.exe | "Added by the SDBOT.LM WORM!"
|
| X | Microsoft DirectX | Spoolserv.exe | "Added by the DINFOR WORM!"
|
| X | Microsoft DirectX | PDSched.exe | "Added by the SDBOT.CN WORM!"
|
| X | Microsoft DirectX | wupdate.exe | "Added by the RBOT-L WORM!"
|
| X | Microsoft Directx push | directxpushup.exe | "Added by a variant of the RBOT-GHT WORM!"
|
| X | Microsoft Directxsp | directxbt.exe | "Added by a variant of the RBOT-GHT WORM!"
|
| X | Microsoft Directxspnew | directxnew.exe | "Added by a variant of the RBOT-GHT WORM!"
|
| X | Microsoft Dll | runapidll.exe | "Added by the RBOT-GRG WORM!"
|
| X | Microsoft Dll Printer Manager | dllpt.exe | "Added by the SDBOT.BIH WORM!"
|
| X | Microsoft Document | krisp.exe | "Added by the SDBOT-RQ WORM!"
|
| X | Microsoft Driver Setup | msddrv42.exe | "Added by the PALEVO WORM!"
|
| X | Microsoft Driver Setup | Jwrb.exe | "Added by the AUTORUN-AOB WORM!"
|
| X | Microsoft Driver Setup | dllhost.exe | "Added by the AUTORUN-AOZ WORM!"
|
| X | Microsoft Driver Setup | sysmngsr322.exe | "Added by the BUZUS-AS TROJAN!"
|
| X | Microsoft Driver Setup | w7services.exe | "Added by the AUTORUN-ARJ WORM!"
|
| X | Microsoft Driver Setup | mslsrv32.exe | "Added by the SDBOT-DPF TROJAN!"
|
| X | Microsoft Driver Setup | ccdrive32.exe | "Added by the AGENT-LYL TROJAN!"
|
| X | Microsoft Driver Setup | cidrive32.exe | "Added by the AGENT-NES TROJAN!"
|
| X | Microsoft driver update | Mshome.exe | Added by the SDBOT.BL WORM!
|
| X | Microsoft ErgoPack | wserb32.exe | "Added by the RBOT-RI WORM!"
|
| X | Microsoft Explorer | svapache.exe | "Added by the RBOT-VR WORM!"
|
| X | Microsoft Explorer | explorer.scr | "Added by the RBOT-ADH WORM!"
|
| X | Microsoft Explorer | explorer.pif | "Added by the SDBOT-ACX WORM!"
|
| X | Microsoft Explorer | explorer.exe | "Added by the POEBOT-LY WORM! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%"
|
| X | Microsoft Explorer Service | msexplore.exe | "Added by the IRCBOT.AYB BACKDOOR!"
|
| X | Microsoft explorer Update | internal.exe | Added by an unidentified WORM or TROJAN!
|
| X | Microsoft Explorer(64) | explorer64.exe | "Added by the SPYBOT-R WORM!"
|
| X | Microsoft Explorer2 | system.exe | "Added by the IRCBOT.BS TROJAN!"
|
| X | Microsoft Explorer2 | nome.exe | "Added by the RANDEX.AA WORM!"
|
| X | Microsoft Explorer2 | bitchbot.exe | "Added by the SDBOT.EV WORM!"
|
| X | Microsoft EXPLOREXP Protocol | explorexp.exe | "Added by a variant of the SPYBOT WORM!"
|
| X | Microsoft Firewall | firewallsp2.exe | "Added by the RBOT-MC WORM!"
|
| X | Microsoft FixUp | pevblbvr.exe | "Added by the RBOT.DWK WORM!"
|
| X | Microsoft FixUp | wnpzjpuw.exe | "Added by a variant of the SDBOT WORM!"
|
| X | microsoft frontpage | twain.exe | "Added by the AGENT.AQO TROJAN!"
|
| X | Microsoft Generic Update Manager | wupdate.exe | "Added by the RBOT-AWC TROJAN!"
|
| X | Microsoft Genetic Procress | svchost.exe | "Added by a variant of the SDBOT WORM!"
|
| X | Microsoft Gina V Encryption | MSGINAV.EXE | "Added by an unidentified VIRUS |
| N | Microsoft Greetings Reminder | MHPRMINF.EXE | You really want to be reminded about somebody's birthday at the expense of resources?
|
| N | Microsoft Greetings Reminders | MHPRMIND.EXE | Microsoft Home Publishing greetings reminder
|
| N | Microsoft Greetings Workshop Reminder | Gwremind.exe | You really want to be reminded about somebody's birthday at the expense of resources?
|
| X | Microsoft HDCP for NT | msdhcp.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft HDCP for NT and Win9x | msdhcprs.exe | "Added by a variant of the PEERBOT WORM!"
|
| X | Microsoft Help | svh0st.exe | "Added by a variant of the SPYBOT WORM!"
|
| X | Microsoft Help | svchosl.exe | "Added by the AGENT-GPX TROJAN!"
|
| X | Microsoft Help Support | mshelp32.exe | "Addded by the KELVIR-BF WORM!"
|
| X | Microsoft Help SVC | msnmngr.exe | "Added by the SDBOT-PQ WORM!"
|
| X | Microsoft Help System | mshelp32.exe | "CoolWebSearch parasite variant"
|
| X | Microsoft Helpdesk Side | mshelpdsk.exe | "Added by the SPYBOT.ANJJ WORM!"
|
| X | Microsoft Host Protocol | svhost.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Hyptertext Helper | mshtha.exe | "Added by a variant of the SPYBOT WORM!"
|
| X | Microsoft IDCN | mshe1p.exe | Added by an unidentified TROJAN!
|
| X | Microsoft IE | Iexplore.exe | "Added by the FORBOT-AG WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System%"
|
| U | Microsoft IME 2002 | IMJPMIG.EXE | "Microsoft's Input Method Editor for the Japanese language which is used to both display and enable the input of characters in e-mails |
| X | Microsoft Inc. | iexplorer.exe | "Added by the LOVGATE.E WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe)"
|
| X | Microsoft Inc. | iexplorer.exe... | "Added by the LOVGATE.AO WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe)"
|
| X | Microsoft Incroporate | mfs.exe | "Added by the RBOT-ANF WORM!"
|
| X | Microsoft Inet Xp.. | teekids.exe | "Added by the BLASTER.C WORM!"
|
| U | Microsoft IntelliPoint | ipoint.exe | "Microsoft IntelliPoint utility (from version 5.5) - required to support the programmable buttons and additional features on Microsoft's range of mice |
| U | Microsoft IntelliPoint | point32.exe | "Microsoft IntelliPoint utility (up to version 5.4) - required to support the programmable buttons and additional features on Microsoft's range of mice |
| U | Microsoft Intellitype Pro | speedkey.exe | Additional keyboard shortcuts on MS programmable keyboard
|
| U | Microsoft IntelliType Pro | itype.exe | "Microsoft IntelliType Pro utility (from version 5.5) - required to support the multimedia keys |
| U | Microsoft IntelliType Pro | type32.exe | "Microsoft IntelliType Pro utility (up to version 5.4) - required to support the multimedia keys |
| X | Microsoft Internel Corporat | netvhost.exe | "Added by a variant of the IRCBOT BACKDOOR!"
|
| X | Microsoft Internel Corporat | smbvhost.exe | "Added by a variant of the IRCBOT BACKDOOR!"
|
| X | Microsoft Internet | expl0rer.exe | "Added by a variant of the SPYBOT WORM!"
|
| X | Microsoft Internet Acceleration Utility | [path to file] | "Added by the AGENT-CX TROJAN!"
|
| X | Microsoft Internet Acceleration Utility | [path to trojan] | "Added by the SMUTSRCH-A TROJAN!"
|
| X | Microsoft Internet Antivirus Protection | antivirus.exe | "Detected by Kaspersky as the IRCBOT.BSK TROJAN!"
|
| X | Microsoft Internet Dumping Protocol | inetdump.exe | "Added by the IRCBOT.BLL BACKDOOR!"
|
| X | Microsoft Internet Exp | iiexplorer.exe | "Added by the RBOT-KX WORM!"
|
| X | Microsoft Internet Explorer | iexplore.exe | "Added by the POEBOT-J WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System%"
|
| X | Microsoft Internet Explorer | iexplorer.exe | "Added by the SDBOT-XN WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe)"
|
| X | Microsoft Internet Explorer | crsys32.exe | "Added by the RBOT.UZ WORM!"
|
| X | Microsoft Internet Explorer | movies.exe | "Added by the BANCOS-DZ TROJAN!"
|
| X | Microsoft Internet Explorer | svzhost.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Internet Explorer | mccagent.exe | "Added by the DLOADER-UD TROJAN!"
|
| X | Microsoft Internet Explorer | sysini.exe | "Added by the DELF-LN TROJAN!"
|
| X | Microsoft Internet Explorer | svchost.exe | "Added by the IRCBOT-AK TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ""drivers"" subfolder"
|
| X | Microsoft Internet Explorer | lEXPLORE.EXE | "Added by the RBOT-AMM WORM! Note - the executable is spelt with a lower case ""L"" rather than an lower or upper case ""i"" which is the case with Internet Explorer"
|
| X | Microsoft Internet Explorer | svchosts.exe | "Added by the BANCBAN-U TROJAN!"
|
| X | Microsoft Internet Explorer | [path to trojan] | "Added by the BANCBAN-AS TROJAN!"
|
| X | Microsoft Internet Explorer | msngrt.exe | "Added by the SDBOT-GU BACKDOOR!"
|
| X | Microsoft Internet Explorer | _svchost.exe | "Added by the TINY.LX TROJAN!"
|
| X | Microsoft Internet Explorer Manager | ie.exe | "Added by a variant of the IRCBOT TROJAN!"
|
| X | Microsoft Internet Explorer Update | ieupdate.exe | "Added by the SHEUR.MH TROJAN!"
|
| X | Microsoft Internet Firewall Update | updater.exe | "Added by a variant of the IRCBOT TROJAN!"
|
| X | Microsoft Intrenet Explorer | goaw.pif | "Added by the RBOT-API WORM!"
|
| X | Microsoft Intrenet Explorer | Soundsyst.exe | "Added by the RBOT-AQU WORM!"
|
| X | Microsoft Intrenet Explorer | cnsg.pif | "Added by the RBOT-ARO WORM!"
|
| X | Microsoft Intrenet Explorer | wcumrg.exe | "Added by the SDBOT-AFD WORM!"
|
| X | Microsoft IPC | system.exe | "Added by the NULLBOT TROJAN!"
|
| X | Microsoft IPC | svshost.exe | "Added by an unidentified VIRUS |
| X | Microsoft IT Update | win64.exe | "Added by the RBOT.GA WORM!"
|
| X | Microsoft IT Update | [random filename] | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft IT Update | IEserv.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft IT Update | msupdate.exe | "Added by the RBOT-FE WORM!"
|
| X | Microsoft IT Update | winn43.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft IT Update | svchsst.exe | "Added by the RBOT-DH WORM!"
|
| X | Microsoft IT Update | win43.exe | "Added by the RBOT-SA WORM!"
|
| X | Microsoft IT Update | windows.exe | "Added by the RBOT-JM WORM!"
|
| X | Microsoft IT Update | winsyst32.exe | "Added by the RBOT-FC WORM!"
|
| X | Microsoft IT Update | Rhost32.exe | "Added by a variant of the IRCBOT TROJAN!"
|
| X | Microsoft Java Virtual Machine | msjavarxp.exe | "Added by the FORBOT-DL WORM!"
|
| X | Microsoft Java Windows Update | [filename] | "Added by the RBOT-DZ WORM!"
|
| X | Microsoft LAN32 Protocol | lanXp.exe | "Added by the RBOT-SS WORM!"
|
| X | Microsoft Lsass Service | wintcp32.exe | "Added by a variant of the IRCBOT TROJAN!"
|
| X | Microsoft LSASS386 Protocol | scvhost32.exe | "Added by a variant of the SPYBOT WORM!"
|
| X | Microsoft LV | [path to file] | "Added by the BDOOR-BDL BACKDOOR!"
|
| X | Microsoft Machine | updata.exe | "Added by the RBOT-DJ WORM!"
|
| X | Microsoft Machine | temp.exe | "Added by the RBOT-FSQ WORM!"
|
| X | Microsoft Machine | winxp43.exe | "Added by the RBOT-IA WORM!"
|
| X | Microsoft machine | arcpack.scr.exe | "Added by the RBOT.ADF BACKDOOR!"
|
| X | Microsoft Machine Script | iexplorersis.exe | "Added by the RBOT-CMH WORM!"
|
| X | Microsoft MachineUpdatese | tempes.exe | "Added by the RBOT.EWN BACKDOOR!"
|
| X | Microsoft Macro Protection SubSsy | msacroprots386.exe | "Added by the RBOT-KE WORM!"
|
| X | Microsoft Macro Protection Subsystems | msmacroprotxz.exe | "Added by a variant of the SPYBOT WORM!"
|
| X | Microsoft Macro Protection Subsystems | Msmacroprot32.exe | "Added by the RBOT.KN WORM!"
|
| X | Microsoft Management Console | [path to trojan] | "Added by the SMUTSRCH-A TROJAN!"
|
| X | Microsoft Map PC | mappc.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Mapped PC | mappedpc.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft media | winmplayers.exe | "Added by a variant of the SPYBOT WORM!"
|
| U | Microsoft Media Center Tray Applet | ehTray.exe | "Media Center Tray Applet - part of Windows Media Center on XP MCE |
| X | Microsoft Media player 9 | msmedia32.exe | "Added by the RBOT-ADO WORM!"
|
| X | Microsoft media services | winmplayer.exe | "Added by the RBOT.ZO WORM!"
|
| X | Microsoft MediaScope | winmes.exe | "Added by the RBOT-XU WORM!"
|
| X | Microsoft Memory Dumping Protocol | memdump.exe | "Added by the IRCBOT.BJK BACKDOOR!"
|
| X | Microsoft Messenger XP | MSMSN32.exe | "Added by the RBOT-ZP WORM!"
|
| X | Microsoft MicroP Protocol | wdgmr32.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft MSGPLUS32 Protocol | msgplus32.exe | "Added by a variant of the SPYBOT WORM!"
|
| X | Microsoft MSNGR32 Protocol | msngr32.exe | "Added by a variant of the SPYBOT WORM!"
|
| X | Microsoft MSUPDATE | SpoolSvc.exe | "Added by the SXTB-A TROJAN!"
|
| X | Microsoft Neser Experience | nese.exe | "Added by the RBOT-YH WORM!"
|
| X | Microsoft Netview Component v5.1 | msnv32.exe | "Added by the RANDEX.F WORM!"
|
| X | Microsoft Networking Agent For SP2 | msnac32.exe | "Added by the SPYBOT.PEN WORM!"
|
| X | Microsoft Norotn Anti Virus | mnhpot.exe | "Added by the RBOT-GRO WORM!"
|
| X | Microsoft NotePad | notepad.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft NT Update | winexec32.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Office | nxcxtpr.exe | "Added by the RBOT-YG WORM!"
|
| X | Microsoft Office | msvcp.exe | "Added by the AGENT-XK TROJAN!"
|
| X | Microsoft Office Start | winupdates.exe | "Added by the GAOBOT.BC WORM!"
|
| N | Microsoft Office Startup | osa.exe | On older versions of MS Office this launches common Office components to help speed up the launch of Office programs. On slower machines it can be a resource hog and some users claim there's no difference with or without it - but it usually isn't required. This must be left enabled if you use the Microsoft Office Shortcut Bar (MSOFFICE.EXE) and have set it to load at startup. Available via Start → All Programs
|
| N | Microsoft Office Startup | Osa9.exe | On older versions of MS Office this launches common Office components to help speed up the launch of Office programs. On slower machines it can be a resource hog and some users claim there's no difference with or without it - but it usually isn't required. This must be left enabled if you use the Microsoft Office Shortcut Bar (MSOFFICE.EXE) and have set it to load at startup. Available via Start → All Programs
|
| X | Microsoft OfficeXP | officeXP.exe | "Added by the KILLAV.MA WORM!"
|
| X | Microsoft Opeions | IEXwe.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Outlook Express Protocol | svchst.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Patch Update | bootini.exe | "Added by the RBOT-FMN WORM!"
|
| X | Microsoft PC Health Remote Assistance File Open & Save controls | sfrcdlg32.exe | "Added by the RBOT-AVY WORM!"
|
| X | Microsoft PCHealth32 | [path to file] | "Added by the NICE-A TROJAN!"
|
| X | Microsoft PCHealth32 | NDDENB.exe | "Added by the PWSYAHOO-A TROJAN!"
|
| X | Microsoft PCI Manager | mspci.exe | "Added by the RBOT.BBG WORM!"
|
| N | Microsoft People Near Me | p2phost.exe | "Signs a user into the People Near Me feature at login in Windows 7 and Vista. People Near Me enables you to use certain peer-to-peer (P2P) programs on a network - that ""identifies people nearby who are using computers and allows those people to send you invitations for programs such as Windows Meeting Space. They can only invite you to participate in programs that are installed on your computer."" Available via Start → Control Panel"
|
| X | Microsoft Personal Firewalls | bakw.exe | "Added by the RBOT-KS WORM!"
|
| X | Microsoft Problem Doctor | windr128.exe | "Added by the SMALLTRO.EF TROJAN!"
|
| X | Microsoft Problem Doctor | windr32.exe | "Added by a variant of the SMALLTRO.EF TROJAN!"
|
| X | Microsoft Problem Doctor | windr64.exe | "Added by a variant of the SMALLTRO.EF TROJAN!"
|
| X | Microsoft Proc Driver32 | msprc.exe | "Added by a variant of the WOOTBOT WORM!"
|
| X | Microsoft Procedure Call | MSPCALL.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Process Manager | process32.exe | "Added by the CHECKOUT WORM!"
|
| X | Microsoft Profile Manager | profile.exe | "Added by a variant of the IRCBOT TROJAN!"
|
| X | Microsoft PSTCP32 Data | pstcp32.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Redirect | [path to file] | "Added by the BANKER-FW TROJAN!"
|
| X | Microsoft SCVHOST32 Protocol | scvhost32.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft sdk temp | sdktemp.exe | "Added by the RBOT-ANP WORM!"
|
| X | Microsoft SDKP3 | mswinsdq.exe | "Added by the RBOT-ARY WORM!"
|
| X | Microsoft Security Hot Fix Update | mshotfix.exe | "Affilred adware"
|
| X | Microsoft Security Management | winamp.exe | "Added by a variant of the RBOT WORM! Note - this is NOT the popular Winamp media player which resides in a ""Winamp"" subdirectory of the Program Files directory"
|
| X | Microsoft Security Management | sp2fix.exe | "Added by the RBOT.UB WORM!"
|
| X | Microsoft Security Manager | winamp.exe | "Added by the RBOT.TU WORM! Note - this is NOT the popular Winamp media player which is located in %ProgramFiles%\Winamp. This one is located in %System%"
|
| X | Microsoft Security Monitor Process | mssmp.exe | "Added by the RBOT-FUB WORM!"
|
| X | Microsoft Security Monitor Process | mnsmp.exe | "Added by a variant of the IRCBOT BACKDOOR!"
|
| X | Microsoft Security Monitor Process | msmp.exe | "Added by the RBOT.GKQ WORM!"
|
| X | Microsoft Security Monitor Process | mssm32.exe | "Added by a variant of the IRCBOT TROJAN!"
|
| X | Microsoft Security Monitor Process | lsas.exe | "Added by a variant of the IRCBOT BACKDOOR! See here"
|
| X | Microsoft Security Monitor Process | msword.exe | "Added by the VIRUT.P VIRUS!"
|
| X | Microsoft Security Monitor Process | service.exe | "Added by the DELF.BERW BACKDOOR!"
|
| X | Microsoft Security Monitor Process | svcchost.exe | "Added by a variant of the IRCBOT BACKDOOR! See here"
|
| X | Microsoft Security Monitor Process | windowsupdate.exe | "Added by a variant of the IRCBOT BACKDOOR! See here"
|
| X | Microsoft Security Monitor Process | [random filename] | "Added by variants of the RBOT WORM! See here"
|
| X | Microsoft Security Monitor Process | com.exe | "Added by a variant of the IRCBOT BACKDOOR!"
|
| X | Microsoft Security Monitor Process | exel.exe | "Added by the SDBOT.AFX BACKDOOR!"
|
| X | Microsoft Security Monitor Process | firewall.exe | "Added by a variant of the IRCBOT BACKDOOR! Located in %System%"
|
| X | Microsoft Security Monitor Process | flash.exe | "Added by the EGGDROP.EE BACKDOOR!"
|
| X | Microsoft Security Monitor Process | hel.exe | "Added by the EGGDROP.V BACKDOOR!"
|
| X | Microsoft Security Monitor Process | HelpMe.exe | "Added by the VB.BJO TROJAN!"
|
| X | Microsoft Security Monitor Process | kar.exe | "Added by a variant of the IRCBOT BACKDOOR! See here"
|
| X | Microsoft Security Monitor Process | lindicracker.exe | "Added by the BIFROSE.GR BACKDOOR!"
|
| X | Microsoft Security Monitor Process | mail.exe | "Added by a variant of the IRCBOT BACKDOOR!"
|
| X | Microsoft Security Monitor Process | mmp.exe | "Added by a variant of the IRCBOT BACKDOOR!"
|
| X | Microsoft Security Monitor Process | mssm32.exe | "Added by a variant of the IRCBOT BACKDOOR!"
|
| X | Microsoft Security Monitor Process | mssmpi32.exe | "Added by a variant of the RBOT WORM! See here"
|
| X | Microsoft Security Monitor Process | nitty.exe | "Added by the RBOT.AEU BACKDOOR!"
|
| X | Microsoft Security Monitor Process | ofice.exe | "Added by the VIRUT.N VIRUS!"
|
| X | Microsoft Security Monitor Process | point.exe | "Added by the IRCBOT.AVP BACKDOOR!"
|
| X | Microsoft Security Monitor Process | princ.exe | "Added by the HUPIGON.WTL TROJAN!"
|
| X | Microsoft Security Monitor Process | web.exe | "Added by the EGGDROP.V BACKDOOR!"
|
| X | Microsoft Security Monitor Process | winsys32.exe | "Added by the VIRUT.N VIRUS!"
|
| X | Microsoft Security Monitor Process | winsyss32.exe | "Added by the RBOT.AEU BACKDOOR!"
|
| X | Microsoft Security Monitor Process | word.exe | "Added by the EGGDROP.DC BACKDOOR!"
|
| X | Microsoft Security Panager | [filename] | "Added by the RBOT-ANL WORM!"
|
| X | Microsoft Security Panagers | [random filename] | "Added by the RBOT-AIG WORM!"
|
| X | Microsoft Security Panagers | zzoboony.exe | "Added by the RBOT-AOI WORM!"
|
| X | Microsoft Security Pansasagers | dgkztsqgn.exe | "Added by the RBOT-BBJ WORM!"
|
| X | Microsoft Security Process | wininit.exe | "Added by the RBOT-FKM WORM!"
|
| X | Microsoft Security Update | security32.exe | "Added by the DELF-JJ TROJAN!"
|
| X | Microsoft Server Applacations | msnmsg.exe | "Added by the AGOBOT.BBM WORM!"
|
| X | Microsoft Server Applacations | wuauct1.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Server Applacations | lsasss.exe | "Added by the RBOT-AQQ WORM!"
|
| X | Microsoft Server Applacations | Q8See.exe | "Added by the SPYBOT.GEN3 TROJAN!"
|
| X | Microsoft Server Applacations | cli.exe | "Added by the RBOT-GAQ WORM!"
|
| X | Microsoft Server Application | Sound.exe | "Added by the RBOT-NE WORM!"
|
| X | Microsoft Server Process | svhst32.exe | "Added by the BCKDR-QHR BACKDOOR!"
|
| X | Microsoft Service | winspl.exe | "Spyman spyware"
|
| X | Microsoft Service Host Process | svchost.exe | "Added by the KRYNOS.B WORM! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\Help"
|
| X | Microsoft Service Pack | WindowsSP.exe | "Added by the RBOT-RF WORM!"
|
| X | Microsoft Service Pack2.1 | svchost2.exe | "Added by the RBOT.ASN BACKDOOR!"
|
| X | Microsoft Services | msmpserv.exe | "Added by the IRCBOT.BKA BACKDOOR!"
|
| X | Microsoft Setup Initializazion | localhost.exe | "Added by a variant of the IRCBOT TROJAN!"
|
| X | Microsoft Sinsup | odjiwjf.exe | "Added by the RBOT-DN WORM!"
|
| X | Microsoft Software Update | nmon.exe | "Added by the RBOT.HZ WORM!"
|
| X | Microsoft SpA Service | msapps.exe | "Added by the RBOT-VI WORM!"
|
| X | Microsoft SpA Service | win32.exe | "Added by the RBOT.ATS WORM!"
|
| X | Microsoft SpA Service | Winupd32.exe | "Added by the RBOT.LT WORM!"
|
| X | Microsoft SpAr Service | winsbsd32.exe | "Added by the RBOT-RN WORM!"
|
| X | Microsoft Special offer | infoebay.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Spool ** Service | spool**.exe | "Added by a variant of the IRCBOT TROJAN - where ** represents a 2 digit number"
|
| X | Microsoft Spool Server for Win32 | spoolsrv.exe | "Added by the RANDEX.H WORM!"
|
| X | Microsoft Spool Svc | spoolsvc32.exe | "Added by a variant of the IRCBOT BACKDOOR!"
|
| X | Microsoft Spooler Services | Spoolsv.exe | "Added by a variant of the SPYBOT WORM! See here"
|
| X | Microsoft SSISVRI32 Protocol | ssisvri.exe | "Added by a variant of the SPYBOT WORM!"
|
| X | Microsoft standard protector | winsocks5.exe | Added by the SMALL.CF TROJAN!
|
| X | Microsoft standard protector | [path to trojan] | "Added by the STOX-C TROJAN!"
|
| X | Microsoft startup | wmpIayer.exe | Added by the IRCBOT.ACI TROJAN!
|
| X | Microsoft Startup Manager | sysservice.exe | "Added by the AVALANEC TROJAN!"
|
| X | Microsoft Support | sys32ms.exe | "Added by the RBOT-AHI WORM!"
|
| X | microsoft support | svchostt.exe | "Added by the AGOBOT.AWN WORM!"
|
| X | Microsoft Synchronization Manager | netscape.exe | "Added by the RANDEX.AE WORM!"
|
| X | Microsoft Synchronization Manager | winupdate.exe | "Added by the SDBOT.ER WORM!"
|
| X | Microsoft Synchronization Manager | explorer.exe | "Added by the SDBOT-AEA WORM! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%"
|
| X | Microsoft Synchronization Manager | mircup.exe | "Added by the SDBOT.BQD WORM!"
|
| X | Microsoft System | msupdtm.exe | "Added by the SPYBOT.PKC WORM!"
|
| X | Microsoft System | winamp1.exe | "Added by the SDBOT-UF WORM!"
|
| X | Microsoft System Backup | [random filename] | "Added by the RBOT-AGM WORM!"
|
| X | Microsoft System Checkup | Cool.exe | "Added by the DONK.B WORM!"
|
| X | Microsoft System Checkup | Wnetlib.exe | "Added by the DONK.C WORM!"
|
| X | Microsoft System Checkup | dbnetlib.exe | "Added by the DONK.L WORM!"
|
| X | Microsoft System Checkup | Keymgr.exe | "Added by the DONK.M WORM!"
|
| X | Microsoft System Checkup | inetman.exe | "Added by the DONK.O WORM!"
|
| X | Microsoft System Checkup | ntsysmgr.exe | "Added by the DONK.S WORM!"
|
| X | Microsoft System Checkup | ntsysman.exe | "Added by the SDBOT-QW WORM!"
|
| X | Microsoft System Checkup | libsysmgr.exe | "Added by the SDBOT-CAF WORM!"
|
| X | Microsoft System Checkup | sysmgr.exe | "Added by the SDBOT-OO TROJAN!"
|
| X | Microsoft System Checkup | netapi32.exe | "Added by the DONK-E WORM!"
|
| X | Microsoft System Checkup | wnetmgr.exe | "Added by the DONK.Q WORM!"
|
| X | Microsoft System Checkup | libsys32.exe | "Added by the SDBOT-ACK WORM!"
|
| X | Microsoft System Checkup | netlogin32.exe | "Added by the SDBOT-GN BACKDOOR!"
|
| X | Microsoft System Saver | [path to worm] | "Added by the RBOT.BSK WORM!"
|
| X | Microsoft System Update | sysupdate.exe | "Added by the SDBOT.DG WORM!"
|
| X | Microsoft System32 Update | cmsrg.exe | "Added by the RBOT-GN WORM!"
|
| X | Microsoft Task Manager Daemon | spoolsrv.exe | "Added by the SDBOT.FLL WORM!"
|
| X | Microsoft Task32 Protocol | taskmgr32.exe | "Added by a variant of the SDBOT WORM!"
|
| X | Microsoft Taskmanager Updater | keyboard.exe | "Added by the RBOT-ALU WORM!"
|
| X | Microsoft TCP Protocol | wintcp32.exe | "Added by a variant of the IRCBOT TROJAN!"
|
| X | Microsoft TCP Service | scvhost.exe | "Added by the AGOBOT-L WORM!"
|
| X | Microsoft TCP/IP Connection Monitor | svchost32.exe | "Added by the RBOT.KS WORM!"
|
| X | Microsoft Telecoms Center | xpfilesys.exe | Added by the RBOT.BCJ TROJAN!
|
| X | Microsoft Telecoms Center | winupn.exe | "Added by a variant of the SDBOT WORM!"
|
| X | Microsoft U | wuamkopxp.exe | "Added by the RBOT-AHC WORM!"
|
| X | Microsoft UMA Update | MSuma32.exe | "Added by the RBOT.FS WORM!"
|
| X | MICROSOFT UNPACCKER SYSTEM | unpak32.exe | "Added by a variant of the RBOT WORM!"
|
| X | MICROSOFT UNPACK SYSTEM | winrarx.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Updat3 | mswkst32.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Update | Microsoft.exe | "Added by the GAOBOT.AFJ WORM!"
|
| X | Microsoft Update | mssmgrd.exe | "Added by the SDBOT.JT WORM!"
|
| X | Microsoft Update | mvsc.exe | "Added by the SPYBOT.DAZ WORM!"
|
| X | Microsoft Update | ascdl.exe | "Added by the GAOBOT.SY WORM!"
|
| X | Microsoft Update | Isac.exe | "Added by the RBOT-AU WORM!"
|
| X | Microsoft Update | automgr32.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Update | mediap.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Update | Microsoftx.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Update | msconfg.exe | "Added by the RBOT.H WORM!"
|
| X | Microsoft Update | Mslti32.exe | "Added by the RBOT-LX WORM!"
|
| X | Microsoft Update | muamgrd.exe | "Added by a variant of the AGOBOT/GAOBOT WORM!"
|
| X | Microsoft Update | navmgrd.exe | "Added by the SDBOT.DP TROJAN!"
|
| X | Microsoft Update | Smss32.exe | "Added by the RBOT-CB WORM!"
|
| X | Microsoft Update | sys32cfg.exe | "Added by the RBOT.DR WORM!"
|
| X | Microsoft Update | VPC32.EXE | "Added by the AGOBOT.XM WORM!"
|
| X | Microsoft Update | winsys32.exe | "Added by the RBOT.BD WORM!"
|
| X | Microsoft Update | wuamgrd.exe | "Added by the RBOT-LK WORM!"
|
| X | Microsoft Update | wuammgr32.exe | "Added by the RBOT-AW WORM!"
|
| X | Microsoft Update | wudmate.exe | "Added by the RBOT.AP WORM!"
|
| X | Microsoft Update | msawindows.exe | "Added by the GAOBOT.AFJ WORM!"
|
| X | Microsoft Update | msiwin84.exe | "Added by the GAOBOT.AFJ WORM!"
|
| X | Microsoft Update | wuamgrd32.exe | "Added by the RBOT.ZB WORM!"
|
| X | Microsoft Update | NAV.exe | "Added by the RBOT-IV WORM!"
|
| X | Microsoft Update | systemi32.exe | "Added by a variant of the SPYBOT WORM!"
|
| X | Microsoft Update | xpupdate.exe | "Added by the RBOT-QE WORM!"
|
| X | Microsoft Update | webm.exe | "Added by the SDBOT.WK WORM!"
|
| X | Microsoft Update | wuagrd.exe | "Added by the RBOT-FK WORM!"
|
| X | Microsoft Update | aaupdt.exe | "Added by the RBOT-RQ WORM!"
|
| X | Microsoft Update | lsac.exe | "Added by the GAOBOT.XW WORM!"
|
| X | Microsoft Update | Mupdate.exe | "Added by the RBOT-AG WORM!"
|
| X | Microsoft Update | prowind32.exe | "Added by a variant of the AGOBOT/GAOBOT WORM!"
|
| X | Microsoft Update | snlogsvc.exe | "Added by a variant of the RBOT WORM!"
|
| X | Microsoft Update | svhost.exe | "Added by the RBOT-PI WORM!"
|
| X | Microsoft Update | wauguard.exe | "Added by the RBOT.AEE WORM!"
|
| X | Microsoft Update | winscv.exe | "Added by the RBOT-BH WORM!"
|
Fatal error: Maximum execution time of 30 seconds exceeded in /home/iamnotag/domains/iamnotageek.com/public_html/startup/search.php on line 252
