Support Forum Articles File Help Startup DB Tips Service DB Hijack This! Analyzer

 

NEW HijackThis automated log analyzer! Get your logs analyzed INSTANTLY!

If you're not finding what you're looking for please go to this forum and submit a new startup entry.

Key:

  • "Y" - Normally leave to run at start-up
  • "N" - Not required - typically infrequently used tasks that can be started manually if necessary
  • "U" - User's choice - depends whether a user deems it necessary
  • "X" - Definitely not required - typically viruses, spyware, adware and "resource hogs"
  • "?" - Unknown



Startup Name Process Name Details
XAuto WinUpdatetaskmrg.exe"Added by the RBOT-AFA WORM!"
Xblah servicewinupdate.exe"Added by the GAOBOT.BIA WORM!"
XDRam rar procwinupdaterar.exe"Added by a variant of the IRCBOT TROJAN!"
XInternetGetConnectedStatewinupdate.exe"Added by the SDBOT-JN WORM!"
XInternetGetConnectedStateExwinupdate.exe"Added by the SDBOT-JN WORM!"
XLTM2winupdate.exe"Added by the LITMUS.203 TROJAN!"
XMicrosoft auto updatewinupdate.exe"Added by the BMBOT TROJAN!"
XMicrosoft Office Startwinupdates.exe"Added by the GAOBOT.BC WORM!"
XMicrosoft Synchronization Managerwinupdate.exe"Added by the SDBOT.ER WORM!"
XMicrosoft UpdateWinUpdate32.exe"Added by the RBOT-TI WORM!"
XMicrosoft Updatewinupdater.exe"Added by the RBOT.BIN WORM!"
XMicrosoft updatewinupdate.exe"Added by a variant of the RBOT WORM!"
XMicrosoft Update Win32awinupdate32a.exe"Added by the RBOT-LO WORM!"
XMicrosoft Update Win32xwinupdate32x.exe"Added by the RBOT-AJN WORM!"
XMicrosoft Updaterwinupdate.exe"Added by the AGENT-KIR TROJAN!"
XMicrosoft Windows UpdaterWINUPDATE.EXE"Added by the RBOT-LI WORM!"
XMicrosoft WinUpdatemntcgf032.exe"Added by the RBOT-PF WORM!"
XMicrosoft WinUpdatesvh0st.exe"Added by the SPYBOT.DL WORM!"
XMicrosoft WinUpdatesyslx32.exe"Added by an unidentified VIRUS
XMicrosoft WinUpdatesyswin32.exe"Added by the RBOT-HO WORM!"
XMicrosoft WinUpdatespfix.exe"Added by a variant of the RBOT WORM!"
XMicrosoft WinUpdateWinamp61.exe"Added by a variant of the RBOT WORM!"
XMicrosoft WinUpdateWinupd32.exe"Added by the RBOT.MQ WORM!"
XMicrosoft WinUpdateWinNTinit32.exe"Added by the RBOT.VS WORM!"
XMicrosoft WinUpdatemsupdte.exe"Added by an unidentified TROJAN! See examples here & here"
XMicrosoft WinUpdatesserm32.exe"Added by the RBOT.GE WORM!"
Xmssonfigwinupdate.exe"Added by a variant of the SDBOT WORM!"
XMSWinupdatewinupdate.exe"Added by the DLOADR-AAW TROJAN!"
XRunDLL32winupdate.exe"Added by an unidentified TROJAN! - possibly a BMBOT variant"
XSecurity PatchWinUpdate32.exe"Added by the SDBOT-BM WORM!"
XShellExplorer.exe winupdate.exe"Added by the AGENT-FD TROJAN! Note - do not delete the legitimate Windows Explorer (explorer.exe) which is located in %Windir% and can be used to launch other files. The ""winupdate.exe"" file is located in %System%"
XSygate Personal Port Blockerwinupdate.exe"Added by a variant of the RBOT WORM!"
XSysctrlswinupdate.exeAdded by an unidentified WORM or TROJAN!
XUPDATEWinUpdater5.0.vbs"Added by the GORMLEZ-A WORM!"
XUpdateWinUpdate.exe"Added by the SDBOT-CV BACKDOOR!"
XUSB 2.1 Driverwinupdate1.exe"Added by a variant of the RBOT WORM!"
XWin Process Updateswinupdates.exe"Added by a variant of the SDBOT WORM!"
XWin UpdaterWINUPDATER.EXE"Added by the RBOT.IP WORM!"
XWin32 USB2 Driverwinupdate.exe"Added by the AGOBOT.YE WORM!"
XWindows Auto Updatewinupdater.exe"Added by the SDBOT.TF WORM!"
XWindows Updatewinupdate.exe"Added by the SDBOT-WS WORM!"
XWindows Update Serviceswinupdate32.exe"Added by a variant of the RBOT WORM!"
XWindows Updater Onlinewinupdatexx.exe"Added by a variant of the RBOT WORM!"
XWindows Updates Agentwinupdate.exe"Added by the SPYBOT.HW WORM!"
XWindowsRegKey updatewinupdate.exe"Added by the RBOT-QJ WORM!"
XWindowsRegKey updatewinupdatexx.exe"Added by the RBOT.LW WORM!"
XWindowsRegKey updateWINUPDATES.EXE"Added by the RBOT-MM WORM!"
Xwindowsupdatewinupdate.exe"Added by the WARPI WORM!"
Xwinnt DNS identwinupdate32.exe"Added by a variant of the RBOT WORM!"
XWinsock driverwinupdate32.exe"Added by the SPYBOT-JZ TROJAN!"
XWinsock2 driverwinupdate.exe"Added by the SPYBOT-BX WORM!"
XWinUpdateRBSKQQBO.EXE"Added by the VBSWG2B.A WORM!"
XWinUpdatewmbem.exe"Added by the REVCUSS.B TROJAN!"
XWinUpdateupdsys.exe"Added by a variant of the RBOT WORM!"
Xwinupdatewinupdate.exe"Added by the ALCAN.B WORM!"
XWinUpdatesvhost.exe"Added by a variant of the SDBOT WORM!"
XWinUpdatesvchots.exe"Added by the SMALL.GXJ TROJAN!"
Xwinupdatejusched.exe"Added by the DWNLDR-FUX TROJAN! Note that this is not the legitimate Sun Microsystems file (of the same name) which is usually located in %Program Files%\Java\version number\bin. This one is located in %Windir%"
XWinupdatelsas.exe"Added by the COSPET.JR TROJAN!"
XWinupdate Enginewupeng.exe"MalwareCrush rogue security software - not recommended
XWinUpdate Loadermsnnm.exe"Added by the REVCUSS.C TROJAN!"
XWinupdate Servicewinxp.exe"Added by the SPYBOT.IR WORM!"
Xwinupdate.exewinupdate.exe"Added by the RADO TROJAN!"
Xwinupdate.regwinupdate.exe"Added by the SPYBOT.EAS WORM!"
Xwinupdate2846vbsystem35.exe msvbrun.exe"Added by a variant of the MUTIN-C TROJAN!"
Xwinupdate86.exewinupdate86.exe"Added by the FAKEAV-AHQ TROJAN!"
XWinUpdateAdministratorCSRSS.EXE"Added by the PUNYA-A WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in C:\Application Data\WINDOWS"
XWinUpdateBbreatle.exe"Added by the BRATLE.AWORM!"
Xwinupdateconn[path to file]"Added by the COMBRA-A WORM!"
Xwinupdateconn_Explorer.EXE"Added by the COMBRA-B WORM! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%"
XWinupdateewinsvcc.exe"Added by the AGENT.AN TROJAN!"
Xwinupdatefiv_[path to file]"Added by the COMBRA.C WORM!"
UWinUpdateProtectioncsrss.exe"EmployeeWatch is a commercial surveillance software program designed to monitor user activity on a computer. Note - this is not the same file as the csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a subfolder of C:\windowsupdate\ufp"
XWinUpdaterupdate.exe"Added by the STARTPAGE.C TROJAN!"
Xwinupdateswinupdates.exe"Added by the ALCRA-B WORM!"
Xwinupdate_[path to file]"Added by the COMDOR.A WORM!"
XxDRam rar procxxwinupdaterarx.exe"Added by the RILER-W TROJAN!"


DISCLAIMER: It is assumed that users are familiar with the operating system they are using and comfortable with making the suggested changes. I will not be held responsible if changes you make cause a system failure.

This is NOT a list of tasks/processes taken from Task Manager or the Close Program window (CTRL+ALT+DEL) but a list of startup applications, although you will find some of them listed via this method. Pressing CTRL+ALT+DEL identifies programs that are currently running - not necessarily at startup. For a list of tasks/processes you should try WinTasks 5 Standard/Professional from LIUtilities or the list at AnswersThatWork. Therefore, before ending a task/process via CTRL+ALT+DEL just because it has an "X" recommendation, please check whether it's in MSCONFIG or the registry first. An example would be "svchost.exe" - which doesn't appear in either under normal conditions but does via CTRL+ALT+DEL. If in doubt, don't do anything.