Support Forum Articles File Help Startup DB Tips Service DB Hijack This! Analyzer

 

NEW HijackThis automated log analyzer! Get your logs analyzed INSTANTLY!

If you're not finding what you're looking for please go to this forum and submit a new startup entry.

Key:

  • "Y" - Normally leave to run at start-up
  • "N" - Not required - typically infrequently used tasks that can be started manually if necessary
  • "U" - User's choice - depends whether a user deems it necessary
  • "X" - Definitely not required - typically viruses, spyware, adware and "resource hogs"
  • "?" - Unknown



Startup Name Process Name Details
Xcftmon32taskmgr*.exe [* = number]"Added by the SOWSAT.C and SOWSAT.J WORMS!"
UCopernicPerUserTaskMgrCopernicPerUserTaskMgr.exeAutomatic tasking feature of Copernic Pro multi-search engine tool
Xctfmontaskmgr32*.exe [* = number]"Added by the SOWSAT.B WORM!"
Xctfmon32taskmgr32*.exe [* = digit]"Added by the SOWSAT.C WORM!"
XMicrosoft System Servicetaskmgr1.exe"Added by a variant of the SPYBOT WORM! See here"
XMicrosoft Task32 Protocoltaskmgr32.exe"Added by a variant of the SDBOT WORM!"
XMicrosoft Updatetaskmgr32.exe"Added by the RBOT-CV WORM!"
XService Registry NT Savetaskmgrnt.exe"Added by the BANCOS-BY TROJAN!"
XsountskmanagersountaskmgrAdded by an unidentified WORM or TROJAN!
XTask managertaskmgr2.exe"Added by a variant of the RBOT WORM!"
Xtaskmanagertaskmgr.com"Added by the BEREB WORM!"
XTaskmgrTaskmgr.exe"System1060 homepage hi-jacker. Note - this is not the legitimate taskmgr.exeprocess which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ""1060"" sub-folder"
XTaskmgrtskmgr32.exeHomepage hi-jacker
Xtaskmgrtaskmgr.exe"Added by the STARTPAGE.G hijacker. Note - this is NOT the Windows Task Manager file!"
XTaskmgrsystem.exe"Added by the PAKES.G TROJAN!"
Xtaskmgrexplorer.exe"Added by the ZAPCHAS-AC TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%"
Xtaskmgr[path to trojan]"Added by the AGENT-ENV TROJAN!"
Xtaskmgrtaskmanager.exe"Added by the BCKDR-QHT BACKDOOR!"
XTaskMgrkeymayker.exe"Added by the LDPINCH-EP TROJAN!"
Ntaskmgr.exetaskmgr.exe"Windows Task Manager in Windows XP. If run from the Startup folder
Xtaskmgr.exepaint.exeAdded by a variant of the AGENT.AH TROJAN!
Xtaskmgr.exemirc.exeAdded by a variant of the AGENT.AH TROJAN!
Xtaskmgr.exepaintms.exeAdded by a variant of the AGENT.AH TROJAN!
XTASKMGRUTASKMGRU.EXE"Added by the CWS-M TROJAN!"
XTaskS managertaskmgrs.exe"Added by the AGOBOT.QU WORM!"
XTasmgrTaskmgr.bat"Added by the YPSAN.G WORM!"
XWindows Managertaskmgrs.exe"Added by the SILLYFDC.BBZ WORM!"
XWindows Service Agenttaskmgr32.exe"Added by the RBOT-GMN WORM!"
XWindows Service Managertaskmgr.exe"Detected by Kaspersky as the IAMBIGBROTHER.91 TROJAN! Note - this is not the legitimate taskmgr.exeprocess which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ""fonts\svc"" sub-folder"
XWINRUNTASKMGR32.exe"Added by the MYTOB.AX WORM!"
XWINTASKMGRccsrs.exe"Added by the MYTOB.Q WORM!"
XWINTASKMGRsp2winfix.exe"Added by the MYTOB.KJ WORM!"


DISCLAIMER: It is assumed that users are familiar with the operating system they are using and comfortable with making the suggested changes. I will not be held responsible if changes you make cause a system failure.

This is NOT a list of tasks/processes taken from Task Manager or the Close Program window (CTRL+ALT+DEL) but a list of startup applications, although you will find some of them listed via this method. Pressing CTRL+ALT+DEL identifies programs that are currently running - not necessarily at startup. For a list of tasks/processes you should try WinTasks 5 Standard/Professional from LIUtilities or the list at AnswersThatWork. Therefore, before ending a task/process via CTRL+ALT+DEL just because it has an "X" recommendation, please check whether it's in MSCONFIG or the registry first. An example would be "svchost.exe" - which doesn't appear in either under normal conditions but does via CTRL+ALT+DEL. If in doubt, don't do anything.