 |
$sys$xp.exe |
$sys$cmp
Added by the RYKNOS.B TROJAN! Attempts to utilize the Sony Rootkit A.K.A. SecurityRisk.First4DRM security risk to hide itself on the compromised computer |
|
$sys$sonyTimer.exe |
$sys$crash
Added by the WELOMOCH TROJAN! |
|
$sys$sos$sys$.exe |
$sys$crash
Added by the WELOMOCH TROJAN! |
|
$sys$WeLoveMcCOL.exe |
$sys$crash
Added by the WELOMOCH TROJAN! |
|
$sys$drv.exe |
$sys$drv
Added by the RYKNOS TROJAN! Attempts to utilize the Sony Rootkit A.K.A. SecurityRisk.First4DRM security risk to hide itself on the compromised computer |
|
$sys$sonyTimer.exe |
$sys$momomomochin
Added by the WELOMOCH TROJAN! |
|
$sys$sos$sys$.exe |
$sys$momomomochin
Added by the WELOMOCH TROJAN! |
|
$sys$WeLoveMcCOL.exe |
$sys$momomomochin
Added by the WELOMOCH TROJAN! |
|
$sys$sonyTimer.exe |
$sys$umaiyo
Added by the WELOMOCH TROJAN! |
|
$sys$sos$sys$.exe |
$sys$umaiyo
Added by the WELOMOCH TROJAN! |
|
$sys$WeLoveMcCOL.exe |
$sys$umaiyo
Added by the WELOMOCH TROJAN! |
 |
%cmpmixstr% |
%cmpmixtitle%
Possibly related to C-Media Mixer Control panel? |
|
[random filename].exe |
(Default)
Added by the BLACKMAL WORM! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run and HKLM\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blank |
|
5640.exe |
(Default)
Added by the DOWNLD-ABF TROJAN! |
|
[random filename] |
*MS Setup
Virtumondo adware, also known as the VUNDO TROJAN! |
|
[filename] |
*Windows [filename] Checker
Added by the KEDEBE-B WORM! |
|
[trojan path] ren time:[random number] |
*WinLogon
Added by the VUNDO TROJAN! |
 |
000StTHK.exe |
000StTHK
Toshiba Hot key functionality for the function keys (Fn-Esc, Fn-F1 (lock), Fn-F2, Fn-F3, Fn-F4, Fn-F5 (switching between laptop and CRT display output), etc...) |
|
0050726-007-i32-1.exe |
0050726-007-i32-1
Added by the BANCBAN-EC TROJAN! |
|
00THotKey.exe |
00THotkey
For Toshiba Satellite notebook series to use the front buttons, play, stop, next, prev. |
|
0mcamcap.exe |
0mcamcap
Added by the COSIAM-H TROJAN! |
|
*****.exe [* = random char] |
0utlook Express
Added by the RBOT-CC WORM! Note the first letter is actually the digit "0" and not a capital "o" |
|
1.exe |
1
Added by the ESTEEMS TROJAN! |
|
101Clips.exe |
101Clips
101Clips - "the simplest of all multi-clipboard programs. Just have it running minimized and it captures everything you cut or copy from other programs. It keeps the last 25" |
|
1111swapmgr.exe |
1111swapmgr.exe
Added by the IC TROJAN! |
|
12backup.exe |
12Ghosts Backup
12Ghosts Backup - "Automatic Backups, HyperBackup for Multiple Versions, Registry Backup" |
|
12clip.exe |
12Ghosts Clip
12Ghosts Clip - "Screen shots made easy" |
|
12window.exe |
12Ghosts JustAWindow
12Ghosts JustAWindow - "Cover annoying ads, animated gifs, things you don't want to see" |
|
12popup.exe |
12Ghosts Popup-Killer
12Ghosts Popup-Killer |
|
12autosl.exe |
12Ghosts SaveLayout
12Ghosts SaveLayout - "Always (always!) keep the layout of your desktop icons" |
|
12color.exe |
12Ghosts SetColor
12Ghosts SetColor - "Change your desktop icon text colors, also to transparent" |
|
12showtime.exe |
12Ghosts ShowTime
12Ghosts Showtime - "Enhance the clock in your tray with font formatting, colors, date, time zones" |
|
12sync.exe |
12Ghosts Synchronize
12Ghosts Synchronize - "Sync PC clock with an atomic clock over the Internet" |
|
12tower.exe |
12Ghosts Tower
12Ghosts Tower - "Quickly access and manage all Ghosts (included in all packages)" |
|
12srvc.exe |
12Ghosts TrayProtect
12Ghosts TrayProtect - "Hide tray icons, restore after a crash" |
|
12wash.exe |
12Ghosts Wash
12Ghosts Wash - "Protect your privacy, clear browser history, delete and overwrite cache files" |
|
12Voip.exe |
12Voip
12Voip - free internet telephony utility using the VoIP (Voice over Internet Protocol). Call online friends for free and regular phones either for free (limited use) or low rates. One of a number provided by Betamax - the others generally have different rate plans. Similar to the more popular Skype |
|
180adsolution.exe |
180adsolution
NCase adware |
|
180ax.exe |
180ax
NCase adware |
|
[path to trojan] |
180ClientStubInstall
180Solutions adware related |
|
******.tmp [* = random digit/char] |
180ClientStubInstall
180Solutions adware related |
|
1916435341.exe |
1916435341.exe
Added by the DLOADR-AXU TROJAN! |
|
196_150_ni.exe |
196_150_ni
WinFixer web installer. Winfixer is "Foistware", pretending to be system optimization, protection and recovery software - stealth installed, see here |
|
197_150_ni_3.exe |
197_150_ni_3
WinFixer web installer. Winfixer is "Foistware", pretending to be system optimization, protection and recovery software - stealth installed, see here |
|
1on1.exe |
1on1
Adult content dialler |
|
1u7.exe |
1u7
Added by the MURBAC-A TROJAN! |
|
[path to file] |
2thousandbuck
Added by the RANKY.L TROJAN! |
|
2portalmon.exe |
2wSysTray
2Wire Homeportal user interface |
 |
3cmlink.exe 3cpipe-3c1807pd |
3c1807pd
3Com WinModem driver. See here for more WinModem information |
|
3capplnk.exe |
3capplnk
US Robotics Modem driver |
|
3CDMINIC.EXE |
3cdminic
3Com DMI (DynamicAccess Desktop Management Interface) Agent associated with 3Com network cards |
|
3cmcnkw.exe |
3CM Link
Required for a US Robotics WinModem as it provides the link to Windows - won't work without it |
|
3CmlinkW.exe |
3Cmlink
For a US Robotics WinModem. Provides the link to Windows as the CPU does the processing on WinModems - won't work without it. See here for more WinModem information |
|
3CDMINIC.EXE |
3ComDMIAgent
3Com DMI (DynamicAccess Desktop Management Interface) Agent associated with 3Com network cards |
|
3D Text.scr |
3D Text
Added by the JERMY.A WORM! |
|
3DeepCTL.EXE |
3Deep Control Panel
Now superseeded by ColorWizzard - 3Deep corrected lighting, shading and color for all your 2D and 3D games |
|
3dfxMan.exe |
3dfx Task Manager
System Tray application for 3dfx Voodoo 3/4/5 functions. Available via Start -> Programs |
|
3dfxCmn.dll |
3dfx Tools
Updates the registry with information that can't be held for Voodoo 3/4/5 series graphics cards. Important for owners of these cards |
|
3dfxv2ps.dll |
3dfxv2ps.dll
Updates the registry with info that can't be held for 3dfx Voodoo 2 video cards. Important for owners of these cards |
 |
3DLman.exe |
3Dlabs Taskbar Display Manager
3DLabs graphics driver related. System Tray access to display settings? |
|
3dldemon.exe |
3DLabsHelperDemon
Directly from the programs author "It is a tiny program that is installed by the Permedia2/3 and probably other Oxygen-series cards. Normally it sits in the background doing nothing at all (sleeping on a semaphore), so it should take zero CPU time and virtually zero memory, since it will all be paged out to the hard drive." In most cases it can be safely disabled |
|
3DMouse.EXE |
3DMouse.EXE
Dritek System Inc. 3D Mouse driver |
|
3d_sound.exe |
3d_sound
Added by the RIADOS-A TROJAN! |
|
3qdctl.exe |
3qdctl.exe
Provided with Terratec 128i PCI and similar sound cards. Loads a sound profile at bootup, restoring volume and other audio settings to a pre-determined default. Similar to Creative Lab's AudioHQ |
|
3dm.exe |
3ware 3DM
Monitors status of the disk array on 3ware IDE RAID controllers |
|
4da92ad5.exe |
4da92ad5.exe
Added by the DLOADR-WZ TROJAN! |
|
5-2-46-112.exe |
5-2-46-112
Adult content pop-up dialler. Removal instructions here |
|
[path to trojan] |
5p4m
Added by the LITEBOT-C TROJAN! |
|
5whgue21.exe |
5whgue21
ClearSearch adware |
|
9xadiras.exe |
9xadiras
Allied Telesyn AT series router/modem related - apparently required |
|
[filename] |
;Rundll
Added by the PWSLEGMIR.E TROJAN! |
|
?nksvc32.exe |
?ekio Startups
Added by the AGOBOT-OV WORM where ? is a random character |
|
@tour_ww[1].exe |
@tour_ww
Adult content dialler |
|
?? |
AAAKeyboard
?? |
|
[path to worm] |
ACCDEFRAGINFO
Added by the DARBY-O WORM! |
|
[path to file] |
Access WebControl
Added by the PPDOOR-M TROJAN! |
|
[random filename] |
Aceu
PurityScan/Clickspring adware |
|
[Installation_Path] |
AddClass
Added by the STARTPAGE.F hijacker |
|
[path to trojan] |
AddClass
Added by the SECDL-A TROJAN! |
|
[random filename] |
Adobe Acrobat Reader CFG
Added by a variant of the RBOT WORM! |
|
[path to csrss.exe] |
AdRotator.Application
Added by the SMALL-AQ TROJAN! Note - this worm replaces the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! |
|
[path to trojan] |
Advanced DHTML Enable
Added by the AGENT.GLQ TROJAN! |
|
[path to trojan] |
advap32
Detected by Trend Micro as the MUTANT.AT TROJAN! See here |
|
[random filename] |
Agent Browser
Added by the PPdoor.M-bdr backdoor TROJAN! |
|
[random filename] |
Agent Explorer
Unidentified adware |
|
[path to worm] |
AHU
Added by the ANACON-B WORM! |
|
[random filename] |
AIM Instant Message Cookies
Added by the RBOT-AFV WORM! |
|
?? |
AIMster
Peer to Peer (P2P) file sharing client that runs over the AOL Instant Messenger network. Available via Start -> Programs |
|
[worm filename] |
AlevirOld
Added by the OPASERV WORM! |
|
?????.exe |
alkasr
Added by the BALKART TROJAN! |
|
[path to trojan] |
Allopassw
Added by the RANKY.CU TROJAN! |
|
[path to worm] |
ansjava
Added by the RANDON-AN WORM! |
|
[random filename].exe |
Anti-Virus
Added by the CAPROBAD-A TROJAN! |
|
[unprintable character][3 characters]log.exe |
Anti-Virus Product Sync
Added by the KEDEBE.D WORM! |
|
[path to trojan] |
Anti-Virus Update Scheduler
Added by the SPAMMIT-A TROJAN! |
|
[path to trojan] |
Anti-Virus Update Scheduler V1.39.12R
Added by the HEPLANE or STAPREW.B TROJANS! - different filenames have been spotted; examples: msvc.exe, kaspersky.exe, nrton.exe, wins.exe, gah32.exe, 1.tmp, syste.exe, alg.exe, socks.exe, winxpsp2.exe, tek9.exe, sks.exe, hihi.exe, s.exe, xps2.exe, dns2.exe, ikav32.exe and more... |
|
[path to trojan] |
Antivirus Installer
Added by the BADGENT-A TROJAN! |
|
[random filename] |
AOL Messenger
Added by an unidentified VIRUS, WORM or TROJAN! |
|
[path to worm].exe |
App.EXEName
Added by the BODIRU WORM! |
|
[path to file] |
Aqujyjax
Added by the RANCK-CQ TROJAN! |
|
[random filename] |
ara-key
Added by the ANTINNY WORM! |
|
100171be.exe |
ASDPLUGIN
AsdPlug premium rate adult content dialer variant |
|
100176br.exe |
ASDPLUGIN
AsdPlug premium rate adult content dialer variant |
|
[path to worm] |
ATI Video Driver Controls
Added by the SDBOT-DDS WORM! |
|
[path to trojan] |
autorundemo
Added by the AGENT-FPX TROJAN! |
|
[path to file] |
autoupdatev2
Added by the DROPPER-BM TROJAN! |
|
[path to trojan] |
AVP
Added by the MUTBO-A TROJAN! |
|
[path to trojan] |
avptask
Added by the NOFERE-G TROJAN! |
|
[random filename] |
Avril Lavigne - Muse
Added by the AVRIL-A WORM! |
|
?? |
Avxnews
?? |
|
[path to worm] |
backup
Added by the AGOBOT-H WORM! |
|
[path to file] |
Band-Aid
Added by the RANKY.O TROJAN! |
|
[path to file] |
BeSys
BeSys adware |
|
[random filename] |
BIOS XP Loader
Added by the RBOT-IC WORM! |
|
[path to trojan] |
Blue Service
Added by the BANCOS-BCW TROJAN! |
|
[random filename] |
Bnexe
Added by the KITRO.D (or ARGEN.A) WORM! |
|
[path] repcale.exe [path] palsp.exe |
Boarddata
Added by a variant of the RANDON.AN WORM! |
|
?? |
Bonzi Buddy
Bonzi Buddy adware - see here for removal instructions |
|
[path to file] |
boot_reg
Added by the BANCBAN-CA TROJAN! |
|
[worm filename] |
BrasilOld
Added by the OPASERV.P WORM! |
|
[path to file] |
Bron-Spizaetus
Added by the BRONTOK-F WORM! |
|
[random filename] |
BrowserUpdateSched
ZenoSearch adware |
|
[path to worm] |
brwdiag
Added by the STRATIO-BN WORM! |
|
[path to trojan] |
BT
Added by the LITEBOT-B TROJAN! |
|
[random].dll |
bxproxy
Spyware Soft Stop misleading security software - not recommended, see here and here |
|
[path to worm] |
C7
Added by the MEDIAKILL.A WORM! |
|
[path to trojan] |
CacheLoader
Added by the DLOADER-NZ TROJAN! |
|
[filename].hta |
cAgOu
Added by the KAKWORM WORM! |
|
[path to file] |
cartao
Added by the DLOADER-QD TROJAN! |
|
[10 to 14 random char]THD.EXE |
Cassandra
Added by the KREPPER-AI TROJAN! |
|
[random filename] |
ccApp
Added by the OBSORB TROJAN! Note the random filename compared to the valid Norton AntiVirus |
|
.EXE |
ccApp
Added by the RBOT-LJ WORM! |
|
[path to worm] |
Cekirge
Added by the KERGEZ.A WORM! |
|
[random name]32.exe |
center
Added by the BOFRA.A WORM! |
|
[path to file] |
Client Agent
Added by the PPDOOR-J TROJAN! |
|
[path to trojan] |
Client Server Control Process
Added by the AGENT-HR TROJAN! |
|
[path to worm] |
Client Server Runtime
Added by the POEBOT-KR WORM! |
|
[path to trojan] |
clkhost
Added by the WIXUD-B TROJAN! |
|
[various filenames] |
clock
LiveChat Adware - known file names include: mssetup.exe, kstatus.exe, spoolsv.exe, sptsupd.exe, osk.exe, msswchx.exe, netdde.exe, msbkup.exe |
|
[path to file] |
ClrSchLoader
ClearSearch adware |
|
[path to trojan] |
cmrss
Added by the DLOADER-QQ TROJAN! |
|
[random filename] |
cof.updit
Added by a variant of the SDBOT WORM! |
|
?? |
Compaq Video CD Watcher
For Compaq PC's. MPEG viewer |
|
[path to trojan] |
con
Added by the BRAVE-A TROJAN! |
|
[path to trojan] |
Connectivity Tool
Added by the LITEBOT-E TROJAN! |
|
[random filename].exe |
Content connector
Added by the DIALER-Y TROJAN! Note - uses a random filename and random folders. Usually the folder containing the file is a Temp folder |
|
***********.exe [* = random char] |
Control handler
CoolWebSearch parasite variant |
|
[10 to 14 random char]THD.EXE |
Control handler
Added by the KREPPER-AI TROJAN! |
|
[path to trojan] |
Controladores
Added by the TELEFO-A TROJAN! |
|
?? |
Coupon Offers
?? |
|
?? |
CQSCP2P SERVER
"Compaq printer utility which is required in the startup menu in order to make the printer work correctly". Personally I doubt whether it is actually needed |
|
?? |
CQSCP2PS
"Compaq printer utility which is required in the startup menu in order to make the printer work correctly". Personally I doubt whether it is actually needed |
|
[random filename] |
crmssrlt
Added by a variant of the SLAPER TROJAN! |
|
******.exe [* = random char] |
Cryptographic Service
Added by the KORGO.W or KORGO.X or KORGO.AB WORMS! |
|
[trojan filename] |
CSRSWIN
Added by the WINSHELL.50 TROJAN! |
|
[trojan filename] |
CSRSX
Added by the WINSHELL.50.B TROJAN! |
|
[random filename].exe |
ctfmon32
Added by the RBOT-GSN WORM! |
|
[path to trojan] |
CTime
Added by the HTTPDOS TROJAN! |
|
[path to file] |
Ctykd
SMALL.SN spyware |
|
****.dat [* = random char] |
cyberfree.exe
Unidentified adware |
|
[random filename] |
Danton*
Added by the DANTON TROJAN! where * = random number |
|
[path] repcale.exe [path] beird.exe |
DATABASE MySql
Added by a variant of the RANDON.AN WORM! |
|
[random filename] |
ddivmwa
Added by a variant of the SLAPER TROJAN! |
|
_default.pif |
Default
Added by the RUBBLE-C WORM! |
|
*.exe |
Description of Shortcuts
* seems to be a sequence of alphanumerics that can be different, i.e., 1960F8A9, 4EBD23F5, etc. Each of these files would appear to be a shortcut, i.e., 4EBD23F5 is actually Works Calender Reminder (found via a registry search) |
|
[path to trojan] |
Devicewin
Added by the BANKER-AEV TROJAN! |
|
[path to trojan] |
dfgfdgrergd
Added by the RANKY.CK TROJAN! |
|
[path to trojan] |
DirectX shell driver
Added by the MARKTMAN-B TROJAN! |
|
[path to trojan] |
Disk Keeper
Added by the SMALL-VE TROJAN! |
|
[trojan name] |
Disk Master
Added by the DISTER TROJAN! - a spam relayer |
|
[various filenames] |
Dll Boot Loader on Startup (do not remove this)
Added by an unidentified TROJAN! |
|
[path to worm] |
DLL Service Manager
Added by the RPCBOT.F TROJAN! |
|
[random filename].exe |
dll services
Added by a variant of the SDBOT WORM! |
|
[random filename] |
dllcvss
Added by a variant of the SLAPER TROJAN! |
|
[path to file] |
DllExecutable
Added by the VB-SP WORM! |
|
[path to file] |
dm_service
Added by the MITGLIEDER.P TROJAN! |
|
[worm filename] |
DNS
Added by the CQG WORM! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in the Common Files folder |
|
?? |
Dosbat
?? |
|
[trojan filename] |
down
Added by the Small-QJ TROJAN! |
|
[random filename] |
DRam prmaessor
Added by the RBOT.CSG WORM! |
|
[random filename] |
DRam prosesor
Added by the SPYBOT.EE WORM! |
|
[random filename] |
DRam prosessor
Added by the RBOT.CSG WORM! |
|
[path to trojan] |
drin
Added by the SMALL.DPB TROJAN! |
|
[path to file] |
DSAcass
Added by the RANKY.M TROJAN! |
|
[path to trojan] |
DSKEY
Added by the STARTER-G TROJAN! |
|
[path to trojan] |
DSS
Added by the DSSDOOR-C TROJAN! |
|
?? |
EDRestore
Set Point from Easy Desk Software - "small utility that automatically sets System Restore points for WinME/XP" |
|
[random filename] |
educational writer
Added by the RBOT-LZ WORM! |
|
[random 5 characters].exe |
Efata
Added by the FLUKAN-D WORM! |
|
[path] efjm.dll,run |
EFI Job Monitor
Ricoh Imagio Printer/Scanner driver status monitor |
|
[path] repcale.exe [path] palsp.exe |
element furth
Added by a variant of the RANDON.AN WORM! |
|
[path to worm] |
eMCryT Sh3ars Panagers
Added by the RBOT-AWI WORM! |
|
[name of file] |
enBrowser
WINBO adware |
|
[random filename].exe |
example
Added by the NUCLEAR TROJAN! Note - this trojan file is found in the WindowsNR or WinntNR folder |
|
[random filename] |
Expatch
Added by the PWSLMIR-G TROJAN! |
|
[random filename] |
expcrt
Added by a variant of the SLAPER TROJAN! |
|
[path to worm] |
Explorer
Added by the AUTEX WORM! |
|
[path to trojan] |
explorer
Added by the AGENT-EU TROJAN! |
|
[random filename] |
ExploreUpdSched
ZenoSearch adware |
|
[path to trojan] |
f94mggfhfghodftdf
Added by the SMALL.JHZ TROJAN! |
|
[path to trojan] |
FindHack
Added by the KELVIR-BA TROJAN! |
|
[random filename] |
Fire Wall services
Added by the IRCBOT-QY WORM! |
|
[path to trojan] |
Flash Driver
Detected by PCTools as the AGENT.CWVT TROJAN! See here |
|
%%%%%.exe |
Flash Media
Added by a variant of the IRCBOT TROJAN! See here |
|
%%%.exe |
Flash Media
Added by a variant of the IRCBOT TROJAN! See here |
|
[path to trojan] |
Flash Media
Detected by Trend Micro as the IRCBOT.AUR TROJAN! See here |
|
^ ^^^ %% % ^% ^%%^ %^ .exe |
Flash Media
Added by a variant of the IRCBOT TROJAN! See here |
|
^^% ^ %%% %^%%%^%%^%^% % ^^%% % %^^^^ ^%%^%% .exe |
Flash Media
Added by a variant of the IRCBOT TROJAN! See here |
|
^^^^^.exe |
Flash Media
Added by a variant of the IRCBOT TROJAN! See here |
|
^^^^^^.exe |
Flash Media
Added by a variant of the IRCBOT TROJAN! See here |
|
[path to worm] |
Flash Player2
Detected by Trend Micro as the IRCBOT.PD WORM! See here |
|
-flash32.exe |
FLASH32
?? |
|
[path to trojan] |
Floppy Master
Added by the ZONIT-F TROJAN! |
|
[path to worm] |
FolderRaper
Added by the VB.GOZ WORM! |
|
?? |
FoolProofSweep
Part of FoolProof Security PC security software from SmartStuff |
|
[worm filename] |
G00123
Added by the BUGBROS WORM! |
|
[random filename] |
G4G
Detected as Trojan-Downloader.Win32.VB.fki |
|
[path to trojan] |
Games Acceleration
Added by the SMUTSRCH-A TROJAN! |
|
[path to backdoor] |
GDAX
Added by the RANKY.K TROJAN! |
|
[random filename] |
Ghost Relay
Detected by Trend Micro as the DNSCHANG.EK TROJAN! See here |
|
[path to trojan] |
gimmygames
Added by the DLOADR-LN TROJAN! |
|
[random filename] |
GlobalSCAPE
Added by the RBOT-AYM WORM! |
|
[random filename] |
Google Earth
Added by the RBOT-AXK TROJAN! |
|
[random name].dll |
GPLv3
Vundo adware |
|
2Stop.exe |
gramdate
?? |
|
_default.pif |
Graphics
Added by the AUTOSKY WORM! |
|
[path] GsiInst.exe INSTALL [path] V205Res 13 |
GSISETUP
BT Voyager ADSL modem related - what does it do and is it required? |
|
[filename].exe |
GustavVED
Added by the OPASERV.H WORM! |
|
[path to trojan] |
HATAPE
Added by the BANKER-QF TROJAN! |
|
[random filename].exe |
HDAudio Driver 1.0
Added by the TEADOOR-D TROJAN! |
|
[random filename].exe |
HDAudio Driver 2.0
Added by the TEADOOR-E TROJAN! |
|
[8 random letters].exe |
hdlpscom
Added by the RBOT-FUL WORM! |
|
1hellbot.exe |
HELLBOT TEST
Added by the MYDOOM.BO WORM! |
|
[filename].exe |
hen
Added by the TARNO.G TROJAN! |
|
[path to worm] |
himem.exe
Added by the STRATION-FW WORM! |
|
[path to worm] |
HotKeysCmds
Added by the PAHATIA-A WORM! |
|
?? |
HP Info Express
On HP PCs, allows the computer to automatically receive notifications from HP over the Internet. Associated with BackWeb |
|
?? |
HP RecordNow
From HP "Software for the CD writer. Do not prevent from starting unless the CD writer is never going to be used." |
|
?? |
HP Updates
On HP PCs, allows the computer to automatically receive notifications from HP over the Internet. Associated with BackWeb |
|
[random filename] |
hpsysconf1
Added by a variant of the VIVIA.A TROJAN! |
|
[path to trojan] |
hxadsec
Added by the ADCLICK-AP TROJAN! |
|
[path to trojan] |
ibin
Added by the PERDA-C TROJAN! |
|
[8 random letters].exe |
icccomp
Detected by Kaspersky as the ZHELATIN.EQ WORM! See here |
|
[path to worm] |
ICQ Center
Added by the RANDIN WORM! |
|
[random filename] |
ICQ Lite Messenger
Added by an unidentified VIRUS, WORM or TROJAN! Unlike the legitimate ICQ Lite executable, which will be located in the ICQLITE folder in Program Files, this particular impostor is located in the Windows or WinntSystem32 directory |
|
[8 random letters].exe |
idlesam
Detected by Kaspersky as the ZHELATIN.EQ WORM! See here |
|
[random filename] |
idmlssp
Added by a variant of the SLAPER TROJAN! |
|
[path to trojan] |
IEXPLORE.EXE
Added by the BANCOS-CJ TROJAN! |
|
[random filename] |
ifperx
Added by a variant of the SLAPER TROJAN! |
|
?? |
Imesh
Imesh is a file sharing system |
|
?? |
Imesh Auto Update
Update check for the Imesh file sharing system. Turn the update off under "options" |
|
[path to file] |
imgit
Added by the BANKER-EM TROJAN! |
|
[path to trojan] |
imonitor
Added by the IMONI-A TROJAN! |
|
8x8_init.exe |
Initialize8x8
Tool that initializes a Pinnacle PCTV card - maybe in capture or in showing overlay |
|
[path] repcale.exe [path] palsp.exe |
Installs SP2
Added by a variant of the RANDON.AN WORM! |
|
[path to worm] |
Instance 001
Added by the ALASROU-A WORM! |
|
[path to worm] |
Intec Service Drivers
Added by the RBOT-GLU WORM! |
|
[path to worm] |
InterceptedSystem
Added by the ANACON-B WORM! |
|
[trojan filename] |
Internal
Added by the SMOTHER and TRANSLAT TROJANS! |
|
[trojan filename] |
Internat
Added by the CMJSPY-Y TROJAN! |
|
[trojan filename].exe |
internet
Added by the MIFENG-D TROJAN! |
|
[path to trojan] |
Internet Connection Wizard
Added by the SMUTSRCH-A TROJAN! |
|
[path to trojan] |
Internet Mail and News
Added by the SMUTSRCH-A TROJAN! |
|
[random filename] |
Intranet Explorer
Detected by Trend Micro as the POEBOT.DK BACKDOOR! See here. Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! |
|
?? |
Introduction-Registration
For Compaq PC's. Should only run first time, PC Introduction & Compaq registration |
|
[path to trojan] |
IntSys1
Added by the BANLOA-ASE TROJAN! |
|
[9 random letters].exe |
Ipod Help
Added by a variant of the RBOT WORM! |
|
[path to trojan] |
Irwftp
Added by the BANCOS-AP TROJAN! |
|
[random filename] |
ist service uninstall
ISTBar adware related |
|
[path to trojan] |
ixproxy
Added by the XORPIX-A TROJAN! |
|
[filename] |
JavaUpdate0.07
Added by the JUPDATE TROJAN! |
|
[random filename] |
jcidls
Added by a variant of the SLAPER TROJAN! |
|
[path to trojan] |
jon315
Added by the MAILBOT-BI TROJAN! |
|
[path to worm] |
jpgdiag
Added by the STRATION-AN WORM! |
|
[path to trojan] |
jusched
Added by the BANKER-BWR TROJAN! |
|
[random filename] |
JVM0.12
Added by the TEADOOR-A TROJAN! |
|
[random filename] |
JVM0.14
Added by the TEADOOR-B TROJAN! |
|
[random filename] |
jysyqm
ZenoSearch adware |
|
[random filename].exe |
Kadoc
Added by the STAPREW TROJAN! |
|
******.exe reg_run [* = random char] |
KavSvc
Added by the QOOLOGIC TROJAN! |
|
[random 6 char filename] |
kavsvc
Added by the QOOLOGIC TROJAN! Uses random file names (examples: nzkklz.exe, rzazzi.exe, ivpaan.exe) |
|
[worm filename] |
KAVutil
Added by the WINTOO.B WORM! |
|
9 |
KAZAACuf
Added by the KITRO.D (or ARGEN.A) WORM! |
|
[8 random letters].exe |
kdmsx
Detected by Kaspersky as the SDBOT.AIJ BACKDOOR! See here |
|
[random filename] |
kern64dll
Added by the TARNO.J TROJAN! |
|
[path to worm] |
KernelRuntime
Added by the MYTOB-JO WORM! |
|
[path to trojan] |
keyboard
Added by the DLOADR-AOZ TROJAN! |
|
[path to file] |
klop
Added by the AGENT-WQ TROJAN! |
|
[random].tmp |
klop
Found with Trojan.Win32.StartPage.aw. Possibly a variant of the AGENT-WQ TROJAN! |
|
[path to trojan] |
LanGuard
Added by the DLOADER-VO TROJAN! |
|
[path] setup.exe |
LanzarL2007
?? |
|
[trojan filename] |
lar
Added by the ROXY.C TROJAN! |
|
[path to worm] |
Letum
Added by the LETUM.A WORM! |
|
[path to trojan] |
Litebot
Added by the LITEBOT-A TROJAN! |
|
[Windows username]05.exe |
LiveUpdate
Added by the LINEAGE TROJAN! |
|
[path to file] |
lk3h1
Added by the MOSUCK-G TROJAN! |
|
[path to worm] |
load
Added by the KELVIR.AI WORM! |
|
_Kerne1.exe |
load
Added by the LINEAGE-AN TROJAN! |
|
1111a.exe |
load32
Added by the DUMARU.AH WORM! |
|
01comm32.exe |
load=
Related to Elsa CommPro (Communicate Pro) access software for Microlink modems - this software contains answering machine and fax functions, plus a terminal program, a WWW-browser launch function, Internet telephony, and address management. Required if you use those |
|
[random filename] |
LoadOrderVerification
Added by the TRON.A TROJAN! |
|
[filename] |
LoadWindowsFile
Added by the DELF.B TROJAN! where [filename] is the infected file |
|
[User Name].exe |
Local-Settings-of-[User Name]
Added by the GAVGENT.A WORM! |
|
[filename] |
Locator Service
Added by the AGOBOT-KY TROJAN! |
|
[path to trojan] |
login
Added by the HOTWORD-A TROJAN! |
|
[path to file] |
Login Service
Added by the MIGMAF TROJAN! |
|
[path to trojan] |
Logo
Added by the DLOADER-RH TROJAN! |
|
_hideme_imhiddenlololol.exe |
lololol
Added by the HIDEME-A TROJAN! |
|
[filename] |
LowVersionSupport
Added by the LASTRAS TROJAN! |
|
?? |
LS120 Superdisk
Supposed to accelerate transfer rate on LS-120, contributes to system lockups |
|
[path to lsass.exe] |
lsass
Added by the ALADINZ.F TROJAN! Note - this is not the legitimate lasss.exe process which should NOT appear in Msconfig/Startup! |
|
[random filename] |
Managment Service
Added by the RBOT.BIS TROJAN! |
|
[filename] |
Mantis
Added by the MANTIBE VIRUS! |
|
[filename] |
MatrixScreen
Added by the MATRIXSCREEN TROJAN! |
|
[random filename] |
mb2np
Added by the IRCBOT.TJ WORM! |
|
[random filename] |
MbarInstall
Detected by PCTools as Mirar adware. See here |
|
?? |
McAfee Winguage
Part of McAfee Nuts & Bolts. "WinGuage is a dynamic reporting tool that constantly monitors your use of Windows and your applications, to alert you to potential problems before they become serious". Resource hog. Available via Start -> Programs |
|
[8 random letters].exe |
mceipww
Detected by Kaspersky as the ZHELATIN.EQ WORM! See here |
|
[path to trojan] |
mdetect
Added by the SPABOT TROJAN! |
|
[path to trojan] |
MEDIA32
Added by the PURSCAN-Z TROJAN! |
|
******.exe [* = random digit] |
Members area
Premium rate adult content dialer |
|
[random name].dll |
MemoryManager
Virtumondo adware related |
|
[worm filename] |
messnger
Added by the DELODER WORM! |
|
?? |
mfgboot
?? |
|
[random filename].exe |
Mickey Mouse Cereal
Added by the RANKY.Q TROJAN! |
|
[path to trojan] |
Micro Office
Added by the BANCBAN-QC TROJAN! |
|
[random filename] |
MicroLoad
Added by the DARBY WORM! |
|
[random 10-letter filename].EXE |
MICROSFT ANTIVIRUS UPDATE SUPPORT
Added by the RBOT-AQA WORM! |
|
[random filename] |
MICROSFT RAMA UPDATE SUPPORT
Added by the RBOT-ASM or RBOT-AUW WORMS! |
|
[random filename].exe |
Microsft Upgraed
Added by a variant of the SDBOT WORM! |
|
[random filename] |
Microsft Windows Adapter 5.1.3013
Detected by Kaspersky as the SMALL.HIT TROJAN! See here |
|
[random filename] |
Microsoft (C) HTML Application host
Added by the RBOT-YB WORM! |
|
1.tmp |
Microsoft (R) Windows Network Latency Controller
Added by a generic password stealer TROJAN - see here |
|
[random].tmp |
Microsoft (R) Windows Protocol Deployment Manager
Added by an unidentified WORM or TROJAN! |
|
[path to trojan] |
Microsoft (R) Windows TCP/IP Socket Driver
Added by the PROXY-DD TROJAN! |
|
[path to trojan] |
Microsoft ActiveX Debugger NT
Added by the BANCOS-DO TROJAN! |
|
[random filename] |
Microsoft ADservice
Added by a variant of the RBOT WORM! |
|
[random filename] |
Microsoft Anti-Spy
Added by a variant of the SDBOT WORM! |
|
[random filename] |
Microsoft Core Support
Added by a variant of the RBOT TROJAN! |
|
[random filename] |
Microsoft Corporation
Added by various VIRUSES, WORMS & TROJANS! |
|
[random filename] |
Microsoft Diagnostic
Added by the ACEBOT TROJAN! |
|
[random filename] |
Microsoft DirktorWin
Added by the SPYBOT.GEN3 TROJAN! |
|
[random filename] |
MicroSoft Getway Dire
Detected by Trend Micro as the IRCBRUTE.AM WORM! See here |
|
[12 random letters].exe |
MicroSoft Getway mqbol
Detected by Trend Micro as the RBOT.GBA WORM! See here |
|
[filename] |
Microsoft IIS
Added by the FRANCETTE-S WORM! |
|
[path to file] |
Microsoft Internet Acceleration Utility
Added by the AGENT-CX TROJAN! |
|
[path to trojan] |
Microsoft Internet Acceleration Utility
Added by the SMUTSRCH-A TROJAN! |
|
[random filename] |
Microsoft IT Update
Added by a variant of the RBOT WORM! |
|
[filename] |
Microsoft Java Windows Update
Added by the RBOT-DZ WORM! |
|
[random filename] |
Microsoft Locals 332
Added by the RBOT-KU WORM! |
|
[path to file] |
Microsoft LV
Added by the BDL TROJAN! |
|
[path to trojan] |
Microsoft Management Console
Added by the SMUTSRCH-A TROJAN! |
|
[path to file] |
Microsoft PCHealth32
Added by the NICE-A TROJAN! |
|
[path to file] |
Microsoft Redirect
Added by the BANKER-FW TROJAN! |
|
[random filename] |
Microsoft Security GManagers
Added by a variant of the SDBOT WORM! |
|
[filename] |
Microsoft Security Panager
Added by the RBOT-ANL WORM! |
|
[random filename] |
Microsoft Security Panagers
Added by the RBOT-AIG WORM! |
|
32svchost.exe |
Microsoft Service Host Manager
Added by a variant of the IRCBOT TROJAN! |
|
****.exe E255 [* = random char] |
microsoft software
Added by an unidentified WORM or TROJAN! |
|
[path to trojan] |
Microsoft standard protector
Added by the STOX-C TROJAN! |
|
___synmgr.exe |
Microsoft Synchronization Manager
Added by the MASLAN.A or MASLAN.C WORMS! |
|
[random filename] |
Microsoft System Backup
Added by the RBOT-AGM WORM! |
|
[path to worm] |
Microsoft System Saver
Added by the RBOT.BSK WORM! |
|
[random filename] |
Microsoft Tray
Added by the DELF.BZ TROJAN! |
|
[path to file] |
Microsoft Update 32
Added by the RBOT-AJJ WORM! |
|
[random filename] |
Microsoft Update Loader
Added by a variant of the RBOT WORM! |
|
[random filename] |
Microsoft Update Machine
Added by a variant of the RBOT WORM! |
|
[random filename] |
Microsoft Updote
Added by the RBOT-ARC WORM! |
|
[random filename].exe |
Microsoft UpToDate Driver (32-bits)
Added by the SPYBOT.LXJ WORM! |
|
[path to file] |
Microsoft Windows
Added by the LI TROJAN! |
|
[worm filename].exe |
Microsoft Windows Adapter 5.1.3214
Detected by Trend Micro as the STRAT.GEN-3 WORM! See here |
|
___r.exe |
Microsoft Windows DHCP
Added by the MASLAN.A or MASLAN.C WORMS! |
|
[various filenames] |
Microsoft Windows Update x86
Added by a variant of the RBOT WORM! Filenames seen include (but are not limited to firefox.exe, opera.exe, taskmrg.exe, aim.exe, Winxdiag.exe and usnesvc.exe |
|
********.exe [* = random char] |
Microsoft Windows Update XP64
Added by a variant of the RBOT WORM! |
|
[random filename] |
Microsoft WinSound
Added by a variant of the RBOT WORM! |
|
****.exe [* = random char] |
Microsoft-software
Added by a variant of the RBOT WORM! |
|
[random].exe |
Microsoft.exe
Added by a variant of the IRCBOT TROJAN! |
|
****.exe [**** = random char] |
Microsofts Security Manager
Added by the RBOT-WH TROJAN! |
|
[path to trojan] |
MicrosoftUpdates
Added by the DELF-LO TROJAN! |
|
[various filenames] |
MicrosoftWindows
MagicSearch - a CoolWebSearch parasite variant |
|
[random filename].exe |
Microsot NT Support
Added by the RBOT-CTI WORM! |
|
[path to file] |
minimo
Added by the MOSUCK-X TROJAN! |
|
[worm filename].exe |
Mioft Wiws Seice ent
Added by the RBOT-GIJ WORM! |
|
[path to trojan] |
ml34
Added by the MAILBOT-BH TROJAN! |
|
[random filename] |
mmsddlx
Added by a variant of the SLAPER TROJAN! |
|
[random filename] |
MonAppli
Detected by Kaspersky as the DELF.IF TROJAN! See here |
|
[path to worm] |
MouseDrv
Added by the ZOLOAD-B WORM! |
|
[path to file] |
MoussaEvil
Added by the MUSANUB-A WORM! |
|
******.exe [* = random character] |
ms window update
Added by a variant of the RBOT WORM! |
|
[random filename] |
MS-HTML
Added by the LATINUS.15 TROJAN! |
|
[path to trojan] |
msbsc
Added by the BANKER-DF TROJAN! |
|
[path to file] |
MsgApi
Added by the DEDLER-D TROJAN! |
|
[path to worm] |
Msgmgr
Added by the BABYBEAR WORM! |
|
[worm filename] |
Msgsvc32
Added by the NAUTICAL-A WORM! |
|
[random filename] |
MSKCES32
Added by the CLONER TROJAN! |
|
[4-8 random letters].exe |
MSMSGNER
Added by the FOWLDO-GEN TROJAN! |
|
[random letters].exe |
MSN 9.0 Plus
Added by the RBOT-ALY WORM! |
|
[path to file] |
msnmsgy
Added by the BANKER-EQ TROJAN! |
|
[path to trojan] |
Mspatch69
Added by the MPROX TROJAN! |
|
[path to worm] |
MSPRO32
Added by the IBERIO WORM! |
|
[path to trojan] |
msresear
Added by the WEASYW-B TROJAN! |
|
[path to file] |
MSSGisg
Added by the RANKY.N TROJAN! |
|
[path to trojan] |
mssvc
Added by the PSK TROJAN! |
|
[random filename] |
mswspl
Added by the SMALL.IQ TROJAN! |
|
[path to trojan] |
Multimedia extensions
Added by the SMUTSRCH-A TROJAN! |
|
[path to worm] |
mxb2
Added by the IXBOT-G WORM! |
|
[filename] |
Myapp
Added by the FATEE.B WORM! |
|
******.exe [* = random char] |
Narrator
Added by the QOOLOGIC TROJAN! |
|
[path to worm] |
NAV Live Update
Added by the DEBORMS.C WORM! Note - this is not a valid Norton Anti-Virus (NAV) function from Symantec |
|
***.tmp [* = random digit] |
NAVNet
Unidentified adware |
|
[filename] |
NavScan
Added by the OBSORB TROJAN! |
|
[path] repcale.exe [path] beird.exe |
NBT System alias
Added by a variant of the RANDON.AN WORM! |
|
[path to trojan] |
Ndpldaemon
Added by the RPCSDBOT-A TROJAN! |
|
***.exe [*** = 2 to 3 digits] |
Nero.ma
Added by the JONBARR.D WORM! |
|
[path to file] |
nethost.exe
Added by the PERDA-J TROJAN! |
|
[random filename] |
NETVISIONAdulti
Trafficadvance dialer |
|
[path to trojan] |
Network Host Controller
Added by the WHISPER TROJAN! |
|
[random]32.exe |
Network Host Service
Added by the RBOT-BAB WORM! |
|
**********.exe [* = random char] |
Network Security Guard
CoolWebSearch parasite variant |
|
[path to trojan] |
Network Security Guard
Added by the COLEM-A TROJAN! |
|
[path to trojan] |
newname
Added by the DRSMARTL-S TROJAN! |
|
[various filenames] |
NI.UWFX5[various]
WinFixer web installer. Winfixer is "Foistware", pretending to be system optimization, protection and recovery software - stealth installed, see here. Example filenames are UWFX5LP_0001_0802NetInstaller.exe, UWFX5V_0001_0802NetInstaller.exe, UWFX5_0001_N66M1101NETINSTALLER.EXE, 1D7C.tmp, WinFixerScannerInstall[1].exe |
|
[path to dialler] |
NIEUW
"Switch-F" premium rate adult content dialler |
|
[path to worm] |
Nocana
Added by the ANACON-B WORM! |
|
[path to file] |
Norton Antivirus 7.0a
Added by the PERDA-B or RANCK-CT TROJANS! |
|
[path to trojan] |
Norton Firewall
Added by the BANKER-ET TROJAN! |
|
[worm filename] |
NotePad
Added by the SILLYFDC-G WORM! |
|
[random filename] |
nssysconf
Added by the VIVIA.A TROJAN! |
|
[path to file] |
NT Virtual Machine
Added by the SCAERBOT-A WORM! |
|
[trojan filename] |
Ntech.patchs
Added by the LEMIR.G TROJAN! |
|
[path to trojan] |
NTP Server
Added by the RANKY.F TROJAN! |
|
[path to trojan] |
NTupdater
Added by the DIGARIX-D TROJAN! |
|
0x32.exe |
Numerical Xterm Agent
Added by the RBOT-FWP WORM! |
|
2x32.exe |
Numerical Xterm Agents
Added by the RBOT-FWY WORM! |
|
1x32.exe |
Numerical Xtermz Agent
Added by the RBOT-FWX WORM! |
|
[random filename] |
NvCpl
Added by the AGOBOT-APJ WORM! |
|
[path to trojan] |
NvGraphicsInterface
Added by the BCKDR-QKI BACKDOOR! |
|
[8 random charachters] |
Nvid
Unidentified adware |
|
[path to worm] |
Office Monitorse
Added by the SDBOT-CZX WORM! |
|
[path to worm] |
Offices Monitors
Added by the RBOT-GKO WORM! |
|
[path to worm] |
Offices Monitorse
Added by the RBOT-GKO WORM! |
|
[path to trojan] |
office_update
Added by the DLOADER-ZB TROJAN! |
|
[filename] |
OLE
Added by the STAWIN or TARNO.D TROJANS! |
|
1tou~2.exe |
One Touch Monitor
For Visioneer OneTouch scanners. System tray access to the control panel for the scanner |
|
1tou~2.exe |
OneTouchMonitor
For Visioneer OneTouch scanners. System tray access to the control panel for the scanner |
|
1tou~2.exe |
ONETOU~2
For Visioneer OneTouch scanners. System tray access to the control panel for the scanner |
|
0penGLD.exe |
OpenGL Drivers
Added by the YIMP-A WORM! |
|
[path to dialler] |
OpenMstart
"Switch-E" premium rate adult content dialer |
|
?? |
Operator
Media Pilot operator, in Win.ini. Locks port open |
|
*****.exe [* = random char] |
Outlook Express Config
Added by a variant of the RBOT WORM! |
|
[random filename] |
passcxd
Added by a variant of the SLAPER TROJAN! |
|
[path to worm] |
Patah Hati
Added by the PAHATIA-A WORM! |
|
%Number% |
PAV.EXE
Added by the KITRO.D (or ARGEN.A) WORM! %Number% can be any number |
|
[various filenames] |
PGStub.exe
Unidentified adware |
|
[path to trojan] |
PHIME2OO2ASyst
Added by the DBDOOR-B TROJAN! |
|
[random filename] |
Plasdll service
Added by a variant of the SDBOT WORM! |
|
764.exe |
pmc
Adult content dialler |
|
[worm filename] |
PNP FIX
Added by the RBOT-AKQ WORM! |
|
******.exe [* = random digit] |
pnpsvc_lock
Browser hijacker |
|
[path to file] |
popuppers65
Medload adware |
|
[random filename] |
PostBootReminder
Added by and unidentified WORM or TROJAN! |
|
[path to file] |
PPSVC
PC Police surveillance software that logs keystrokes, files looked at, applications used, and chats on either MSN, Yahoo, ICQ or AOL. This information can then be transmitted to a remote user. Uninstall this software if you did not install it yourself |
|
.exe |
present
Added by the RUBBLE-C WORM! |
|
3dmoused.exe |
Primax 3D Mouse
Enables the scroll button on the Primax 3-D Scroll mouse |
|
[path] hidden32.exe [path] explorer.exe |
print sharing
Added by the ZCREW.B BACKDOOR! Note - the legitimate Windows Explorer (explorer.exe) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! |
|
[path to file] |
Printer
Added by the LOWTAPER TROJAN! |
|
[path] RESTORE.EXE [path] SPOOL.EXE |
PrinterSpool
Added by the ALADINZ.K TROJAN! |
|
[various filenames] |
PrivateNet
Premium rate adult content dialler |
|
[path to file] |
pro
Added by the SPYWAD-F TROJAN! |
|
[path to file] |
Proc992
Added by the IXBOT-C WORM! |
|
[10 random letters].exe |
Program Access Service
Detected by Trend Micro as the RBOT.GJJ WORM! See here |
|
[random filename] |
prompt drive
Added by the SDBOT.AMF WORM! |
|
[5 random letters].exe |
proses
Added by a variant of the RBOT WORM! |
|
[path] runtask.exe [path] protection.exe |
Protection
Added by a variant of the AGENT.3.AU TROJAN! |
|
[path to worm] |
PrU Async Service
Added by the IRCBOT-UG WORM! |
|
[filename] |
putil
Added by the LDPINCH TROJAN! |
|
[random filename] |
qbotd
Added by the BOTTEN TROJAN! |
|
?? |
Qdsafe
?? |
|
[path to Trojan] |
qgqqft
Added by the RANKY.T TROJAN! |
|
[random filename] |
Quicktime Task
Trafficadvance dialer |
|
[worm filename] |
Random Unique ID
Added by the XROVE-A WORM! |
|
********.exe [* = random char] |
rate.exe
Unidentified adware |
|
1explore.exe |
ravshell
Added by the DLOADER.MJF TROJAN! |
|
[worm filename] |
RavTimeXP
Added by the WULLIK.B WORM! |
|
[worm filename] |
RavTimXP
Added by the WULLIK.B WORM! |
|
[path to trojan] |
rawload
Added by the DARKIRC.QZ TROJAN! |
|
[worm filename] |
rdvs
Added by the ULTIMAX WORM! |
|
[random name]32.exe |
Reactor3
Added by the BOFRA.A WORM! |
|
[random name]32.exe |
Reactor5
Added by the BOFRA.D WORM! |
|
[random name]32.exe |
Reactor6
Added by the BOFRA.C WORM! |
|
[random name]32.exe |
Reactor7
Added by the BOFRA.B WORM! |
|
[random name]32.exe |
Reactor8
Added by the BOFRA.E WORM! |
|
[random name]32.exe |
Reactor9
Added by the BOFRA.E WORM! |
|
[path to file] |
RealP1ayer
Added by the RPLAY.A TROJAN! Note that the name has a number "1" in place of the second lower case "L" |
|
[path to file] |
REEGRUN
Added by the SECDROP.AI TROJAN |
|
~CAB001.EXE |
Regcheck
Added by the CYBRSPY.13A or CYBRSPY.13B TROJANS! |
|
[path to file] |
regcheck
Added by the SERVPAM TROJAN! |
|
[path to file] |
REGMSYS
Added by the LOWZONE-AX TROJAN! |
|
[path to trojan] |
REGRUN
Added by the LOWZONE-AH TROJAN! |
|
[path to trojan] |
reseurce
Added by the LINEAGE-AI TROJAN! |
|
[8 random letters].exe |
reszrv
Added by a variant of the SDBOT WORM! See here |
|
[random name]32.exe |
Rhino
Added by the BOFRA.A WORM! |
|
[random filename] |
rmalt
Added by the CLICKER-CS TROJAN! Filenames spotted inlcude Setup.exe, Keygen.exe, Keygen-Serial.exe, Photoshop.CS2.KeyGen.exe and more |
|
[path to trojan] |
rngmf
Added by the RANKY.C TROJAN! |
|
************.exe [* = random char] |
romahere2
SuperSpider hijacker - a CoolWebSearch parasite variant. Also detected as the KREPPER-AE TROJAN! |
|
************.exe [* = random char] |
romahere3
SuperSpider hijacker - a CoolWebSearch parasite variant. Also detected as the KREPPER-AE TROJAN! |
|
[path to trojan] |
Root_Machine
Added by the BANCBAN-DI TROJAN! |
|
[path to worm] |
RPC Patcher
Added by the BOLGI WORM! |
|
[random filename] |
RPC Service
Added by the AAD TROJAN! |
|
[random filename].exe |
RSPC Driver
Added by the RBOT-SN WORM! |
|
[random filename] |
RSPC Driver D
Added by a variant of the RBOT WORM! |
|
[random filename] |
rtkernsw
Added by a variant of the SLAPER TROJAN! |
|
[path to worm] |
rundll32
Added by the AUTEX WORM! |
|
[path to worm] |
rundll64
Added by the AUTEX WORM! |
|
[path to file] |
runSubvalues
Added by the DLOADER-QY TROJAN! |
|
[path to file] |
RunWin
Added by the BANKER-ES TROJAN! |
|
[path to trojan] |
Safe
Added by the BANKER-DT TROJAN! |
|
[WORM FILE NAME].vbs |
SaMail
Added by the VBS.LIDO WORM! |
|
/l:eng |
SB Audigy 2 Startup Menu
Related to the Dell OEM version of the Sound Blaster Audigy 2 sound card. If this item is listed and checked in startup, the System32 Folder will appear on every startup. A patch is available - filename R75304.EXE - that fixes the issue. You can find that file at support.dell.com by typing that name in the 'Search' box available there. It addresses the root of the problem in Creative's software and corrects it. Unfortunately there is no direct link to the file, but it's easily available using the search function |
|
?? |
ScanFile
?? |
|
[filename] |
Scanreg
Added by the QQPASS.E TROJAN! |
|
[path to trojan] |
schost
Added by the TJSERV.D TROJAN! |
|
[path to trojan] |
scrbmk
Added by the DLOADER-VP TROJAN! |
|
[worm filename] |
ScrSvrOld
Added by the OPASERV WORM! |
|
|
Search.vbs
Hijacker |
|
${HOOKOE_FILE} |
SeekmoToolbar
180solutions/Seekmo adware |
|
[path to file] |
seli
Added by the LOWZONE-AS TROJAN! |
|
[trojan filename] |
Service
Added by the KAITEX.E TROJAN! |
|
[random filename] |
Service Defender
Added by a variant of the ZLOB TROJAN! See here |
|
[filename].exe |
Service Host
Added by the TORVEL.B WORM! |
|
[various filenames] |
Service Pack
Added by the LERPA-A WORM! Note - the file name will be one of the following common.exe, common.pif, common.scr, Sexo.exe, Sexo.jpg.pif, ini_file__.pif, load_me__.tmp, msfile.pif, system_load_.pif or zipped.rar.pif |
|
[random filename] |
Service Pack 1
Added by the VXGAME.Z TROJAN! Note - the filename is random - see the link. Typical examples are vexg6ame4.exe, vexga3me2.exe, vexga4m1et4.exe, etc |
|
[worm filename].exe |
Service PAck SFVP
Added by a variant of the RBOT WORM! The filename is 4 random characters |
|
[path to trojan] |
service32.exe
Added by the DLOADR-AYX TROJAN! |
|
[path to trojan] |
Services
Added by the METEORSHELL TROJAN! |
|
[path to trojan] |
Services
Added by the RANCK-DB TROJAN! |
|
[worm filename] |
Services004
Added by the BUGBROS WORM! |
|
[random filename] |
SfKg6wIP
Identified as a variant of the TrojanDownloader.Matcash malware |
|
[random filename] |
SfKg6wIPu
Identified as a variant of the TrojanDownloader.Matcash malware |
|
[path to trojan] |
ShareSearcher
Added by the AGENT-FPE TROJAN! |
|
[random].dll |
shellbn
SoftStop misleading security software - not recommended, see here |
|
[path to file] |
ShellCommand
Added by the REMCON-A TROJAN! |
|
[strange symbol] |
ShowLOMControl
Note that there is a strange symbol in the command field. HKLMSoftwareMicrosoftWindowsCurrent VersionRunShowLOMControl Reg_DWORD 0x00000001 (1) LOM = LAN on Motherboard.It mean Show "LAN on Motherboard" Control.On systems where you can install an external LAN interface, it will warn you that you already have a built-in LAN interface. Appears to be a feature on certain Dell systems |
|
.exe |
sInErA
Added by the SILLYFDC-AB WORM! |
|
[path to smss.exe] |
smss
Added by the ALADINZ.F TROJAN! Note - this is not the legitimate smss.exe process which should NOT appear in Msconfig/Startup! |
|
[various filenames] |
SNInstall
Spy Sheriff/SpywareNO malware, also detected as the SPYHOAX-A TROJAN, pretends to be a spyware remover! - file names spotted sofar include VXH8JKDQ2.EXE, NS6281400.so, CVXH8JKDQ2.EXE, down3.exe, sefe.exe, winstall.exe, and tool2.exe |
|
********.exe [* = random digit] |
soft2
Added by the KARDPHISHER TROJAN! |
|
[path to worm] |
SoundMnEx32
Added by the STRATION-FW WORM! |
|
[path] repcale.exe [path] apc.exe |
SP2 data
Added by a variant of the RANDON.AN WORM! |
|
[worm filename] |
SpeedBoss
Added by the OPASERV.AD WORM! |
|
[path to trojan] |
Spool
Added by the RANKY.R TROJAN! |
|
[path to trojan] |
spoolax
Added by the PERDA-D TROJAN! |
|
1ClickSpyClean.exe |
SpyClean
1 Click Spy Clean uses a database that was stolen from SpybotS&D. Not recommended, see here |
|
[path to trojan] |
sr64
Added by the AGENT.X TROJAN! |
|
[path to trojan] |
Srv32 spool service
Added by the DLOADER-LB TROJAN! |
|
[worm filename].PIF |
Srv32Old
Added by the OPASERV.J WORM! |
|
[path to trojan] |
sstata
Added by the RANCK-DF TROJAN! |
|
[path to trojan] |
startemdoit
Added by the DLOADR-AVP TROJAN! |
|
?? |
Startup
Related to an Iomega drive |
|
[six character filename] |
Startup Configuration
Added by the RBOT-ARV WORM! |
|
[filename] |
stdlib
Added by the PERDA-E TROJAN! |
|
[trojan filename] |
Streams Drivers
Detected by Trend Micro as the RESTARTER.E TROJAN! See here |
|
[path to trojan] |
strto
Added by the KILLAV-AP TROJAN! |
|
138762763.exe |
stup
Added by the FIRESPY-A TROJAN! It will attempt to register the dropped component as a Firefox plugin and begin monitoring the user's browsing habits, stealing information including monitoring and logging information from Web forms |
|
_win.exe |
stup1db0t
Added by a variant of the IRCBOT BACKDOOR! |
|
[path to services.exe] |
SuperBar.Component
Added by the SMALL-AQ TROJAN! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in an "Inetsrv" subfolder |
|
[worm filename] |
Supernova
Added by the SURNOVA (or SUPOVA) WORM! |
|
[trojan filename] |
support-reverse-smileys
Added by the LITEBOT TROJAN! |
|
[path to trojan] |
svchosd
Added by the BANCOS-BCX TROJAN! |
|
[path to trojan] |
svchost
Added by the HAZZER TROJAN! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup! |
|
[path] SETUP.EXE |
svchost
Added by the SETCLO WORM! |
|
[path to explorer.exe] |
svchost
Added by the UNREAL-A TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! |
|
[path to executeable] |
svchost.exe
Added by the BANKER-MO TROJAN! |
|
[path to file] |
SvcSys
Added by the BANCOS.Z TROJAN! |
|
[path to worm] |
svcwinprocess32
Added by the UPERING WORM! |
|
[path to dialler] |
sVideo2
"Switch-D" premium rate adult content dialler |
|
_backup.exe |
Swf32
Added by the SYMTEN WORM! |
|
[random filename] |
sws.exe
Haldex type adult content dialler |
|
[file path] |
SYDNEY
Added by the SYNEY WORM! |
|
[filename] |
syelimS-esreveR-troppuS
Added by the LITBOT.C TROJAN! |
|
[random filename] |
Symantec Autoscan
Added by the RBOT-AJO WORM! |
|
[path to file] |
Symlcs
Added by the YASPY-A TROJAN! |
|
[path to file] |
SysBkup
Keyspy keystroke logger/monitoring program - remove unless you installed it yourself! |
|
[path to file] |
SysData
Added by the RANCK-BA TROJAN! |
|
[trojan filename] |
sysdll
Added by the HUGESOT TROJAN! |
|
[path to file] |
sysin
Added by the DSRC-A TROJAN! |
|
[various filenames] |
sysmon12
Wareout - malware masquerading as a spyware and dialer remover |
|
[path to file] |
sysser
Added by the RAHACK WORM! |
|
[random filename] |
SysStart
ZenoSearch adware |
|
[random filename] |
System backup
Added by the ADMINCASH.B TROJAN! Note - multiple different file names have been spotted, examples: web.exe, soft.exe, msxmidi.exe, wmplayer.exe, as well as completely random ones such as 9a2de006.exe, 36c75e3c.exe and so on |
|
[random filename] |
System CPL manager
Added by the RBOT-SR WORM! |
|
[temp name].exe |
System Presets
Added by the HOSTINF-A WORM! |
|
[path] repcale.exe [path] beird.exe |
System Restore Data
Added by the RANDON.AN WORM! |
|
[path to file] |
System service78
Added by the ELITEBAR-T and ELITEBAR-U TROJANS! |
|
[path to file] |
System service79
Added by the ELITEBAR-V TROJAN! |
|
[random file name] |
System Services
Added by a variant of the RBOT WORM! |
|
[filename].exe |
System Update
CoolWebSearch parasite variant |
|
[random filename] |
System Update
Added by the KORGO.W or KORGO.X WORMS! |
|
[random filename] |
System Update
Added by the SOROMO-A TROJAN! |
|
[path to trojan] |
System Update
Added by the AUTOTROJ-D TROJAN! |
|
[worm filename] |
System32
Added by the NAUTICAL-A WORM! |
|
[random].exe |
System32Check
Added by the CHAST-A TROJAN! |
|
[various filenames] |
SystemEmergency
CoolWebSearch Smartsearch parasite variant |
|
%WinHook32.exe |
SystemWideHook for Windows NT
Added by the MYDOOM.AC WORM! |
|
[path to trojan] |
systrans
Added by the STARTPA-GZ TROJAN! |
|
[filename.exe] |
Systray
Winfavorites adware |
|
[path to worm] |
Systry
Added by the AUTEX WORM! |
|
[path to worm] |
Systryt
Added by the AUTEX WORM! |
|
[3 random letters].exe |
syswin.txt
Added by a variant of the SPYBOT WORM! See here |
|
{rdprM@Y_VO^ |
Task Loader
Added by the AGOBOT.CB WORM! |
|
[path to trojan] |
TaskManager
Added by the LDPINCH-CF TROJAN! |
|
[path to file] |
Taskmgo
Added by the BANCBAN-T TROJAN! |
|
[path to trojan] |
taskmgr
Added by the AGENT-ENV TROJAN! |
|
[path] msnve.exe [path] task.exe |
taskmngr
Added by the FLOOD-EK TROJAN! |
|
[path to trojan] |
taskmsgs
Added by the BANCOS-BBW TROJAN! |
|
[random filename] |
TaskReg
Added by the CBLAD WORM! |
|
[random filename] |
TA_Start
Zeno Think-Adz adware |
|
[random filename] |
Telnet24
Added by the RBOT-ARD WORM! |
|
[randomname].com |
TempCom
Added by the TRAXG WORM! |
|
?? |
TGCMG
Related to Rogers@Home, causes errors in WinSock32.dll. Not required for connection to work |
|
[path to trojan] |
TheMonitor
Added by the DLOADR-LO TROJAN! |
|
[random filename] |
Think-Adz
Zeno Think-Adz adware |
|
[path to file] |
tjstartup
Added by the TJSERV.C TROJAN! |
|
47681727.exe |
tlz
Added by an unidentified TROJAN! |
|
[path to file] |
Tok-Cirrhatus
Added by the BRONTOK-F WORM! |
|
[path to trojan] |
Torjan Program
Added by the LEGMIR-BO TROJAN! |
|
[path to file] |
Trickler
GAIN adware. Please note that Claria Corporation no longer support GAIN-Supported software - see here |
|
[trojan filename] |
TSystem
Added by the NSYS-A TROJAN! |
|
[random numbers].exe |
ttool
Added by the BCKDR-QLL TROJAN! |
|
[original file path] |
Update
Added by the LYNDEGG WORM! |
|
[various filenames] |
Update for Windows
Added by the LERPA-A WORM! Note - the file name will be one of the following common.exe, common.pif, common.scr, Sexo.exe, Sexo.jpg.pif, ini_file__.pif, load_me__.tmp, msfile.pif, system_load_.pif or zipped.rar.pif |
|
[random filename] |
updatesched
ZenoSearch adware |
|
[random filename] |
UpdateWin
Detected by Kaspersky as the IRCBOT.AZW TROJAN! See here |
|
[random filename] |
UpdSys
Added by the BJ TROJAN! |
|
[filename] |
upme
Added by the MUGLY.F WORM! |
|
[path to trojan] |
UsbD
Added by the CIDRA-F TROJAN! |
|
[path to trojan] |
USBHWINFO
Added by the LOWZONE-I TROJAN! |
|
[path to trojan] |
usbn
Added by the HOGIL-C TROJAN! |
|
.exe |
User
Added by the PUNYA-B WORM! |
|
[path to worm] |
user logon
Added by the PAHATIA-A WORM! |
|
[filename] |
User32
Added by the NETTRASH TROJAN! |
|
[filename] |
UserSystem
CoolWebSearch Smartsearch parasite variant. Also detected as the SEARCH-A TROJAN! |
|
?? |
Usrobotics Online Registration
Pop-up reminding customers to register their products online at US Robotics |
|
?? |
V128IITV
Loads drivers for some STB graphics cards. May be related to such a card with a TV out option? |
|
[user name].exe |
Vaganza-XPloit-[User Name]"
Added by the GAVGENT.A WORM! |
|
[path to trojan] |
ValidData
Added by the RANKY.H TROJAN! |
|
[random filename] |
ValueS0ft
Added by a variant of the SPYBOT WORM! See here |
|
[random filename] |
ValueX
Detected by Trend Micro as the IRCBOT.EE TROJAN! See here |
|
[random filename] |
vbcdtm
Added by a variant of the SLAPER TROJAN! |
|
[random name].vbe |
vbe
Added by the UISGON-A WORM! |
|
[worm filename].vbs |
VBS.Ipnuker@mm
Added by the NUKIP WORM! |
|
0548656X.vbs |
VBS_AUTO_UPDATE
Added by the GORMLEZ-A WORM! |
|
[random filename] |
Video Process
Added by the RBOT-LM WORM! |
|
[filename] |
VideoDriver
Added by the GSPOT20.A TROJAN! |
|
?? |
Vinny
?? |
|
[random].exe |
Virtual CD v6
Added by the RBOT-AZV WORM! |
|
[path to trojan] |
Virus Removal Tool
Added by the TOMETA-B TROJAN! |
|
[various filenames] |
Visual Element FX5
ClearStream Accelerator adware |
|
[random filename] |
Voltage Manager
Added by the DREFFORT WORM! |
|
|
VS.VSN
Part of eSafe antivirus "SmartScan" - alerts the user if files have been changed/added |
|
[random filename] |
w02db700.dll
ZenoSearch adware |
|
[random filename].scr |
W32Load
Added by the CASPID WORM! |
|
1200UBWATCH.EXE |
Watch
Button press monitor for the Mustek 1200 UB Scanner |
|
******.exe [* = random char] |
web
Added by a variant of the EASTO.A TROJAN! |
|
?? |
Web Search
?? |
|
[random filename].exe |
Web Service
Added by the ADMINCASH TROJAN! |
|
[random filename] |
WebRun
Added by the ADWARELOADER TROJAN! |
|
[random filename] |
wescmv
Added by a variant of the SLAPER TROJAN! |
|
4DMAIN.EXE |
WheelMouse
Mouse software for "Fellowes" Wheelman mouse. Has caused some users problems but shouldn't be needed if you don't use any enhanced features it may provide |
|
[path to trojan] |
WheelsMouse
Added by the SOCKSPR-D TROJAN! |
|
[random filename] |
WiFix service
Added by a variant of the SDBOT WORM! |
|
[random filename] |
Win Prosess0r
Added by the RBOT-BIT WORM! |
|
[random filename].exe |
WIN prosessor16
Added by a variant of the SDBOT WORM! |
|
[random filename] |
Win Secure Update
Added by the RBOT-AGI WORM! |
|
[worm filename] |
Win2Drv
Added by the WINTOO WORM! |
|
386.exe |
Win32 USB2.0 Driver
Added by the IRCBOT.D WORM! |
|
[random filename] |
Win32system
Added by the DDV.B WORM! |
|
***.exe [* = random char] |
Win32SystemMonitor
Browser hijacker |
|
[path to file] |
WIN95DEFVIEW
Added by the DEDLER-D TROJAN! |
|
[path to worm] |
wincrt.exe
Added by the STRATIO-HA WORM! |
|
_WIN32.EXE |
WinDll32
Added by the LEGMIR.AQ TROJAN! |
|
[worm filename].exe |
Windos Seres Agnts
Added by the RBOT-GUN WORM! |
|
[random filename] |
Window service
Added by the RBOT-ACH WORM! |
|
[path to worm] |
Windowfdgfds DasdLL Verifiew
Added by the RBOT-GGX WORM! |
|
[path to trojan] |
windows
Added by the AIMWIN TROJAN! |
|
[random filename] |
Windows ASN Service
Added by the AGOBOT-TC WORM! |
|
[random filename] |
Windows Compliant
Added by the RBOT-IR WORM! |
|
[path to worm] |
Windows Console Monitor
Added by the KEDEBE WORM! |
|
[random name].exe |
Windows Data Server
Added by the SPYBOT-DS WORM! |
|
[random filename] |
Windows ExpIorer
Added by the RBOT-AKO WORM! |
|
[filename].exe |
Windows Explorer
Added by the SDBOT TROJAN! |
|
?? |
Windows Eyes
For blind people, gives a voice description of items on the screen. Windows application which gives you total control over what you hear, when you hear it, and how you hear it. Available via Start -> Programs |
|
[5 random letters].exe |
Windows haz Layer
Added by a variant of the RBOT WORM! |
|
[path to worm] |
Windows Insecure
Added by the RBOT-FSM WORM! |
|
[random filename].exe |
Windows LoL Layer
Added by the RBOT-GMD WORM! |
|
[path to file] |
Windows Management Instrumentation
Added by the QEDS-A VIRUS! |
|
[random filename] |
Windows Media Player
Added by a variant of the RBOT WORM! |
|
50cent.exe |
Windows Media Player
Added by a variant of the RBOT WORM! |
|
[random filename] |
Windows Media Player Update
Added by the RBOT-ET WORM! |
|
[random filename] |
Windows Media SP.2.37
Added by the LEMIR.C TROJAN! |
|
[random filename] |
Windows Microsoft Service
Added by the AGENT-HCD TROJAN! |
|
[8 random letters].exe |
Windows Microsoft Services
Detected by Trend Micro as the KOLAB.AW WORM! See here for an example |
|
[path to trojan] |
Windows NNT
Added by the RANKY.E TROJAN! |
|
[6 random letters].exe |
Windows NTFS Volume Manage
Detected by Kaspersky as the RBOT.EDL TROJAN! See here |
|
[random filename].exe |
Windows Print Monitor Daemon
Added by a variant of the SDBOT WORM! |
|
[random filename] |
Windows Registry Name
Added by the RBOT-AEB WORM! |
|
32RUNdll.exe |
Windows Runtime Proccess
Added by the SDBOT.QW WORM! |
|
[random filename] |
Windows Secure Layer
Added by the RBOT.DRF WORM! |
|
[7 random letters].exe |
Windows Secure talal32
Detected by Kaspersky as the RBOT.HTP TROJAN! See here |
|
[random file name] |
Windows Security Service
Added by the RBOT-ALV WORM! |
|
[random filename] |
Windows Servce Agent
Added by a variant of the IRCBOT TROJAN! |
|
[9 random letters].exe |
Windows Servcesc
Added by a variant of the SDBOT WORM! See here |
|
[6 random letters].exe |
Windows Service Ag3nt
Detected by Trend Micro as the SDBOT.EZX TROJAN! See here |
|
[random filename].exe |
Windows Service Agent
Added by the IRCBOT-XE TROJAN! |
|
[8 random letters].exe |
Windows Service Agnts
Detected by Trend Micro as the SDBOT.BCQ WORM! See here for an example |
|
[random filename] |
Windows Service alge
Detected by Trend Micro as the RBOT.GJO TROJAN! See here |
|
[path to file] |
Windows Service Host Process
Added by the EZIO-A WORM! |
|
[10 random letters].exe |
Windows Services Aganters
Detected by Trend Micro as the RBOT.CUN WORM! See here for an example |
|
[8 random letters].exe |
Windows Serviece Agents
Detected by Trend Micro as the AGENT.BHR TROJAN! See here for an example |
|
[random 3-letter filename] |
Windows Standard Securty
Added by the RBOT-ALF WORM! |
|
[4 random letters].exe |
Windows System Security Monitor
Added by the PINKTON.A WORM! |
|
[path to file] |
Windows Taskbar Manager
Added by the PROTORIDE.B WORM! |
|
[filename] |
Windows Update
Added by the NORIO TROJAN! Acts as a hi-jacker redirecting to adult content sites |
|
[random filename] |
Windows Update Checker
Adware downloader trojan |
|
[random filename] |
Windows Update V6
Added by the RBOT-KT WORM! |
|
666.exe |
Windows USB Service
Added by the MYTOB.AR WORM! |
|
[path to trojan] |
WindowsFY
Added by the FAKEALE-E TROJAN! |
|
[path to file] |
WindowsFZ
Added by the DESKTOPHIJACK VIRUS! Also see DESKTOPHIJACK.B TROJAN! |
|
[random filename].exe |
WindowsReg% update
Added by the RBOT-HH WORM! |
|
[random filename] |
WindowsRegistration
Added by the RBOT-NO WORM! |
|
[random filename] |
WindowsRegKey Autoupdate
Added by a variant of the RBOT WORM! |
|
*********.exe [* = random char] |
WindowsRegKey upd4te2d4te
Added by the RBOT.XQ WORM! |
|
[random filename] |
WindowsRegKey update
Added by the RBOT.QT WORM! |
|
[random name].dll |
WindowsService
Added by the VUNDO-X TROJAN! |
|
[path to trojan] |
WindowsSetup
Added by the EZBOT TROJAN! |
|
[path to worm] |
WindowsSystem32
Added by the SDBOT-DFG WORM! |
|
[path to file] |
WindowsUpdate
Added by the DUPA-B TROJAN! |
|
[path to file] |
WindowsUpdatem1
Added by the AGENT-AAJ TROJAN! |
|
[original worm filename].vbs |
Windowz
Added by the NUKIP WORM! |
|
[5 random letters].exe |
Winds Sers Agts
Added by a variant of the RBOT WORM! |
|
[path to trojan] |
WindUpdates
Added by the AGENT.BF TROJAN! |
|
[random filename].exe |
WinFixer service
Added by a variant of the SDBOT WORM! |
|
[various filenames] |
wingo
Added by the BAGLE-AU WORM! |
|
[path to worm] |
WinKernel
Added by the PLEA VIRUS! |
|
[path to file] |
winldr
Added by the VIDLO-P TROJAN! |
|
[random filename] |
WinLoader
Added by variants of the SUBSEVEN TROJAN! |
|
[path to file] |
winlogon32_
Added by the RULAND.A WORM! |
|
[path to trojan] |
WinLsass
Added by the SCANE WORM! |
|
[path to trojan] |
WinMedia
Added by the ZEROBE-A TROJAN! |
|
[random characters].exe |
WinNetDDE
Added by the NETDEPIX.B TROJAN! |
|
[path to trojan] |
winreg_32
Added by the BANKER-DB TROJAN! |
|
[path to worm] |
Winres32vis
Added by the THRAX.A WORM! |
|
[random].exe |
WinSecure
Added by the AGENT-LR TROJAN! |
|
[path to trojan] |
winshow
Added by the VB-DXP TROJAN! |
|
[path] REGEDIT.EXE -s [path] sysreg.reg |
WinSP
Added by the STARTPA-ME TROJAN! |
|
[random filename].exe |
Winsvr
Added by the ADCLICK-DK TROJAN! |
|
******.exe reg_run [* = random char] |
winsync
Added by a variant of the QOOLOGIC TROJAN! |
|
[path to trojan] |
WINSYS
Added by the GOLDPLAY TROJAN! |
|
[path to trojan] |
winsysban
Added by the CLICKER-CD TROJAN! |
|
371662M.exe |
WinSysM
Added by the WINKO.AO WORM! |
|
[path to trojan] |
WinSysModule
Added by the AGENT-DIQ TROJAN! |
|
[path to trojan] |
winsysupd
Added by the STARTPA-NI TROJAN! |
|
371662L.exe |
WinSysW
Added by the WINKO.AO WORM! |
|
[path to trojan] |
WintelUpdate
Added by the SMALL-EKW TROJAN! |
|
[path to file] |
winupdateconn
Added by the COMBRA-A WORM! |
|
[path to file] |
winupdatefiv_
Added by the COMBRA.C WORM! |
|
[path to file] |
winupdate_
Added by the COMDOR.A WORM! |
|
[path to trojan] |
WinUpgrader
Added by the AGENT-DZ TROJAN! |
|
[random filename] |
WinUPPD.exe
Added by an unidentified WORM/TROJAN! |
|
33.exe |
winXP
Added by the ANPES WORM! |
|
[path to file] |
WinXP fix
Added by the RANKY.P TROJAN! |
|
[random filename].exe |
Winz Firewall
Added by a variant of the SDBOT WORM! |
|
[path to trojan] |
winzip
Added by the BANCOS.G or BANCOS.K TROJANS! Note - this is not part of the popular WinZip file compression utility |
|
[various filenames] |
Winzip
Added by the LERPA-A WORM! Note - the file name will be one of the following common.exe, common.pif, common.scr, Sexo.exe, Sexo.jpg.pif, ini_file__.pif, load_me__.tmp, msfile.pif, system_load_.pif or zipped.rar.pif |
|
[path to file] |
Win_BooT
Added by the BANKER-GI TROJAN! |
|
[path to worm] |
Wkyo86
Added by the PITIN-A WORM! |
|
[path to trojan] |
wlm
Added by the BANCOS-BCY TROJAN! |
|
[filename] |
worknote1
Added by the MEETOT WORM! |
|
[random filename] |
wpxmls
Added by a variant of the SLAPER TROJAN! |
|
?? |
WRECK GUARD
?? |
|
1037v.exe |
WUpdate
Added by the CLAGGER-AR TROJAN! |
|
[various filenames] |
Wupdate driver
Added by a variant of the SPYBOT WORM! |
|
[path to file] |
WXcmeinst
Added by the RANCK-CD TROJAN! |
|
[path to trojan] |
x3yy
Added by the TANNICK TROJAN! |
|
[filename] |
xp_system
Added by the BOOKMARKER.J TROJAN! This file is located in a Windowsinet20004 or Winntinet20004 folder |
|
[path to trojan] |
xserv
Added by the STUMPY-A TROJAN! |
|
[8 random letters].exe |
xswdmse
Added by a variant of the SPYBOT WORM! See here |
|
[path to trojan] |
yyyyyyyy
Added by the MUMUBOY.B TROJAN! |
|
[filename].PIF |
ZaCker
Added by the HOLAR.A WORM! |
|
[random filename] |
zcseacrt
Added by a variant of the SLAPER TROJAN! |
|
[path to trojan] |
Zen.A
Added by the ZOOMEN-A TROJAN! |
|
[random filename] |
Zeno
ZenoSearch adware |
|
0 |
ZeroAds
ZeroAds - culls ads, cookies and pop-ups. Tells ZeroAds not to run at startup - needed to start it manually |
|
0 |
Zonavirus
Added by the KITRO.D (or ARGEN.A) WORM! |
|
[random filename] |
zonealarm
Added by an unidentified VIRUS, WORM or TROJAN! The only exception is if you have an older version of the ZoneAlarm firewall running |
|
[various filenames] |
ZStart
VX2.Transponder parasite updater/installer related |
|
[random filename] |
Z_Start
ZenoSearch adware |
|
[path to file] |
[3-4 random letters]Srv32
Added by the BANCSADE-A TROJAN! |
|
[path to worm] |
[decimal number]
Added by the OPOSSUM-A WORM! The decimal number can be anything, eg, 0.12345678 |
|
[path to worm] |
[Ephemeral 2.5] by TreeHugger,
Added by the LEMOOR-C WORM! |
|
[path to worm] |
[Ephemeral 2.x] by TreeHugger,
Added by the LEMOOR.A WORM! where "x" represents 3 or 4 |
|
??plorer.exe |
[random name]
PurityScan/Clickspring adware |
|
?hkdsk.exe |
[random name]
PurityScan/Clickspring adware |
|
?hkntfs.exe |
[random name]
PurityScan/Clickspring adware |
|
??erinit.exe |
[random name]
PurityScan/Clickspring adware |
|
??chost.exe |
[random name]
PurityScan/Clickspring adware |
|
??oolsv.exe |
[random name]
PurityScan/Clickspring adware |
|
??xplore.exe |
[random name]
PurityScan/Clickspring adware |
|
??anregw.exe |
[random name]
PurityScan/Clickspring adware |
|
?ttrib.exe |
[random name]
PurityScan/Clickspring adware |
|
??ool32.exe |
[random name]
PurityScan/Clickspring adware |
|
??rss.exe |
[random name]
PurityScan/Clickspring adware |
|
??rvices.exe |
[random name]
PurityScan/Clickspring adware |
|
?ti2evxx.exe |
[random name]
PurityScan/Clickspring adware |
|
[random name].dll |
[random name]
SearchNet adware |
|
_autorun.exe |
[Randomly chosen existing folder name]
Added by the ANTINNY-L WORM! |
|
_cfg.exe |
[Randomly chosen existing folder name]
Added by the ANTINNY-L WORM! |
|
_config.exe |
[Randomly chosen existing folder name]
Added by the ANTINNY-L WORM! |
|
_env.exe |
[Randomly chosen existing folder name]
Added by the ANTINNY-L WORM! |
|
_loader.exe |
[Randomly chosen existing folder name]
Added by the ANTINNY-L WORM! |
|
_login.exe |
[Randomly chosen existing folder name]
Added by the ANTINNY-L WORM! |
|
_setup.exe |
[Randomly chosen existing folder name]
Added by the ANTINNY-L WORM! |
|
_start.exe |
[Randomly chosen existing folder name]
Added by the ANTINNY-L WORM! |
|
[path to trojan] |
[username] config
Added by the MOSUCK-H TROJAN! |
|
_ctcp.exe |
[various names]
Wareout - malware masquerading as a spyware and dialer remover |
|
10010.exe |
[various names]
Wareout - malware masquerading as a spyware and dialer remover |
|
321102.exe |
[various names]
Wareout - malware masquerading as a spyware and dialer remover |
|
34763.exe |
[various names]
Wareout - malware masquerading as a spyware and dialer remover |
|
80d0.exe |
[various names]
MediaMotor adware |
|
~`d}qzxu3zYF |
^`d}qZxu
Added by the GAOBOT.GEN!POLY WORM! |
|
_explore.exe |
_explore manager
Added by the SPEXTA-C TROJAN! |
|
[path to file] |
_Hazafibb
Added by the ZAFI.B WORM! |
|
_mzu_stonedrv2.exe |
_mzu_stonedrv2
Added by a variant of the DWNLDR-FTB TROJAN! |
|
_mzu_stonedrv3.exe |
_mzu_stonedrv3
Added by the DWNLDR-FTB TROJAN! |
|
_mzu_stonedrv7.exe |
_mzu_stonedrv7
Added by a variant of the FTB TROJAN! |
|
_Ntrdlhost.exe |
_ntrdlhost
Added by the DLOADER-JV TROJAN! |
|
_ntrrs.exe |
_ntrRescueService
Added by the DLOADER-JV TROJAN! |
|
_pnd_*****.exe [* = random char/digit] |
_pnd_Panda Antivirus
Added by the AGENT.NAK TROJAN! |
|
_svchost_.exe |
_System_Run
Added by the LINEAGE-Z TROJAN! |
|
_tdicli_.exe |
_tdiserv_
Added by the TDISERV.A WORM! |
|
_x-Finder.exe |
_x-Finder
Disconnects and redials an ISP modem to an adult content site |
|
[path to svchost.exe] |
{357AA41A-B7A8-4632-A27D-5B980B25CF43}
Added by the SMALL-AQ TROJAN! |
|
[path to trojan] |
{357AA41A-B7A8-4632-A27D-5B980B25CF43}
Added by the SMALL-EP TROJAN! |
