supdate

NEW HijackThis automated log analyzer! Get your logs analyzed INSTANTLY!

Page

If you're not finding what you're looking for please go to this forum and submit a new startup entry.

Key:

"Y" - Normally leave to run at start-up
"N" - Not required - typically infrequently used tasks that can be started manually if necessary
"U" - User's choice - depends whether a user deems it necessary
"X" - Definitely not required - typically viruses, spyware, adware and "resource hogs"
"?" - Unknown

	Startup Name	Process Name	Details
X	autoload	windowsupdate.exe	"Added by the POLYCRYP.DY TROJAN!"
X	autoupdate	"rundll32 SUPDATE.DLL	SHStart"
X	cftmon	WindowsUpdate.exe	"Added by the AGENT.AQK BACKDOOR!"
N	CheckCustomWorksUpdate	CheckCWupdate.exe	"Update checker
X	ctfmon.exe	msupdate32.exe	"Spy Sheriff/SpywareNO malware
Y	DPASUpdate	DPASAutoUpdate.exe	"Automatic updates for DefenderPro AntiSpy spyware remover - now incorporated Defender Pro 15-in-1 and 5-in-1"
X	DRam prosessor	WindowsUpdate.exe	"Added by the RBOT-BBZ WORM!"
X	DRam prosessor	msupdate.exe	"Added by the DELF-FAW TROJAN!"
N	EgisTecLiveUpdate	EgisUpdate.exe	"Software updater for biometric and data encryption products from EgisTec Inc"
X	Firewall Update System1	WinedowsUpdater1.exe	"Added by the RBOT-ARU WORM!"
X	HKLMRun	windowsupdate.exe	"Added by the FORBOT-BJ WORM (where HKLM\Run represents HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run)!"
X	Intec Services Drivers	msupdate22e.exe	"Added by the RBOT-CGC WORM!"
X	IPSEC Configuration	wsupdate.exe	"Added by the AGOBOT-IQ WORM!"
X	Microsoft	MSUPDATE.exe	Added by an unidentified WORM or TROJAN!
X	Microsoft IT Update	msupdate.exe	"Added by the RBOT-FE WORM!"
X	Microsoft MSUPDATE	SpoolSvc.exe	"Added by the SXTB-A TROJAN!"
X	Microsoft Security Monitor Process	windowsupdate.exe	"Added by a variant of the IRCBOT BACKDOOR! See here"
X	Microsoft System Update	sysupdate.exe	"Added by the SDBOT.DG WORM!"
X	Microsoft Update	msupdate32.exe	"Added by a variant of the SPYBOT WORM!"
X	Microsoft Update	msupdate32.exe	"Added by the SPYBOT.LZ WORM!"
X	Microsoft Update	msupdate.exe	"Added by the BOROBOT-I TROJAN!"
X	Microsoft Update 32	MSupdate32.exe	"Added by a variant of the SPYBOT WORM!"
X	Microsoft Update Service	msupdate.pif	"Added by the RBOT-AQB WORM!"
X	MicroSoft Wind0ws Updater	winsupdater.exe	"Added by a variant of the RBOT WORM!"
X	MicroSoft Window Updater	winsupdater.exe	"Added by the RBOT-ZZ WORM!"
X	Microsoft Windows Update	windowsupdate.exe	"Added by the AGOBOT.ON WORM!"
X	Microsoft winsupdater	WINSUPDATER.EXE	"Added by the SPYBOTER.FB BACKDOOR!"
X	MS Unix Binary	outlookexpressupdate.exe	"Added by the RBOT-YU WORM!"
X	MS Updating Utility	msupdater.exe	"Added by the RBOT-XR WORM!"
X	MSConfig Manager	msupdate.exe	"CoolWebSearch parasite variant"
X	msconfig service	MSupdate32.exe	"Added by a variant of the SPYBOT WORM!"
X	MSUpdate	wupd.exe	"Added by the ALADINZ.M TROJAN!"
X	MSUpdate	svchosthlp.exe	"Added by the BLASTER.T WORM!"
X	msupdate	msupdate.exe	"Added by the RBOT-MZ WORM!"
X	MSUpdate	criticalUpdate.exe	"Affilred adware"
X	msupdate	update.exe	"Added by a variant of the SDBOT WORM!"
X	Msupdate	expIorer.exe	"Added by the TACTSLAY.A TROJAN!"
X	Msupdate	outIook.exe	"Added by the TACTSLAY.A TROJAN!"
X	Msupdate	svchosts.exe	"Added by a variant of the TACTSLAY TROJAN!"
X	Msupdate	svcrhost.exe	"Added by the TACTSLAY.A TROJAN!"
X	Msupdate	svcshost.exe	"Added by the TACTSLAY.A TROJAN!"
X	MSupdate.exe	N/A	"CoolWebSearch parasite variant - resets home page to an adult content site"
X	MSUpdateDevKit	axfd.exe	"Added by the SDBOT-ZD WORM!"
X	msupdater	msupdater.exe	"Added by a variant of the Storm/Nuwar/Zhelatin WORM! See here for an example"
X	MsUpdater System	udpsys32.exe	"Added by the RBOT.AAA WORM!"
X	MSupdater.exe	N/A	"CoolWebSearch parasite variant. Installs the Winshow.dll browser plugin"
X	msupdater25	lsasser.exe	"Added by the RBOT-ATS WORM!"
X	msupdates	msupdt.exe	"Added by the RBOT-JO WORM!"
X	MSWindowsUpdate	Systern.exe	"Added by the RBOT-AFD WORM!"
X	MSWindowsUpdate	mswinup.exe	"Added by a variant of the SDBOT WORM!"
X	NSupdate	NSupdate.exe	"Added by the Dial/Laet-B premium rate dialer!"
X	RunWindowsUpdate	uptodate.exe	"BrowserAid/BrowserPal foistware"
X	SafeSurfingUpdate	SSUpdate.exe	"MoneyTree parasite - ActiveX control used to download premium-rate dialers"
X	SSUpdate	SSUpdate.exe	"MoneyTree parasite - ActiveX control used to download premium-rate dialers"
X	Start Uppings	mssupdate.exe	"Added by a variant of the RBOT WORM!"
X	supdate	supdate.exe	"Added by the MALWARE.D TROJAN!"
X	supdate2.dll	"rundll32.exe supdate2.dll	Run"
X	supdate2.dll	regsvr32.exe /s supdate2.dll	"Added by the ZLOB-VL TROJAN! Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The ""supdate2.dll"" file is found in %System%"
X	sysupdate	cmman32.exe	"Added by a variant of the SDBOT WORM!"
X	Updates	msupdate.exe	"CoolWebSearch parasite variant"
X	USB Drivers1	msupdate.exe	"Added by a variant of the RBOT WORM!"
X	WebSUpdater	wupda.exe	"Added by the STARTPAGE.C TROJAN!"
X	Win Update	SysUpdate.exe	"Added by the AGOBOT-TN WORM!"
X	Windosupdate manager	runwin32.exe	"Added by the SDBOT.NNS BACKDOOR!"
X	Windows Auto Updater	WINDOWSUPDATE.EXE	"Added by the SDBOT.PB WORM! Note the space at the beginning of the filename"
X	Windows drivers update	windowsupdate.exe	"Added by the RBOT-ACE WORM!"
X	Windows Firewall Updater	windowsupdate.exe	"Added by the SPYBOT.AVEO WORM!"
X	Windows Loader	SysUpdate.exe	"Added by a variant of the SDBOT WORM!"
X	Windows Update	WindowsUpdate.exe	"Added by the BAYROB-A TROJAN!"
X	Windows Update	msnsupdate.exe	"Added by the RBOT-AXS WORM!"
X	Windows Update Manager	WindowsUpdateManager.exe	"Added by a variant of the IRCBOT TROJAN!"
X	Windows Update Service	msupdate32.exe	"Added by the DLOADR-CRJ TROJAN!"
X	WindowsUpdate	windows_update.exe	"Added by the LOFNI WORM!"
X	WindowsUpdate	svchost.exe	"Added by the ASTEF or RESPAN WORMS or AGENT-V TROJAN! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup!"
X	windowsupdate	RPC[RANDOM CHARACTERS].exe	"Added by the IRCBOT.B TROJAN!"
X	WindowsUpdate	USRINIT.EXE	"Added by the MADDIS.B WORM!"
X	windowsupdate	winupdate.exe	"Added by the WARPI WORM!"
X	WindowsUpdate	svchost.exe	"Added by the BDOOR-IK BACKDOOR! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup!"
X	WindowsUpdate	winnnint.exe	Added by an unidentified WORM or TROJAN!
X	WindowsUpdate	[path to file]	"Added by the DUPA-B TROJAN!"
X	WindowsUpdate	svchostw.exe	"Added by the COBFINN_B TROJAN!"
X	WindowsUpdate	Nzil.exe	"Added by the CULLER-C WORM!"
X	WindowsUpdate	Strad.exe	"Added by the CULLER-D WORM!"
X	Windowsupdate	Windowsupdate.exe	"Added by the BANKER.ARK TROJAN!"
X	Windowsupdate	wupdmgr98.exe	"Added by a variant of the IRCBOT BACKDOOR!"
X	WinDOwsUPdate	smss.exe	"Added by the AUTORUN.DIB WORM! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ~A~m~B~u~R~a~D~u~L~ï¿½ subfolder"
X	windowsupdate	autoupdate.exe	"Added by the IRCBOT-P BACKDOOR!"
X	WindowsUpdate	svdhost.exe	"Added by the AGOBOT-BP WORM!"
X	WindowsUpdate	twain.exe	"Added by the AGENT.BEA TROJAN!"
X	WindowsUpdate renew	iexplore.exe	"Added by the AGENT.QG TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
X	WindowsUpdate Service	wuautlc.exe	"Added by the RBOT-NR WORM!"
X	Windowsupdate Service	csrss.exe	"Added by the BABA-B WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in the root folder (ie
X	WindowsUpdatecrss	crss.exe	"Added by a variant of the AGENT-HZ TROJAN!"
X	WindowsUpdateDirect	dupadirect.exe	"Added by the DUPA-C TROJAN!"
X	WindowsUpdatelsasss	lsasss.exe	"Added by a variant of the AGENT-HZ TROJAN!"
X	WindowsUpdatem1	[path to file]	"Added by the AGENT-AAJ TROJAN!"
X	WindowsUpdatem2	svchost.exe	"Added by an unidentified WORM or TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup!"
X	WindowsUpdateManager	wupdmng.exe	"Added by the IRCBOT.OE BACKDOOR!"
X	WindowsUpdateNT	svwhost.exe	"Added by the SHELLOT-B TROJAN!"
X	WindowsUpdateR	regserv.exe	"Added by the COBFINN_B TROJAN!"
X	WindowsUpdatesvchostss	svchostss.exe	"Added by the AGENT-HZ TROJAN!"
X	WindowsUpdatev4	w32gins.exe	"Added by an unidentified WORM or TROJAN! Located in the Root folder (C:\)
X	WindowsUpdatewinsec	winsec.exe	"Added by a variant of the AGENT-HZ TROJAN!"
X	winsupdater	winsupdater.exe	"Added by the ALCRA-F WORM!"
X	winsupdatesysmngr64	winsys64mnger.exe	"Added by the RBOT-BAG WORM!"
X	WinTimer	msupdate.cmd	"Hijacker - detected by Kaspersky as the STARTPAGE.TJ TROJAN!"

DISCLAIMER: It is assumed that users are familiar with the operating system they are using and comfortable with making the suggested changes. I will not be held responsible if changes you make cause a system failure.

This is NOT a list of tasks/processes taken from Task Manager or the Close Program window (CTRL+ALT+DEL) but a list of startup applications, although you will find some of them listed via this method. Pressing CTRL+ALT+DEL identifies programs that are currently running - not necessarily at startup. For a list of tasks/processes you should try WinTasks 5 Standard/Professional from LIUtilities or the list at AnswersThatWork. Therefore, before ending a task/process via CTRL+ALT+DEL just because it has an "X" recommendation, please check whether it's in MSCONFIG or the registry first. An example would be "svchost.exe" - which doesn't appear in either under normal conditions but does via CTRL+ALT+DEL. If in doubt, don't do anything.