Support Forum Articles File Help Startup DB Tips Service DB Hijack This! Analyzer

 

NEW HijackThis automated log analyzer! Get your logs analyzed INSTANTLY!

If you're not finding what you're looking for please go to this forum and submit a new startup entry.

Key:

  • "Y" - Normally leave to run at start-up
  • "N" - Not required - typically infrequently used tasks that can be started manually if necessary
  • "U" - User's choice - depends whether a user deems it necessary
  • "X" - Definitely not required - typically viruses, spyware, adware and "resource hogs"
  • "?" - Unknown



Startup Name Process Name Details
XivHosttaskManager.exe"Added by a variant of the SPYBOT WORM! See here"
XMicrosoft Taskmanager Updaterkeyboard.exe"Added by the RBOT-ALU WORM!"
XMicrosoft Update 32taskMangr.exe"Added by the RBOT.AIE BACKDOOR!"
XMicrosoft Update MachineTASKMAN4.EXE"Added by a variant of the RBOT WORM!"
XMS taskmanagertskmgr.exe"Added by the RBOT-AKA WORM!"
XSysResTASKMANAGER.exe"Added by the ELIPTER.A or ELIPTER.B WORMS!"
XSystem Update2taskman.exe"Added by the AUTOTROJ-C TROJAN!"
XTask Managertaskman.exe"Added by the FORBOT-T WORM!"
XTask managertaskmangr.exe"Added by the SPYBOT-CH WORM!"
XTaskManRundll32.exe"Added by the DVLDR TROJAN! Note - this is not the legitimate rundll32.exe process
XTaskmanKHATRA.exe"Added by the AUTORUN-AKR WORM!"
Xtaskmantaskman.exe"Added by the SILLYFDC.BBB WORM!"
XTaskmansysdate.exe"Added by the SILLYFDC.BCQ WORM!"
XTaskmansysdrv.exe"Added by the AGENT-LRB TROJAN!"
XTaskmanufxw.exe"Added by the VBINJ-D TROJAN!"
Xtaskmanagertaskmgr.com"Added by the BEREB WORM!"
Xtaskmanagertaskmanager.exe"Added by the AGOBOT-TF WORM!"
XTaskManager[path to trojan]"Added by the LDPINCH-CF TROJAN!"
XTaskManager Load ModuleTSKMNGR32.EXE"Added by the SPYBOT.I WORM!"
Xtaskmangertaskmanger.exe"Added by a variant of the RBOT WORM!"
Xtaskmgrtaskmanager.exe"Added by the BCKDR-QHT BACKDOOR!"
XWin Drivers SSLTASKMAN4.exe"Added by a variant of the RBOT WORM!"
XWindows Taskmanagerlsassx.exe"Added by the KELVIR.E WORM!"
XWindows Taskmanageriexplorer.exe"Added by a variant of the IRCBOT BACKDOOR! See here. Note - this is not the legitimate Internet Explorer (iexplore.exe)"
XWindows Taskmanagerservice.exe"Added by the PUSHBOT.OR WORM!"
XWindows Taskmanagersvchost.exe"Added by the IMBOT.AC WORM! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
XWindows Taskmanagertaskmrg.exe"Added by a variant of the IRCBOT BACKDOOR! See here"
XWindows Taskmanagertaskngr.exe"Added by a variant of the IRCBOT BACKDOOR!"
XWindows Taskmanagertskmngr.exe"Added by the IRCBOT.DHR BACKDOOR!"
XWindows Taskmanagerwdtsvc.exe"Added by the PUSHBOT.AU WORM!"
XWindows Taskmanagerwinpifviewer.exe"Added by the PUSHBOT.BB WORM!"
XWindows Taskmanagerwinrl.exe"Added by a variant of the IRCBOT BACKDOOR! See here"
XWindows Taskmanagertaskxphost.exe"Added by the PUSHBOT.BI WORM!"
XWindows Taskmanager Datacsrrss.exe"Added by the RBOT-BBH WORM!"
XWindows TaskManager Servicewindns32.exe"Added by the AGOBOT-JP WORM!"
XWINTASKMANAGERtaskgmr.exe"Added by the MYTOB-AF WORM!"


DISCLAIMER: It is assumed that users are familiar with the operating system they are using and comfortable with making the suggested changes. I will not be held responsible if changes you make cause a system failure.

This is NOT a list of tasks/processes taken from Task Manager or the Close Program window (CTRL+ALT+DEL) but a list of startup applications, although you will find some of them listed via this method. Pressing CTRL+ALT+DEL identifies programs that are currently running - not necessarily at startup. For a list of tasks/processes you should try WinTasks 5 Standard/Professional from LIUtilities or the list at AnswersThatWork. Therefore, before ending a task/process via CTRL+ALT+DEL just because it has an "X" recommendation, please check whether it's in MSCONFIG or the registry first. An example would be "svchost.exe" - which doesn't appear in either under normal conditions but does via CTRL+ALT+DEL. If in doubt, don't do anything.