| X | NI.USYP | SysProtectScannerInstall.exe | "Installer for the SysProtect rogue security software |
| X | NI.UWA6P_0001_N56M1001 | WinAntiVirusPro2006Installer.exe | "Installer for the WinAntiVirus Pro 2006 rogue security software"
|
| X | NI.UWA6P_0001_N69M0303 | WinAntiVirusPro2006Installer[1].exe | "Installer for the WinAntiVirus Pro 2006 rogue security software"
|
| X | NI.UWA6P_0001_N73M1004 | WinAntiVirusPro2006FreeInstall.exe | "Installer for the WinAntiVirus Pro 2006 rogue security software"
|
| X | NI.UWA6P_0001_N91M1807 | WinAntiVirusPro2006FreeInstall[1].exe | "Installer for the WinAntiVirus Pro 2006 rogue security software"
|
| X | NI.UWA7P_0001_N91M0809 | WinAntiVirusPro2007FreeInstall.exe | "Installer for the WinAntiVirus Pro 2007 rogue security software - see here"
|
| X | NoCompromaat | GDC.exe | "NoCompromaat Dutch rogue privacy tool - not recommended. A member of the PCPrivacyTool family"
|
| X | Norton Antivirus AV | FVProtect.exe | "Added by the NETSKY.P WORM! Note - this is not the popular AV software!"
|
| X | Norton Auto Protect | nava.exe | Added by an unidentified WORM or TROJAN!
|
| X | Norton Auto Protect | crss32.exe | "Added by the SDBOT.ATF WORM!"
|
| Y | Norton Auto-Protect | navapw32.exe | Norton Anti-Virus's background scanning process
|
| X | Norton Auto-Protect | ccApp.exe | "Added by the AKHER.D WORM! Note - for the valid Norton AV entry the filename is ""navapexe"". This is also not the valid Norton AV file with the same filename"
|
| X | Norton Auto-Protect | SERVICES.exe | "Added by the AHKER.B WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%. Also |
| X | Norton Auto-Protect | ffbaqe.exe | "Added by the SLINBOT.RF BACKDOOR! Note - this is not a valid Norton product"
|
| X | Norton AV Protection Startup | Ati2xxx.exe | "Added by a variant of the RBOT WORM!"
|
| X | Norton Drive Protection | msdt32.exe | "Added by the FORBOT-GB WORM! Note - this not a valid Norton program!"
|
| Y | Norton eMail Protect | POPROXY.EXE | "Proxy E-mail protection from Norton Anti-Virus (prior to 2002). If you have it installed |
| X | Norton GProtect | ngrfn.exe | "Added by a variant of the RBOT WORM!"
|
| U | Norton Program Scheduler | nsched32.exe | "Installed on a Windows system where the Windows Task Scheduler isn't used as part of the OS (Win95 |
| U | Norton Program Scheduler | NPSsvc.exe | "Installed on a Windows system where the Windows Task Scheduler isn't used as part of the OS (Win95 |
| ? | Norton Program Scheduler Event Checker | npscheck.exe | "Part of Norton Anti-Virus. What does it do? Apparently it can safely be disabled without causing problems. Can also be listed as NPS Event Checker"
|
| X | Norton Protect | npprotect.exe | "Added by the RBOT-WW WORM!"
|
| X | Norton protect | nvsvc.exe | "Added by a variant of the RBOT WORM!"
|
| X | Norton Protect Activies | csrss.exe | "Added by the BANKER-CZ TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ""D5133"" subfolder"
|
| X | Norton Service Process | navapvc.exe | "Added by a variant of the AGOBOT/GAOBOT WORM!"
|
| X | Norton Service Process | navapsvc.exe | "Added by the AGOBOT-GV WORM! Note - this is not the valid Norton Anti-Virus service which has the same file and is located in %ProgramFiles%\Norton AntiVirus. This one is located in %System%"
|
| X | NOYPI_KANG_ASTIG | Exit to DosPrompt.pif | "Added by the FILUKIN.A WORM!"
|
| U | NPROTECT | nprotect.exe | Norton Protected Recycle Bin from Norton Utilities. Adds an extra layer of safety before you remove deleted files from the Recycled Bin. Can be listed twice which is valid
|
| X | nsdcmd vid process | nsdcmdwin.exe | "Added by a variant of the AGOBOT/GAOBOT WORM!"
|
| X | NT LM Security Support Provider | WinNTLM.exe | "Added by a variant of the SDBOT WORM!"
|
| X | Nt System Protocol | ntsystem.exe | "Added by the RBOT.DSB TROJAN!"
|
| X | ntfsmonitorpro | ntfs64.exe | "Added by the FORBOT-EB WORM!"
|
| N | Nuance PDF Professional 6-reminder | Ereg.exe Ereg.ini | "Registration reminder for PDF Converter Professional version 6 from Nuance"
|
| N | Nuance PDF Professional5-reminder | Ereg.exe Ereg.ini | "Registration reminder for PDF Converter Professional version 5 from Nuance"
|
| X | OSS | ossproxy.exe | "MarketScore parasite - ActiveX control used to download premium-rate dialers"
|
| X | OSSProxy | OSSPROXY.EXE | "MarketScore parasite - ActiveX control used to download premium-rate dialers"
|
| X | Outlook Express Protocol | look.exe | "Added by the RBOT-ACS WORM!"
|
| Y | PavProc | PavPrS9x.exe | "Part of Panda Antivirus and Internet Security"
|
| Y | PavProt | PavProt.exe | "Part of the 2004 & 2005 versions of Panda Antivirus and Internet Security"
|
| Y | Pavprot9 | Pavprot9.exe | "Part of the 2005 versions of Panda Antivirus and Internet Security"
|
| U | PC Doc Pro - 3.1 | pcdocpro.exe | "PC Doc Pro (now Win Doc Pro) - system health check and fix utility"
|
| X | PC Protection Center | PcProtection.exe | "PC Protection Center 2008 rogue security software - not recommended |
| N | PC SpeedScan Pro | PCSpeedScan.exe | "Ascentive PC SpeedScan Pro registry optimizer - not recommended |
| U | PC Tools Disk Suite | aDSProcMngr.exe | "Part of PC Tools Disk Suite from PC Tools - which ""is an all-in-one hard-disk management utility that integrates disk optimization |
| X | PCAntiVirusPro | pgs.exe | "PCAntiVirusPro rogue security software - not recommended |
| U | PCDrProfiler | RunProfiler.exe | Part of PC Doctor software installed for some machines. Disabling or enabling it is down to your preference
|
| X | PCprot | crcss.exe | Added by an unidentified WORM!
|
| X | PCprotectar.exe | PCprotectar.exe | "PCprotectar rogue security software - not recommended. A member of the AntiAID family"
|
| X | PcsProtector | PcsProtector.exe | "PcsProtector rogue security software - not recommended |
| X | PCToolPro | SysRep.exe | "PCToolPro rogue system error and cleaning utility - not recommended |
| X | PCTurboPro | pctp.exe | "PcTurboPro rogue system optimization tool - not recommended |
| U | pdfFactory Pro Dispatcher v1 | fppdis1.exe | "FinePrint pdfFactory Pro Dispatcher - background task which handles the creation of PDF files when you print to the FinePrint pdfFactory PRO printer. Version 1.x of the software. ""pdfFactory products offer a unique approach to PDF creation that is simpler |
| U | pdfFactory Pro Dispatcher v3 | fppdis3a.exe | "FinePrint pdfFactory Pro Dispatcher - background task which handles the creation of PDF files when you print to the FinePrint pdfFactory Pro printer. Version 3.x of the software. ""pdfFactory products offer a unique approach to PDF creation that is simpler |
| U | PDFHook | pdfpro5hook.exe | "Prevents the ""Trial Version www.Nuance.com"" watermark appearing in PDF documents created by PDF Converter Professional version 5 (from Nuance) when the product has been installed but not activated properly. See here for more information"
|
| U | PDFHook | pdfpro6hook.exe | "Prevents the ""Trial Version www.Nuance.com"" watermark appearing in PDF documents created by PDF Converter Professional version 6 (from Nuance) when the product has been installed but not activated properly. See here for more information"
|
| Y | PER Email Protection | pavmail.exe | "PER Antivirus"
|
| X | personalprotector | personalprotector.exe | "Personal Protector rogue security software - not recommended |
| ? | PmProxy | PmProxy.exe | "Associated with Analog Devices ""SoundMAX"" audio chipset - often built-in to motherboards. What does it do and is it required?"
|
| X | PopRock | [path to trojan] | "Added by the AGENT-LNU TROJAN!"
|
| Y | Poproxy | POPROXY.EXE | "Proxy E-mail protection from Norton Anti-Virus (prior to 2002). If you have it installed |
| U | PopUpStopperProfessional | PopUpStopperProfessional.exe | "Panicware's Pop-Up Stopper - paid for version"
|
| ? | POS-Partnerbatchprocessor | BATCH.EXE | "VISA credit card batch processing related to Appcon. Is it needed or can it be started manually via Start -> Programs or a manually created shortcut?"
|
| U | PowerPro | powerpro.exe | "Part of the power professional program that loads the floating menu bar. Can be accessed from Start -> Programs |
| X | PowerProf | PowerProf.exe | Added by the LOREX.B TROJAN!
|
| X | PowerProfile | mfcp30.exe | "Added by the RINDAS-A TROJAN!"
|
| N | PProTray | pprotray.exe | Part of the power professional program. Loads the System Tray control
|
| Y | PrevxPro | SAGUI.exe | "PrevX Home intrusion prevention software"
|
| N | Privacy Eraser Pro | PrivacyEraser.exe | "Privacy Eraser Pro - protects your Internet privacy by cleaning up all Internet history tracks and past computer activities"
|
| X | Privacy Protector | Privacy Protector.exe | "PrivacyProtector rogue privacy tool - not recommended |
| X | PrivacyProtector Free | UPRP.exe | "PrivacyProtector rogue privacy tool - not recommended |
| X | pro | [path to file] | "Added by the SPYWAD-F TROJAN!"
|
| X | pro | SpySheriff.exe | "Added by the SPYWAD-I TROJAN!"
|
| X | Pro Antispyware 2009 | proas2009.exe | "Pro AntiSpyware 2009 rogue spyware remover - not recommended |
| U | Pro PCL Status Monitor | PENGSS.EXE | Xerox printer/fax/copier status monitor (PCL = printer control language)
|
| X | ProAntispy | ProAntispy.exe | "ProAntispy rogue spyware remover - not recommended |
| X | ProAntiVirus | ProAntiVirus.exe | "Added by the RBOT-FTP WORM!"
|
| ? | ProArt | ProArt.exe | "??"
|
| X | Proc | aprocess.exe | "Added by the MOVINGMOUSE.475811 TROJAN!"
|
| X | Proc992 | [path to file] | "Added by the IXBOT-C WORM!"
|
| X | Proc993 | wqxfne.exe | "Added by the IXBOT-D WORM!"
|
| X | PROCESS SESSION MANAGER | PIDSERV.EXE | "Added by the RBOT-Y WORM!"
|
| X | process.exe | process.exe | "Added by the BANCOS.P TROJAN!"
|
| U | ProcessGovernor | processgovernor.exe | "Core engine for Process Lasso from Bitsum Technologies - ""a state-of-the-art |
| X | Processor | svchost.exe | "Added by the AGENT-KIR TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in the root directory (i.e. C:\ or D:\)"
|
| N | ProcessQuickLink2 | ProcessQuickLink2.exe | "ProcessQuickLink by Uniblue Systems Ltd - gives you quick access to their Process Library entry for a currently running process via the standard Windows Task Manager (CTRL+ALT+DEL). A System Tray icon also allows you to search the library and launch the Task Manager. Run on demand"
|
| U | ProcessSupervisorGUI | ProcessSupervisor.exe | "Graphical user interface (GUI) for Process Lasso from Bitsum Technologies - ""a state-of-the-art |
| U | ProcessTamer | ProcessTamerTray.exe | "Mouser's Software Process Tamer ""is a tiny (140k) and super efficient utility for Microsoft Windows XP/2K/NT that runs in your system tray and constantly monitors the cpu usage of other processes"""
|
| X | procmon | procmon.exe | "Added by the BIONET.40A TROJAN!"
|
| ? | Prodigy DSL | EnterNetDUN.Exe | "Prodigy EnterNet DUN PPPoE Client - is it required?"
|
| N | ProdikeysAutorun | Prodload.exe | "Creative Prodikeys software - 'an interactive music entertainment device which not only functions as a full-featured |
| N | ProDsl | ProDsl.exe | Intel Pro/DSL 2100 modem connection manager. Available via Start -> Programs
|
| X | Profile | Profile.vbs | "Added by the WHITEHO VIRUS or TRAPPY WORM!"
|
| N | Profiler | Profiler.exe | "Enables the "Profiler" to be launched from a System Tray icon for Saitek's game controllers. Available via Start -> Programs"
|
| X | profiler | liteout.exe | "Added by the ZAPCHAS-G WORM!"
|
| X | profiler | prof.exe | "Added by the ZAPCHAS-G WORM!"
|
| N | Profiler | ProfilerU.exe | "Enables the ""Profiler"" to be launched from a System Tray icon for Saitek's game controllers. Available via Start -> Programs"
|
| N | ProfilerU | ProfilerU.exe | "Saitek SST (Saitek Smart Technolgy) Profile Launcher - allows System Tray access to the ""Profiler"" and ""Control Panel"" for Saitek's game controllers. Start manually via Start -> Programs -> Saitek SD6 Programming Software -> Profiler"
|
| X | Prog | csrss.exe | "Added by the WEBUS TROJAN! Note - this is not the legitimate csrss.exe process which should not normally figure in Msconfig/Startup!"
|
| X | Prog | lsass.exe | "Added by the WEBUS.B TROJAN! Note - this is not the legitimate lsass.exe process which should not normally figure in Msconfig/Startup!"
|
| X | Program Access Service | [10 random letters].exe | "Added by the RBOT.GJJ WORM!"
|
| X | Program File | Progmon.exe | "Added by the PEEPER TROJAN!"
|
| X | Program in Windows | IEXPLORE.exe | "Added by the LOVGATE.AB WORM!"
|
| U | Program Neighborhood Agent | pnagent.exe | "Citrix Program Neighborhood Agent"
|
| X | ProgramControl | ProgramControl.exe | "Added by the DLOADR-BAG TROJAN!"
|
| ? | ProgramWindow | more comp.exe | "??"
|
| U | Progressive Touch | SynTPEnh.exe | "Synaptics TouchPad Enhancements - included with drivers for Synaptics based TouchPads |
| U | Progressive Touch | SynTPLpr.exe | "Synaptics TouchPad driver helper - included with drivers for Synaptics based TouchPads |
| U | ProjectWhois | ProjectWhois.exe | """Project Whois loads the domain names from all open Firefox and Internet Explorer windows into the one-click menu and gives easy access to the whois records from the System Tray"""
|
| N | projselector | projselector.exe | Roxio Project Selector - can be started manually
|
| N | Promon.exe | promon.exe | System Tray icon for Intel PRO series ethernet adapters giving access to the diagnostic features
|
| X | PromoReg | [path to worm] | "Added by the WALEDAC.C WORM!"
|
| X | PromoReg | alt.exe.exe | Added by a variant of the AGENT.DOM TROJAN!
|
| X | prompt drive | [random filename] | "Added by the SDBOT.AMF WORM!"
|
| X | PromulGate | PgMonitr.exe | "Delfin Promulgate adware variant"
|
| N | PRONoMgr.exe | PRONoMgr.exe | System Tray icon for Intel PRO series ethernet adapters giving access to the diagnostic features
|
| U | PRONoMgrWired | PRONoMgr.exe | Intel's Pro 100 Ethernet card manager
|
| X | Proof Defender 2009 | pdfndr.exe | "Proof Defender 2009 rogue security software - not recommended |
| U | Propel Accelerator | PropelAC.exe | "Propel Internet Accelerator"
|
| U | ProPort Startup | ProPort.exe | "Proport is a port monitor/protector. Monitors an infinite amount of ports for trojans and nukes. Some additional features are auto connection-kill |
| X | proses | [5 random letters].exe | "Added by a variant of the RBOT WORM!"
|
| X | ProSiteFinder | prositefinder.exe | "ProSiteFinder adware"
|
| X | Proteção de tela | ssmaze.scr | "Added by the BANCBAN-FB TROJAN!"
|
| U | Protect | SHVRTF.EXE | "PC Angel takes a 5-second snapshot of the current system registry each time the PC boots up. In the event of a crash |
| X | protect | protect.scr | "Added by the DLOADER-TQ TROJAN!"
|
| X | ProtectDefender | ProtectDefender.exe | "ProtectDefender rogue security software - not recommended |
| X | Protected Storage | RUNDLL32.EXE MSSIGN30.DLL ondll_reg | "Added by the LOVGATE-W WORM! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted"
|
| X | protectinfo | protectinfo.exe | "ProtectInfo rogue security software - not recommended"
|
| X | ProtectingTool | SysRep.exe | "ProtectingTool rogue system error and cleaning utility - not recommended |
| X | Protection | [path] runtask.exe [path] protection.exe | Added by a variant of the AGENT.3.AU TROJAN!
|
| X | Protection | Protection.exe | "Added by the FEBELNECK-A WORM!"
|
| X | Protection | Firewall.exe | "Added by the ELIPTER.A or ELIPTER.B WORMS! Located in %ProgramFiles%\Internet Explorer"
|
| X | Protection | IExplore .exe | "Added by the ELIPTER.D WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) process as there is a space before the "".exe"""
|
| X | Protection | Norton Internet Security.exe | "Added by the ELITPER.E WORM!"
|
| X | Protection Center | cntprot.exe | "Protection Center rogue security software - not recommended |
| X | Protection System | psystem.exe | "Protection System rogue security software - not recommended |
| X | ProtectionComplete | pgs.exe | "ProtectionComplete rogue security software - not recommended. A member of the AVSystemCare family"
|
| X | ProtectionConue | pgs.exe | "ProtectionConue rogue security software - not recommended. A member of the AVSystemCare family"
|
| X | ProtectionDeDriver | GDC.exe | "ProtectionDeDriver rogue privacy tool - not recommended. A member of the PCPrivacyTool family"
|
| X | Protections | ProtEX32.exe | "Ultimate SecuritySuite rogue malware remover - not recommended |
| X | Protector GB | protectgb.exe | "Added by the BANKER.EIE TROJAN!"
|
| X | ProtectPcs.exe | ProtectPcs.exe | "ProtectPcs rogue security software - not recommended |
| X | ProtectSoldier | ProtectSoldier.exe | "ProtectSoldier rogue security software - not recommended |
| X | ProtejaseuDrive | SysRep.exe | "ProtejaseuDrive rogue system error and cleaning utility - not recommended. A member of the ErrClean family"
|
| X | ProtezionefiData | pgs.exe | "ProtezionefiData rogue security software - not recommended. A member of the AVSystemCare family"
|
| X | ProtezioneSoft | SysRep.exe | "ProtezioneSoft |
| X | Protocol Settings | kav.exe | "Added by a variant of the RBOT WORM!"
|
| X | ProtocolDiskChk | ssrms.exe | "Added by the BDOOR-ML BACKDOOR!"
|
| X | ProtocolDiskChk | svcvlw32.exe | "Added by the STINX-Y TROJAN!"
|
| X | ProtocolEventTsk | csrwjd.exe | "Added by the STINX-N TROJAN!"
|
| X | prov | prov.exe | "Added by a variant of the IRCBOT TROJAN!"
|
| X | Provan Security | psecure.exe | "Added by the RBOT.BRV WORM!"
|
| Y | proxim_orinoco_11abg | orinoco.exe | "Proxim ORiNOCO 11a/b/g PCI Card wireless configuration utility"
|
| N | PROXOMITRON | PROXOMITRON.EXE | "A free |
| N | PROXOMITRON | PROXOM~1.EXE | "A free |
| Y | ProxyCap | ProxyCap.exe | """ProxyCap enables you to tunnel Internet applications through HTTP |
| U | ProxyFirewall | ProxyFirewall.exe | "Proxy Firewall by Unique Internet Services |
| U | ProxyWay | proxyway.exe | "ProxyWay anonymous proxy surfing software"
|
| U | PSwitch | ProxySwitcher.exe | """Proxy Switcher offers full featured connection management solution"" as different internet connections often require completely different proxy server settings and it's a real pain to change them manually"
|
| U | pumcfgp | proxycfg.exe | """GuardWare iShield blocks pornographic images when you surf the Internet on your computer using a web browser"""
|
| U | Quick Heal Firewall Pro | qhfw.exe | "Quick Heal Firewall Pro"
|
| Y | Quick Heal On-Line Protection | Cateye.exe | "Quick Heal - virus scanner"
|
| X | Quick Time file manager | quicktimeprom.exe | "Added by the SDBOT TROJAN!"
|
| U | QuickCamPro | QuickCamPro.exe | "System Tray for Picture Capture utility that can run unattended. Pictures every 30 seconds for example |
| X | Quicktime Pro 3.0 | winuodps.exe | "Added by the GAOBOT.BH WORM!"
|
| U | RAM Idle Professional | RAM_XP.exe | "RAM Idle LE - ""A smart memory management program that will keep your computer running better |
| N | Ray Process Killer | Prkill.exe | "Ray Process Killer - clicking right mouse button produces popup menu with current active tasks. You can choose any task and click "Ok" to terminate it. Use CTRL+ALT+DEL instead"
|
| X | RealTimeProtector | winlogon.exe | "Added by the AUTORUN.DIB WORM! Note - this is not the legitimate winlogon.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ~A~m~B~u~R~a~D~u~L~� subfolder"
|
| X | Registry Protector | regprotect.exe | "Added by the ARIVER.A WORM!"
|
| Y | RegProt | Regprot.exe | "RegistryProt from Diamond Computer Systems - protects the system registry against changes"
|
| X | REGRUNM | autoprotect.exe | Added by an unidentified WORM or TROJAN!
|
| N | reminder-ScanSoft Product Registration | remind32.exe | Registration reminder for ScanSoft products such as PaperPort
|
| X | Remote Procedure Call | winrpc.exe | "Added by the RBOT-KM WORM!"
|
| X | Remote Procedure Call | winsysrpc.exe | "Added by the SDBOT-PS WORM!"
|
| X | Remote Procedure Call For Windows 32bit | rpc.exe | "Added by the RBOT-MD WORM!"
|
| X | Remote Procedure Call Locator | RUNDLL32.EXE reg678.dll ondll_reg | "Added by the LOVGATE.F WORM! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted"
|
| X | Remote Procedure Calls | mswinrpc.exe | "Added by the RBOT.KJ WORM!"
|
| X | Remote Procedure Calls | mswinc.exe | "Added by the RBOT-IT WORM!"
|
| X | Remote Procedure Calls | win.exe | "Added by the SDBOT-QI WORM!"
|
| X | Remote System Protection | "rundll32.exe [random].dll | HUI_proc" |
| U | RemoveIT Pro XT | removeit.exe | "RemoveIT Pro from InCode Solutions - spyware |
| U | ReproPRD | PrdUsb.exe | "Thrustmaster Corporation Presets application - a game controller driver |
| Y | RogueMonitor | RogueRemoverPRO.exe | "Part of Malwarebytes' RogueRemover PRO - the realtime ""RogueMonitor will alert you before you download a rogue application keeping you safe and secure before trouble occurs."" Now discontinued and the funtionality is included in Malwarebytes' Anti-Malware"
|
| Y | RogueRemoverPRO | RogueRemoverPRO.exe | "Part of Malwarebytes' RogueRemover PRO - the realtime ""RogueMonitor will alert you before you download a rogue application keeping you safe and secure before trouble occurs."" Now discontinued and the funtionality is included in Malwarebytes' Anti-Malware"
|
| U | rundll32 | "rundll32.exe irprops.cpl | |
| U | rundll32 | "rundll32.exe bthprops.cpl | |
| Y | RunDll32 essprops | "RunDll32 essprops.cpl | TaskbarIconWnd" |
| X | Rundll32.exe | Proyecto1.exe | "Added by the GRUEL WORM!"
|
| X | RunProg | Server.exe | "Added by the OPTIX.04.A TROJAN!"
|
| X | RunProg | wini.exe | "Added by the OPTIX.04.D TROJAN!"
|
| X | Runtime Process | Csrss.exe | "Added by the CIADOOR-J BACKDOOR! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
|
| X | s9201 | asproxp.exe | "AntiSpyware Pro XP rogue spyware remover - not recommended |
| X | SafetyCenter | protector.exe | "Safety Center rogue security software - not recommended |
| X | SC2 | scprot4.exe | "Added by the AGENT.APP TROJAN!"
|
| N | ScanSoft PDF Professional 4-reminder | Ereg.exe Ereg.ini | "Registration reminder for PDF Converter Professional version 4 from Scansoft (now Nuance)"
|
| U | scheduler_proxy Application | scheduler_proxy.exe | "Found on IBM/Lenovo ThinkCentre/ThinkStation desktops and Thinkpad notebooks. Included with versions of ThinkVantage System Update (for software updates) |
| X | SDK Codre Function22 | sdkimddprovment2.exe | "Added by the SDBOT-YJ WORM!"
|
| X | SDK Core Function | sdkimprovment.exe | "Added by the RBOT.BHL WORM!"
|
| X | SDK Core Function2 | sdkimprovment2.exe | "Added by the SPYBOT.OGX WORM!"
|
| X | SDKCprords | SDKc55rezzz.exe | "Added by the RBOT.VD WORM!"
|
| U | Search Protection | SearchProtection.exe | """Yahoo! Search Protection will alert you if an attempt is made to change your default browser search engine from Yahoo!"""
|
| U | SearchProtection | SearchProtection.exe | """Yahoo! Search Protection will alert you if an attempt is made to change your default browser search engine from Yahoo!"""
|
| X | Secure AntiVirus Pro | av.exe | "Secure AntiVirus Pro rogue security software - not recommended |
| U | SecureItPro | Secureitpro470p.exe | "SecureIt Pro - lock your computer when you're not there |
| X | Security Service Process | svhost.exe | "Added by the AGOBOT-LC WORM!"
|
| X | Security Update Service Process | svrhost23.exe | "Added by the AGOBOT-GN WORM!"
|
| X | Server Runtime Process | wbemstest.exe | "Added by the SDBOT-DDB WORM!"
|
| X | Service Host Process | spoolsvc.exe | "Added by the GAOBOT.GEN!POLY WORM!"
|
| X | Service Process | SVCHOST.EXE | "Added by the DARKER WORM! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
|
| X | Service Process | winset.exe | "Added by a variant of the SPYBOT WORM!"
|
| X | Service Process | service.exe | "Added by the DCMBOT-C TROJAN!"
|
| X | Service Process | smss.exe | "Added by the DCMBOT-E TROJAN! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ""config"" subfolder"
|
| X | Service Process | svchost.exe | "Added by the DCMBOT-A TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ""config"" subfolder"
|
| X | Services | prosys32.exe | Added by an unidentified WORM or TROJAN!
|
| X | Services Process | services.exe | "Spyware - detected by Kaspersky as the SMALL.X TROJAN! Note - this is not the legitimate services.exe process |
| X | Services Process | smss.exe | "Added by the SMALL-EK TROJAN! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ""config"" subfolder"
|
| U | ShadowUser Pro Edition | ShadowUser.exe | """StorageCraft™ ShadowUser™ provides easy to use desktop security and protection for Windows operating systems. ShadowUser is the best way to prevent unwanted changes to PCs and laptops"""
|
| X | SHAProc | SHAProc.exe | "Added by the WINKO.AO WORM!"
|
| ? | ShowIcon_Justrams_USB Product Driver v2.12r012 | shwicon.exe | "Related to Just Rams USB product driver. Is it required?"
|
| U | ShutDownPro | ShutDownPro.exe | "ShutDownPro - shutdown |
| U | SIAPRO6 | sia.exe | "Steganos Internet Anonym privacy software"
|
| U | sks-32 | sks32proc.exe | "SpyKeySpy surveillance software. Uninstall this software unless you put it there yourself"
|
| X | Smart Defender PRO | smrtdefp.exe | "Smart Defender PRO rogue security software - not recommended |
| U | Smart Protector Pro | SmartProtector-Pro.exe | "Smart Protector Pro internet eraser from SmartSoft - ""keeps out prying eyes and protects your private data on all Windows systems"""
|
| X | smartprotector | smartprotector.exe | "Smart Protector rogue security software - not recommended |
| U | SmartProtector-Pro | SmartProtector-Pro.exe | "Smart Protector Pro internet eraser from SmartSoft - ""keeps out prying eyes and protects your private data on all Windows systems"""
|
| U | SmartSync Pro | SmartSync.exe | "Related to CompanionLink Software Inc. Synchronization solutions for ACT! |
| X | SMTP32 Mailing Protocol | smtp32.exe | "Added by a variant of the RBOT WORM!"
|
| X | SNP Generic Host Process | svchost.exe | "Added by the ZAPCHAS-O TROJAN! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup!"
|
| X | Soft Profile Inc | hxdef.exe... | "Added by the LOVGATE.AO WORM!"
|
| X | Soft Profile Inc | hxdef.exe | "Added by the LOVGATE.E WORM!"
|
| X | SOProc_RegSoAlertWxLiteNnAj | "rundll32 shell32.dll | ShellExec_RunDLL [path] soproc.exe" |
| ? | SoundFusion | rundll32 cwcprops.cpl | "Control panel item for the Terratec DMX Xfire 1024 soundcard (Start -> Settings -> Control Panel) based upon a Cirrus Logic "SoundFusion" DSP. Does it need to run at start-up every time?"
|
| ? | SoundFusion | "RunDll32 cwaprops.cpl | C25CrystalControlWnd" |
| X | SpoolerSubSystemProcess | SpooI32.exe | "Added by the EHKS.21 keylogger! Note - the ""I"" between ""o"" and ""3"" is a capital ""i"" not a lower case ""L"""
|
| X | Sproc32 | sproc32.exe | "Added by the SPROCIT TROJAN!"
|
| X | sprof | sprof.exe | "Added by the RENOS.G TROJAN!"
|
| U | SPSTEALT | SmartProtectorPro.exe | "Smart Protector Pro - internet privacy tool that erases tracks |
| U | SPSTEALT | SmartProtector-Pro.exe | "Smart Protector Pro internet eraser from SmartSoft - ""keeps out prying eyes and protects your private data on all Windows systems"""
|
| U | Spy Protector | SpyProtector.exe | "Included in the full version of Security Task Manager |
| X | Spy Protector | srcss.exe | "SpyProtector rogue security suite - not recommended |
| X | Spy Protector | lsascs.exe | "Spy Protector rogue security software - not recommended |
| X | SpyGuardPro | pgs.exe | "SpyGuardPro rogue security software - not recommended. A member of the AVSystemCare family"
|
| X | SpyKillerPro | SpyKillerPro.exe | "SpyKillerPro rogue security software - not recommended |
| U | spyprodetector | spydetector.exe | Spyware Process Detector spyware remover
|
| X | Spyware Striker Pro | SpywareStriker.exe | "Ascentive Spyware Striker Pro rogue spyware remover - not recommended |
| X | SpywareGuard | winproc32.exe | "Startpage adware Trojan"
|
| X | SpywareProMFC | SpywarePro.exe | "SpywarePro rogue security software - not recommended |
| X | SpywareSweeperProMFC | Spyware Sweeper Pro.exe | "Spyware Sweeper Pro rogue security software - not recommended |
| X | sqlpdro | providd.exe | "Added by the AGENT-LXF TROJAN!"
|
| U | SRP Startup | srrpro.exe | "System Restore Remover Pro allows you to safely and easily remove System Restore and various other Windows Millennium ""features"". This is enabled if you tick the ""Remove unnecessary System Restore information on startup"" box. Available via Start -> Settings -> Control Panel"
|
| Y | SSC_UserPrompt | UsrPrmpt.exe | "Part of Symantec's AntiVirus suite and comes usually with a product update |
| N | Start Wingman Profiler | lwtest.exe | "Logitech Wingman software required to operate Logitech joysticks and gamepads. Unless you're a hard-core gamer |
| N | Start Wingman Profiler | LWEMon.exe | Part of Logitech Gaming Software (formerly Wingman Software) for their range of game controllers. Starts the profiler (button configuration) and loads the last used profile at start-up - including System Tray access. Unless you're a hard-core gamer it's best to leave it disabled and load when needed
|
| X | StorageProtector | SysRep.exe | "StorageProtector rogue system error and cleaning utility - not recommended |
| Y | SunProtectionServer | SunProtectionServer.exe | "CounterSpy antispyware software"
|
| X | superproxy | superproxy.exe | "Added by the DELBACK-B TROJAN!"
|
| U | SuperSpamKiller Pro | Ssk.exe | "SuperSpamKiller Pro email spam blocker"
|
| U | SureCleanProfessional | SRClean.exe | "SureClean PC and Internet tracks cleaner"
|
| U | SurfinGuard Pro | winsfcm.exe | "SurfinGuard Pro from Finjan - internet protection software |
| X | SVCHost Protocol32 | scvhost32.exe | "Added by a variant of the IRCBOT TROJAN!"
|
| X | svcwinprocess32 | [path to worm] | "Added by the UPERING WORM!"
|
| X | Symantec Antivirus professional | dfrgfrat.exe | "Added by a variant of the FORBOT WORM!"
|
| X | Symantec Antivirus professional | autoformat.exe | "Added by a variant of the FORBOT WORM!"
|
| X | Symantec Antivirus professional | dyndns.exe | "Added by a variant of the FORBOT WORM!"
|
| X | Symantec Antivirus professional | f0dns.exe | "Added by the FORBOT-GT WORM!"
|
| X | Symantec Antivirus professional | flushdns.exe | "Added by a variant of the FORBOT WORM!"
|
| X | Symantec Antivirus professional | for.exe | "Added by a variant of the FORBOT WORM!"
|
| X | Symantec Antivirus professional | regedit.exe | "Added by a variant of the FORBOT WORM! Note - this is not the valid Windows registry editor which resides in %Windir% and will not normally figure in Msconfig/Startup! This version resides in %System%"
|
| X | Symantec Antivirus professional | Symantex.exe | "Added by a variant of the FORBOT WORM!"
|
| X | Symantec Antivirus professional | windows .exe | "Added by a variant of the FORBOT WORM!"
|
| X | Symantec Antivirus professional | Winhp32.exe | "Added by a variant of the FORBOT WORM!"
|
| X | Symantec Antivirus professional | winudp.exe | "Added by a variant of the WOOTBOT WORM! See here"
|
| X | Symantec Antivirus professional | xplrer.exe | "Added by a variant of the FORBOT WORM!"
|
| X | Sysctrls | procdll.exe | "Added by the WEEDBOTZ.14 TROJAN!"
|
| X | SysProtect | System.exe | "Added by the NETSPY TROJAN!"
|
| X | SysProtect | syp.exe | "SysProtect rogue security software |
| X | SysProtect | USYP.exe | "SysProtect rogue security software |
| X | SysProtect Free | USYP.exe | "SysProtect rogue security software |
| X | SysProtector | SysProtector.exe | "SysProtector rogue security software - not recommended |
| X | System Applications Profile | sap.exe | "Added by the RBOT-QF WORM!"
|
| X | System Database Administration Support Process | sysdasp.exe | "Added by the DERDERO.C WORM!"
|
| X | System Firewalls | commandprompt32.exe | "Added by the RBOT.BJT WORM!"
|
| N | System Mechanic Professional Update [Incinerator.dll] | SysMech4.exe /REREG: [path] Incinerator.dll | "Iolo System Mechanic ""Incinerator"" feature securely deletes files and folders from your PC so they can never be recovered again"
|
| X | System Process | csrss.exe | "Added by the ADCLICK-AG TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
|
| X | System Process | lsass.exe | "Added by the ADCLICK-AG TROJAN! Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
|
| X | System Process | svchost.exe | "Added by the ADCLICK-AG TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
|
| X | System Process | CSRSR.exe | "Added by the AGOBOT-SQ WORM!"
|
| X | System Process Analization | sysproc.exe | "Added by a variant of the RBOT WORM!"
|
| X | System Process Analization Thread | system.exe | "Added by a variant of the RBOT WORM!"
|
| X | System Profile | Regsrv.exe | "Added by a variant of the OPTIX TROJAN!"
|
| X | System Protector | lsascs.exe | "System Protector rogue security software - not recommended |
| X | System Soap Pro | soap.exe | "System Soap Pro internet cleaning software. Bundles foistware like Httper and Zipclix - best avoided"
|
| X | System Updater Process | wmiprvsw.exe | "Added by the AGOBOT-IL WORM!"
|
| X | SystemCleanerPRO | sysclpro.exe | "SystemCleanerPro rogue security software - not recommended |
| X | SystemProcEvent | [trojan filename] | "Added by the IRCBOT.I TROJAN! Filenames used are csrwnd.exe |
| ? | SystemReg | PROCES.EXE | "??"
|
| X | SystemSecurity | zprot32.exe | "Added by the AGENT-FK TROJAN!"
|
| X | taetae | Exit to DosPrompt.pif | "Added by the GATINA-B WORM!"
|
| U | TB2PROEXE | tb2start.exe | "Timbuktu Pro - remote desktop access software"
|
| U | TBC Pro | tbcpro.exe | "TitleBarClock Pro - displays Day |
| X | TCPIP Protocol | mstcpip.exe | "Added by the SDBOT-LR WORM!"
|
| X | Telephony Provider | Iexplore.exe | "Added by the FORBOT-DF BACKDOOR! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System%"
|
| U | tgcmdprovidersbc | tgcmd.exe | "Part of software from SupportSoft (aka Support.com) provided to manufacturers and ISPs that allows them to offer on-line support - to update drivers |
| N | TGPro Office | IdxOffice.exe | "With IdiomaX Office Translator ""you can translate documents directly from your favorite text editor (Microsoft Word |
| N | The Proxomitron | Proxomitron.exe | "A free |
| Y | ThinkVantage Active Protection System | TpShocks.exe | "Part of the Active Protection System found on some IBM/Lenovo Thinkpad models - including the T |
| Y | tmproxy | tmproxy.exe | "Part of Trend Micro web-security products - Internet Security 2005 |
| X | tor anonymous proxy | tor32.exe | "Added by the SDBOT-ADR WORM!"
|
| X | Torjan Program | [path to trojan] | "Added by the LEGMIR-BO TROJAN!"
|
| X | Torjan Program | smss.exe | "Added by the WOWCRAFT.B TROJAN! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
|
| X | Torjan Program | WINLOGON.EXE | "Added by the WOWCRAFT.D TROJAN! Note - this is not the legitimate winlogon.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
|
| X | Total Protect 2009 | pcpc_starter.exe | "Total Protect 2009 rogue security software - not recommended |
| X | Total Virus Protection | TotalVirusProtection.exe | "Total Virus Protection rogue security software - not recommended |
| Y | ToUcamVProperty | VProperty.exe | "Philips Web Camera model name pcvc740k |
| U | Tracks Eraser Pro | te.exe | "Tracks Eraser Pro from Acesoft - "Erases all tracks of your internet activity""
|
| U | TrojanShield Protector | Port.exe | "TrojanShield anti-hacker/anti-trojan software"
|
| X | TURXP Protocol | sps32.exe | "Added by a variant of the SDBOT WORM!"
|
| U | TVT Scheduler Proxy | scheduler_proxy.exe | "Found on IBM/Lenovo ThinkCentre/ThinkStation desktops and Thinkpad notebooks. Included with versions of ThinkVantage System Update (for software updates) |
| U | Ueproc32 | UEPROC32.exe | Part of Norton Utilities - most likely associated with the Unerase Wizard in older versions
|
| X | Ultimate System Guard | MainFAVProj.exe | "Ultimate System Guard rogue security software - not recommended |
| N | Uniblue ProcessQuickLink 2 | ProcessQuickLink2.exe | "ProcessQuickLink by Uniblue Systems Ltd - gives you quick access to their Process Library entry for a currently running process via the standard Windows Task Manager (CTRL+ALT+DEL). A System Tray icon also allows you to search the library and launch the Task Manager. Run on demand"
|
| X | Updater Service Process | svhost32.exe | "Added by the AGOBOT.TY WORM!"
|
| X | Updater Service Process | csrss32.exe | "Added by the AGOBOT-GP BACKDOOR!"
|
| U | Upromise | Upromise.exe | "Upromise college savings program"
|
| U | Upromise Tray | UpromiseTray.exe | "System Tray access to the Upromise college savings program"
|
| U | Upromise Update | UpromiseUa.exe | "Updater for the Upromise college savings program"
|
| U | Upromise0 | Upromise0.exe | "Upromise college savings program"
|
| U | UpromiseRemindU | wjview ...Code | "Part of the Upromise saving scheme but associated with Ebates MoneyMaker adware so the choice is yours"
|
| X | User Protection | usrprot.exe | "User Protection rogue security software - not recommended |
| N | UtilityPro | UtilityPro.exe | "IE search toolbars as supplied by people such as Yellow Internet and SearchBoss and written by Rawhide Search Solutions"
|
| X | Vhosts Protection | vhosts.exe | Added by an unidentified WORM or TROJAN!
|
| X | Video Proces | winaps.exe | "Added by the AGOBOT.HD WORM!"
|
| X | Video Process | sysconf.exe | "Added by the GAOBOT.GEN!POLY or GAOBOT.UM or GAOBOT.ADX WORMS!"
|
| X | Video Process | MS32x16.exe | "Added by the RBOT.RH WORM!"
|
| X | Video Process | netsvcs.exe | "Added by the AGOBOT.LH WORM!"
|
| X | Video Process | MSlti64.exe | "Added by the AGOBOT.UE WORM!"
|
| X | Video Process | [random filename] | "Added by the RBOT-LM WORM!"
|
| X | Video Process | winasp.exe | "Added by the AGOBOT-IS WORM!"
|
| X | Video Process | msn5.exe | "Added by the AGOBOT-TW WORM!"
|
| X | Video Process | MStli32s.exe | "Added by the RBOT-GAD WORM!"
|
| X | Video Process | wincert32.exe | "Added by the AGOBOT.JT WORM!"
|
| X | Video Process | ntsystm.exe | "Added by the GAOBOT.ZX WORM!"
|
| X | Video Process | Nivopsvc.exe | "Added by the AGOBOT-GT WORM!"
|
| X | Video Process | wincrt32.exe | "Added by the AGOBOT-GR WORM!"
|
| X | Video Process | Avg123.exe | "Added by the AGOBOT-MS WORM!"
|
| X | Video Process | Navapsvcc.exe | "Added by the SPYBOT-CW WORM!"
|
| X | Video Processor | msconfsys88.exe | "Added by the AGOBOT-QG WORM!"
|
| X | Video Proes | winaii.exe | "Added by the AGOBOT-FH WORM!"
|
| X | virtual | winprotect.exe | "Added by the MUGLY.C WORM!"
|
| X | Virtual Protocol | vr32.exe | "Added by a variant of the SDBOT WORM!"
|
| X | Virus Protect | vrsprtc.exe | "Added by the RBOT-APR WORM!"
|
| X | Virus Protector | [random].exe | "Virus Protector rogue security software - not recommended |
| X | Virus Remover Profesional | virusremover.exe | "Virus Remover Profesional rogue security software - not recommended |
| X | VirusProtect 3.8 | VirusProtect 3.8.exe | "VirusProtect Pro rogue security software - not recommended |
| X | VirusProtect 3.9 | VirusProtect 3.9.exe | "VirusProtect Pro rogue security software - not recommended |
| X | VirusProtectPro 3.3 | VirusProtectPro 3.3.exe | "VirusProtect Pro rogue security software - not recommended |
| X | VirusProtectPro 3.4 | VirusProtectPro 3.4.exe | "VirusProtect Pro rogue security software - not recommended |
| X | VirusProtectPro 3.5 | VirusProtectPro 3.5.exe | "VirusProtect Pro rogue security software - not recommended |
| X | VirusProtectPro 3.6 | VirusProtectPro 3.6.exe | "VirusProtect Pro rogue security software - not recommended |
| X | VirusProtectPro 3.7 | VirusProtectPro 3.7.exe | "VirusProtect Pro rogue security software - not recommended |
| X | VITAL BOOT PROCESS | taskmngr.exe | "Added by a variant of the RBOT WORM!"
|
| X | VITAL BOOT PROCESS | taskmnsgr.exe | "Added by the Rbot-VY WORM!"
|
| X | Vital Load Process | Spoolsvr.exe | "Added by the RBOT.AIF WORM!"
|
| X | VMware User Process | KHATRA.exe | "Added by the AUTOIT.K TROJAN!"
|
| N | VoipBusterPro | VoipBusterPro.exe | "VoipBusterPro - internet telephony utility using the VoIP (Voice over Internet Protocol). Call online friends for free and regular phones either for free (limited use) or low rates. One of a number provided by Betamax - the others generally have different rate plans. Similar to the more popular Skype"
|
| X | Vprocess | scvtw32.exe | "Added by the AGOBOT-FR BACKDOOR!"
|
| Y | VrProxyc | vrproxyc.exe | "Part of the HAURI ViRobot series of internet security products. HAURI's ViRobot engine is included in those used by VirusTotal |
| Y | VrProxyd | vrproxyd.exe | "Part of the HAURI ViRobot series of internet security products. HAURI's ViRobot engine is included in those used by VirusTotal |
| N | Watch Dog Program | watchdog.exe | For Compaq PC's. Associated with Compaq's internet services. Not required if you don't use services provided by them and may not be required even if you do
|
| X | WIN HOST PROCESS | WIN HOST PROCESS.EXE | "Added by the KEYLOGGER.CLONE TROJAN!"
|
| X | Win Process Updates | winupdates.exe | "Added by a variant of the SDBOT WORM!"
|
| X | Win Prosess0r | [random filename] | "Added by the RBOT-BIT WORM!"
|
| X | WIN prosessor16 | [random filename].exe | "Added by a variant of the SDBOT WORM!"
|
| X | Win Proxy32 Protocol | bsvtem.exe | "Added by a variant of the SDBOT WORM!"
|
| X | Win32 Security Protocol | secure32.exe | "Added by the RBOT-ETI WORM!"
|
| X | Win32Host Process | webemir.exe | "Added by the TURGEN -A TROJAN!"
|
| X | WinAntiVirus Pro 2007 | WinAv.exe | "WinAntiVirus Pro 2007 rogue security software - not recommended |
| X | WinAntiVirusPro2006 | WinAV.exe | "WinAntiVirus Pro 2006 rogue security software - not recommended |
| X | Wind0ws Sharing | ssprotecter.exe | "Added by the RBOT-AHW WORM!"
|
| X | WinDLL (ProsFix.exe) | ProsFix.exe | "Added by a variant of the IRCBOT BACKDOOR! The ""ProsFix.exe"" file is found in %System%"
|
| U | Windows & Internet Cleaner Pro | WICleaner.exe | "Windows & Internet Cleaner Pro - ""Powerful and easy to use internet surfing privacy protection & PC security software"""
|
| X | Windows Clean-Up Pro | WINDOWS CLEAN-UP PRO.Exe | "Windows Clean-Up Pro spyware remover - not recommended |
| X | Windows Event Provider | wposvc.exe | "Added by a variant of the IRCBOT TROJAN! See here"
|
| X | Windows File Protection | winprotect.exe | "Added by the AGOBOT.JB WORM!"
|
| X | Windows Generic Proc | procmsg.exe | "Added by the ALLIM.B WORM!"
|
| X | Windows Guard Pro | WindowsGP.exe | "Windows Guard Pro rogue security software - not recommended |
| X | Windows Hijack Protection | comngr.exe | "Added by the AGENT-FYD TROJAN!"
|
| X | Windows Hijack Protection System | commngr.exe | "Added by a variant of the AGENT-FYD TROJAN!"
|
| X | Windows Internet Protocol | winproc32.exe | "CoolWebSearch Winproc32 parasite variant - also detected as the STARTPA-BF TROJAN!"
|
| X | Windows Internet Protocol | deinst_qfe001.exe | Added by a variant of the Win32.Small TROJAN!
|
| X | Windows Logon Procedure | Svchoste.exe | "Added by a variant of the SPYBOT WORM!"
|
| X | Windows Logon Procedure | Svchosta.exe | "Added by a variant of the SPYBOT WORM!"
|
| X | windows logon procedure | winlogonpc.exe | "Added by the WINLOGON TROJAN!"
|
| X | Windows Process | win_update.exe | "Added by the LASTWORD WORM!"
|
| X | Windows Process Manager | winproc.exe | Added by an unidentified WORM or TROJAN!
|
| X | Windows Processe Manager | mspn32.exe | "Added by the RBOT.AXO WORM!"
|
| X | Windows Proffesional Security | WinSecure32.exe | "Added by the AGOBOT.VA WORM"
|
| X | Windows Protected Storage | npssvc.exe | "Added by the IRCBOT.AUL BACKDOOR!"
|
| X | Windows Protection Suite | WI[random characters].exe | "Windows Protection Suite rogue security software - not recommended |
| X | Windows Protectot | boxide.exe | "Added by a variant of the WOOTBOT WORM!"
|
| U | Windows Registry Repair Pro | RegistryRepairPro.exe | "Registry Repair Pro. ""Scans the Windows Registry for invalid or obsolete information in the registry"""
|
| X | Windows Reversed Virus Protection | winrsvp.exe | "Added by the SLENFBOT.HX WORM!"
|
| X | Windows Runtime Proccess | 32RUNdll.exe | "Added by the SDBOT.QW WORM!"
|
| X | Windows Service Host Process | [path to file] | "Added by the EZIO-A WORM!"
|
| X | Windows Socket Procedure | WinSock32.exe | "Added by the RBOT-FMX WORM!"
|
| X | Windows System Manager Proc | winsmc.exe | "Added by the RBOT.JH WORM!"
|
| X | Windows Update AutoUpdate Client Product | wuauct.exe | "Added by the AGOBOT.ACL WORM!"
|
| X | Windows Update Process | wmiprvsc.exe | "Added by the SDBOT-CB WORM!"
|
| X | WindowsProtocolLog | lsadst.exe | "Added by the NANINF.C TROJAN!"
|
| X | Windows_Protect | winsystem.exe | "Added by a variant of the RBOT WORM!"
|
| X | Windows_Protect | winregal.exe | "Added by a variant of the RBOT WORM!"
|
| X | Windows_Protect | lsas.exe | "Added by the RBOT.ARO WORM!"
|
| X | Windows_Protect | wincontrol32.exe | "Added by the RBOT-ADK WORM!"
|
| X | Window_Protect | winsi32.exe | "Added by a variant of the RBOT WORM!"
|
| N | WinFax PRO | FAXMNG32.EXE | "WinFax PRO from Symantec - fax management software"
|
| N | WinFax PRO Controller | WFXCTL32.EXE | From WinFax 10.0 and possibly earlier versions. Appears if you chose to have WinFax appear in the taskbar (System Tray) during installation and displays a yellow fax/telephone icon. Available via Start -> Programs
|
| N | WinGuage Pro | WGPRO32.EXE | "Part of McAfee Nuts & Bolts. "WinGauge is a dynamic reporting tool that constantly monitors your use of Windows and your applications |
| U | WinGuard Pro | wgp.exe | "Winguard Pro"
|
| X | WinPatch Protection | winpatch.exe | Added by an unidentified WORM or TROJAN!
|
| X | WinProc32 | winproc32.exe | "Added by the AGOBOT-4 WORM!"
|
| X | Winprocer32 Update | winprocer32.exe | "Added by the RBOT.GW WORM!"
|
| X | winprocessor Update | winprocessor.exe | "Added by the RBOT.IO WORM!"
|
| X | WinProfile | Command.exe | "Added by the BUDDY.E TROJAN!"
|
| X | WinProfile | sndcfg16.exe | "Added by the SNDC.A WORM!"
|
| X | winprofile | iexpiore.exe | Added by a variant of the MONCHER WORM!
|
| X | WinProfile | iexpIore.exe | "Added by the CHUM-C TROJAN!"
|
| X | WinProt | Winprot.exe | "Added by the CHUPACABRA TROJAN!"
|
| X | WinProt | server.exe | "Added by the CHUPACABRA TROJAN!"
|
| X | winprotect | win32.exe | "Added by the MUGLY.E WORM!"
|
| X | winprotect | winprotect.exe | "Added by the SDBOT-SB WORM!"
|
| X | winprotection | ccsrss.exe | "Added by the SILLYFDC.BBT WORM!"
|
| X | WinProtector | WinProtector.exe | "WinProtector rogue security software - not recommended |
| U | WinProxy | WinProxy.EXE | ""WinProxy is the world-first proxy server and a firewall with integrated mail server for Windows 95/98/ME/NT/2000/XP""
|
| X | Winproxy Personal | WINPROXY.EXE | "Added by the SDBOT.BMF WORM!"
|
| X | WinSpywareProtect | WinSpywareProtect.exe | "WinSpywareProtect rogue security software - not recommended |
| X | WinSpywareProtect (ver. 5.1) | WinSpywareProtect.exe | "WinSpywareProtect rogue security software - not recommended |
| X | WINTASKS | winxpro.exe | "Added by the MYTOB.EZ WORM!"
|
| N | Wintercooler Pro | WINCOOL.EXE | "Wintercooler Pro - utility that monitors CPU usage |
| U | WinUpdateProtection | csrss.exe | "EmployeeWatch is a commercial surveillance software program designed to monitor user activity on a computer. Note - this is not the same file as the csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a subfolder of C:\windowsupdate\ufp"
|
| X | WinXP Processor Generator v1.2 | intspnsr32.exe | "Added by the SDBOT.LP WORM!"
|
| X | WinXProtector | WinXProtector.exe | "WinXProtector rogue security software - not recommended |
| X | Wireless Provider Server | wpsvr.exe | "Added by the FORBOT-AD WORM!"
|
| N | WordWeb Pro | wweb32.exe | "WordWeb Pro - theasaurus and dictionary. Start manually"
|
| X | WSock32 Protocol | wsock32p.exe | "Added by the SDBOT.M BACKDOOR!"
|
| N | WXProcMgr Module | WXprocMgr.exe | "TVTonic from Wavexpress - ""enjoy 3 full-screen |
| X | xDRam rar procx | xwinupdaterarx.exe | "Added by the RILER-W TROJAN!"
|
| X | XP Protection Center | XPProtectionCenter.exe | "XP Protection Center rogue security software - not recommended |
| X | xpprotect | xpdeluxe.exe | "XP Protector Deluxe rogue security software - not recommended |
| U | Y!TunnelPro | YTunnelPro.exe | "Spam |
| U | Y!TunnelPro | YTPro.exe | "Spam |
| X | Your Protection | urpprot.exe | "Your Protection rogue security software - not recommended |
| U | YSearchProtection | SearchProtection.exe | """Yahoo! Search Protection will alert you if an attempt is made to change your default browser search engine from Yahoo!"""
|
| U | Yumgo's Homepage Protector V1 | YumgoHomepageProtector.exe | "Yumgo's Homepage Protector"
|
| Y | Zapro | Zapro.exe | "Firewall program from Zonelabs - paid for version"
|
| X | zcproo | qssstiej.exe | "Possible homepage hijacker installing a toolbar: http://tdko.com/ |
| Y | ZoneAlarm Pro | Zapro.exe | "Firewall program from Zonelabs - paid for version"
|
| X | [32 random hex numbers] | badware-protector.exe | "Badware Protector rogue security software - not recommended |
| X | [various names] | progmen.exe | "Wareout - malware masquerading as a spyware and dialer remover"
|
| X | [various names] | Serviceprocess.exe | "Wareout - malware masquerading as a spyware and dialer remover"
|
