| |
|
|
|
| |
www.solveithere.com |
Start up list |
|
| |
| |
Name/Startup Item |
Command |
Comments |
| U |
0 |
pit.exe |
PrivateEye surveillance software. Uninstall this software
unless you put it there yourself |
| N |
1:00 |
hpdrv.exe |
HP utility for monitoring when
and how many recoveries have been done |
| X |
1 |
1.exe |
Added by the ESTEEMS TROJAN! |
| X |
1 |
lsass.scr |
Added by the BANCOS.V TROJAN! |
| X |
1 |
svchost.scr |
Added by the BANCOS.X TROJAN! |
| X |
27 |
csrss32.exe |
Added by the SLSORVE-D TROJAN! |
| X |
27 |
msm32.exe |
Added by the SLSORVE-E TROJAN! |
| X |
27 |
slsorve.exe |
Added by the SLSORVE-A TROJAN! |
| X |
252 |
winmgr.exe |
Added by the LEGMIR-AT TROJAN! |
| X |
333 |
svchost.exe |
Added by the JD-A TROJAN! Note -
this is not the legitimate svchost.exe process which is always located in the
System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure
in Msconfig/Startup! This one is located in a "Syswm1i" directory |
| X |
666 |
Ska.exe |
Added
by the PIPES TROJAN! |
| X |
678 |
lsas32.exe |
Added by the SLSORVE-B TROJAN! |
| X |
55278 |
grepclient1.exe |
Added by the LINEAGE-S TROJAN! |
| X |
123456 |
rundll32.exe shell32.dll,
Control_RunDLL ...123456.cpl |
Added by the KITRO.C (or
DANDI.A) WORM! 123456 can be any random 3 to 6 digit number |
| X |
456655 |
explorer.exe |
Added by the BIFROSE-DE TROJAN! Note - the legitimate Windows
Explorer (explorer.exe) is located in the Windows or Winnt folder and would
not normally appear in Msconfig/Startup unless you added it manually! This
one is located in the System folder |
| Y |
!1_pgaccount |
pgaccount.exe |
DiamondCS
ProcessGuard security software - stops malicious worms and trojans from being
executed silently in the background, as well as a variety of other attacks.
You will see one instant of pgaccount.exe for every active account on your
system, and this is essential for PG to work properly |
| Y |
!1_ProcessGuard_Startup |
procguard.exe |
DiamondCS
ProcessGuard security software - stops malicious worms and trojans from being
executed silently in the background, as well as a variety of other attacks |
| U |
!AVG Anti-Spyware |
avgas.exe |
Part of AVG Anti-Spyware
from Grisoft |
| U |
!ewido |
ewido.exe |
Part of Ewido anti-spyware |
| N |
!NoLoad |
winrecon.exe |
WinRecon keystroke logger/monitoring program - remove unless
you installed it yourself! |
| ? |
$EnterNet |
Enternet.exe |
Connection
manager for the EnterNet ISP. You can also use RASPPOE |
| X |
$sys$cmp |
$sys$xp.exe |
Added by the RYKNOS.B TROJAN! Attempts to utilize the Sony
Rootkit A.K.A. SecurityRisk.First4DRM security risk to hide itself on the
compromised computer |
| X |
$sys$crash |
$sys$sonyTimer.exe |
Added by the WELOMOCH TROJAN! |
| X |
$sys$crash |
$sys$sos$sys$.exe |
Added by the WELOMOCH TROJAN! |
| X |
$sys$crash |
$sys$WeLoveMcCOL.exe |
Added by the WELOMOCH TROJAN! |
| X |
$sys$drv |
$sys$drv.exe |
Added by the RYKNOS TROJAN! Attempts to utilize the Sony
Rootkit A.K.A. SecurityRisk.First4DRM security risk to hide itself on the
compromised computer |
| X |
$sys$momomomochin |
$sys$sonyTimer.exe |
Added by the WELOMOCH TROJAN! |
| X |
$sys$momomomochin |
$sys$sos$sys$.exe |
Added by the WELOMOCH TROJAN! |
| X |
$sys$momomomochin |
$sys$WeLoveMcCOL.exe |
Added by the WELOMOCH TROJAN! |
| X |
$sys$umaiyo |
$sys$sonyTimer.exe |
Added by the WELOMOCH TROJAN! |
| X |
$sys$umaiyo |
$sys$sos$sys$.exe |
Added by the WELOMOCH TROJAN! |
| X |
$sys$umaiyo |
$sys$WeLoveMcCOL.exe |
Added by the WELOMOCH TROJAN! |
| U |
$Volumouse$ |
volumouse.exe |
Volumouse
from Nirsoft. "Provides you a quick and easy way to control the sound
volume on your system - simply by rolling the wheel of your wheel mouse" |
| X |
$WindowsRegKey%update |
IEXPLORE.EXE |
Added by the RBOT-EZ WORM! Note
- this is not the legitimate Internet Explorer iexplore.exe process which is
always located in the Program FilesInternet Explorer folder and should not
normally figure in Msconfig/Startup! This file is located in the System
(9x/Me) or System32 (NT/2K/XP) folder |
| N |
%cmpmixtitle% |
%cmpmixstr% |
Possibly related to C-Media
Mixer Control panel? |
| N |
%FP%012-L2TP fts.exe |
fts.exe |
012.Net.il Israeli ISP software
front-end |
| U |
%FP%012-L2TP FWPortal.exe |
FWPortal.exe |
012.Net.il Israeli ISP dial-up
software |
| N |
%FP%1776 Internet fts.exe |
fts.exe |
1776 Internet US ISP software
ISP software front-end |
| U |
%FP%1776 Internet FWPortal.exe |
FWPortal.exe |
1776 Internet US ISP dial-up
software |
| N |
%FP%Barak013 fts.exe |
fts.exe |
Barak013 Israeli ISP software
front-end |
| U |
%FP%Barak013 FWPortal.exe |
FWPortal.exe |
Barak013 Israeli ISP dial-up
software |
| N |
%FP%Friendly fts.exe |
fts.exe |
Friendly ISP software front-end |
| X |
(*)API Machine |
winSOCKS.exe |
Homepage hijacker, see here (* = any digit) |
| X |
(*)Run |
win32API.exe |
Homepage hijacker, see here (* = any digit) |
| X |
(default) |
[random filename].exe |
Added by the BLACKMAL WORM! |
| X |
(default) |
rundll32.exe [path] Zykheptd.dll |
Added by the HESIVE.B TROJAN! |
| X |
(L4r1$$4) (4nt1) (V1ruz) |
SP00Lsv32.pif |
Added by the ASSIRAL.B WORM! |
| X |
*JanisRuckenbrodII |
janis.com |
Added by the POPS WORM! |
| X |
*Microsoft Update |
ctxma.exe |
Added by the STMU TROJAN! |
| X |
*Microsoft Update |
cxma.exe |
Added by the STMU TROJAN! |
| X |
*Microsoft Update |
wstcl.exe |
Added by the STMU TROJAN! |
| X |
*Microsoft Update |
wucxt.exe |
Added by the STMU TROJAN! |
| X |
*Microsoft Update |
wuytc.exe |
Added by the STMU TROJAN! |
| X |
*MS Setup |
[random filename] |
Virtumondo adware, also known as the VUNDO TROJAN! |
| X |
*Security Center |
secctr.exe |
Added by the SDBOT.BRO WORM! |
| Y |
*StateMgr |
statemgr.exe |
Windows ME default for System
Restore. Do NOT disable! |
| X |
*Windows [filename] Checker |
[filename] |
Added by the KEDEBE-B WORM! |
| X |
*windows update |
waurclt.exe |
Added by a variant of the RBOT WORM! |
| X |
*windows update |
wkmst.exe |
Added by the SDBOT.AVD WORM! |
| X |
*windows update |
wrauclt.exe |
Added
by the RBOT-QU WORM! |
| X |
*windows update |
wsctl.exe |
Added by the SPYBOT.PR WORM! |
| X |
*windows update |
wscxt.exe |
Added by the RBOT.AOS WORM! |
| X |
*windows update |
wuanclt.exe |
Added
by the RBOT-PG WORM! |
| X |
*windows update |
wuaucrlt.exe |
Added by the SPYBOT.HUR WORM! |
| X |
*windows update |
wuraclt.exe |
Added
by the RBOT-PO WORM! |
| X |
*windows update |
wurauclt.exe |
Added
by the RBOT-SY WORM! |
| X |
*WindowsAudio |
systemupd.exe |
Added by the AGENT-TH WORM! |
| X |
*WinLogon |
[trojan path] ren time:[random
number] |
Added by the VUNDO TROJAN! |
| X |
*winstats |
winstats.exe |
Added by the GARGAFX TROJAN! |
| X |
*wuauclt.exe |
w****.exe [* = random char] |
Added
by a variant of the RBOT-UG WORM! Note - * in the filename represents a
random char; variants spotted: wxmct.exe, wtmsv.exe, wxmst.exe, wmsvc.exe and
so on... |
| X |
,main drive Loader |
wininfo.exe |
Suspected
malware as it appears in 3 different registry locations - see here |
| X |
.. |
ABC2007.exe |
Added by the DLOADR-ASH TROJAN! |
| X |
.mscdr |
lassa.exe |
Added by the WEBUS.C TROJAN! |
| X |
.mscdr |
lsvchost.exe |
Added by the WEBUS.D TROJAN! |
| X |
.mscdsr |
lsvchost.exe |
Added by the CR TROJAN! |
| X |
.mscsbl |
svhost.exe |
Added
by the CMQ TROJAN! |
| X |
.msfupdate |
msveup.exe |
Added by the ALLOCUP.A WORM! |
| X |
.mssecure |
mssecure.exe |
Added by the DDOS_BOXED.X TROJAN! |
| ? |
.NET config |
sysmon32.exe |
?? |
| X |
.norton |
rchost.exe |
Added by a variant of the BOXED-A TROJAN! |
| X |
.nvsvc |
smss.exe |
Added by the IRCBOT-FP TROJAN!
Note - this is not the legitimate smss.exe process which should not normally
figure in Msconfig/Startup! |
| X |
.nvsvcb |
smssb.exe |
Added by the BOXED.CG TROJAN! |
| X |
.Prog |
services.exe |
Added by the NEVEG.B or NEVEG.C
WORMS! Note - this is not the legitimate services.exe process, which should
not appear in Msconfig/Startup! |
| X |
.Prog |
winlogon.exe |
Added by the NEVEG.A WORM! Note
- this is not the legitimate winlogon.exe process, which should not appear in
Msconfig/Startup! |
| X |
.protected |
N/A |
Smitfraud variant |
| X |
.svchost |
CSRSS.EXE |
Added by the WEBUS.F TROJAN!
Note - this is not the legitimate csrss.exe process which is always located
in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is located in the System folder |
| X |
.TEXTCONV |
csrss.exe |
Added by the WEBUS TROJAN! Note
- this is not the legitimate csrss.exe process, which should not appear in
Msconfig/Startup! |
| X |
.TEXTCONV |
lsass.exe |
Added by the WEBUS.B TROJAN!
Note - this is not the legitimate lsass.exe process which is always located
in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is located in the System folder |
| X |
.WMAudio |
csrss.exe |
Added by the WEBUS TROJAN! Note
- this is not the legitimate csrss.exe process, which should not appear in
Msconfig/Startup! |
| X |
.WMAudio |
lsass.exe |
Added by the WEBUS.B TROJAN!
Note - this is not the legitimate lsass.exe process which is always located
in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is located in the System folder |
| N |
/l:eng |
N/A |
Related to the Dell OEM version
of the Sound Blaster Audigy 2 sound card. If this item is listed and checked
in startup, the System32 Folder will appear on every startup. A patch is
available - filename R75304.EXE - that fixes the issue. You can find that
file at support.dell.com by typing that name in the 'Search' box available
there. It addresses the root of the problem in Creative's software and
corrects it. Unfortunately there is no direct link to the file, but it's
easily available using the search function |
| X |
;Rundll |
[filename] |
Added by the PWSLEGMIR.E TROJAN! |
| X |
?ekio Startups |
?nksvc32.exe |
Added by the AGOBOT-OV WORM where ? is a random character |
| X |
@ |
regedit -s ..win.dll |
Added by the SEEKER.K TROJAN! |
| N |
@Hoc Toolbar |
AtHoc.exe |
One-click activated browsing toolbar used by various
web-sites. See here for more info |
| N |
@loha |
reminder.exe |
Registration reminder for @loha@home E-mail utility |
| X |
@tour_ww |
@tour_ww[1].exe |
Adult content dialler |
| X |
[3-4 random letters] |
nslookup.exe |
PurityScan/Clickspring adware.
Not to be confused with the legitimate nslookup.exe which is found in the
System32 folder |
| X |
[3-4 random letters]Srv32 |
[path to file] |
Added by the BANCSADE-A TROJAN! |
| X |
[decimal number] |
[path to worm] |
Added by the OPOSSUM-A WORM! The decimal number can be
anything, eg, 0.12345678 |
| X |
[default] |
DrWatson32.exe |
Added by the DREMN TROJAN! |
| X |
[Entry name] |
System.exe |
Added by the NETHIEF-N TROJAN! |
| X |
[Ephemeral 2.5] by TreeHugger, |
[path to worm] |
Added by the LEMOOR-C WORM! |
| X |
[Ephemeral 2.x] by TreeHugger, |
[path to worm] |
Added by the LEMOOR.A WORM! where "x" represents 3
or 4 |
| X |
[executed file name] |
App.exe |
Added by the WAXPOW WORM! |
| X |
[executed file name] |
Regsrv32.com |
Added by the SOUTHGHOST WORM! |
| X |
[filename] |
svchost.scr |
Added by the BANKER-CC TROJAN! |
| X |
[original filename] |
svchost.scr |
Added by the BANCBAN-CX TROJAN! |
| X |
[original filename] |
xphost.scr |
Added by the BANCBAN-HM TROJAN! |
| X |
[random 12 digit number] |
admparse.exe |
Adsrv.com/IeDriver adware variant |
| X |
[random 12 digit number] |
advpack1.exe |
Adsrv.com/IeDriver adware variant |
| X |
[random 12 digit number] |
asferror.exe |
Adsrv.com/IeDriver adware variant |
| X |
[random 12 digit number] |
atitvo32.exe |
Adsrv.com/IeDriver adware variant |
| X |
[random 12 digit number] |
audiosrv.exe |
Adsrv.com/IeDriver adware variant |
| X |
[random 12 digit number] |
autodisc.exe |
Adsrv.com/IeDriver adware variant |
| X |
[random 12 digit number] |
avifile5.exe |
Adsrv.com/IeDriver adware variant |
| X |
[random 12 digit number] |
batmeter.exe |
Adsrv.com/IeDriver adware variant |
| X |
[random 12 digit number] |
bidispl2.exe |
Adsrv.com/IeDriver adware variant |
| X |
[random 12 digit number] |
bootvid2.exe |
Adsrv.com/IeDriver adware variant |
| X |
[random 12 digit number] |
bootvid4.exe |
Adsrv.com/IeDriver adware variant |
| X |
[random 12 digit number] |
browser8.exe |
Adsrv.com/IeDriver adware variant |
| X |
[random 12 digit number] |
cabview1.exe |
Adsrv.com/IeDriver adware variant |
| X |
[random 12 digit number] |
catsrvps.exe |
Adsrv.com/IeDriver adware variant |
| X |
[random 12 digit number] |
cmpbk321.exe |
Adsrv.com/IeDriver adware variant |
| X |
[random characters] |
rsbmsc.exe |
Detected by AntiVir antivirus as the BDS/Agent.adt TROJAN! |
| X |
[random characters] |
securewinload32x.exe |
Added by the OPTIXP-N TROJAN! Note - this trojan file is
found in the System (9x/Me) or System32 (NT/2K/XP) folder. The file
system32dir2a.exe will also be found in the same folder and should be deleted |
| X |
[random filename] |
slk8x2peu.exe |
QuickLinks
adware |
| X |
[random name] |
??anregw.exe |
PurityScan/Clickspring adware |
| X |
[random name] |
??chost.exe |
PurityScan/Clickspring adware |
| X |
[random name] |
??erinit.exe |
PurityScan/Clickspring adware |
| X |
[random name] |
??ool32.exe |
PurityScan/Clickspring adware |
| X |
[random name] |
??oolsv.exe |
PurityScan/Clickspring adware |
| X |
[random name] |
??plorer.exe |
PurityScan/Clickspring adware |
| X |
[random name] |
??rss.exe |
PurityScan/Clickspring adware |
| X |
[random name] |
??rvices.exe |
PurityScan/Clickspring adware |
| X |
[random name] |
??xplore.exe |
PurityScan/Clickspring adware |
| X |
[random name] |
?hkdsk.exe |
PurityScan/Clickspring adware |
| X |
[random name] |
?hkntfs.exe |
PurityScan/Clickspring adware |
| X |
[random name] |
?ti2evxx.exe |
PurityScan/Clickspring adware |
| X |
[random name] |
?ttrib.exe |
PurityScan/Clickspring adware |
| X |
[random name] |
[random name].dll |
SearchNet adware |
| X |
[random name] |
charmapnt.exe |
Added by the BANCOS-DR TROJAN! |
| X |
[random name] |
chkdsk.exe |
PurityScan/Clickspring adware. Unlike this file, the
legitimate Windows chkdisk.exe will in Windows XP/2K/NT always be located in
the WinntSystem32 or WindowsSystem32 folder, and ought moreover NOT to figure
among the startups! |
| X |
[random name] |
CXTPLS_LOADER.EXE |
AproposMedia adware |
| X |
[random name] |
d?dplay.exe |
PurityScan/Clickspring adware |
| X |
[random name] |
d?xplore.exe |
PurityScan/Clickspring adware |
| X |
[random name] |
dvdplay.exe |
PurityScan/Clickspring adware |
| X |
[random name] |
iexpl0ra.exe |
Added by the ULPM.BD TROJAN! |
| X |
[random name] |
j?vaw.exe |
PurityScan/Clickspring adware |
| X |
[random name] |
l?ass.exe |
PurityScan/Clickspring adware |
| X |
[random name] |
l?gonui.exe |
PurityScan/Clickspring adware |
| X |
[random name] |
m?config.exe |
PurityScan/Clickspring adware |
| X |
[random name] |
m?dtc.exe |
PurityScan/Clickspring adware |
| X |
[random name] |
m?iexec.exe |
PurityScan/Clickspring adware |
| X |
[random name] |
n?lookup.exe |
PurityScan/Clickspring adware |
| X |
[random name] |
n?pdb.exe |
PurityScan/Clickspring adware |
| X |
[random name] |
n?tdde.exe |
PurityScan/Clickspring adware |
| X |
[random name] |
n?tepad.exe |
PurityScan/Clickspring adware |
| X |
[random name] |
ping.exe |
PurityScan/Clickspring adware.
Note - do not confuse with the Microsoft utility of the same name as
described here |
| X |
[random name] |
r?gedit.exe |
PurityScan/Clickspring adware |
| X |
[random name] |
r?gsvr32.exe |
PurityScan/Clickspring adware |
| X |
[random name] |
r?ndll.exe |
PurityScan/Clickspring adware |
| X |
[random name] |
r?ndll32.exe |
PurityScan/Clickspring adware |
| X |
[random name] |
rundl13a.exe |
Added by the GAMPASS-L TROJAN! |
| X |
[random name] |
scanregw.exe |
PurityScan/Clickspring adware |
| X |
[random name] |
se?vices.exe |
PurityScan/Clickspring adware |
| X |
[random name] |
Servere.exe |
Added by the LEGMIR-AQM TROJAN! |
| X |
[random name] |
spoolsv.exe |
PurityScan/Clickspring adware.
Do not confuse with the legitimate Microsoft Printer Spooler Service
(spoolsv.exe) |
| X |
[random name] |
svchost.exe |
Added by the BANCBAN-JC TROJAN!
Note - this is not the legitimate svchost.exe process which is always located
in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is located in a "config"
subfolder of the Winnt or Windows folder |
| X |
[random name] |
Svchosts.exe |
Added by the SDBOT.N TROJAN! |
| X |
[random name] |
t?skmgr.exe |
PurityScan/Clickspring adware |
| X |
[random name] |
w?aclt.exe |
PurityScan/Clickspring adware |
| X |
[random name] |
w?auboot.exe |
PurityScan/Clickspring adware |
| X |
[random name] |
w?auclt.exe |
PurityScan/Clickspring adware |
| X |
[random name] |
w?crtupd.exe |
PurityScan/Clickspring adware |
| X |
[random name] |
w?nlogon.exe |
PurityScan/Clickspring adware |
| X |
[random name] |
w?nspool.exe |
PurityScan/Clickspring adware |
| X |
[random name] |
w?nword.exe |
PurityScan/Clickspring adware |
| X |
[random name] |
w?wexec.exe |
PurityScan/Clickspring adware |
| X |
[random name] |
wincpu.exe |
Added by an unidentified VIRUS,
WORM or TROJAN! |
| X |
[random name] |
wuauboot.exe |
PurityScan/Clickspring adware.
Note - do not confuse with the legitimate wuauboot.exe file, which should not
figure in Msconfig/Startup! |
| X |
[random name] |
wucrtupd.exe |
PurityScan/Clickspring adware.
Do not confuse with the legitimate Windows Critical Update Notification
(wucrtupd.exe) |
| X |
[random names] |
eee2.exe |
MediaMotor adware |
| X |
[random number] |
explorer.exe |
Added by the KEYLOG-AN TROJAN! Note - the legitimate Windows
Explorer (explorer.exe) is located in the Windows or Winnt folder and would
not normally appear in Msconfig/Startup unless you added it manually! This
one copies it's self under 9 additional file names in the System (9x/Me) or
System32 (NT/2K/XP) folder |
| X |
[random] |
lsass.scr |
Added by the BANCBAN-CW TROJAN! |
| X |
[random] |
svchost.scr |
Added by the BANCBAN-CY TROJAN! |
| X |
[Randomly chosen existing folder
name] |
_autorun.exe |
Added by the ANTINNY-L WORM! |
| X |
[Randomly chosen existing folder
name] |
_cfg.exe |
Added by the ANTINNY-L WORM! |
| X |
[Randomly chosen existing folder
name] |
_config.exe |
Added by the ANTINNY-L WORM! |
| X |
[Randomly chosen existing folder
name] |
_env.exe |
Added by the ANTINNY-L WORM! |
| X |
[Randomly chosen existing folder
name] |
_loader.exe |
Added by the ANTINNY-L WORM! |
| X |
[Randomly chosen existing folder
name] |
_login.exe |
Added by the ANTINNY-L WORM! |
| X |
[Randomly chosen existing folder
name] |
_setup.exe |
Added by the ANTINNY-L WORM! |
| X |
[Randomly chosen existing folder
name] |
_start.exe |
Added by the ANTINNY-L WORM! |
| X |
[trojan filename] |
Install.exe |
Added by the BANCBAN-FS TROJAN! |
| X |
[trojan name] |
svchost.exe |
Added by the BANCBAN-CL TROJAN!
Note - this is not the legitimate svchost.exe process which should not
normally figure in Msconfig/Startup! |
| X |
[username] config |
[path to trojan] |
Added by the MOSUCK-H TROJAN! |
| X |
[various filenames] |
qtsks.exe |
Added by the WEBDOR.Y TROJAN |
| X |
[various names] |
_ctcp.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
10010.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
321102.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
34763.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
80d0.exe |
MediaMotor adware |
| X |
[various names] |
ABCXYZ.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
abrek.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
ActionScr.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
AliceSD.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
AppMasterCenter.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
atl_helper.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
ATLIEHELPER.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
avpmondll.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
awinrar.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
backd.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
backorif.exe |
Added by a
NTROOTKIT TROJAN variant! |
| X |
[various names] |
backorif.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
barint.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
bhoserv.exe |
Added by a
NTROOTKIT TROJAN variant! |
| X |
[various names] |
bhoserv.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
bingo9.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
bling.exe |
Added
by the RBOT-NI WORM! |
| X |
[various names] |
bnui.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
Bogobot.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
borlandg.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
BoundRec.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
br0ken.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
Brong32.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
clamav.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
cmon14.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
cnftips.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
control64.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
corrida.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
crsrs.exe |
Added by the FORBOT-AK WORM! |
| X |
[various names] |
CToolBar.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
DCC_send.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
defect08.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
dePloy.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
Dest068.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
dialer423.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
diskserv.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
driver32.exe |
Added by a
variant of the SDBOT WORM! |
| X |
[various names] |
driver64.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
dstart2.exe |
Adware - recognized by
Kaspersky antivirus as Trojan-Downloader.Small.alw |
| X |
[various names] |
DTOURS.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
elf.exe |
Elf is a hacker program, tied to
a trojan server |
| X |
[various names] |
ERTYDF.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
ExchangeMaster.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
EXE32EXE.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
exe81.exe |
MediaMotor adware |
| X |
[various names] |
exe82.exe |
MediaMotor adware |
| X |
[various names] |
expoler.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
FLKPT.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
forces_elite.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
ftbar.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
gabber.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
hyandex.exe |
Added by a
NTROOTKIT TROJAN variant! |
| X |
[various names] |
hyandex.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
iehelper.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
iesetupdll.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
init32.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
InpriseMon.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
install2.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
JAguAr.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
jopplerg.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
Kargo.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
keybdll.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
KeywordFinder.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
killall.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
LOPTCON.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
media64.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
mediaplayer32.exe |
Added by a variant of the RBOT WORM! |
| X |
[various names] |
MNTP.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
MON76234.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
moniter.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
mozilla-text.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
msag.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
msdos32.exe |
Added by a variant of the
AGENT.AH TROJAN! |
| X |
[various names] |
ms-its.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
MsNetHelper.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
MSTCPDLL.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
new32.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
newbreed.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
nmdllw.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
NopeZ.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
NsCplTray.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
NSYSCPLSTR.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
NukeSpan.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
openstre.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
panel_its.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
ParisM.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
PasswdMon.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
pizda.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
powerdll.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
PrcIdle.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
prcmon.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
Preliminary.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
prgsys0984.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
progmen.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
qwe.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
RtlFindVal.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
runload32.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
SAPSTR.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
sbin.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
scanSYS.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
seli.exe |
MediaMotor adware |
| X |
[various names] |
Serviceprocess.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
SetupExeDll.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
Shaitan1678.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
shch.exe |
Premium rate adult content
dialler |
| X |
[various names] |
sitebar.exe |
Added by an unidentified TROJAN! |
| X |
[various names] |
slamm.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
sound64.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
SpyElim.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
srbho.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
ssweeper.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
StartCpl.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
startman.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
StatusCheck.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
stuffmon.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
svchostss.exe |
Added by a variant of the RBOT WORM! |
| X |
[various names] |
sysconf16.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
SysEntry.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
sysmon12.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
syspanel.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
SysSupport.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
SYSTRAV.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
TemplateDongle.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
teqq32.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
Testimonials.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
TForm1.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
TorontoMail.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
Trayz.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
TRPT.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
trycrt.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
typeconf.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
Uint32.exe |
Added by a
NTROOTKIT TROJAN variant! |
| X |
[various names] |
Uint32.exe |
Added by a
NTROOTKIT TROJAN variant! |
| X |
[various names] |
Uint32.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
uio.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
UserSp1.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
utsgmon.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
vxdman.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
WhatsNewBot.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
win32snd.exe |
Added
by the RBOT-DQ WORM! |
| X |
[various names] |
Windows32.exe |
Added by any of a number of WORM
or TROJAN variants |
| X |
[various names] |
WinInitDll.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
winlogon32.exe |
Added by an unidentified WORM or
TROJAN! |
| X |
[various names] |
wormexe.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
WTFCTF.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
XTermInit.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
xwiz.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
xxtoolbar.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
zantu.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
[various names] |
zxc.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
\\TOOLS.exe |
tools.exe |
Lycos SideSearch/Fastfind.org
adware |
| X |
\IEService.exe |
IEService.exe |
FastFind parasite variant |
| X |
\Pribi.exe |
Pribi.exe |
FastFind adware variant |
| X |
\SysInit |
svchost.exe |
Added by the STARTPA-BD TROJAN!
Note - this is not the legitimate svchost.exe process which is always located
in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is located in the Program Files/Common
Files folder |
| X |
^`d}qZxu |
~`d}qzxu3zYF |
Added by the GAOBOT.GEN!POLY WORM! |
| U |
_AntiSpyware |
masalert.exe |
Part of McAfee AntiSpyware |
| U |
_AntiSpyware |
MssCli.exe |
Part of McAfee AntiSpyware |
| X |
_Cat1 |
nmmst.exe |
Added by the SMALL.SD TROJAN! |
| X |
_Cat2 |
nmstt.exe |
Added by the SMALL-DT TROJAN! |
| X |
_Cat3 |
msmsgrxp.exe |
Added by a variant of the SMALL-DT downloader TROJAN |
| X |
_Cat4 |
msmsgr2.exe |
Added by the SMALL-EB TROJAN! |
| X |
_Hazafibb |
[path to file] |
Added by the ZAFI.B WORM! |
| X |
_mzu_stonedrv2 |
_mzu_stonedrv2.exe |
Added by a variant of the DWNLDR-FTB TROJAN! |
| X |
_mzu_stonedrv3 |
_mzu_stonedrv3.exe |
Added by the DWNLDR-FTB TROJAN! |
| Y |
_mzu_stonedrv7 |
_mzu_stonedrv7.exe |
Added by a variant of the FTB TROJAN! |
| X |
_ntrdlhost |
_Ntrdlhost.exe |
Added by the DLOADER-JV TROJAN! |
| X |
_ntrRescueService |
_ntrrs.exe |
Added by the DLOADER-JV TROJAN! |
| X |
_pnd_Panda Antivirus |
_pnd_*****.exe [* = random
char/digit] |
Added by the AGENT.NAK TROJAN! |
| X |
_Setv |
Setv.com |
Added by the BESAM WORM! |
| X |
_svchost.con |
svchost.com |
Added by the ERKEZ.C WORM! |
| X |
_System_Run |
_svchost_.exe |
Added by the LINEAGE-Z TROJAN! |
| X |
_SystemBoot |
services.exe |
Added by the SOBER-Q TROJAN!
Note - this is not the legitimate services.exe process which is always
located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not
normally figure in Msconfig/Startup! This file is located in a HelpHelp
subfolder of the Windows or Winnt folder |
| X |
_SystemDriver |
csrss.exe |
Added by the ASCETIC.B TROJAN!
Note - this is not the legitimate csrss.exe process which is always located
in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is located in a addinsexplorer subfolder
of the Winnt or Windows folder |
| X |
_tdiserv_ |
_tdicli_.exe |
Added by the TDISERV.A WORM! |
| U |
_winadm |
winadm.exe |
Parents
Friend - "Log any activity and protect programs with a password. Further
more you can lock the pc any hour in the week you want with the main
password. You can also give users allowed programs in their program-lists and
you can limit the maximal daily hours and maximal weekly hours user spend on
the PC" |
| X |
_WinCheck |
services.exe |
Added by the SOBER.V WORM! |
| X |
_WinData |
services.exe |
Added by the SOBER.AA WORM! Note
- this is not the legitimate services.exe process which is always located in
the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is located in a "PoolData"
subfolder of the Windows or Winnt folder |
| X |
_Windows |
services.exe |
Added by the SOBER.X WORM! Note
- this is not the legitimate services.exe process which is always located in
the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is located in a "WinSecurity"
subfolder of the Windows or Winnt folder |
| X |
_WinMain |
winexec.exe |
Added by the DLOADER-XX TROJAN! |
| X |
_WinStart |
services.exe |
Added by the SOBER.O WORM! Note
- this is not the legitimate services.exe process which is always located in
the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is located in a Connection WizardStatus
subfolder of the Windows or Winnt folder |
| X |
_winsystem.sys |
smss.exe |
Added by the SOBER.K TROJAN!
Note - this is not the legitimate lsass.exe process which is always located
in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is located in a msagentwin32 subfolder
of the Winnt or Windows folder |
| X |
_x-Finder |
_x-Finder.exe |
Disconnects and redials an ISP
modem to an adult content site |
| U |
{0228e555-4f9c-4e35-a3ec-b109a192b4c2} |
gnotify.exe |
Google Gmail Notifier. Alerts you when you have new Gmail
messages |
| U |
{1290A33C-85F5-4164-A1BE-7DD299D4986A} |
PBKScheduler.exe |
Scheduler for CyberLink PowerBackup - archiving/backup
utility |
| X |
{12EE7A5E-0674-42f9-A76B-000000004D00} |
rundll32.exe [path] stlb2.dll,
DllRunMain |
BrowserAid/BrowserPal foistware |
| X |
{1C-CC-C5-54-ZN} |
dwdsregt.exe |
ZenoSearch adware |
| X |
{2CF0B992-5EEB-4143-99C0-5297EF71F444} |
rundll32.exe stlbdist.dll,
DllRunMain |
BrowserAid/BrowserPal foistware |
| X |
{2CF0B992-5EEB-4143-99C2-5297EF71F44B} |
rundll32.exe stlbupdt.DLL,
DllRunMain |
BrowserAid/BrowserPal foistware |
| X |
{2F-FF-F4-4C-ZN} |
omdsregk.exe |
ZenoSearch adware |
| X |
{357AA41A-B7A8-4632-A27D-5B980B25CF43} |
[path to svchost.exe] |
Added by the SMALL-AQ TROJAN! |
| X |
{357AA41A-B7A8-4632-A27D-5B980B25CF43} |
[path to trojan] |
Added by the SMALL-EP TROJAN! |
| X |
{357AA41A-B7A8-4632-A27D-5B980B25CF43} |
services.exe |
Added by FakeMessage/AdRotator
adware. Note - this is not the legitimate services.exe process which is
always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should
not normally figure in Msconfig/Startup! This file is located in an "Inetsrv"
subfolder |
| X |
{8C-C4-4A-A4-ZN} |
dwdsregt.exe |
ZenoSearch adware |
| X |
{A70F6A1D-0195-42a2-934C-D8AC0F7C08EB} |
rundll32.exe E6F1873B.DLL,
D9EBC318C |
BrowserAid/BrowserPal foistware |
| U |
µTorrent |
utorrent.exe |
µTorrent - BitTorrent client
for Windows sporting a very small footprint. It was designed to use as little
cpu, memory and space as possible while offering all the functionality
expected from advanced clients |
| X |
000hpdllhos |
hpdllhost.exe |
LZIO.com
adware downloader |
| U |
000StTHK |
000StTHK.exe |
Toshiba Hot key functionality
for the function keys (Fn-Esc, Fn-F1 (lock), Fn-F2, Fn-F3, Fn-F4, Fn-F5
(switching between laptop and CRT display output), etc...) |
| X |
0050726-007-i32-1 |
0050726-007-i32-1.exe |
Added by the BANCBAN-EC TROJAN! |
| ? |
00DSKSVR00 |
desksaver.exe |
Related to
Advanced Desktop Shield |
| ? |
00DSKSVR01 |
desksaver.exe |
Related to
Advanced Desktop Shield |
| Y |
00TCrdMain |
TCrdMain.exe |
Related to the flash card slot
on a Toshiba laptop. Ending this process will disable access to the flash
cards |
| U |
00THotkey |
00THotKey.exe |
For Toshiba Satellite notebook
series to use the front buttons, play, stop, next, prev. |
| U |
0190 Warner |
WARN0190.EXE |
Anti-dialer program (Germany) |
| U |
0900 Warner |
WARN0900.EXE |
Anti-dialer program (Germany) |
| X |
0mcamcap |
0mcamcap.exe |
Added by the COSIAM-H TROJAN! |
| X |
0utlook Express |
*****.exe [* = random char] |
Added
by the RBOT-CC WORM! Note the first letter is actually the digit
"0" and not a capital "o" |
| X |
1111swapmgr.exe |
1111swapmgr.exe |
Added by the IC TROJAN! |
| U |
12Ghosts Popup-Killer |
12popup.exe |
12Ghosts
Popup-Killer |
| ? |
17779Proj2002 |
N/A |
?? |
| X |
180adsolution |
180adsolution.exe |
NCase adware |
| X |
180ax |
180ax.exe |
NCase adware |
| X |
180ClientStubInstall |
******.tmp [* = random
digit/char] |
180Solutions adware related |
| X |
180ClientStubInstall |
[path to trojan] |
180Solutions adware related |
| X |
180ClientStubInstall |
stubinstaller****.exe [* =
digit] |
180Solutions adware related |
| X |
196_150_ni |
196_150_ni.exe |
WinFixer web installer. Winfixer is "Foistware",
pretending to be system optimization, protection and recovery software -
stealth installed, see here |
| X |
197_150_ni_3 |
197_150_ni_3.exe |
WinFixer web installer. Winfixer is "Foistware",
pretending to be system optimization, protection and recovery software -
stealth installed, see here |
| N |
1A:MacVisionTrayMonitor |
TrayMonitor.exe |
Comes with the MacVision program
for monitoring tray icons (Note : program is by Stardock) |
| Y |
1A:Stardock MCP |
mcpserver.exe |
Master Control Program for
Stardock apps, in development. People should leave it running if they're
using any of the Stardock applications |
| Y |
1A:Stardock TrayMonitor |
TrayServer.exe |
For monitoring tray icons - if
disabled icons will not be displayed in ObjectBar or DesktopX |
| ? |
1CmailS |
NETMAIL.EXE |
?? |
| X |
1on1 |
1on1.exe |
Adult content dialler |
| U |
1Srv32 |
SpyAgent4.exe |
SpyTech
SpyAgent monitoring software. "Spy software that allows you to monitor
EVERYTHING users do on your PC." |
| X |
1u7 |
1u7.exe |
Added by the MURBAC-A TROJAN! |
| U |
1Win32Cfg |
Keyloggerpro.exe |
Keyloggerpro keystroke logger/monitoring program - remove
unless you installed it yourself! |
| U |
1Win32Cfg |
SpyBuddy.exe |
SpyBuddy keystroke logger/monitoring program - remove unless
you installed it yourself! |
| X |
1WinCfg32 |
WebMailSpy.exe |
WebMailSpy spyware |
| X |
2020Downloader |
mssvr.exe |
2020Search Toolbar |
| X |
2Search |
main.exe |
2Search adware |
| X |
2thousandbuck |
[path to file] |
Added by the RANKY.L TROJAN! |
| U |
2wSysTray |
2portalmon.exe |
2Wire Homeportal user interface |
| X |
32-bit Thunking service |
thunk32.exe |
Added by the DERDERO.A WORM! |
| ? |
39ELTFH25Z8SKF |
Ezg1q5.exe |
Seems to be
associated with software by Resplendence SP ? |
| Y |
3c1807pd |
3cmlink.exe 3cpipe-3c1807pd |
3Com WinModem
driver. See here for more WinModem information |
| Y |
3capplnk |
3capplnk.exe |
US Robotics Modem driver |
| N |
3cdminic |
3CDMINIC.EXE |
3Com DMI (DynamicAccess Desktop Management Interface)
Agent associated with 3Com network cards |
| Y |
3CM Link |
3cmcnkw.exe |
Required for a US Robotics
WinModem as it provides the link to Windows - won't work without it |
| Y |
3Cmlink |
3CmlinkW.exe |
For a US
Robotics WinModem. Provides the link to Windows as the CPU does the
processing on WinModems - won't work without it. See here for more WinModem
information |
| N |
3ComDMIAgent |
3CDMINIC.EXE |
3Com DMI (DynamicAccess Desktop Management Interface)
Agent associated with 3Com network cards |
| Y |
3cpipe-USRpdA |
USRmlnkA.exe |
Modem driver files from US
Robotics |
| X |
3D Text |
3D Text.scr |
Added by the JERMY.A WORM! |
| X |
3d_sound |
3d_sound.exe |
Added by the RIADOS-A TROJAN! |
| U |
3Deep Control Panel |
3DeepCTL.EXE |
Now superseeded by
ColorWizzard - 3Deep corrected lighting, shading and color for all your 2D
and 3D games |
| X |
3Dfx Acc |
GFXACC.EXE |
Added by the GIBE WORM! |
| N |
3dfx Task Manager |
3dfxMan.exe |
System Tray application for 3dfx
Voodoo 3/4/5 functions. Available via Start -> Programs |
| Y |
3dfx Tools |
3dfxCmn.dll |
Updates the registry with
information that can't be held for Voodoo 3/4/5 series graphics cards.
Important for owners of these cards |
| Y |
3dfxv2ps.dll |
3dfxv2ps.dll |
Updates the registry with info
that can't be held for 3dfx Voodoo 2 video cards. Important for owners of
these cards |
| ? |
3Dlabs Taskbar Display Manager |
3DLman.exe |
3DLabs graphics driver related. System Tray access to display settings? |
| U |
3DLabsHelperDemon |
3dldemon.exe |
Directly from the programs
author "It is a tiny program that is installed by the Permedia2/3 and
probably other Oxygen-series cards. Normally it sits in the background doing
nothing at all (sleeping on a semaphore), so it should take zero CPU time and
virtually zero memory, since it will all be paged out to the hard
drive." In most cases it can be safely disabled |
| Y |
3DMouse.EXE |
3DMouse.EXE |
Dritek System Inc. 3D Mouse
driver |
| U |
3qdctl.exe |
3qdctl.exe |
Provided with Terratec 128i PCI
and similar sound cards. Loads a sound profile at bootup, restoring volume
and other audio settings to a pre-determined default. Similar to Creative
Lab's AudioHQ |
| Y |
3ware 3DM |
3dm.exe |
Monitors status of the disk
array on 3ware IDE RAID controllers |
| X |
4da92ad5.exe |
4da92ad5.exe |
Added by the DLOADR-WZ TROJAN! |
| X |
4wd!!! |
Natal!.pif |
Added by the OPASERV.AI WORM! |
| X |
5-1-61-96 |
members-area.exe |
Adult content dialler |
| X |
5-2-46-112 |
5-2-46-112.exe |
Adult content pop-up dialler. Removal instructions here |
| X |
5p4m |
[path to trojan] |
Added by the LITEBOT-C TROJAN! |
| X |
5whgue21 |
5whgue21.exe |
ClearSearch adware |
| X |
98D0CE0C16B1 |
rundll32.exe D0CE0C16B1,
D0CE0C16B1 |
BrowserAid/BrowserPal foistware |
| X |
9m |
winlog0n.exe |
Added by the LEGMIR-AQK TROJAN! |
| Y |
9xadiras |
9xadiras.exe |
Allied Telesyn
AT series router/modem related - apparently required |
| X |
9xHtProtect |
AVprotect9x.exe |
Added by the NETSKY.M WORM! |
| X |
a |
a.exe |
Commercials file that registers
itself in the system registry and redirects IE to a certain commercial
website |
| X |
a |
jesse.exe |
Added
by the MELO-A WORM! |
| X |
A New Windows Updater |
w32NTupdt.exe |
Added by MYTOB.BM WORM! |
| U |
A Verizon App |
VERIZO~1.EXE |
Part of Verizon Online
Support Manager |
| ? |
a_vpd |
vpd.exe |
Located in the IBMTOOLSVPD
sub-directory. What does it do and is it required? |
| U |
A1000 Settings Utility |
cpqa1000.exe |
Compaq A1000 Print Fax
All-in-One copy scan printer software. Required in the Startup in order to
scan, print, copy and fax. Only required if you use these features |
| U |
a² |
a2guard.exe |
a-Squared antitrojan - can
be run on demand but necessary in Startup if you prefer the a² 'Background
Guard' real time protection feature |
| U |
A4Proxy |
A4Proxy.exe |
Anonymity
4 Proxy - local proxy server that makes you anonymous when visiting web sites |
| ? |
AAACLEAN |
AAACLEAN.INF |
?? |
| ? |
AAAKeyboard |
?? |
?? |
| N |
AAATraySaver |
TraySaver.exe |
System Tray management utility from Mike Lin which allows you
to hide, show, restore icons that are lost in an Explorer crash, remove dead
tray icons, minimize any window to the System Tray |
| U |
AAK |
aak.exe |
Advanced Anti-Keylogger
- "Anti-spy software to prohibit operation of any keyloggers currently
in use or presently being developed anywhere" |
| X |
Aaou |
amee.exe |
PurityScan/Clickspring adware |
| X |
Aapp |
adprot.exe |
AdBlaster adware |
| ? |
aauclient |
ACNUpdater.exe |
Appears to be related to software from Accenture.com |
| ? |
ab EazyScheduler |
ezsched.exe |
?? |
| N |
ABBYY Community Agent |
CAGENT.EXE |
Installed with the Optical
Character Recognition (OCR) software that comes bundled with a Compaq A3000
all-in-one printer/scanner. Its function appears to be to link you to the
internet in an attempt to buy the 5.0 version of the software |
| U |
ABC |
keylogger.exe |
Keystroke logger/monitoring
program - remove unless you installed it yourself! |
| X |
abcdefgh |
abcdefgh.exe |
EPJ TROJAN! |
| U |
ABIT uGuru |
uGuru.exe |
ABIT µGuru - on motherboards incorporating the µGuru
processor this provides quick access to "hardware monitoring,
overclocking, BIOS flashing and audio tweakin |
| N |
ABITEQ |
abiteq.exe |
Monitoring utility for ABIT
Motherboards. Displays system voltages, temperatures and fan speeds |
| X |
Abrada WIN32 |
abrada.exe |
Added by the DERMON-G TROJAN! |
| U |
Absolute Shield |
dseraser.exe |
Absolute Shield Evidence Eliminator - internet history eraser |
| U |
Absolute StartUp monitor |
ASMon.exe |
Absolute
Startup - startup monitor from F-Group Software |
| U |
AbsoluteShield Internet Eraser |
cseraser.exe |
AbsoluteShield
Internet Eraser - "protects your privacy by cleaning up all the tracks
of your Internet and computer activities" |
| X |
ABsr |
absr.exe |
Added by the AUTOUPDER TROJAN! |
| X |
absr |
mwsvm.exe |
SeekSeek search hijacker related - see here |
| X |
abtu |
lopsearch.exe |
Loads the
executable for Lop.com. lopsearch.exe is the beta version |
| X |
abtu |
mp3serch.exe |
Loads the
executable for Lop.com. mp3serch.exe is the final version |
| U |
AbyssWebServer |
abyssws.exe |
Abyss web server |
| Y |
AcBtnMgr_Xxx |
AcBtnMgr_Xxx.exe |
Associated with the Lexmark Xxx
(where "xx" is the model) all-in-one printer/scanner/copier.
Required for correct operation |
| U |
acc |
acc.exe |
Advanced
Call Center - "full-featured yet easy-to-use answering machine software
for your voice modem" |
| X |
ACCDEFRAGINFO |
[path to worm] |
Added
by the DARBY-O WORM! |
| U |
Accelerate |
accelerate.exe |
Webroot Accelerate - allows you
to optimize Windows network registry settings in order to boost surfing
speeds. Leave this enabled if you find it improves your connection |
| N |
Access Ramp Monitor |
armon32.exe |
Monitors your progress on the
internet; hang-ups, connection speeds, internet congestion and traffic flow.
It prevents some games from running also. To disable the Access Ramp Monitor
(1) Open Windows Explorer (2) Open the Program Files folder (3) Open the
MindSpring folder (4) Open the AccessRamp folder (5) Double-click on the
ARMCfg32.exe file (6) Uncheck Enable Dialup Monitor and click OK (7) Restart
the computer and try again |
| X |
Access WebControl |
[path to file] |
Added by the PPDOOR-M TROJAN! |
| U |
AccessManager |
AccessMgr.exe |
Part of
SmartPipes SecureSite software. "SecureSite enables rapid turnup and
enhanced administration of VPNs. It automates and simplifies tasks for VPN
design and policy management, access control management, and key
management" |
| X |
AccessMedia P2P Loader |
amp2pl.exe |
My AccessMedia toolbar related,
stealth installed! |
| U |
AccessoriesPlus |
clockplus.exe |
Clock
Plus, part of Accessories Plus allows you to select from dozens of
alternatives for the Windows clock |
| N |
AccessRamp Monitor01 |
ARMon32a.exe |
From a visitor "Just wanted
to provide you with some info on Access Ramp software installed with Verizon
DSL accounts in those areas that use the Winpoet PPPoE software. The Access
Ramp TSRs are installed as part of IP Insight software (can't remember the
software maker). You can decline to install IP Insight during Winpoet setup,
or go into Add/Remove programs uninstall IP Insight by hand if it's already
installed. It really doesn't do a darn thing for you. It was intended to help
DSL techs monitor QoS, but the backend part was never implemented (at least
as of earlier this year). This will not affect the user's ability or
inability to access their DSL service." |
| N |
AccessRampLAN01 |
ARUpld32.exe |
Version of the AccessRamp
Monitor01 entry for LAN connections - a history uploader. The key in turning
it off is a file named ARUCfg32.exe. This file (ARUCfg32.exe) does not show
up in the startup process. If you have this file, you can execute it and remove
all the monitoring activities it does. Removing all the checks in all the
boxes (both tabs) still calls ARUpld32.exe to start when you start the dial
up. You can block it from sending info if you have Zone Alarm installed.
Renaming the extension of ARUCfg32.exe to ARUCfg32.exe1 works. The
ARUpld32.exe is not loaded when launching the dial up client. Written by IP
Insight and also included with Earthlink Total Access 2003 |
| U |
AcctMgr |
AcctMgr.exe |
Norton™
Password Manager - part of Norton SystemWorks 2004 - stores passwords and
other personal information, and retrieves the data needed for email logins,
shopping orders, banking, and other online activities - all from the safety
of your own PC |
| N |
AccuWeather.com® Desktop |
AccuWeatherDesktop.exe |
Desktop weather from AccuWeather |
| X |
accwizz.exe |
accwizz.exe |
Added by the RULAND.A WORM! |
| X |
accwizzz.exe |
accwizzz.exe |
Added by the RULAND.A WORM! |
| X |
acdllib3 |
bcdlmem.exe |
Added by the MAILBOT-BA TROJAN! |
| N |
ACDSee |
ACDSee8Pro.exe |
ACDSee 8 photo software. Organize, manage, enhance, and share
all your valued photo memories |
| ? |
Ace bows |
Ace bows.exe |
?? |
| N |
AceGain LiveUpdate |
LiveUpdate.exe |
"AceGain
LiveUpdate can help to automate and optimize product updates. AceGain
LiveUpdate will automatically detect new patch updates, driver updates or
full product updates and automatically download and install them according to
user configuration" |
| U |
Acer ePower Management |
Acer ePower Management.exe |
Part
of Acer Empowering Technology. "Acer ePower Management is a
straightforward interface that allows users to select from pre-configured
power usage profiles, or to create their own customized profiles" |
| U |
AcerGoto |
AcerGoto.exe |
Acer Computer "Goto
Drive" Cold Swap Driver - a swappable second disk drive provides
convenient backup of large files, or easy importation of data from user's
previous computer |
| U |
AcerNotebookManager |
almxptray.exe |
System Tray access on some Acer
Notebooks to give faster access to system settings |
| U |
AcerPowerkey |
Powerkey.exe |
PowerKey utility for Acer
TravelMate notebook PCs. Allows the user to quickly switch between different
power schemes by pressing Fn+F3 |
| X |
Aceu |
[random filename] |
PurityScan/Clickspring adware |
| U |
AClntUsr |
AClntUsr.exe |
Altiris
AClient Service Windows Tray Icon |
| N |
Acme.PCHButton |
pchbutton.exe |
Used by HP Instant Support |
| Y |
ACMonitor_Xxx |
ACMonitor_Xxx.exe |
Associated with the Lexmark Xxx
(where "xx" is the model) all-in-one printer/scanner/copier.
Required for correct operation |
| X |
acocash |
fastdown.exe |
Adult content dialler |
| X |
acocash |
fastdown.exe |
Adult content dialler |
| U |
Acombo3dmouse |
Acombo3d.exe |
Mouse driver - required if you
use non-standard Windows driver features |
| X |
Aconti |
aconti.exe |
Adult content dialler |
| U |
acoustic |
acoustic.exe |
Control
panel program for Philips Acoustic Edge soundcard. Not required unless
changed settings aren't retained |
| N |
acpart |
agpart11.exe |
Program for finding trucks
on-line |
| X |
Acrobat |
acrmon32.exe |
Added by the SMALL-ECT TROJAN! |
| U |
Acrobat Assistant *.* |
ACROTRAY.EXE |
Used to create PDF files with
Acrobat Distiller. For Win9x/Me systems you can run this file manually
beforehand. For WinXP systems this file must run at startup. Hence the
"U" recommendation. *.* represents the version |
| X |
Acrobat Read |
acroup32.exe |
Added by the VANBOT-BQ TROJAN! |
| U |
Acronis Popup Blocker |
RunDll32.exe [path] Blocker.dll,
Run |
Part of Acronis Privacy Expert - anti-spyware and security
suite |
| U |
Acronis Scheduler2 Service |
schedhlp.exe |
Part of Acronis True Image - backup software. Co-operates
with the "schedul2.exe" service to perform backup/restore tasks
correctly. Required if you want to use True Image to do some real
backup/restore tasks - not if you only want to explore/mount images |
| U |
Acronis True Image |
TimounterMonitor.exe |
Part of Acronis True Image backup software. Monitor for the
backup archive explorer for moving and viewing files within an archive |
| N |
Acronis True Image Monitor |
TrueImageMonitor.exe |
Part of Acronis True Image - backup software. Can be disabled
without affecting TrueImage |
| N |
Acronis TrueImage Monitor |
TrueImageMonitor.exe |
Part of Acronis True Image - backup software. Can be disabled
without affecting TrueImage |
| U |
AcronisTimounterMonitor |
TimounterMonitor.exe |
Part of Acronis True Image backup software. Monitor for the
backup archive explorer for moving and viewing files within an archive |
| N |
AcronisTrueImage Monitor |
TrueImageMonitor.exe |
Part of Acronis True Image - backup software. Can be disabled
without affecting TrueImage |
| U |
Act! Preloader |
Act8.exe |
Sage Software's
ACT! "enables individuals and small business customers to instantly
access key contact and customer information, manage and prioritize
activities, and track all contact-related communications so you can grow
productive business relationships" |
| N |
Action Manager 32 |
am32.exe |
Associated with a Plustech
scanner. Small utility that runs in the background for doing fax/copy/etc.
Available via Start -> Programs |
| ? |
ActionAgent |
actionagent.exe |
"A COM server that runs on
the client as part of the Dell OpenManage Client Instrumentation 6.x package;
provides a simple method for a remote administrator to perform actions on the
instrumented client". Is it required? |
| N |
Activation |
Activation.exe |
Part of Microsoft Money |
| U |
Activboard |
MMKeybd.exe |
Packard Bell ActiveBoard
keyboard - multimedia keyboard manager. Required if you use the additional
keys and want to see the status of the Num Lock, Caps Lock, Scroll Lock keys |
| X |
Active Bit Station |
abs.exe |
Added by the MYTOB.BZ WORM! |
| U |
Active Email Monitor |
aem25.exe |
Active Email Monitor
checks multiple accounts for email, serves as a SPAM filter and can also
protect you from harmful items that can be sent via email |
| U |
Active shield |
Activeshield.exe |
Active Shield is
"an heuristic screen that actively protects your computer from trojans,
spyware, adware, trackware, dialers, keyloggers, and even some special kinds
of viruses" |
| X |
ActiveDesktop |
systray32.exe |
Added by the DABOOM WORM! |
| X |
ACTIVEDS |
ACTIVEDS.EXE |
Added by the OPASERV.T WORM! |
| N |
ActiveEyes |
ActiveEyes.exe |
ActiveEyes from TFI Technology
is a small utility that you can use to liven up your desktop. It follows your
mouse around and can tell you how far your cursor has travelled or point out
where the cursor is. It's small, it's free and comes with a range of options
and animations. Not needed - if unavailable via Start -> Programs, create
your own shortcut |
| U |
ActiveKeys.AAB635BD7D054a37A576 |
akeys.exe |
"Active Keys is
a powerful yet easy-to-use tool for creating and managing keyboard shortcuts
for any system action" |
| U |
ActiveMenu |
ActiveMenu.exe |
Wild Tangent demo games that
come with some HP computers. Unchecking it can prevent the games from running
occasionally. Note that WildTanget's privacy policy used to state that they
also collect and share individuals information but this is no longer the case |
| U |
ActivePlus |
activeplus.exe |
Interactive Agents
Plugin for Messenger Plus! (MSN Messenger add-on) |
| X |
ActiveScan Antivirus |
ActiveScan.exe |
Added by the RBOT-FKQ WORM! |
| Y |
ActiveShield |
MCVSSHLD.EXE |
McAfee VirusScan On-line. See
also the McAgentExe entry |
| U |
ActiveSpeed |
AS.exe |
Ascentive ActiveSpeed Internet Optimizer |
| X |
ActiveSync |
wcescom32.exe |
Added by the MANCSYN-E TROJAN! |
| N |
ActiveWords |
AWMonitor.exe |
ActiveWords from
ActiveWord Systems, Inc. Like macro programs, ActiveWords sits in the
background and watches as you type. When it recognizes that you’ve typed an
ActiveWord, it takes the associated action, such as replacing your keystrokes
with the text you’ve defined |
| X |
ActiveX Streamer |
msgfix.exe |
Added by the SDBOT.NQ WORM! |
| X |
ActiveXUpdate |
svcss.exe |
Added by a variant of the DEDLER.C TROJAN! |
| U |
Activity |
actik.exe |
ActivityKey Keystroke logger/monitoring program - remove
unless you installed it yourself! |
| N |
ActivSurf |
backweb*****.exe |
Packard Bell ActivSurf -
automatically detects an internet connection and downloads any available
updates |
| U |
ActMaker |
ActMak25.exe |
"ActMaker
mouse and keyboard toolkit can record the daily operation of your computer
and reduce your workload. You don't need to do any coding, nor are you
required to know a lot about the computer" |
| U |
ActMaker |
ActMaker25.exe |
ActMaker mouse and
keyboard toolkit can record the daily operation of your computer and reduce
your workload |
| U |
ACTray |
ACTray.exe |
System Tray icon for ThinkVantage Access Connections -
"allowing users to seamlessly switch between wired and wireless
environments, managing security settings, printers, home page and other
location-specific settings automatically" |
| U |
Actual Window Minimizer |
ActualWindowMinimizerCenter.exe |
Actual
Window Minimizer - "allows minimizing any window to task tray
notification area or to the edge of the screen" |
| X |
ACTX1 |
v1201.exe |
Added by the VB.IS TROJAN! |
| U |
ACU |
ACU.exe |
Atheros wireless Client Utility |
| U |
ACU_QSB |
ACU.exe |
Atheros wireless Client Utility |
| U |
ACWLIcon |
ACWLIcon.exe |
Related to IBM ThinkVantage
Connectivity Solution |
| U |
Ad Blocker |
blocker.exe |
Ad Blocker - blocks popups, and also removes banners, image
ads and flash ads |
| U |
Ad Blocker Pro |
Ad Blocker Pro.exe |
Ad Away popup and banner remover |
| U |
Ad Muncher |
AdMunch.exe |
Ad Muncher removes adverts,
pop-ups and general annoyances in your browser, file-sharing and messenger
programs. Causes conflicts with Outlook, game sites and web-building
applications |
| ? |
Ad Online Guide |
adonlineguide.exe |
?? |
| U |
AD2KClient |
AD2KClient.exe |
Executable
for Active Disk from Iomega disk - allows software applications to be run
directly from an Iomega Zip® disk. Required if you wish the applications to
launch on insertion of a disk |
| N |
Adaptec DirectCD |
Directcd.exe |
DirectCD primarily allows you to
drag and drop files onto a suitably formatted CD-RW disc. Unless you use this
on a frequent basis it isn't required and is available via Start ->
Programs. Start the program before inserting a DirectCD formatted CD-RW in
the drive. A re-boot is recommended if you close Adaptec DirectCD before
re-opening it again later |
| N |
AdaptecDirectCD |
Directcd.exe |
DirectCD primarily allows you to
drag and drop files onto a suitably formatted CD-RW disc. Unless you use this
on a frequent basis it isn't required and is available via Start ->
Programs. Start the program before inserting a DirectCD formatted CD-RW in
the drive. A re-boot is recommended if you close Adaptec DirectCD before
re-opening it again later |
| X |
AdAware |
wini.exe |
Added
by the RBOT-XN WORM! |
| N |
Ad-aware |
Ad-aware.exe |
Ad-aware from
Lavasoft. Checks your PC for "Spyware" which reports back your
internet activities to "base". Available via Start -> Programs |
| X |
Ad-Aware |
Ad-Aware.exe |
Added by the RBOT-ADJ WORM! Note
- this is not the popular Ad-aware spware/adware removal tool and is located
in the WinntSystem32 or WindowsSystem32 directory |
| N |
Adaware Bootup |
ad-aware.exe |
Ad-aware from
Lavasoft. Checks your PC for "Spyware" which reports back your
internet activities to "base". Available via Start -> Programs |
| X |
Adaware lptt01 |
adaware.exe |
RapidBlaster variant (in a
"Adaware" folder in Program Files). Recommended you use
RapidBlaster Killer to uninstall - see here. Note - this is not the valid
Lavasoft Adaware |
| X |
Adaware ml097e |
adaware.exe |
RapidBlaster variant (in a
"Adaware" folder in Program Files). Recommended you use
RapidBlaster Killer to uninstall - see here. Note - this is not the valid
Lavasoft Adaware |
| X |
Add**.exe [* = random char] |
Add**.exe [* = random char] |
CoolWebSearch/HomeSearch adware
- for examples, see this log |
| X |
Add**32.exe [* = random char] |
Add**32.exe [* = random char] |
CoolWebSearch/HomeSearch adware
- for examples, see this log |
| X |
AddClass |
[Installation_Path] |
Added by the STARTPAGE.F hijacker |
| X |
AddClass |
[path to trojan] |
Added by the SECDL-A TROJAN! |
| X |
AddClass |
AddClass.exe |
CoolWebSearch Addclass parasite variant |
| U |
AdDelete |
AdDelete.exe |
Banner advertisment blocker |
| X |
AdDestroyer |
AdDestroyer.exe |
Virtual Bouncer - malware from
Spyware Labs. It is distributed by the same bundling and drive-by download
techniques as the parasites it claims to remove, so definitely qualifies as
unsolicited commercial software in itself. It also has an update feature that
can download and execute arbitrary code. Warning - choose "custom"
uninstall as "automatic" may remove other programs - see here |
| ? |
addproxy |
addproxy.exe |
Related to Adobe Photoshop |
| N |
Ad-Eliminator |
ad-eliminator.exe |
Spyware
remover - not recommended, see here |
| ? |
ADG |
ADG.exe |
SoundBlaster Audigy related? |
| N |
ADGJdet |
ADGJDet.exe |
Added with SoundBlaster Live! or
Audigy soundcards for headphone autodetection |
| X |
aDir |
adirss.exe |
Added by the SPAMSRV-E TROJAN! |
| Y |
Adiras |
Adiras.exe |
ADSL USB modem related |
| X |
adirka |
adirka.exe |
Added by the TIBS-QT TROJAN! |
| U |
AdKiller |
AD Defender.exe |
Part
of Advanced Spyware Remover anti-spyware tool |
| X |
ADM Library Loader |
admlib32.exe |
Added by a variant of the SDBOT TROJAN! |
| X |
Admanager Controller |
AdManCtl.exe |
Adware, probably a Windupdates
variant |
| X |
Admilli Service |
AdmilliServ.exe |
Windupdates adware variant |
| X |
Administrator |
svchost.scr |
Added by the NOVACAL TROJAN! |
| X |
AdminSoft |
sysfile.vbs |
Added by the STARGRUB-A WORM! |
| U |
admtray.exe |
admtray.exe |
Related to Acer Inc. destop tray |
| U |
Ad-Muncher |
ADMUNCH.EXE |
Ad Muncher removes adverts,
pop-ups and general annoyances in your browser, file-sharing and messenger
programs. Causes conflicts with Outlook, game sites and web-building
applications |
| X |
Adobe |
Adobe.exe |
Added by an unidentified VIRUS,
WORM or TROJAN! |
| X |
adobe |
gam.exe |
Added by an unidentified WORM or
TROJAN! |
| X |
Adobe |
sysbat32.exe |
Added by the LOWZONES.T TROJAN! |
| X |
Adobe |
sysconfig.exe |
Added by an unidentified WORM or
TROJAN! |
| X |
Adobe |
zteam.exe |
Added by an unidentified TROJAN! |
| N |
Adobe Acrobat |
READER~1.EXE |
Speeds
up the time it takes to load the Adobe Reader application. Your choice, but
not required for Adobe Reader to function properly |
| X |
Adobe Acrobat Distiller
Application |
acrotray.exe |
Added by the RANDEX.DFJ WORM! |
| X |
Adobe Acrobat Reader CFG |
[random filename] |
Added by a variant of the RBOT WORM! |
| X |
Adobe Filter Platform |
afilterplatform.exe |
Added
by the RBOT-OP WORM! |
| U |
Adobe Gamma Loader |
Adobe Gamma Loader.exe |
Adjusts monitor colours across
all programs, including Photoshop. It is needed by some graphics
professionals who want their monitor calibrated. Most home users will not
need it. In my case I can verify this as Photoshop loads fine |
| N |
Adobe Photo Downloader |
apdproxy.exe |
Part of Adobe's Photoshop Album
or Photoshop Elements packages - starts each time you connect an external
image device to your PC (see here) |
| N |
Adobe Reader Speed Lauch |
reader_sl.exe |
Speeds up the launch of Adobe
(Acrobat) Reader 7 |
| N |
Adobe Reader Speed Launch |
reader_sl.exe |
Speeds
up the time it takes to load the Adobe Reader application. Your choice, but
not required for Adobe Reader to function properly |
| N |
Adobe Reader Speed Launch |
READER~1.EXE |
Speeds
up the time it takes to load the Adobe Reader application. Your choice, but
not required for Adobe Reader to function properly |
| U |
Adobe Version Cue CS2 |
VersionCueCS2Tray.exe |
File manager that's part of Adobe Creative Suite 2 -
"find files fast, track versions across applications, link files
together, and share them in creative collaboration without fear of
overwriting someone else's work" |
| X |
AdobeA |
adobes.exe |
Added by
the FLOOD.BA TROJAN! |
| X |
AdobeFonts |
fonts.hta |
Browser hijacker - redirecting
to Hugesearch.net |
| X |
adobemgr |
adobemgr.exe |
Added by the ADCLICKER TROJAN! |
| X |
AdobeReader |
msni.exe |
Added by the RBOT.DAO TROJAN! |
| X |
AdobeReaderPro |
msnserve.exe |
Added by the SDBOT-AKH WORM! |
| X |
AdobeReaderPro |
msnxpsp.exe |
Added by the RBOT-ASK or
RBOT-AUS WORMS! |
| X |
AdobeReaderPro |
ntkernell32.exe |
Added by the RBOT-ATY WORM! |
| X |
AdobeReaderPro |
updt.exe |
Added by the IRCBOT-VQ WORM! |
| X |
AdobeReaderProfessional |
msx64.exe |
Added by the RBOT-GAT WORM! |
| X |
AdobeReaderPros |
sysmsn.exe |
Added by the RBOT-BGH WORM! |
| N |
AdobeVersionCue |
VersionCueTray.exe |
"An exclusive feature of the Adobe® Creative Suite,
Version Cue™ helps you find files fast, track multiple versions of your
files, and share your files for creative collaboration" |
| X |
Adope File Manager |
lsasv.exe |
Added by an unidentified WORM or
TROJAN! |
| X |
adp |
adp.exe |
Spyware installed by Net2Phone,
Limewire, Cydoor, Grokster, KaZaa, etc |
| X |
AdPopup |
dcf5678.exe |
Added by the AGENT-FZ TROJAN! |
| X |
adprot |
adprot.exe |
AdBlaster adware |
| U |
Ad-Protect |
ad-protect.exe |
Ad-Protect spyware and
spam monitoring tool |
| N |
ADQuickAccess |
Adtray.exe |
After Dark for Windows. Screen
saver creation program produced before screen savers became integrated into
Win95 |
| X |
ADriver |
windrv.exe |
Added by the DELF.WG TROJAN! |
| X |
AdRoarUpdate |
ARUpdate.exe |
AdRoar adware updater |
| X |
AdRotator.Application |
[path to csrss.exe] |
Added by the SMALL-AQ TROJAN!
Note - this is not the legitimate csrss.exe process which is always located
in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! |
| X |
AdRotator.Application |
services.exe |
Added by FakeMessage/AdRotator
adware. Note - this is not the legitimate services.exe process which is
always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should
not normally figure in Msconfig/Startup! This file is located in an "Inetsrv"
subfolder |
| N |
ADS Adware Remover |
ADS Adware Remover.exe |
Adware
remover - not recommended, see here |
| X |
AdsBlocker |
stopAds.exe |
Reported as
DILAER.DW by NOD32 |
| U |
ADService |
ADService.exe |
Part of
Iomega's Active Disk - allows software applications to be run directly from
an Iomega Zip® disk. Required if you wish the applications to launch on
insertion of a disk |
| U |
AdsGone |
Adsgone.exe |
AdsGone - pop-up stopper |
| N |
ADSL Diagnostic Tools |
mapiicon.exe |
System tray access to ADSL modem
diagnostic tools. Available via Start -> Programs |
| ? |
ADSL_A2 |
A2Installed |
Associated with an Integrated
Telecom Express (ITeX) ADSL driver installation. What
does it do and is it required? |
| ? |
ADSLSYSTEMTRAY |
SystemtrayV100B.exe |
Apparently Annex A ADSL modem
related. What does it do and is it required? |
| Y |
AdslTaskBar |
rundll32.exe stmctrl.dll,
TaskBar |
ISP software, initializes DSL
modem |
| X |
AdslTaskBars |
taskmng.exe |
Added by the RBOT-AXZ WORM! |
| Y |
ADSS |
ADSS.exe |
ADSS is part of Access Denied security and privacy software
(Access Denied Security Server) that monitors power status and provides some
other services for Screen Guard. Important to keep its running while using
Access Denied |
| X |
adstartup |
Adstartup.exe |
Adlogix
adware variant |
| X |
adstartup |
automove.exe |
Adlogix
adware variant |
| X |
AdStatus Service |
AdStatServ.exe |
WindUpdates AdStatus Service adware |
| U |
AdSubtract |
adsub.exe |
AdSubtract blocks ads, cookies, pop-up windows, animations,
music, and more. Can be disabled from within AdSubtract. Available via Start
-> Programs. Now superseeded by Trend Micro AntiSpyware |
| X |
adtech2005 |
adtech2005.exe |
Recognized by Kaspersky
antivirus as Trojan.Win32.StartPage.aw |
| X |
adtech2006 |
adtech2006.exe |
Recognized by Kaspersky
antivirus as Clicker.Win32.VB.kc |
| X |
Adtools Service |
AdTools.exe |
Windupdates Adware |
| ? |
ADU |
adu.exe |
Related to Cisco Aironet wireless products. What does it do
and is it required? |
| X |
Adult_Chat |
Adult_Chat.exe |
Adult content dialler |
| X |
Adult_Chat1 |
Adult_Chat1.exe |
Adult content dialler |
| X |
AdultX |
AdultX.exe |
Adult content dialler and
hijacker |
| X |
AdUpdater |
sysupudt.exe |
Unidentified adware
downloader/updater |
| U |
ADUserMon |
ADUserMon.exe |
Part of
Iomega's Active Disk - allows software applications to be run directly from
an Iomega Zip® disk. Required if you wish the applications to launch on
insertion of a disk |
| X |
Advanced DHTML Enable |
exo32.exe |
Added by the RANCK-FI TROJAN! |
| X |
Advanced Internet Protocol |
cerf.exe |
Added by a variant of the SPYBOT WORM! |
| X |
Advanced Protection System |
advpsys.exe |
Added by a variant of the RBOT WORM! |
| U |
Advanced Spyware Remover |
Asr.exe |
Advanced Spyware Remover anti
spyware tool |
| X |
Advanced Tool Checks |
advchks.exe |
Added by a variant of the RBOT WORM! |
| N |
Advanced Tools Check |
ADVCHK.EXE |
Checks when you install a new
version of a Norton product that you have uninstalled all previous versions.
Serves as a reminder if you forget |
| U |
Advanced Uninstaller PRO
Installation Monitor |
monitor.exe |
Innovative
Solutions Advanced Uninstaller PRO - "easy-to-use suite for uninstalling
applications and keeping your computer fast, clean, and in its best
shape" |
| X |
Advapi |
Advapi.exe |
Added by the NETDEVIL.12 WORM! |
| N |
ADVCHK |
ADVCHK.EXE |
Checks when you install a new
version of a Norton product that you have uninstalled all previous versions.
Serves as a reminder if you forget |
| U |
Advertising Killer |
Akiller.exe |
Advertising
Killer - popup stopper |
| X |
advmon32 |
advmon32.exe |
Added by a variant of the CRYPTER.C TROJAN! |
| U |
Adware Agent |
adware agent.exe |
Adware Agent popup blocker |
| N |
Adware Spy |
AdwareSpy.exe |
Adware
remover - not recommended, see here |
| U |
AdwareAlert |
AdwareAlert.Exe |
Adware program, previously not recommended (see here). It has
now been delisted, so make sure you have the latest version |
| U |
AdwareDelete |
adwaredelete.exe |
Adware
remover - not recommended, see here |
| U |
Ad-watch |
Ad-watch.exe |
Part of
Lavasoft Ad-aware Plus - realtime spyware-monitor watching your memory and
registry for spyware that tries to install or change your system |
| ? |
Aeiwlsta.exe |
Aeiwlsta.exe |
IBM High Rate Wireless LAN
Adapter driver. Is it required? |
| N |
AELaunch |
AELaunch.exe |
Audio
Applications Launcher for the Philips Acoustic Edge soundcard |
| X |
AERVICESN |
AERVICESN.exe |
Added by the RANDON-AO WORM! |
| N |
AeXAgentLogon |
AeXAgentActivate.exe |
Altiris Agent transmits information about your machine for
the purpose of asset management and deployment |
| ? |
AeXSWDUsr |
AeXSWDUsr.exe |
Altiris Express NS Client Manager software. Is it required? |
| U |
AEZBProc |
aptezbp.exe |
IBM Aptiva keyboard customizer -
enables certain special buttons on keyboard for CD operation, volume control,
and few quickstart buttons. Keyboard will work without it but you lose the
special functions |
| U |
AFAFilter |
windefault.exe |
AFAFilter - internet filter
software |
| N |
Agent |
Agent.exe |
Cyberlink's Power VCR II 3.0
is a TV tuner recording utility. If you want to schedule recordings you'll
need this, otherwise can be disabled. Available via Start -> Programs |
| X |
Agent |
alsys.exe |
Added
by the DREF-V VIRUS! |
| X |
agent |
ppl.exe |
Added
by the DREF-U VIRUS! |
| X |
Agent Browser |
[random filename] |
Added by the PPdoor.M-bdr
backdoor TROJAN! |
| X |
Agent Explorer |
[random filename] |
Unidentified adware |
| ? |
Agente |
Remupd.exe |
Part
of Panda Antivirus . Is this an update reminder (guess because of the name),
virus definition update reminder or something similar? |
| X |
agentsvr |
agentsvr.exe |
Malware, detected by Kaspersky
antivirus as AdWare.Monker.a. NOTE: do NOT confuse with the Microsoft Agent
Server application of the same name as described here - the legitimate file
will always be located in the WindowsMsagent folder |
| U |
AgfaCLnk |
AgfaCLnk.exe |
For Agfa digital cameras
connected via USB. Enables Windows to access the contents of the memory stick
(while the stick's still on the camera) via a virtual drive |
| X |
agp |
agp32.exe |
Added by the GAOBOT.SY WORM! |
| Y |
AGRSMMSG |
AGRSMMSG.exe |
IBM AMR modem driver |
| N |
AGSatellite |
AGSatellite.exe |
Program from AudioGalaxy that
lets you download some MP3s from their server. Available via Start ->
Programs |
| U |
ahfp |
ahfp.exe |
Advanced Hide Folders - "is powerful file security
program. It allows to hide folders or hide files. Advanced Hide Folders is
very useful to keep your personal data away from others. Others will not know
where your personal files exist and they will not be able to accidentally
view, delete or modify them either" |
| U |
ahfprog |
ahfp.exe |
Advanced Hide Folders - "is powerful file security
program. It allows to hide folders or hide files. Advanced Hide Folders is
very useful to keep your personal data away from others. Others will not know
where your personal files exist and they will not be able to accidentally
view, delete or modify them either" |
| Y |
AHNSD |
AhnSD.exe |
AhnLab V3 antivirus updater
- leave enabled unless you manually update on a regular basis |
| ? |
AHNUE |
AHNUE.exe |
?? |
| X |
ahost |
ahost.exe |
Added by a
variant of the SDBOT WORM! |
| N |
AHQInit |
ahqinit.exe |
Part of AudioHQ for the
Soundblaster Live!. Appears as though it makes the AudioHW toolbar drop down
from the top of the desktop and isn't required |
| X |
Ahst |
iebs.exe |
PurityScan/Clickspring adware |
| X |
AHU |
[path to worm] |
Added by the ANACON-B WORM! |
| X |
ahui32.exe |
ahui32.exe |
Added by the CERTIF-M TROJAN! |
| X |
Aica |
tuaa.exe |
PurityScan/Clickspring adware |
| X |
Aida |
eetu.exe |
PurityScan/Clickspring adware |
| X |
Aida |
ttuh.exe |
PurityScan/Clickspring adware |
| U |
aiepk |
aiepk2.exe |
Another IE Popup Killer - pop-up stopper |
| N |
AIM |
aim.exe |
AOL Instant Messenger. If
connected to the internet, automatically runs up AIM. Convenience more than
anything. Available via Start -> Programs |
| U |
AIM |
AIM+.exe |
AIM plus - a free add-on to
AOL's Instant Messenger for Windows from Big-O Software |
| X |
AIM Instant Message Cookies |
[random filename] |
Added by the RBOT-AFV WORM! |
| X |
Aim Plugin |
aimplugin.exe |
Added
by the GUAP-F WORM! |
| X |
AIM reminder |
AIM reminder.exe |
Added by the BUDDY TROJAN! |
| N |
Aim6 |
AOLLaunch.exe |
AOL Instant Messenger - start it
when you want to use it |
| X |
AIM95 Startup |
aim95.exe |
Added by the AGOBOT.AEE WORM! |
| X |
aimaol lptt01 |
aimaol.exe |
RapidBlaster variant (in a
"Aimaol" folder in Program Files). Recommended you use RapidBlaster
Killer to uninstall - see here |
| X |
aimaol ml097e |
aimaol.exe |
RapidBlaster variant (in a
"Aimaol" folder in Program Files). Recommended you use RapidBlaster
Killer to uninstall - see here |
| U |
aimb.exe |
aimb.exe |
IMSufSentinel is a spy program which can record IM
conversations, log keystrokes, record URLs visited, and take screenshots. If
you didn't install this yourself remove it |
| N |
AimingClick |
AimingClick.exe |
AimingClick
from AimingTech. Web searching tool. Available via Start -> Programs |
| U |
AIMPro |
aimpro.exe |
AIM Pro -
secure instant messaging, video conferencing, on-line meetings and desktop
and file sharing |
| N |
AIMster |
?? |
Peer to Peer (P2P) file sharing
client that runs over the AOL Instant Messenger network. Available via Start
-> Programs |
| N |
AIMWDInstall |
AIMWDInstall.exe |
Version of the WildTangent
on-line games installer that came with versions of AOL Instant Messenger.
Note that WildTanget's privacy policy used to state that they also collect
and share individuals information but this is no longer the case |
| Y |
Aiptek Graphics Tablet (USB) |
atwtusb.exe |
USB interface for Aiptek
Graphics Tablet (USB) |
| X |
aircity |
aircity.exe |
Related to "Prutect" malware from e2Give |
| X |
AKEYNAME |
WinServ.exe |
Added by the EVILBOT.C TROJAN! |
| U |
akeys |
akeys.exe |
"Active Keys is
a powerful yet easy-to-use tool for creating and managing keyboard shortcuts
for any system action" |
| U |
AKiller |
akiller.exe |
Advertising
Killer - popup stopper |
| X |
ala.exe |
ala.exe |
Access Lock is a
system-tray security utility you can use to secure your desktop when you are
away from your computer |
| U |
Alarm Manager |
Alarm.app.exe |
Palm alarm event reminder that
coordinates what is on your Palm with settings on your desktop |
| ? |
AlarmWatcher |
AlarmWatcher.exe |
Associated with SynTPEnh and
SynTPLpr which are from Synaptics for touchpads on laptops. What does it do
and is it required? |
| N |
Album Fast Start |
ABMTSR.EXE |
Scanner software, not required
for scanner to work |
| ? |
AlcFDMonitor |
ALCFDRTM.EXE |
RealTek related - Real-Time
SPDIF-in Monitor for nVidia chipset - is it required in
startup? |
| ? |
ALCFDRTM16 |
ALCFDRTM16.com |
RealTek related - Real-Time
SPDIF-in Monitor for nVidia chipset - is it required in
startup? |
| X |
Alchem |
Alchem.exe |
ClickAlchemy adware |
| U |
Alcmtr |
Alcmtr.exe |
Installed with hardware drivers
for a Realtek AC97 audio device. It's believed that Realtek uses this file in
order to data about the customer. Some users report problems with their
on-board sound if this is disabled - hence the "U" recommendation |
| U |
Alcohol |
Alcohol.exe |
Alcohol 120%
- CD/DVD emulation/writing/copying software |
| U |
Alcohol Autorun |
Alcohol.exe |
Alcohol 120%
- CD/DVD emulation/writing/copying software |
| ? |
Alcom PCL Capture |
FMW_PCAP.EXE |
?? |
| N |
AlcWzrd |
ALCWZRD.EXE |
RealTek High Definition audio
driver related - detects new devices when plugged in, then pops up a dialog
box. If everything works as expected you should be able to disable this one |
| U |
AlcxMonitor |
Alcxmntr.exe |
Installed with hardware drivers
for a Realtek AC97 audio device. It's believed that Realtek uses this file in
order to gather data about the customer. Some users report problems with
their on-board sound if this is disabled - hence the "U" recommendation |
| X |
aldefr ere service |
tay0x.exe |
Added
by the RBOT-XS WORM! |
| X |
Alevir |
Alevir.exe |
Added by the OPASERV-A WORM! |
| X |
AlevirOld |
[worm filename] |
Added
by the OPASERV WORM! |
| N |
Alexa |
alexa.exe |
Related to
Alexa. Note - collects and stores information about the web pages you view,
the data you enter in online forms and search programs and, with versions 5.0
and higher, the products you purchase online whilst using the toolbar.
Although Alexa state's they do not attempt to analyze the data it may collect
about you to determine who you are, some of your information collected by the
software is personally identifiable. Please read the Privacy Policy. Not
Recommended |
| X |
AlexaToolbar |
alt.exe |
Reported as the DELF.EB
hijacker by Ewido Security Suite |
| X |
AlfaCleaner |
AlfaCleaner.exe |
AlphaCleaner is now a stealth install using exploits on
unpatched systems. Seen alongside RazeSpyware |
| U |
AlfaClock Classic |
AlfaClock.exe |
AlfaClock from AlfaSoft
Research Labs - "enhances your taskbar clock (tray clock) with fully
customizable clock display, alarms, time synchronization and more" |
| ? |
ALFY Accellerator |
AlfyAC~1.exe |
?? |
| X |
ALG.EXE |
iexplorer .exe |
Added by the DEMOTRY-B WORM! |
| X |
ALG32 |
ALG32.EXE |
Added by the STARTPAGE.K hijacker |
| X |
ALGU |
ALGU.EXE |
Added
by the CWS-I TROJAN! |
| U |
ALi5289 |
ALi5289.exe |
Related to Uli Integrated Drivers from Uli Electronics Inc |
| N |
Alias SketchBook Snapshot |
ALIASS~2.EXE |
Screen-capture utility for Alias
Sketchbook |
| N |
AlienAutopsy |
Test_BS.exe |
Alienware computer technical
support software |
| Y |
ALiSndMgr |
ALiSndMg.exe |
ALi AC97 Sound driver |
| ? |
AliUSBfix |
GREENMK.exe |
May be realted to a USB 2.0 PCI
card - the IOgear GIC220OU? |
| X |
Alive SYstem |
scchost.exe |
Added by the TOFDROP-B TROJAN! |
| X |
Alive SYstem |
scchostc.exe |
Added by the TOFDROP-B TROJAN! |
| X |
alkasr |
ÎäÒíÑ.exe |
Added by the BALKART TROJAN! |
| U |
All Aboard Status |
stswin.exe |
All Aboard! Internet Connection Sharing status icon |
| X |
All Sea screen saver |
TaskTray.exe |
"Free screensaver", installs lots of foistware. See
here. Get rid of it |
| X |
All Sea web link |
FWLink.exe |
"Free screensaver", installs lots of foistware. See
here. Get rid of it |
| N |
AllerCalc |
AllerCalc.exe |
AllerCalc is an
expression calculator which allows you to directly enter an expression to be
evaluated. Can be started manually |
| X |
Allopassw |
[path to trojan] |
Added by the RANKY.CU TROJAN! |
| U |
AllSeeingEye |
ase.exe |
All-Seeing_Eye
security software - "monitors everything that takes place on your
computer, and alerts the user as soon as anything suspicious or
out-of-the-ordinary is happening, providing the user with alternatives for
possible actions" |
| U |
allSnap |
allSnap.exe |
"allSnap
is a small system tray app that makes all top level windows automatically
align like they do in programs such as Winamp or Photoshop" |
| U |
AllToTray |
ALLTOTRAY.EXE |
AlltoTray from DNTSoft - minimize any program to your System
Tray |
| X |
Alogrithm Link Queue |
alq.exe |
Added by a
variant of the SDBOT WORM! |
| U |
Alogserv |
Alogserv.exe |
From McAfee VirusScan for
logging scanning activities. In some cases, if left running it can cause CPU
% usage to go between 5-95% or go to and stay at 100%. Disabling it impacts
on the reported last scan date. It is reported to cause jerky graphics response
in many games. As of version 6, this is a critical component of McAfee and
disabling it can cause a PC to lock up |
| U |
ALPass |
ALPass.exe |
ALPass
password manager |
| Y |
Alps Electric USB Server |
Monserv.exe |
Alps Electric USB Server - required according to this article |
| U |
AlpsPoint |
Apoint.exe |
Touchpad software for laptop
PC's. For instance it is found on the Panasonic and Sony Vaio machines and
allows part of the touchpad to be used for document or Web-page scrolling.
Required for proper functioning of the pointing software but not required for
the laptop to work |
| ? |
ALServ |
ALServ.exe |
Altec Lansing AMS speaker
related. What does it do and is it required? |
| X |
Altnet |
points manager.exe |
Altnet TopSearch adware |
| X |
AltnetPointsManager |
points manager.exe |
Altnet TopSearch adware |
| U |
AltoMB_service |
AltoMBsrv.exe |
Alto Memory Booster from Alto
Software - boost the computers performance via more intelligent and efficient
memory management. MS MVPs (Most Valued Professional) recommend not using
memory managers with Win98/SE/ME. See this article and make up your own mind |
| U |
ALTOOLS |
AccessL.exe |
ALTools family of PC utilities |
| X |
AltPayments |
AltPayments.exe |
WeirdOnTheWeb adware |
| N |
ALU Scheduler Service |
ALUSchedulerSvc.exe |
Symantec LiveUpdate scheduler
for programs such as Norton AV or Internet Security |
| U |
ALUAlert |
ALUNotify.exe |
Notification reminder for
Symantec's LiveUpdate. Leave enabled unless you manually run LiveUpdate on a
regular basis |
| N |
Aluria Security Center |
SecurityCenter.exe |
Aluria Software's spyware removal tool - we can't really
recommend this product as Aluria have recently partnered with WhenU, the well
known adware company, see here |
| U |
Aluria's Pop-Up Stopper |
eps.exe |
Aluria Pop-Stopper |
| N |
Aluria's Spyware Eliminator |
ASE.exe |
Aluria Software's spyware removal tool - we can't really
recommend this product as Aluria have recently partnered with WhenU, the well
known adware company, see here |
| U |
AlwaysOnTopMaker |
AlwaysOnTopMaker.exe |
Always On
Top Maker - utilty to enable an application to always be displayed "on
top" of others on the desktop |
| N |
AlwaysReady Power Message APP |
ARPWRMSG.EXE |
Related to HP and Compaq Desktop PCs. Read this article |
| X |
AmazingTens |
AmazingTens.exe |
Premium rate adult content
dialler |
| U |
AMD PowerNow! |
GemBack.exe |
AMD PowerNow! - "an innovative solution available on all
AMD mobile processor-based notebooks that can effectively increase notebook
battery life, while delivering performance on demand" |
| Y |
amd_dc_opt |
amd_dc_opt.exe |
AMD Dual-Core Optimizer - "can help improve some PC
gaming video performance by compensating for those applications that bypass
the Windows API for timing by directly using the RDTSC (Read Time Stamp
Counter) instruction" |
| N |
AME_CSA |
rundll32 amecsa.cpl, RUN_DLL |
Loads ADSL modem Control Panel
applet |
| N |
America Online *.* Tray Icon |
aoltray.exe |
Puts AOL icon in System Tray
(*.* denotes version if present). Connect to AOL via the desktop shortcut or
Start -> Programs |
| U |
AModemLockDown |
ModemLockDown.exe |
ModemLockDown
- allows you to supervise internet access by disabling the modem, protects
againt dialers accessing dial-up connections, etc |
| Y |
Amon |
AMON.EXE |
Monitoring part
of Eset's NOD32 virus-scanner |
| Y |
Amonitor |
amon.exe |
Tiny
Personal Firewall |
| U |
AMP WinOFF |
winoff.exe |
WinOFF is
" a utility designed to shut down Windows computers automatically, in a
fully configurable way" |
| U |
AMSG |
Amsg.exe |
Part of the IBM ThinkVantage Productivity Center. "The
Message Center sends automatic notification on ThinkVantage Technologies
integrated with your system. Once you're online" |
| N |
AMSN |
amsn.exe |
aMSN Messenger
is a multiplatform MSN messenger clone |
| X |
amsn |
amsn.exe |
Added by the BANKER-BNZ TROJAN! |
| N |
Anapod Manager |
anamgr.exe |
Anapod
Explorer "is the most advanced Windows iPod software available, offering
iPod management through full Windows Explorer integration under My
Computer" |
| X |
anbv32 |
nabv32.exe |
Added by the TITOG.C WORM! |
| Y |
ANIWZCS2Service |
WZCSLDR2.exe |
ALPHA Networks wireless
driver |
| ? |
ANIWZCSService |
WZCSLDR.exe |
D-Link wireless PCI adapter
related. In some cases reported to cause excessive CPU activity |
| ? |
AnnotateCheck |
AnnCheck.exe |
Genius Wizard Pen Tablet driver
related. Is it required? |
| N |
Announcements |
Annclist.exe |
MS WebTV for Windows. Used to
display TV on your PC via a compatible video card with in-built tuner (such
as ATI All-In-Wonder). If you don't use it - uninstall it |
| N |
Anntext |
Anntext.exe |
Caere Pagekeeper text annotation
server |
| U |
Anonymizer Total Net Shield |
AnonTns.exe |
Anonymizer Total Net Shield - ID protection and privacy
software |
| U |
ANONYMIZER_SPYWAREKILLER |
AnonAntiSpyware.exe |
Anonymizer Spyware Killer - now Anti-Spyware |
| U |
ANONYMIZER_SPYWAREKILLER |
SpyWareKiller.exe |
Anonymizer Spyware Killer - now Anti-Spyware |
| U |
Another Internet Explorer Popup
Killer |
aiepk2.exe |
Another IE Popup Killer - pop-up stopper |
| X |
ansjava |
[path to worm] |
Added by the RANDON-AN WORM! |
| X |
Anskya |
PYSKY.NET.exe |
Added by the DLOADER-MW TROJAN! |
| X |
Answer Problem |
dSAFsqs.exe |
Added by the SDBOT-SC WORM! |
| U |
AnswerTool |
AnswerTool.exe |
AnswerTool - save your
E-mail replies in AnswerTool, then reuse them again and again |
| X |
Anti Spam Service |
spamsvc.exe |
Added by the MYTOB-BK WORM! |
| X |
anti_troj |
anti_troj.exe |
Added by the LODEAR.D TROJAN! |
| N |
Anti-Blaxx Manager |
Anti-Blaxx.exe |
Anti-Blaxx - bypass
blacklistings from different copy protections bypassing methods like virtual
CD or DVD drives |
| X |
AntiClicker |
SVCHST32.EXE |
Added by
the CBH TROJAN! |
| U |
antidialer.co.uk |
Dialer_Watcher.exe |
Dialer_Watcher is an application
that allows you to detect dialers on your computer |
| U |
Anti-keylogger check |
antikey.exe |
Anti-keylogger -
protects against keylogger programs monitoring your keystrokes |
| U |
AntiPopUp |
AntiPopUp.exe |
AntiPopUp for
IE - pop-up stopper |
| U |
Anti-Trojan-Watch |
ATWatch.exe |
Anti-Trojan Watch - trojan
detector |
| N |
AntiVerminser |
AntiVerminser.exe |
Spyware
remover - not recommended, see here |
| X |
AntiVir |
scvhost.exe |
Added by the AGENT-DSF TROJAN! |
| X |
Antivir |
svchst.exe |
Added by the RAGRUK-A TROJAN! |
| X |
AntiVir |
winlog.exe |
Added by the IRCBOT-TJ TROJAN! |
| Y |
AntiVir XP |
AVwin.exe |
AntiVir® PersonalEdition Classic - antivirus |
| X |
Antivirus |
av.exe |
Added by the SINKIN TROJAN! Resets IE start page to
realphx.com |
| X |
Antivirus |
iexpl0res.exe |
Added by an unidentified WORM or
TROJAN! |
| X |
AntiVirus |
kaspery.exe |
Added by a variant of the RBOT WORM! |
| X |
Antivirus |
maja.exe |
Added by the NETSKY.H WORM! |
| X |
Anti-Virus |
[random filename].exe |
Added by the CAPROBAD-A TROJAN! |
| X |
Anti-Virus |
vpms.exe |
Added by
the SDBOT.GV WORM! |
| X |
Antivirus Installer |
[path to trojan] |
Added by the BADGENT-A TROJAN! |
| X |
Anti-Virus Product Sync |
[unprintable character][3
characters]log.exe |
Added by the KEDEBE.D WORM! |
| X |
Anti-Virus Update Scheduler |
[path to trojan] |
Added by the SPAMMIT-A TROJAN! |
| X |
Anti-Virus Update Scheduler |
winsp3.exe |
Malware - recognized by
Kaspersky antivirus as TrojanProxy.Agent.fp - A Proxy Trojan is a backdoor
which allows a remote hacker to connect to other systems via the compromised
system |
| X |
Anti-Virus Update Scheduler
V1.39.12R |
[path to trojan] |
Added by the HEPLANE or
STAPREW.B TROJANS! - different filenames have been spotted; examples:
msvc.exe, kaspersky.exe, nrton.exe, wins.exe, gah32.exe, 1.tmp, syste.exe,
alg.exe, socks.exe, winxpsp2.exe, tek9.exe, sks.exe, hihi.exe, s.exe,
xps2.exe, dns2.exe, ikav32.exe and more... |
| X |
antivirus32 |
antivirus.exe |
Added by the SPYBOT.KAI WORM! |
| X |
AntivirusGold |
AntivirusGold.exe |
AntivirusGold malware |
| N |
Antivirus-Golden |
Antivirus-Golden.exe |
Spyware
remover - not recommended, see here |
| ? |
AntiVirusProtection |
qumk.exe |
?? |
| X |
antiware |
elite***32.exe [*** = random
char] |
Added by the DLOADER-HW TROJAN! |
| U |
AntiWindowsMessenger |
AntiMsMsg.exe |
Anti-Windows_Messenger
is a small application that prevents Windows Messenger from remaining
resident in memory |
| Y |
AnVir |
AnVir.exe |
AnVir Task Manager -
protects computer against viruses and manages running processes and startup
files |
| Y |
AnVir Task Manager |
AnVir.exe |
AnVir Task Manager -
protects computer against viruses and manages running processes and startup
files |
| U |
anvshell |
anvshell.exe |
System Tray tool for ASUS video
cards. If disabled you lose all the ASUS specific video card options in
Control Panel -> Display Properties -> Advanced as well as the System
Tray shortcuts toolbar |
| U |
Any To-Do List |
anytodo.exe |
Any To-Do List
"the ultimate software solution to keep yourself organized and
reminded" |
| ? |
anycom bluetooth |
ftflauncher.exe |
Associated with an Anycom
bluetooth wireless card. What does it do and is it
required? |
| U |
AnyDVD |
AnyDVD.exe |
AnyDVD -
descrambles DVD-Movies automatically in the background and the DVD appears
unprotected and region code free. Also removes prohibited operations from the
DVD such as skipping adverts - hence the "U" recommendation |
| N |
AO Tray |
AOTray.Exe |
System Tray application for
AOpen soundcards. Can be run manually via Start -> Settings -> Control
Panel |
| Y |
aol |
avp.exe |
AOL's Active Virus Shield |
| X |
AOL 9.0 Optimized |
AOLClient.exe |
Added by the SPYBOTER.A TROJAN! |
| U |
AOL Broadband Check-Up |
matcli.exe |
"matcli.exe is a motive
Assistant Command line interface that gathers information about your system's
identity like your name email address, city, county, etc and gets written to
a log file". The AOL Self Support Tool is required to run with the Help
and Support program. If you uncheck AOL and and then run Help and Support it
will add another AOL entry in the startup menu. If you remove this software
in "add/remove programs" some help menus in help and support will
not be available. You decide |
| N |
AOL Companion |
companion.exe |
Part of the AOL Connection Suite
and installs an icon on the system tray offering easy access to AOL's
additional utilities and functions. This program is a non-essential process,
and is installed for ease of use |
| X |
Aol Configuration Loader |
aimsng.exe |
Added by the SDBOT-XE WORM! |
| ? |
AOL Fast Start |
AOL.exe |
AOL ISP software related. What does it do and is it required? |
| X |
AOL Instant Messanger |
aim.exe |
Added by the SDBOT-YT WORM! |
| X |
AOL Instant Messengar |
aol.exe |
Added by the AGOBOT-FN WORM! |
| ? |
AOL Instant Messenger |
AlM.EXE |
That is an L between the A and
M, the start up location is wrong for AIM. What does this
relate to? |
| X |
Aol Instant Messenger |
aolmsg.exe |
Added by the KELVIR.AL WORM! |
| X |
AOL Instant Messenger 7.213 |
aim9283.exe |
Added by the SDBOT-ZF WORM! |
| X |
Aol Instant Messenger Fix |
aolfix.exe |
Added by the SDBOT-ABJ WORM! |
| X |
AOL Messenger |
[random filename] |
Added by an unidentified VIRUS,
WORM or TROJAN! |
| X |
AOL Messenger |
aolmsngr.exe |
Added by the SDBOT-JF WORM! |
| X |
AOL Messenger Optimized |
AOLOpt.exe |
Added
by the AOLOPT TROJAN! |
| X |
AOL Services Hosts |
aolserviceshosts.exe |
Added by an unidentified WORM or
TROJAN! |
| U |
AOL Spyware Protection |
AOLSP Scheduler.exe |
AOL's spyware protection program |
| U |
AOL TopSpeedMonitor |
aoltsmon.exe |
AOL's
TopSpeed web acceleration technology supposedly helps to make web browsing
faster. Most important for those users who still access AOL via dial-up |
| Y |
AolAcsDaemon1 |
Acsd.exe |
AOL Connectivity Service -
starts an automatic function that restores the connection should you lose it
while online. Negates having to go through the procedure of signing back on
manually |
| Y |
AolAcsDaemon1 |
AOLACSD.EXE |
AOL Connectivity Service -
starts an automatic function that restores the connection should you lose it
while online. Negates having to go through the procedure of signing back on
manually |
| ? |
AOLCC |
ACCAgnt.exe |
AOL ISP software related, file
located in a "AOL Computer Check-Up" folder. What
does it do and is it required? |
| X |
AolCon |
config.com |
Added by the TAPLAK WORM! |
| N |
AOLDialer |
AOLDial.exe |
AOL ISP software dialer - can be
activated through a desktop shortcut |
| N |
AolFix |
AolFix.exe |
Run on Gateway Astra computers,
and maybe a few others. Designed to repair a bad registry key in Gateway
computers that would not allow AOL to run correctly. Not seen much any
more and should only run once |
| X |
AOLRegKey32 |
AOREGSVR512.EXE |
Unidentified malware - see here |
| X |
AOLStart |
AOLStart.exe |
Added by the KRAIMER.12 TROJAN! |
| X |
Aornum |
aornum.exe |
Installed along with iWon Prize
Machine. Based upon their privacy statement this can be regarded as spyware |
| N |
AOTray |
AOTray.Exe |
System Tray application for
AOpen soundcards. Can be run manually via Start -> Settings -> Control
Panel |
| Y |
APC UPS Status |
Display.exe |
APC PowerChute Personal Edition status icon |
| U |
APC_SERVICE |
mainserv.exe |
PowerChute® Personal Edition - "safe system shutdown
software with sophisticated power management functions" |
| Y |
apc_tray |
apc_tray.exe |
Part of the APC UPS software
loaded with the BACK-UPS CS 350 unit. Required to monitor the APC unit in
case of power failure |
| X |
APD123 |
APD123.exe |
PacerD
Media/Pacimedia.com adware |
| X |
Api**.exe [* = random char] |
Api**.exe [* = random char] |
CoolWebSearch/HomeSearch adware
- for examples, see this log |
| X |
Api**32.exe [* = random char] |
Api**32.exe [* = random char] |
CoolWebSearch/HomeSearch adware
- for examples, see this log |
| X |
API32 |
api32.exe |
Added by the IRCBOT-B TROJAN! |
| X |
APIClass |
lexplore_.exe |
Added by the MSNOPT-A TROJAN! |
| X |
APIMon |
apimonx.exe |
Added by the TIBSER.A downloader
TROJAN! |
| X |
APIMon |
msreg.exe |
Added by the DROPPER.Z TROJAN! |
| X |
APIMon |
winapix.exe |
Added by a variant of the
TIBSER.A downloader TROJAN! |
| X |
apisvc.exe |
apisvc.exe |
Added by a
variant of the LAMEBOT TROJAN! |
| U |
APL |
APL.exe |
Sage Software's
ACT! The application pre-loader (apl.exe) is a self contained executable that
pre-loads the necessary .NET framework and ACT! 2005 assemblies. This
pre-loading of assemblies enhances ACT! startup, view load and dialog load
times in some areas of the application |
| ? |
Apmsrv9x |
APMSRV9X.EXE |
Intel
AnyPoint Wireless II Home Network related. Now discontinued. What does it do
and is it required? |
| U |
Apoint |
Apoint.exe |
Touchpad software for laptop
PC's. For instance it is found on the Panasonic and Sony Vaio machines and
allows part of the touchpad to be used for document or Web-page scrolling.
Required for proper functioning of the pointing software but not required for
the laptop to work |
| X |
App**32.exe [* = random char] |
App**32.exe [* = random char] |
CoolWebSearch/HomeSearch adware
- for examples, see this log |
| X |
App.EXEName |
[path to worm].exe |
Added by the BODIRU WORM! |
| U |
Appcon |
vAppCon.exe |
Vital
Application Console - part of POS-partner 2000 point-of-sale software from
Vital. This is the taskbar icon and is enabled at startup by the
"Auto-start when OS starts" option. Required for a connection to be
established |
| X |
appconn |
appconn.exe |
Added by the CARGAO WORM! |
| U |
AppExtender |
AppExtCB.exe |
Loads the Confimax add-in for popular E-mail programs to
confirm E-mails have been sent and received |
| X |
appis.exe |
appis.exe |
Added by the AGENT-BC TROJAN! |
| Y |
Application |
mdmsetsp.exe |
Aztech Labs modem driver |
| U |
Application Explorer |
Naldesk.exe |
Novell Zenworks Application
Explorer Executable. "For almost all users the Novell ZENworks agent
(either Application Launcher or Application Explorer) will be run via the
user's login script on each successful login. ZENworks is used to
periodically deliver software updates and is also used to install the remote
management components." |
| U |
Application Explorer |
NalView.exe |
Application Explorer - file manager type access to Novell
Application Launcher for installing and updating network residing
applications |
| X |
Application Layer Gateway
Service |
algs.exe |
Added by the LINKBOT.M WORM! |
| X |
ApplicationProtocolRun |
smsbvl32.exe |
Added by the IRCBOT-CX TROJAN! |
| U |
AppPlus |
AppPlus.exe |
AppPlus - "menu bar
or tray launcher that docks to your desktop, floats or sits in your System
Tray. Create graphic/text-based buttons that launch any number of programs,
Websites, e-mail addresses or folders (which open in the AppPlus Menu System)" |
| Y |
Apvxd |
APVXDWIN.EXE |
Part
of Panda Antivirus . Required to enable permanent virus protection |
| Y |
Apvxdwin |
APVXDWIN.EXE |
Part
of Panda Antivirus . Required to enable permanent virus protection |
| Y |
Apwheel |
Apwheel.exe |
Wheel support for an Alps
mouse |
| X |
apyginapygin |
simenu.exe |
Added by the SDBOT.BTR WORM! |
| U |
AQ3HelperStartUp |
AQ3HEL~1.EXE |
ScreenScenes "Aquatica
Water Worlds" screensaver. The freeware version comes with GAIN branded
ads (pop-ups and others). ScreenScenes do however offer you the option of
doing away with the ads by purchasing the screensaver for a whopping $30. Please
note that Claria Corporation no longer support GAIN-Supported software - see
here |
| X |
aqadcup.exe |
aqadcup.exe |
Added by the AGENT.BG WORM! |
| X |
Aqujyjax |
[path to file] |
Added by the RANCK-CQ TROJAN! |
| X |
Aqujyjax |
aqujyjax.exe |
Added by the SDBOT-YC WORM! |
| X |
ara-key |
[random filename] |
Added by the ANTINNY WORM! |
| X |
arcaderockstar |
arcaderockstar32.exe |
Arcade Rockstar (now
Gamevance) - free arcade games and prize tournaments. The program itself is
clean, but the TOS and privacy statement say that you agree to allow the
program to track/report your surfing and put popup advertising on your
computer |
| X |
Archive |
archive.exe |
Adware - recognized by
Kaspersky antivirus as Trojan-Downloader.Centim.a |
| X |
ARCHIVE CONTROL |
fixupdattr.exe |
Added by the MYTOB.GU WORM! |
| N |
ARCSolo Recovery |
N/A |
Backup software by Computer
Associates - no longer supported |
| U |
Ardamax Keylogger |
akl.exe |
Ardakey B keystroke logger/monitoring program - remove unless
you installed it yourself! |
| N |
ares |
ares.exe |
"Ares is a
free open source file sharing program that enables users to share any digital
file including images, audio, video, software, documents, etc" |
| N |
areslite |
AresLite.exe |
"Ares is a
free open source file sharing program that enables users to share any digital
file including images, audio, video, software, documents, etc" |
| U |
Argentum Backup |
ab.exe |
Argentum Backup -
a small backup program that lets you easily back up your documents and
folders |
| X |
Aritima |
aritima.exe |
Added by the ARITIM WORM! |
| N |
ARMOR2NET |
Armor2net.exe |
Related
to Armor2net personal firewall (possibly contains or is related to an
anti-spyware product known as ArmorWall, which is a spyware remover - not
recommended, see here |
| N |
ARPWRMSG |
ARPWRMSG.EXE |
Related to HP and Compaq Desktop PCs. Read this article |
| U |
Artera |
arteraui.exe |
Artera Turbo Internet
Accelerator - "surf faster, boost download speed". Only required if
you find it helps improve your performance |
| ? |
AS00 Gear511 |
Gear511.exe |
Software for Netgear wireless
network cards. Unknown whether it is required for the wireless card to run
but does not seem to be a resource hog. Not required for laptop to run if the
wireless network card will not be used. Is it at all
required? |
| U |
AS00_WN511B |
WN511B.exe |
Netgear RangeMax NEXT wireless adapter configuration utility |
| ? |
AS00_WPN511 |
WPN511.exe |
NetgearRev MFC Application -
software for Netgear wireless network cards - what does
it do and is it required in startup? |
| X |
ASDPLUGIN |
100171be.exe |
AsdPlug premium rate adult content dialer variant |
| X |
ASDPLUGIN |
100176br.exe |
AsdPlug premium rate adult content dialer variant |
| X |
ASDPLUGIN |
adult1.exe |
AsdPlug premium rate adult content dialer variant |
| X |
ASDPLUGIN |
Austria.exe |
AsdPlug premium rate adult content dialer variant |
| X |
ASDPLUGIN |
belgium nm.exe |
AsdPlug premium rate adult content dialer variant |
| X |
ASDPLUGIN |
canada.exe |
AsdPlug premium rate adult content dialer variant |
| X |
ASDPLUGIN |
czech.exe |
AsdPlug premium rate adult content dialer variant |
| X |
ASDPLUGIN |
dbaccess.exe |
AsdPlug premium rate adult content dialer variant |
| X |
ASDPLUGIN |
dsldbaccess.exe |
AsdPlug premium rate adult content dialer variant |
| X |
ASDPLUGIN |
dslgeaccess.exe |
AsdPlug premium rate adult content dialer variant |
| X |
ASDPLUGIN |
Finland.exe |
AsdPlug premium rate adult content dialer variant |
| X |
ASDPLUGIN |
france.exe |
AsdPlug premium rate adult content dialer variant |
| X |
ASDPLUGIN |
fullgames.exe |
AsdPlug premium rate adult content dialer variant |
| X |
ASDPLUGIN |
geaccess.exe |
AsdPlug premium rate adult content dialer variant |
| X |
ASDPLUGIN |
mexico.exe |
AsdPlug premium rate adult content dialer variant |
| X |
ASDPLUGIN |
netherlands.exe |
AsdPlug premium rate adult content dialer variant |
| X |
ASDPLUGIN |
temp532.exe |
AsdPlug premium rate adult content dialer variant |
| X |
ASDPLUGIN |
turkey.exe |
AsdPlug premium rate adult content dialer variant |
| X |
ASDPLUGIN |
uk nm.exe |
AsdPlug premium rate adult content dialer variant |
| X |
ASDPLUGIN |
Xadult1.exe |
AsdPlug premium rate adult content dialer variant |
| X |
asdx |
xwinrpc32.exe |
Added by the AGOBOT.VO WORM! |
| N |
ASE Scheduler |
ASE Scheduler.exe |
Aluria Software's spyware
removal tool - we can't really recommend this product as Aluria have recently
partnered with WhenU, the well known adware company, see here and here |
| U |
Ashampoo PopUpBlocker |
PopUpKiller.exe |
Ashampoo popup blocker, part of Magical Security (was Privacy
Protector Plus) |
| Y |
ashAvast |
ashAvast.exe |
Part of Avast antivirus |
| X |
ASHLT |
Ashlt.exe |
Ashlt adware |
| Y |
ashMaiSv |
ashmaisv.exe |
Part of Avast! anti-virus software - E-mail scanner |
| U |
AsioReg |
regsvr32.exe ctasio.dll |
ASIO (Audio Stream In/Out) drivers for the SoundBlaster
Audigy 2 series soundcards - for recording and home project studios. Required
if you use this functionality |
| U |
ASK |
rundll32.exe [path] ASK.dll rdl |
Stealth Keylogger keystroke logger/monitoring program -
remove unless you installed it yourself! |
| X |
asl |
Aslru.exe |
Added by the BANCOS-CU TROJAN! |
| U |
Asmw Soft Popups Burner |
popups burner.exe |
Popup blocker,
part of Asmw Soft PC Optimizer |
| X |
asnconsole |
msasn.exe |
Added by the RBOT.EVU TROJAN! |
| X |
ASocksrv |
SocksA.exe |
Added by the VB.CBW WORM! |
| X |
ASP.NET State Service |
crsass.exe |
Added by the BANLOAD-M TROJAN! |
| X |
ASP.NET State Service |
csrss.exe |
Added by the DLOADER-QI TROJAN!
Note - this is not the legitimate csrss.exe process which is always located
in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is located in the Windows or Winnt
folder |
| X |
ASP.NET State Service |
servicos..exe |
Added by the DADOBRA-I TROJAN! |
| N |
asp4tray |
asp4tray.exe |
System Tray application for
Aureal Vortex based soundcards. Can be run manually via Start -> Settings
-> Control Panel |
| Y |
AspireTimeMachine |
acertmb.exe |
System recovery software
supplied with some Acer notebook PCs. Similar to GoBack and the restore
program in WinXP, allowing you to restore a PC back to a working state with
minimal re-entry |
| U |
a-squared |
a2guard.exe |
a-Squared antitrojan - can
be run on demand but necessary in Startup if you prefer the a² 'Background
Guard' real time protection feature |
| X |
asrupdate.exe |
asrupdate.exe |
Added by the VB.ATZ TROJAN! |
| X |
assistse |
ASSISTSE.EXE |
CnsMin (Chinese Keywords) hijacker related |
| X |
AST |
AST |
Added by the
TROJANDOWNLOADER.WIN32.VB.AH VIRUS! |
| X |
AST |
AST |
Added by the VB.AH TROJAN! |
| X |
AST |
AST.exe |
AutoStarter parasite |
| X |
AStart |
AStart |
Added by the VB.AH TROJAN! |
| U |
ASTART |
astart.exe |
ASUS TweakEnable - restores
manually changed settings for ASUS based video cards such as overclocking.
Only required if you use non-standard settings |
| N |
asTray |
Astray.exe |
Voyetra Audio
Station - part of Voyetra's Ultimate MP3 & CD Manager. MP3 and digital
music jukebox/organizer |
| N |
Astro |
Astro.exe |
Checks for updates to Quicken on
a system reboot |
| N |
ASUS Live Update |
ALU.exe |
ASUS Live Update utility for
their motherboards |
| N |
ASUS Probe |
AsusProb.exe |
ASUS video card fan/thermal
monitor - only required if you overclock your card or live in a hot area |
| U |
ASUS SmartDoctor |
VGAProbe.exe |
ASUS video card fan/thermal
monitor |
| U |
ASUS TweakEnable |
astart.exe |
Restores manually changed
settings for ASUS based video cards such as overclocking. Only required if
you use non-standard settings |
| N |
ASUSKey |
V38SHELL.EXE |
System tray Icon for quickly
changing video modes |
| U |
asustweakenable |
ATweak.exe |
Asus tweaking utility - for fine
tuning the settings of your ASUS display card |
| N |
ASWDP |
ASWDP.exe |
MLS Pulse - real
estate software. Keeps the home buyer/seller continually informed on the
status of his/her local/regional real estate market |
| X |
ASWnk |
aswnk.exe |
Adult content dialler |
| X |
atapidrv |
atapidrv.exe |
Added by the AGOBOT-SL WORM! |
| U |
Athan |
Athan.exe |
Athan - an application that calculates and reminds the five
daily Islamic prayer times for anywhere in the world |
| X |
ATI Active Graphics Card Monitor |
atievx.exe |
Added by the IRCBOT-TL WORM! |
| X |
ATI AS Filter |
msnse.exe |
Added by the RBOT-CCY WORM! Note - modifies the HOSTS file by
appending numerous lines, preventing access to the virus cleaning websites |
| N |
ATI CATALYST System Tray |
CLI.exe SystemTray |
System Tray access to ATI's
CATALYST™ CONTROL CENTER. Note that this has "SystemTray" appended
to CLI.exe in the "Command" column of MSCONFIG. Not required to run
the control center - which is available via a right-click on the desktop |
| N |
ATI DeviceDetect |
ATIDtct.EXE |
Utility meant for future use of
the ATI TV WONDER USB 2.0 video driver and can be disabled |
| X |
ATI Display Driver |
atixd.exe |
Added by the RBOT-FOV WORM! |
| X |
Ati Display Settings |
atividx.exe |
Added by the RBOT-GAS WORM! |
| N |
ATI GART Set-up Utility |
Atigart.exe |
Program that checks the
motherboard chipset and determines which GART driver bundle to install on ATI
video cards. If you have one, once installed it shouldn't be needed |
| U |
ATI Launchpad |
launchpd.exe |
Convenient way to start all your
Multimedia Center applications (DVD, Video CD, CD Audio, File Player). You
can right-click LaunchPad, and uncheck Load on Startup in the menu |
| X |
ATI Rage3d Pro |
AtiRage4dPro.exe |
Added by the AGOBOT-OG WORM! |
| Y |
ATI Remote Control |
ATIRW.exe |
Driver
for the ATI REMOTE WONDER™ RF remote control for ATI's All-In-Wonder graphic
cards and other products. Required if you use it |
| Y |
ATI Remote Control |
ATIX10.exe |
ATI
Remote Wonder™ - PC wireless remote control driver. Required if you use it |
| N |
ATI Scheduler |
Atisched.exe |
Component that remains resident
in memory and automatically launches the ATI VIDEO PLAYER at a user selected
time and date. Delete the shortcut in the Start -> Programs -> Startup
folder as well. Functions could re-enable the program to load at start-up and
re-introduce the shortcut. Try it and see |
| N |
ATI Task Application |
Atitkad.exe |
System Tray access and key-combo
shortcuts to common display functions on ATI video cards. Can be run from
Start -> Settings -> Control Panel -> Display |
| N |
ATI Task Application (Atikey) |
Atitask.exe |
System Tray access and key-combo
shortcuts to common display functions on ATI video cards. Can be run from
Start -> Settings -> Control Panel -> Display |
| X |
ATI Technology Startup |
techstart.exe |
Added by the RBOT-AEU WORM! |
| X |
ATI Video Driver Control |
atigfx.exe |
Added by the RBOT-FWL WORM! |
| X |
ATI VIDEO REGKEY |
ati2vid.exe |
Added by the SDBOT.UR WORM! |
| ? |
Ati2cwxx |
Ati2cwxx.exe |
For some ATI video cards.
Probably used to access features and may not be required - for example the
ATI Radeon works fine without it |
| U |
Ati2mdxx |
Ati2mdxx.exe |
System Tray icon to access ATI
graphics card settings and the Hydravision Desktop Manager |
| N |
ATICCC |
cli.exe runtime |
ATI's CATALYST™ CONTROL CENTER.
Required if you want to change graphics settings on a regular basis but you
must have internet access and Microsoft's .NET framework installed. Note that
this has "runtime" appended to cli.exe in the "Command"
column of MSCONFIG. Recommend that start the program manually via Start ->
Programs -> ATI Catalyst Control Center -> Advanced -> Restart
Runtime as it can casue problems when starting Windows |
| N |
ATICCC |
CLIStart.exe |
Puts the ATI Catalyst™ Control
Center Icon/Shortcut on the System Tray - available via Start -> Programs |
| X |
aticpaxx.exe |
aticpaxx.exe |
Added
by the RBOT-XP WORM! |
| U |
AtiCwd |
Ati2cwad.exe |
This utility adds the ATI tab in
the advanced display properties (gives the option for TV out). Do not uncheck
if there is TV out on the video card |
| U |
AtiCwd |
AtiCwd.exe |
This utility adds the ATI tab in
the advanced display properties (gives the option for TV out). Do not uncheck
if there is TV out on the video card |
| U |
AtiCwd |
AtiCwd32.exe |
This utility adds the ATI tab in
the advanced display properties (gives the option for TV out). Do not uncheck
if there is TV out on the video card |
| U |
AtiCwd32 |
Ati2cwad.exe |
This utility adds the ATI tab in
the advanced display properties (gives the option for TV out). Do not uncheck
if there is TV out on the video card |
| U |
AtiCwd32 |
AtiCwd.exe |
This utility adds the ATI tab in
the advanced display properties (gives the option for TV out). Do not uncheck
if there is TV out on the video card |
| U |
AtiCwd32 |
AtiCwd32.exe |
This utility adds the ATI tab in
the advanced display properties (gives the option for TV out). Do not uncheck
if there is TV out on the video card |
| X |
AtiDisplayDrv |
atidrvxx.exe |
Added
by the RBOT-VZ WORM! |
| X |
atidriver |
reaIplayer.exe |
Added by the WARPIGS-E WORM! Note the uppercase "I"
in the filename, rather than a lower case "L" |
| N |
AtiKey |
AtiKey32.exe |
System Tray access and key-combo
shortcuts to common display functions on ATI video cards. Can be run from
Start -> Settings -> Control Panel -> Display |
| ? |
AtiKey |
atiptkad.exe |
System Tray access and key-combo
shortcuts to common display functions on ATI video cards. Can be run from
Start -> Settings -> Control Panel -> Display |
| N |
Atikey |
Atitask.exe |
System Tray access and key-combo
shortcuts to common display functions on ATI video cards. Can be run from
Start -> Settings -> Control Panel -> Display |
| U |
ATIMACE |
MACE.exe |
ATI Technologies Control Centre
- installed alongside ATI graphics hardware and provides additional
configuration options for these devices in the Managed Access to Catalyst
Environment (MACE) component |
| U |
ATIModeChange |
Ati2mdxx.exe |
System Tray icon to access ATI
graphics card settings and the Hydravision Desktop Manager |
| X |
AtiPanel |
atip.exe |
Added by the TACTSLAY.U TROJAN! |
| X |
atipatxx |
atipatxx.exe |
Added by the SMALL-ED TROJAN! |
| U |
ATIPOLAB |
ati2evae.exe |
ATI Polling Program - part of
the ATI graphics driver e.g. on some Fujitsu-Siemens Notebooks |
| U |
ATIPOLAB |
ati2evxx.exe |
ATI External Event Utility EXE
Module. This task can comsume lots of CPU resournces on some computers,
but it can help with graphics card problems. Leave enabled unless it consumes
too many CPU resources |
| U |
ATIPOLL |
ati2evxx.exe |
ATI External Event Utility EXE
Module. This task can comsume lots of CPU resournces on some computers,
but it can help with graphics card problems. Leave enabled unless it consumes
too many CPU resources |
| U |
AtiPTA |
Ati2ptxx.exe |
Control panel for the ATI series
of video cards allowing access to such features as display resolution, colour
depth, etc. Available via Start -> Settings -> Control Panel ->
Display. Some users may need it if they have optimised their settings |
| U |
AtiPTA |
Atiptaxx.exe |
Control panel for the ATI series
of video cards allowing access to such features as display resolution, colour
depth, etc. Available via Start -> Settings -> Control Panel ->
Display. Some users may need it if they have optimised their settings |
| U |
AtiPTAAA |
Ati2ptxx.exe |
Control panel for the ATI series
of video cards allowing access to such features as display resolution, colour
depth, etc. Available via Start -> Settings -> Control Panel ->
Display. Some users may need it if they have optimised their settings |
| U |
AtiPTAAA |
Atiptaxx.exe |
Control panel for the ATI series
of video cards allowing access to such features as display resolution, colour
depth, etc. Available via Start -> Settings -> Control Panel ->
Display. Some users may need it if they have optimised their settings |
| U |
atiptaxx |
Ati2ptxx.exe |
Control panel for the ATI series
of video cards allowing access to such features as display resolution, colour
depth, etc. Available via Start -> Settings -> Control Panel ->
Display. Some users may need it if they have optimised their settings |
| U |
atiptaxx |
Atiptaxx.exe |
Control panel for the ATI series
of video cards allowing access to such features as display resolution, colour
depth, etc. Available via Start -> Settings -> Control Panel ->
Display. Some users may need it if they have optimised their settings |
| X |
atiptext |
atiptext.exe |
Added by the COSIAM-A TROJAN! |
| U |
AtiQiPcl |
AtiQiPcl.exe |
Used for hardware DVD decoding
on ATI video cards supporting this feature. Not required unless you regularly
play DVD's |
| U |
ATISmart |
ati2s9ag.exe |
ATI's
"SMARTGART", which is included with the "Catalyst"
drivers. When the system boots, it runs a couple of bus tests & tries to
apply the most stable settings |
| U |
AtiSound |
csrss.exe |
WinSpy surveillance software.
Uninstall this software unless you put it there yourself. Note - this is not
the legitimate csrss.exe process which is always located in the System
(9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup!
This file is located in the "ComRoot" subfolder |
| X |
atisrc2 |
windfind.exe |
Added by the WINDFIND-A TROJAN! |
| X |
ATITech |
Active.exe |
Added by the ROAMER-A TROJAN! |
| U |
atitray |
atitray.exe |
ATI Tray Tools - allows quick
access to ATI graphics card settings |
| U |
AtiTrayTools |
atitray.exe |
ATI Tray Tools - allows quick
access to ATI graphics card settings |
| X |
atiupdate |
ATIUPDATE5.EXE |
Added by the DEBESKI.A TROJAN! |
| X |
atiupdate |
msshed32.exe |
Added by the DELF.EP downloader
TROJAN! |
| X |
ATIUpdater |
atiupdxx.exe |
Added
by the RBOT-ABX WORM! |
| X |
Atiupdpl |
atiupdpl.exe |
Added by the SMALL.AOS TROJAN! |
| X |
ativopen |
ativopen.exe |
Premium rate adult content
dialler |
| Y |
ATIX10 |
atix10.exe |
ATI
Remote Wonder™ - PC wireless remote control driver. Required if you use it |
| X |
Atl**.exe [* = random char] |
Atl**.exe [* = random char] |
CoolWebSearch/HomeSearch adware
- for examples, see this log |
| X |
Atl**32.exe [* = random char] |
Atl**32.exe [* = random char] |
CoolWebSearch/HomeSearch adware
- for examples, see this log |
| X |
ATM Control |
adpn.exe |
Added by the MMS.A WORM! |
| N |
ATnotes |
atnotes.exe |
Loads the ATnotes program for
virtual sticky notes for your desktop. Available via Start -> Programs |
| U |
Atomic Time Synchronizer |
TimeSync.exe |
TimeSync - lets you
synchronize your computer's clock with any internet atomic clock |
| U |
Atomic.exe |
Atomic.exe |
Atomic
Clock Sync - synchronizes your computer's time with the NIST time server |
| N |
Atomica |
atomica.exe |
Atomica runs from the System Tray and allows the user to find
out more about a word or phrase on any screen by pointing at it with the
mouse and clicking button one while holding down the Alt key |
| U |
AtomicTime |
ATOMICTIME.EXE |
AtomicTime - utility
that synchronizes your PC clock to an atomic clock |
| X |
Atomic-x27 |
Atomic-x27.exe |
Added by the KATOMIK-A WORM! |
| X |
Atomic-x27C |
AtomicpartC.exe |
Added by the KATOMIK-A WORM! |
| U |
Atrack |
atrack.exe |
New feature of Norton Internet
Security (NIS) and Norton Personal Firewall (NPF) 3.0 is the Alert Tracker,
an instant notification feature. The Alert Tracker displays information about
events as they happen. This way, when a rule has been triggered or an access
to the Internet made, you know about it immediately rather than finding out
about it when you check your logs or notice that the NIS icon indicates a
security alert |
| U |
Atray |
Atray.exe |
Active Tray is a utility
which lets you configure the system tray. You can also create your own tray
icons |
| U |
ATSpooler |
AppsTraka.exe |
DeskTopScout keystroke logger/monitoring program - remove unless
you installed it yourself! |
| U |
ATTBroadbandUpdate |
SAUpdate.exe |
Big Brother from Quest Software. System and network monitor |
| U |
ATTRedUpdate |
AutoUpdate.exe |
Additional item added to
start-ups after AT&T took over the now bankrupt Excite@home high-speed
internet service. Included for automatically downloading and installing
updates. Leave it unless you plan to regularly run it to check for updates |
| X |
AttuneClientEngine |
attune_ce.exe |
Spyware - part of an automated
helpdesk software called Aveo Attune |
| X |
AttuneContentUpdater |
attune_cu.exe |
Spyware - part of an automated
helpdesk software called Aveo Attune |
| X |
AttuneDiscovery |
attune_di.exe |
Spyware - part of an automated
helpdesk software called Aveo Attune |
| X |
Attunel |
Attunel.exe |
Spyware - part of an automated
helpdesk software called Aveo Attune |
| X |
AttuneSystray |
attune_st.exe |
Spyware - part of an automated
helpdesk software called Aveo Attune |
| N |
aTuner |
atuner.exe |
aTuner -
tweak tool for GeForce based graphics cards |
| U |
AT-Watch |
ATWatch.exe |
Anti-Trojan Watch - trojan
detector |
| Y |
atwtusb |
atwtusb.exe |
USB interface for Aiptek
Graphics Tablet (USB) |
| X |
AtxBrw |
Iexplor.exe |
"Pop Marketing" adware |
| U |
au |
DealioAu.exe |
Dealio
Toolbar is a free shopping comparison toolbar that allows users to search for
a wide range of consumer products |
| U |
AU Agent |
AUagent.exe |
Au
Agent from Zilab Software. Win2K/NT enhancement tool. Allows you to run
applications under any security context without closing the whole logon
session to process a new logon |
| X |
au.exe |
au.exe |
Added by the BEAGLE.B WORM! |
| Y |
AUCBPNP |
aucbnpn.exe |
Adaptec USB CardBus Safe-Eject -
driver for the Adaptec USB 2.0 CardBus which provides USB 2.0 ports for
laptop users via a PCMCIA card slot |
| X |
Aucompat |
Aucompat.exe |
Added by the GEMA TROJAN! |
| X |
Audcntr |
audcntr.exe |
Added by the GEMA TROJAN! |
| ? |
AudCtrl |
RunDll32 AudCtrl.dll, RCMonitor |
Audio control panel? |
| X |
audi32 |
audi32.exe |
Added by the RANCK-FL TROJAN! |
| X |
AUDIO |
SOUND.exe |
Added by the PLOYB-A TROJAN! |
| X |
audiocfg.exe |
audiocfg.exe |
Added by the VB.ATE WORM! |
| X |
Audiocntl |
audiocntl.exe |
Added by a variant of the CRYPTER.C TROJAN! |
| N |
AudioDeck |
ADeck.exe |
ADeck.exe is a system tray
application for VIA's sound cards which offers quick access to a number of
sound card related items |
| X |
Audiodrv |
audiodrv.exe |
Added by the CRYPTER-C TROJAN! |
| U |
AudioDrvEmulator |
DLLML.exe AudDrvEm.dll |
Related to Creative DLL
Module Loader for the Sound Blaster X-Fi (and maybe others). This program is
non-essential process to the running of the system, but should not be
terminated unless suspected to be causing problems |
| N |
AudioHQ |
Ahqtb.exe |
For Creative Soundblaster Live!
series soundcards. System tray application for SB Live! functions. Available
via Start -> Programs |
| N |
AudioHQU |
AHQTBU.EXE |
System Tray application
installed with the drivers for Creative Labs SoundBlaster Live! Can be run
from Start -> Programs |
| X |
audioinf |
audioinf.exe |
Added by a variant of the CRYPTER.C TROJAN! |
| X |
auloadplx |
mplprogsm.exe |
Added by the SLAPER.K TROJAN! |
| X |
AUNPS2 |
RUNDLL32 AUNPS2.DLL, _Run@16 |
AUNPS adware |
| X |
aupd |
symcsvc.exe |
Added by the ABWIZ.D TROJAN! |
| X |
aupd |
sysvcs.exe |
Added by the ABWIZ.C TROJAN! |
| X |
aupd |
sywsvcs.exe |
Added
by the ORSE-M TROJAN! |
| Y |
Aureal A3D Interactive Audio |
sa3dsrv.exe |
For Aureal based 3D soundcards.
A3D sound features won't work with this disabled |
| Y |
Aureal A3D Interactive Audio
Init |
A3dInit.exe |
For Aureal based 3D soundcards.
A3D sound features won't work with this disabled |
| X |
ausvc |
ausvc.exe |
Added by the AUTOUPDER TROJAN! |
| X |
Auth Starter Ident |
startauth.exe |
Added
by the RBOT-WP WORM! |
| X |
authz |
authz.exe |
Added by an unidentified VIRUS,
WORM or TROJAN! |
| X |
Auto CD-ROM Startup |
cdaccess.exe |
Added by the SPYBOT.BLA WORM! |
| U |
Auto EPSON Stylus CX6400 on
DDLS1Z11 |
E_S4I2L1.EXE |
Related to Epson Stylus CX6400
Series printer |
| X |
auto repair system |
qualityx.exe |
Added by an unidentified WORM or TROJAN - probably a SPYBOT
variant |
| U |
Auto Switch |
TASKBAR.exe |
Related to 2-port Bitronics
AutoSwitch kit from Belkin |
| N |
Auto T Bar |
autotbar.exe |
If you disable the HP VIEW
toolbar in IE and rearrange the toolbars on a reboot they will be back as
they were before if this is left enabled |
| X |
Auto updat |
crcss.exe |
Added by the SDBOT.AAG WORM! |
| X |
Auto Updat |
WindowsSys32.exe |
Added by a variant of the FORBOT WORM! |
| X |
Auto Update |
AUP.exe |
Added by an unididentified WORM
or TROJAN! |
| X |
Auto Update |
dma.exe |
Added by the RBOT-AVO WORM! |
| X |
Auto Update |
svchost.exe |
Added by the DUMARDI-A TROJAN!
Note - this is not the legitimate svchost.exe process which is always located
in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is located in the Winnt or Windows
folder |
| X |
Auto Updates |
svchost.exe |
Added by the CHEUKO-A TROJAN!
Note - this is not the legitimate svchost.exe process which is always located
in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is located in the Winnt or Windows
folder |
| X |
Auto WinUpdate |
taskmrg.exe |
Added by the RBOT-AFA WORM! |
| X |
auto__antiav__key |
antiav_exe.exe |
Added by the BAGLEDI-AA TROJAN! |
| X |
auto__hloader__key |
hloader_exe.exe |
Added by the BAGLE.AB TROJAN! |
| U |
Autobar |
autobar.exe |
Connect buttons on the keyboard
for internet direct access, etc. on HP computers |
| U |
AutoCAD Startup Accelerator |
acstart16.exe |
Preloads some libraries that are used by AutoCAD in order to
make the software load faster |
| U |
autoclk |
autoclk.exe |
Autoclik is a Windows utility "that allows you to
perform all mouse activity with absolutely no clicking" |
| N |
AutoEA |
Ahqrun.exe |
For Creative Soundblaster Live!
series soundcards. Specify for any audio application what audio preset to
automatically associate with currently active speaker output. Available via
AudioHQ |
| X |
AUTOEXE |
AUTOEXE.exe |
Added
by the SEMAPI-A WORM! |
| X |
Autoloaderaproposclient |
Apropos_Client_Loader.exe |
AproposMedia adware |
| X |
Autoloaderaproposclient |
cxtpls_loader.exe |
AproposMedia adware |
| X |
AutoLoaderEnvoloAutoUpdater |
auto_update_loader.exe |
Envolo/AproposMedia adware updater |
| N |
AutoMate Task Service |
automate.exe |
Task scheduler for Unisyn Automate 4 task automation/macro
running software. Available via a desktop shortcut or Start -> Programs |
| U |
AutoMate5 |
Am5HkWnd.exe |
"Automate
is the Leading Software for Automation of front and back-office business
processes.It provides all the tools necessary to completely automate business
processes, regardless of their complexity" |
| X |
Automatic Defrag Manager |
defrag.exe |
Added by the RBOT-AKE WORM! |
| X |
Automatic Microsoft Windows
Updater |
suchost.exe |
Added
by the RBOT-EQ WORM! |
| X |
Automatic Windows Updater |
Update.exe |
Added by the GAOBOT.AO WORM! |
| N |
Automatically launches the
United Devices Agent when you start your computer |
UD.EXE |
The United Devices Agent can
recycle your PC's unused resources and use them to perform valuable
scientific and medical research without disturbing your usual computer use -
similar to SETI@home but for medical research. Available via Start >
Programs |
| X |
Autopdate |
Autopdate.exe |
Added by the RBOT-AGL WORM! |
| N |
AUTOPROP |
REGPROP.EXE WMPADDIN.DLL |
Both the files are in the MS
Office/Bots/FP_WMP directory. Apparently, it registers the FrontPage WiMP
extension |
| X |
AUTOPROTECTU |
navapq32.exe |
Added by an unidentified WORM or
TROJAN! |
| X |
autorepair |
dexs.exe |
Added by a
variant of the SDBOT WORM! |
| U |
Autoroute SMTP |
AutoSmtp.exe |
Autoroute SMTP -
"automatic switching between SMTP servers depending on what network you
are currently working in." You need to have two Internet service
providers |
| X |
autorun |
autorun.exe |
Added
by the AUTOM-B WORM! |
| ? |
AutoShutdown |
pssvc.exe |
Utility to fix vCard Export in
MS Outlook 2000 - although why are these together? |
| U |
AutoSizer |
AUTOSIZER.EXE |
AutoSizer -
utility that automatically maximizes windows when they're opened |
| N |
AutoSpell |
autospel.exe |
AutoSpell - spell checker
(version 6.*) |
| N |
AutoSpell 5 |
ASWATC32.EXE |
AutoSpell - spell checker |
| U |
AutoSys |
autosys.exe |
Winguardian surveillance software. Uninstall this software
unless you put it there yourself |
| N |
autotbar |
autotbar.exe |
If you disable the HP VIEW
toolbar in IE and rearrange the toolbars on a reboot they will be back as
they were before if this is left enabled |
| N |
AutoTKit |
AUTOTKIT.EXE |
On HP PC's. Unclear what purpose
it serves - but there's a known issue with Internet Explorer Toolbar settings
not being saved with it enabled |
| N |
autoupd |
autoupd.exe |
Raxco Software Auto Update utility."Used to keep your
software up-to-date" |
| X |
autoupd |
autoupd.exe |
Added by an unidentified VIRUS,
WORM or TROJAN! - found in a folder of the same name |
| X |
autoupdate |
rundll32 [path] DATADX.DLL,
SHStart |
Added by a variant of the QOOLOGIC TROJAN! |
| X |
autoupdate |
rundll32 [path] SUPDATE.DLL,
SHStart |
Added by a variant of the QOOLOGIC TROJAN! |
| X |
autoupdate |
WINUP2DATE.DLL, SHStart |
Unidentified adware -
detected by Panda antivirus as the CLICKER.CY TROJAN! |
| X |
Autoupdate Service |
kaka.exe |
Added by the SYMPE-B TROJAN! |
| X |
AutoUpdater |
aupdate.exe |
Tinybar variant |
| X |
AutoUpdater |
AutoUpdate.exe |
PeopleonPage
foistware |
| X |
autoupdatev2 |
[path to file] |
Added by the DROPPER-BM TROJAN! |
| X |
autoupdatev2 |
autoupdatev2.exe |
Recognized by Kaspersky
antivirus as Clicker.Win32.Agent.fq |
| X |
AutoVirusProtection |
ciscv.exe |
Added by a variant of the RBOT WORM! |
| X |
aux.exe |
aux.exe |
Added by the ZINS TROJAN! |
| X |
auxAudioDevice |
aux32.exe |
Added by the AIZU WORM! |
| N |
AUXXTRAY |
au30setp.exe |
System Tray application for
Aureal Vortex based soundcards. Can be run manually via Start -> Settings
-> Control Panel |
| X |
AV |
UPDATE-28062004.exe[25 blank
spaces].vbs |
Added by the MIDFIN WORM! |
| X |
AV Client |
patch31345.exe |
Added by the MYDOOM.AD WORM! |
| X |
AV Industry |
patch31345.exe |
Added by the MYDOOM.AD WORM! |
| X |
AV UpDate |
Update.exe |
Added by the FUROOT-A TROJAN! |
| N |
AvaFind |
AvaFind.exe |
AvaFind
file search utility |
| X |
AVantivirus |
Avconsol.exe |
Added
by the MSNVB-D WORM! |
| Y |
avast! |
ashDisp.exe |
Part of Avast! anti-virus software |
| Y |
Avast! |
ashserv.exe |
Part of Avast! anti-virus software |
| Y |
avast! Web Scanner |
Ashwebsv.exe |
Part of Avast! anti-virus software |
| Y |
Avast32 |
Astart32.exe |
Part of Avast! anti-virus software |
| X |
avc |
avmon.exe |
Added by an unidentified TROJAN! |
| U |
AvconsoleEXE |
Avconsol.exe |
From McAfee VirusScan up to
version 4.x and Dr Solomon's VirusScan. Used to schedule regular scans. If
you don't have scans scheduled you don't need it |
| X |
AveoAttune |
atmdlusr.exe |
Spyware - part of an automated
helpdesk software |
| U |
AVFX Engine |
StartFX.exe |
Advanced
Video FX - supported by a number of Creative Web Cameras. "Have more fun
by adding a wide range of special effects and backgrounds to your video chat
with Advanced Video FX" |
| X |
AvG |
svchost323.exe |
Added
by the RBOT-ZA WORM! |
| X |
Avg Antivirus |
icpldrvx.exe |
Added
by the BANKER.BYU TROJAN! |
| Y |
AVG Anti-Virus system |
avgcc.exe |
AVG Anti-Virus 7.0 Control Center. Allows you to manage and
control all AVG Anti-Virus components, settings and updates |
| X |
AVG Grisoft Updater |
updater.exe |
Added by the AGOBOT-OT WORM! |
| Y |
AVG_CC |
avgcc32.exe |
AVG anti-virus control center. Also enables scheduled tests,
Outlook E-mail plug-in and automatic updates |
| Y |
AVG_EMC |
AVGEMC.exe |
AVG Anti-Virus 7.0 Email Cleaner. Scans incoming and outgoing
email for viruses |
| Y |
AVG_RegCleaner |
AVGREGCL.exe |
AVG Anti-Virus 7.0 Registry Cleaner - for checking the
registry for virus additions and other security problems |
| Y |
AVG7_AMSVR |
Avgamsvr.exe |
AVG antivirus related |
| Y |
AVG7_CC |
AVGCC.exe |
AVG Anti-Virus 7.0 Control Center. Allows you to manage and
control all AVG Anti-Virus components, settings and updates |
| Y |
AVG7_CC |
avgcc.exe |
AVG Anti-Virus 7.0 Control Center. Allows you to manage and
control all AVG Anti-Virus components, settings and updates |
| Y |
AVG7_EMC |
AVGEMC.exe |
AVG Anti-Virus 7.0 Email Cleaner. Scans incoming and outgoing
email for viruses |
| Y |
AVG7_Run |
avgw.exe |
AVG Anti-Virus 7.0 related |
| Y |
avgamsvr.exe |
Avgamsvr.exe |
AVG antivirus related |
| Y |
avgcc32 |
avgcc32.exe |
AVG anti-virus control center. Also enables scheduled tests,
Outlook E-mail plug-in and automatic updates |
| Y |
AVGCtrl |
AVGCtrl.exe |
Part of AntiVir® PersonalEdition Classic antivirus |
| Y |
avgfwsrv |
AVGFWSRV.EXE |
Firewall
from Grisoft AVG Plus Firewall Edition |
| Y |
avgmsvr.exe |
avgmsvr.exe |
AVG Anti-Virus 7.0 related |
| Y |
AVGnt |
AVGnt.exe |
AntiVir® PersonalEdition Classic antivirus. System Tray icon
and control program |
| Y |
Avgserv9.exe |
Avgserv9.exe |
AVG antivirus background monitoring |
| Y |
AVGuard |
AVGuard.exe |
AntiVir® PersonalEdition Classic antivirus. Background task
which scans files transparently |
| X |
avidrv |
drvsc.exe |
Recognized by Kaspersky
antivirus as Trojan-Downloader.Win32.Agent.ph |
| X |
Avimgt |
Avimgt.exe |
Added by the GEMA TROJAN! |
| X |
Avimgt32 |
Avimgt32.exe |
Added by the GEMA TROJAN! |
| Y |
avinit |
AVINIT9X.EXE |
Command Antivirus
related |
| Y |
AVK Mail Checker |
AVKPop.exe |
eXtendia AVK AntiVirus email checker |
| Y |
AVKBar |
AVKBar.exe |
GData
AntiVirusKit Anti-virus |
| Y |
AvMaiSrv |
Avmaisrv.exe |
Part of Avast! anti-virus software - E-mail scanner |
| X |
avnort |
formatsys.exe |
Added by the SERFLOG.A WORM! |
| X |
avnort |
msmbw.exe |
Added by the SERFLOG.A WORM! |
| X |
avnort |
serbw.exe |
Added by the SERFLOG.A WORM! |
| X |
AVP |
[path to trojan] |
Added by the MUTBO-A TROJAN! |
| Y |
avp |
avp.exe |
AOL's Active Virus Shield |
| Y |
avpcc |
avpcc.exe |
Kaspersky Labs anti-virus |
| Y |
avpm |
avpm.exe |
Kaspersky anti-virus |
| X |
Avpr |
avpr.exe |
Added by the MYDOOM.AF WORM! |
| X |
AVP-SE |
avp-32.exe |
Added by the AGOBOT.FS WORM! |
| X |
avptask |
[path to trojan] |
Added by the NOFERE-G TROJAN! |
| X |
avptask |
expl0rer.exe |
Added by the AGENT.JJO TROJAN! |
| X |
Avptask |
rund1132.exe |
Added by the AGENT.PKZ TROJAN! |
| X |
Avril Lavigne - Muse |
[random filename] |
Added
by the AVRIL-A WORM! |
| Y |
AVSCHED32 |
AVSched32.exe |
AntiVir® PersonalEdition Classic - antivirus |
| Y |
AVSchedScan |
SCHSC9X.EXE |
Command Antivirus
related |
| X |
AvSer |
dsm.exe |
Added by the SERFLOG.B WORM! |
| X |
AvSer |
msmpatch.exe |
Added by the SERFLOG.B WORM! |
| X |
AvSer |
svosm.exe |
Added by the SERFLOG.B WORM! |
| X |
AvSer |
sysup.exe |
Added by the SERFLOG.B WORM! |
| X |
avserve.exe |
avserve.exe |
Added by the SASSER WORM! |
| X |
avserve2.exe |
avserve2.exe |
Added by the SASSER.B or
SASSER.C WORMS! |
| X |
avserve3.exe |
avserve3.exe |
Added by the SASSER.G WORM! |
| U |
AVStation premium |
AVStation agent.exe |
Related to Samsung AV Station - instant playback of music,
photos, videos |
| N |
Avtray |
Avtray.exe |
Command Antivirus
tray icon |
| ? |
AVWLPSTA |
AVWLPSTA.exe |
PRISM Status Tray Applet - but what is it for and is it required? |
| Y |
AVWUpd32 |
AVWUPD32.EXE |
AntiVir® PersonalEdition Classic - updater |
| Y |
avx communicator |
xcommsur.exe |
Anti-virus part of
BitDefender virus scanner/firewall |
| Y |
Avxlive |
avxlive.exe |
Bullguard or BitDefender
antivirus |
| Y |
avxlni |
avxinit.exe |
Anti-virus part of
BitDefender virus scanner/firewall |
| ? |
Avxnews |
?? |
?? |
| U |
Awatch |
Awatch.exe |
Diagnosis tool that monitors DSL
connections, installed alongside DSL drivers from AVM Fritz's range of modem
products |
| U |
AwaySch |
AwaySch.EXE |
Part of the IBM ThinkVantage Productivity Center. "The
Away Manager application allows you preselect and run routine tasks to
maintain your system's performance" |
| N |
awhost32 |
awhost32.exe |
Part of Symantec's pcAnywhere remote PC management software.
Provides an automatic startup of the client PC in host mode in conjuction
with a host-definition file, so system administrators can access the machine.
Can cause a 10% reduction in speed and not recommended |
| Y |
a-winpoet-service |
winpppoverethernet.exe |
WinPoET is the
industry's first Windows-based PPP over Ethernet client. Developed by
iVasion, WinPoET is attractive to equipment providers, modem suppliers, RBOCs
and ISPs. For more info read here. It uses dial-up networking for new
high-speed internet customers who are more familiar with analogue modems. If
unchecked in MSCONFIG it reports Error 360 - Hardware Error in dial-up
networking |
| U |
AWMON |
Ad-Monitor.exe |
F-Secure Anti-Spyware |
| U |
AWMON |
Ad-Watch.exe |
Part of
Lavasoft Ad-aware Plus - realtime spyware-monitor watching your memory and
registry for spyware that tries to install or change your system |
| ? |
AWUSGSTA |
AWUSGSTA.exe |
Reportedly related to a USB Wifi
Adapter - is it required at startup? |
| U |
awxDTools |
awxDTools.dll, awxRegisterDll |
AwxDTools related - a
Windows Shell-Extension for the Daemon-Tools. It extends the context-menu of
ImageFiles supported by Daemon-Tools (i.e.: *.cue, *.iso, *.ccd ...) |
| ? |
AxFilter |
Rundll32 AXFILTER.DLL, Rundll32 |
?? |
| X |
AXVenore |
AXVenore.exe |
Identified as a TROJAN! |
| U |
AzMixerSel |
AzMixerSel.exe |
Related to Realtek_Azalia
Mixer Selector |
| Y |
azmodem |
azexe.exe |
Aztech Labs modem driver |
| X |
b.exe |
b.exe |
Added by the SDBOT.BND WORM! |
| N |
B.Reader |
remin.exe |
Birthday Reminder 5.0 - as
the name implies |
| X |
b3d |
BDEsecureinstall.exe |
B3d Projector foistware - periodically trys to access the
internet. (1) Uninstall it via Start -> Settings -> Control Panel ->
Add/Remove Programs. (2) Remove the BDEsecureinstall.exe if still present in
the "System" directory. (3) Disable and ideally delete it from the
registry. (4) Remove the "BDE" directory and all its contents |
| X |
b3dUpdate |
Zupdate.exe |
Associated with B3d Projector
foistware - see here |
| U |
b9 |
B9.exe |
FireTrust
Benign - allows you to receive e-mail which is safe from viruses, worms,
scripts, web bugs, privacy threats and other security risks, without
affecting your e-mail. "Benign neutralizes or strips out the code that
makes viruses, worms, scripts and other potentially harmful things run" |
| X |
b99 |
msmm.exe |
ClientMan parasite variant |
| X |
bab |
svchst32.exe |
Added by the AGENT.Q TROJAN! |
| X |
babeie |
rundll32 cnbabe.dll, dllstartup |
CommonName Toolbar spyware. To
uninstall see here |
| N |
Babylon Client |
Babylon.exe |
Babylon-Pro is a powerful information tool that instantly
provides relevant information, translations & conversions for any word or
value you click on" |
| N |
Babylon Translator |
Babylon.exe |
"Babylon-Pro is a powerful information tool that
instantly provides relevant information, translations & conversions for
any word or value you click on" |
| X |
Back Updates |
Uninstall.log.vbs |
Added by the YPSAN.D WORM! |
| X |
Backdoor.NuAgent |
agent.exe |
Added by the AGENT-DP TROJAN! |
| X |
Background Intelligent Transfer
Service |
rundll32.exe |
Added by the VB-ZD TROJAN! Note
- this file is located in the C:Windowshelp folder, and is not to be confused
with the legitimate rundll32.exe file! |
| U |
BackgroundSwitcher |
bgswitch.exe |
Originally
included with Microsoft's XP PowerToys (but now withdrawn - see here,
Background Switcher allows your desktop background to periodically change |
| N |
Backpack UDF |
bpudfmon.exe |
Backpack UDF packet writing software for Microssolutions'
Back Pack external CD-RW drive. Similar to DirectCD. Run manually before
insert an appropriately formatted CD-RW disk |
| X |
backup |
[path to worm] |
Added by the AGOBOT-H WORM! |
| X |
Backup Service |
backup.svc |
Unidentified adware |
| U |
Backup4all OTB Agent |
B4AOTB.exe |
"Backup4all
is an award-winning data backup software for Windows. This backup utility was
designed to protect your valuable data from partial or total loss by
automating backup tasks, password protecting and compressing it to save
storage space" |
| U |
BackupExecScheduler |
besch.exe |
Veritas "Back Up My
PC" software |
| ? |
BackupNotify |
backupnotify.exe |
HP Digital Imaging related. What does it do and is it required? |
| N |
BackWeb |
backweb.exe |
Automatically detects an
internet connection and downloads any available updates. Typical on Compaq
and HP PC's but not restricted to those OEM's. Resource hog and often causes
malfunctions. Available via Start -> Programs |
| N |
Backwork |
Backwork.exe |
Backwork trojan detector |
| U |
BACPI10 |
bacpi10a.exe |
Known as "PowerKey" -
a minimalistic keyboard driver that allows power management keys on BTC
keyboards to function properly in older OS's (i.e. Win95/98/NT4). Also adds
an icon to the system tray |
| N |
BacsTray |
BacsTray.exe |
Broadcom Advanced Control Suite
- for modems and set top boxes based upon Broadcom chipsets. Not required
unless you have networking problems |
| X |
BADDATE |
BADDATE.EXE |
Added by an unidentified VIRUS,
WORM or TROJAN! |
| X |
BagleAV |
csrss.exe |
Added by the NETSKY.AB WORM!
Note - this is not the legitimate csrss.exe process which is always located
in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is located in the Windows or Winnt folder |
| X |
Bakra |
IEHost.EXE |
Added by the MULTIDR-AH TROJAN! |
| X |
bal |
SYSMONMS.EXE |
Added by the FAKEALERT TROJAN! |
| X |
Band-Aid |
[path to file] |
Added by the RANKY.O TROJAN! |
| X |
Bandook |
ali.exe |
Added by the EXEMAS-B TROJAN! |
| U |
Bandwidth Monitor Pro |
Bandwidth Monitor Pro.exe |
Bandwidth Monitor
Pro - utililty to track your current download/upload limit that may be set by
your ISP |
| U |
Banpopup by Pratik |
Banpopup.exe |
Banpopup - popup killer |
| X |
Bar Ding lolt |
Analiz.exe |
Added
by the RBOT-RP WORM! |
| X |
bargains |
bargainbuddy.exe |
BargainBuddy foistware |
| X |
bargains |
bargains.exe |
BargainBuddy foistware |
| U |
Bart Station |
PPCOLink.exe |
Dialer for PeoplePC ISP |
| ? |
Bart Station |
station.sbrt |
Related to PeoplePC ISP. May
be a dialler for dial-up accounts? |
| X |
BarTheme |
bartent32.exe |
Added by the AGOBOT-UG WORM! |
| N |
bascstray |
BascsTray.exe |
Broadcom Advanced Control Suite
- for modems and set top boxes based upon Broadcom chipsets. Not required
unless you have networking problems |
| X |
Bat |
secure2.bat |
Added by the ZCREW.C TROJAN! |
| N |
Batchreg1 |
N/A |
Part of the Windows System Recovery process. Added to the
registry via Msbatch.inf. The existence of this key or process after the last
reboot during installation indicates an unsuccessful installation, as that
key should be deleted automatically. See here |
| U |
BatInfEx |
rundll32.exe |
Displays battery status
information on an IBM Thinkpad |
| X |
BatSrv |
batserv2.exe |
Recognized by Kaspersky
antivirus as the Win32.Locksky.m WORM! |
| U |
Battery Scope |
batmgr.exe |
Monitors battery levels on a
notebook/laptop PC |
| U |
BatteryBar |
batterybar.exe |
BatteryBar
- displays battery usage, and the current percentage of battery power left |
| X |
BatzBack |
BatzBack.scr |
Added by the BACKZAT WORM! |
| U |
BAUSB |
BAUSB.exe |
Boston Acoustics Audio, USB
driver |
| X |
bawindo |
bawindo.exe |
Added by the BEAGLE.AR or
BEAGLE.AU WORMS! |
| U |
BayMgr |
DockApp.exe |
Hot-swappable drive management
on laptops allowing you to change drives without closing down Windows. Only
required if you frequently swap bay devices |
| U |
Bayswap |
bayswap.exe |
Hot-swappable drive management
on Compaq Notebooks which allows you to swap drives without closing down
Windows. Only required if you frequently swap bay devices |
| U |
Bayswap2 |
TbUpdate.exe |
Hot-swappable drive management
on Compaq Notebooks which allows you to swap drives without closing down
Windows. Only required if you frequently swap bay devices |
| N |
BBC Alerts |
BBC_Alerts.exe |
BBC Alerts
- "You can now have all the latest news and sports headlines delivered
straight to your desktop with the new BBC Alerts service" |
| U |
BBC News alerts |
skinkers.exe |
BBC News
Desktop Alerts service - see here. Desktop alert and breaking news e-mail
services let you find out about all the latest news as it happens |
| ? |
BBDial |
BT Broadband.exe |
Part of BT Broandband - is it
required? |
| N |
bbSysTray |
bbSysTray.exe |
Philips CD-RW related -
"the 'Blue Button' feature gives users the chance to receive convenient
online support for their possible device problems or questions" |
| U |
bbui |
bbui.exe |
AOL DSL status monitor
displaying a red/green icon indicating if you have a connection |
| U |
bca |
bca.exe |
BeClean Agent - registry,
history, temp files, etc cleaner |
| U |
BCDetect |
bcdetect.exe |
Bcdetect.exe searches the system
to make sure Creative drivers are installed for the video card. It loads the
BlasterControl when the drivers are detected. Your choice - try it and see |
| Y |
BCMDMMSG |
bcmdmmsg.exe |
BCM voicemodem driver. Required
for dial-up if you have one of these modems |
| U |
BCMHal |
rundll32.exe bcmhal9x.dll,
bcinit |
BlasterControl for Creative
video cards - controls for desktop settings, monitor configuration, colour
adjustments and performance tuning. May be needed to retain settings |
| Y |
BCMSMMSG |
BCMSMMSG.exe |
BCM voicemodem driver. Required
for dial-up if you have one of these modems |
| ? |
bcmwltry |
bcmwltry.exe |
Broadcom Corporation Wireless
Network Tray Applet. Is it required? |
| N |
BCNT |
bcnt.exe |
AWS Weatherbug
related. What does it do? |
| X |
BCPC |
bcpc.exe |
BroadcastPC adware variant |
| X |
bcpc_c |
bcpc_c.exe |
BroadcastPC adware variant |
| U |
BCTweak |
bctweak.exe |
BlasterControl for Creative
video cards - controls for desktop settings, monitor configuration, colour
adjustments and performance tuning. May be needed to retain settings |
| X |
Bcvsrv32 |
bcvsrv32.exe |
Added by the GAOBOT.BQJ WORM! |
| N |
BCWipeTM |
bcwipetm.exe |
BCWipe Task Manager - scheduler for BCWipe so that it runs at
convenient times. You can set a time for running the task, as well as special
options for the task. Run manually when needed |
| X |
BD |
dc.exe |
Added by the RASDOOR-A TROJAN! |
| U |
BDAgent |
bdagent.exe |
BitDefender antivirus |
| Y |
BDMCon |
Bdmcon.exe |
BitDefender antivirus |
| Y |
BDNewsAgent |
bdnagent.exe |
BitDefender antivirus -
updater |
| Y |
BDOESRV |
bdoesrv.exe |
Bitdefender 8 antivirus
and firewall |
| Y |
BDSwitchAgent |
bdswitch.exe |
Bitdefender 8 antivirus
and firewall |
| U |
BearFlix |
BearFlix.exe |
BearFlix is optimized for the
fast download of video files |
| N |
BearShare |
bearshare.exe |
BearShare file sharing client.
Versions known to include spyware - see here |
| U |
BeatNik Internet Clock |
BeatNik.exe |
BeatNik Internet Clock is a Windows clock add-on that
supports 'skins'. It can also synchronize your computer's clock with an
atomic clock |
| X |
Beawver |
saqevre.exe |
Added by
the RANKY.AGA TROJAN! |
| X |
Beegees Update |
beegees.exe |
Added by the SDBOT-ADK WORM! |
| ? |
BEEI |
beei.exe |
?? |
| U |
BeFaster |
befaster3.exe |
BeFaster internet connection
optimization tool |
| ? |
BEHL |
BEHL.exe |
?? |
| ? |
BEHLO |
BEHLO.exe |
?? |
| N |
Belkin PCMCIA WLAN Monitor |
monitorbk.exe |
Belkin USB Network Adapter
Management utility - can be started manually |
| N |
Belkin Wireless Utility |
Belkinwcui.exe |
Wireles configuration utility for some Belkin cards such as
the Wireless G Desktop Card |
| U |
BellSouthAlertManager.exe |
BellSouthAlertManager.exe |
Related to BellSouth Alert Manager |
| U |
BelNotify |
[path] NPBelv32.dll,
RunDll32_BelNotify |
"BelTech from Belarc enables licensees to offer
automated, Web-based problem resolution to their end-users. BelTech allows
the end-user to simply go to a web page and automatically resolve their
problem or point them to the right solution. BelTech Manager allows
non-programmers to rapidly and easily deploy and maintain this service" |
| ? |
BELORVBI |
BELORVBI.exe |
?? |
| ? |
Belsta.exe |
Belsta.exe |
Configuration tool for Belkin
wireless network cards. Required to change the card's configuration. Is it required for correct operation once the confuiguration
is changed? |
| X |
Belt |
Belt.exe |
VX2.Transponder parasite updater/installer related |
| X |
Benadril Alert Tool |
benadrilalert.exe |
Plug-in for WeatherBug advising
when pollen count in your area is high - prompting you to buy Benadril |
| N |
BestPopUpKiller |
BestPopupKiller.exe |
Popup
killer by Swanksoft - not recommended, see here |
| X |
BeSys |
[path to file] |
BeSys adware |
| X |
BF4P |
bf4p.exe |
Added by the IRCBOT.GEN WORM! |
| Y |
bg |
bullguard.exe |
Bullguard antivirus and
firewall. The P2P version is free with KaZaA Media Desktop and Grokster |
| U |
BGInfo |
Bginfo.exe |
BGinfo automatically displays relevant information about a
Windows computer on the desktop's background, such as the computer name, IP
address, service pack version, and more |
| U |
BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} |
NMBgMonitor.exe |
Associated with Nero Scout,
added by version 7 of the Nero digital media suite (CD & DVD burning,
authoring, etc). Thanks to Help2Go.com, if you feel this is draining more
resources that necessary you can disable it by clicking here |
| Y |
BGNewsAgent |
bgnewsag.exe |
BullGuard antivirus updater |
| N |
bgsmsnd |
bgsmsnd.exe |
Printer driver to generate PDF
files from any program |
| N |
BHOCop |
BHOCop.exe |
PC
Magazine's BHO Cop that lets you see what browser helper objects are
installed. Useful for detecting spyware |
| U |
BHODemon 2.0 |
BHODemon.exe |
BHODemon "protects you from
unknown Browser Helper Objects (BHOs), by letting you enable/disable them
individually. When running, it also monitors your Registry and alerts you
when a BHO is installed. Best of all, BHODemon knows about the most common
BHOs - the good ones, and the not-so-good ones!". If you prefer forgoing
resident protection, the application can also be run on demand |
| U |
BHR |
BHR.exe |
Browser Hijack
Retaliator - recovers your browser after it has been hijacked by spyware,
adware, etc |
| U |
BI1HelperStartUp |
BI1HEL~1.EXE |
ScreenScenes "Beach
Islands" screensaver. The freeware version comes with GAIN branded ads
(pop-ups and others). ScreenScenes do however offer you the option of doing
away with the ads by purchasing the screensaver for a whopping $30. Please note
that Claria Corporation no longer support GAIN-Supported software - see here |
| X |
BIE |
Rundll32.exe BDSrHook.dll,
Rundll32 |
BDplugin parasite |
| X |
BIG |
biggy.exe |
Added by the DELBOT-AG WORM! |
| U |
BigDog303 |
VM303_STI.EXE |
Related to VIMICRO USB
for PC Camera |
| ? |
BigDogPath |
VM_STI.EXE |
Bundled with some software for
digital cameras that use a USB connection - what does it
do and is it required? |
| N |
bigfix |
BIGFIX.EXE |
BigFix can
automatically download and read technical support information provided by
computer and software manufacturers and other technical support experts
(published in the form of Fixlet® Messages) and can automatically check your
computer for bugs, configuration conflicts, and security holes. Should only
be started manually as it's a resource hog |
| U |
BigPond Toolbar |
bpumTray.exe |
Telstra BigPond
Toolbar - "Introducing the free and easy to use BigPond Toolbar that is
designed to make your internet experience and managing your Telstra internet
account a whole lot easier" |
| N |
BigPondCable |
bpcable.exe |
Telstra Bigpond Cable login
software - can be started manually |
| X |
bikini |
bikini.exe |
Added by the LOWZONE-CX TROJAN! |
| N |
Billminder |
Billmind.exe |
Can be setup in Quicken to
remind user of due payments. Available via Start -> Programs |
| X |
bin32hpu |
ppstub.exe |
PrecisionPop adware |
| X |
bingdian |
Bingdian.vbs |
Added by the BINGD WORM! |
| ? |
Bingo Charm |
charms.exe |
Some kind of screen icon kind of
like desk flag, but it gives you a choice of icons? |
| U |
Biomenu |
menusw.exe |
Related to Sony VAIO - passwords, encryption, and a biometric
fingerprint sensor |
| X |
Bios |
Bios32.exe |
Added by an unidentified VIRUS,
WORM or TROJAN! |
| X |
BIOS XP Loader |
[random filename] |
Added
by the RBOT-IC WORM! |
| X |
BIOS1 |
BIOS1.EXE |
Added by the OPASERV.T WORM! |
| ? |
BIOVCIP |
BIOVCIP.exe |
?? |
| N |
BitComet |
BitComet.exe |
BitComet P2P client
- can be launched from Start -> Programs |
| X |
BitDefender Antivirus |
BITDEFENDERX.EXE |
Added by a variant of the SPYBOT WORM! |
| Y |
BitDefender Communicator |
xcommsvr.exe |
BitDefender antivirus |
| U |
BitDefender for MSN Messenger |
msnmon.exe |
Bitdefender anti-virus for
MSN Messenger - no longer supported at the BitDefender website |
| U |
BitDefender for Yahoo! Messenger |
yahmon.exe |
Bitdefender anti-virus for
Yahoo! Messenger - no longer supported at the BitDefender website |
| Y |
BitDefender Live! Init |
bdinit.exe |
BitDefender antivirus |
| Y |
BitDefender Scan Server |
bdss.exe |
BitDefender antivirus |
| Y |
BitDefender Virus Shield |
vsserv.exe |
BitDefender antivirus |
| U |
BitDefender_P2P_Startup |
BitDefender_P2P_Startup.exe |
Bitdefender anti-virus for
P2P clients - no longer supported at the BitDefender website |
| Y |
bitdefenderlive |
avxlive.exe |
Main program of
BitDefender virus scanner/firewall |
| N |
BitWare Print Monitor |
bwprnmon.exe |
FaxServe network fax
software |
| N |
BJ Printer Status Monitor |
Cjstsr.exe |
Canon BJ printer status monitor |
| N |
BJ Status Monitor 5xx |
CJSTRxx.EXE |
Canon printer status monitor -
where "xx" is different depending upon the version. Not required as
you can check the printer status via My Computer -> Printers |
| N |
bjcfd |
cdf.exe |
BroadJump Client Foundation.
Broadband troubleshooting software installed by various companies. Not
required and you can remove it via Add/Remove programs |
| N |
BlackICE PC Protection |
blackice.exe |
Loads the user interface for the
BlackICE PC Protection (was Defender) firewall program. From the parent site
- '(the user interface) starts in the "Startup" menu and adds
itself to the taskbar. The user interface is independent from the rest of the
system and only displays the output or reconfigures the system. It does not
need to be running for the rest of the system to run.' See also LoadBlackD |
| N |
BlackIce Utility |
blackice.exe |
Loads the user interface for the
BlackICE PC Protection (was Defender) firewall program. From the parent site
- '(the user interface) starts in the "Startup" menu and adds
itself to the taskbar. The user interface is independent from the rest of the
system and only displays the output or reconfigures the system. It does not
need to be running for the rest of the system to run.' See also LoadBlackD |
| U |
blads |
blads.exe |
A
Tweak-XP component, blocks advertisement banners in Internet Explorer. Can be
enabled/disabled via Tweak-XP / Internet Tweaks |
| X |
Blah service |
CCAPPS32.EXE |
Added by the RBOT.TV WORM! |
| X |
blah service |
evosys.exe |
Added by a variant of the RBOT WORM! |
| X |
blah service |
FaLeH.exe |
Added by the RBOT-AES WORM! |
| X |
blah service |
internet.exe |
Added by a variant of the RBOT WORM! |
| X |
blah service |
microsoft.exe |
Added by a variant of the RBOT WORM! |
| X |
blah service |
msnmsgrr.exe |
Added by the RBOT.PZ WORM! |
| X |
blah service |
smnp.exe |
Added by the RBOT.IZ WORM! |
| X |
blah service |
tazkmgr.exe |
Added by the RBOT.UA WORM! |
| X |
blah service |
win32.exe |
Added by the RBOT-AXO WORM! |
| X |
blah service |
winsysengine.exe |
Added
by the RBOT-KI WORM! |
| X |
blah service |
winupdate.exe |
Added by the GAOBOT.BIA WORM! |
| X |
blahh service |
msengine.exe |
Added by a variant of the RBOT WORM! |
| X |
blahx service |
msnjompa.exe |
Added by the SDBOT.AML WORM! |
| N |
BlazeChanger |
FBZPaper.exe |
Ember graphic file
viewer, manager, and touch-up system |
| N |
bldbubg |
bldbubg.exe |
Part of Dell Alerts which
provides customers with an update on latest updates for his/her system |
| X |
BLF |
blf.exe |
Added by the DELBOT-M WORM! |
| U |
blinkx |
blinkx.exe |
Blinkx Desktop "Smart Folders" software |
| X |
BLMessagingIntegration |
blengine.exe |
BuddyLinks adware |
| U |
BlockAds |
blads.exe |
A
Tweak-XP component, blocks advertisement banners in Internet Explorer. Can be
enabled/disabled via Tweak-XP / Internet Tweaks |
| X |
BlockChecker |
Block-checker.exe |
BlockChecker adware |
| X |
Blocker System611 Monitoring |
PopUpBlocker611.exe |
Added by the RBOT.BLJ WORM! |
| N |
BlockTracker |
BlockTracker.exe |
If present on a HP machine it
tracks all the processes and logs them to a blocklog.txt file |
| U |
blsloader |
blsloader.exe |
BellSouth ISP Internet Tools |
| X |
blss |
blss.exe |
Added by the BLARUL TROJAN! |
| N |
BLSTAPP |
blstapp.exe |
Puts access to Creative's
BlasterControl in the System Tray |
| N |
Blubster |
Blubster.exe |
Related to Blubster Music
sharing service |
| U |
Blue Frog |
bluefrog.exe |
Blue Frog by
Blue Security Inc. - actively fights spam by posting complaints on the sites
advertised by the spam you receive |
| ? |
BlueLight_uoltray |
exec.exe |
Related to BlueLight
Internet. What does it do and is it required? |
| U |
BlueSoleil |
BLUESO~1.EXE |
BlueSoleil
Bluetooth wireless manager from IVT Corporation |
| U |
BlueSpace NE |
BlueSpaceNE.exe |
"BlueSpace NE is a utility
program used to run the Bluetooth function on VAIO computers that support the
Bluetooth function or on VAIO computers connected to the Bluetooth USB
adapter". Shortcut available via Start -> Programs |
| U |
BlueToothAuthentication Agent |
RunDLL32.exe irprops.cpl,
BluetoothAuthenticationAgent |
Associated
with BlueTooth software, designed to allow bluetooth mobile devices to
authenticate to the computer, when connecting a PDA to your computer -
necessary for the computer and the PDA to communicate. Should you get the
error message, "Rundll irprops.cpl missing entry Bluetooth
authentication agent", click here for more information. In case you no
longer have BlueTooth support installed, and don't need it, simply uncheck
the entry in Msconfig > Startup |
| U |
Blueyonder Instant Support Tool |
matcli.exe |
"matcli.exe is a motive
Assistant Command line interface that gathers information about your system's
identity like your name email address, city, state, etc and gets written to a
log file". Blueyonder Instant Support is required to run with the Help
and Support program. If you uncheck it and and then run Help and Support it
will add another Blueyonder Instant Support in the startup menu. If you
remove Blueyonder Instant Support in add/remove programs some help menus in
help and support will not be available. You decide |
| N |
BMail Installation |
FTP_back.exe |
Part of iMesh - a file sharing system. Reported by Norton
AntiVirus as a trojan. Once deleted does not prevent file sharing working.
Older versions of iMesh re-instate this but the newer versions do not |
| X |
Bman |
BMan1.exe |
Abcsearch.com/DealHelper adware
variant |
| U |
BMMGAG |
Rundll32 PWRMONIT.DLL,
StartPwrMonitor |
Displays a battery gauge icon in
the Taskbar (not the System Tray). Provides shortcuts to IBM's proprietary
power saving settings and to a battery information window |
| U |
BMMLREF |
BMMLREF.EXE |
Battery Manager for IBM ThinkPad
laptops |
| ? |
BMMMONWND |
rundll32.exe [path]
BatInfEx.dll, BMMAutonomicMonitor |
IBM Thinkpad related. What does it do and is it required? |
| U |
BMO MasterCard Wallet |
EWALLET.EXE |
The wallet conveniently stores
billing, shipping and payment information on your PC |
| N |
BMupdate |
BMupdate.exe |
Related to the BookmarkCentral
entry. Typically added after downloading drivers for Visioneer scanners for
example, and you install the driver self-install |
| X |
BMZ |
bmz.exe |
NCase adware |
| X |
Bndt32 |
Bndt32.exe |
Added by the LACON WORM! |
| X |
Bnexe |
[random filename] |
Added by the KITRO.D (or
ARGEN.A) WORM! |
| U |
BO1HelperStartUp |
BO1HEL~1.EXE |
ScreenScenes "Butterfly
Oasis" screensaver. The freeware version comes with GAIN branded ads
(pop-ups and others). ScreenScenes do however offer you the option of doing
away with the ads by purchasing the screensaver for a whopping $30. Please note
that Claria Corporation no longer support GAIN-Supported software - see here |
| U |
BO1HelperStartUp |
Bo1helper.exe |
ScreenScenes "Butterfly
Oasis" screensaver. The freeware version comes with GAIN branded ads
(pop-ups and others). ScreenScenes do however offer you the option of doing
away with the ads by purchasing the screensaver for a whopping $30. Please note
that Claria Corporation no longer support GAIN-Supported software - see here |
| X |
Boarddata |
[path] repcale.exe [path]
palsp.exe |
Added by a variant of the RANDON.AN WORM! |
| X |
boby |
csrs.scr |
Added by the BANCBAN-PC TROJAN! |
| Y |
BOC412 |
BOC412.exe |
Version 4.12 of
NSClean's BOClean anti-trojan software |
| Y |
BOCleanautostart |
Boclean.exe |
NSClean's BOClean
anti-trojan software |
| U |
BOINC Manager |
boincmgr.exe |
BOINC manager -
"controls the use of your computer's disk, network, and processor
resources" |
| U |
Boingo Wireless Utility |
Icon###XXX#X#.exe |
Starts the Boingo Wireless utility, used to detect and login
into Boingo wireless hotspots. The filename may be autogenerated when
installing, two different variations along the lines listed here, where # is
a number and X is a letter. Shortcut available via Start -> Programs |
| X |
boler.exe |
syser.exe |
Added by the RBOT-AYS WORM! |
| U |
bombshel |
BOMB32.EXE |
Part of McAfee Nuts & Bolts.
Protects your Windows system from application failure and crashes - similar
to Norton Crashguard. Your choice - may cause problems |
| X |
Bonzi Buddy |
?? |
Bonzi Buddy adware - see here
for removal instructions |
| X |
boo |
boo.exe |
Adware downloader -
recognized by Kaspersky antivirus as the FAVADD.O TROJAN! |
| X |
BookedSpace |
RunDLL32.EXE [path] bs2.dll,
DllRun |
BookedSpace parasite |
| N |
BookmarkCentral |
BMLauncher.exe |
Bookmark Express -
"offers a more flexible way to manage Web site bookmarks, regardless of
which browser you use" |
| N |
BookMarkSink |
syncit.exe |
Bookmark synchronization utility |
| N |
BookMarkSync |
syncit.exe |
Sync2IT BookMarkSync - "real-time automatic
synchronization service that allows you to access your bookmarks, favorites
and favorite files from any computer or any browser". Only installed
with the users explicit permission and generally only remains running if the
user decides to subscribe to the service. If it is no longer required it
should be uninstalled to prevent a large number of clients 'checking in' to
the server that have no chance of synchronizing |
| N |
BookMarkSync2It |
sync2it.exe |
Sync2IT BookMarkSync - "real-time automatic
synchronization service that allows you to access your bookmarks, favorites
and favorite files from any computer or any browser". Only installed
with the users explicit permission and generally only remains running if the
user decides to subscribe to the service. If it is no longer required it
should be uninstalled to prevent a large number of clients 'checking in' to
the server that have no chance of synchronizing |
| U |
Boost XP Service |
bxservice.exe |
Boost XP from
Systweak - WinXP tweaking utility |
| X |
boot |
boot.exe |
Added by the PUPPET-A TROJAN! Located in the System (9x/Me)
or System32 (NT/2K/XP) folder |
| U |
Boot |
Boot.exe |
Part
of Acer Empowering Technology. "Acer ePower Management is a
straightforward interface that allows users to select from pre-configured
power usage profiles, or to create their own customized profiles".
Located in the "AcerEmpowering TechnologyePower" directory |
| X |
Boot Check |
bootchk.exe |
Added by the DELBOT-AB WORM! |
| X |
Boot Manager |
bootmng.exe |
Added by a variant of the SPYBOT WORM! |
| X |
Boot Manager |
Njgal.exe |
Added by the KILO TROJAN! |
| X |
boot_reg |
[path to file] |
Added by the BANCBAN-CA TROJAN! |
| X |
BootCfg |
Install.log.vbs |
Added by the YPSAN.D WORM! |
| X |
BootCTRL |
bootctrl.exe |
Added by an unidentified WORM or
TROJAN! |
| X |
BootLoader |
BootLoader.exe.vbs |
Added by the WATERWORKS WORM! |
| X |
bootpd.exe |
bootpd.exe |
Added by the AGENT-DT TROJAN! |
| X |
BootsCfg |
Date.POP.vbs |
Added by the KUULLIO WORM! |
| X |
BootsCfg |
wscript.exe [path] All Users.vbe |
Added by the SPILTRON WORM! |
| X |
BootsCfg |
wscript.exe [path] All Users.vbs |
Added by the SPILTRON WORM! |
| X |
BootsCfg |
wscript.exe [path]
Install.log.vbs |
Added by the YPSAN.E WORM! |
| U |
BootStatus |
BOOTST~1.EXE |
Visual Basic program that pops
up a small window on startup telling you how many times the machine has been
booted that day. Once you exit it, it has no more effect on resources |
| U |
BootWarn |
BootWarn.exe |
From here: "Norton AntiVirus Boot Warning. This program
is installed as a startup item when you install Norton AntiVirus, and also
sometimes when you do a LiveUpdate which updates Norton AntiVirus
significantly enough that a reboot is needed to complete the installation. We
believe its purpose to be to warn the end-user that he must reboot his PC
before using Norton AntiVirus in those cases when a reboot did not happen
with the result that Norton AntiVirus did not fully complete its installation
or software updating. Recommendation : Start Norton AntiVirus from
"Start Programs Norton AntiVirus". If Norton AntiVirus comes up
without problems, then fix this entry from the Msconfig Startup tab - it was
left behind by mistake and is no longer needed now that Norton AntiVirus is
fully installed and opens without error messages" |
| N |
Bose Wave/PC Monitor |
wavepcmonitor.exe |
System Tray access for this system (more info on the system
here). Available via Start -> Programs |
| X |
BossIdea |
winlogin.exe |
Added by the LINEAGE-I TROJAN! |
| ? |
Boston |
Boston.exe |
Part of the Boston Acoustics USB
speaker systems. What does it do and is it required? |
| X |
Bot Loader |
svchostt.exe |
Added by the GAOBOT.ALV WORM! |
| X |
Bouncer RunStartup |
bouncer.exe |
Virtual Bouncer - malware from
Spyware Labs. It is distributed by the same bundling and drive-by download
techniques as the parasites it claims to remove, so definitely qualifies as
unsolicited commercial software in itself. It also has an update feature that
can download and execute arbitrary code. Warning - choose "custom"
uninstall as "automatic" may remove other programs - see here |
| X |
Bouncer RunStartup |
LiveUpdate.exe |
Virtual Bouncer - malware from
Spyware Labs. It is distributed by the same bundling and drive-by download
techniques as the parasites it claims to remove, so definitely qualifies as
unsolicited commercial software in itself. It also has an update feature that
can download and execute arbitrary code. Warning - choose "custom"
uninstall as "automatic" may remove other programs - see here |
| X |
boy lovers of bsd |
ilikeboys.exe |
Added by the MYTOB.LY WORM! |
| U |
bpcpost.exe |
bpcpost.exe |
MS TV Viewer Post Setup Program.
Part of MS WebTV for Windows. Used to display TV on your PC via a compatible
video card with in-built tuner (such as ATI All-In-Wonder). If you don't use
it - uninstall it |
| X |
BPCv2 re |
bpc2 re inst.exe |
BroadcastPC adware variant |
| U |
BPK |
bpk.exe |
Blazing Tools
Perfect Keylogger keystroke logger/monitoring program - remove unless you
installed it yourself! |
| N |
BPServer |
G6FTPSrv.exe |
BulletProof
FTP Server |
| U |
BQTray.exe |
BQTray.exe |
System Tray access to
BurnQuick CD burning software. Only required if you use the queueing
facility, hence the U recommendation. Create your own desktop shortcut to
start manually |
| X |
Brasil |
Brasil.exe |
Added by the OPASERV.E WORM! |
| X |
Brasil |
BRASIL.PIF |
Added by the OPASERV.E WORM! |
| X |
BrasilOld |
[worm filename] |
Added by the OPASERV.P WORM! |
| N |
BraveSentry |
BraveSentry.exe |
Spyware
remover - not recommended, see here |
| X |
Brct |
trdb.exe |
Recognized by Kaspersky
antivirus as the PurityScan.y TROJAN! |
| U |
Break_Reminder |
BREAK REMINDER.exe |
Break Reminder -
Remind yourself to take breaks to prevent computer related injuries. See here |
| X |
Breg |
bcre.exe |
BroadcastPC adware variant |
| X |
Breg |
bptre.exe |
BroadcastPC adware variant |
| X |
Breg |
breg.exe |
BroadcastPC adware variant |
| X |
Bridge |
rundll32.exe ...Bridge.dll |
Flingstone.com browser hijacker |
| Y |
Brindys BriTray |
BRITRAY.EXE |
Main process for the following applications: GEDEX, SICARIO,
BRINOTES, BRIRESPA, SICURE, TRASGO, UNDOCS, FRESH & BRIFAME (all of them
from Brindys Software). Performs the following tasks [un]installation, web
software autoupdate, notification windows, interprocess communication, tray
bar icons & menus, alarms (brinotes), and common web launching from the
mentioned applications. Can be stopped safely once run if so desired |
| U |
BrmfRmPA |
BrmfRmPA.exe |
Brother resource manager -
needed for a Brother MFC printer/copiert/scanner and PC to properly
communicate |
| N |
Broadband Wizard |
bbwiz.exe |
Starts Broadband
Wizard so it runs in the System Tray. This application tests and optimizes
your Cable or DSL connection. Available via Start -> Programs |
| U |
Broadcom Wireless Manager UI |
bcmntray.exe |
Related to Broadcom Network
Adapters for additional configuration options for these devices. Should not
be terminated unless suspected to be causing problems |
| N |
Broadcom Wireless Manager UI |
wltray.exe |
System tray access to wireless
LAN card configuration options |
| X |
Bron-Spizaetus |
[path to file] |
Added by the BRONTOK-F WORM! |
| X |
Bron-Spizaetus |
bronstab.exe |
Added by the RONTOKBRO.C WORM! |
| X |
Bron-Spizaetus |
CVT.exe |
Added by the RONTOKBRO WORM! |
| X |
Bron-Spizaetus |
eksplorasi.exe |
Added by the RONTOKBRO.J WORM! |
| X |
Bron-Spizaetus |
ElnorB.exe |
Added by the RONTOKBRO.D WORM! |
| X |
Bron-Spizaetus |
norBtok.exe |
Added by the RONTOKBRO.B WORM! |
| X |
Bron-Spizaetus |
RakyatKelaparan.exe |
Added by the BRONTOK-J or
BRONTOK-L WORMS! |
| X |
Bron-Spizaetus |
sempalong.exe |
Added by the BRONTOK-E WORM! |
| X |
Bron-Spizaetus-5118REPM |
komodo-6321422.exe |
Added by the BRONTOK-R WORM! |
| X |
Bron-Spizaetus-cfgmktoq |
bbm-qotkmgfc.exe |
Added by the BRONTOK-M WORM! |
| X |
Bron-Spizaetus-cfgmmnru |
bbm-urnmmgfc.exe |
Added by the BRONTOK-N WORM! |
| X |
BrowseProxy |
FindService.exe |
Actual Names (AdvSearch) Internet Keywords parasite |
| X |
browser |
browse.exe |
Added by the TACTSLAY.C TROJAN! |
| X |
browser |
deamon.exe |
Added by the TACTSLAY.C TROJAN! |
| X |
browser |
msgaol.exe |
Added by the TACTSLAY.C TROJAN! |
| X |
browser |
msgaol.exe |
Added by the TACTSLAY.C TROJAN! |
| X |
browser |
s_menu.exe |
Added by the TACTSLAY.C TROJAN! |
| X |
browser aid |
browseraid.exe |
BrowserAid/BrowserPal foistware |
| X |
Browser Help Svc |
BHSV.EXE |
Added by the RBOT-AVQ WORM! |
| Y |
Browser Hijack Blaster |
bhblaster.exe |
Browser
Hijack Blaster - protects your system from browser hijackers and spyware that
alters your IE settings. Now replaced by SpywareGuard |
| U |
Browser Launcher |
Commandr.exe |
Logitech internet keyboard
"Commander" software - loads the software for the shortcut keys on
the keyboard. Not required unless you want to use the short cut keys |
| X |
Browser Pal |
adblck.exe |
BrowserAid/BrowserPal foistware |
| U |
Browser Sentinel |
BrowserSentinel.exe |
Browser Sentinel -
notifies you if a program wants to penetrate into Internet explorer, add
itself to the Windows auto-run list or change your home page |
| X |
BrowserUpdateSched |
qwinnsap.exe |
ZenoSearch adware |
| X |
BrowserUpdateSched |
twinorag.exe |
ZenoSearch adware |
| N |
BrowserWebCheck |
loadwc.exe |
Checks to make sure that IE is
still your default browser |
| X |
brwdiag |
[path to worm] |
Added by the STRATIO-BN WORM! |
| N |
BS Player |
bsplayer.exe |
BSplayer - A video player used
to play avi, mpg, wmv and other multimedia files |
| N |
BsCLiP |
BSCLIP.exe |
CD recording utility that comes
with a lot of CDR/CDRW drives and isn't required |
| N |
B'sCLiP |
BSCLIP.exe |
CD recording utility that comes
with a lot of CDR/CDRW drives and isn't required |
| X |
Bsoft lppt01 |
Bsoft.exe |
RapidBlaster variant (in a
"BelmontSoft" folder in Program Files). Recommended you use
RapidBlaster Killer to uninstall - see here |
| N |
bsplayer |
bsplayer.exe |
BSplayer - a video player
used to play avi, mpg, wmv and other multimedia files |
| X |
BSserver |
FileKan.exe |
Added by the VB.CBW WORM! |
| X |
BSVCHOST |
SVCH0ST.EXE |
Added by the VOXOM TROJAN! |
| X |
Bsx3 |
RunDLL32.EXE [path] bs3.dll,
DllRun |
BookedSpace parasite |
| X |
BT |
[path to trojan] |
Added by the LITEBOT-B TROJAN! |
| U |
BT Broadband Help |
matcli.exe |
"matcli.exe is a motive
Assistant Command line interface that gathers information about your system's
identity like your name email address, city, county, etc and gets written to
a log file". BT Broadband Help is required to run with the Help and
Support program. If you uncheck BT Broadband Help and and then run Help and
Support it will add another BT Broadband Help in the startup menu. If you
remove the BT Broadband Help in the add/remove program some help menus in
help and support will not be available. You decide |
| X |
BT00003* |
abcdefg23.exe |
Added
by the VB-VT TROJAN where * = 5,6 or 7! |
| X |
BT00003* |
hiklmnop27.exe |
Added
by the VB-VT TROJAN where * = 2,3 or 4! |
| U |
btbb_wcm_McciTrayApp |
McciTrayApp.exe |
System tray access to Motive's Broadband 2.0 configuration
and repair utility |
| ? |
btinst |
btinst.exe |
Associated with an Anycom
bluetooth wireless card. What does it do and is it
required? |
| U |
BTModemProtection |
BTModemProtection.exe |
BT Privacy Online
modem protection software, see here |
| U |
BTopenworld |
DialBTYahoo.exe |
BT Yahoo! internet connection
manager |
| ? |
BTSETBOOTKEY |
BTSetBootKey.exe |
Related to a USB Bluetooth
adaptor. What does it do and is it required? |
| U |
BtStart |
btstart.exe |
Broadcom
(formerly WIDCOMM) Bluetooth Connectivity Software |
| U |
bttray |
bttray.exe |
System tray icon which shows the
status of a BlueTooth wireless module. Most systems with such a module
installed can enable/disable the module. The system tray icon changes from
blue/white to blue/red when the module is turned off. Allows access to explore
bluetooth places, setup wizard, advanced configuration, quick connect and
shutdown device |
| Y |
BTUSRBDG |
BtUsrBdg.exe |
Used with a Mitsumi
USB Bluetooth adaptor (and maybe others) |
| Y |
BTUSRBDGF |
BtUsrBdg.exe |
Used with a Mitsumi
USB Bluetooth adaptor (and maybe others) |
| X |
BTV |
btv.exe |
BroadcastPC adware variant |
| N |
Buddyizer |
Buddyizer.exe |
Part of the AIMster Peer to Peer
(P2P) file sharing application that runs over the AOL Instant Messenger
network |
| U |
BUFFALO Power Save Utility for
HD |
HDManage.exe |
Power Save
utility for Buffalo backup hard discs |
| U |
bugwatcher service |
bugwatcher.exe |
Bugtoaster is a service that sends reports on system/program
crashes (certain types) back to Bugtoaster. They relay information to program
authors and provide, if available, any known solutions to the crashes. It
doesn't take up any room in memory, just activates in the event of certain
program failures |
| N |
BuildBU |
bldbubg.exe |
Part of Dell Alerts which
provides customers with an update on latest updates for his/her system |
| X |
BuildLab |
services.exe |
Added by the NEVEG.B or NEVEG.C
WORMS! Note - this is not the legitimate services.exe process, which should
not appear in Msconfig/Startup! |
| X |
BuildLab |
winlogon.exe |
Added by the NEVEG.A WORM! Note
- this is not the legitimate winlogon.exe process, which should not appear in
Msconfig/Startup! |
| X |
BuildLabs |
csrss.exe |
Added by the WEBUS TROJAN! Note
- this is not the legitimate csrss.exe process, which should not appear in
Msconfig/Startup! |
| X |
BuildLabs |
lsass.exe |
Added by the WEBUS.B TROJAN!
Note - this is not the legitimate lsass.exe process which is always located
in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is located in the System folder |
| U |
Bulldog Service |
upsd.exe |
Belkin's Bulldog Plus control
software which runs under Windows 95 or later and monitors the UPS
(Uninterrupted Power Supply) via a serial or USB link |
| N |
BulletProof FTP Server |
bpftpserver.exe |
BulletProof
FTP Server |
| Y |
BullGuard |
BullGuard.exe |
Part of BullGuard antivirus |
| Y |
BullGuard |
mgui.exe |
Part of Bullguard antivirus |
| U |
BullGuard Update |
avxlive.exe |
Part of Bullguard antivirus.
Leave enabled unless you manually update virus definitions |
| Y |
BullGuard XComm |
XCOMMSVR.EXE |
Part of Bullguard antivirus |
| Y |
BullGuardInit |
AVXINIT.EXE |
Part of Bullguard antivirus |
| Y |
BullguardoptIn |
bulldownload.exe |
Part of Bullguard antivirus |
| X |
BullsEye |
bargains.exe |
BargainBuddy adware |
| X |
BullsEye Network |
bargains.exe |
BargainBuddy adware |
| ? |
BullsEye Tracker |
BeTrack.exe |
Bullseye - intelligent research
assistant |
| X |
Bunx |
beagle.exe |
Added by the LEBREAT-E WORM! |
| N |
BurnQuick Queue |
BQTray.exe |
System Tray access to
BurnQuick CD burning software. Only required if you use the queueing
facility, hence the U recommendation. Create your own desktop shortcut to
start manually |
| U |
Button Server |
bttnserv.exe |
Found on a Compaq PC, for the
extra buttons on the keyboard for the speaker volume, media player, sleep and
internet buttons. If the buttons aren't used on the keyboard or your's
doesn't have them, then it isn't required |
| N |
ButtonKey |
ButtonKey.exe |
CyberView
TWAIN driver for the Pacific Image range of 35mm film scanners. Enables the
one touch scanning button and places an icon an the System Tray. Use your
scanners software or run it manually by creating a shortcut |
| N |
Buzme |
Bmui.exe |
Buzme by
RingCentral, Inc - internet call waiting. Intercepts telephone calls like an
answering machine and plays the voice message on your PC. Only required when
you're on-line and via dial-up modem |
| U |
BuzMe |
RCUI.exe |
Display Client for the BuzMe Internet Call Waiting Service |
| U |
Buzof.exe |
buzof.exe |
Buzof from Basta
Computing "enables you to automatically answer, close or minimize
virtually any recurring window including messages, prompts, and dialog
boxes" |
| X |
bxproxy |
bxproxy.exe |
Added
by the BXPROXY TROJAN! |
| X |
bxsx5 |
RunDLL32.EXE [path] bsx5.dll,
DllRun |
BookedSpace parasite |
| X |
bxxs5 |
RunDLL32.EXE [path] bxxs5.dll,
dllrun |
BookedSpace parasite |
| X |
Bymer.Scanner |
Msinit.exe |
Added by the BYMER WORM! |
| X |
Bymer.Scanner |
Wininit.exe |
Added by the BYMER WORM! |
| X |
c |
c:archiv~1win.com |
Added by the CUYDOC TROJAN! |
| X |
C:\WINDOWS\IEXPLOR.EXE |
IEXPLOR.EXE |
"Pop Marketing" adware |
| X |
C:\WINDOWS\WinTask.exe |
WinTask.exe |
"Pop Marketing" adware |
| U |
C2K |
CYB2K.EXE |
CYBERsitter 2000 or 2001 -
anti-adult content filter primarily. Required if you want the sites you visit
filtered without having to load the software every time you launch your
browser |
| U |
c32cs2 |
c32cs2.exe |
Cyber Sentinel - internet filtering software |
| X |
C7 |
[path to worm] |
Added by the MEDIAKILL.A WORM! |
| U |
CA-AMAgent |
amagent.exe |
Unicenter
Asset Management is a solution for proactively managing IT assets in a
business environment. It provides full-featured asset tracking capabilities
through automated discovery, hardware inventory, network inventory, software
inventory, configuration management, software usage monitoring, license
management and extensive cross-platform reporting |
| Y |
CaAvTray |
CAVTray.exe |
eTrust™ EZ Antivirus system tray application from Computer
Associates |
| X |
Cabchk |
Cabchk.exe |
Added by the GEMA TROJAN! |
| X |
Cabchk32 |
Cabchk32.exe |
Added by the GEMA TROJAN! |
| X |
CABCInstall |
CABCInstall.exe |
Ignite Technologies (was
CABC) content delivery software |
| U |
CacheBoost |
trayicon.exe |
CacheBoost
"optimizes the System Cache-Management of Windows XP/2000/NT and Windows
.Net Servers, resulting in a performance boost" |
| X |
CacheLoader |
[path to trojan] |
Added by the DLOADER-NZ TROJAN! |
| N |
Cacheman |
Cacheman.exe |
Freeware disk cache tweaker from Outer
Technologies. Should only be run once and not loaded at start-up |
| Y |
CacheMgr |
CacheMgr.exe |
Sophos Antivirus Remote Update |
| U |
CacheSentry Pro |
CacheSentry Pro.exe |
"CacheSentry Pro is a program that takes over the
management of the Internet Explorer (and AOL) web browser cache" |
| U |
CacheSentry Pro |
CacheSentry Pro.exe |
"CacheSentry Pro is a program that takes over the
management of the Internet Explorer (and AOL) web browser cache" |
| N |
CACStarter |
cacstart.exe |
Cash A Check - check writing
software |
| U |
Caddais BackupOnDemand |
BODMon.exe |
Caddais
BackupOnDemand - "runs in the background and monitors your important
files for changes. Within seconds of changing, modified files are
automatically backed up to an archive location" |
| U |
Cadenza |
CdzSvc.exe |
Cadenza mNotes for Palm and Pocket PC enables users to access
Lotus Notes on their mobile devices |
| U |
CADS |
cads.exe |
Cyber Sentinel - internet filtering software |
| U |
CafeStation |
CafeStation.exe |
"CafeSuite is the solution for your internet cafe. Our
software provides you with ameans to control the workstations, manage
customer database, sell products and generate detailed reports and
statistics" |
| N |
CAgent |
CAgent.exe |
Abbyy Fine Reader OCR
(Optical Character Recognition) software for scanning and converting
documents |
| X |
cAgOu |
[filename].hta |
Added by the KAKWORM WORM! |
| N |
CahootWebcard |
CahootWebcard.exe |
"The Cahoot Webcard is a
virtual card that allows you to use your Cahoot credit card online without
ever having to expose your real card numbers over the web. It works by
generating one-off transaction numbers as a substitute for your real cahoot
credit card details". Run manually when needed |
| X |
caidiysetup |
diynetsetupuni.exe |
DIYNet
adware |
| Y |
CAISafe |
isafe.exe |
Part
of Computer Associates eTrust EZ Antivirus |
| U |
CaISSDT |
caissdt.exe |
Computer Associates Dashboard Tray applet |
| N |
Cal Reminder Shortcut |
calrem.exe |
Produces a pop-up reminder of
events scheduled using the MS Office Calendar |
| X |
Calc Microsoft Windows |
wincalc.exe |
Added by an unidentied WORM or
TROJAN! |
| X |
CALC32 |
CALC32.EXE |
Added by the SPYBOT-EC WORM! |
| N |
Calendar 200X Reminder |
calendar.exe |
Calendar 200X -
shows holidays, reminders of various anniversaries,tasks etc |
| U |
Calendarscope |
cs.exe |
Calendarscope calendar
software |
| X |
calk |
calk.exe |
Added by the STARTPA-FH TROJAN! |
| X |
Call32 |
Call32.exe |
Added by the SPAMMIT-H TROJAN! |
| Y |
CallBumping |
cbpopw.exe |
Related
to the Gazel 128 PCI ISDN adapter. Required if you use it |
| U |
CallCenter Main Application |
V3calmcp.exe |
"V3 Inc.
CallCenter is a free 32-bit, integrated fax, voicemail and data
communications application with a simple to use interface providing fax send
and receive functionality, basic (single mailbox) answering machine
capability, and sophistcated data communications." Main application |
| U |
CallCenter Printer Interface |
V3faxecp.exe |
"V3 Inc.
CallCenter is a free 32-bit, integrated fax, voicemail and data
communications application with a simple to use interface providing fax send
and receive functionality, basic (single mailbox) answering machine
capability, and sophistcated data communications." Fax printer |
| N |
CallControl |
ftctrl32.exe |
FaxTalk Messenger Pro is a
Windows TAPI based 32-bit application. When installed, the software
automatically loads FaxTalk CallControl when you start Windows. When FaxTalk
CallControl is running, any TAPI compliant application can request to use the
modem from Windows |
| N |
CamCheck |
CamCheck.exe |
NuCam camera
software related |
| U |
Cameno |
Cameno.exe |
Cameno is a program
which brings tabbed windows to MSN Messenger 6.0 and above |
| U |
Camera Detector |
CAMDET~*.EXE |
ACDSee Auto Device Detector detects when a device is
connected to your PC and gives you the option to acquire images from it
automatically |
| U |
Camera Detector |
Camdetect.exe |
ACDSee Auto Device Detector detects when a device is
connected to your PC and gives you the option to acquire images from it
automatically |
| U |
Camera Detector |
DEVDET~*.EXE |
ACDSee Auto Device Detector detects when a device is
connected to your PC and gives you the option to acquire images from it
automatically |
| N |
Camio Viewer x |
IXApplet.exe |
Image viewing program that comes
with digital cameras. Shows pictures that are in the camera before
downloading them. "x" in the name is the version |
| ? |
CamMonitor |
hpqcmon.exe |
From HP and related to digital
imaging |
| N |
Canada |
Canada.exe |
Known to be a dialler - but is
it maliscous or clean? |
| U |
Canary |
canary-std.exe |
Canary keystroke
logger/monitoring program - remove unless you installed it yourself! |
| X |
candy |
command32.exe |
Added
by the RBOT-LV WORM! |
| X |
candynet |
Taskmsg.exe |
Added
by the RBOT-NA WORM! |
| U |
Canon MultiPASS Status Monitor |
monitr32.exe |
Cannon Multi-Pass status monitor
- your choice |
| ? |
Canon PC1200 iC D600 iR1200G
Status Window |
CAPM1LAK.EXE |
Cannon printer related - is it required in startup? |
| N |
Canon Printer Monitor BJCxxx |
Cjstlst.exe |
Trayicon for Canon printer. xxx
denotes model. Available via Start -> Programs |
| ? |
CAP3ON |
CAP3ONN.EXE |
Canon driver, purpose unknown. Is it required in startup? |
| N |
Capfax |
capfax.exe |
PhoneTools
fax software |
| U |
CAPing |
CAPing.exe |
Citibank Citianywhere software |
| Y |
Capon |
Capon.exe |
Canon printer driver |
| Y |
Capon |
Caponn.exe |
Canon printer driver |
| X |
CaptionMgr32 |
crssr.exe |
Added by the ZAR.A WORM! |
| X |
capture |
capture.exe |
Added by the THEEF-B TROJAN! |
| N |
Capture Express 2000 |
capexp.exe |
Capture Express -
screen capture utility |
| N |
Card Monitor |
REGCNT09.exe |
For the USB connection on a
Panasonic PV-DV701 Digital Camcorder. Available via Start -> Programs |
| X |
Care20 |
Care20.exe |
TopMoxie adware |
| U |
Care2GTU |
Care2GTU.exe |
Care2 Green Thumbs-Up (from the
Care2 site). Every online purchase helps environmental causes; tells you how
eco-friendly a company really is, thanks to over 200 company profiles from
Coop America. Saves 1 square foot of rainforest every day you use it. If it
works and you like it, keep it |
| U |
carpserv |
carpserv.exe |
Associated with Zoltrix and Conexant modems - enables the
internal modem speaker, allowing you to listen to the dial-up sounds for
example |
| X |
CARPserver |
CARPserver.exe |
Added by the BANKER-AN TROJAN! |
| U |
CARPservice |
carpserv.exe |
Associated with Zoltrix and Conexant modems - enables the
internal modem speaker, allowing you to listen to the dial-up sounds for
example |
| X |
cartao |
[path to file] |
Added by the DLOADER-QD TROJAN! |
| X |
cartao |
conflicted.exe |
Added by the DADOBRA-DV TROJAN! |
| X |
cartao |
killing.exe |
Added by the DLOADER-QN TROJAN! |
| X |
CAS Client |
casclient.exe |
CasinoClient adware |
| X |
Cas2Stub |
cas2stub.exe |
CasinoClient adware |
| U |
CasAgnt |
CasAgnt.exe |
Program by Extended Systems
which allows you to sync your Casio PDA with your PC |
| X |
Casdvqwa |
bmqnzkg.exe |
Added by the RANDEX.BE WORM! |
| X |
caseyvideo |
CaseyVideo.exe |
Malware causing p0rn popups |
| X |
caseyvideo |
caseyvideo[*].exe [* = digit] |
Malware causing p0rn popups |
| X |
CashBack |
cashback.exe |
Part of eXact Advertising
Software, consisting of "CashBack by BargainBuddy", BullsEye
Network and NaviSearch |
| X |
CashFiesta |
Cashfiesta.exe |
CASHFIESTA.A pay-per-surf adware |
| N |
Cashsurfers Cashbar Navigator |
Cashbar.Exe |
Cashsurfers CashBar Navigator -
"The CashBar rotates banner advertisements once per minute and provides
you with access to up to date special offers and deals" |
| X |
CashToolbar |
CD_Load.exe |
CashToolbar
Downloader-MY adware |
| X |
CashToolbar |
svchost.exe |
CashToolbar Downloader-MY
adware. Note - this is not the legitimate svchost.exe process which should
NOT appear in Msconfig/Startup! |
| X |
Casino Royale |
jamesbond.exe |
Added by the RBOT-FZO WORM! |
| X |
Cassandra |
[10 to 14 random char]THD.EXE |
Added by the KREPPER-AI TROJAN! |
| X |
Cassandra |
cassandra.exe |
SuperSpider hijacker - a
CoolWebSearch parasite variant. Also detected as a variant of the KREPPER
TROJAN! |
| X |
CasStub |
casstub.exe |
Added
by the CASS-A TROJAN! |
| X |
Catalyst Control Centre |
atixvdm.exe |
Added by the RBOT.DMW TROJAN! |
| Y |
CAVRID |
CAVRID.exe |
eTrust™ EZ Antivirus Real Time Infection Report from Computer
Associates |
| Y |
CAVS |
CAVS.exe |
Cheyenne (now eTrust) antivirus |
| X |
CAZNOVAS |
CAZNOVAS.exe |
Added by the CAZNO TROJAN! |
| X |
CBACK.EXE |
CBACK.EXE |
Added by the PENTA-A TROJAN! |
| U |
CBWAttn |
CBWAttn.exe |
Required for
Bitware to answer incoming faxes, can cause sleep mode problems |
| U |
CBWHost |
CBWHost.exe |
Required for
Bitware to answer incoming faxes, can cause sleep mode problems |
| ? |
CBWUser |
CBWDial.exe |
Associated with
Bitware that integrates fax, voice, pager, and data communications on your
desktop |
| X |
CC2KUI |
comet.exe |
Comet Cursor adware |
| X |
Ccao |
regedit.exe |
Probably a variant of
MediaTickets adware. Note - this is not the valid Windows registry editor
which resides in Windows or Winnt and will not figure in Msconfig/Startup!
This version resides in a "mduu" subfolder, which may change |
| X |
ccApp |
.EXE |
Added
by the RBOT-LJ WORM! |
| X |
ccApp |
[random filename] |
Added by the OBSORB TROJAN! Note the random filename compared
to the valid Norton AntiVirus |
| Y |
ccApp |
ccApp.exe |
Part of Norton
AntiVirus. Auto-protect and E-mail check will not function without this |
| X |
ccApp |
gcasServ.exe |
Added by a variant of the RBOT WORM! Do not confuse with the
Microsoft AntiSpyware executable of the same name |
| X |
ccApp |
WMADZ.EXE |
Added
by the RBOT-LJ WORM! |
| X |
ccAppr |
expIorer.exe |
Added by the TACTSLAY.A TROJAN! |
| X |
ccAppr |
outIook.exe |
Added by the TACTSLAY.A TROJAN! |
| X |
ccAppr |
svcrhost.exe |
Added by the TACTSLAY.A TROJAN! |
| X |
ccAppr |
svcshost.exe |
Added by the TACTSLAY.A TROJAN! |
| X |
ccApps |
ccApps.exe |
Added by the KANGAROO-B WORM! |
| X |
ccApps |
N/A |
Added by the KANGAROO-A TROJAN! |
| X |
ccApps |
services.exe |
Added by the NEVEG.B or NEVEG.C
WORMS! Note - this is not the legitimate services.exe process, which should
not appear in Msconfig/Startup! |
| X |
ccApps |
winlogon.exe |
Added by the NEVEG.A WORM! Note
- this is not the legitimate winlogon.exe process, which should not appear in
Msconfig/Startup! |
| U |
CCD Manager |
DDS.EXE |
Project Labs Century CD
manager for their CD/DVD storage device |
| N |
Ccdecode |
rundll32.exe streamci,
StreamingDeviceSetup |
Part of the closed caption
decdoder/MS VBI codec. Should only run once |
| Y |
CCDoctorLogonTesting |
ccdoctor.exe |
Checks your system to make sure it's configured properly for
running IBM Rational ClearCase, a source code management tool. ClearCase is
fairly sophisticated so there are a lot of system-related things that can
cause it grief. If you run ClearCase you should not disable this as it
provides a valuable service, but technically it isn't required to use the
ClearCase product |
| Y |
ccenter |
CCenter.exe |
RAV AntiVirus |
| Y |
CcEvtMgr |
ccEvtMgr.exe |
Part of Norton
AntiVirus 2003. Event manager for scheduling weekly scans and or automatic
virus updates. Used to start automatically via "ccApp" and was not
required as a seperate entry but a recent update changed this |
| X |
ccEvtMrg.exe |
ccEvtMrg.exe |
Added by the RBOT.GZ WORM! |
| X |
ccExecute |
bootcfg1.exe |
Added
by the NEMSI-B VIRUS! |
| X |
ccHelp |
ccHelp.hta |
"Searchq"
adware |
| U |
ccleaner |
ccleaner.exe |
CCleaner - removes unused
files from your system |
| X |
ccpApps |
csrss.exe |
Added by the WEBUS TROJAN! Note
- this is not the legitimate csrss.exe process, which should not appear in
Msconfig/Startup! |
| X |
ccpApps |
lsass.exe |
Added by the WEBUS.B TROJAN!
Note - this is not the legitimate lsass.exe process which is always located
in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is located in the System folder |
| U |
ccProxy |
CCPROXY.EXE |
Part of Norton Internet
Security, proxy server that is used to support the parental controls. If you
turn parental controls off at user level the process is not loaded. Reported
to cause excessive CPU usage |
| X |
ccPrxy.exe |
ccPrxy.exe |
Added by the SHIPUP-H WORM! |
| Y |
CcPxySvc |
CCPXYSVC.exe |
Part of Norton's AntiVirus 2003,
Internet Security and Firewall products. E-mail proxy service - required for
E-mail scanning and the firewall |
| X |
ccreg |
explorer.exe |
Added by the ZCREW TROJAN! Note - the legitimate Windows
Explorer (explorer.exe) is located in the Windows or Winnt folder and would
not normally appear in Msconfig/Startup unless you added it manually! This
one is located in the System subfolder |
| Y |
CcRegVfy |
ccRegVfy.exe |
Part of Norton
AntiVirus 2003. "ccRegVfy.exe is responsible for checking the integrity
of the NAV registry entries to make sure that the information has not been
changed by a malicious threat or a hack" |
| X |
ccRegVfY |
expIorer.exe |
Added by the TACTSLAY.A TROJAN! |
| X |
ccRegVfY |
outIook.exe |
Added by the TACTSLAY.A TROJAN! |
| X |
ccRegVfY |
svcrhost.exe |
Added by the TACTSLAY.A TROJAN! |
| X |
ccRegVfY |
svcshost.exe |
Added by the TACTSLAY.A TROJAN! |
| Y |
ccSetMgr |
ccSetMgr.exe |
Part of Norton AntiVirus 2004. What does it do? |
| X |
ccsvit.exe |
ccsvit.exe |
Added by the STARTPA-HP TROJAN! |
| U |
cctray |
cctray.exe |
Part
of CA Internet Security Suite |
| X |
ccUpdate |
ccUpdate.exe |
Added by the AGOBOT.YS WORM! |
| U |
ccWasher |
aolwasher.exe |
Webroot Cache & Cookie
Washer - cleaning browser tracks, including cache, cookies, history, mail
trash, drop-down address bar, auto-complete forms and downloaded program
files for IE, Netscape and AOL |
| U |
CCWC7a |
ac.exe |
Moleculesoft Cache,
Cookie & Windows Cleaner. No longer supported but available for free |
| U |
CCWC7I |
idxl.exe |
Moleculesoft Cache,
Cookie & Windows Cleaner. No longer supported but available for free |
| U |
CCWC7s |
stealth.exe |
Moleculesoft Cache,
Cookie & Windows Cleaner. No longer supported but available for free |
| N |
CD Storage Master |
cdstorager.exe |
CD Storage Master - a program
designed to catalog CD information, boasts a number of handy features for
organizing your collection |
| X |
cd1 |
cd1.exe |
Premium rate adult content
dialler |
| N |
CDANTSRV |
CDANTSRV.exe |
C-Dilla License Management
software. Used for any program that uses C-dilla Protection, example: 3D
Studio Max 4.x. It loads as a service automatically but is not needed unless
you run said program. Can be started and stopped manually |
| X |
Cdcompat |
Cdcompat.exe |
Added by the GEMA TROJAN! |
| X |
cddrv32 |
cddrv32.exe |
Added by a variant of the CRYPTER.C TROJAN! |
| N |
CDInterceptor |
cdi.exe |
CD indexer for measuring the
speed of CD players |
| X |
CdnCtr |
cdnup.exe |
CNNIC Update pest |
| X |
CDriver |
windrv.exe |
Added by the DELF.WG TROJAN! |
| X |
Cdrom Controller |
cdromcntrl.exe |
Added by the BATTRY-A TROJAN! |
| X |
cds |
cds.exe |
Added by the SPYMON TROJAN! |
| N |
CDTray |
CDTray.exe |
On HP PCs, this is the small CD
icon next to the time |
| U |
CeEKEY |
CeEKey.exe |
Hot Key utility included on
Toshiba Satellite laptops |
| U |
CeEPOWER |
cepmtray.exe |
Toshiba's Power Management
Utility - allows the user to setup different profiles for both AC power and
Battery Power on laptops. Contols CPU speed, Monitor Shut Off, Hard Drive
Shut-Off, Monitor Brightness, System Stand-by and System Hibernate times |
| ? |
Ceic |
Ceic.exe |
?? |
| X |
Cekirge |
[path to worm] |
Added by the KERGEZ.A WORM! |
| X |
center |
[random name]32.exe |
Added by the BOFRA.A WORM! |
| X |
CentralProcessor |
taskimgr.exe |
Added by the BANCOS.J TROJAN! |
| ? |
CEPA |
wsot.exe |
?? |
| U |
CertificateRegistration |
SafeSignCertReg.exe |
SafeSign Certificate
Registration Utility for Microsoft Crypto applications |
| U |
CertReg |
certreg.exe |
Related to Gemplus Card Reader |
| Y |
CertStoreInit |
CertStoreInit |
Aladdin eToken
authentication and password management |
| N |
CesarFTP FTP Server |
server.exe |
CesarFTPd - FTP server |
| X |
cesmain.dll |
cmail.dll, Rundll32 |
CnsMin (Chinese Keywords) hijacker related |
| X |
CEventMgr |
Cell.exe |
Added by the BIFROSE-AK TROJAN! |
| N |
CFD |
CFD.exe |
BroadJump Client Foundation.
Broadband troubleshooting software installed by various companies. Not
required and you can remove it via Add/Remove programs |
| X |
CFDStart |
WinMuschi.exe |
WINMUSCHI dialler |
| X |
cfgboost |
cfgboot.exe |
Added by an unidentified WORM or
TROJAN! |
| Y |
cfgintpr |
cfgintpr.exe |
Configuration
Interpreter - part of Tiny Personal Firewall V4 |
| X |
cfgmgr51 |
RunDLL32.EXE [path]
cfgmgr51.dll, DllRun |
BookedSpace parasite |
| X |
cfgmgr52 |
RunDLL32.EXE [path]
cfgmgr52.dll, DllRun |
BookedSpace parasite |
| N |
cfgwiz |
cfgwiz.exe |
Introduced with Norton
Anti-Virus 2002, this is a real resource hog. Many NAV users will find they
can live without loading it |
| ? |
cFosDNT |
cFosDNT.exe |
cFos DSL Modem driver
related. What does it do and is it required? |
| ? |
cFosInst_Check |
cfosinst.exe |
cFos DSL Modem driver
related. What does it do and is it required? |
| U |
cFosSpeed |
cFosSpeed.exe |
cFos Software Internet
acceleration program related. Note - may be necessary for the software to
work properly |
| U |
CFSServ.exe |
CFSServ.exe |
Belongs to Toshiba's configfree
utility and searches for Wireless Devices |
| X |
cftmon32 |
taskmgr*.exe [* = number] |
Added by the SOWSAT.C and
SOWSAT.J WORMS! |
| X |
cfy |
cfy.exe |
Surfenhance.com SearchForIt adware variant |
| X |
CGI Firewall Script |
CGIAGENT.EXE |
Added by the BROPIA-U WORM! |
| U |
CGServer |
cgserver.exe |
Associated
with an Eicon Networks ISDN or ADSL modem. Call Guard Server (CGserver)
watches your modem and blocks incoming or outgoing calls. You need cgard.exe
(from Startmenu) to configure cgserver with rules and telephone numbers. Good
against unwanted dialer programs |
| X |
Cgtask Services |
cgtask.exe |
Added by the LALA.B TROJAN! |
| X |
Cgywin |
cgywin32.exe |
Added by the RBOT-AEI WORM! |
| U |
ChamClock |
ChamClock.exe |
Chameleon Clock -
system tray clock replacement |
| U |
ChangeICON |
SPMSMON.EXE |
Card reader related program.
Note - may cause problems with My Computer loading at startup. Disabling
through MsConfig seems to solve the problem |
| ? |
ChangeLines |
chngline.exe |
?? |
| X |
change-me-now |
msgfix1.exe |
Added by the SDBOT.ZD WORM! |
| N |
Chatango |
Chatango.exe |
Chatango - "allows
people to be connected in real time through their Web browsers. Include your
Chatango contact link or button when you create eBay auctions, blogs,
personal websites, Friendster profiles, and your visitors will be able to
contact you instantly, without downloading anything, or registering. Alo use
it to send email to your friends, allowing them to respond to you in real
time!." The 'MessageCatcher' icon in the System Tray notifies you when
you get a message. When you get a message, a little alert pops up, which you
can click on and start chatting immediately |
| N |
Chcenter |
chcenter.exe |
IMSI
HiJaak - "the easiest way to convert, capture, and manage all your
graphic files" |
| X |
Chckup |
Netverchk.exe |
Covert Sys Exec malware variant |
| X |
che32 |
che.ocx.vbs |
Added by the ADENU-B VIRUS! |
| X |
Cheatle |
GigaByte.exe |
Added by the SHODI.B VIRUS! |
| X |
Check |
Check.exe |
Added
by the VB-DRN WORM! |
| N |
Check for One Touch Update |
wiseupdt.exe |
Checks for updates for Visioneer
OneTouch scanners |
| N |
Check for TWS Updates |
WiseUpdt.exe |
Interactive Brokers - check for
update to their standalone Java-based trading platform |
| U |
Check Messenger |
cmesseng.exe |
Check Messenger from Qchex.com -
program that helps you manage the activity of your Qchex account. Qchex
appear to be no longer in buisness |
| N |
CheckCustomWorksUpdate |
CheckCWupdate.exe |
Update checker, part of CustomWorks - "customize any
embroidery designs to design your own unique creations" |
| X |
Checkdisk |
mscas.exe |
Added by the VAGON-A TROJAN! |
| X |
CheckFaultKernel |
mswdm.exe |
Added by the SMALL-CSK TROJAN! |
| U |
CheckIt |
ToolBox.exe |
CheckIt Toolbox from WinCheckIt Diagnostic Software. Toolbox
automatically backs up critical system files (such as .ini files and the
Windows Registry), and performs a check on various system parameters at
intervals you specify |
| U |
CheckIt 86 |
CheckIt86.exe |
CheckIt 86 popup blocker |
| Y |
CheckMsgPlus |
MsgPlusH.dll, VerifyInstallation |
Added
by MSN Messenger Plus, a third party extension to MSN Messenger. This is the
auto-update feature - see here for more info. |
| X |
checkrun |
elite***32.exe [* = random char] |
EliteBar adware |
| X |
checkrun |
elitelsj32.exe |
Added by the MULTIDR-ER TROJAN! |
| X |
CheckScan32 |
regload16.exe |
Added by the AEBOT.K WORM! |
| ? |
checktime |
ct.exe |
Found in the HPSelectFrontend
directory on a HP machine. What is it's purpose and is it required? |
| Y |
CheckVCR |
IOMagic.exe |
Driver for the I/OMagic Personal Video Recorder (DR-PCTV100) |
| U |
CherryKeyMan |
KeyMan.exe |
Multimedia
keyboard manager for the Cherry keyboard series. Only required if you use any
of the special keys |
| X |
china11msn |
CHINA11MSN.EXE |
Added by the ENVID.O WORM! |
| U |
ChineseStar |
cstar.exe |
Chinese language support
software |
| U |
CHIPDRIVEPinManager |
sokscmpn.exe |
ChipDrive
Smartcard software |
| U |
CHIPDRIVESmartcardManager |
SCMgr.exe |
ChipDrive
Smartcard software |
| N |
CHKADMIN |
CHKADMIN.EXE |
Compaq Network Management
System. When running, it places an icon in the system tray titled
"Intelligent Manageability" |
| X |
chkdsk |
autoexec.bat |
Added by the ANPES WORM! |
| X |
Choke |
Choke.exe-blahh |
Added by the CHOKE WORM! |
| X |
chope |
runlli32.exe |
Added by the QQPASS-U TROJAN! |
| X |
chostsv |
chostsv.exe |
Added by the BANPAES.C TROJAN! |
| U |
CHotKey |
mhotkey.exe |
Enables special keys on Chicony
keyboards. Special combinations include Internet, E-mail, vol+, vol-, mute,
etc. Only required for extended features |
| U |
CHotKey |
MK9805.EXE |
Enables special keys on Chicony
keyboards. Special combinations include Internet, E-mail, vol+, vol-, mute,
etc. Only required for extended features |
| U |
CHotKey |
zHotkey.exe |
Enables special keys on Chicony
keyboards. Special combinations include Internet, E-mail, vol , vol-, mute,
etc. Only required for extended features |
| N |
Christmas Music Player |
TTEST6.EXE |
"Christmas
Music Player brings the
music of the Christmas Holiday to your desktop" |
| ? |
ChromeMark |
keysh.exe |
Related to this.
Don't know what keysh.exe does though and if it's required |
| ? |
ChronitelInitTV |
CHTVINIT.EXE |
?? |
| U |
chrono |
chrono.exe |
Chronograph is a
simple utility that synchronizes internal computer clock to the atomic time.
Chronograph automatically maintains correct time using atomic clock servers
of the National Institute of Standards and Technology (NIST)." Shows
seconds and shows the date without having to hover the mouse. Shows a
calendar when hovered over |
| X |
CiaBackdoor |
msldr.com |
Added by a VIRUS! |
| X |
cihost.exe |
cihost.exe |
Added by the LINST TROJAN! |
| N |
CIJxP2PSERVER |
CIJxP2PS.EXE |
Compaq printer utility which is
required in order to make the printer work correctly - "x" depends
upon the model, ie, for IJ300 x=3, for IJ700 x=7 |
| U |
Cisco Systems VPN Client |
ipsecdialer.exe |
Cisco
VPN Client - lets local users gain Administrator privileges on the operating
system |
| N |
Cisco Systems VPN Client |
vpngui.exe |
Sets
up IPSec communications for Cisco's VPN Client |
| N |
CISrvr Program |
CISRVR.EXE |
Related to internet setup on
Compaq PC's |
| X |
Cissi |
Cissi.exe |
Added by the CISSI.A WORM! |
| U |
CitiUCS |
CitiUCS.exe |
Citibank
Virtual Account Numbers - "With this free service for Citi cardmembers,
you never have to give out your real credit card number online" |
| N |
CitiVAN |
CitiVAN.exe |
Option from Citibank
to change a credit card number in a random fashion for each purchase. The
number will only be used once and never again |
| X |
CJET |
CJet.exe |
Added by the Adware.FFToolBar adware toolbar |
| Y |
Cjstcom |
Cjstcom.exe |
Canon printer BJ status language
monitor |
| Y |
ClamWin |
ClamTray.exe |
ClamWin antivirus |
| X |
Classes |
int1.exe |
"Switch" adult content dialler |
| X |
Classes |
intl.exe |
"Switch" adult content dialler |
| X |
Classes |
MSTAR2.EXE |
"Switch" adult content dialler |
| X |
Classes |
mstart.exe |
"Switch" adult content dialler |
| X |
Classes |
run_21.exe |
"Switch" adult content dialler |
| X |
Classes |
srv.exe |
"Switch" adult content dialler |
| X |
Classes |
srv2.exe |
"Switch" adult content dialler |
| X |
clcbt.exe |
clcbt.exe |
Added by the AGENT.CBA TROJAN! |
| U |
CLCLSet |
CLCL.exe |
CLCL clipboard caching utility |
| X |
clean_service |
clean_service.cmd |
Added by the REFAZ WORM! |
| ? |
CleanEasyImg |
cleanall.exe |
?? |
| ? |
CleanRegPath |
CleanReg.exe |
Apparently Annex A ADSL modem
related. What does it do and is it required? |
| U |
CleanSweep Smart Sweep- Internet
Sweep |
Csinsm32.exe |
Automatic logging of installs
from Norton CleanSweep - available via Start -> Programs |
| N |
CleanSweep Useage Watch |
CSUSEM32.EXE |
Quarterdeck/Norton CleanSweep
component - tracks how often you use files and alerts you to files that have
not been used for a specified period of time |
| U |
CleanTemp |
CLEANT~1.EXEB |
CleanTemp
- deletes the contents of the TEMP directory when Windows starts and then
closes - using no memory |
| U |
CleanTemp |
CleanTemp.exe |
CleanTemp
- deletes the contents of the TEMP directory when Windows starts and then
closes - using no memory |
| Y |
CleanUp |
mcappins.exe |
Used by McAfee Virusscan to
perform product updates. When updates are available the program will download
and install them automatically. Recommended to leave enabled |
| N |
Cleanup |
ONICTASK.EXE |
Internet
Cleanup from Allume Systems (used to be by OnTrack) - cleans up tracks left
by browsing the internet |
| ? |
CleanupProgram |
cleanup.exe |
In a C:Sonysys folder - Sony
Vaio related? |
| X |
clfmon |
clfmon.exe |
Added by the TACTSLAY.E TROJAN! |
| X |
clfmon |
nvsvca32.exe |
Added by the TACTSLAY.E TROJAN! |
| X |
clfmon.exe |
clfmon.exe |
Added by the AGENT-BJ TROJAN! |
| N |
Click Radio Tuner |
clickr~1.exe |
ClickRadio -
subscription service playing radio music via the internet |
| N |
Click Tray Calendar |
ClickT~1.EXE |
ClickTray
Calendar - shows holidays, reminders of various anniversaries,tasks etc |
| N |
ClickMe |
ClickMe.exe |
ClickM "JOKE" program |
| U |
Clickoff |
Clickoff.exe |
Clickoff
automatically dismisses annoying dialog boxes |
| X |
ClickTheButton |
csrss.exe |
ClickTheButton Downloader-MY
adware! Note - this is not the legitimate csrss.exe process which should not
normally figure in Msconfig/Startup! |
| X |
ClickTheButton |
CTB.EXE |
ClickTheButton
Downloader-MY adware |
| X |
ClickTheButton |
MSCStat.exe |
ClickTheButton
Downloader-MY adware |
| X |
CLICONFG |
CLICONFG.EXE |
Added by the OPASERV.T WORM! |
| U |
Client Access API Daemon |
cwbappcd.exe |
IBM
iSeries Client Access, see here |
| N |
Client Access Check Version |
cwbckver.exe |
Part
of IBM's iSeries (nee As/400) Client Access - communications suite that
allows desktop, browser and wireless access to iSeries servers. Checks the
software version on your PC to that of the iSeries it is connected
to. Not required - and can be turned off in the Client Access
properties. It's a waste of resources |
| ? |
Client Access Express Welcome |
cwbwlwiz.exe |
Welcome
wizard launcher - Part of IBM's iSeries (nee As/400) Client Access -
communications suite that allows desktop, browser and wireless access to
iSeries servers. What does it do and is it required? |
| N |
Client Access Help Update |
cwbinhlp.exe |
Client
Access Help Registry Update Function - part of IBM's iSeries (nee As/400)
Client Access - communications suite that allows desktop, browser and
wireless access to iSeries servers. It only updates the help files on your PC
to match the level of the attached iSeries |
| N |
Client Access Service |
CwbSvStr.Exe |
Part
of IBM's iSeries (nee As/400) Client Access - communications suite that
allows desktop, browser and wireless access to iSeries servers. Useful if you
are going to access the iSeries through Windows Explorer to move files back
and forth between Windows folders and iSeries folders. This is a tool that is
only used by Client Access administrators (usually) so it is not required - a
waste of resources |
| U |
Client Access Taskbar |
cwbuitsk.exe |
IBM
iSeries Client Access taskbar, see here |
| X |
Client Agent |
[path to file] |
Added by the PPDOOR-J TROJAN! |
| X |
Client Agent |
ipxwping.exe |
Added by the PPDOOR-N TROJAN! |
| X |
Client Agent |
photes.exe |
Added by the PPDOOR-P TROJAN! |
| ? |
Client agent for ARCserve |
W95AGENT.EXE |
Part
of Brightstor ARCserve Backup from Computer Associates. What does it do and
is it required? |
| X |
Client for Microsoft Networks |
msclient32.exe |
Added by the SDBOT-BXQ WORM! |
| X |
Client Server Control Process |
[path to trojan] |
Added by the AGENT-HR TROJAN! |
| X |
Client Server Run Time Proccess |
csrsrv.exe |
Added by a
variant of the SDBOT WORM! |
| X |
Client Server Runtime |
[path to worm] |
Added by the POEBOT-KR WORM! |
| X |
Client Server Runtime Process |
csrs.exe |
Added by the LINKBOT.M WORM! |
| X |
Client Server Runtime Process |
csrsss.exe |
Added by the SDBOT-LD WORM! |
| X |
Client Server Runtime Process |
smmss.exe |
Backdoor TROJAN! Possible SDBOT-GEN variant |
| X |
Client Update |
wup.exe |
Added by a variant of the OPANKI-A WORM! |
| X |
ClientMan1 |
mscman.exe |
ClientMan parasite variant |
| N |
Clik Status Monitor |
toolsclickstat.exe |
Part of Iomega Tools to let you
know whether an Iomega PocketZip (nee Clik) removable drive cartridge is
installed |
| X |
clipboard.exe |
clipboard.exe |
Added by an unidentified WORM or
TROJAN! |
| N |
Clipbook Service |
Clipsrv.exe |
Supports Windows XP ClipBook
Viewer, which allows pages to be seen by remote ClipBooks |
| N |
ClipMate5x |
ClipMt5x.exe |
Clip Mate
5.x by Thornsoft. Utility that allows you to store more than one item in the
clipboard. Available via Start -> Programs |
| N |
Clipmate6 |
CLIPMT60.EXE |
Clip Mate 6 by
Thornsoft. Utility that allows you to store more than one item in the
clipboard. Available via Start -> Programs |
| N |
ClipMate7 |
ClipMate.exe |
Clip Mate 7 by Thornsoft -
utility that allows you to store more than one item in the clipboard |
| N |
Clipomatic |
Clipomatic.exe |
Mike Lin's
Clipomatic is a clipboard cache program - it remembers what was copied to the
clipboard even after new data is copied, and allows you to retrieve the old
data |
| X |
ClipSrv |
CLIPBRD3D.EXE |
Added
by the MOFEI-D WORM! |
| X |
ClipSrv |
clipserv.exe |
Added by the SDBOT-AAV and
SDBOT-AFE WORMS! |
| N |
Clipsrv |
Clipsrv.exe |
Supports Windows XP ClipBook
Viewer, which allows pages to be seen by remote ClipBooks |
| N |
ClipTrak |
ClipTrak.exe |
ClipTrak
- clipboard extender |
| N |
ClipTrakker |
ClipTrakker.exe |
Cliptrakker - clipboard
extender |
| N |
CLISTART |
CLIStart.exe |
Puts the ATI Catalyst™ Control
Center Icon/Shortcut on the System Tray - available via Start -> Programs |
| U |
CLMFrontPanel |
clmpanel.exe |
System tray
status/display/configuration utility for a number of modems. Can be disabled
by right-clicking on the tray icon. If disabled, connection status is lost |
| ? |
clnwall |
rundll.exe setupx.dll,
InstallHinfSection ..delwall.inf |
?? |
| X |
clock |
[various filenames] |
LiveChat Adware - known file names include: mssetup.exe,
kstatus.exe, spoolsv.exe, sptsupd.exe, osk.exe, msswchx.exe, netdde.exe,
msbkup.exe |
| X |
Clock Manager |
amsngr.exe |
Added by the SDBOT-XM TROJAN! |
| X |
ClockSync |
Sync.exe |
ClockSync - synchronizes
your system clock with an internet time server. It's by WhenU, the makers of
the Save Now spyware, and they're usually seen in tandem, so it's advised to
replace it with one of may spyware free alternatives available |
| U |
ClockWise |
CLOCKWISE.EXE |
ClockWise -
produced by R J Software - a time utility. It is a schedueler not only for
dates, but you can choose it to run programs at any time. It also updates the
time by connecting to an atomic clock server. This is a spyware-free
alternative to ClockSync |
| U |
ClocX |
ClocX.exe |
ClocX - places a clock on the desktop that can be moved and
then changed into a calendar plus you can set alarms etc… |
| U |
CloneCD |
CloneCDTray.exe |
System
tray for the now discontinued CloneCD. The only useful option is "Hide
CDR Media" only available via this tray. Has additional unknown
functions in later versions |
| U |
CloneCDElbyCDFL |
ElbyCheck.exe |
From Elaborate Bytes who make CloneCD - monitors the
installed filters of CD-ROMs/DVD-ROMs. Note - under Win2K removing this from
startup causes the CD drive in the computer to not be recognized in the OS
and after rechecking it prompts that the driver has been corrupted and asks
you to restart the computer to fix it |
| U |
CloneCDTray |
CloneCDTray.exe |
System
tray for the now discontinued CloneCD. The only useful option is "Hide
CDR Media" only available via this tray. Has additional unknown
functions in later versions |
| ? |
Clotusorgreg0 |
prtStart.exe Orgprt.exe |
IBM Lotus SmartSuite related. In a LotusOrgReg folder.
Unclear what exactly it does? |
| X |
Clre |
mmdc.exe |
Added by the PURSCAN-AI TROJAN! |
| X |
ClrSchLoader |
[path to file] |
ClearSearch adware |
| X |
CLSID |
com.exe |
Adult content dialler |
| X |
CLSID |
dll.exe |
Adult content dialler |
| X |
CLSID |
msgplus.exe |
Adult content dialler |
| X |
CLSID |
msgplus.exe |
Premium rate adult content
dialer. Note - this is NOT the MSN Messenger 'MessengerPlus' extension |
| X |
CLSID |
plugin.exe |
Adult content dialler |
| X |
CLSID |
sed.exe |
Adult content dialler |
| X |
CLSRSS |
LSACS.EXE |
Added by the SILLYFDC-X WORM! |
| U |
cma |
cma.exe |
DeskSite CMA siftware -
"retrieves new content from the DeskSite Data Center" |
| X |
CMAPP |
cmappclient.exe |
CasClient adware - also detected as the CMAPP TROJAN! |
| N |
Cmaudio |
Rundll32 cmicnfg.cpl, CMICtrlWnd |
System tray control panel for
C-Media based soundcards - often included on popular motherboards with
in-built audio. Available via Start -> Settings -> Control Panel |
| X |
Cmd |
cmd32.exe |
Added by the TANKED WORM! |
| X |
cmd32 |
configs.exe |
Hijacker,
also detected as the QURL-2 TROJAN! |
| X |
cmdbcs |
cmdbcs.exe |
Added by the LINEAG-GKW TROJAN! |
| X |
cmdcon |
cmdcon.exe |
Added by the CRYPTER.A TROJAN! |
| X |
CME |
cme.exe |
Part of Gator advertising
spyware - see here for removal instructions. Please note that Claria
Corporation no longer support GAIN-Supported software - see here |
| U |
C-Media Echo Control |
EchoCtrl.exe |
C-Media produce audio chipsets
that are often found on popular motherboards with on-board audio. You may
need it if you use the echo control feature of C-Media Mixer |
| N |
C-Media Mixer |
Mixer.exe |
C-Media produce audio chipsets
that are often found on popular motherboards with on-board audio. Provides
System Tray access to change audio settings. Available via Start ->
Settings -> Control Panel or Start -> Programs |
| X |
CmeSYS |
CMEsys.exe |
Part of Gator advertising
spyware - see here for removal instructions. Please note that Claria
Corporation no longer support GAIN-Supported software - see here |
| X |
CmeUPD |
CMEupd.exe |
Part of Gator advertising
spyware - see here for removal instructions. Please note that Claria
Corporation no longer support GAIN-Supported software - see here |
| X |
CMFibula |
CMFibula.exe |
CASClient adware |
| N |
CmFlywaveName |
CmFlywav.exe |
Driver for Linksys Wireless-G Music Bridge |
| ? |
CMGrdian |
CMGrdian.exe |
One of the McAfee shared
components. What does it do and is it required? |
| X |
CMMan |
CMMan.exe |
Added by the CMAPP TROJAN! |
| X |
Cmmon32Sys |
cmmon32.exe |
Added by the SMALL.CL TROJAN! |
| N |
cmonitor |
startupmon.exe |
"SystemDoctor is a security risk that may give
exaggerated reports of threats on the computer. The program then prompts the
user to purchase a registered version of the software in order to remove the
reported threats" |
| U |
CmPCIaudio |
RunDll32 CMICNFG3.CPL,
CMICtrlWnd |
Registers the Control Panel
applet for a C-Media PCI sound card |
| U |
CMPDPSRV |
CMPDPSRV.EXE |
Printer Driver Plus from
ViewAhead Technology (formerly DeviceGuys, Inc.). "Printer Driver Plus
seamlessly integrates all the necessary components of a printer driver, plus
more". Installed with some Compaq and Lexmark printers |
| X |
Cmpnt |
Devices2.exe |
Added by the TOMPAI-D TROJAN! |
| X |
Cmpnt |
mainsv.exe |
Added by the TOMPAI-C TROJAN! |
| X |
cmrss |
[path to trojan] |
Added by the DLOADER-QQ TROJAN! |
| X |
cmrss |
cmrss.exe |
Added by the DELF.DU TROJAN! |
| X |
cmrss |
crmss.exe |
Added by the DLOADER-EK TROJAN! |
| X |
cmrst |
cmrst.exe |
Added by the BANCOS.S TROJAN! |
| X |
cmrst |
cmrst.scr |
Added by the DLOADER-FP TROJAN! |
| X |
cms |
iserver.exe |
Added by the DLOADER-WK TROJAN! |
| U |
CMSETTINGS |
ctmn.exe |
Part
of NetNanny Chat Monitor |
| ? |
CM-SmWizard |
SmWizard.exe |
SmartWizard MFC Application -
associated with C-Media who produce audio chipsets commonly used for on-board
sound on motherboards. What does it do and is it
required? |
| X |
cmsound |
vcpdll.exe |
Added by the TCXMEDI-D downloader TROJAN! |
| X |
cmsound |
vcsystem.exe |
Added by the TCXMEDI-D downloader TROJAN! |
| X |
cmss |
system.exe |
Added by a variant of the RBOT WORM! |
| X |
cmssapp |
iexplore.exe |
Added by the BANCBAN-GF TROJAN!
Note - this is not the legitimate Internet Explorer iexplore.exe process
which is always located in the Program FilesInternet Explorer folder and
should not normally figure in Msconfig/Startup! This file is located in the Windows
or Winnt folder |
| X |
cmssapp |
iexplore_.exe |
Added by the BANCBAN-CQ TROJAN! |
| X |
cmssSystemProcess |
csms.exe |
Added
by the AGENT-Y TROJAN! |
| X |
cmssSystemProcess |
csmss.exe |
Added by the AGENT-CO TROJAN! |
| X |
cmssSystemProcess |
mcsmss.exe |
Added by a variant of the AGENT.EI TROJAN! |
| X |
CMSystem |
CMSystem.exe |
CASClient adware |
| X |
cmt101 |
cmt101.exe |
Added by a variant of the CRYPTER.C TROJAN! |
| ? |
CmUCRRun |
CmUCReye.exe |
Related to Medion Display Information. What does it do and is
it required? |
| X |
cmx32 |
cmx32.exe |
Added by the GEMA.D TROJAN! |
| X |
Cn323 |
cnfrm33.exe |
Added by the MIMAIL.G WORM! |
| X |
Cn911 |
ODBCJET.exe |
Added by the BIFROSE-PR TROJAN! |
| X |
CNBABE |
CNBABE.EXE |
Appears to be spyware added by
KAZAA (and maybe others) that displays pop-up ads whilst you're browsing |
| N |
cnet |
kontiki.exe |
Kontiki Delivery Manager - Windows-based client software that
enables secure delivery of content to users' desktops |
| X |
Cnfrm32 |
cnfrm.exe |
Added by the MIMAIL.D WORM! |
| X |
CnsMax |
Internat.exe |
Added by the POINTEX TROJAN! Note - the real internat.exe
resides in %windir%system (where %windir% is the Windows directory -
C:Windows or C:Winnt) whereas this version resides in %windir% |
| X |
CnsMin |
Rundll32.exe CNSMIN.DLL,
Rundll32 |
CnsMin (Chinese Keywords) hijacker related |
| Y |
CnxAdslL |
CnxAdslL.exe |
DLink, Zoom, or Conexant modem
driver |
| N |
CnxDslTaskBar |
CnxDslTb.exe |
Connexant DSL Taskbar as used on
Acess Runner and Samsung AHT-E310 ADSL modems |
| U |
Cobian Backup 8 interface |
cbInterface.exe |
"Cobian
Backup is a backup program that can be executed in 2 ways: as a normal
application or as a Windows Service. The program can schedule automatic
backups for files and directories locally or to FTP servers and can use
compression and encryption" |
| U |
Codename Dashboard |
dashboard.exe |
Codename:
Dashboard - "an application that resides at the side of your screen.
Built on the Microsoft .NET Framework, it is a host for interchangeable
components through which C.D. allows you to have any information you want, on
your desktop, all the time" |
| X |
cof.updit |
[random filename] |
Added by a
variant of the SDBOT WORM! |
| U |
CognizanceTS |
rundll32.exe [path] AsTsVcc.dll,
RegisterModule |
Cognizance Corp Identity And Access Management suite |
| X |
Coldlife -icmp |
Systray.exe |
Added by the FLOOD.AV TROJAN!
Note - this is not the legitimate systray.exe process |
| U |
coloreal |
coloreal.exe |
Makes colours sharper and
brighter, but will only work with coloreal capable monitors |
| N |
Colorific Control Panel |
Hgcctl95.exe |
From E_Color. Colorific delivers
accurate gamma and color temperature across your entire system - monitor to
printer and digital camera to monitor |
| X |
COM Service |
mscom32.com |
Added by the BEASTY.H TROJAN! |
| X |
COM Service |
msdrce.com |
Added by the BEASTY.I TROJAN! |
| X |
COM Service |
msflyx.com |
Added by the BEASTDO-O TROJAN! |
| X |
COM Service |
msjclh.com |
Added by the BEASTY.E TROJAN! |
| X |
COM Service |
msynvr.com |
Added by the BEASTY.G TROJAN! |
| X |
COM+ Event System |
DRWTSN16.EXE |
Added by a variant of the LOVGATE WORM! |
| X |
COM+ EventSystem Services |
ECSERVER.EXE |
Added by a
variant of the SDBOT WORM! |
| X |
Com+ Sys |
csrs.exe |
Added by the FORBOT-BT WORM! |
| X |
COM+ System Applications |
lsas.exe |
Added by the AGOBOT.SE WORM! |
| X |
COM++ System |
exploier.exe |
Added by a variant of the LOVGATE WORM! |
| X |
COM++ System |
suchost.exe |
Added by a variant of the LOVGATE WORM! |
| X |
COM++ System |
svchost.exe... |
Added by a variant of the LOVGATE WORM! |
| U |
ComAgent |
ComAgent.exe |
ComAgent - MDaemon's instant messaging client |
| X |
combo.exe |
combo.exe |
Added by the CHIMO-C TROJAN! |
| X |
combop.exe |
combop.exe |
Added by the BOWFEED-A TROJAN! |
| X |
Comcast Network |
ribiva.exe |
Added by an IRC TROJAN variant! |
| X |
ComcastSUPPORT |
tgkill.exe |
Comcast (the cable folks who are
replacing @home in some parts of the USA) have struck a deal with Tioga to
provide an "enhanced" support and self-repairing tool. This is
"beta" at present and was made available to download by mistake at
present. Remove via Start -> Settings -> Add/Remove Programs |
| X |
COMCFG |
comcfg.exe |
Added by the TOADCOM.A TROJAN! |
| X |
comctl32 |
comctl32.exe |
Adware - recognized by
Kaspersky antivirus as TrojanDownloader.Win32.Agent.am |
| U |
COMDRV32 |
svdhost.exe |
Orvell Monitoring 2003
surveillance software. Uninstall this software unless you put it there
yourself. Note - asks for permission to contact the IP address of
http://www.protectcom.com/ |
| N |
COM-IP |
COMIP.EXE |
COM-IP Virtual Modem Driver
(COM-IP Creates a Fake Serial Port that allows you to use older DOS Based
Communications Programs over Telnet. Type atdt host.domain.com instead of
atdt 5551212) |
| U |
Comm Driver |
commh32.exe |
G Data "PC Spion". PC monitoring and surveilling
software, captures all users activity on the PC, see here. Disable/remove if
you didn't install it yourself! |
| X |
COMMAND |
command.exe |
Added by the QQPASS.E TROJAN! |
| X |
Command |
Gotit.exe |
Added by the TITOG WORM! |
| X |
command |
javaw.exe |
Added by the AGOBOT-LG WORM! |
| X |
Command |
system.exe |
Added by the GATECRASH.A or
GATECRASH.B TROJANS! |
| X |
Command Prompt32 |
CmdPrompt32.pif |
Added by the ASSIRAL.B WORM! |
| X |
command32 |
command32.exe |
Added by the LINEADI-A TROJAN! |
| N |
CommCtr |
commctr.exe |
"Net2Phone
CommCenter is the latest in Internet voice technology allowing you to place
calls easily all over the world right from your PC!". Available via
Start -> Programs |
| U |
Comodo Firewall |
CPF.exe |
Comodo
Firewall |
| N |
CompanionWizard |
compwiz.exe |
WinAntiVirus
2006 virus software - not recommended, see here |
| U |
Compaq Alerter |
CPQAlert.exe |
Compaq's Insight Manager Agent - a tool that allows for
"fault, performance, and configuration management". Recommended for
corporate users only. It's best removed if installed but not wanted, rather
than disabled at startup. See here for more information |
| N |
Compaq Computer Corp SCCenter
Module |
SCCENTER.EXE |
For Compaq PC's. Part of Backweb |
| ? |
Compaq Computer Security |
Rundll32.exe SECURE32.CPL,
Service |
?? |
| N |
Compaq Connections |
BackWeb-1940576.exe |
See here - "messaging service that automatically sends
you support information, tips, ideas, and special offers from HP and our
partners, especially designed for HP and Compaq desktop computer
owners". * can be any digit |
| N |
Compaq Connections |
COMPAQ~1.EXE |
See here - "messaging service that automatically sends
you support information, tips, ideas, and special offers from HP and our
partners, especially designed for HP and Compaq desktop computer owners" |
| N |
Compaq DMI |
cpqdmi.exe |
Compaq version of the Desktop
Management Interface |
| X |
Compaq Drivers |
F1rewalls.exe |
Added
by the SDBOT-WD WORM! |
| N |
Compaq Internet Setup |
inetwizard.exe |
For Compaq PC's. Runs Compaq
internet setup wizard and offers you to signup from ISP list |
| X |
Compaq Jes Drivers |
winjes.exe |
Added
by the SDBOT-XR WORM! |
| U |
Compaq Knowledge Center |
silent.exe & matcli.exe |
"matcli.exe is a motive
Assistant Command line interface that gathers information about your system's
identity like your name email address, city, state, etc and gets written to a
log file while silent.exe executes matcli.exe quietly in the background.
Compaq Knowledge Center is required to run with the Help and Support program.
If you uncheck Compaq Knowledge Center and and then run help and Support it
will add another Compaq Knowledge Center in the startup menu. If you remove
the Compaq Knowledge Center in the add/remove program some help menus in help
and support will not be available like Fix my Presario, Preference, and
Contact Technical Support". You decide |
| N |
Compaq Message Server |
COMPAQ-RBA.EXE |
Applies to the CPQBootPerfDB
entry as well. These files generate some kind of server or servlet that
attempts to connect with Compaq online. They are like Trojans, but fairly
harmless. They send information on the "Compaq Advisor/Compaq Message
Screener" application that comes with every Compaq computer and provide
feedback on how computer users use the Message Advisor. These messages appear
occasionally and instruct and advise users on their computer and its use.
They generally attempt to get you (these messages) to connect to Compaq's
website. They may be safely disabled via (1) MSCONFIG or (2) Start ->
Programs -> Compaq Advisor -> Advisor Settings under the
"advanced" tab. Not required and can cause problems |
| U |
Compaq PK Daemon |
cpqkl.exe |
For Compaq laptops for
programming user configurable keys. Not required unless you use them |
| X |
Compaq Print Fax |
cpqa1000.exe |
Added by the SDBOT.BCV WORM! Please take note of the
difference between the legitimate Compaq Fax Utility Name (A1000 Settings
Utility) and the name (Compaq Print Fax) used by this worm |
| X |
Compaq Service Drivers |
amsn.exe |
Added by a
variant of the SDBOT WORM! |
| X |
Compaq Service Drivers |
compaq.exe |
Added by the SDBOT-AFU WORM! |
| X |
Compaq Service Drivers |
compq.exe |
Added by a
variant of the SDBOT WORM! |
| X |
Compaq Service Drivers |
compqs.exe |
Added by a
variant of the SDBOT WORM! |
| X |
Compaq Service Drivers |
msnsvc.exe |
Added by the RBOT.BKT WORM! |
| X |
Compaq Service Drivers |
msnt.exe |
Added by the SDBOT.CQL WORM! |
| X |
Compaq Service Drivers |
navapqwa.exe |
Added by the SDBOT.BBQ WORM! |
| X |
Compaq Service Drivers |
NtKernelSystem.exe |
Added by a
variant of the SDBOT WORM! |
| X |
Compaq Service Drivers |
ntsys32.exe |
Added by the RBOT.CIW WORM! |
| X |
Compaq Service Drivers |
systeminfos.exe |
Added by the SDBOT-XC WORM! |
| X |
Compaq Service Drivers |
wincmd.exe |
Added by the RBOT.ATV WORM! |
| X |
Compaq Service Drivers |
wind32.exe |
Added by a
variant of the SDBOT WORM! |
| X |
Compaq Service Drivers |
winmsn.exe |
Added by a
variant of the SDBOT WORM! |
| X |
Compaq Service Drivers |
winsvc.exe |
Added by the SDBOT-AGD WORM! |
| X |
Compaq Service Drivers 32 |
compq32.exe |
Added by a
variant of the SDBOT WORM! |
| X |
Compaq Service Drivrs |
copq.exe |
Added by a variant of the RBOT WORM! |
| X |
Compaq Services Drivers |
ndt32.exe |
Added by the RBOT.CQZ WORM! |
| X |
Compaq Sound Drivers For WINDOWS |
sounddr.exe |
Added by the SDBOT-XG WORM! |
| N |
Compaq Video CD Watcher |
?? |
For Compaq PC's. MPEG viewer |
| X |
Compaq32 Service Drivers |
ms32.exe |
Added by the SDBOT.BWH WORM! |
| X |
Compaq32 Service Drivers |
msconfig32.exe |
Added by the SDBOT-ADC WORM! |
| X |
Compaq32 Service Drivers |
msnt32.exe |
Added by the RBOT.BVF WORM! |
| ? |
CompaqHW Comp Manager |
cpqhcm.exe |
Running on a Compaq laptop - any
ideas? |
| N |
CompaqPrinTray |
printray.exe |
Puts printer icon in the System
Tray. When this option is disabled you will no longer be able to access the
Control Program or Printer Driver directly from your desktop |
| X |
Compaqs Service Driver |
copypad32.exe |
Added by the SDBOT.CSO WORM! |
| X |
Compaqs Service Drivers |
compqs.exe |
Added by a
variant of the SDBOT WORM! |
| N |
CompaqSystray |
cpqpscp.exe |
Compaq System Tray icon |
| X |
Compatibility Service Process |
regsvs.exe |
Added by the GAOBOT.YN WORM! |
| X |
Compd Service Drivrs |
codq.exe |
Added by a
variant of the SDBOT WORM! |
| U |
ComproRemote |
ComproRemote.exe |
VideoMate TV
tuner and capture card - remote control driver |
| U |
ComproSchedulerDTV |
ComproSchedulerDTV.exe |
VideoMate TV
tuner and capture card - scheduler |
| X |
Computing Technologie Firewall |
lsauth.exe |
Added
by the SDBOT-WX WORM! |
| N |
COMSMDEXE |
comsmd.exe |
3Com tray icon |
| N |
ComStart |
Trojan Guarder.exe |
TrojanGuarder is a security risk that may give exaggerated
reports of threats on the computer. The program then prompts the user to
purchase a registered version of the software in order to remove the reported
threats |
| X |
ComTry Web Searcher |
wstray.exe |
Comtry MP3 Downloader related -
spyware |
| X |
comxt |
comxt.exe |
Added by the COMXT TROJAN! |
| X |
con |
[path to trojan] |
Added by the BRAVE-A TROJAN! |
| X |
Config |
service.exe |
Added by the ISRAZ.B WORM! |
| X |
Config Loadation |
iEEexplore.exe |
Added by the SDBOT.H TROJAN! |
| X |
Config Loadatiorin |
I3Explorer.exe |
Added by the SDBOT.H TROJAN! |
| X |
Config Loader |
scvhost.exe |
Added by the GAOBOT.AE or
GAOBOT.AO WORMS! |
| X |
Config Loader |
svchosl.exe |
Added by the GAOBOT.P WORM! |
| X |
Config Loader |
svhost.exe |
Added by a variant of the AGOBOT/GAOBOT WORM! |
| X |
Config Loader |
sysldr32.exe |
Added by the GAOBOT WORM! |
| X |
Config Loader for Microsoft
Windows |
mwincfg32.exe |
Added by the AGOBOT.BD WORM! |
| X |
Config Loader2 |
explores.exe |
Added by the GAOBOT.BT WORM! |
| X |
Config Loadr |
winsys32.exe |
Added by the AGOBOT-HN WORM! |
| X |
Config33.exe |
Config33.exe |
Added by the SDBOT.T TROJAN! |
| X |
ConfiggLoader |
cart322.exe |
Added by the GAOBOT.DJ WORM! |
| U |
ConfigSafe |
AUTOCHK.EXE |
ConfigSafe
- lets you identify changes to the registry, INI files, System asset files,
system hardware, network connections, and operating system versions --
provides a restore function. Your choice |
| U |
ConfigSafe |
CFGSAFE.EXE |
ConfigSafe
- lets you identify changes to the registry, INI files, System asset files,
system hardware, network connections, and operating system versions --
provides a restore function. Your choice |
| N |
ConfigServices |
Config.exe |
Part of initial setup on a
Compaq PC |
| X |
configsetup |
configsetup32.exe |
Added by the AGOBOT-AFP WORM! |
| X |
Configuration |
[filename] |
Added by the SDBOT-ML WORM! |
| X |
configuration |
apphost.exe |
Added
by the SDBOT-VP WORM! |
| X |
Configuration |
explorer32.exe |
Added by the SDBOT-ML WORM! |
| X |
Configuration |
ntsys32.exe |
Added
by the SDBOT-LN WORM! |
| X |
Configuration Default |
Wuxat.exe |
Added by the SPYBOT-CA WORM! |
| X |
Configuration File |
Winset32.exe |
Added by the FLUX.101 TROJAN! |
| X |
Configuration Loaded |
lssas.exe |
Added by a variant of the SDBOT
WORM! Note - this is not the legitimate lsass.exe process |
| X |
Configuration Loaded |
wupdated.exe |
Added by the MOEGA or MOEGA.AG
or MOEGA.AP WORMS! |
| X |
Configuration Loader |
aim95.exe |
Added by the LOADCFG or SDBOT
TROJANS! |
| X |
Configuration Loader |
botss.exe |
Added
by the SDBOT-XS WORM! |
| X |
Configuration Loader |
ccSort.exe |
Added by the AGOBOT.SR WORM! |
| X |
Configuration Loader |
cmd32.exe |
Added by the LOADCFG or SDBOT
TROJANS! |
| X |
Configuration Loader |
confgldr.exe |
Added by the GAOBOT.GEN!POLY WORM! |
| X |
Configuration Loader |
configldr.exe |
Added by the AGOBOT-PP TROJAN! |
| X |
Configuration Loader |
crcss.exe |
Added by the AGOBOT.ADG WORM! |
| X |
Configuration Loader |
dezi.exe |
Added by the SDBOT-OB WORM! |
| X |
Configuration Loader |
dosrun32.exe |
Added by the GAOBOT.AO WORM! |
| X |
Configuration Loader |
DVD-Player.exe |
Added by a
variant of the SDBOT WORM! |
| X |
Configuration Loader |
extrac.exe |
Added by the SDBOT-AFP WORM! |
| X |
Configuration Loader |
IEXPL0RE.EXE |
Added by the LOADCFG or SDBOT
TROJANS! |
| X |
Configuration Loader |
IEXPLORE.EXE |
Added by the SDBOT-KW WORM! Note
- this is not the legitimate Internet Explorer (iexplore.exe) process, which
is always located in the Program FilesInternet Explorer folder and should not
normally figure in Msconfig/Startup unless you add it manually! This file is
located in the System (9x/Me) or System32 (NT/2K/XP) folder |
| X |
Configuration Loader |
ldasp.exe |
Added by the AGOBOT.BH WORM! |
| X |
Configuration Loader |
lexplore.exe |
Added by the RBOT-AGX WORM! |
| ? |
Configuration Loader |
lfass.exe |
?? |
| X |
Configuration Loader |
loadcfg32.exe |
Added by the LOADCFG or SDBOT
TROJANS! |
| X |
Configuration Loader |
microsoft.exe |
Added by the GAOBOT.JB WORM! |
| X |
Configuration Loader |
mouse.exe |
Added by a variant of the AGOBOT/GAOBOT WORM! |
| X |
Configuration Loader |
msg.exe |
Added by the SDBOT.BT WORM! |
| X |
Configuration Loader |
msgcfgsrv.exe |
Added by a variant of the AGOBOT/GAOBOT WORM! |
| X |
Configuration Loader |
msgfix.exe |
Added by the GAOBOT.AUS or
SDBOT.J or SDBOT-QG WORMS! |
| X |
Configuration Loader |
msnss.exe |
Added by the GAOBOT.AUS WORM! |
| X |
Configuration Loader |
MSTasks.exe |
Added by the LOADCFG or SDBOT
TROJANS! |
| X |
Configuration Loader |
scvhost.exe |
Added by the AGOBOT-AAE and
SDBOT.AR WORMS! |
| X |
Configuration Loader |
seru32.exe |
Added by the SDBOT-VR WORM! |
| X |
Configuration Loader |
Service.exe |
Added by the GAOBOT.AO WORM! |
| X |
Configuration Loader |
service5.exe |
Added by the GAOBOT.AF WORM! |
| X |
Configuration Loader |
Servicess.exe |
Added by the GAOBOT.AO WORM! |
| X |
Configuration Loader |
smsai.exe |
Added
by the SDBOT-YE WORM! |
| X |
Configuration Loader |
smss32.exe |
Added by the AGOBOT.MB WORM! |
| X |
Configuration Loader |
svchost.exe |
Added by the PARADROP-A WORM!
Note - this is not the legitimate svchost.exe process which should NOT appear
in Msconfig/Startup! |
| X |
Configuration Loader |
svchost.exe |
Added by the PARADROP-AI WORM!
Note - this is not the legitimate svchost.exe process which should not
normally figure in Msconfig/Startup! |
| X |
Configuration Loader |
svchost2.exe |
Added by the AGOBOT.JR WORM! |
| X |
Configuration Loader |
svhst.exe |
Added by the GAOBOT.YC WORM! |
| X |
Configuration Loader |
svupdate.exe |
Added by the RANDEX.DXP WORM! |
| X |
Configuration Loader |
sw32.exe |
Added by the AGOBOT.BQ WORM! |
| X |
Configuration Loader |
sycfg34.exe |
Added by the GAOBOT.AN WORM! |
| X |
Configuration Loader |
syscfg32.exe |
Added by the SDBOT.B TROJAN! |
| X |
Configuration Loader |
sysinfo.exe |
Added by the GAOBOT.FQ WORM! |
| X |
Configuration Loader |
System.exe |
Added by the GAOBOT.AO WORM! |
| X |
Configuration Loader |
systemry.exe |
Added by a variant of the AGOBOT/GAOBOT WORM! |
| X |
Configuration Loader |
wincffg.exe |
Added by the AGOBOT.A3 WORM! |
| X |
Configuration Loader |
wincore.exe |
Added by the SDBOT.BHE WORM! |
| X |
Configuration Loader |
wincrt32.exe |
Added by the GAOBOT.BF WORM! |
| X |
Configuration Loader |
windex.exe |
Added by the GAOBOT.BZ WORM! |
| X |
Configuration Loader |
WinHelper.exe |
Added by a variant of the AGOBOT/GAOBOT WORM! |
| X |
configuration loader |
winicfg32.exe |
Added by the GAOBOT.RQ WORM! |
| X |
Configuration Loader |
Winreg.exe |
Added by the GAOBOT.AO WORM! |
| X |
Configuration Loader Service |
devl32.exe |
Added
by the SDBOT-XY WORM! |
| X |
Configuration Loader Service |
Winsys32.exe |
Added
by the RBOT-YV WORM! |
| X |
Configuration Loader10 |
ip7.exe |
Added by the AGOBOT-ANZ WORM! |
| X |
Configuration Loading |
configldr.exe |
Added by the AGOBOT-EC WORM! |
| X |
Configuration Loading |
svchos1.exe |
Added by the GAOBOT.DK WORM! |
| X |
Configuration Loading Service |
wscel.exe |
Added
by the SDBOT-WJ WORM! |
| X |
Configuration Loadr |
iexplore.exee |
Added by an unidentified WORM or
TROJAN! |
| X |
Configuration Manager |
cfg32.exe |
BookedSpace parasite |
| X |
Configuration Manager |
CNFGLD32.EXE |
Added by the SDBOT TROJAN! |
| X |
Configuration Manager |
Cnfgldr.exe |
Added by the SDBOT TROJAN! |
| X |
Configuration Servecie |
sewins.exe |
Added by the SDBOT-COH WORM! |
| X |
Configuration Service |
suchost.exe |
Added by the TREB TROJAN! |
| X |
Configuration Services |
mswords.exe |
Added by the SDBOT-YM WORM! |
| N |
Configuration Utility |
CONFIG.EXE |
Controls linksys wireless
connection. Available from the Desktop |
| U |
Configuration Utility |
wlanutil.exe |
NetGear Wireless LAN configuration utility for the MA311
802.11b (and maybe other cards) |
| X |
Configuration Wizard |
Cfgwiz32.exe |
Added by a variant of the HACKTACK TROJAN! Not to be confused
with the legitimate MS "ISDN Configuration Wizard" (Cfgwiz32.exe) |
| X |
Configuration32 Loader32 |
winamp32.exe |
Added by the SDBOT-BIC WORM! |
| X |
ConfLoader |
sysconf16.exe |
Added by the SDBOT-FB TROJAN! |
| N |
Conmgr |
conmgr.exe |
Starts Winfax pro at startup |
| U |
ConMgr.exe |
conmgr.exe |
Connection Manager as used by
Earthlink and others. If you need this to ensure a proper connection but
don't want to connect at startup try creating your own shortcut |
| X |
Connect2Party |
connect2party.exe |
Adult content dialler |
| U |
Connection Keeper |
ConKeepM.exe |
"Connection
Keeper is an invaluable time-saving tool for dial-up users. This free program
simulates Internet browsing (at a random interval) to prevent your connection
from appearing idle, thus preventing your ISP from dropping your connection
due to inactivity" |
| N |
Connection Manager |
CManager.exe |
SBC Yahoo DSL service connection
manager. You can connect from the network connections. Users having problems
with this have been advised to uninstall the connection manager via
Add/Remove Programs and it won't affect the service |
| X |
Connectivity Tool |
[path to trojan] |
Added by the LITEBOT-E TROJAN! |
| X |
Connector |
sms.EXE |
Added by the ExDial-B premium rate adult content dialer |
| X |
Connector |
SYS.EXE |
Added by the dialer.Nunci premium dialer |
| X |
Cons |
consol32.exe |
Hijacker - redirects to a p0rn
portal, where foistware like ISTBar gets stealth installed |
| X |
conscorr |
conscorr.exe |
VX2.Transponder parasite updater/installer related |
| X |
Console de Gerenciamento
Microsoft |
csrss.exe |
Unidentified malware! Note - this is not the legitimate
csrss.exe process which is always located in the System (9x/Me) or System32
(NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This
file is located in a SystemLevel4 subfolder |
| X |
Console de Gerenciamento
Microsoft |
csrss.exe |
Added by the BANCBAN-ET TROJAN!
Note - this is not the legitimate csrss.exe process which is always located
in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is located in a "Central de
Segurança" subfolder |
| U |
Consumer Input |
ConsumerInput.exe |
Consumer Input Toolbar.
Opt-in market research monitoring you browsing habits - see the FAQ |
| U |
Consumer Input Rewarded with
MyPoints, Consumer Input |
ConsumerInputRewardedwithMyPoints,
ConsumerInput.exe |
Consumer Input Toolbar.
Opt-in market research monitoring you browsing habits - see the FAQ |
| U |
Consumer Input Rewarded with
MyPoints, Consumer Input Update |
ConsumerInputRewardedwithMyPoints,
ConsumerInputUa.exe |
Consumer Input Toolbar.
Opt-in market research monitoring you browsing habits - see the FAQ |
| ? |
Contacte |
contacte.exe |
Some kind of driver? |
| X |
Content connector |
[random filename].exe |
Added by the DIALER-Y TROJAN! Note - uses a random filename
and random folders. Usually the folder containing the file is a Temp folder |
| X |
ContentDownload |
rundll32.exe MSA64CHK.dll,
DllMostrar |
MatrixDialer related |
| X |
ContentService |
winservn.exe |
Homepage hijacker |
| X |
ContinueInstall |
bpsinstall.exe |
BrowserAid/BrowserPal foistware |
| X |
Control |
rundll32.exe ctrlpan.dll,
Restore ControlPanel |
CoolWebSearch Msconfd parasite variant |
| N |
Control Center |
Center.exe |
Related to an Asus WLAN card |
| X |
Control handler |
***********.exe [* = random
char] |
CoolWebSearch
parasite variant |
| X |
Control handler |
[10 to 14 random char]THD.EXE |
Added by the KREPPER-AI TROJAN! |
| X |
Control handler |
ahjinst.exe |
CoolWebSearch
parasite variant |
| N |
control panel |
smctrlw.exe |
System Tray icon for a Silicon
Motion LynxEM based PCI Graphics Card |
| X |
Control Panel |
System.exe |
Added by the DANI TROJAN! |
| X |
control panel software service |
cprs.exe |
Added by the RBOT-FPI WORM! |
| X |
Controladores |
[path to trojan] |
Added by the TELEFO-A TROJAN! |
| N |
ControlCenter2.0 |
brctrcen.exe |
Brother scanner 'Control Center'
application - can be started manually |
| N |
ControlCentreTray |
XWCTray.exe |
System Tray access for the Xerox
ControlCentre 2.0 software for their range of printers, copiers, faxes, etc |
| X |
Controlled Resource System
Service |
crss.exe |
Added by the AGOBOT.GH WORM! |
| N |
Controller |
WFXCTL32.EXE |
From Symantec's TalkWorks Pro
and WinFax. Appears if you chose to have the program appear in the taskbar
(System Tray) during installation and displays a yellow fax/telephone icon.
Available via Start -> Programs |
| X |
ControlPanel |
[path] cmd32.exe internat.dll,
LoadKeyboardProfile |
Added by the DLOADER-HF TROJAN! |
| X |
ControlPanel |
[path] private.exe internat.dll,
LoadMouseCarpetProfile |
Reported by Norman Virus Control
as W32/Downloader. Creates the files sdfff, fdsf and zxczxc. In the
C:WINDOWSSYSTEM32 directory creates the files d.exe, s.exe and r.exe |
| X |
ControlPanel |
host32.exe internat.dll,
LoadKeyboardProfile |
Added by a vairant of the DELF.DW TROJAN! |
| X |
ControlPanel |
internat.dll,
LoadKeyboardProfile |
Added by the BIZVES-A TROJAN! |
| X |
ControlPanel |
popcorn.exe internat.dll,
LoadKeyboardProfile |
Added by the BIZVES-B TROJAN! |
| X |
ControlPanel |
popcorn320.exe rundll.dll,
LoadMouseProfile |
Added by a variant of the DLOADER-RA TROJAN! |
| X |
ControlPanel |
popcorn64.exe |
Browser hijacker, redirecting to
loadcash.biz |
| X |
ControlPanel |
popcorn64.exe rundll.dll,
LoadMouseProfile |
Added by the DLOADER-OI TROJAN! |
| X |
ControlPanel |
popcorn72.exe rundll.dll,
LoadMouseProfile |
Added by the DLOADER-RA TROJAN! |
| X |
ControlPanel |
rundll32 internat.dll,
LoadKeyboardProfile |
CoolWebSearch
parasite variant |
| X |
ControlPanel |
svcc.exe |
WorldSearch adware |
| X |
ControlPanel |
systemctrl.exe internet.dll,
LoadNetworkProfile |
Browser hijacker, also detected as STARTPA-FX |
| X |
ControlServiceMgr |
csmsv.exe |
Added by the AGENT-XC TROJAN! |
| U |
Cookie Cop 2 |
CookieCop.exe |
Cookie
Cop 2 from PC Magazine - cookie manager. Allows you to decide which internet
sites can add "cookies" related to their sites for the next time
you return |
| U |
Cookie Pal |
CPBRWTCH.EXE |
Kookaburra Software's
Cookie Pal cookie manager. Allows you to decide which internet sites can add
"cookies" related to their sites for the next time you return |
| U |
CookieJar |
Cookiejar.exe |
Cookie Jar
cookie manager from Jason's Toolbox. Allows you to decide which internet
sites can add "cookies" related to their sites for the next time
you return. No longer being actively supported |
| U |
CookiePatrol |
CookiePatrol.exe |
CookiePatrol -
cookie interceptor stopping spyware cookies that used to be part of
PestPatrol before CA's aquisition |
| U |
CookieWall |
cookie.exe |
CookieWall from Analog X. Allows you to decide which internet
sites can add "cookies" related to their sites for the next time
you return |
| U |
Cool Desk |
cdesk.exe |
Cool Desk is a virtual
desktops manager. "Ever you wished to have several screens on your
computer? Cool Desk creates up to 9 virtual desktops and offers you to have
different windows on each of them". Not required but may be of use to
you |
| X |
CoolDownloads |
rundll32.exe MSA64CHK.dll,
DllMostrar |
MatrixDialer related |
| X |
CoolMP3 |
rundll32.exe MSA64CHK.dll,
DllMostrar |
MatrixDialer related |
| U |
CoolSwitch |
taskswitch.exe |
ALT+TAB replacement Powertoy for
Windows XP - enhances the graphics displayed when you want to switch between
programs running full-screen |
| N |
Coolwallpaper |
cwm_tray.exe |
Cool
Wallpaper software allows you to manage high quality photos as desktop
wallpaper and screen savers |
| X |
coolwebprogram |
clrssn.exe |
CoolWebSearch Smartsearch parasite variant |
| N |
Copernic Desktop Search |
DesktopSearch.exe |
Copernic Desktop Search - "Easily search your entire
hard drive in less than a second to pinpoint the right file, e-mail, music or
pictures" |
| U |
Copernic Desktop Search 2 |
DesktopSearchService.exe |
Copernic Desktop Search - search agent |
| U |
CopernicPerUserTaskMgr |
CopernicPerUserTaskMgr.exe |
Automatic tasking feature of
Copernic Pro multi-search engine tool |
| U |
Copy handler |
Copy Handler.exe |
Copy Handler lets you copy between hard disks, floppies, local
networks, CDs, and many other storage media. Copy Handler gives you the power
to pause, resume, restart, and cancel during the copying and moving processes |
| N |
Copyright |
mwcpyrt.exe |
Displays copyright information
on IBM ThinkPads |
| U |
CoreCenter |
CORECE~1.EXE |
MSI Core Center - motherboard
utility for monitoring CPU speed, voltages, temperatures and fans speeds as
well as overclocking |
| U |
CoreCenter |
CoreCenter.exe |
MSI Core Center - motherboard
utility for monitoring CPU speed, voltages, temperatures and fans speeds as
well as overclocking |
| N |
Corel Colleagues & Contacts
Reminders |
cffrem.exe |
Corel Colleagues & Contracts
- all-in-one organizer for scheduling meetings, maintaining addresses, etc.
Part of the now defunct Corel Print Office |
| N |
Corel Desktop Application
Director |
dadx.exe |
The Desktop Application Director
(DAD) gives you easy access to all Corel applications - x represents ther
version number. Available via Start -> Programs |
| N |
Corel Family & Friends
reminders |
CFFREM.EXE |
Corel Family & Friends -
all-in-one calender, address book and list manager. Part of the now defunct
Corel Print House Magic |
| N |
Corel Photo Downloader |
MediaDetect.exe |
Related to Corel Photo Album |
| N |
Corel Registration |
Remind32.exe |
If you don't want to register
Corel products and be reminded about it every 2 weeks disable it |
| N |
Corel Registration Reminder |
Remind32.exe |
If you don't want to register
Corel products and be reminded about it every 2 weeks disable it |
| N |
Corel Reminder |
NAVBROWSER.EXE |
If you don't want to register
Corel products and be reminded about it every 2 weeks disable it |
| N |
Corel Reminder |
NAVBrowser.exe |
Registration reminder for
CorelDRAW 10 |
| N |
CorelCENTRAL 10 |
I_26dadCC.exe |
CorelCENTRAL 10 - personal information manager (PIM).
Supplied as part of Corel WordPerfect Office 2002. Available via Start ->
Programs |
| X |
CorelDraw Toolbox |
CorelDraw.exe |
Added
by the SDBOT-VZ WORM! |
| N |
CorelMedia FoldersIndexer8 |
MFINDE~1.EXE |
Part of CorelDraw bundles for
indexing media files - similar to "fast find" in MS Office |
| N |
CorelMedia FoldersIndexer8 |
MFindexer.exe |
Part of CorelDraw bundles for
indexing media files - similar to "fast find" in MS Office |
| X |
CoreSrv |
coresrv.exe |
Some IRC trojans/worms
use this - see here for more information |
| ? |
CORESYS |
coresys.exe |
?? |
| N |
CorrectConnect |
CConnect.exe |
Broadband ISP diagnostic tool -
as used by NTL and Cox Communications. Shortcut available |
| X |
cosine |
cosine.exe |
Added
by the RBOT-SW WORM! |
| U |
CostAware |
niIPCApp.exe |
NetInternals
CostAware - download quota measuring tool |
| N |
Country Select |
pctptt.exe |
Country selection for a PCtel
HSP56 based modem. Often found in OEM (Dell,Compaq, HP, etc) systems for
their modems included on the motherboard or as a separate card. Once you've
set the modem up to the chosen country it's not required |
| N |
CountrySelection |
pctptt.exe |
Country selection for a PCtel
HSP56 based modem. Often found in OEM (Dell,Compaq, HP, etc) systems for
their modems included on the motherboard or as a separate card. Once you've
set the modem up to the chosen country it's not required |
| ? |
Coupon Offers |
?? |
?? |
| X |
couponica |
couponica.exe |
Adware
- see here |
| ? |
CP |
CopyProtectionNotifier.exe |
Related to
Emuzed Systems and Middleware. Comes included with Windows XP Media Edition |
| U |
CP32NOT |
CP32BTN.EXE |
For the programmable
"one-touch" buttons on HP laptops (and others?). Safe to disable if
you don't use these buttons |
| U |
CP4HPOT |
OneTouch.EXE |
One Touch keyboard driver.
Required if you use the additional keys |
| N |
CP888M1 |
CP888M1.EXE |
Related to EZbutton quick
launcher for the Media player app that comes with certain laptops |
| ? |
CPA9P2PSERVER |
CPA9P2PS.exe |
Found on a Compaq Presario but
what is it? |
| X |
cpanel |
winlogin32.exe |
Added by the RBOT-FOY WORM! |
| U |
CPATR10 |
CPATR10.EXE |
Dritek/Compal ATR10 Easy Button
driver. Used on certain laptops (e.g. Toshiba, Compaq) to translate special
hotkeys such as Play/Pause and Constrast |
| U |
CPBrWtch |
CPBrWtch.exe |
Kookaburra Software's
Cookie Pal cookie manager. Allows you to decide which internet sites can add
"cookies" related to their sites for the next time you return |
| Y |
CPD_EXE |
CPD.EXE |
Firewall bundled with McAfee
VirusScan 6.* |
| X |
cpl |
browse.exe |
Added by the TACTSLAY.C TROJAN! |
| X |
cpl |
deamon.exe |
Added by the TACTSLAY.C TROJAN! |
| X |
cpl |
msgaol.exe |
Added by the TACTSLAY.C TROJAN! |
| X |
cpl |
msgaol.exe |
Added by the TACTSLAY.C TROJAN! |
| X |
cpl |
s_menu.exe |
Added by the TACTSLAY.C TROJAN! |
| N |
CplBTQ00 |
CplBTQ00.EXE |
Related to EZbutton quick
launcher for the Media player app that comes with certain laptops |
| N |
CPLDBL10 |
CPLDBL10.exe |
Related to EZbutton quick
launcher for the Media player app that comes with certain laptops |
| X |
cpntmgc |
navpmc.exe |
Added by the SIMCSS TROJAN! |
| X |
cpntmgc |
simcss.exe |
Added by the MAGICON.A TROJAN! |
| X |
cpntmgc |
wincomp.exe |
Added by the WINTRIM_A TROJAN! |
| X |
cpntmgc |
winmgts.exe |
Added by the WINTRIM-B TROJAN! |
| ? |
CPortPatch |
cppatch.exe |
CPortPatch is a utility is
required for Dell laptops that are using a docking station. Is it needed
though? |
| Y |
CPQAcDc |
CPQAcDc.exe |
Compaq PowerCon power management
software for laptops |
| U |
CPQAlert |
CPQAlert.exe |
Compaq's Insight Manager Agent - a tool that allows for
"fault, performance, and configuration management". Recommended for
corporate users only. It's best removed if installed but not wanted, rather
than disabled at startup. See here for more information |
| N |
CPQBootPerfDB |
CPQBootPerfDB.EXE |
See the entry for Compaq Message
Server |
| Y |
CPQCalib |
CPQCalib.exe |
Compaq PowerCon power management
software for laptops |
| N |
CPQDFWAG |
CpqDfwAg.exe |
For Compaq PC's. Runs Compaq
diagnostics on every boot |
| U |
CPQEASYACC |
cpqeadm.exe |
For Compaq PC's. Allows the use
of programmable keys on mulimedia keyboards. Required if you use the
additional keys |
| U |
CPQEASYACC |
StartEAK.exe |
Easy Access Button Support for Compaq PCs. Required if you
use these |
| U |
cpqeaui |
cpqeaui.exe |
For Compaq PC's. Allows the use
of programmable keys on mulimedia keyboards. Required if you use the
additional keys |
| U |
cpqek |
kcpqek.exe |
For Compaq PC's. Easy Access button support for the keyboard |
| U |
CPQInet Runtime Service |
CpqInet.exe |
For Compaq PC's. Allows AOL and Compuserve to use the Easy
Access buttons for the internet. Is not required if you don't use the ISP
providers |
| N |
CPQINKAGENT |
cpqinkag.exe |
That is the Compaq Ink Agent for
some inkjet printers, it lets users know when their ink cartridges are
getting close to empty (by how many pages they have printed) |
| U |
cpqns |
cpqnpcss.exe |
Related to Compaq.Net - not
required if you don't use that |
| N |
Cpqset |
Cpqset.exe |
Default settings software in
Hewlett Packard notebook |
| Y |
CPQSTUTFIX |
stutfix.exe |
For Compaq PC's. Fixes
audio stutter problems for ESS Maestro soundcards. You can download it here.
This is a Compaq originated file and has been verified as free from viruses
by McAfree/Norton |
| X |
cpr |
cpr |
Adroar.com adware downloader |
| X |
cprocsvc |
cproc.exe |
Added by MSIL.AGENT.C TROJAN! |
| X |
CPU Manager |
cpumgr.exe |
Added by the PANDEM.B WORM! |
| X |
CPU Temp Control |
wuitgurd.exe |
Added by the RBOT-AHV WORM! |
| X |
CPU Watcher |
rundll32.exe [path] cpu.dll,load |
Added by the DLOADER-LO TROJAN! |
| X |
CPU Windows Status |
cpustats.exe |
Added by a variant of the RBOT WORM! |
| U |
CPUcool |
Cpucool.exe |
Program to keep the processor
cool when idle in "overclocked" systems. Also available via Start
-> Settings -> Control Panel |
| X |
Cpusave |
Cpusave.exe |
Added by the GEMA TROJAN! |
| X |
Cpusave32 |
Cpusave32.exe |
Added by the GEMA TROJAN! |
| X |
CPVHOST Settings |
cpvhost.exe |
Added by
the SDBOT.HMW WORM! |
| X |
cpyt |
hidep.exe |
Added by the MIRJACK-A TROJAN! |
| X |
cqlyg |
world_cup_.bat |
Added by the WCUP.A WORM! |
| ? |
CQSCP2P SERVER |
?? |
"Compaq printer utility
which is required in the startup menu in order to make the printer work
correctly". Personally I doubt whether it is actually needed |
| ? |
CQSCP2PS |
?? |
"Compaq printer utility
which is required in the startup menu in order to make the printer work
correctly". Personally I doubt whether it is actually needed |
| X |
Cr**.exe [* = random char] |
Cr**.exe [* = random char] |
CoolWebSearch/HomeSearch adware
- for examples, see this log |
| X |
Cr**.exe [* = random char] |
Cr**.exe [* = random char] |
CoolWebSearch/HomeSearch adware
- for examples, see this log |
| X |
Cr**32.exe [* = random char] |
Cr**32.exe [* = random char] |
CoolWebSearch/HomeSearch adware
- for examples, see this log |
| U |
cracked_windows1 |
cracked_windows1.exe |
Cracked Windows popup killer |
| N |
CrazyTalk Serve |
rundll32.exe CrazyTalk.dll,
DIIServeMediaFile |
CrazyTalk
from Reallusion - "the worlds only facial animation tool that gives you
the power to create talking animated images from a single photograph,
complete with emotions." Can apparently be installed without your
knowledge as well as being a legitimate download in it's own right from sites
such as TUCOWS |
| U |
CRBroadCasting |
CRBroadCasting.exe |
CardReader2 from On Track
Inovations Ltd. USB Card Reader |
| X |
CRC Value Verifier |
crsss.exe |
Added by the SPYBOT.UK WORM! |
| X |
CRC Value Verifier |
crsss32.exe |
Added by a variant of the RBOT WORM! |
| X |
CRC Value Verifier |
Crsss64.exe |
Added by the RBOT-NY WORM! |
| X |
CRC Value Verifier |
svchost32.exe |
Added
by the RBOT-OA WORM! |
| X |
Crc32stats Dependencies |
Crc32stats.exe |
Added by the MYTOB.GT WORM! |
| X |
CRCSS |
crcss.exe |
Added by the IRCBOT-TH WORM! |
| U |
Creata Mail |
JMSrvr.exe |
Creata_Mail.
Smileys, stationary and more for you email. Required if you want to access
the program from Outlook or Outlook Express |
| X |
Create A Monster |
createAMonster.exe |
Kudd.com
CreateAMonster. Reportedly stealth installed and Look2Me adware related |
| N |
CreateCD |
Createcd.exe |
Adaptec Easy CD Creator system
tray application (pre version 5). Available via Start -> Programs |
| N |
CreateCD50 |
Createcd50.exe |
Adaptec Easy CD Creator version
5 system tray application. Available via Start -> Programs |
| N |
Creative AGP Wizard |
agpwiz.exe |
Part of Creative's
BlasterControl |
| X |
Creative Audio Drivers |
creative.exe |
Added by the RBOT-FKR WORM! |
| N |
Creative Detector |
CTDetect.exe |
Auto-detect and play a DVD when
using a Creative Soundblaster Audigy2 soundcard. Uses about 2.2 MB of memory.
Disable it by heading to the MediaSource DVD Audio Player, selecting Tools,
then uncheck the Auto Start box. It should not start up automatically again |
| N |
Creative Launcher |
CTLauncher.exe |
For Creative Soundblaster Live!
series soundcards. Adds a quick-launch bar to the top of the display and a
System Tray icon. Available via Start -> Programs |
| N |
Creative MediaSource Go |
CTCMSGo.exe |
"Creative
MediaSource playbacks music in DVD-Audio, MP3, WMA, WAV and other media
formats" |
| N |
Creative PCI Audio Configuration
Utility |
starter.exe |
System Tray icon to configure a Creative Soundblaster PCI
soundcard. Not required and re-instates itself when un-checked. Try one of
the solutions on this special page. Similar to EnsoniqMixer |
| N |
Creative Service for CDROM
Access |
Ctsvccda.exe |
Resident program for Creative's
PlayCenter included with Soundblaster Audigy sound cards - speeds up
detection of some media CDs if the system doesn't natively support them.
Available via Start -> Programs |
| N |
Creative WebCam Tray |
Camtray.exe |
Creative WebCam tray control -
can be started manually |
| X |
Creative.exe |
Creative.exe |
Added by the PROLIN WORM! |
| N |
CreativeDiscNotifier |
CTNOTIFY.EXE |
For Creative Soundblaster Live!
series soundcards. Detects when you insert a CD-ROM, DVD-ROM, etc. Available
via Start -> Settings -> Control Panel |
| U |
CreativeMixer |
CTMIX32.EXE |
Creative soundcard System Tray
access to, for example, volume slider controls as normally provided by the
"speaker" icon. Not required unless you adjust any settings
otherwise available via the standard icon |
| ? |
CreativeTaskScheduler |
CTSched.exe |
Creative Task Scheduler. What
does it do and is it required? |
| X |
Critical Update Check |
battlenet.exe |
Added by the DELF-LB TROJAN! |
| N |
CriticalUpdate |
Wucrtupd.exe |
MS Windows Critical Update
Notification. If you want to keep Windows up-to-date, check the Windows
Update site |
| X |
CriticalUpdate |
wucrtupd.exe |
Added by the NOALA.B WORM! Note
- this file is located in the Windows or Winnt folder, and must not be
confused with the legitimate Windows process of the same name as described
here |
| X |
Crnsava |
scrnsave.pif |
Added by the SDBOT-ZV WORM! |
| X |
cronos |
MARCO!.SCR |
Added by the OPASERV.G WORM! |
| X |
CrossMenu |
CrossMenu |
Toshiba CrossMenu Utility -
allows the user to create their own menus |
| X |
CRP386 Networking |
crp386.exe |
Added by the IRCBOT.N TROJAN! |
| X |
crs |
crs.exe |
Added by the AGOBOT-TJ WORM! |
| X |
CRSSXP SysInfo |
crssxp.exe |
Added by
the SDBOT.NHS WORM! |
| X |
Crusty |
dmcpl.exe |
Added by the RUSTY WORM! |
| X |
cryptdlg |
cryptdlg.exe |
Added by an unidentified TROJAN! |
| U |
cryptoexpert |
cexpert.exe |
CryptoExpert
from SecureAction Research. Advanced on the fly encryption system |
| X |
Cryptographic Service |
******.exe [* = random char] |
Added by the KORGO.W or KORGO.X
or KORGO.AB WORMS! |
| ? |
Crystal 3D Audio Control |
CWD3DSND.EXE |
Crystal 3D Audio sound driver. Is it required? |
| N |
csaRem |
spqmdmui.exe |
Compaq modem country selection |
| Y |
CSAV_CheckViruses |
vchk.exe |
Command Antivirus
related |
| U |
csc |
csc.exe |
Command line compiler for
Microsoft C# it gets installed with the .NET SDK |
| X |
CSCRS Value |
cscrs.exe |
Added by the RBOT-AAA WORM! |
| X |
CSCRS Value Check |
MsPMSPSd.exe |
Added by a
variant of the SDBOT WORM! |
| U |
CSINJECT.EXE |
CSINJECT.EXE |
Part of Quarterdeck/Norton
CleanSweep. "Csinject must be loaded in order for Smart Sweep to
automatically monitor installations and properly track registry changes" |
| X |
csm Win Updates |
csm.exe |
Added by
the ZOTOB.B WORM! |
| X |
csoftok |
softok.exe |
Added by the QQPASS.G TROJAN! |
| X |
csrs |
csrs.exe |
Added by the GAOBOT.GEN!POLY WORM! |
| X |
csrsc |
csrsc.exe |
Added by an unidentified VIRUS,
WORM or TROJAN! |
| X |
CSRSS |
CSRSS.EXE |
Search page hijacker, redirecting to
http://www.search-aide.com/. Note - this is not the legitimate csrss.exe
process, which should not appear in Msconfig/Startup! |
| X |
Csrss |
csrss.exe |
Added by the CHOD WORM! Note -
this is not the legitimate csrss.exe process, which should not appear in
Msconfig/Startup and the executeable resides in a random folder name |
| X |
csrss |
csrss.exe |
Added by the KEYLOG-AQ
KEYLOGGER! Note - this is not the legitimate csrss.exe process which is
always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should
not normally figure in Msconfig/Startup! This file is located in the Windows
or Winnt folder |
| X |
csrss |
csrss.exe |
Added by the CHODE-J WORM! Note
- this is not the legitimate csrss.exe process which is always located in the
System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure
in Msconfig/Startup! This file is located in a random subfolder |
| U |
csrss |
csrss.exe |
BeyondKeylog surveillance
software. Uninstall this software unless you put it there yourself. Note -
this is not the legitimate csrss.exe process which is always located in the
System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in
Msconfig/Startup! This file is located in the Program Files/Supremtec folder |
| X |
csrss |
msmsgs.exe |
Added
by the CHODE-J WORM! |
| X |
csrss |
nwiz.exe |
Added
by the CHODE-J WORM! |
| X |
CSRSS Loader |
csrsss.exe |
Added by the AGOBOT.TX WORM! |
| X |
csrss.exe |
csrss.exe |
Added by the DALBUG WORM! Note -
this is not the legitimate csrss.exe process which is always located in the
WinntSystem32 or WindowsSystem32 folder and should not normally figure in
Msconfig/Startup! This file is located in the Winnt or Windows folder |
| X |
csrssLevel4 |
csrss.exe |
Unidentified malware. Note - this file is placed in a
C:WindowsSystemLevel4 folder, and should NOT be confused with the legitimate
csrss.exe process which is always located in the WinntSystem32 or
WindowsSystem32 folder and should NOT figure in Msconfig/Startup! |
| X |
CSRSSU |
CSRSSU.exe |
CoolWebSearch parasite variant -
hijacking to Slawsearch.com. Also detected as the CWS-E TROJAN! |
| X |
CSRSSW |
CSRSSW.EXE |
Added
by the CWS-F TROJAN! |
| X |
CSRSWIN |
[trojan filename] |
Added by the WINSHELL.50 TROJAN! |
| X |
CSRSX |
[trojan filename] |
Added by the WINSHELL.50.B TROJAN! |
| U |
CSS Server |
CSSServer.exe |
ComSpySysSvr surveillance software. Uninstall this software
unless you put it there yourself |
| U |
CSS_Central |
CSS_1631.EXE |
CSS Communication Agent (95
Host) from Command Software Systems (now Authentium). "CSS Central™
provides administrators with a powerfully proactive tool to effectively
manage and maintain the anti-virus strategy from a centralized console" |
| U |
cssauth |
cssauth.exe |
Related to IBM ThinkVantage
Client Security Solution |
| Y |
CSScheduleCheck |
SCHWIZEX.EXE |
Part
of ConfigSafe - lets you identify changes to the registry, INI files, System
asset files, system hardware, network connections, and operating system
versions - provides a restore function. This part takes a snapshot of your
system following a healthy re-boot |
| X |
cssrs |
cssrs.exe |
Added by the BANCBAN-DW TROJAN! |
| X |
csss |
Csss.exe |
Added by the BALICK TROJAN! |
| X |
CSV10P1 |
CSP001.exe |
ClearSearch adware |
| X |
CSV10P70 |
CSv10P070.exe |
ClearSearch adware |
| X |
CSV7P26 |
CSV7P26.exe |
ClearSearch adware |
| X |
CSV7P70 |
CSV7P070.exe |
ClearSearch adware |
| X |
CSV7P91 |
CSV7P91.exe |
ClearSearch adware |
| U |
csvdea |
csvdea.exe |
SpyArsenalLog surveillance software. Uninstall this software
unless you put it there yourself |
| X |
csvhost.exe |
csvhost.exe |
Added by the CIMUZ-BD TROJAN! |
| Y |
ct |
ct.exe |
ct.exe is a file is for the HP
Learning Adventure software and if you use this software it is required
to run it |
| X |
CT Control Settings |
CTSVCCD.EXE |
Added
by the RBOT-YS WORM! |
| N |
CTAVTray |
CTAvTray.exe |
For Creative Soundblaster Live!
series soundcards. Plays the EAX animation on start-up and adds a System Tray
icon for it. Available via AudioHQ |
| U |
CTCMonitor |
CTCMonitor.exe |
Click-to-Convert
- document-to-HTML or doc-to-PDF converter. Only required if you are going to
use the File -> Print method of using Click-to-Convert. If converting
directly from MS Office, it is not required |
| N |
CTDVDDet |
CTDetect.exe |
Auto-detect and play a DVD when
using a Creative Soundblaster Audigy2 soundcard. Uses about 2.2 MB of memory.
Disable it by heading to the MediaSource DVD Audio Player, selecting Tools,
then uncheck the Auto Start box. It should not start up automatically again |
| N |
CTDVDDet |
CTDVDDet.exe |
Auto-detect and play a DVD when
using a Creative Soundblaster Audigy2 soundcard. Uses about 2.2 MB of memory.
Disable it by heading to the MediaSource DVD Audio Player, selecting Tools,
then uncheck the Auto Start box. It should not start up automatically again |
| X |
ctflog manager |
ctflog.exe |
Added by the DONBOMB.A TROJAN! |
| X |
CTFM0N.exe |
CTFM0N.exe |
Added by the STARTPAGE.P TROJAN! |
| X |
ctfmon |
cftmon.exe |
Added by the DELIVE-A TROJAN!
Note - this file is found in C:Windows or C:Winnt and is not the valid MS
Office file of the same name (see here) |
| U |
ctfmon |
ctfmon.exe |
CTFMon is involved with the
language/alternative input services in Office XP. Ctfmon.exe will continue to
put itself back into MSConfig when you run the Office XP apps as long as the
Text Services and Speech applets in the Control Panel are enabled. Not required
if you don't need these features. For more info on ctfmon see here. Ctfmon
can be disabled from Control Panel, Text & Speech Services. Note - the
file will always be located in the System32 folder, if it is located
elsewhere it will likely be a worm or trojan! Can cause problems with some
other programs if left enabled - see here for such an example |
| U |
CTFMon |
ctfmon.exe |
Family
Keylogger is a program that lets you record to a special file and then view
all the keystrokes typed by everyone using your computer. Keystroke
logger/monitoring program - remove unless you installed it yourself! Found in
the SystemCTF (9x/Me) or System32CTF (NT/2K/XP) folder |
| X |
ctfmon |
mIRC.dll |
Added by the DELBOT-E TROJAN! |
| X |
ctfmon |
msnmsgr.exe |
Added by the JV TROJAN! |
| X |
ctfmon |
taskmgr32*.exe [* = number] |
Added by the SOWSAT.B WORM! |
| X |
ctfmon |
WinConst.exe |
Added by the ASSASIN-G TROJAN! |
| X |
ctfmon.exe |
ctfmon.exe |
Added by the RAIDYS TROJAN! Note
- this should not be confused with the valid Office XP file, see here |
| U |
ctfmon.exe |
ctfmon.exe |
CTFMon is involved with the
language/alternative input services in Office XP. Ctfmon.exe will continue to
put itself back into MSConfig when you run the Office XP apps as long as the
Text Services and Speech applets in the Control Panel are enabled. Not required
if you don't need these features. For more info on ctfmon see here. Ctfmon
can be disabled from Control Panel, Text & Speech Services. Note - the
file will always be located in the System32 folder, if it is located
elsewhere it will likely be a worm or trojan! Can cause problems with some
other programs if left enabled - see here for such an example |
| X |
Ctfmon.exe |
ctfmon32.exe |
CoolWebSearch Ctfmon32 parasite variant |
| X |
ctfmon.exe |
msupdate32.exe |
Spy Sheriff/SpywareNO malware, also detected as the SPYHOAX-A
TROJAN, pretends to be a spyware remover! - file names spotted sofar include
VXH8JKDQ2.EXE, NS6281400.so, CVXH8JKDQ2.EXE, down3.exe, sefe.exe,
winstall.exe, and tool2.exe |
| X |
CTFMON32 |
CTFMON32.EXE |
CoolWebSearch Ctfmon32 parasite
variant - also detected as the CWS-E TROJAN! |
| X |
CTFMONSS |
CTFMONSS.EXE |
Added
by the CWS-F TROJAN! |
| X |
ctfnom |
rundIl32.exe |
Added by the LEGMIR-AW TROJAN! |
| X |
ctfnom.exe |
OSRSS.exe |
Added by the DLOADER-UQ TROJAN! |
| X |
ctfnom.exe |
SVOHOST.exe |
Added by the DIGIDOR-A TROJAN! |
| U |
CTHELPER |
CTHELPER.EXE |
CTHELPER is a background task
that is a plug-in manager for Creative drivers. The theory is that 3rd party
manufacturers can use the CTHELPER plug-in interface to produce drivers,
add-on features, and fixes that will integrate with a tighter fit with Creative's
sound drivers and utilities. Given its purpose CTHELPER would normally be
classified as a "leave alone" background task. It also allows
Creative speaker setup to be synchronized with Windows Control Panel speaker
setting. Without it running that check box in Creative speaker setting is not
functional (settings are not in sync). Unfortunately there are often problems
with CTHELPER, most notably that it can use 100% of CPU time so it's best
left disabled unless you need it |
| X |
CTHelper |
cthelper.exe |
Added by the RBOT-XB WORM! Note
- do not confuse with the Creative application of the same name described
here |
| X |
CTime |
[path to trojan] |
Added by the HTTPDOS TROJAN! |
| X |
CTin10 |
CTin10.exe |
Added by the BANCOS.E TROJAN! |
| X |
CtModule |
CtModule.exe |
Added by the CLICKER-EG TROJAN! |
| U |
CTNMRUN |
ctnmrun.exe |
Detects the Creative NOMAD
jukebox/MP3 player at the time it is attached to USB and starts the needed
application (Creative PlayCentre 2) that you use to copy MP3 files to and
from it. This is required if you want PlayCentre 2 to take control of the
NOMAD once connected |
| ? |
CTPDPSRV |
CTPDPSRV.EXE |
Printer driver (in the
WINDOWSSystem32spoolDRIVERSW32X86 folder). Is it
required? |
| N |
CTPerformanceUtility |
CTPowUti.exe |
Related to Creative PowerSysTrayApp. This program is a
non-essential process, but should not be terminated unless suspected to be
causing problems |
| X |
ctpmon |
ctpmon.exe |
System Registry Cleaner -
stealth installed foistware from sysregistry.com |
| N |
CTRegRun |
CTRegRun.exe |
For Creative Soundblaster Live!
series soundcards. Reminds you to register your card with Creative |
| U |
CtrlVol |
CtrlVol.exe |
Volume control key on Acer,
Fujitsu and other laptops |
| ? |
CTSched |
CTSched.exe |
Creative Task Scheduler. What
does it do and is it required? |
| N |
CTStartup |
CTEaxSpl.exe |
Splash screen with sound on
every boot up. Installed with a Sound Blaster Audigy soundcard |
| N |
CTSyncU.exe |
CTSyncU.exe |
Creative Sync Manager -
synchronizes music tracks on your computer with your player |
| U |
CTsysVol |
CTSYSVOL.exe |
Creative sound card volume
controls |
| ? |
cttdpsrv |
cttdpsrv.exe |
?? |
| X |
CTUpdate |
ctupdclt.exe |
Added
by the RBOT-ABG WORM! |
| N |
CTxfiHlp |
CTXFIHLP.EXE |
Added by the installation of a
Creative Labs X-Fi sound card. This particular process provides the help
functionality for your card |
| N |
CTXFIREG |
CTxfiReg.exe |
Creative Labs sound card driver
related. It appears that it isn't required and maybe registration related |
| X |
Ctykd |
[path to file] |
SMALL.SN spyware |
| X |
CU1 |
VCClient.exe |
Associated with the Surf
Sidekick adware and should be removed |
| X |
CU2 |
VCMain.exe |
Associated with the Surf
Sidekick adware and should be removed |
| Y |
cuagentExe |
Cuagent.exe |
Command Antivirus
related |
| X |
cuo |
cuo.exe |
Added by the BUGBEAR.A WORM! |
| X |
Current Security Config |
csecure.exe |
Added by the RBOT-AMO WORM! |
| N |
cursor |
Screendragon_VS_Taskbar.exe |
ScreenDragon video player |
| N |
CursorXP |
CursorXP.exe |
CursorXP
from Stardock - tool for creating mouse cursors |
| U |
Customizer2000 |
logon.exe |
Automatic
logon feature of Customizer 2000 - "a special utility which is designed
to optimize Win9x/ME performance. The program lets you explore the many
hidden settings in Windows, and make changes" |
| N |
CuteMX |
CuteMX.EXE |
File sharing utility |
| X |
cvmonitor.exe |
cvmonitor.exe |
Added by the SDBOT.BV WORM! |
| Y |
CVPND |
cvpnd.exe |
Sub-system used by Cisco
VPN client for making a connection to a remote IPSec server |
| U |
CW |
cw4.exe |
Chat
Watch "is a monitoring and logging software for online chat and instant
messaging programs" |
| U |
CWatch |
cw.exe |
ChatWatch
- chat monitoring tool |
| N |
cwbckver |
cwbckver.exe |
Part
of IBM's iSeries (nee As/400) Client Access - communications suite that
allows desktop, browser and wireless access to iSeries servers. Checks the
software version on your PC to that of the iSeries it is connected
to. Not required - and can be turned off in the Client Access
properties. It's a waste of resources |
| N |
cwbinhlp |
cwbinhlp.exe |
Client
Access Help Registry Update Function - part of IBM's iSeries (nee As/400)
Client Access - communications suite that allows desktop, browser and
wireless access to iSeries servers. It only updates the help files on your PC
to match the level of the attached iSeries |
| N |
cwbsvstr |
cwbsvstr.exe |
Part
of IBM's iSeries (nee As/400) Client Access - communications suite that
allows desktop, browser and wireless access to iSeries servers. Useful if you
are going to access the iSeries through Windows Explorer to move files back
and forth between Windows folders and iSeries folders. This is a tool that is
only used by Client Access administrators (usually) so it is not required - a
waste of resources |
| ? |
cwbwlwiz |
cwbwlwiz.exe |
Welcome
wizard launcher - Part of IBM's iSeries (nee As/400) Client Access -
communications suite that allows desktop, browser and wireless access to
iSeries servers. What does it do and is it required? |
| ? |
Cwcdschk.exe |
Cwcdschk.exe |
IBM Thinkpad related? |
| U |
cwcptray |
cwcptray.exe |
Related to ContentWatch
Parental Control internet filter |
| X |
cwingllib |
atllsimm.exe |
Added by a
variant of the SDBOT WORM! |
| U |
cwupdate |
cwupdate.exe |
ContentProtect
from ContentWatch - internet filter |
| N |
CXMon |
Hpi_Monitor.exe |
Autodetects when a HP camera is
attached to the computer and launches the "HP Photoimaging
Software". Available via Start -> Programs |
| N |
Cyber |
cyberchk.exe |
Part of Belkins "Multimedia
Cleaning Kit" and is automatically installed when you run their optical
disk drive cleaning utility - to remind you to clean your drive after
"x" amount of time has passed |
| U |
Cyber Trio |
showmode.exe |
From G-Tek Technologies. Allows
you to set the PC in one of three modes, Standard, Enhanced and Kiddo.
Standard is full function, Enhanced prevents accidental damage and Kiddo is a
play environment for kids. Pre-installed on some Packard Bell PCs |
| U |
Cyber-Defender 2003 |
uwcdsvr.exe |
Cyber Defender 2003 |
| X |
cyberfree.exe |
****.dat [* = random char] |
Unidentified adware |
| U |
Cyberhawk |
CHTray.exe |
Cyberhawk from Novatix. Protects against viruses, spyware,
identity theft |
| U |
CyberLat Ram Cleaner |
CLRamCleaner.exe |
CyberLat RAM Cleaner - memory
optimizer. MS MVPs (Most Valued Professional) recommend not using memory
managers with Win98/SE/ME. See this article and make up your own mind |
| N |
CyberMedia Agent |
CMAGENT.EXE |
Part of CyberMedia's Oil Change
program. Not normally required. Note - if you have TextBridge, CyberMedia
Agent may attach itself to TextBridge and cause TextBridge to crash
everything if this is disabled |
| U |
CyberPatrolNew |
cphq.exe |
"CyberPatrol is one of the most powerful and popular
client-based, browser independent, Internet safety software solutions for
Windows-based standalone PCs available today" |
| X |
CyberWolf |
CyberWolf.exe |
Added by the KICKIN.A (or
CYDOG.C) WORM! |
| X |
CyDoor |
CD_Load.exe |
Adware. Check here for
information about Cy-Door and here for a program that can remove it |
| X |
CydoorUpdate |
CD_Load.exe |
Adware. Check here for
information about Cy-Door and here for a program that can remove it |
| ? |
CYNHKey |
CYNHKey.exe |
?? |
| N |
CyphTray |
CyphTray.exe |
Cypherus - encryption
software |
| U |
CypressLinkMon |
CypressLinkMon.exe |
Related to CypressViewer from Siemens that "allows
ACUSON Cypress cardiovascular system PLUS users to store, view, and analyze
Cypress system PLUS studies on a standard Windows PC" |
| X |
D SYSTEM |
dd.exe |
Added by the MYTOB-FN WORM! |
| U |
D_V_T |
dvt.exe |
DICOM Validation Tool - "DICOM is increasingly being
used as the standard communication mechanism when integrating various medical
products in a hospital environment" |
| ? |
D_V_T |
dvt.exe |
Installation could be a
crack/hack to NOD32 here. Seen and removed in many logs. Investigate it
further and if this file is present C:d_v_t.reg then it should be fixed. Not
to be confused with the DICOM entry here. Both files are located in the
Windows/Windir directory |
| N |
D066UUtility |
D066UUTY.EXE |
TWAIN driver for the CanoScan
D660U flatbed scanner. Start scanning via your scanner management software |
| X |
D3**.exe [* = random char] |
D3**.exe [* = random char] |
CoolWebSearch/HomeSearch adware
- for examples, see this log |
| X |
D3**32.exe [* = random char] |
D3**32.exe [* = random char] |
CoolWebSearch/HomeSearch adware
- for examples, see this log |
| X |
d3dupdate.exe |
bbeagle.exe |
Added by the BEAGLE.A WORM! |
| U |
D4 |
D4.exe |
Dimension
4 - network time synchronization freeware - starts-up, adjusts the system
clock, then shuts down |
| X |
dabrun |
rundll32.exe [path] dabapi.dll,
Rundll32 |
SinaUpdateCenter adware |
| N |
DACONFIGEXE |
daconfig.exe |
3Com NIC Diagnostics. Available
via Start -> Programs |
| Y |
DadApp |
dadapp.exe |
"DadApp is the SW utility
that controls the programmable buttons on Dell Laptops. Not required, but
should be left in because it can create a hassle and doesn't always restore
functionality to those buttons once unchecked and rechecked" - direct
from Dell |
| U |
Daemon |
Daemon.exe |
Daemon Tools -
used to map an image-file (.iso, .bin etc) to a virtual CD/DVD-drive |
| X |
Daemon |
daemon.exe c daemon2.exe |
Added by the SELOTIMA.A WORM! |
| N |
Daemon |
DAEMON32.EXE |
Pre-loads game profiles for MS
Sidewinder game controllers prior to release 2.0 of the software. Recommend
upgrade. Available via Start -> Programs |
| U |
DAEMON Tools-1033 |
Daemon.exe |
Daemon Tools -
used to map an image-file (.iso, .bin etc) to a virtual CD/DVD-drive |
| N |
Daily Planner |
dayplan.exe |
Daily Planner -
discontinued, and now part of KMCS Deluxe System Suite. Tool to plan your
days, and check activities off as you complete them |
| X |
Daily Weather Forecast |
weather.exe |
Added by the DLOADER-IP TROJAN! |
| X |
DamedWare Services |
dwdrce.exe |
Added by the RBOT-AOJ WORM! |
| U |
Dancer |
DncLE.exe |
Part of Microsoft Plus! Digital Media Edition - see here |
| X |
Danton* |
[random filename] |
Added by the DANTON TROJAN! where * = random number |
| N |
Dap |
DAP.exe |
Download Accelerator Plus
from Speedbit. Download manager for resuming downloads, amongst other
features. Available via Start -> Programs. Note that the free version is
adware based |
| X |
dark |
csrs.scr |
Added by the BANCBAN-GT or
BANCBAN-GU TROJANS! |
| X |
dark |
imgrt.scr |
Added by the BANCBAN-FH TROJAN! |
| X |
dark |
imgst.scr |
Added by the BANCOS.U TROJAN! |
| X |
DarkDevil.Grasiele.BR |
Grasiele.VBS |
Added by the LEMBRA WORM! |
| X |
DarKNesS LsasS |
LsasS23.exe |
Added by an unidentified WORM or
TROJAN! |
| ? |
DashIE |
N/A |
Could be related to "Dash
Power Shopping" tool bar in IE? |
| X |
dasxdads |
fsdqd.exe |
Added by the GAOBOT.BIQ WORM! |
| X |
data |
msngs.exe |
Added by the RBOT-ADQ WORM! |
| X |
Data |
System.dat.vbs |
Added by the BISCUIT.A WORM! |
| N |
Data LifeGuard |
BACKWE~1.EXE |
Data LifeGuard diagnostic tools
for Western Digital's series of hard drives |
| N |
Data LifeGuard LifeLine Lite
installer |
DLGLI.EXE |
Backweb installer - see
here |
| X |
Data Restore Service |
prq8.exe |
Added by the KELVIR.AI WORM! |
| X |
Data789 |
Regedit.exe ....data789.tmp |
Homepage hijacker |
| X |
DATABASE MySql |
[path] repcale.exe [path]
beird.exe |
Added by a variant of the RANDON.AN WORM! |
| N |
DataCaching |
FlashKsk.exe |
SmartMedia Card management
from the installation of a SanDisk reader for a camera's SmartMedia card and
also adds the "Unplug and Eject Hardware" System Tray icon |
| U |
DataKeeper |
DataKeeper.exe |
PowerQuest DataKeeper (now
owned by Symantec) backup software |
| U |
DataLayer |
DataLayer.exe |
Nokia PC Suite 5 - "A
collection of powerful tools that you can use to manage your phone features
and data." Synchronize the phone with, for example Outlook. You can also
use it to browse your phone, edit the phone list and so on |
| X |
DataViz Inc Messenger |
DvzIncMsgr.exe |
Installed
with DataViz "Documents to Go" software |
| N |
DataViz Messenger |
DvzMsgr.exe |
DataViz
Documents to Go - "allows you to use your Word, Excel and PowerPoint
files on your handheld anywhere, anytime. In addition, it now synchronizes
e-mail with attachments, PDF files, pictures and Excel-like charts" |
| X |
Datcheck |
datcheck.exe |
Added by the KEYPANIC TROJAN! |
| X |
Date Manager |
datemanager.exe |
Date Manager -
calender program. Spyware/adware based provided by The Gator Corporation.
Please note that Claria Corporation no longer support GAIN-Supported software
- see here |
| ? |
Datechecker |
N/A |
Could be
related to this? |
| X |
DateMakerIntl |
DateMakerIntl.exe |
Premium rate adult content
dialler |
| X |
DAupdate |
DAupdate.exe |
NavEnhance adware |
| ? |
DAW9532.exe |
DAW9532.EXE |
Loaded during installation of
some 3Com network cards. Enables their DynamicAccess desktop management
software. Is it required? |
| U |
DayToday |
DAYTODAY.EXE |
DayToday
from RoboMagic Software Corp. Displays the date on the taskbar |
| U |
DAZEL Delivery Agent |
DcDaemon.exe |
Control and send documents, etc,
to any destination. The Dazel Corporation has now been taken over by HP |
| N |
dbserv |
dbserv.exe |
Database Server for Norton Ghost
on Win2k Pro. Ghost works fine when it is disabled |
| N |
DC6_check |
dc6_startupmon.exe |
WinAntiVirus
2006 virus software - not recommended, see here |
| N |
dc6_check |
dcmon.exe |
SystemDoctor is a Security Risk that may give exaggerated
reports of threats on the computer. The program then prompts the user to
purchase a registered version of the software in order to remove the reported
threats |
| N |
DC6_Check |
uwasdc.exe |
WinAntiSpyware
2006 spyware remover - not recommended, see here |
| X |
DCE Manager |
dcemgr.exe |
Added by the TUMAG TROJAN! |
| U |
DCfssvc |
dcfssvc.exe |
Associated with digital cameras
and can cause problems which disappear if disabled. If this program is
unchecked in startup, your camera will not cause your computer to open a
pop-up window when you connect it. Leave enabled if you can't load pictures
from your camera/dock - Kodak's dock is an example |
| U |
dcfssve |
dcfssvc.exe |
Associated with digital cameras
and can cause problems which disappear if disabled. If this program is
unchecked in startup, your camera will not cause your computer to open a
pop-up window when you connect it. Leave enabled if you can't load pictures
from your camera/dock - Kodak's dock is an example |
| X |
Dcom System Patch |
Microsoft.exe |
Added by the RANDEX.MS WORM! |
| N |
dcsm |
dcsm.exe |
DriveCleaner is a misleading application, which gives
exaggerated reports of security and privacy risks on a computer. The program
then prompts the user to purchase a registered version of the software in
order to remove the reported risks |
| N |
DDCActiveMenu |
DDCActiveMenu.exe |
Digital Distribution Channel -
formally part of the WildTangent on-line games delivery service. Note that
WildTanget's privacy policy used to state that they also collect and share
individuals information but this is no longer the case |
| N |
DDCM |
DDCMan.exe |
Digital Distribution Channel -
formally part of the WildTangent on-line games delivery service. Note that
WildTanget's privacy policy used to state that they also collect and share
individuals information but this is no longer the case |
| N |
DDCMan |
DDCMan.exe |
Digital Distribution Channel -
formally part of the WildTangent on-line games delivery service. Note that
WildTanget's privacy policy used to state that they also collect and share
individuals information but this is no longer the case |
| X |
ddeproc |
ddeproc.exe |
Webcelerator from eAcceleration speeds your Web browsing by
both remembering where you have been and anticipating where you will go. Only
needed if you find it improves web browsing. Now no longer available and
supported and when available was classed as spyware - see here |
| U |
ddhelper |
W815DM.EXE |
Enuff Parental Control
Software by Akrontech |
| X |
DDialler |
DDialler.exe |
Adult content dialler |
| X |
DDriver |
windrv.exe |
Added by the DELF.WG TROJAN! |
| ? |
DDT |
N/A |
?? |
| X |
de32gen |
de32gen.exe |
Added by a variant of the CRYPTER.C TROJAN! |
| N |
DeadAIM |
rundll32.exe DeadAIM.ocm,
ExportedCheckODLs |
DeadAIM -
feature enhancing product for AOL's Instant Messenger program |
| X |
DealHelperBrwsr |
dhbrwsr.exe |
DealHelper adware |
| X |
DealHelperDown |
download.exe |
DealHelper adware |
| X |
DealHelperUpdate |
DHUpdt.exe |
DealHelper adware |
| X |
Death.exe |
Death.exe |
Added by the DELF-ERW TROJAN! |
| X |
Debug |
DebugW32.exe |
Added by the GUBED TROJAN! |
| X |
Debugger |
dbg32.exe |
Added by the MYTOB-FW WORM! |
| X |
Debugger |
explorer32dbg.exe |
Added
by the CWS-M TROJAN! |
| X |
debugger |
help.pif |
Added by the DELF-DRA WORM! |
| X |
Debugger |
iexplore_dbg.exe |
Added
by the CWS-M TROJAN! |
| X |
DebugMonitor |
debugmonitor.exe |
Added by the MYDOOM.BG WORM! |
| U |
DeeEnEs |
DeeEnEs.exe |
DeeEnEs
- automatically updates a dynamic IP address when it changes |
| X |
deejay |
forboo.exe |
Added by the FORBOT-AY WORM! |
| X |
Default |
explore.vbs |
Added by the ALLEM WORM! |
| X |
Default |
mtask.vbe |
Added by the ALLEM WORM! |
| X |
default |
shell32.exe |
Added by the BINGHE TROJAN! |
| X |
Default System Research |
vhchost.exe |
Added by the TARNO.I TROJAN! |
| X |
Default web browser |
IexpIore.exe |
Added by the OBLIVION.B TROJAN! Note - do not confuse
"IexpIore.exe" with "iexplore.exe" (Internet Explorer),
the first has a captial "i" in place of lower case "L" |
| X |
Default_Page_URL |
http://find.naupoint.com |
Naupoint browser hijacker |
| X |
Default_Search_URL |
http://find.naupoint.com |
Naupoint browser hijacker |
| X |
defender |
defender25.exe |
DollarRevenue adware |
| X |
defender |
dfndref_7.exe |
DollarRevenue adware |
| ? |
defergui |
defergui.exe |
Related to IBM Standard Software
Installer. What does it do and is it required? |
| X |
defragm_check |
defragment.exe |
CoolWebSearch
parasite variant |
| X |
defragsys |
svchost.exe |
Added by the BIFROSE-TH TROJAN!
Note - this is not the legitimate svchost.exe process which is always located
in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is located in the Winnt or Windows
folder |
| U |
defwatch |
defwatch.exe |
Detects out-of-date virus
definitions for Norton Anti-Virus Corporate Edition and runs the Defwatch
Wizard. Only required if you don't update the virus definitions manually on a
regular basis |
| U |
Deko550 |
Deko550.exe |
Associated with
the Deko550 entry-level SD real-time graphics system from Avid Technology |
| U |
Delay |
delayrun.exe |
On HP PCs this program is used
to help prevent conflicts or timing issues on fast computers |
| U |
Delayrun |
delayrun.exe |
On HP PCs this program is used
to help prevent conflicts or timing issues on fast computers |
| ? |
delcab |
deltreew.exe C:cabs |
?? |
| X |
Delete Me |
worm.exe |
Added by the DOOMHUNTER WORM! |
| U |
DeleteHistoryFree |
dhf.exe |
Delete History Free
- "Privacy protection software for deleting Internet surfing and other
computer activity tracks from your PC" |
| N |
Dell AIO Printer A*** |
dlbabmgr.exe |
Dell AIO Printer A*** related
(*** = model). Not Required at Startup |
| N |
Dell AIO Printer A*** |
dlbfbmgr.exe |
Dell AIO Printer A*** related
(*** = model). Not Required at Startup |
| N |
Dell AIO Printer A*** |
dlbkbmgr.exe |
Dell AIO Printer A*** related
(*** = model). Not Required at Startup |
| N |
Dell Alert |
DAMon.exe |
"Dell Alert" utility,
that's supposed to make interaction with Support easier |
| ? |
Dell Photo AIO Printer 922 |
dlbtbmgr.exe |
Dell Photo AIO Printer 922
Device Monitor. Is it required? |
| ? |
Dell Photo AIO Printer 942 |
dlbubmgr.exe |
Dell Photo AIO Printer 942
Device Monitor. Is it required? |
| ? |
Dell Photo AIO Printer 962 |
dlbxmon.exe |
Dell Photo AIO Printer 962
Device Monitor. Is it required? |
| N |
Dell QuickSet |
quickset.exe |
Dell taskbar icon allowing you
to quickly change settings |
| U |
Dell Wireless Manager UI |
WLTRAY |
Installed alongside Dell
Wireless WLAN Card and provides additional configuration options for these
devices |
| N |
Dell Wireless Manager UI |
wltray.exe |
System tray access to wireless
LAN card configuration options |
| ? |
DellDMI |
delldmi.exe |
Possibly part of Dell OpenManage Client Instrumentation -
software that allows remote management application programs to access
information about, monitor the status of or change the state of the client
computer, such as shutting it down remotely. Uses the DMI and/or common
information model (CIM) protocols, which are systems management protocols
defined by industry standards? |
| U |
DELLMMKB |
DELLMMKB.EXE |
Multimedia keyboard control for
Dell based PCs - only required if you use the multimedia keys |
| N |
DellSC |
dellsc.exe |
Dell Solution Center - web-based
troubleshooting tools and educational offerings |
| U |
DellSupport |
DSAgnt.exe |
Dell Support Agent offers
additional support and update features for your Dell computer or laptop |
| U |
DellTouch |
DELLMMKB.EXE |
Multimedia keyboard control for
Dell based PCs - only required if you use the multimedia keys |
| U |
DellTouch |
MMKeybd.exe |
Dell multimedia keyboard
manager. Required if you use the additional keys |
| X |
delmsbb |
delmsbb.exe |
NCase adware |
| X |
delsaap |
delsaap.exe |
NCase adware |
| ? |
delstart |
delstart.exe |
Reportedly part of BT ISP
software - what does it do and is it required in startup? |
| X |
delsubmit |
rundll32.exe advpack.dll,
DelNodeRunDLL32 submit.exe |
CoolWebSearch
parasite variant |
| ? |
DelTmp |
DelTemp.exe |
Added to the startup list after
installing a Creative SoundBlaster Audigy soundcard. Deletes
temporary files once an installation is complete? |
| N |
DeltTray |
deltray.exe |
System
Tray access to the control panel for the M-Audio Delta 44 PCI Analog
Recording Interface. Available via a desktop shortcut, Start -> Programs
or Start -> Settings -> Control Panel |
| X |
DeluxeCommunications |
Dxc.exe |
Deluxe Communications, a SurfSideKick adware variant |
| X |
DELXP Protocol |
delxp.exe |
Added by a
variant of the SDBOT WORM! |
| ? |
demon |
demon.exe |
Part of the French Wanadoo ADSL
extense pack. What does it do and is it required? |
| X |
Deneca |
Virus salvado |
Added by the DELUZ VIRUS! |
| U |
DepFrez |
frzstate.exe |
Deep
Freeze from Faronics Coporation. "Freezes" the current software
configuration so that an a re-boot all changes made refer back to their
original settings. Not required for most users - more likely to be used by
system administrators, for example |
| ? |
Description of Shortcuts |
*.exe |
* seems to be a sequence of
alphanumerics that can be different, i.e., 1960F8A9, 4EBD23F5, etc. Each of
these files would appear to be a shortcut, i.e., 4EBD23F5 is actually Works
Calender Reminder (found via a registry search) |
| X |
Desire |
desires.exe |
Adult content dialler |
| X |
DeskAd Service |
DeskAdServ.exe |
DeskAd.Service adware |
| N |
DeskColor |
DESKCOLOR.EXE |
Provides transparent icon text
backgrounds and coloured icon text |
| N |
Deskflag |
Deskflag.exe |
DeskFlag - animated USA flag
on the desktop |
| X |
DeskMateAutoUpdate |
DeskMateAutoUpdate.exe |
DeskMates: Virtual scantily clad girls enhance your desktop.
BargainBuddy adware related |
| U |
Desksite CMA |
cma.exe |
DeskSite CMA siftware -
"retrieves new content from the DeskSite Data Center" |
| X |
Desktop |
Desktop.com |
Added
by the VB-DRN WORM! |
| X |
desktop |
desktop.exe |
Added
by the SDBOT.MD WORM! |
| X |
Desktop |
rundll32.exe msconfd.dll,
Restore ControlPanel |
Added by the BOOKMARKER TROJAN! |
| N |
Desktop Architect |
DATRAY.EXE |
Desktop theme manager available here - for managing the
desktop appearance, fonts, sounds, etc |
| N |
Desktop Plant |
AZARE10S.PLT |
Vritual plant
from here - this version is an Azalea, there are others so the filename may
be different |
| X |
Desktop Search |
desktop.exe |
iSearch
"Desktop Search" hijacker |
| ? |
Desktop Service Centre |
DSC.exe |
OptusNet DSL or Dial-Up
connection software - is it required? |
| N |
Desktop Weather |
THE WEATHER CHANNEL.exe |
Desktop Weather by The Weather Channel - provides current
temperature, conditions, alerts, etc |
| N |
Desktop Weather 3 |
THE WEATHER CHANNEL.exe |
Desktop
Weather 3 by The Weather Channel - provides current temperature, conditions,
alerts, etc |
| N |
Desktop Weather 3 |
THEWEA~1.EXE |
Desktop
Weather 3 by The Weather Channel - provides current temperature, conditions,
alerts, etc |
| N |
desktopmgr |
desktopmgr.exe |
Synchronisation
manager for the cradles for the Research In Motion range of wireless
handhelds, including the "Blackberry" |
| ? |
desk-top-service |
desk-top-service.exe |
?? |
| X |
DesktopUpdate |
rundll32.exe MSA64CHK.dll,
DllMostrar |
MatrixDialer related |
| U |
DesktopX |
DESKTOPX.EXE |
A program that replaces the
regular Desktop and Taskbar, and can be changed to the user's liking |
| N |
deskup |
deskup.exe |
Adds Iomega Zip drive icons to
the desktop |
| X |
destroyb11 |
destroyb11.exe |
Added by the DELF-KO TROJAN! |
| U |
detect |
idetect.exe |
iNTERNET
Turbo from Clasys Ltd. "It accelerates any Windows 95/98/Me/NT/2000/XP
internet connection in seconds". If you find it helps your connectivity
leave it enabled |
| ? |
detect |
turbodetect.exe |
?? |
| N |
Detector |
detector.exe |
USB port detector for LG
scanners. Sits in the System Tray, and when it detects the scanner through
the USB port, you can run the scanner software from the tray. It is not
required at all, since you can use the scan software from almost any photo
editing software |
| X |
Development Environment |
devenv.exe |
Added by the DELBOT-AH WORM! |
| U |
DEventAgent |
eventagt.exe |
DEvent Agent Module client -
part of Dell OpenManage and used for server management. Only required if you
use this |
| X |
Device Configuration Loader |
msdvc32.exe |
Added by a variant of the AGOBOT/GAOBOT WORM! |
| U |
Device Detector |
DevDetect.exe |
ACDSee Auto Device Detector detects when a device is
connected to your PC and gives you the option to acquire images from it
automatically |
| N |
Device Detector 2 |
DevDtct2.exe |
Installed by various Olympus
products, this program detects the active connection of a speech device
(voice recorder, etc) to a USB port then runs specific client software used
to access that device. The DevDtct2 process has a "high" priority level
which can negatively impact system resources |
| X |
Device Manager |
wfxmgr.exe |
Added by the RBOT.AJU WORM! |
| U |
DeviceDiscovery |
hpotdd01.exe |
Detection of new imaging,
printing and other peripherals on HP machines such as USB printers, cameras
and Bluetooth products. "This program is a non-essential process, but
should not be terminated unless suspected to be causing problems" |
| X |
DevicePath |
Proyecto1.exe |
Added by the GRUEL WORM! |
| X |
DevicePath |
Root.exe |
Added by the GRUEL WORM! |
| U |
Devices |
olesvr.exe |
Salfeld
Child Control - parental control software |
| X |
Devicewin |
[path to trojan] |
Added by the BANKER-AEV TROJAN! |
| U |
devldr16 |
devldr16.exe |
Associated with some Creative
Labs sound cards. Provides audio support for DOS applications.
Not needed if you don't have those. Required if you use "Sound Play
Control" and "Sound Recorder". To disable: (1) Disable via MSCONFIG
(2) Start -> Settings -> Control Panel -> System -> Device
Manager then disable "Creative SB16 Emulation" under Creative
Miscellaneous Devices |
| U |
devldr16.exe |
devldr16.exe |
Associated with some Creative
Labs sound cards. Provides audio support for DOS applications. Not needed if
you don't have those. Required if you use "Sound Play Control" and
"Sound Recorder". To disable: (1) Disable via MSCONFIG (2) Start
-> Settings -> Control Panel -> System -> Device Manager then
disable "Creative SB16 Emulation" under Creative Miscellaneous
Devices |
| ? |
Devlog |
?? |
?? |
| ? |
Devlog |
devlog.exe |
Apparently mainboard/chipset
related, by a French company called AS Media - what
exactly is it, and is it required |
| X |
dfgfdgrergd |
[path to trojan] |
Added by the RANKY.CK TROJAN! |
| ? |
DGJM |
DGJM.exe |
?? |
| X |
dgtstart |
dgtstart.exe |
DigitalNames.g adware |
| U |
dguard |
dguard.exe |
eAcceleration Stop-Sign security software related. Previously
not recommended, see here |
| X |
DHCP Server |
regsvr.exe |
Added
by the RBOT-PR WORM! |
| Y |
dhcpagnt |
dhcpagnt.exe |
Intel DSL modem driver - leave
enabled or you'll have to re-install the drivers |
| ? |
DHNUXB |
DHNUXB.exe |
?? |
| N |
diagent |
diagent.exe |
System Tray access for Creative
Diagnostics for the Creative SoundBlaster series soundcards. Available via
Start -> Programs |
| X |
Diagnostic |
diagnostic.exe |
Added by the ALPHA-C TROJAN! |
| X |
Dial22 |
dlm.exe |
Adult content dialler |
| X |
Dial33 |
dlm.exe |
Adult content dialler |
| X |
Dialer |
rundll32.exe msa32chk.dll |
Unidentfied malware |
| U |
Dialer Control |
dc.exe |
Dialer-Control. Detects
and protects from premium rate p0rn diallers |
| U |
Dialer Detect |
dd.exe |
DialerDetect
detects stealth installed premium rate diallers, and sounds the alarm when
such a connection is being installed without you knowing it |
| U |
Dialgo SDK |
PhoneAnswer.exe |
Dialgo Wave Modem ActiveX -
"Telephone Answering Machine for scripting your own professional call
center business scripts using a voice modem. Features Caller-ID, Wave
Playback, Wave Recording, Digit Monitoring, POP3 e-mail Manipulation, Speech
Recognition and Synthesis" |
| X |
DialNet |
mxt32.exe |
Adult content dialler |
| N |
Dialog Box Assistant |
OSDEx.exe |
Dialog Box Assistant
from Duality Software. Helps with the standard Open and Save As dialog boxes
by showing recently used files and folders |
| N |
Dialog Helper |
PDDLGHLP.EXE |
Dialog Helper from PowerDesk Pro by Ontrack. Helps with the
standard Open and Save As dialog boxes by showing recently used files and
folders. Available via Start -> Programs |
| X |
DialUp Network Application |
Rnaap.exe |
Added by a
variant of the SDBOT WORM! |
| ? |
Diamondview |
Diamondview.exe |
Manulife Financial Insurance
program. Is it required at startup? |
| X |
DIECOX |
csrss.exe |
Added by a variant of the
ATM.GEN TROJAN! Note - this is not the legitimate csrss.exe process, which
should not appear in Msconfig/Startup! |
| X |
Diesel |
Recalculate.exe |
Added by the LAZAR TROJAN! |
| U |
DietK |
DietK.exe |
Diet Kazaa add-on for Kazaa
Media Desktop - "removes all adware and popups, built in Download
Accelerator, makes searches faster and helps produce more results" |
| U |
DigiCell |
DigiCell.exe |
MSI DigiCell - "the most
useful and powerful utility that MSI has spent much research and efforts to
develop, helps users to monitor and configure all the integrated peripherals
of the system, such as audio program, power management, MP3 files management
and communication / 802.11g WLAN settings. Moreover, with this unique
utility, you will be able to activate the MSI well-known features, Live
Update and Core Center" |
| X |
DigiD |
DigitalSound.exe |
Adware downloader |
| N |
DigiGuide |
CLIENT.EXE |
TV guide and reminder |
| N |
DigiGuide |
client01.exe |
TV guide and reminder |
| U |
Digisoft AntiDialer |
AntiDialer.exe |
Digisoft
AntiDialer |
| U |
DigiSrv |
DigiSrv.exe |
Related
to camera software from DigitalDreams |
| N |
Digital Dashboard |
devgulp.exe |
For Compaq PC's. Loads Digital
Dashboard options |
| N |
Digital Line Detect |
DLG.exe |
Detects whether your are plugged
into a digital telephone line and displays the information graphically.
Installed by Dell (and maybe others) and is included with all Connexant V.92
and Broadcom modems |
| N |
Digital River eBot |
downlo~1.exe |
Digital River Systems EBOT for downloading software from
their site. In some cases, if you purchase software online for a download
from a software manufacturer, you will be sent to this online company's site
for the download after the purchase is complete. Read more here |
| X |
DigitalNames |
DigitalNamesStart.exe |
DigitalNames spyware variant |
| N |
DigitalWizard |
ISWizard.exe |
InstallShield's DigitalWizard -
free, complete Digital Content Management Solution that makes it easy to
experience digital content |
| N |
DigitalWizard Monitor |
dwMon.exe |
InstallShield's DigitalWizard -
free, complete Digital Content Management Solution that makes it easy to
experience digital content |
| U |
DIGServices |
DIGServices |
Created by Disney but licensed
to ESPN for watching videos |
| N |
DIGStream |
digstream.exe |
DIGStream Cache Manager - part
of ESPN Motion and Disney Motion that periodically check for new videos and
indication they're available in the System Tray. Starting ESPN Motion/Disney
Motion starts digstream automatically |
| U |
Dimension |
Dimension.exe |
Dimension - a program which lets
you customize MSN messenger such as adding animated and coloured nicknames,
personal toast creator, war tools (login flooder), and allows viewing and
interacting with the raw MSN protocol |
| U |
Dimension4 |
d4.exe |
Dimension
4 - network time synchronization freeware - starts-up, adjusts the system
clock, then shuts down |
| X |
Dino3 |
dino3.exe |
Related to Jurassic Park III and
enables a dinosaur to walk across the screen. Also generates adverts and
classified as adware as a result |
| X |
Dinst |
dinst.exe |
IMIServer/IEPlugin adware |
| X |
Dir1 |
caKe |
Added by the CAKE WORM! |
| X |
Direct settings |
sdchost.exe |
Added by the DAEMONI-I TROJAN! |
| U |
Direct Update |
DUControl.exe |
DirectUpdate dynamic DNS
updater |
| X |
Direct X Direct3D |
dxd3d.exe |
Added by a
variant of the SDBOT WORM! |
| X |
Direct X Opengl |
dxopengl.exe |
Added
by a variant of the RBOT-CJ WORM! |
| X |
direct3d.exe |
direct3d.exe |
Added by the CERTIF-F TROJAN! |
| N |
DirectCD |
DirectCD.exe |
DirectCD primarily allows you to
drag and drop files onto a suitably formatted CD-RW disc. Unless you use this
on a frequent basis it isn't required and is available via Start ->
Programs. Start the program before inserting a DirectCD formatted CD-RW in
the drive. A re-boot is recommended if you close Adaptec DirectCD before
re-opening it again later |
| X |
directs.exe |
directs.exe |
Added by the BEAGLE.O or
BEAGLE.R or BEAGLE.S or BEAGLE.T WORMS! |
| U |
DIRECTVDSL |
Directvdsl.exe |
Starts DirectTV DSL modem at
boot up. Can also be started manually |
| X |
DirectX |
ddhelp32.exe |
Added by the BIONET.318 TROJAN! Note - not the DirectX helper
which is ddhelp.exe |
| X |
directx |
Directx.exe |
Added by the SDBOT.D TROJAN! |
| X |
DirectX |
DirectX.exe |
Added by the BLAXE or LOGPOLE
WORMS! |
| X |
directx |
NTCmd.exe |
Added by the SDBOT.D TROJAN! |
| X |
directx |
PipeCmd.exe |
Added by the SDBOT.D TROJAN! |
| X |
directx |
Sqlexploit.exe |
Added by the SDBOT.D TROJAN! |
| X |
DirectX 32 |
directx32.exe |
Added by a variant of the AGOBOT/GAOBOT WORM! |
| X |
DirectX For Microsoft Windows |
dtxservice.exe |
Added by the PROGENT TROJAN! |
| X |
DirectX for Microsoft Windows |
Fservice.exe |
Added by the PRORAT TROJAN! |
| X |
DirectX for Microsoft Windows |
Sservice.exe |
Added by the PRORAT TROJAN! |
| X |
DirectX For Microsoft® Windows |
fservice.exe |
Added by the PRORAT-P TROJAN! |
| X |
DirectX shell driver |
[path to trojan] |
Added by the MARKTMAN-B TROJAN! |
| X |
DirectX Video Driver |
dxterm5.exe |
Added
by the WILAB-A TROJAN! |
| X |
DirectX64 |
DirectXset.exe |
Added by
the BROWNEY.A WORM! |
| X |
DirectX9 Diag |
dx9diag.exe |
Added by the RBOT-ALT WORM! |
| U |
Dirkey |
Dirkey.exe |
Dirkey - small utility
that allows you to bookmark up to 9 folders by using the Ctrl+Alt+1..9
shortcut keys in an Open/Save File dialog or in Windows Explorer. After this
the Ctrl+1..9 shortcut keys can be used in the same or another window to go
to any of the 9 bookmarked folders |
| ? |
Disable EHCI |
nousb20.exe |
?? |
| N |
Disc Detector |
CtNotify.exe |
For Creative sound cards.
Detects when you insert a CD, DVD, etc |
| ? |
disc detector |
qnetquestnotifty.exe |
?? |
| ? |
discoveg |
discoveg.exe |
?? |
| ? |
DISCover |
DISCover.exe |
Related to DISCover
Drop from Digital Interactive Systems Corporation. What does it do and is it
required? |
| N |
DiscoverDeskshop |
Deskshop.exe |
Discover
Deskshop - single use "virtual" credit card |
| U |
DiscUpdateManager |
DiscUpdMgr.exe |
Disc Update Manager
for Digital interactive's DISCover Console. Provider of on-demand video games |
| X |
Disk Keeper |
[path to trojan] |
Added by the SMALL-VE TROJAN! |
| X |
Disk Keeper |
SECURITY.EXE |
Daosearch adware |
| X |
Disk Manager |
diskver.exe |
Added by the RBOT.AQT WORM! |
| X |
Disk Master |
[trojan name] |
Added by the DISTER TROJAN! - a spam relayer |
| U |
Disk_Monitor |
Disk_Monitor.exe |
Multi-media, Smartmedia, Compact
Flash card reader for reading digital camera cards. Device is recognised as
internal USB disk drive. Necessary if camera cards are to be recognised as
soon as they are inserted into the reader |
| X |
DiskCheck |
msdarkend.exe |
Added by an unidentified WORM or
TROJAN! |
| N |
DiskeeperSystray |
DkIcon.exe |
DisKeeper
defragmentation software - can be started manually |
| X |
diskinf |
diskinf.exe |
Added by the CRYPTER.A TROJAN! |
| ? |
DISKMON.EXE |
DISKMON.EXE |
?? |
| N |
Disknag |
disknag.exe |
Dell program that reminds you to
make your backup diskettes |
| X |
Diskstart |
cat.exe |
MS-Connect dialler |
| X |
Diskstart |
Code.exe |
Adult content dialler |
| X |
Diskstart |
hit.exe |
Adult content dialler |
| X |
Diskstart |
Snt.exe |
Adult content dialler |
| X |
Dispatcher |
dispatcher.exe |
Added by the DLOADR-AS TROJAN! |
| U |
display |
The_Eye.exe |
ComSpySysSvr surveillance software. Uninstall this software
unless you put it there yourself |
| X |
Display Drivers |
cssrs.exe |
Added by the AGOBOT.FX WORM! |
| N |
Display Settings |
hptasks.exe |
Allows for the adjustment of the
display for LCD screen, CRT Monitor and TV output on HP computers |
| N |
DisplayTrayIcon |
TrayIcon.exe |
System Tray access to display
properties for ABIT graphics cards. Unless you change your desktop
resolution, etc regularily use Control Panel -> Display |
| U |
Disspy |
disspy.exe |
Disspy
spyware detection and removal software |
| N |
Distiller Assistant 3.01 |
DISTASST.EXE |
From Adobe. Creates PDF
universal files for Acrobat Reader. Available via Start -> Programs |
| X |
Distributed File System |
blade.exe |
Added by the MYFIP.AC WORM! |
| X |
Distributed File System |
Dfsvc.exe |
Added by the MYFIP.A or MYFIP.K
WORMS! |
| X |
Distributed File System |
kernel32dll.exe |
Added by the MYFIP-C or MYFIP.K
WORMS! |
| U |
Distributed File System |
win.exe |
Added by the MYFIP.AB WORM! |
| U |
distributed.net client |
DNETC.EXE |
Dsitributed computing projects
client from Distributed.net where numerous computers are used to share a
projects workload - similar to SETI@Home and Folding@Home. Also prone to
being distributed by viruses |
| Y |
Dit |
dit.exe |
"Drive Icon and Label
Utility" - assigns drive icons and names to flash memory cards.
Required, otherwise the drives aren't found |
| X |
Dit |
dit.exe |
Added by the LAZAR-A TROJAN! Note - this is located in the
System (9x/Me) or System32 (NT/2K/XP) folder |
| N |
DiTask.exe |
DiTask.exe |
Associated
with an Eicon Networks ISDN or ADSL modem. System Tray icon which shows you
the status of your lines (free, occupied with incoming or outgoing call).
Available via Start -> Programs |
| ? |
Divamon.exe |
Divamon.exe |
Associated
with an Eicon Networks Diva ISDN or ADSL modem - what does it do and is it
required? |
| X |
Divx |
codll.exe |
Added by the GRAVEBOT-A TROJAN! |
| X |
divx |
divxenc.exe |
Added to the SPBOT.B TROJAN! |
| X |
DivX MediaPlayer 7.0 |
Dr.DivX.exe |
Added by the ALADINZ.G TROJAN! |
| X |
DivX Player |
DivXPlayer.exe |
Added by a variant of the RBOT WORM! |
| X |
DivX Updater |
DivX.Exe |
Added by the NALDEM TROJAN or MASTAK VIRUS! |
| X |
DIVX Video Player |
DIVXPloyer.exe |
Added by an unidentified WORM or
TROJAN! |
| X |
Divx4 codec |
devldr32.exe |
Added by an unidentfied VIRUS! Note - this is not the
legitimate Creative Labs devldr32.exe file |
| N |
DJREGFIX |
regedit /s c:hpdjregfix.reg |
DJRegFix showed up first in
WinME as a "clever" way to ensure that all Hewlett-Packard DeskJet
printers actually worked with WinME - since most were having major problems.
This "utility" adds the functionality and compatibility HP forgot
to add in its WinME drivers |
| ? |
DJSNetCN |
DJSNetCN.exe |
"Symantec Licensing Detect
Internet Connection", part of Norton Antivirus. What
does it do and is it required? |
| X |
djtopr1150.exe |
djtopr1150.exe |
WebRebates adware |
| X |
dKernel |
dKernel.exe |
Added
by the DECOY-A WORM! |
| Y |
DkService |
DkService.exe |
From Executive Software's
Diskeeper defragmenting utility - a replacement for Windows Disk
Defragmenter. It's recommended to leave this enabled, otherwise you could
have problems starting it manually. |
| X |
DKTime |
dktime.exe |
Added by the LUNII TROJAN! |
| X |
Dkware lptt01 |
dkware.exe |
RapidBlaster variant (in a
"DonkeySoft" folder in Program Files). Recommended you use
RapidBlaster Killer to uninstall - see here |
| X |
Dkware ml097e |
dkware.exe |
RapidBlaster variant (in a
"DonkeySoft" folder in Program Files). Recommended you use
RapidBlaster Killer to uninstall - see here |
| ? |
dkzzixm |
dkzzixm.exe |
?? |
| U |
DLA |
DLACTRLW.EXE |
Sonic CD/DVD burning applications |
| Y |
dla |
tfswctrl.exe |
Drive letter access to a UDF
packet writer for CD-RW - from HP, Veritas an others. Similar to Roxio's
DirectCD and does the same thing. From HP - "This is a needed file as it
controles the readability of the Combo drives. Without this file loading the
end user will be able to burn CD's but wont be able to read them. The drive
itself will be able to read store bought master Cd's without the file but not
burnt ones" |
| N |
DlaTray |
Dlatray.exe |
System Tray access to DLA -
Drive letter access to HP's and Veritas' version of DirectCD. Does the same
thing as DirectCD. From HP - "This is a needed file as it controles the
readability of the Combo drives. Without this file loading the end user will
be able to burn CD's but wont be able to read them. The drive itself will be
able to read store bought master Cd's without the file but not burnt
ones" |
| N |
dlbcserv |
dlbcserv.exe |
Related to Dell Photo Printers
and provides additional configuration options for these devices |
| U |
DLBUCATS |
DLBUtime.dll, _RunDLLEntry@16 |
Related to Dell Photo Printers -
drivers |
| ? |
dlccmon.exe |
dlccmon.exe |
Dell Photo AIO Printer 924
Device Monitor. What does it do and is it required? |
| ? |
DLCDCATS |
rundll32 [path] DLCDtime.dll,
_RunDLLEntry@16 |
Related to Dell Photo Printers -
what does it do and is it required in startup? |
| N |
dlcdmon.exe |
dlcdmon.exe |
Related to Dell Photo Printers -
required in order to use the scanner of the printer. If disabled, scanning
cannot occur because the driver isn't running |
| U |
dlcgmon.exe |
dlcgmon.exe |
Dell 810 AIO phot printer device
monitor. Is it required? |
| X |
dlder |
dlder.exe |
Advertising spyware. Considered to be one oft the worst -
even creating a fake "explorer.exe" file. Can be installed via
versions of "Grokster", "Lime Wire" and "KaZaA"
amongst other file-sharing utilities (see here). Reported in the past as a
virus |
| X |
DlDir1 |
caKe |
Added by the CAKE WORM! |
| N |
DLF_00000B00 |
Vcdlf.exe |
Known to cause problems with "Out of memory" errors
(see here). Otherwise, it's purpose is unknown |
| ? |
DLForcerExe |
DLForcerEXE.exe |
?? |
| N |
DLG |
DLGCHBW.exe |
Backweb part of Data LifeGuard -
diagnostic tools for Western Digital's series of hard drives. Automatically
detects an internet connection and downloads any available updates |
| N |
DLHelperEXE |
WATCH.exe |
Download helper distributed with
some software that allows the software installation to redirect download
locations. Not required once the installation is finished |
| X |
DLHelperEXE.exe |
N/A |
Downloader for
Microgaming/Casino software - stealth installed |
| X |
dlhost |
dlhost.exe |
Added by the EXPHOOK-A TROJAN! |
| Y |
D-Link Air USB Utility |
AirCFG.exe |
D-Link wireless PCI adapter
related |
| Y |
D-Link Air Utility |
AirCFG.exe |
D-Link wireless PCI adapter
related |
| N |
D-Link AirPlus DWL-650+ Utility |
WLANMON.exe |
D-Link Air Plus Wireless PC
modem connection monitor |
| Y |
D-Link AirPlus G |
AirGCFG.exe |
D-Link Airplus Wireless Router
driver |
| Y |
D-Link AirPlus G Wireless
Utility |
AirPlus.exe |
D-Link AirPlus G wireless configuration and monitoring
utility |
| U |
D-Link AirPlus XtremeG |
AirPlusCFG.exe |
D-Link AirPlus XtremeG wireless
configuration utility |
| X |
DLINK dfe drivers for Windows NT |
windfe.exe |
Added by the RANDEX.AK WORM! |
| U |
DLink System Tray |
dlnetst.exe |
Related to
D-Link DGE-530T PCI card for servers and workstations |
| X |
Dlite |
dllmanager.exe |
Added by the WOOTBOT.DN WORM! |
| X |
Dll Boot Loader on Startup (do
not remove this) |
[various filenames] |
Added by an unidentified TROJAN! |
| X |
DLL Manager |
dllmngr32.exe |
Added by a variant of the RBOT WORM! |
| X |
DLL Service Manager |
[path to worm] |
Added by the RPCBOT.F TROJAN! |
| X |
dll services |
[random filename].exe |
Added by a
variant of the SDBOT WORM! |
| X |
DLL32 |
dllhost.dll |
Added by the SUCLOVE.A WORM! |
| X |
DLL32 |
dllmem32.exe |
Added by the KWBOT.E WORM! |
| X |
DllCacherv2 |
dllcachev2.exe |
Added by the LATEDA TROJAN! |
| X |
dlldmt |
dlldmt.exe |
Added by a variant of the CRYPTER.C TROJAN! |
| X |
DllExecutable |
[path to file] |
Added
by the VB-SP WORM! |
| X |
dllhelp |
dllhelp.exe |
Added
by the STARTPAGE.DQ hijacker |
| X |
dllhelp |
dllhlp.exe |
Added by the Downloader-HI TROJAN! |
| X |
DLLHost |
dllhst.exe |
Added by the DELBOT-AC WORM! |
| X |
dllhostxp.exe |
dllhostxp.exe |
Browser hijacker and adware
downloader |
| X |
DllLoader |
lssas.exe |
Added by the JE WORM! Note -
this is not the legitimate lsass.exe process |
| X |
Dlload |
killer.exe |
Added by the KILLAV-FK TROJAN! |
| X |
dllreg |
dllreg.exe |
Added by the CRYPTER.A TROJAN! |
| X |
DLLService32 |
dllsvc32.exe |
Added by the AGOBOT.VX WORM! |
| N |
DLM.exe |
DLM.exe |
IGN Download Manager has become
a requirement for downloading files through FilePlanet.com. It is based on
Internet Explorer and it installs through an ActiveX-plugin, hence Internet
Explorer must be installed beforehand and downloads has to be has to be
initialized through that browser |
| N |
dlmMgr |
AdobeDownloadManager.exe |
Adobe
Download Manager - "can prevent you from having to start from the
beginning should your download process be interrupted, and it offers a level
of service not possible |
| U |
DLPSP |
DLPSP.EXE |
Dell laser printer status
monitor |
| X |
dlsp2mx |
dlsp2mx.exe |
Added
by the MPB-B DIALER! An uninstall option can be accessed via the Add or
Remove Programs dialog in the Windows Control Panel. The software is listed
as "dlsp2mx" |
| ? |
DLT |
dlt.exe |
?? |
| X |
dluca |
dluca.exe |
Adult content dialler - see here |
| X |
dluca |
dluca.exe |
Added by the DLUCA.C TROJAN! |
| X |
dluxde |
dluxde.exe |
All-In-One-Telcom (adult content
dialler) variant |
| X |
Dluxjp |
cnfrm.exe |
Added by the DLUCA.D TROJAN! |
| X |
Dm Hr |
lpns.exe |
Added by the IRCBOT.WORM.61673 WORM! |
| X |
DM mgr |
dm_mgr.exe |
Added by the JITTAR TROJAN! |
| X |
dm***.exe [* = random char] |
dm***.exe [* = random char] |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
dm[3 random letters].exe |
dm[3 random letters].exe |
Added by the RUINDEM TROJAN! |
| X |
DM_server |
dmserver.exe |
Comet Cursor adware |
| X |
dm_service |
[path to file] |
Added by the MITGLIEDER.P TROJAN! |
| N |
DMAScheduler |
DMAScheduler.exe |
Related to DigitalMedia Plus Archiver. This program is
non-essential process to the running of the program, but should not be
terminated unless suspected to be causing problems |
| X |
DMC |
dmc.exe |
Added by
Trojan-Downloader.Win32.Dluca.bv TROJAN! |
| U |
DMHotKey |
DMLoader.exe |
HotKey access to the Samsung
Display Manager on laptops and ultra-mobiles that support it - such as the
M55 and Q1 |
| N |
DMILDR |
dmildr.exe |
Part of Dell OpenManage Client Instrumentation - software
that allows remote management application programs to access information
about, monitor the status of or change the state of the client computer, such
as shutting it down remotely. Uses the DMI and/or common information model
(CIM) protocols, which are systems management protocols defined by industry
standards. Available via Start -> Programs |
| N |
DMISL |
DMISL.EXE |
DMI (Desktop Management Interface) Service Layer for Intel
TokenExpress network card software. DMI support for the Intel network card
managed through the Desktop Management Interface. See here for more
information |
| N |
DMISLAPP |
DMISLAPP.exe |
DMI (Desktop Management Interface) Service Layer for Intel
TokenExpress network card software. DMI support for the Intel network card
managed through the Desktop Management Interface. See here for more
information |
| ? |
dmjay |
dmjay.exe |
?? |
| X |
dmloader |
dmloader.exe |
Added by a variant of the RBOT WORM! |
| X |
Dmsvc32 |
Dmsvc32.exe |
Added by the AGOBOT.ABU WORM! |
| X |
dmtdll |
dmtdll.exe |
Added by a variant of the CRYPTER.C TROJAN! |
| U |
DMXLauncher |
DMXLauncher.exe |
Part of Dell's Media Experience,
a multimedia suite which offers the user functionality to organise and play
music and digital video files |
| X |
dnam |
d140113.a.Stub.EXE |
Added by the STUB_A TROJAN! |
| X |
Dnar |
Dnar.exe |
Unknown, except that it is not necessary. Tends to phone home
a lot. DMI related - see here |
| Y |
DNE Binding Watchdog |
rundll dnes.dll,
DnDneCheckBindings |
Deterministic NDIS Extender
(DNE). DNE is an NDIS-compliant module which appears to be a network device
driver to all protocol stacks and a protocol driver to all network device
drivers. Part of Gilat Communications internet satellite systems. Required if
you have this system. Also installed by Winproxy - a proxy program for
sharing internet connections through one computer. Required if you want it to
work |
| Y |
DNE DUN Watchdog |
rundll dnes.dll, DnDneCheckDUN13 |
Deterministic NDIS Extender
(DNE). DNE is an NDIS-compliant module which appears to be a network device
driver to all protocol stacks and a protocol driver to all network device
drivers. Part of Gilat Communications internet satellite systems. Required if
you have this system. Also installed by Winproxy - a proxy program for
sharing internet connections through one computer. Required if you want it to
work |
| X |
DNHelper32 |
DNHlp32.exe |
Added by an unidentified WORM or
TROJAN! |
| X |
DNS |
[worm filename] |
Added by the CQG WORM! Note -
this is not the legitimate services.exe process which is always located in
the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is found in the Common Files folder |
| X |
DNS |
mc-110-12-0000079.exe |
Shorty adware - also detected as the AGENT.FD TROJAN! |
| X |
DNS |
mc-58-12-0000080.exe |
Shorty adware - also detected as the AGENT.FD TROJAN! |
| X |
DNS |
mc-58-12-0000093.exe |
Shorty adware - also detected as the AGENT.FD TROJAN! |
| X |
DNS |
mc-58-12-0000120.exe |
Shorty adware - also detected as the AGENT.FD TROJAN! |
| X |
DNS |
mc-58-12-0000140.exe |
Shorty adware - also detected as the AGENT.FD TROJAN! |
| X |
Dns Resolver |
dnsrslve.exe |
Added
by the RBOT-WS WORM! |
| X |
DNS Service |
dnsresolver.exe |
Added
by the RBOT-PQ WORM! |
| X |
DNS Service |
dnssvc.exe |
Added by the DELBOT-Z WORM! |
| ? |
DNS2GoClient |
dns2goclient.exe |
DNS2Go is a Domain Name
System that will make your computer accessible anytime, anywhere by
associating a domain name of your choice to your currently assigned IP
address. Is it required? |
| X |
DNSCacheBoost |
dnsping.exe |
Added by the DNSBUST-A TROJAN! |
| X |
dnscleaner |
dnscleaner.exe |
CoolWebSearch
parasite variant |
| ? |
DNXVC |
dnxvc.exe |
?? |
| X |
DocTor |
Doctor.exe |
Added by the DOTOR.A WORM! |
| N |
DocuMagix Init |
PWATCH.EXE |
PaperMaster
is an application for the PC designed to automate the process of organizing,
archiving, and retrieving digital versions of files. Start manually if needed |
| U |
Document Manager |
docmgr.exe |
Wave Systems Corp. Document Manager - "provides secure
storage and management capabilities for file and folder level
encryption" |
| X |
Doggy Style |
MsPMSPSd.exe |
Added by the SDBOT-AAP WORM! |
| X |
DOGStart |
GSDOGST.EXE |
Added by an unidentified VIRUS,
WORM or TROJAN! A possibility is a trojan known as PENIS |
| ? |
Doing |
doing.exe |
?? |
| X |
doit.exe |
doit.exe |
Added by the FORBOT-EK WORM! |
| X |
Domain Name Resolve Service |
dnsresolver.exe |
Added by the KIMAN.A WORM! |
| U |
Don't Panic |
dontpanicdemodp.exe |
30-day trial
version of Don't Panic privacy software from Panicware. "Clean up
Internet tracks and quickly hide personal documents with this privacy
suite." |
| U |
Don't Panic Pop-Up Stopper |
dpps2.exe |
Pop-Up
Stopper Companion from Panicware. Pop-up blocker integrated into the IE
toolbar. Note that the Pro version doesn't load in startup as it is installed
as an Internet Explorer toolbar. Can cause problems with IE if you use WinXP
and uninstall Service Pack 1. Uninstalling the software leaves it in the
startup group |
| U |
Don't Panic! |
DP.EXE |
Don't Panic!
privacy software from Panicware. "Clean up Internet tracks and quickly
hide personal documents with this privacy suite" |
| U |
Dopus |
dopus.exe |
Directory Opus - a
file manager from GPSoft |
| X |
dos |
dos64.exe |
Adware downloader trojan |
| X |
Dos Prompt Loader |
cygwin.exe |
Added
by the SDBOT-VV WORM! |
| ? |
Dosbat |
?? |
?? |
| U |
DoubleDesktop |
dd.exe |
"DoubleDesktop
is a smart and elegant system tray utility that effectively doubles the width
of your Windows desktop" |
| N |
DoUWantIt |
duwi.exe |
DoUWantIt - online shopping
assistant. Start it manually |
| X |
down |
[trojan filename] |
Added by the Small-QJ TROJAN! |
| X |
down |
hlp32.exe |
Added by the DLOADER.BG TROJAN! |
| U |
Down2Home |
Down2Home.exe |
Down2Home -
"monitors your ADSL/Cablemodem/Dialup traffic and provides you with
usefull statistics about the amount of data your PC has transferred" |
| N |
Download Accelerator Plus 5.0 |
DAP.exe |
Download Accelerator Plus
from Speedbit. Download manager for resuming downloads, amongst other
features. Available via Start -> Programs. Note that the free version is
adware based |
| X |
Download Plus |
DownloadPlus.exe |
DownloadPlus adware |
| N |
Download Wonder |
DownloadWonder.exe |
Download Wonder from Forty Software. Download manager for
resuming downloads, amongst other features |
| N |
DownloadAccelerator |
DAP.EXE |
Download Accelerator Plus
from Speedbit. Download manager for resuming downloads, amongst other
features. Available via Start -> Programs. Note that the free version is
adware based |
| X |
DownloadLegalMusic |
rundll32.exe MSA64CHK.dll,
DllMostrar |
MatrixDialer related |
| X |
DownloadWare |
dw.exe |
DownloadWare adware |
| X |
DownloadWare Engine |
Dwe.exe |
DownloadWare adware |
| X |
Downxz |
Downxz.bat |
Added by the MYDOOM.W WORM |
| N |
DPAgnt |
DPAgnt.exe |
digitalPersona
fingerprint scanner |
| U |
DPAS |
DPASNT.exe |
DefenderPro AntiSpy - spyware
remover |
| U |
DPASUpdate |
DPASAutUpdate.exe |
Automatic updates for
DefenderPro AntiSpy - spyware remover |
| Y |
Dpcnav |
dpcnav.exe |
DirecWay from DirectTV (now HughesNet) - satellite based
high-speed internet access |
| N |
DPConfig |
DPConfig.exe |
Compuware DevPartner Studio
Configuration Utility, a tool for software developers - System Tray access to
configure the utility's analysis. Not required at startup, can be launched
from the Start Menu programs group when needed |
| X |
dpcproxy |
dpcproxy.exe |
Added by the GOLDENP-A TROJAN! |
| Y |
DPCProxyLoadOnStartup |
dpcstart.exe |
DirecWay from DirectTV (now HughesNet) - satellite based
high-speed internet access |
| Y |
Dpcstart |
dpcstart.exe |
DirecWay from DirectTV (now HughesNet) - satellite based
high-speed internet access |
| X |
dpi |
dpi.exe |
Delfin
Media Viewer or "Promulgate" adware |
| X |
dpnsvr32 |
dpnsvr32.exe |
Added by the AOLPASS-B TROJAN! |
| U |
dpps2 |
dpps2.exe |
Pop-Up
Stopper Companion from Panicware. Pop-up blocker integrated into the IE
toolbar. Note that the Pro version doesn't load in startup as it is installed
as an Internet Explorer toolbar. Can cause problems with IE if you use WinXP
and uninstall Service Pack 1. Uninstalling the software leaves it in the
startup group |
| X |
dps |
dps.exe |
SmartestSearch
parasite - poses as a foistware, bogus adware/spyware remover called
"scumware-remover" |
| N |
dptracker |
dptracker.exe |
CamTrack webcam software
that enhances the way people video chat |
| U |
DpUtil |
TEDTray.exe |
Main executable for TOSHIBA DualPoint Utility Main Module. It
is a system tray icon program that provides configuration options for dual
pointing device |
| X |
DR_S |
DR_S.exe |
AdShooter adware |
| ? |
DragDrop |
DragDrop.exe |
?? |
| N |
DragnDrop_Autolaunch |
Autolaunch.exe |
Iomega
HotBurn - CD-RW burning software |
| N |
Drag'n'Drop_Autolaunch |
Autolaunch.exe |
Iomega
HotBurn - CD-RW burning software |
| X |
DRam prmaessor |
[random filename] |
Added by the RBOT.CSG WORM! |
| X |
DRam prosesor |
[random filename] |
Added by the SPYBOT.EE WORM! |
| X |
DRam prosessor |
[random filename] |
Added by the RBOT.CSG WORM! |
| X |
DRam prosessor |
HWAPI.exe |
Added by a variant of the RBOT
WORM! Note - this is not the McAfee HackerWatch process which has the same
filename |
| X |
DRam prosessor |
plscd.exe |
Added by the RBOT.CYA WORM! |
| X |
DRan posessor |
DAP.exe |
Added by a
variant of the SDBOT WORM! |
| X |
DrCache |
MSTDC.EXE |
Added by the JM TROJAN! |
| X |
dreams |
server.exe |
Added by a
variant of the SDBOT WORM! |
| X |
DrefIW |
SysDref.exe |
Added
by the DREF-D WORM! |
| X |
DrefIW |
SysDrefIWv2.exe |
Added
by the DREF-C WORM! |
| ? |
dregfix |
ph_finder.exe |
?? |
| N |
DrgToDsc |
DrgToDsc.exe |
Part of Roxio EasyCD Creator 6.0
- places the Roxio Drag-to-Disc icon in you system tray. "Easily drag
and drop files for burning to CD or DVD. Disc formatting and burning will
happen automatically". Not required for Roxio to work properly |
| ? |
dried.exe |
dried.exe |
?? |
| N |
DriveCleaner 2006 Free |
UDC2006.exe |
DriveCleaner is a security assesment tool which gives
exaggerated reports of security and privacy risks on a computer. The program
then prompts the user to purchase a registered version of the software in
order to remove the reported risks |
| U |
DriveIcons |
DriveIcon.exe |
Drive Icons from Realtek - shows a specific icon for each
card type for their card reader controllers |
| U |
DriveLED |
OODLed.exe |
O&O
DriveLED - hard disk monitoring and crash prevention |
| X |
Driver |
gbot.exe |
Added by the JUNTADOR.K TROJAN! |
| X |
Driver32 |
Scam32.exe |
Added by the SIRCAM WORM! |
| X |
DriverCheck |
svchost.exe |
Added by the DELF-KR TROJAN!
Note - this is not the legitimate svchost.exe process which is always located
in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is located in a C:DriverLoad folder |
| X |
DriverDB |
svcmdx32.exe |
Added by the BERPI TROJAN! |
| X |
DriverLoad |
svchost.exe |
Added by the DELF-KR TROJAN!
Note - this is not the legitimate svchost.exe process which is always located
in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is located in a C:DriverLoad folder |
| X |
DriverModule |
csrnvrt.exe |
Added by the IRCBOT.I TROJAN! |
| X |
DriverPath |
system32.exe |
Added by the PRORAT-S TROJAN! |
| X |
Drivers for Internet Explorer |
accesweb.exe |
Added by freewebs.com hijacker! |
| N |
DriveSelect |
driveselect.exe |
DVD X Copy XPress by 321
Studios. Creates a pop-up at Windows startup that asks for the DVD drive to
be selected. Available via Start -> Programs |
| U |
drkly16j |
rundll32.exe drkly16j.dll,
ServiceCheck |
KidsWatch Time Control
parental control software |
| U |
dRMON SmartAgent |
SmartAgt.exe |
Part of the network monitoring program group for 3Com NIC
cards. See here for more info |
| X |
drmu |
W95Mm.exe |
Homepage hijacker installing a
toolbar: http://tdko.com/. Lop.com in disguise |
| X |
drocher |
d.exe |
Adult content dialler |
| X |
DropSpam Lifestyle |
dslifestyle.exe |
Dropspam
adware |
| X |
drv_st_key |
hidn.exe |
Added by the BEAGLE.FF WORM! |
| X |
drvddll.exe |
drvddll.exe |
Added by the BEAGLE.AP WORM! |
| X |
Drvddll_exe |
drvddll.exe |
Added by the BEAGLE.X WORM! |
| ? |
DrvListnr |
DrvListnr.exe |
Analog Devices SoundMAX
soundcard related. What does it do and is it required? |
| U |
drvlsnr |
drvlsnr.exe |
Compaq/ADI SoundMAX integrated
digital audio controller related. May solve a problem if your sound cuts out
unexpectedly |
| U |
DrvMon.exe |
DrvMon.exe |
Alcor drive
monitor software |
| X |
drvnetw |
drvnetw.exe |
Added by the BROGGER-B TROJAN! |
| X |
drvr32h |
drvr32h.exe |
Added by an unidentified VIRUS,
WORM or TROJAN! |
| X |
drvrmanager |
drvrquery32.exe |
Added by the BOOHOO WORM! |
| X |
drvsys.exe |
drvsys.exe |
Added by the BEAGLE.W WORM! |
| X |
drvsyskit |
hidr.exe |
Added by the BAGLE.HR WORM! |
| X |
drvupd |
rundll32 ..drvupd.inf |
Hijacker - drvupd.inf file
installs a "searchforge.com" hijack |
| X |
DrWatson |
drwatson_.exe |
Added by the LOHAV-S TROJAN! |
| X |
DrWatson |
drwatson_32.exe |
Added by the LOHAV-S TROJAN! |
| X |
DrWeb Antivirus |
DRWEBAV.EXE |
Added by an unidentified WORM or
TROJAN! |
| Y |
Drwebscheduler |
Drwebscd.exe |
DrWeb antivirus related - scheduler that allows you to manage
an automatic launch of applications, in particular the antivirus scanner or
the update subsystem |
| X |
ds |
ds.exe |
Added by the SPYMON TROJAN! |
| U |
DS Clock |
dsclock.exe |
Digital desktop
clock including synchronization with atomic servers - see here |
| X |
dsa |
dsa.exe |
Homepage hijacker - redirecting
to downseek.com |
| X |
DSAcass |
[path to file] |
Added by the RANKY.M TROJAN! |
| X |
DSB |
DSB.exe |
EnergyPlugin adware |
| X |
dsd |
zz.exe |
Added by the RBOT-FOX WORM! |
| N |
DSentry |
DSentry.exe |
Anti-spyware from Dell. Seems
that after Dell found out certain applications being installed from DVD's
would report back information about what customers were watching, they
decided to implement an anti-spyware service. Run manually before
installation starts |
| X |
Dsi |
dp-******.exe |
Added by an unidentified adware
where ****** are random characters |
| X |
Dsi |
dp-him.exe |
Added by the MULTIDR-AH TROJAN! |
| X |
Dskcompat |
Dskcompat.exe |
Added by the GEMA TROJAN! |
| U |
DSKEY |
DsKey.exe |
Part of PC PhoneHome -
"secretly sends an invisible email message to an email address of your
choice containing the physical location of your computer every time you get
an Internet connection". Security software from Brigadoon Security Group
for tracking down lost/stolen computers |
| N |
DSL Monitor |
spdstrm.exe |
Comes with Efficient Networks
DSL Modems. Little red/green/yellow flashing icon in system tray |
| Y |
DSLagentexe |
DSLagent.exe |
Used in
conjunction with USB connected ADSL modems from Eicon Networks (as used by BT
for its Broadband internet service for example). Required for a permanent
ADSL connection |
| Y |
dslmon |
dslmon.exe |
Sagem DSL modem related.
Apparently needed to detect the modem |
| U |
DSLSTATEXE |
dslstat.exe |
System tray connection status
for ADSL modems from Eicon Networks (as used by BT Broadband for example) |
| X |
DsmSer |
dsm.exe |
Added by the SERFLOG.B WORM! |
| X |
DsmSer |
msmpatch.exe |
Added by the SERFLOG.B WORM! |
| X |
DsmSer |
svosm.exe |
Added by the SERFLOG.B WORM! |
| X |
DsmSer |
sysup.exe |
Added by the SERFLOG.B WORM! |
| X |
DsplObjects |
windspl.exe |
Added by the BEAGLE.DN WORM! |
| X |
DSS |
[path to trojan] |
Added by the DSSDOOR-C TROJAN! |
| X |
DSS |
dssagent.exe |
DSSAgent by Brøderbund -
spyware. Sends encrypted emails about the system back to the originators of
the program. Also a resource hog. See here for more info |
| X |
DSService |
dmrss.exe |
Added by the AGOBOT-XX WORM! |
| ? |
DSSSGENS |
dssagens.exe |
?? |
| X |
DSystemDriver |
windrv.exe |
Added by the DELF.WG TROJAN! |
| N |
DU Meter |
DUMETER.EXE |
Hagel Technologies
internet bandwidth monitor |
| X |
duck |
duck.exe |
Added by the AGOBOT-AVG WORM! |
| X |
Dumeter Services |
dumeter.exe |
Added by the SDBOT-AEQ WORM! |
| N |
dumprep 0 -k |
dumprep 0 -k |
Used in connection with memory
dumps - you can disable these by - right clicking on My Computer, selecting
Properties and then the Advanced tab. Click on the Settings button in
'Startup and Recovery'. In the bottom pane - under 'Write debugging information'
- click on the down arrow and then select 'None' - OK your way out |
| N |
dumprep 0 -u |
dumprep 0 -u |
Used in connection with memory
dumps - you can disable these by - right clicking on My Computer, selecting
Properties and then the Advanced tab. Click on the Settings button in
'Startup and Recovery'. In the bottom pane - under 'Write debugging information'
- click on the down arrow and then select 'None' - OK your way out |
| X |
DUN_SERVICES3 |
dun3.exe |
Added by the SOKIRON TROJAN! |
| X |
Duweculey |
yujixit.exe |
Added by the SDBOT.BRP WORM! |
| U |
DVD43 |
DVD43.exe |
DVD43 is a small tool
that overrides CSS copy-protection found on DVD movies |
| N |
dvd43 |
DVD43_Tray.exe |
DVD43 is "a
small tool that integrates into Windows and overrides CSS copy-protection
found on DVD movies" |
| X |
dvd98 |
windvd98.exe |
Added by the CULT.P WORM! |
| U |
DVDBitSet |
DVDBitSet.exe |
DVD+RW Drive/Disc Compatibility
Setting. Installed with HP DVD+RW drives to enhance compatibility with
existing readers. You can also set a DVD+RW default drive write mode which is
always used |
| ? |
DVDCheck |
DVDCheck.exe |
Related to an
Intervideo program. What does it do and is it required in startup? |
| X |
Dvdcompat |
Dvdcompat.exe |
Added by the GEMA TROJAN! |
| N |
DVDLauncher |
DVDLauncher.exe |
Part of Cyberlink's Power Cinema - allows you to play DVDs
upon insertion |
| N |
DVDSentry |
DSentry.exe |
Anti-spyware from Dell. Seems
that after Dell found out certain applications being installed from DVD's
would report back information about what customers were watching, they
decided to implement an anti-spyware service. Run manually before
installation starts |
| N |
DVDTray |
DVDTray.exe |
HP CD/DVD Tray icon installed
with the DVD writer software. Periodically checks for new drive firmware |
| N |
DVDUpgrade |
DVDUpgrd.exe |
Microsoft program to upgrade your DVD decoder program - see
Q306331. Available via Start -> Programs |
| N |
DVDXGhost |
DVDGhost.EXE |
DVD Ghost -
"utility to make your software DVD players and DVD copy/backup softwares
restriction-free, and copy/backup DVD to hard disk" |
| Y |
Dvp95 |
Dvp95.exe |
Scan engine for F-Secure and
Command antivirus software based on the F-Prot AntiVirus engine |
| Y |
dvpapi9x |
DVPAPI9X.exe |
Command AntiVirus for Windows
95/98/Me |
| Y |
DvpInitExe |
Dvpinit.exe |
Command Antivirus
related |
| Y |
dvprpt |
Dvprpt.exe |
Command Antivirus
related |
| X |
dvraudio |
dvraudio.exe |
Added by a variant of the CRYPTER.C TROJAN! |
| X |
dvsfss |
fbsfsdrs.exe |
Added by the SDBOT-QA WORM! |
| U |
DVSync |
dvsync.exe |
DVSync is the program that
allows you to synchronize your daVinci's PDA's data with your Personal
Information Manager on the PC |
| X |
Dvx |
wsxsvc.exe |
Delfin
Media Viewer or "Promulgate" adware variant |
| X |
dw |
dw.exe |
DownloadWare adware |
| N |
DW4 |
Weather.exe |
Desktop Weather |
| U |
DWHeartbeatMonitor |
DWHeartbeatMonitor.exe |
DWHeartbeatMonitor.exe is
installed alongside the Weather.com instant messaging utility. This is a
non-essential process. Disabling or enabling this is down to user preference |
| N |
DwlClient |
support.exe |
Download manager for Dell
support alerts |
| Y |
dwStart |
FireWall.exe |
The
Shield firewall |
| X |
Dx |
sys*.exe [* = random number] |
Added by the DEXTER.A WORM! |
| X |
Dx8compat |
Dx8compat.exe |
Added by the GEMA TROJAN! |
| X |
dxdiags.exe |
dxdiags.exe |
Added by the CERTIF-G TROJAN! |
| X |
DxDialog |
dxdlg32.exe |
Added
by the VB-CXT TROJAN! |
| X |
dxdll32 |
ntxdll.exe |
Added by the GAOBOT.CPX WORM! |
| N |
DXDllRegExe |
dxdllreg.exe |
Created when you select
"Yes" to check the "WHQL Digital signatures" in the
DirectX9 files at the first time you open it |
| X |
DxLoad |
DX3DRndr.exe |
Added by the GIBE.B WORM! |
| N |
DXM6Patch_981116 |
p_981116.exe |
Win32 cabinet self extractor. More info here |
| X |
dxmsrv |
dxmsrv.exe |
Added by an unidentified WORM or
TROJAN! |
| X |
Dxsty |
Dxsty.exe |
Added by the GEMA TROJAN! |
| X |
Dxupdate.exe |
Dxupdate.exe |
Added by the MAFEG WORM! |
| X |
dxvid |
dxvid.exe |
Added by
Trojan-Downloader.Win32.Dluca.by TROJAN! |
| X |
DyFuCA |
optimize.exe |
Adult content dialler - see here |
| X |
DyFuCA Active Alert |
actalert.exe |
Adult content dialler - see here |
| X |
Dynamic DHCP |
dydhcp.exe |
Added by the RINBOT.B TROJAN! |
| X |
Dynamic Dns Binary |
CMD16.EXE |
Added
by the RBOT-XM WORM! |
| X |
Dynamic Dns Binary |
dynitora.exe |
Added
by the RBOT-WT WORM! |
| X |
Dynamic Dns Binary |
WinHelpcfn.exe |
Added by a variant of the RBOT WORM! |
| X |
Dynamic Dns Binary |
winxp34.exe |
Added by a variant of the RBOT WORM! |
| X |
Dynamic Link Library loader |
Loader32.exe |
Added by the KOL TROJAN! |
| U |
DynDNS Updater |
DynDNS.exe |
Dynamic DNS IP address updater
tool, used as a client for Dynamic DNS service providers such as
http://www.DynDNS.org |
| N |
DynDNS-Updater Traytool |
ddutray.exe |
DynDNS
updater tray icon - allows easy configuration of the Dynamic DNSSM service.
Can be run manually |
| X |
DynHttp Dns Binary |
dynizari.exe |
Added by a variant of the RBOT WORM! |
| U |
DynSite |
DynSite.exe |
DynSite - dynamic DNS
client, also called an automatic IP updater |
| U |
Dynu Basic Client |
dynubas.exe |
Dynu online dynamic IP update client. Useful when using a
dial up modem |
| ? |
DZKillMe |
DZSAVEME.EXE |
?? |
| U |
E_S10IC2 |
E_S10IC2.exe |
Epson Stylus C44 Series printer
monitor - for checking ink levels, etc |
| U |
E_S23 |
E_SICN03.exe |
Epson printer status monitor -
for checking ink levels, etc. |
| U |
E_S4I2F1 |
E_S4I2F1.exe |
Epson Status Monitor 3 for the
Epson Stylus Photo R300 (and probably others) printers - monitors the status
of ink levels, a print job spooled to that printer, etc |
| N |
E_S4I2G1 |
E_S4I2G1.EXE |
Epson Status Monitor 3 for the
Epson Stylus CX5400 printer/scanner/copier (and probably others) - monitors
the status of ink levels, a print job spooled to that printer, etc |
| U |
E_SOEIC1 |
E_SOEIC1.exe |
Epson Stylus printer monitor -
for checking ink levels, etc. |
| U |
E06DXLRD_7604703 |
EDICT.EXE |
Related to Microsoft Encarta dictionary functions |
| N |
E6TaskPanel |
TaskPanl.exe |
Earthlink Task
Panel - part of Earthlink TotalAccess 2003 internet access software. Quick
access to internet, E-mail and web-space |
| U |
eabconfg.cpl |
EabServr.exe |
Easy Access Buttons control
panel on Compaq laptops. Only required if you use the extra keys |
| X |
Eac Download |
download.exe |
Webcelerator from eAcceleration speeds your Web browsing by
both remembering where you have been and anticipating where you will go. Only
needed if you find it improves web browsing. Now no longer available and
supported and when available was classed as spyware - see here |
| X |
Eac_Cnry |
canary.exe |
Added by the CANARY TROJAN! |
| ? |
Eac_rnvdl |
ANTIVIRUS_INSTALL.EXE |
?? |
| U |
EACLEAN |
eaclean.exe |
For Compaq PC's. Easy Access button support for the keyboard |
| U |
eanth_critical_update_alert |
sys_alert.exe |
eAcceleration Stop-Sign security software related. Previously
not recommended, see here |
| U |
eanth_system_patcher |
sys_alert.exe |
eAcceleration Stop-Sign security software related. Previously
not recommended, see here |
| U |
eanthology_install.exe |
eanthology_install.exe |
eAcceleration Stop-Sign security software related. Previously
not recommended, see here |
| U |
EanthologyApp |
EANTHO~1.EXE |
eAcceleration Stop-Sign security software related. Previously
not recommended, see here |
| U |
EanthologyApp |
eanthology.exe |
eAcceleration Stop-Sign security software related. Previously
not recommended, see here |
| N |
Eapcisetup |
sbsetup.exe |
Rockwell RipTide soundcard
application software. Sound works without it |
| N |
EAPCISETUP |
wizard.exe |
Part of the Creative Sounblaster
PIC Installation Wizard. Probably left as a result of a failed installation |
| Y |
Earthlink Protection Control
Center |
elnk_pcc.exe |
EarthLink
Protection Control Center - "powerful, integrated security program makes
it easier than ever to protect yourself against viruses, spyware, and
hackers-all from one convenient location" |
| N |
EarthLink ToolBar 5.0 |
etoolbar.exe |
EarthLink Toolbar is a tool to
help you get to all of the resources of the internet. EarthLink 5.0 Setup
adds a few basic buttons to the Toolbar, but you can delete these or add more
buttons any time |
| U |
Easy Key |
easykey.exe |
For programming of the built-in
functions keys on some laptops (and maybe desktops). Required if these are
used |
| N |
Easy Start Button |
esb.exe |
Provides functionality on
certain laptops that have additional keys. Not required unless you use the
extra keys |
| X |
EasyAV |
EasyAV.exe |
Added by the NETSKY.S or
NETSKY.T WORMS! |
| X |
EasyDates |
EasyDates.exe |
Premium rate adult content
dialler |
| X |
EasyDates_nl |
EasyDates_nl.exe |
Adult content dialler |
| U |
EasyKey |
easykey.exe |
For programming of the built-in
functions keys on some laptops (and maybe desktops). Required if these are
used |
| U |
EasyKeyboardLogger |
EasyKeyboardLogger.exe |
EasyKeyLogger keystroke logger/monitoring program - remove
unless you installed it yourself! |
| U |
EasyMessage |
em2.exe |
Easy Messenger, instant
messenger for MSN, AOL, ICQ, and Yahoo. See here |
| U |
Easy-PrintToolBox |
BJPSMAIN.EXE |
A utility to launch the
applications that are bundled with a Canon bubblejet printer |
| X |
EasySearchBar |
ESBUpdate.exe |
EasySearchBar adware downloader |
| X |
easyServ |
Server.exe |
Added by the EASYSERV TROJAN! |
| U |
EasySync Pro |
XCPCMenu.exe |
EasySync Pro is a Lotus (now owned by IBM) program for
synchronizing a PDA with Lotus Notes |
| U |
EasyTuneIII |
EasyTune.exe |
Tuning (overclocking) utility
for Gigabyte motherboards. Shortcut available |
| U |
EasyTuneIV |
ET4Tray.exe |
Tuning (overclocking) utility
for Gigabyte motherboards. Shortcut available |
| X |
easywww |
easywww2.exe |
Added by an unidentified VIRUS,
WORM or TROJAN! |
| N |
EbatesMoeMoneyMaker |
wjview ...Code |
Ebates adware |
| X |
EbatesMoeMoneyMaker0 |
EbatesMoeMoneyMaker0.exe |
Ebates adware |
| X |
eBay Toolbar |
EBAYTBAR.EXE |
eBay Toolbar -
reportes as spyware as it "phones home" |
| U |
eBayToolbar |
eBayTBDaemon.exe |
eBay toolabar
related - also contains eBay account Guard which monitors for fraudulent eBay
sites |
| U |
eBoard |
Eboard.exe |
eMachines multimedia keyboard
manager. Required if you use the extra keys |
| N |
eBot |
DownloadWizard.exe |
eBot from Digital River -
"helps ensure your computer always has the latest technology, fixes,
add-ons, upgrades and 'cool stuff'." Can optionally be installed with
software such as Net Nanny internet filtering software. Available via Start ->
Programs |
| U |
EC21 |
EZQ.EXE |
Related to EC21. "EC21 is the world’s largest B2B
marketplace to facilitate online trades between exporters and importers from
all around the world" |
| X |
E-Card |
ecard.exe |
Added by the YODI WORM! |
| X |
ecko |
claro.exe |
Added by the DLOADR-AQJ TROJAN! |
| U |
E-color |
IconMgr.Exe |
Sets the colour of your monitor
when running games that recognise E-Color so that you get 'what the game
designer intended' when you see the game. Also allows monitor callibration
through a program called 3-Deep. If you play a lot of games it can be useful.
Can be disabled from starting up from within the program |
| ? |
ecpe |
ECPE.EXE |
?? |
| U |
eDataSecurity Loader |
eDSloader.exe |
Part
of Acer Empowering Technology. "Acer eDataSecurity Management is a handy
file encryption utility that protects files from being accessed by
unauthorized persons, using passwords and advanced encryption
algorithms" |
| N |
edexter |
edexter.exe |
eDexter
supplements internet filtering by substituting local images for filtered
images in order to prevent browser stalls and other annoyances. Can be
activated manually when starting the browser |
| X |
editpad |
editpad.exe |
Added by the CONSPER-B TROJAN! |
| N |
EDLoader |
DTLoader.exe |
Effective Desktop from MiniStars
Software - desktop management software no longer being supported |
| U |
eDonkey2000 |
edonkey2000.exe |
File sharing network - not
recommended as the free version of this application should be avoided as it
installs, without permission, New.Net, Webhancer, WebSearch Toolbar and
WinTools |
| U |
EDRestore |
?? |
Set Point
from Easy Desk Software - "small utility that automatically sets System
Restore points for WinME/XP" |
| X |
educational writer |
[random filename] |
Added
by the RBOT-LZ WORM! |
| U |
Edwizard |
Edwizard.exe |
SafeGuard Easy -
"provides total company-wide protection for sensitive information on
laptops and workstations. Boot protection, pre-boot user authentication and
hard disk encryption using powerful algorithms guarantee against unauthorized
access and hacker attacks" |
| X |
EDxMC110 |
Isass.exe |
Added
by the VB-NIA WORM! |
| N |
EEventManager |
EEventManager.exe |
Part of the Epson Creativity Suite supplied with their
multi-function printer/scanners, Event Manager launches File Manager or
PageManager for EPSON automatically when you press the B&W Start or Color
Start button on the control panel in Scan mode |
| U |
eFax DllCmd |
J2GDllCmd.exe |
eFax
Messenger fax software |
| N |
eFax Tray Menu |
HotTray.exe |
eFax
Messenger Tray Menu system tray icon for eFax Messenger Plus. Available via
Start -> Programs. Disabling instructions available here |
| U |
eFax Tray Menu |
J2GTray.exe |
eFax
Messenger fax software tray menu |
| N |
eFax.com Tray Menu |
HotTray.exe |
eFax
Messenger Tray Menu system tray icon for eFax Messenger Plus. Available via
Start -> Programs. Disabling instructions available here |
| X |
efaxs lptt01 |
efaxs.exe |
RapidBlaster variant (in a
"efaxs" folder in Program Files). Recommended you use RapidBlaster
Killer to uninstall - see here |
| X |
efaxs ml097e |
efaxs.exe |
RapidBlaster variant (in a
"efaxs" folder in Program Files). Recommended you use RapidBlaster
Killer to uninstall - see here |
| U |
EFI Job Monitor |
[path] efjm.dll,run |
Ricoh Imagio Printer/Scanner
driver status monitor |
| U |
Efpap.exe |
Efpap.exe |
Easy File
& Folder Protector. Deny access to certain files and folders, or to hide
them securely from viewing and searching |
| U |
ehTray |
ehtray.exe |
Enables the user to access Windows Messenger from within
Windows Media Center Edition |
| X |
ei10.exe |
ei10.exe |
Added by the AGOBOT-NK WORM! |
| U |
Eicon NetworksLAN_DAEMON |
watch.exe |
Associated
with an Eicon Networks ISDN or ADSL modem. Watch protocols your connection
with numbers and duration. You need callvu.exe (from Start Menu) to see your
connection statistics. You can manually start watch.exe before you go online.
Needs diinfo.exe (started by DiTask) to work correctly which can be started
manually |
| U |
Eicon TechnologyLAN_DAEMON |
watch.exe |
Associated
with an Eicon Networks ISDN or ADSL modem. Watch protocols your connection
with numbers and duration. You need callvu.exe (from Start Menu) to see your
connection statistics. You can manually start watch.exe before you go online.
Needs diinfo.exe (started by DiTask) to work correctly which can be started
manually |
| X |
eixfi |
china.bat |
Added by the WCUP.A WORM! |
| U |
Elbycheck |
ElbyCheck.exe |
From Elaborate Bytes who make CloneCD - monitors the
installed filters of CD-ROMs/DVD-ROMs. Note - under Win2K removing this from
startup causes the CD drive in the computer to not be recognized in the OS
and after rechecking it prompts that the driver has been corrupted and asks
you to restart the computer to fix it |
| U |
Electron Microscope |
EMIII.exe |
Electron Microscope or EM - is a
program used to track Stanford's distributed computing program client called
Folding at Home, FAH. It will monitor up to 50 clients and give you the
details about each client's progress as the FAH client runs. EM will also
show you what each change in the protein looks like as the process continues |
| X |
Element |
Element.txt |
Added by the ELEM TROJAN! |
| X |
element furth |
[path] repcale.exe [path]
palsp.exe |
Added by a variant of the RANDON.AN WORM! |
| X |
elitemedia |
elitemediapop.exe |
Added by the LOWZONE-BB TROJAN! Also known as
Elitebar/EliteToolbar/EliteSidebar adware |
| N |
elm |
Elmenv.exe |
ViaTech eLicense for securing,
distributing and selling music online |
| X |
ELNKProxy |
smproxy.exe |
Surfmonkey adware |
| U |
ELSA WINman Suite |
Winmsuit.exe |
Allows you to totally customize
your ELSA graphics card settings, including overclocking the GPU |
| Y |
ElsaCapiCtl |
Rcapi.exe |
Assumed to stand for Remote
Common Application Programming Interface (RCAPI), this was installed with an
Elsa Microlink ISDN modem. If it is not there you can not bring up the dialog
box which is sometimes needed to reset the modem |
| U |
ELSAChipGuard |
elsavect.exe |
ChipGuard for ELSA graphics
cards - monitoring solution which monitors both the GPU temperature and fan
speed, and will halt the system if either are at dangerous levels and restore
the default clock speeds upon reboot. Leave enabled if overclocking |
| U |
ELSBLaunch |
ELSBLaunch.exe |
EarthLink
SpamBlocker |
| U |
EM_EXEC |
EM_EXEC.EXE |
Logitech Mouseware driver.
Needed to support some additional functionality of Logitech mice/trackballs
such as "SmartMove". If you disable it and find you don't need it
leave it disabled |
| N |
EMA.exe |
EMA.EXE |
Time management system which
helps you to manage your time and appointments |
| U |
eMachines eBoard |
Eboard.exe |
eMachines multimedia keyboard
manager. Required if you use the extra keys |
| Y |
Email Protection |
emlproxy.exe |
AntiVirus Quick Heal -
E-mail protection |
| Y |
EmailScan |
mcvsescn.exe |
Related to McAfee AntiVirus
suite - used to automatically scan incoming e-mails |
| X |
eMakeSV |
EMAKE2B.EXE |
Switch
premium rate adult content dialer variant |
| X |
eMakeSV |
EMAKESV.EXE |
Switch
premium rate adult content dialler variant |
| U |
EMBASSY Trust Suite Secure
Update |
AutoUpdate.exe |
Updates for
Wave Systems Corp. Embassy Trust Suite - "delivers advanced levels of
security to the client PC using the TPM security chip found on most
enterprise PCs today" |
| X |
eMCryT Sh3ars Panagers |
[path to worm] |
Added by the RBOT-AWI WORM! |
| U |
EMMeter |
EMMeter.exe |
"Express
Meter provides detailed information about how your software assets are being
used. With Express Meter you can monitor application usage, identify software
usage patterns, and control application launches—all of which can help you
make better decisions about your IT investments" |
| X |
emoc0re |
emo.exe |
Added by the AGOBOT-AGE WORM! |
| X |
empin |
e121307.exe |
Delfin Media Viewer adware related |
| X |
empin |
e121307.Stub.exe |
Delfin Media Viewer adware related |
| X |
emsw.exe |
emsw.exe |
Attune HelpExpress - spyware. Disable and uninstall - see
here |
| X |
emule |
emule.exe |
Added by the RBOT-ALZ WORM! |
| N |
eMusicClient Systray |
eMusicClient.exe |
eMusic MP3
download software |
| N |
EN4060C Taskbar |
en4060ct.exe |
Comes with Efficient Networks
DSL Modems. Little red/green/yellow flashing icon in system tray |
| X |
enBrowser |
[name of file] |
WINBO adware |
| ? |
encapsulated command tool |
wintr.com |
?? |
| N |
Encarta Dictionary Quickshelf |
QSHLFED.EXE |
Provides quick access to
Encarta's Dictionary features? |
| N |
ENCMONITOR |
monitor.exe |
The Encompass Monitor. This
program is the Connect Direct Program. It is more trouble than it is
worth and few use it |
| N |
Encoder Agent |
WMENCAGT.EXE |
MS Windows Media Encoder,
which already has a shortcut in the Start Menu if installed |
| U |
Encompass_ENCMONTR |
ENCMONTR.EXE |
Optional simple browser from
Yahoo (Encompass) |
| ? |
ENCSurf |
surfboard.exe |
?? |
| N |
Energizer FileSaver |
Energizer FileSaver.exe |
Energizer
FileSaver - UPS back-up utility for Energizer UPS products. From their Tech
Support staff this is known to have a memory leak since it's release - with
no fix planned! It will grab 2-5 handles per second and crash the average
system in less than 3 days - therefore not recommended |
| X |
EnergyPlugIn |
EnergyPlugin.exe |
EnergyPlugin adware variant |
| U |
enginecs2 |
enginecs2.exe |
Cyber Sentinel - internet filtering software |
| Y |
EngUtil |
EngUtil.exe |
Part of Roxio EasyCD Creator 6.0
- corrects any modification made to the Roxio Engine, it exits after checking |
| X |
Enh Win Updt |
enhupdt.exe |
Adware downloader -
recognized by Kaspersky antivirus as
Trojan-Downloader.Win32.OneClickNetSearch.h |
| X |
enhance32 |
enhance32.exe |
Added by the CRYPTER.A TROJAN! |
| N |
EnigmaPopupStop |
EnigmaPopupStop.exe |
Part of Enigma SpyHunter - not recommended, see note |
| X |
E-nrgyPlus |
E-nrgyPlus.exe |
Added by the Energyplus TRACKWARE! Tracks internet activity
including websites visited and queries made at popular search engines. This
information along with some system information is sent to a remote site |
| ? |
ENSApServer2_0 |
APSERVER.EXE |
Intel
AnyPoint Wireless II Home Network related. Now discontinued. What does it do
and is it required? |
| ? |
ENSMIX32.EXE |
ENSMIX32.EXE |
Sound card driver. Is it required? |
| U |
EnsoniqMixer |
starter.exe |
Puts the Ensoniq mixer in system tray. From Ensoniq
Technologies "Our mixer is a critical part of the soundcard as it fixes
sound problems and replaces the MS mixer which can no longer be used".
If you find you don't need it - try one of the solutions on this special
page. Similar to Creative PCI Audio Configuration Utility |
| U |
Entbloess 2 |
Entbloess2.exe |
Related to
Window-Switcher (now Reflex Vision) - it allows you to see previews of all
your open applications via a single keystroke in a manner similar to Apple's
Exposé, for Windows 2K/XP |
| U |
Enterra Icon Keeper |
IcnKeepr.exe |
Icon Keeper - "tool
to save and restore icon positions on the desktop" |
| X |
Enumerate Service |
wsys.exe |
Added by the MANIFEST TROJAN! |
| Y |
EnvyHFCPL |
EnMixCPL.exe |
VIA Envy24 PCI Audio Controller driver |
| U |
eonemng |
eOneMng.exe |
eOne Manager, provides access to
the buttons on the keyboard and on the front of the console for the eMachines
eOne PC |
| U |
EOUApp |
EOUWiz.exe |
Intel ProSET Wireless related -
provides additional configuration options for these devices |
| U |
EOUWiz |
EOUWiz.exe |
Intel ProSET Wireless related -
provides additional configuration options for these devices |
| U |
ePower_DMC |
ePower_DMC.exe |
Part
of Acer Empowering Technology. "Acer ePower Management is a
straightforward interface that allows users to select from pre-configured
power usage profiles, or to create their own customized profiles" |
| U |
EPoXUSDM |
USDM.EXE |
EPoX Universal
Serial Data Monitor - a diagnostics tool that shows Temps, Fan Speeds,
Voltages...etc |
| N |
ePrint 3.0 Service |
EPRINT3.EXE |
LEADTOOLS ePrint file
conversion software - "convert any file to and from over 150 document
and image formats including searchable PDF, DOC, HTML, TXT, Multi-page TIFF,
JPG, GIF, PNG and many more!" Can be started manually |
| N |
ePrint 4.0 Service |
EPRINT4.EXE |
A component of the
"LEADTOOLS ePrint File Conversion Software - Convert ANY file to and
from over 150 document and image formats including searchable PDF, DOC, HTML,
TXT , Multi-page TIFF, JPG, GIF, PNG and many more!" Can be started
manually |
| U |
ePrompter |
ePrompter.exe |
ePrompter - E-mail
notification software |
| N |
EPS |
e_srcv02.exe |
According to the Epson info:
"Use this utility to automatically check for errors and also check the
level of ink remaining." This utility can also be started on demand when
about to print as follows: File menu > Print to bring up the print dialog
box. Click on the Properties button which will bring up a display with 4
tabs. Click the Utility tab to get a list of utilities that can be executed
including the Status Monitor 3 Environment Check |
| N |
EPS |
e_srcv03.exe |
According to the Epson info:
"Use this utility to automatically check for errors and also check the
level of ink remaining." This utility can also be started on demand when
about to print as follows: File menu > Print to bring up the print dialog
box. Click on the Properties button which will bring up a display with 4
tabs. Click the Utility tab to get a list of utilities that can be executed
including the Status Monitor 3 Environment Check |
| N |
EPSON Background Monitor |
STMS.EXE |
Supposed to keep an Epson
printer ready for quick printing. Users report little difference
whether it is on or not |
| U |
EPSON CardMonitor |
EPSON CardMonitor1.0.exe |
Monitors the PCMCIA memory card
slot on EPSON cameras and printers and launches PhotoStarter or PhotoPrint |
| N |
EPSON Status Monitor 3
Environment Check |
e_srcv02.exe |
According to the Epson info:
"Use this utility to automatically check for errors and also check the
level of ink remaining." This utility can also be started on demand when
about to print as follows: File menu > Print to bring up the print dialog
box. Click on the Properties button which will bring up a display with 4
tabs. Click the Utility tab to get a list of utilities that can be executed
including the Status Monitor 3 Environment Check |
| N |
EPSON Status Monitor 3
Environment Check |
e_srcv03.exe |
According to the Epson info:
"Use this utility to automatically check for errors and also check the
level of ink remaining." This utility can also be started on demand when
about to print as follows: File menu > Print to bring up the print dialog
box. Click on the Properties button which will bring up a display with 4
tabs. Click the Utility tab to get a list of utilities that can be executed
including the Status Monitor 3 Environment Check |
| N |
EPSON Status Monitor 3
Environment Check 2 |
e_srcv02.exe |
According to the Epson info:
"Use this utility to automatically check for errors and also check the
level of ink remaining." This utility can also be started on demand when
about to print as follows: File menu > Print to bring up the print dialog
box. Click on the Properties button which will bring up a display with 4
tabs. Click the Utility tab to get a list of utilities that can be executed
including the Status Monitor 3 Environment Check |
| N |
EPSON Status Monitor 3
Environment Check 2 |
e_srcv03.exe |
According to the Epson info:
"Use this utility to automatically check for errors and also check the
level of ink remaining." This utility can also be started on demand when
about to print as follows: File menu > Print to bring up the print dialog
box. Click on the Properties button which will bring up a display with 4
tabs. Click the Utility tab to get a list of utilities that can be executed
including the Status Monitor 3 Environment Check |
| U |
EPSON Stylus C44 Series |
E_S10IC2.EXE |
Epson Stylus C44 Series printer
monitor - for checking ink levels, etc |
| U |
EPSON Stylus C46 Series |
E_S4I0T1.EXE |
Epson Stylus C46 Series printer
monitor - for checking ink levels, etc |
| U |
Epson Stylus C62 Series |
E-S0BIC1.EXE |
Required for an interface to
some versions of MS Word to ensure that some fonts are printed correctly.
Start it manually if required |
| U |
Epson Stylus C82 Series |
e_s0hic1.EXE |
Required for an interface to
some versions of MS Word to ensure that some fonts are printed correctly.
Start it manually if required |
| ? |
EPSON Stylus DX4800 Series |
E_FATIADE.EXE |
Related to Epson Stylus DX4800
Series printer - what does it do and is it required in
startup? |
| U |
EPSON Stylus Photo R300 Series |
E_S4I2F1.EXE |
Epson Status Monitor 3 for the
Epson Stylus Photo R300 (and probably others) printers - monitors the status
of ink levels, a print job spooled to that printer, etc |
| U |
EPSON Stylus Photo RX420 Series |
E_FATI9CE.EXE |
Related to the EPSON Stylus
Photo RX420 Series printer/scanner/copier |
| U |
EpsonPhotoStarter |
EPSON_PhotoStarter.exe |
Only needed if you want to make
full use of the capabilities of an Epson printer that included this |
| X |
Eptr |
nopdb.exe |
Added by an unidentified WORM or
TROJAN! |
| X |
EQAdvice |
EQAdvice.exe |
Added
by NewAds1 ADAWARE! |
| U |
EQArticle |
EQArticle.exe |
EQArticle adware |
| ? |
Equipmen |
Equipmen.exe |
?? |
| U |
Eraser |
eraser.exe |
Eraser allows for complete
removal of data from your hard drive |
| U |
eRecoveryService |
check.exe |
Acer Notebook related. Acer
eRecovery allows the user to restore the operating system or backup the
current system profile, thus ensuring system integrity |
| U |
eRecoveryService |
Monitor.exe |
Part
of Acer Empowering Technology. "Acer eRecovery Management is a powerful
utility that does away with the need for recovery disks provided by the
manufacturer, and also acts as a versatile standalone backup and recovery
manager" |
| N |
EReg |
reg32.exe |
EReg is a software registration
tool incorporated on products such as those by Brøderbund, Connectix,
Hewlett-Packard, The Learning Company, and Sierra. Needless to say you don't
need it |
| X |
erfgddfk |
wind2ll2.exe |
Added by the BEAGLE.CQ WORM! |
| X |
erghgjhgdr |
windlhhl.exe |
Added by the BEAGLE.BG WORM! |
| X |
erghgjhjgdr |
windlhhl.exe |
Added by the BEAGLE.BG or
BEAGLE.BH or BEAGLE.BI or BEAGLE.BJ WORMS! |
| ? |
erm |
erm.exe |
?? |
| X |
eros.exe |
eros.exe |
Adult content dailler |
| N |
Error Nuker |
ErrorNuker.exe |
ErrorNuker registry cleaner -
only required if you want the application to run a scan at startup. The
program can be launched manually if required |
| N |
Error Safe |
ers.exe |
ErrorSafe security risk that may give exaggerated reports of
threats on the computer. The program then prompts the user to purchase a
registered version of the software in order to remove the reported threats |
| X |
ErrorGuard |
ErrorGuard.exe |
Spyware remover - not recommended, see here |
| X |
errorhandler |
errorhandler.exe |
Added by ErrorHandler ADAWARE! |
| N |
ERS |
ers_startupmon.exe |
ErrorSafe security risk that may give exaggerated reports of
threats on the computer. The program then prompts the user to purchase a
registered version of the software in order to remove the reported threats |
| N |
ERS_check |
ers_startupmon.exe |
ErrorSafe security risk that may give exaggerated reports of
threats on the computer. The program then prompts the user to purchase a
registered version of the software in order to remove the reported threats |
| N |
erscw |
erscw.exe |
ErrorSafe security risk that may give exaggerated reports of
threats on the computer. The program then prompts the user to purchase a
registered version of the software in order to remove the reported threats |
| X |
erthegdr |
windll2.exe |
Added by the BEAGLE.CG WORM! |
| X |
erthgdr |
svc.exe |
Added by the BEAGLE.BN or
BEAGLE.BP WORM! |
| X |
erthgdr |
windll.exe |
Added by the BEAGLE.AO or
BEAGLE.AQ WORMS! |
| X |
erthgdr2 |
svc23.exe |
Added by the BAGLE.CG WORM! |
| ? |
ERTS0749 |
ERTS0749.exe |
IBM Warranty Notification - presumably it's a reminder to either register or that warranty
is about to expire? |
| U |
ERUNT AutoBackup |
AUTOBACK.EXE |
ERUNT
backup utility - when added to the user's startup folder automatically backs
up the registry each time the system boots, resulting in numerous backups
that can be restored |
| Y |
eSafe Protect |
ESPWatch.exe |
eSafe
from Aladdin - internet security for gateway and E-mail servers |
| U |
ESB |
esb.exe |
Easy Start Button - provides
functionality on certain laptops that have additional keys. Not required
unless you use the extra keys |
| Y |
eScan Monitor |
AVKWCTL9X.EXE |
MicroWorld eScan antivirus |
| U |
eScan Scheduler |
avkserv.exe |
MicroWorld eScan antivirus scheduler |
| U |
eScan Updater |
Trayicos.exe |
MicroWorld eScan antivirus updater - allows users to
automatically download updates and set the auto time interval for downloads |
| X |
EScorcher |
escorcher.exe |
Part of eScorcher anti-virus
software - responsible for performing virus checks and deletions. Used to
collect information about the user and therefore treated as spyware - now the
web-site is dead |
| N |
ESFTP |
esftp.exe |
ESftp - FTP client for
transfering files between a local PC and another remote computer |
| X |
Esoh |
Esoh123.exe |
Added by the AGOBOT.FF WORM! |
| X |
Especial |
Deneca.bat |
Added by the DELUZ VIRUS! |
| N |
ESPN BottomLine |
bline.exe |
ESPN BottomLine. "You can
dock the BottomLine to the top or bottom of your screen or drag it around on
your desktop, without even worrying about a browser. As long you keep the
BottomLine running, you will continue to receive live scores and breaking
news, and by clicking on any score or news item, you will be taken directly
to the corresponding page on ESPN.com for a full break down." |
| ? |
ESS Daemon |
Essd.exe |
Related to an ESS based
soundacard. Is it required? |
| ? |
essapm |
essapm.exe |
ESS Solo soundcard driver. Is it required? |
| Y |
Essdc |
essdc.exe |
Related to an ESS Solo
soundcard. Seems as though it's required |
| ? |
ESSNDSYS |
ESSNDSYS.EXE |
Related to an ESS based
soundacard. Is it required? |
| Y |
ESSOLO |
ESSOLO.exe |
Sound card driver that
re-instates itself every time it's removed |
| Y |
esspk |
esspk.exe |
ESS Technology modem speaker
driver file. Required to get on-line with this modem |
| U |
EssSpkPhone |
essspk.exe |
ESS Technologies Call waiting,
which gets installed by the drivers for V92 modems based on ESS Technologies
chipsets |
| ? |
eSupInit |
eSupCmd.exe |
Related to SupportSoft (aka Support.com) "Real-Time
Service Management software". What does it do and is it required? |
| X |
e-Surveiller Station |
estation.exe |
Added by ESurveiller spyware. Note - ESurveiller is spyware
that monitors and records keystrokes and mouse clicks, instant message
conversations, Internet activity and applications used, must be manually
installed |
| X |
ETB Tester |
etbtest.exe |
Added
by the RBOT-ABR WORM! |
| X |
etbrun |
elit***32.exe [* = random char] |
EliteBar adware |
| X |
ethernet |
airftp.exe |
Added by a
variant of the SDBOT WORM! |
| X |
ethernet |
msftp.exe |
Added by the SDBOT.BXJ WORM! |
| X |
ethernet |
msnger.exe |
Added by a
variant of the SDBOT WORM! |
| N |
Ethernet |
tcaudiag.exe |
3Com NIC Installation/Diagnostic
MFC application. Diagnostics may be run from the Start -> Programs |
| X |
Ethernet Drivers |
ethernet.exe |
Added by the GAOBOT.CEZ WORM! |
| X |
Ethernet Drivers |
smrrs.exe |
Added by the RBOT-AAK WORM! |
| X |
Etraffic |
JavaRun.exe |
TopMoxie adware |
| Y |
eTrust EZ Firewall |
efpeadm.exe |
eTrust
EZ Firewall |
| U |
eTrust PestPatrol Active
Protection |
PPActiveDetection.exe |
PestPatrol real-time
protection feature. "Stops spyware before it infects your system" |
| X |
eTrust Realtime Monitor |
realmon.exe |
Added by the LAZAR.B TROJAN! |
| Y |
eTrustCIPE |
ezdsmain.exe |
eTrust EZ Deskshield from
Computer Associates. Protects against malicious email attachments and
unauthorized use of email by detecting and blocking unusual behavior |
| X |
eTunnel |
winfw.exe |
Added by an unidentified TROJAN! |
| X |
EUP Service |
eupsvc.exe |
Added by the DELBOT-Q WORM! |
| U |
EuroGlot |
EuroGlot.exe |
Euroglot - "multilanguage translating system, available
in the languages Dutch, English, French, German, Spanish and Italian" |
| ? |
Event Log |
eventlog.exe |
?? |
| N |
Event Planner Reminders |
PLNRnote.exe |
Sierra Event Planner tray icon |
| N |
Event Reminder |
pmremind.exe |
A calendar/alarm program that
installs with Brøderbund Printmaster |
| X |
EventApplicationCmd |
smschk.exe |
Added by the IRCBOT-AO TROJAN! |
| U |
EVENTLISTENER |
EvLstnr.exe |
Used with a Nikon digital camera
to recognize when the camera is plugged in |
| N |
eventmgr |
eventmgr.exe |
Used with a Microtek scanner.
Manages the scanner's button events. Available via Start -> Programs |
| X |
eventwvr |
eventwvr.exe |
Added by the COSIAM_G TROJAN! |
| U |
Evidence Cleaner |
ecleaner.exe |
Evidence Cleaner cleans
up tracks left by your PC and Internet activities |
| N |
Evidence Eliminator |
ee.exe |
Evidence
Eliminator - cover the tracks of your browsing habits and E-mails if you
think you need to. Run manually on a regular basis |
| X |
Evil |
Evil.exe |
Added by the MYTOB.JM WORM! |
| N |
evntsvc |
evntsc.exe |
Application Scheduler installed
along with RealOne Player. Once installed, it runs independently of RealOne
Player. See here for more information, including how to disable it. Also see
evntsvc and Realsched. Note that eventsvc.exe no longer appears to be in a
newer version. To disable "tkbell.exe" in the new version (1) Start
RealOne Player (2) Tools -> Preferences (3) Automatic services in the
Categories pane (4) Uncheck all options and then OK |
| U |
EVOLOSTA |
EVOLOSTA.EXE |
Evolo Status Monitor for
wireless network cards. Allows a user to enter a specific access-point mode
SSID, peer-to-peer mode channel, link speed, WEP encryption options, and has
enable/disable and rescan buttons. It is not needed if using Windows XP or higher,
as they have this built-in to the control panel. Also, if the user is very
sure that there is ONLY ONE network available to connect to, then they can
remove this. If it is not in startup, and the user needs to run it, they can
simply type EVOLOSTA in the Start -> Run dialog to run it |
| U |
Evoluent Mouse Manager |
EvoMouExec.exe |
Mouse manager for
Evoluent VertcialMouse |
| X |
EvtHtm |
evthtm.exe |
Premium rate adult content
dialler |
| U |
EW Message Server |
msg32.exe |
Conexant (older versions are
Brooktree) Wavestream Message Server - associated with Conexant based audio
devices |
| N |
eWare Startup |
iWareStart.exe |
eWare iWare task
bar. Not required |
| X |
ewupdater |
ewupdater.exe |
EasyWebSearch adware updater |
| X |
example |
[random filename].exe |
Added by the NUCLEAR TROJAN! Note - this trojan file is found
in the WindowsNR or WinntNR folder |
| N |
Excite Platform |
Exlaunch.exe |
Loads an Icon in the startup
tray that allows you to receive service update notices for Excite@Home if you
desire (note that since Excite@Home appears to be winding down this becomes
irrelevant). May also allow you to kill the Excite Toolbar that automatically
loads in Internet Explorer |
| ? |
Excite Private Messenger Pipe |
x8impipe.exe |
?? |
| N |
ExciteAssistantEXE |
ASSISTANT.EXE |
With Excite Assistant, you can
access a wide variety of online information, including email, news, and stock
quotes without having to have a browser window open |
| X |
exdl.exe |
exdl.exe |
BargainBuddy foistware |
| X |
exe lptt01 |
exe.exe |
RapidBlaster variant (in a
"Exe" folder in Program Files). Recommended you use RapidBlaster
Killer to uninstall - see here |
| X |
exe ml097e |
exe.exe |
RapidBlaster variant (in a
"Exe" folder in Program Files). Recommended you use RapidBlaster
Killer to uninstall - see here |
| X |
execfg4 |
execfg4.exe |
Added by the ELECTRON WORM! |
| X |
ExecUser |
ExecUser.exe |
Added by a variant of the RBOT WORM! |
| ? |
Execute |
delfolders.exe |
?? |
| X |
ExeName32 |
Warm.scr |
Added by the SCOLD WORM! |
| X |
ExFilter |
Rundll32.exe [path] cdnspie.dll,
ExecFilter |
CNNIC Update pest |
| ? |
exgiwsl |
exgiwsl.exe |
?? |
| U |
Exif Launcher |
Exiflaquickdcr.exe |
USB mass storage driver used by
some digital cameras such as the Fuji Finepix. Only required if you use it
regularly |
| U |
Exif Launcher |
QuickDCF.exe |
USB mass storage driver used by
some digital cameras such as the Fuji Finepix. Only required if you use it
regularly |
| U |
ExitKiller |
Ekiller.exe |
Exit Killer - automatically
closes pop-up windows in your browser |
| ? |
exmon |
hpimoniter.exe |
Some kind of hp digital camera
maybe or a photo smart connection probe? |
| X |
Exn |
exn.exe |
Added by the IRCBOT.RJ WORM! |
| X |
EXPL0RE.EXE |
EXPL0RE.EXE |
Added by the POPNO-A TROJAN! Note that the filename is
spelled using the digit "0" instead of the uppercase letter
"o" |
| X |
Expl0rer soft |
expl0rer.pif |
Added by the RBOT-AQR WORM! |
| X |
expler |
Updadv.exe |
Added by the QQPASS-N TROJAN! |
| X |
Explkw |
expup.exe |
Keywords hijacker |
| X |
explore |
explore.exe |
Added by any number of VIRUSES,
WORMS or TROJANS! |
| X |
Explore |
explore.exe |
Adult content dialler |
| X |
Explore |
Explorer.exe |
Added by the IRC.FLOOD.G TROJAN! Note - the legitimate
Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and
would not normally appear in Msconfig/Startup unless you added it manually! |
| X |
explore manager |
explore.exe |
Added by the DONBOMB.A TROJAN! |
| X |
explore.exe |
Explore.exe |
Added by the GRAYBIRD.G TROJAN! |
| X |
exploreff.exe |
exploreff.exe |
Added by the FINFANSE TROJAN! |
| X |
explorer |
[path to trojan] |
Added by the AGENT-EU TROJAN! |
| X |
Explorer |
[path to worm] |
Added by the AUTEX WORM! |
| X |
Explorer |
config_.com |
Added by the FLOPPY-D WORM! |
| X |
Explorer |
drv.exe |
Added by the SMALL-FD TROJAN! |
| X |
EXPLORER |
EXPL0RER.EXE |
Added by the BEASTDO-Y TROJAN! Note the "0" in the
filename rather than upper case "o" |
| X |
explorer |
expl32.exe |
Added by the RATSOU TROJAN! |
| U |
explorer |
explorer.exe |
Starts Windows Explorer. Unless
this has been manually added to startups or added by another program it could
be a virus such as PE_BISTRO or DVLDR or MYDOOM.C. Note that it is also not
the explorer.exe task/service you'll see when via CTRL+ALT+DEL |
| X |
explorer |
explorer.exe |
Added by the KEYLOG-AK TROJAN! Note - the legitimate Windows
Explorer (explorer.exe) is located in the Windows or Winnt folder and would
not normally appear in Msconfig/Startup unless you added it manually! This
one is located in a "service" subfolder of the System folder |
| X |
EXPLORER |
EXPLORER.exe |
Added by the NETHIEF-P TROJAN! Note - the legitimate Windows
Explorer (explorer.exe) is located in the Windows or Winnt folder and would
not normally appear in Msconfig/Startup unless you added it manually! This
one is located in a "SHELLEXT" subfolder of the System folder |
| X |
explorer |
explorer.exe |
Added by the BLOCKEY-A TROJAN! Note - the legitimate Windows
Explorer (explorer.exe) is located in the Windows or Winnt folder and would
not normally appear in Msconfig/Startup unless you added it manually! This
one is located in a "config" subfolder of the System folder |
| X |
Explorer |
shellexp.exe |
Added by a variant of the SHELDOR TROJAN! |
| X |
Explorer |
shellexpl.exe |
Added by the SHELDOR TROJAN! |
| X |
EXPLORER |
sys.exe |
Added by the SILLYFDC-A TROJAN! |
| X |
Explorer |
Windows Explorer.exe |
Added by the SILLYFDC-I WORM! |
| X |
explorer |
wscript.exe [filename] |
Sneaky way to start any VBS
script. Many viruses use VBS files |
| X |
explorer |
Yinstall.exe |
PurityScan/Clickspring adware |
| X |
Explorer Loader |
explorerl.exe |
Added by the SDBOT-ADI WORM! |
| X |
Explorer Loader |
explr32.exe |
Added by the AGOBOT.N WORM! |
| X |
Explorer lptt01 |
explorer.exe |
RapidBlaster variant (in a
"explorer" folder in Program Files). Recommended you use
RapidBlaster Killer to uninstall - see here.Note - this is not the legitimate
Windows Explorer (explorer.exe) which would not normally appear in
Msconfig/Startup unless you added it manually! |
| X |
EXPLORER MICROSOFT SYSTEM |
explore.exe |
Added by a variant of the RBOT WORM! |
| X |
Explorer ml097e |
explorer.exe |
RapidBlaster variant (in a
"explorer" folder in Program Files). Recommended you use
RapidBlaster Killer to uninstall - see here.Note - this is not the legitimate
Windows Explorer (explorer.exe) which would not normally appear in
Msconfig/Startup unless you added it manually! |
| X |
Explorer soft |
explorer.com |
Added by the RBOT-ARM WORM! |
| X |
Explorer soft |
explorer.pif |
Added by the RBOT-APK WORM! |
| X |
Explorer Updater |
IEXPLORE.exe |
Added by the SDBOT-WO WORM! Note
- this is not the legitimate Internet Explorer iexplore.exe process which is
always located in the Program FilesInternet Explorer folder and should not
normally figure in Msconfig/Startup! This file is located in the System
(9x/Me) or System32 (NT/2K/XP) folder |
| X |
explorer.exe |
explorer.exe |
Added by the AGENT-EW or PWS-CY
TROJANS! Note - the legitimate Windows Explorer (explorer.exe) is located in
the Windows or Winnt folder and would not normally appear in Msconfig/Startup
unless you added it manually! This one is located in the System (9x/Me) or
System32 (NT/2K/XP) folder |
| X |
explorer.exe |
explorer.exe |
Added by the DELF-ACL TROJAN! Note - the legitimate Windows
Explorer (explorer.exe) is located in the Windows or Winnt folder and would
not normally appear in Msconfig/Startup unless you added it manually! This
one is located in the Program Files folder |
| X |
Explorer32 |
efsdfgxg.exe |
Added by the CLICKER-Y TROJAN! |
| X |
Explorer32 |
Expl32.exe |
Added by the HACKTACK.B TROJAN! |
| X |
Explorer32 |
explorer6s4.exe |
Added by the
Downloader.Win32.Small.biq TROJAN! |
| X |
ExploreUpdSched |
[random filename].exe |
ZenoSearch adware |
| X |
exporet |
winset.exe |
Added by the QQPASS-I TROJAN! |
| U |
Express ClickYes |
ClickYes.exe |
"Express ClickYes is
a handy tool that runs in the system tray automatically clicks the Yes button
for the Outlook Security security prompt, that asks you to confirm mail
sending from third party applications" |
| U |
Exshow95 |
EXSHOW95.exe |
Support software for some of the
Kensington mice. Provides access to extra features like those available with
enhanced Logitech and MS devices |
| X |
External Dependencies |
External.exe |
Added by the MYTOB.EC WORM! |
| U |
ExtraDNS |
ExtraDNS.exe |
ExtraDNS - DNS
configuration tool |
| ? |
Extranet AutoDial |
AutoExt.exe |
Nortel Networks Contivity
Extranet Switching Software |
| ? |
ExxtremeHelperDemon |
exxdemon.exe |
Creative Exxtreme graphics card
related? |
| N |
Eye Tide Launcher |
oneeyetideone.exe |
Nascar wallpaper |
| Y |
EZ Firewall |
ca.exe |
eTrust
EZ Armor Internet Security |
| N |
ezagent |
ezagent.exe |
EzVCR
recording software for the ASUS TV FM card. Available via Start ->
Programs |
| N |
EzButton |
EzButton.EXE |
EZbutton is a quick launcher for
the Media player app that comes with certain laptops |
| N |
EZDesk |
EZDESK.EXE |
Utility that remembers icon
locations for each user and resolution. Available here |
| N |
EzEjMnAp |
EzEjMnAp.exe |
For IBM Thinkpad Notebooks.
Quote: "The IBM ThinkPad EasyEject Utility makes removing multiple
devices from your computer faster and easier by enabling you to stop more
than one device at once, rather than stopping each device individually".
Available via Start -> Programs |
| X |
eZmmod |
mmod.exe |
eZula TopText adware |
| ? |
EZNORUN |
EZNORUN.EXE |
Easy Internet related? |
| N |
EzPrint |
ezprint.exe |
Configuration options for
Lexmark printing devices |
| Y |
ezPS_Px |
ezSP_Px.exe |
Engine that allows
PrimoDVD from Veritas (was Prassi) and Drag'n Drop CD from Easy Systems (and
maybe others) to record and protects against other software overwriting the
settings |
| Y |
ezPS_Px |
ezSP_PxEngine.exe |
Engine that allows
PrimoDVD from Veritas (was Prassi) and Drag'n Drop CD from Easy Systems (and
maybe others) to record and protects against other software overwriting the
settings |
| Y |
ezShieldProtector for Px |
ezSP_Px.exe |
Engine that allows
PrimoDVD from Veritas (was Prassi) and Drag'n Drop CD from Easy Systems (and
maybe others) to record and protects against other software overwriting the
settings |
| Y |
ezShieldProtector for Px |
ezSP_PxEngine.exe |
Engine that allows
PrimoDVD from Veritas (was Prassi) and Drag'n Drop CD from Easy Systems (and
maybe others) to record and protects against other software overwriting the
settings |
| U |
EZSMART App |
ezsmart.exe |
EZ-S.M.A.R.T. hard drive
monitoring software from StorageSoft - appears to be no longer supported |
| X |
ezula |
eZmmod.exe |
eZula TopText adware |
| X |
eZulaMain |
eZulaMain.exe |
eZula TopText adware |
| X |
eZuluMain |
eZuluMain.exe |
Comes with "KaZaA"
installation. Advertising Spyware. Not required but KaZaA won't work |
| X |
eZWO |
wo.exe |
eZula TopText adware |
| X |
f~a |
ra32.exe |
Added by the CAY TROJAN! |
| U |
f1Tray.exe |
F1TRAY.EXE |
System Tray icon
for FusionOne's MightyPhone software. "MightyPhone is a concept for
wirelessly synchronizing the data on your mobile phone with your web-based or
PC based organizer" |
| X |
f607 |
f607.exe |
Added by the URAT.B TROJAN! |
| X |
f73cdc8ee94e |
btsendto.exe |
Associated with
mysearchnow.com/searchbar.html |
| U |
FamilyKeyLogger |
cisvc.exe |
Family
Keylogger is a program that lets you record to a special file and then view
all the keystrokes typed by everyone using your computer. Keystroke
logger/monitoring program - remove unless you installed it yourself! |
| X |
Fantasia injector |
wincfg.exe |
Added by the AGOBOT.US WORM! |
| ? |
fapmon |
fapmon.exe |
Fair Access Policy
monitor for DirecPC/DirecWay internet access |
| X |
farmmext |
farmmext.exe |
VX2.Transponder parasite updater/installer related |
| X |
Fash |
Fash.exe |
Unidentified adware |
| N |
fast |
fast.exe |
Installs as part of Windows XP
PowerToys as an option for very-fast user switching (allowing a keystoke to
switch users instead of using the login screen). It is only used for the
hot-key switch and yet it hogs 1.5 megs of memory in two separate processes
(one run by the user & one by the system). Optional install in PowerToys |
| N |
FAST Defrag |
FAST2.EXE |
FastDefrag defragmenting software |
| X |
Fast Home |
svcnvt.exe |
Recognized by Kaspersky
antivirus as Trojan-Downloader.Win32.Delf.ks This file may be found in the
System folder on 9x machines, however as of this writing it has only been
seen in the System32 folder |
| X |
Fast Search |
svcnv.exe |
Homepage, Startpage hijacker.
Possible variant of Trojan-Downloader.Win32.Delf |
| X |
Fast start |
Ntut.exe |
Adware - recognized by
Kaspersky antivirus as Trojan.Win32.Favadd.I |
| X |
Fast start |
svcnt.exe |
Adware - recognized by
Kaspersky antivirus as a variant of the FAVADD TROJAN! |
| U |
FastCache |
fc.exe |
FastCache
from AnalogX - speeds up browsing by resolving DNS requests locally |
| X |
FastStart |
ntnut32.exe |
Added by the STARTPAGE.L TROJAN! |
| X |
FastStart |
svcnut.exe |
Browser hijacker - a variant of the STARTPAGE.L TROJAN! |
| X |
FastStart |
svcnut32.exe |
Browser hijacker - a variant of the STARTPAGE.L TROJAN! |
| N |
FastTrack Accelerator |
SPEED UP.EXE |
FastTrack Accelerator - "speedup" utility for
programs that use the FastTrack network such as KaZaA Media Desktop, Grokster
and Morpheus |
| X |
FASTTRACKNETVISION |
NETVISION.exe |
DialCar-Z premium rate dialer |
| N |
FastUser |
fast.exe |
Installs as part of Windows XP
PowerToys as an option for very-fast user switching (allowing a keystoke to
switch users instead of using the login screen). It is only used for the
hot-key switch and yet it hogs 1.5 megs of memory in two separate processes
(one run by the user & one by the system). Optional install in PowerToys |
| N |
FastUsr |
fast.exe |
Installs as part of Windows XP
PowerToys as an option for very-fast user switching (allowing a keystoke to
switch users instead of using the login screen). It is only used for the
hot-key switch and yet it hogs 1.5 megs of memory in two separate processes
(one run by the user & one by the system). Optional install in PowerToys |
| U |
FatPipe |
DHCP |
Software enabling high speed
internet browsing (2-4 times faster) and internet connection sharing for up
to 5 users |
| U |
Fatpipe Dialer |
fpdialer.exe |
Dailler for Fatpipe - software
enabling high speed internet browsing (2-4 times faster) and internet
connection sharing for up to 5 users |
| U |
fatrecov |
fatrecov.exe |
SCKeyLog.j keystroke
logger/monitoring program - remove unless you installed it yourself! |
| U |
FaxCenterServer |
fm3032.exe |
FaxMan
integrates complete fax send and receive support into Windows applications
without requiring additional fax software. Incorporated into software by
Lexmark, MCI, Lotus, My Software, Broderbund, Traffic Software and many
others |
| U |
FaxCtrl.exe |
ASMediaProxyServer.exe |
Part of Avaya's Contact Center Express - "a
multi-channel, high-volume software solution from Avaya designed specifically
for the intelligent routing and computer telephony integration (CTI) needs of
medium-sized contact centers" |
| N |
FaxTalk CallControl 6.0 |
FTClCtrl.EXE |
This allows the software to
handle incoming and outgoing communications without requiring the FaxTalk
Communicator application to be loaded into memory. Can be started manually |
| U |
FBDirect |
FBDirect.exe |
Software that monitors the
status of a Visioneer OneTouch scanner button and allows you to scan, fax,
copy, print, and easily communicate by simply dragging and dropping scans on
your PaperPort Desktop!. The **** represents the model, 5300, 7600, etc. Available
via Start -> Programs |
| ? |
FBI |
FBISM.exe |
Compaq related but what does it
do? |
| X |
fc |
runfc.exe |
Added by the CAMPURF WORM! |
| X |
FCEngine |
FCEngine.exe |
CASClient adware |
| X |
FCHelp |
FCHelp.exe |
Added by either FCHelp adware or a variant of it |
| X |
FCMan |
FCMan.exe |
FCHelp adware |
| U |
FD_SAP |
FD.exe |
Reported to be the autopassword
program from the Sony Microvault thumb drive |
| X |
FDD SYSTEM |
Fdd.exe |
Added by the MYTOB-FO WORM! |
| X |
Fdr Command Module |
sp2.exe |
Added by the SDBOT.WP WORM! |
| X |
FDriver |
windrv.exe |
Added by the DELF.WG TROJAN! |
| X |
feelalright |
mirc.exe |
Added by the IRCFLOOD-M WORM! |
| U |
FEELitDeviceManager |
feelitdm.exe |
Associated with Immersion
TouchSense devices (Logitech Wingman Force Feedback Mouse and possibly other
peripherals) |
| X |
fegoze |
SVCH0ST.EXE |
Added by the GRAYBIRD.D VIRUS! Note - the filename has the
digit 0 rather then the uppercase "o" |
| U |
Fellowes Proxy |
R3proxy.exe |
Installed with Fellowes
EasyPoint mouse software. Not necessary for normal functioning of Fellowes
mice but it is necessary to use the extended features of all Fellowes mice |
| X |
Fen Startups |
fensvc32.exe |
Added by the RANDEX.CCF WORM! |
| U |
FerrariWallPaper |
FerrariWP.exe |
Calendar that replaces the
default desktop background image. It comes with every Acer Ferrari 3000
laptop. Also downloadable for members of www.ferrari.com |
| X |
ffis |
ffisearch.exe |
iSearch
"Desktop Search" hijacker |
| U |
FG1_00 |
frntgate.exe |
FrontGate
MX - e-mail spam blocker |
| X |
fGQEGqHOME |
gwwgtp.exe |
Added by the RANKY.J TROJAN! |
| X |
FHPage |
shdochp.exe |
Added by the DELF-Ks TROJAN! |
| X |
FHStart |
shdocsvc.exe |
Added by the DELF-Ks TROJAN! |
| U |
Fhtisxk |
fhtisxk.exe |
XtraKeys keystroke
logger/monitoring program - remove unless you installed it yourself! |
| U |
FieldForms Sync |
SyncService.exe |
Resco
FieldForms. A solution for building of mobile forms that can be viewed or
filled in on the run, on a wide range of mobile devices. Supports Microsoft
Access databases, and provides for synchronization of other data as well |
| X |
FiendlyType |
csrss.exe |
Added by the WEBUS TROJAN! Note
- this is not the legitimate csrss.exe process, which should not appear in
Msconfig/Startup! |
| X |
FILE |
abcdefg.exe |
Added by the KELVIR.DD WORM! |
| ? |
file indexing service |
msfindfile.exe |
New version of MS FindFast and
still a resource hog? |
| X |
file laoder configuration |
rnd32.exe |
Added by the RBOT.BQJ WORM! |
| X |
File System |
taskmqr.exe |
Added by the RBOT.BWQ WORM! |
| X |
File System |
taskmqrs.exe |
Added by a variant of the TOXBOT/CODBOT WORM! |
| X |
File System Service |
wmiprvsc.exe |
Added by the AGOBOT-HZ TROJAN! |
| X |
File0_0 |
MD1.exe |
Added by the DLOADER-OR TROJAN! |
| X |
File1 |
Dia Claro.htm |
Added by the DLOADER-OR TROJAN! |
| X |
FileFreedom_Plugin |
wtm.exe |
FileFreedom peer-to-peer
sharing program |
| X |
FileManager32 |
Wscript.exe ..ChkMgr32.vbs |
Added by the NOTUP.A WORM! |
| X |
FileSoft |
Wscript.exe UpdataFiles.vbs |
Added by the SST.B WORM! |
| U |
FilmLoop |
FilmLoopService.exe |
Related to FilmLoop - a
photocasting network. Share your pictures with your family and friends |
| U |
FilterGate |
filtergate.exe |
Filtergate internet
filtering software - filters sounds, popup ads, background sound and other
unnecessary website items |
| U |
Filterguard |
Filtrgrd.exe |
An icon located in the lower
left of the screen and looks like a lifesaver. This icon is a
"short-cut" to access the basic features of SOS-Guardian,
SOS-KidProof Lite, SOS Best Defense and SOS Pro such as Internet filtering
utility. You can access this menu by "right-clicking" on the icon |
| X |
Find |
find.exe |
Added by the OPANKI WORM! |
| X |
Find Fast |
Findfast.exe |
Complete utter waste of space!
Part of MS Office - searches disk drives for Office file types to make
opening them easier |
| Y |
Find Virus Launch Program |
fvlaunch.exe |
Part of Dr. Solomon's
Antivirus |
| X |
FindHack |
[path to trojan] |
Added by the KELVIR-BA TROJAN! |
| U |
FinePrint Dispatcher v4 |
fpdisp4.exe |
FinePrint
Dispatcher - handles the spooling of print jobs to the FinePrint printer.
Version 4.x of the software. "FinePrint saves ink, paper, time and money
by controlling and enhancing printed output" |
| U |
FinePrint Dispatcher v4 |
fpdisp4a.exe |
FinePrint
Dispatcher - handles the spooling of print jobs to the FinePrint printer.
Version 4.x of the software. "FinePrint saves ink, paper, time and money
by controlling and enhancing printed output" |
| U |
FinePrint Dispatcher v5 |
fpdisp5a.exe |
FinePrint
Dispatcher - handles the spooling of print jobs to the FinePrint printer.
Version 5.x of the software. "FinePrint saves ink, paper, time and money
by controlling and enhancing printed output" |
| N |
FineReader7NewsReaderPro |
AbbyyNewsReader.exe |
ABBYY
FineReader OCR software - version 7 |
| X |
Fire Wall services |
[random filename] |
Added by the IRCBOT-QY WORM! |
| X |
FireFox |
firefox.exe |
Added by the RBOT-ATP WORM! Note
- this is not the popular FireFox web browser and is located in the System
(9x/Me) or System32 (NT/2K/XP) folder |
| X |
FireFox Service Drivers |
ssmss.exe |
Added by a
variant of the SDBOT WORM! |
| X |
FireFox Startup Drivers |
wuaclt.exe |
Added by the RBOT.BYX WORM! |
| X |
firefox.exe |
firefox.exe |
Added by the BANKER-EBO TROJAN!
Note - this is not the popular FireFox web browser and is located in the
System (9x/Me) or System32 (NT/2K/XP) folder |
| X |
Firewall |
Firewall.bat |
Added by the YPSAN.G WORM! |
| X |
firewall |
fw_304.exe |
Added by the JQ TROJAN! |
| X |
Firewall |
SP2 UPDATE.exe |
Added by the ELITPER.E WORM! |
| X |
Firewall |
wmlaunch .exe |
Added by the ELIPTER.A or
ELIPTER.B WORMS! |
| X |
Firewall |
wmlaunch .exe |
Added by the ELIPTER.D WORM! |
| X |
Firewall auto setup |
winlogon.exe |
Added by a TROJAN - see here.
Note - this is not the legitimate winlogon.exe process, which should not
appear in Msconfig/Startup! |
| X |
Firewall Policy |
MidiDef32.exe |
Added by the PIEBOT-A TROJAN! |
| X |
Firewall Sp2 system |
sys32Conf.exe |
Added
by the Rbot-ABT WORM! |
| X |
Firewall Update System1 |
WinedowsUpdater1.exe |
Added by the RBOT-ARU WORM! |
| X |
Firewall Updater |
msnupdateit.exe |
Added by the RBOT-AAQ WORM! |
| X |
Firewall.exe |
Firewall.exe |
Added by the AGENT.AGL WORM! |
| X |
firewall_anti |
firewall_anti.exe |
Added by the NETDENY-B TROJAN! |
| X |
FirewallActivies |
csrss.exe |
Added by the BANKER-AQ TROJAN!
Note - this is not the legitimate csrss.exe process which is always located
in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is located in a "3041" subfolder |
| U |
FirewallStartup |
Firewallstartup.exe |
Innovative
Startup Firewall - "designed to protect your computer from programs that
install themselves in the StartUp area of your Windows without asking for
your approval. Innovative StartUp Firewall will help you keep your computer
clean, fast and in it's best shape" |
| X |
FirewallSvr |
FirewallSvr.exe |
Added by the NETSKY.X or
NETSKY.Y WORMS! |
| X |
FireWire Driver |
samx.exe |
Added by the SDBOT.AE WORM! |
| X |
FireWire Service |
nvscv32.exe |
Added by a
variant of the SDBOT WORM! |
| X |
FireWire Services |
nvcsv32.exe |
Added by a variant of the SPYBOT WORM! |
| X |
First Home Page |
http://find.naupoint.com |
Naupoint browser hijacker |
| X |
FIX |
WinFIX1.0.vbs |
Added by the GORMLEZ-A WORM! |
| Y |
Fix-it |
mxtask.exe |
Part of Ontrack's Fix-it
Utilities Suite. Loads a System Tray icon that lets you access the full
program. Needed if you run the crash guard, intellicluster, anti-virus, or
autoupdater. Otherwise not required |
| Y |
Fix-it AV |
memcheck.exe |
Part of Ontrack's Fix-it
Utilities Suite anti-virus. Performs a quick check of memory for signs of any
virus. Exits afterward and returns all resources used in one user's
experience. Not required but could be left without a drain on resources |
| U |
FjMenu |
FjMenu.exe |
From the "Fujitsu
Menu" tray icon you have instant access to the Control Panel, Tablet pc
keyboard, Tablet and pen settings, Fujitsu display controls, brightness
control, sounds and audio devices, capture screen, capture window, organize
favorites, power options, printers and faxes, LCD brightness MIN, LCD
brightness MAX, Enable/disable Button Panel and the Fujitsu menu settings,
which are customizable |
| U |
FJTWAIN Setup |
FjtwSetup.exe |
Fujitsu scanner utility |
| X |
FKS v2.0 |
msngr.exe |
Added by an unidentified WORM or
TROJAN! |
| N |
fkSysMon |
fksysmon.exe |
fkWrae SysMon
- system monitor - "displays the current memory consumption, CPU and
resource usage, date, time, Windows uptime, IP address and a lot more" |
| X |
FlaCPY |
flacpy.exe |
FlashEnhancer adware variant |
| X |
Flash_Player_Install |
ying.exe |
Added
by Constructor VC2000 malware |
| ? |
FLASH32 |
-flash32.exe |
?? |
| U |
FlashEnc |
FlashEnc.exe |
Supplied with EasyDisk USB pen
devices. The utility manages the encryption and compressed folders options.
It will create these folders if running on the USB key without permission,
which is a pain. No need for it if you do not want these features |
| X |
Flashget Download Manager |
Flashget.exe |
Added by the RBOT-AGZ WORM! |
| N |
FlashPath Monitor |
FLSHSTAT.EXE |
System Tray icon that you can't
get rid of - and does not need to run!. Tells you the battery status in the
floppy disk adapter for the smartmedia cards. Available via Start ->
Programs |
| N |
FlashPath Monitor |
SDSTAT.EXE |
System Tray icon that you can't
get rid of - and does not need to run!. Tells you the battery status in the
floppy disk adapter for the smartmedia cards. Available via Start ->
Programs |
| N |
FlashPath Status |
FLSHSTAT.EXE |
System Tray icon that you can't
get rid of - and does not need to run!. Tells you the battery status in the
floppy disk adapter for the smartmedia cards. Available via Start ->
Programs |
| N |
FlashPath Status |
SDSTAT.EXE |
System Tray icon that you can't
get rid of - and does not need to run!. Tells you the battery status in the
floppy disk adapter for the smartmedia cards. Available via Start ->
Programs |
| X |
FlenCPY |
flencpy.exe |
FlashEnhancer adware variant |
| U |
Flexicd |
Flexicd.exe |
CD player - part of the Win95 Power Toys |
| U |
FLMK08KB |
MMKEYBD.EXE |
Multimedia keyboard manager.
Required if you use the additional keys |
| U |
FLMOFFICE4DMOUSE |
moffice.exe |
Micro
Innovations mouse management |
| U |
FLMOFFICE4DMOUSE |
mouse32a.exe |
Micro
Innovations mouse management |
| ? |
FLMTRUSTKB |
KbdAp32A.exe |
Keyboard utility for a Trust
brand keyboard. What does it do and is it required? |
| U |
FLMTRUSTMOUSE |
mouse32a.exe |
Mouse utility for a Trust brand
mouse |
| X |
FlnCPY |
flncpy.exe |
FlashEnhancer adware variant |
| X |
FLooDNeT |
FLooDeR.exe |
Added by the ENDOOL TROJAN! |
| X |
Floppy Master |
[path to trojan] |
Added by the ZONIT-F TROJAN! |
| ? |
Flow Go TV |
flogotv.exe |
?? |
| X |
flps |
flps.vbs |
Added by the BYRON WORM! |
| X |
flpycntl |
flpycntl.exe |
Added by the CRYPTER.C TROJAN! |
| ? |
FLSVCI |
FLSVCI.exe |
?? |
| Y |
FltProcess |
msinet.exe |
Part of Cyber Patrol internet filtering
software to restrict access to certain types of material on the internet. It
can be disabled but do not ask how it's done |
| X |
FlyswatDesktop |
flydesk.exe |
Advertising spyware |
| U |
FmctrlTray |
Fmctrl.EXE |
Genius SM-Live Control Panel.
Enhances audio output through Genius sound cards (makes a big
difference and worth the 3MB Ram used) |
| X |
fmnwebassist |
fmnwebassist.exe |
Adware popup generator |
| U |
FMStart |
Fmstart.exe |
GFI FAXmaker - native fax
connector for Microsoft Exchange Server or for networks, allows all users to
send and receive faxes right from their desktop |
| X |
FMSZ |
fmsz.exe |
Added by the FMSZ TROJAN! |
| X |
fnmwebassist |
fnmwebassist.exe |
WinPL adware |
| ? |
Focus |
Focus.exe |
ISDN configuration wizard? |
| X |
Folder Service |
wssdtu.exe |
Added by the MANIFEST TROJAN! |
| U |
Folder View |
folderview.exe |
Folder View
enhances the Windows file Explorer by making all folders you need available
in a single click |
| U |
FolderClone v*.*.* |
folderclone.exe |
Folderclone
backup and synchronization software |
| N |
Folding@home |
WINFAH.EXE |
Folding@Home is a distributed
computing project which studies protein folding, misfolding, aggregation, and
related diseases - must be running in order to access the internet to upload
to the servers. Available via Start -> Programs |
| N |
FoneSyncSystemTray |
FoneSyncSystemTray.exe |
System Tray icon for Nokia
FoneSync utility for the 7160/7190 mobiles. Useful to send data from/to the
cell phone and the computer. You can use it to backup data or even to input
data through the computer keyboard (which naturally is much more comfortable).
Run manually when required |
| X |
FontFix |
fontfix.exe |
Added by an unidentified VIRUS,
WORM or TROJAN! |
| N |
fontnav |
FontNav.exe |
Font Navigator from
Bitstream Inc. - a font management utility |
| X |
FontsLoader |
ldfnt32.hta |
Unidentified malware |
| X |
FONTVIEW |
FONTVIEW.EXE |
Added by the OPASERV.T WORM! |
| U |
FooBar 1.0 |
FooBar.exe |
FooBar - "combines
fifteen high-quality productivity tools in a single toolbar that floats on
your desktop or runs in the Windows task bar" |
| X |
foobin lptt01 |
adaware.exe |
RapidBlaster variant (in a
"foo1" folder in Program Files). Recommended you use RapidBlaster
Killer to uninstall - see here |
| X |
foobin ml097e |
adaware.exe |
RapidBlaster variant (in a
"foo1" folder in Program Files). Recommended you use RapidBlaster
Killer to uninstall - see here |
| Y |
FoolProof |
fpwinldr.exe |
FoolProof
Security PC security software from SmartStuff |
| Y |
FoolProofSweep |
?? |
Part of
FoolProof Security PC security software from SmartStuff |
| N |
Forbes |
ForbesAlerts.exe |
Forbes Business News Alerts -
displays business news headlines in a little window on the screen |
| X |
ForceShow |
rundll32.exe QaBar.dll,
ForceShowBar |
AdultLinks.QBar parasite related |
| N |
Forget Me Not |
AGRemind.exe |
Calendar
reminder part of Broderbund's American Greetings® CreataCard® |
| X |
FortiClient |
FortiClient.exe |
Fortinet security systems are
the new generation of real time network protection systems |
| U |
Fortis Secure Layer Config |
cseinst.exe |
Fortis Bank Home Banking part.
Installed during the installation of the software necessary to run the Home
Banking. According to Fortis Bank this will not in any way be harmful to the
system or relay system information |
| N |
FotoStation Easy AutoLaunch |
FotoStation Easy AutoLaunch.exe |
Installed with a Nikon digital
camera. Used to collect photos uploaded from camera program NkVwMon.exe. If
your camera is not connected (via USB port) you do not need this program
loaded either |
| U |
Foul PX |
FoulPX.exe |
Foul PX, Optusnet usage stat
checker |
| U |
FourthDay |
FourthDay.exe |
The
Fourth Day - "astronomical clock and almanac for your system tray" |
| X |
foxdh |
foxdh.exe |
Added by the GWGHOST-Q TROJAN! |
| X |
foxdh |
foxdhend.exe |
Added by the MENGHUAN TROJAN! |
| X |
foxrxjh |
foxrxjh.exe |
Added by the GWGHOST-T TROJAN! |
| X |
foxwudy9912 |
service.exe |
Added by the BANCOS-BT TROJAN! |
| Y |
FP Loader |
loadfp.exe |
FoolProof
Security - PC security software from SmartStuff |
| ? |
FPWGMWZD |
FPWGMWZD.exe |
?? |
| N |
Fpx |
mnmsrvc.exe |
Remote Desktop Sharing service
part of Microsoft's Netmeeting allowing users to share items on their screens
across remote locations |
| X |
fqor |
stub_113_4_0_4_0.exe |
TargetSaver adware |
| X |
FrameWork 2.5 |
FrameWork.exe |
Added by the RBOT-FMW WORM! Note - can terminate AV related
processes |
| X |
France |
svchost.exe |
Added by the MIMAIL.L WORM! Note
- this is not the legitimate svchost.exe process which is always located in
the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is located in the Winnt or Windows
folder |
| U |
Fraps |
fraps.exe |
Fraps Real-Time Video Capture
software |
| N |
Free Download Manager |
fdm.exe |
"Free
Download Manager" - see here |
| ? |
Free Downloads Monitor |
fdcmon.exe |
?? |
| U |
Free Ram Optimizer |
fro.exe |
Free Ram Optimizer monitors your
memory, and frees up ram if it falls below a certain minimum. MS MVPs (Most
Valued Professional) recommend not using memory managers with Win98/ME. See
this article and make up your own mind |
| Y |
Freedom |
Freedom.exe |
Freedom Internet Security & Privacy - anti-virus,
personal firewall and parental control. It also blocks ads, safeguards your
personal information, encrypts your passwords, and much more. No longer
available for sale |
| U |
FreeMem Pro |
FMEMPRO.EXE |
FreeMem Pro -
memory optimizer. MS MVPs (Most Valued Professional) recommend not using
memory managers with Win98/SE/ME. See this article and make up your own mind |
| U |
FreeMemVn2 |
FreeMem.exe |
FreeMem - memory
optimizer. MS MVPs (Most Valued Professional) recommend not using memory
managers with Win98/SE/ME. See this article and make up your own mind |
| X |
FreeMP3download |
rundll32.exe MSA64CHK.dll,
DllMostrar |
MatrixDialer related |
| U |
FreeRAM XP |
FreeRAM XP Pro *.exe |
FreeRAM XP Pro - memory
optimizer where * represents the version. MS MVPs (Most Valued Professional)
recommend not using memory managers with Win98/SE/ME. See this article and
make up your own mind |
| X |
freestyle |
lockx.exe |
Added by the RBOT-ATH WORM! |
| U |
freesurfer |
fs20.exe |
EMS Free
Surfer mk II - pop-up stopper |
| X |
freexstyle |
lockbar.exe |
Added by the LOXBOT.D WORM! |
| X |
freexstyle |
lockbr.exe |
Added by the LOXBOT.C WORM! |
| U |
Fresh Desktop |
freshdesktop.exe |
Fresh
Desktop is a utility that lets you manage vast collections of wallpapers for
your desktop with ease. When run on bootup it changes the desktop wallpaper
at startup or at specified intervals |
| N |
freshclam |
freshclam.exe |
Auto update agent of the open source Clamwin virus scanner |
| ? |
frguk |
shdrkmck.exe |
?? |
| ? |
FridaysInHellInstaller |
FridaysInHellInstaller.exe |
?? |
| X |
FriendlyType |
lsass.exe |
Added by the WEBUS.B TROJAN!
Note - this is not the legitimate lsass.exe process which is always located
in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is located in the System folder |
| X |
FriendlyTypeName |
services.exe |
Added by the NEVEG.B or NEVEG.C
WORMS! Note - this is not the legitimate services.exe process, which should
not appear in Msconfig/Startup! |
| X |
FriendlyTypeName |
winlogon.exe |
Added by the NEVEG.A WORM! Note
- this is not the legitimate winlogon.exe process, which should not appear in
Msconfig/Startup! |
| N |
FriendlyWebQuick-Launch |
SELFCERT.EXE |
selfcert.exe is a stand alone
program for creating your own digital certificates for macros - the .exe is
installed as an extra basically by clicking on MS Office in add/remove
programs and selecting remove - also I would do away with the FriendlyWebQuickLaunchBar
as well |
| U |
FRISK FP-Scheduler |
F-Sched.exe |
Scheduler for F-Prot anitvirus software. Leave enabled unless
you scan manually on a regular basis |
| ? |
FRITZ!DSL Startcenter |
StCenter.exe |
FRITZ! ISP software
"StartCenter" User interface that allows you to manage, tweak and
diagnose many aspects of your internet connection - is it
required? |
| U |
FRITZ!webProtect |
FwebProt.exe |
Firewall included in FRITZ! ISP
DSL software |
| N |
Fromine WinPopup |
winpopup.exe |
Instant Messenger program |
| X |
Frsk |
frsk.exe |
Unidentified adware downloader
trojan |
| Y |
FRW_EXE |
FRW.EXE |
ConSeal
Signal9 firewall - now McAfee Personal firewall |
| Y |
frxmxins |
frxmxins.exe |
ATI 3D Studio MAX/VIZ driver |
| X |
FS Agent |
fagent.exe |
Added by the VOLVER-B TROJAN! |
| X |
FS6519 |
FS6519.dll.vbs |
Added by the SOLOW.B WORM! |
| Y |
fsaa |
fsaa.exe |
F-Secure antivirus
Authentication Agent - creates and stores private keys used by a client to
access servers |
| N |
FSCBoss |
FSCBoss.exe |
Free Store Club shop online
software |
| ? |
FSDPSRV |
FSDPSRV.exe |
?? |
| X |
F-Secure 2005 |
svchost.exe |
Added by the BIFROSE-CH TROJAN!
Note - this is not the legitimate svchost.exe process which is always located
in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is located in the Winnt or Windows
folder |
| Y |
F-Secure 2006 |
fspex.exe |
F-Secure Anti-Virus automatic
updater |
| U |
F-Secure Management Agent |
FSMA32.EXE |
F-Secure antivirus - F-Secure
Policy Manager provides tools for administering F-Secure software products |
| Y |
F-Secure Manager |
FSM32.EXE |
F-Secure antivirus - carry
out scheduled virus scans automatically |
| Y |
F-Secure Startup Wizard |
FSSW.EXE |
F-Secure antivirus |
| Y |
F-Secure TNB |
TNBUtil.exe |
F-Secure antivirus |
| X |
FSH |
svcnva.exe |
Malware, detected by Ewido
Security Suite as TrojanDownloader.Delf.ks |
| U |
fsp |
fsp.exe |
Folder Shield
- hide entire directories and thus prevent access by anyone else to your
personal files and documents |
| Y |
fspr |
FolderShield.exe |
Folder Shield -
hide personal files and folders |
| N |
FSScrCtl |
FSScrCtl.exe |
Screen saver control applet used
by the "Stardust Screen Saver Toolkit" and "SolidWorks Screen
Saver" |
| U |
fsserv |
fserv.exe |
Farsighter
Server - monitors a remote computer invisibly by streaming video to a viewer
on your computer. You will know exactly what is happening on the remote
computer as you see it in real-time |
| Y |
F-StopW |
F-StopW.exe |
F-Prot
anti-virus background scanner by F-Risk Software |
| X |
FSW |
FSW.exe |
FreeScratchAndWin parasite |
| U |
FSWebServer |
fsws.exe |
Easy File Sharing Web
Server is a Windows program that allows you to host a secure peer-to-peer and
web-based file sharing system without any additional software or services |
| X |
FtkCPY |
ftkcpy.exe |
FlashEnhancer adware variant |
| U |
FtLnSOP_setup |
FtLnSOP.exe |
Fujitsu scanner utility |
| U |
FTMSFLT(USB) |
FTMSFLTU.EXE |
Fujitsu's Touch Panel Message
Notifier |
| X |
FTP FOR WINDOWS |
ftpwin32.exe |
Added by a variant of the RBOT WORM! |
| X |
FTPGraber |
FTPGraber.exe |
Added by the DLOADER-DT TROJAN! |
| N |
FTPManager |
FTPDM.exe |
"Robust FTP is a
Windows-based file transfer client application that transfers files between a
user's local PC and another, remote computer system connected via a modem and
telephone lines or by a local-area network (with upload transfer resume and download
transfer resume)". Can be started manually |
| U |
Ftpqueue |
Ftpsched.exe |
Part of
WS_FTP Pro from Ipswitch. Queueing facility for scheduling FTP transfers |
| U |
ftutil2 |
rundll32.exe [path] ftutil2.dll,
SetWriteCacheMode |
Related to Promise Technology's FastTrak SX4030/4060 PCI ATA
Raid 5 controller (and possibly others) |
| X |
Fucker |
fucker.vbs |
Added by the CATCHER-A WORM! |
| U |
Fujitsu Menu |
FjMnuIco.exe |
From the "Fujitsu
Menu" tray icon you have instant access to the Control Panel, Tablet pc
keyboard, Tablet and pen settings, Fujitsu display controls, brightness
control, sounds and audio devices, capture screen, capture window, organize
favorites, power options, printers and faxes, LCD brightness MIN, LCD
brightness MAX, Enable/disable Button Panel and the Fujitsu menu settings,
which are customizable |
| X |
fukerservice |
fukerz.exe |
Added by a variant of the RBOT WORM! |
| X |
FUKLBAR |
bar.exe |
PurityScan/Clickspring adware |
| U |
FusionHdtvTray |
FusionHdtvTray.exe |
FusionTrayAgent -
main executable for DVICO FusionHDTV software. It adds an icon to system tray
that allows you to easily access Fusion HDTV software |
| U |
FusionRC |
FusionRC.exe |
Remote control
manager for DVICO FusionHDTV |
| U |
FusionRemote |
FusionRc.exe |
Remote control
manager for DVICO FusionHDTV |
| N |
FusionTrayAgent |
FusionHdtvTray.exe |
FusionTrayAgent -
main executable for DVICO FusionHDTV software. It adds an icon to system tray
that allows you to easily access Fusion HDTV software |
| X |
fvek |
fvek.exe |
Added by the DRIVOL-A TROJAN! |
| X |
FW Manager |
fwcheck.exe |
Added by the DELBOT-H WORM! |
| X |
FWDMON.EXE |
fwdmon.exe |
Added by the PROXY-S TROJAN! |
| Y |
fwenc.exe |
fwenc.exe |
Check Point SecuRemote VPN
client - "dynamic and fixed IP addressing for all ISP services -
dial-up, cable modem, or DSL - the ideal solution for telecommuters and
mobile workers" |
| X |
Fwr Command Module |
fwr.exe |
Added by the SDBOT-PP WORM! |
| N |
fwrastrc |
fwrastrc.exe |
Dial-up software for Friendly
Technologies/1NationOnLine free ISP |
| U |
fwservice |
fwservice |
eAcceleration Stop-Sign security software related. Previously
not recommended, see here |
| X |
FX |
ieloader.exe |
Added by the SMALL.RR TROJAN! |
| U |
fxredir |
fxredir.exe |
Canon MultiPASS fax redirector |
| X |
fzg |
svhost32.exe |
Added by the DLOADER.BDK TROJAN! |
| X |
g.exe |
g.exe |
Added by the GRAYBIRD.Q TROJAN! |
| X |
G_Server.exe |
G_Server.exe |
Added by the FEUTEL-C TROJAN! |
| X |
G_Server1.2.exe |
G_Server1.2.exe |
Added by the GRAYBIRD-Z TROJAN! |
| X |
G00123 |
[worm filename] |
Added by the BUGBROS WORM! |
| X |
G0mez |
G0mez.vbs |
Added by the GORMLEZ-A WORM! |
| X |
G3 |
GSMedia3.exe |
Malware downloader -
recognized by Kaspersky antivirus as Trojan.Win32.VB.ux |
| ? |
g3dctl |
g3dctl.exe |
?? |
| N |
Gadu-Gadu |
gg.exe |
Polish language Instant
Messaging client |
| N |
Gadwin PrintScreen |
PrintScreen.exe |
Gadwin PrintScreen
- utility to capture, print or save the current window |
| X |
GAELICUM.EXE |
GAELICUM.EXE |
Added by the PENTA-A TROJAN! |
| X |
gah95on6 |
gah95on6.exe |
ShopAtHome/SAHagent adware |
| U |
gaim |
gaim.exe |
Gaim is an instant
messenger client with capability to connect to AIM, ICQ, MSN Messenger,
Yahoo, IRC, Jabber, Gadu-Gadu and Zephyr networks |
| U |
Gainward |
TBPanel.exe |
Configuration utility for
Gainward graphics cards. Not required unless you use non-default settings.
Available via Start -> Settings -> Control Panel |
| X |
game |
shit.exe |
Added by the Netclap Gold
backdoor TROJAN! |
| N |
Game Device |
JOYUPDRV.EXE |
Genius game controller profile
activator |
| X |
Game House |
GameHouse.exe |
Added by the DELF-DRA WORM! |
| N |
GameDrive |
GDTask.exe |
GameDrive
Virtual Driver from FarStone Technology, Inc. Run PC games without the disc |
| X |
Games Acceleration |
[path to trojan] |
Added by the SMUTSRCH-A TROJAN! |
| X |
Games Acceleration |
svshost.exe |
EasySearch adware |
| X |
Games Acceleration |
svshost1.exe |
Added by the DLOADR-AWD TROJAN! |
| X |
Games toolbar |
rundll32.exe [path] tbGame.dll,
DllShowTB |
Topconverting.com180Search
"Games Toolbar" adware |
| N |
GameSpot |
kontiki.exe |
Kontiki Delivery Manager - Windows-based client software that
enables secure delivery of content to users' desktops |
| U |
gameutil.exe |
gameutil.exe |
Part of Redline RegTweak as
supplied with Sapphire ATI graphics cards. You can configure different
overlclocking settings on a per game basis and this sets those conditions
following a re-boot |
| U |
GammaHotKeys |
setgamma.exe |
Part of the
RadeonTweaker program for adjusting ATI Radeon graphics cards. Allows you to
adjust the gamma (or brightness) when playing a full-screen game without
switching back to the desktop |
| X |
gaSrv |
gaSrv.exe |
Adware downloader,
identified by Panda antivirus as Trojan.Downloader.ALQ |
| X |
gaSrve |
gaSrve.exe |
Adware downloader,
identified by Panda antivirus as Trojan.Downloader.ALQ |
| X |
Gate Personal Firewall |
Systpl.exe |
Added by the RBOT.ADC WORM |
| N |
Gateway Extended Warranty |
GWCares.exe |
Gateway Extended Warranty
reminder |
| X |
Gator |
gator.exe |
Gator eWallet adware. Please
note that Claria Corporation no longer support GAIN-Supported software - see
here |
| X |
Gator eWallet |
gator.exe |
Gator eWallet adware. Please
note that Claria Corporation no longer support GAIN-Supported software - see
here |
| X |
Gay_Sexy_** |
Gay_Sexy_**.exe |
Premium rate adult content
dialler (where * is a random char) |
| U |
GazelDisplay |
gsyno.exe |
BT Digital Access USB -
Gazel ISDN installation System Tray icon |
| Y |
GBSpaceMan |
SpaceMan.exe |
GreenBorder - secure your browsing activities on the internet |
| U |
GBTray |
GBTray.exe |
System Tray icon
access to Roxio's (nee Adaptec) GoBack software which allows you to revert
back to a previously working state on you hard drive if you install a new
program and your system goes faulty - performing the same functions with
extra features as System Restore on WinMe/XP systems. Disable before running
Scandisk or Defrag. Not required for WinMe/XP users, recommended for
Win9x/NT/2K users |
| X |
gCac |
gcac.exe |
Added by the TACTSLAY.U TROJAN! |
| X |
gcasDtServ |
gcasDtServ.exe |
Added by an unidentified WORM or
TROJAN. Note - this is not related to Microsoft Antispyware which has a
process bearing the same name which doesn't appear as a startup |
| U |
gcasServ |
gcasServ.exe |
Giant Antipsyware - now
superseeded by Microsoft Windows AntiSpyware |
| X |
gcasServ |
realsched.exe |
Added by a variant of the TACTSLAY.A TROJAN! Note - this is not
the legitimate RealOne Player (realsched.exe) application of the same name |
| ? |
GCC Reminder |
gccrem.exe |
Associated with AcraMax Greeting
Card Creator. Is it a registration reminder? |
| N |
GCS |
GrabClipSave.exe |
GrabClipSave
screen capture tool |
| X |
GDAX |
[path to backdoor] |
Added by the RANKY.K TROJAN! |
| X |
gdien32 |
gdien32.exe |
Added by the SINGU-P TROJAN! |
| X |
gdimx |
gdimx.exe |
MPB-D
dialer. Note - provides an uninstall option which can be accessed via the Add
or Remove Programs dialog in the Windows Control Panel. The software is
listed as "gdimx" |
| U |
GDMgr.exe |
gdmgr.exe |
GuardMon is a commercial surveillance software program
designed to monitor all forms of user activity on a computer |
| N |
GDrive |
GDriver.exe |
Found on IBM systems. All it
does is set the CDROM drive letter to G:. Set your drive letter manually via
Start -> Settings -> Control Panel -> System -> Device Manager |
| N |
Gearbox |
confsvr.exe |
NTL's
Gearbox software for configuring internet connections with their NTLWorld
software - does a similar job to the Internet Connection Wizard which can be
used instead using the dial-up details available here |
| N |
GEARsec |
gearsec.exe |
Installed by Apple Quicktime
package - iPod/iTunes CDRW support. Can be disabled if you only require
Quicktime player |
| X |
GEDZAC |
GEDZAC.exe |
Added by the GEMEL WORM! |
| N |
GemStRmW |
GemStRmW.exe |
For a GemPlus smart card reader.
If it doesn't start automatically when you insert the smart card, start it
manually |
| U |
Gene USB Monitor |
USBMonit.exe |
Monitors USB ports for insertion
of Sandisk USB flashdrives |
| X |
general lptt01 |
general.exe |
RapidBlaster variant (in a
"General" folder in Program Files). Recommended you use
RapidBlaster Killer to uninstall - see here |
| X |
general ml097e |
general.exe |
RapidBlaster variant (in a
"General" folder in Program Files). Recommended you use
RapidBlaster Killer to uninstall - see here |
| X |
Generic host proccess for
windows |
SVCHOSTS.EXE |
Added by the SPYBOT-GQ WORM! |
| X |
Generic Host Process |
SCHOST.EXE |
Added
by the RBOT-NC WORM! |
| X |
Generic Host Process |
svchost.exe |
Added by the DLOADER-NX TROJAN!
Note - this is not the legitimate svchost.exe process which is always located
in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is located in the Winnt or Windows
folder |
| X |
Generic Host Process for Win32
Service |
svchost.exe |
Added by the SPYBOT.NC WORM!
Note - this is not the legitimate svchost.exe process which is always located
in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is located in the Winnt or Windows
folder |
| X |
Generic Host Process for Win32
Service |
svlhost.exe |
Added by the WOOTBOT.EX WORM! |
| X |
Generic Host Process for Win32
Services |
bazzi.exe |
Added by the AHKER.E WORM! |
| X |
Generic Host Process for Win32
Services |
intspvc.exe |
Added by the DINFOR.D WORM! |
| X |
Generic Host Process for Win32
Services |
lspsvc.exe |
Added by the MUMU.C WORM! |
| X |
Generic Host Process for Win32
Services |
ntspcv.exe |
Added by the SDBOT.S TROJAN! |
| X |
Generic Host Process for Win32
Services |
SPSVC.EXE |
Added by the SDBOT.DA WORM! |
| X |
Generic Host Process for Win32
Services |
svchost32.exe |
Added by the AGOBOT.ALH WORM! |
| X |
Generic Host Process for Win32
Services |
svñhîst.exe |
Added by the DLOADER.AK TROJAN! |
| X |
Generic Host Process for Win32
Services |
winsvc.exe |
Added
by the SDBOT-O WORM! |
| X |
Generic Host Process for Win32
Services |
winsvc32.exe |
Added
by the SDBOT-P WORM! |
| X |
Generic Host Process2 System
Backup |
scvhost2.exe |
Added by the RBOT-BAH WORM! |
| X |
Generic Host Process326a System
Backup |
scvhost326a.exe |
Added by a
variant of the SDBOT WORM! |
| X |
Generic Host Service |
lshost.exe |
Added by the RBOT.LU WORM! |
| X |
Generic Service Process |
nvsvc.exe |
Added by the AGOBOT.BY WORM!
Note - this is not the valid NVIDIA Driver Helper Service and is located in
the System (9x/Me) or System32 (NT/2K/XP) folder |
| X |
Generic Service Process |
regsvc32.exe |
Added by the GAOBOT.UJ or
GAOBOT.UL WORMS! |
| X |
Generic Service Process |
serv1ces.exe |
Added by the AGOBOT-JK WORM! |
| X |
Generic Services Process |
regsvc32.exe |
Added by the GAOBOT.SY WORM! |
| X |
GenericHostXP |
WinLoaderXP.exe |
Added by the BDOOR-ACX TROJAN! |
| Y |
Genie USB Monitor |
USBmonitor.exe |
Port monitor for an external USB
hard drive. Required to enable access to the drive |
| X |
Geography TX 1.0 NT |
CompuSpeed.vbs |
Added
by the NEWLEY-A WORM! |
| X |
Gerenciamento de arquivos do
Windows |
Winmod32.exe |
Added by the DLOADER-WG TROJAN! |
| X |
german.exe |
winsystems.exe |
Added by the BAGLEDl-AE TROJAN! |
| X |
german.exe |
wintems.exe |
Added by the BAGLE-AS TROJAN! |
| X |
Gestionnaire de disques
universel |
sysoobe.exe |
Added by the TOADER-A TROJAN! |
| N |
Get Smile |
getsmile.exe |
Puts smilie faces in your
E-mail. Run manually when required |
| N |
GetRight Tray Icon |
GETRIGHT.EXE |
GetRight from Headlight Software
- download manager for resuming downloads and choosing multiple download
locations. The freeware version is/was spyware. The registered version isn't
if you don't install the Aureate/Radiate software. Available via Start ->
Programs |
| X |
GetTheMusic |
rundll32.exe MSA64CHK.dll,
DllMostrar |
MatrixDialer related |
| X |
getwin |
winB_.exe |
Added by the BANKER-HS TROJAN! |
| U |
GhostSecuritySuite |
gss.exe |
Ghost Security Suite -
protect the registry from unauthorized reading and modification and other
tools |
| N |
GhostStartService |
GhostStartService.exe |
Required
to run the Windows based wizard in Norton Ghost - added from the 2003
version. Will start automatically when you run the wizard |
| N |
GhostStartTrayApp |
GhostStartTrayApp.exe |
System
Tray access to Norton Ghost - added from the 2003 version |
| ? |
GhostSurfDelSatellite |
DeleteSatellite.exe |
SpyCatcher spyware remover related. What does it do and is it
required? |
| Y |
GhostSurfDelSatellite |
DeleteSatellite.exe |
Part
of SpyCatcher spyware remover from Tenebril. Prevents rogue programs from
sending personal information to a remote user via the Internet. If you use
SpyCatcher with real time scanning, you'll want to leave this file in place |
| X |
gigabit.exe |
gigabit.exe |
Added by the BEAGLE.U WORM! |
| X |
GigaByte |
Cheatle.exe |
Added by the SHODI.B VIRUS! |
| Y |
Gilat SOM Enumerator |
dllhost.exe |
For Gilat Communications
internet satellite systems - associated with SkyBlaster modem. Required if
you have this system |
| Y |
GilatFTC |
ftc.exe |
For Gilat Communications
internet satellite systems - associated with SkyBlaster modem. Required if
you have this system |
| X |
gimmygames |
[path to trojan] |
Added by the DLOADR-LN TROJAN! |
| X |
gimmysmileys |
gimmysmileys.exe |
GimmySmileys adware |
| X |
GinaDll |
ntgina.dll |
Added by the ANIG.A WORM! |
| ? |
GisdnLog |
gisdnlog.exe |
BT Digital Access USB |
| U |
Glass2k |
Glass2k.exe |
"Glass2k
is a small little program that allows Win2K/XP users to make any window
transparent" |
| X |
GLF Network Lan Monitor |
NPFMNTOR.exe |
Added by the RBOT-AGY WORM! |
| Y |
Glide |
Glidew32.exe |
Cirque touchpad driver |
| X |
Global Startup |
WinDash.EXE |
Recognized by Kaspersky
antivirus as IM-Worm.Win32.VB.q, may be related to the ATTECH-C WORM |
| X |
GlobalSCAPE |
[random filename] |
Added by the RBOT-AYM WORM! |
| X |
GLSetIT32 |
isass.exe |
Added by a variant of the OPTIX PRO TROJAN! |
| X |
GLSetIT32 |
msiexec16.exe |
Added by the OPTIX PRO TROJAN! |
| X |
GLSetT32 |
smsiexec.exe |
Added by the OPTIX-D TROJAN! |
| ? |
gluon |
gluon.exe |
In a gluon/bin sub-directory |
| X |
glv |
glv.exe |
Added by the DLOADER-NG TROJAN! |
| X |
GMedia2 |
GSM2.exe |
Malware downloader -
recognized by Kaspersky antivirus as Trojan.Win32.VB.ux |
| X |
GMedia2 |
GSMedia3.exe |
Malware downloader -
recognized by Kaspersky antivirus as Trojan.Win32.VB.ux |
| Y |
Gmouse |
Gmouse.exe |
Amouse mouse driver - required
if you use non-standard Windows driver features |
| U |
Gnetmous |
gnetmous.exe |
Genius NetScroll+ mouse
driver - required if you use non-standard Windows driver features |
| U |
GNETMOUSE |
gnetmouse.exe |
Genius mouse driver - required
if you use non-standard Windows driver features |
| X |
GNP Generic Host Process |
svchost.exe |
Added by the ZAPCHAS TROJAN!
Note - this is not the legitimate svchost.exe process which should NOT appear
in Msconfig/Startup! |
| X |
GNP Generic Host Process |
svchost.exe |
Added by the ZAPCHAS-R TROJAN!
Note - this is not the legitimate svchost.exe process which should NOT appear
in Msconfig/Startup and is always located in the System32 folder. This worm
file is found in the System folder |
| X |
GNP Generic Host Process |
svchost.exe |
Added by the ZAPCHAS-AA TROJAN!
Note - this is not the legitimate svchost.exe process which is always located
in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This one replaces svchost.exe in the System32
folder with a copy of Mirc on (NT/2K/XP) systems and just adds svchost.exe to
the System folder on (9x/Me) systems |
| ? |
gnub |
gnub.exe |
?? |
| X |
go |
cvir.exe |
Added
by the SILOV-A WORM! |
| X |
Go!Zilla |
gozilla.exe |
Download manager for resuming
downloads and choosing multiple download locations. Advertising spyware |
| X |
Go!Zilla Monster Downloads |
Go.exe |
Download manager for resuming
downloads and choosing multiple download locations. Advertising spyware |
| U |
GoBack |
GBMenu.exe |
Roxio's (nee
Adaptec) GoBack software which allows you to revert back to a previously
working state on you hard drive if you install a new program and your system
goes faulty - performing the same functions with extra features as System
Restore on WinMe/XP systems. Disable before running Scandisk or Defrag. Not
required for WinMe/XP users, recommended for Win9x/NT/2K users |
| U |
GoBack |
GBTray.exe |
System Tray icon
access to Roxio's (nee Adaptec) GoBack software which allows you to revert
back to a previously working state on you hard drive if you install a new
program and your system goes faulty - performing the same functions with
extra features as System Restore on WinMe/XP systems. Disable before running
Scandisk or Defrag. Not required for WinMe/XP users, recommended for
Win9x/NT/2K users |
| U |
GoBack Polling Service |
GBPoll.exe |
Roxio's (nee
Adaptec) GoBack software which allows you to revert back to a previously
working state on you hard drive if you install a new program and your system
goes faulty - performing the same functions with extra features as System
Restore on WinMe/XP systems. Disable before running Scandisk or Defrag. Not
required for WinMe/XP users, recommended for Win9x/NT/2K users |
| U |
GoBack Tray Icon |
GBTray.exe |
Roxio's (nee
Adaptec) GoBack software which allows you to revert back to a previously
working state on you hard drive if you install a new program and your system
goes faulty - performing the same functions with extra features as System
Restore on WinMe/XP systems. Disable before running Scandisk or Defrag. Not
required for WinMe/XP users, recommended for Win9x/NT/2K users |
| X |
GOG |
GOG.exe |
Added by the PHILIS.B VIRUS! |
| X |
goidr |
goidr.exe |
Goidr adware |
| U |
Goldensoft_MndlSvr |
MndlSvr.exe |
Goldensoft CD Ghost related -
turns a computer into a 200X-speed CD-ROM tower. Working from the hard drive,
users can simultaneously access as many as 23 virtual CD-ROM drives at a
speed of 200X for true multitasking |
| X |
Golum |
services.exe |
Added by the GOLUM.A TROJAN! Note - this is not the
legitimate services.exe process, which should not appear in Msconfig/Startup! |
| X |
golumm |
services.exe |
Added by the DLOADER-ET TROJAN!
Note - this is not the legitimate services.exe process which is always
located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not
normally figure in Msconfig/Startup! This file is located in a "golumm"
subfolder |
| X |
good |
badvir.exe |
Added
by the SILOV-B WORM! |
| X |
google |
google.exe |
Added by the RBOT-AMW WORM! |
| U |
Google Desktop |
GoogleDesktop.exe |
Google Desktop
Search - "a desktop search application that provides full text search
over your email, computer files, chats, and the web pages you've viewed. By
making your computer searchable, Google Desktop Search puts your information
easily within your reach and frees you from having to manually organize your
files, emails, and bookmarks" |
| N |
Google Desktop Search |
GoogleDesktop.exe |
Google Desktop
Search - "a desktop search application that provides full text search
over your email, computer files, chats, and the web pages you've viewed. By
making your computer searchable, Google Desktop Search puts your information
easily within your reach and frees you from having to manually organize your
files, emails, and bookmarks" |
| X |
Google Earth |
[random filename] |
Added by the RBOT-AXK TROJAN! |
| N |
Google Earth Viewer |
GOOGLEMAPS.EXE |
Google Earth "combines
satellite imagery, maps and the power of Google Search to put the world's
geographic information at your fingertips" |
| X |
google Intrenet Explorer |
google.pif |
Added by the RBOT-ARA WORM! |
| X |
Google service |
Googlesetup.exe |
Added by the IRCBOT-RJ WORM! |
| X |
google toolbar |
ggtb32.exe |
Added by the AGOBOT-RR WORM! |
| N |
Google Updater |
GOOGLE~1.EXE |
Downloads and installs updates
for Google applications (Google Earth, Google Desktop, etc.) |
| N |
GoogleDCClient |
GoogleDCC.exe |
Google Compute Client - only present if you installed the
Google Toolbar with "Google Compute" client active. Does complex
calculations in the background when idle. If you want to turn it off go to
your browser, click on the little double-helix on the Google Toolbar, and
click "Stop Computing". No longer supported |
| U |
googletalk |
googletalk.exe |
Google Talk "enables
you to call or send instant messages to your friends for free-anytime,
anywhere in the world". Can be launched manually |
| U |
GoToMyPC |
g2svc.exe |
ExpertCity GoToMyPc logon - web-based remote-access solution
that allows individuals and companies to register their computers online and
then securely access those computers from any web browser |
| X |
GotSmiley |
GotSmiley.exe |
GotSmiley - ad supported program
that provides the user with smileys for use in emails. Not recommended.
Please note that Claria Corporation no longer support GAIN-Supported software
- see here |
| X |
gouday.exe |
readme.exe |
Added by the BEAGLE.C WORM! |
| N |
GRA |
gra.exe |
Looks at system resources at
startup and warns you if they have dropped. Contains links to the Disk Clean
Up, Defrag and Start Up Menu. It does have a link to a startup
configuration utility. Similar to msconfig but can keep a list of disabled
apps. Not really necessary. Only appears if you load the Gateway Startup
Utility |
| ? |
gramdate |
2Stop.exe |
?? |
| X |
Graphic Driver |
smss32.exe |
Added by a variant of the RBOT WORM! |
| X |
Graphic Loader |
ntvdm32.exe |
Added by a variant of the RBOT WORM! |
| U |
Gravis Appawareloader |
dbserver.exe |
Looks like it's associated with Gravis game controllers and
the Keyset Manager, allowing the user to program the buttons for games that
don't support them |
| U |
Gravis Xperience Driver Support |
Grxp4exe.exe |
Driver for Gravis game controllers such as the Eliminator
Aftershock. Must be loaded if you run the supplied application software for
the controller to be recognized. Start it manually via a shortcut if not used |
| ? |
GrdSys32 |
GrdSys32.exe |
X-Stream ISP software. Offers
free Net access funded by on-screen ads. Is it required
or can you create your own dial-up networking connection to use on demand? |
| N |
Greetings Workshop |
GWREMIND.EXE |
You really want to be reminded
about somebody's birthday at the expense of resources? |
| X |
gremier |
wscript.exe gpremier.vbs |
Added by the GPREMIER WORM! |
| X |
Gremlin |
intrenat.exe |
Added by the DOOMJUICE WORM! |
| N |
Grokster |
Grokster.exe |
Grokster Peer-To-Peer File Sharing program |
| Y |
GrooveMonitor |
GrooveMonitor.exe |
Microsoft Office Groove 2007 - Groove Folder Sharing
synchronization (GFS). If you kill it, your GFS workspaces may not
synchronize properly (particularly around unread-marks), and you might
experience some nagging discomfort |
| N |
GrpConv |
grpconv.exe |
Microsoft
Windows Program Group Converter - used by installers (ONLY in the RunOnce
keys) - provides the translation of groups and group items to folders and
links. Also see this MS Knowledge Base article |
| X |
GsAds |
gms2.exe |
PacerD_Media/Pacimedia.com
adware |
| ? |
Gscbc |
Gscbc.exe |
?? |
| X |
gshp |
zzgshp.vbs |
Homepage hi-jacker |
| N |
Gsiconexe |
Gsicon.exe |
ADSL modem
monitor from Eicon Networks (as used by BT for its Broadband internet service
for example). Can safely be disabled without affecting the connection - all
this does is give an indication of connectivity and access to the diagnostic
facilities |
| ? |
GsiFinal |
rundll32 gspndll.dll,
postInstall final |
USB DSL modem related - [what
does it do and is it required in startup? |
| ? |
GSISETUP |
[path] GsiInst.exe INSTALL
[path] V205Res 13 |
BT Voyager ADSL modem related - what does it do and is it required? |
| N |
GSOrganizer |
GSOrganizer.exe |
GoldenSection
Organizer (now WinOrganizer - personal information manager |
| X |
gssomatic |
gssomatic.exe |
Searchcentrix hijacker |
| X |
GStartup |
GMT.exe |
Gator spyware component - see
here. Please note that Claria Corporation no longer support GAIN-Supported
software - see here |
| X |
gsv |
gsv.exe |
Added by the ROBAL 1.0 backdoor
TROJAN! |
| X |
GT |
GT.EXE |
Added by the SDBOT-AJ WORM! |
| U |
GTVEpg |
GTVEpg.exe |
Part of Got All Media - control your TV tuner and other
utilities from your PC |
| X |
GTVRec |
GTVRec.exe |
Part of Got All Media - control your TV tuner and other
utilities from your PC |
| N |
Gtwatch |
gtwatch.exe |
Associated with a Mustec scanner
and not required |
| X |
gtydf |
iisca.exe |
Added by the CLAGGER-BB TROJAN! |
| X |
gtydf |
iscca.exe |
Added by the DWNLDR-GTK TROJAN! |
| U |
Guard |
Guard.exe |
Related to Phoenix Technologies Core Managed Environment
(cME) Integration and Certification program |
| N |
Guardian |
CMGrdian.exe |
McAfee's QuickClean, an offline
version of the one in their online Clinic. Normally run offline and not
needed. Incidentally, incorporates more cleanup programs than the likes of
WinOptimizer and System Mechanic |
| U |
Guardian PC Security Tools |
Pfft.exe |
Boomerang Software's Guardian PC Security Tools - now
rebranded as the eXtendia Security Suite |
| X |
guarnset |
guarnset.exe |
Adlogix
adware |
| X |
GURL |
gurl.exe |
GURLWatcher spyware |
| U |
GuruNet |
GuruNet.exe |
GuruNet lets you
click on any word on your screen to get the relevant information you want |
| X |
GustavVED |
[filename].exe |
Added by the OPASERV.H WORM! |
| X |
gvagfxj |
rundll32 ...gvagfxj.dll |
Unidentified adware, spyware or
virus |
| Y |
gw port controller |
PORTCT95.EXE |
From a visitor - "I must
keep it active in start up or my Lexmark printer and RCA Cam program cannot
discover a working port to work". From the file properties, the file is
known as "Smart Thru Fax Drive Spy" and is supplied by Samsung |
| N |
GWInkMonitor |
GWInkMonitor.exe |
Gateway ink monitor - makes an
annoying popup that says your printer may be running out of ink, do you want
to buy some! |
| X |
gwiz |
ntsystem.exe |
Added by the NITWIZ.A TROJAN! |
| N |
GWMDMMSG |
GWMDMMSG.exe |
Used with internal modems on
Gateway and vprMatrix PCs. This is the "GTW modem messaging applet"
and is not required for the modem to work correctly |
| U |
GWMDMpi |
GWMDMpi.exe |
Used with internal modems on Gateway PCs such as the 450SX
Notebook. Required for audio settings to be maintained and does not remain in
memory once run. See here for more information |
| U |
gwum |
gwum.exe |
Gigabyte utility manager. Loads
if you have a Gigabyte motherboard and got a full bundle of utilities
installed. Monitors CPU, fans, BIOS etc. Only used by system
"tweakers" |
| ? |
gyy |
gyy.exe |
Possibly
Gator (and therefore spyware) related? |
| U |
H/PC Connection Agent |
WCESCOMM.EXE |
Active sync for use with Windows
CE based palm PC |
| U |
H2OWIBU |
CXWibu.exe |
Related to CodeMeter
from WIBU-SYSTEMS AG. Software protection hardware |
| X |
h4te Service Drivers |
h4te.exe |
Added by a variant of the RBOT WORM! |
| X |
hachimitsu-lemon |
hachimitsu-lemon.exe |
Added by the HACHILEM TROJAN! |
| X |
hagent |
avp.exe |
Added by the "Herman
Agent" remote access TROJAN! |
| U |
HalifaxHowardCluster |
skinkers.exe |
"Howard the
Weatherman" desktop client from Halifax by Skinkers -
marketing/messaging tool. Leave enabled if you want to receive messages |
| U |
HaMFrontPanel |
hampanel.exe |
Displays a panel simulating
modem lights for the Intel HaM internal modem. The lights are useful as a
reminder to disconnect from the net if you are likely to forget, but
otherwise pointless |
| U |
Handy Backup 3.9 |
hbagent.exe |
Handy Backup - automatic
backup of your critical data to virtually any type of storage media including
CD-RW devices and remote FTP servers |
| X |
HanUpdate |
hanz.exe |
Added by the RBOT-GLJ WORM! |
| X |
Hard drive Controller |
hdcontroller.exe |
Added by the KIMAN.B WORM! |
| U |
Hardware Doctor |
Hwdoctor.exe |
Winbond Hardware Doctor - as
included on some motherboard using Winbond's hardware monitoring chips.
Displays fan speeds, voltages, temperatures. Only required if you're
concerned about your system temperature - typically for
"overclocked" systems |
| X |
Hardware Monitor Service |
mshms.exe |
Added by the WOLLF-A TROJAN! |
| X |
Hardware Profile |
hxdef.exe |
Added by a variant of the LOVGATE WORM! |
| X |
Hardware Profile |
hxdef.exe... |
Added by a variant of the LOVGATE WORM! |
| U |
Hardware Sensors Monitor |
hmonitor.exe |
Utility to monitor fan speed and
temperatures - similar to Motherboard Monitor. Only required if you're
concerned about your system temperature - typically for
"overclocked" systems |
| X |
Hardware Shell Detection |
WinHSD.exe |
Added by a variant of the RBOT WORM! |
| U |
Hare |
hare.exe |
Hare
- improve and optimize performance of desktop/laptop PCs |
| X |
HATAPE |
[path to trojan] |
Added by the BANKER-QF TROJAN! |
| U |
HawkEye |
HAWK_95.EXE |
Control Panel application for
the old Number Nine graphics cards to change resolution, colour depth, etc.
Available via Start -> Programs |
| U |
HawkEye IV Control Panel |
HAWK_32.EXE |
Control Panel application for
the old Number Nine graphics cards to change resolution, colour depth, etc.
Available via Start -> Programs |
| X |
Hbinst |
Hbinst.exe |
Hotbar enhances the surfing
experience offering a variety of innovative and fresh skins to the browser
while providing users worldwide with access to various services of added
value and fun. Also regarded as adware/spyware due to it's adds and browsing
habits information gathering - see here |
| N |
HC Reminder |
hc.exe |
For Compaq PC's. Help Compiler,
crunches help database, will run without being in startup when needed |
| N |
HCDetect |
HCDetect.exe |
MS HomeClick Network - simple
home network setup and configuration program included with 3Com HomeConnect
home networking products. Runs in the background for network printer
notification, detection, and Internet Connection Sharing (ICS) taskbar icon.
Not required - network can be set-up manually, also has a known memory leak
problem |
| U |
hcenter |
tgcmd.exe |
See also TgAddServer. This part
ensures the software is installed correctly (similar to an installation
wizard) as reported by Cox Regarded as spyware by some as it has the ability
to retrieve user information. Whether it does so depends upon the provider.
One Toshiba user reports problems with hibernate on his laptop if disabled -
hence the "U" recommendation |
| X |
hclean32.exe |
hclean32.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| U |
Hcontrol |
hcontrol.exe |
Hotkeys on an ASUS Notebook.
Only required if you use the additional keys |
| N |
hcsystray |
hc_tray.exe |
Kuma Notifier for the Shootout!
game from the History Channel. "It lets you know whenever there’s a new
episode that’s been released or an announcement from the Kuma team. Just
click it to get up-to-the-minute game and event information" |
| N |
HDAShCut |
HDAShCut.exe |
High definition audio page
shortcut - not required |
| X |
HDAudio |
hda.exe |
Added by the TACTSLAY.U TROJAN! |
| X |
HDAudio Driver 1.0 |
[random filename].exe |
Added by the TEADOOR-D TROJAN! |
| X |
HDAudio Driver 2.0 |
[random filename].exe |
Added by the TEADOOR-E TROJAN! |
| U |
HDDHealth |
hddhealth.exe |
HDD Health is a
"full-featured failure-prediction agent for machines using Windows 95,
98, NT, Me, 2000 and XP. Sitting in the system tray, it monitors hard disks
and alerts you to impending failure" |
| U |
HDDlife |
HDDlife.exe |
HDDlife checks the health of your hard drives at regular
intervals and informs you about the results of these checks |
| ? |
HDhelp |
tbhdhelp.exe |
Associated with Philips Edge
series soundcards. Is it required? |
| X |
hdlfoe df98ndf |
svchots.exe |
Added by a variant of the RBOT WORM! |
| X |
hdlpscom |
[8 random letters].exe |
Added by the RBOT-FUL WORM! |
| N |
HDtray |
HDtray.exe |
Philips Edge Series Control
Panel Tray Utility - system tray icon for a Philips Edge series soundcards.
Available via Start -> Settings -> Control Panel |
| X |
he3bbcff |
rundll32.exe [path]
he3bbcff.dll, EnableRunDLL32 |
LZIO.com
adware downloader |
| X |
he3e3fc4 |
rundll32.exe [path]
he3e3fc4.dll, EnableRunDLL32 |
LZIO.com
adware downloader |
| X |
HELLBOT TEST |
1hellbot.exe |
Added by the MYDOOM.BO WORM! |
| X |
HELLBOT3 |
coolbot.exe |
Added by the MYTOB.AB WORM! |
| X |
hellodolly |
shost.exe |
Added by the YODO WORM! |
| X |
helloworld |
nb32ext2.exe |
Added by
the MYDOOM.BV WORM! |
| X |
helloworld |
nb32ext3.exe |
Added by the MYTOB.JT WORM! |
| X |
help |
help.scr |
Added by the BANCOS-BBU TROJAN! |
| ? |
Help |
helpext.exe |
?? |
| X |
Help Temp Files |
netreg.exe |
Added by the FORBOT-EM WORM! |
| X |
helpctl.exe |
helpctl.exe |
Added by the GASLIDE TROJAN! |
| X |
HELPER |
canada.exe |
AsdPlug premium rate adult content dialler variant |
| X |
Helper |
eschlp.exe |
Added by the BLASTER.T WORM! |
| X |
HELPER |
france.exe |
AsdPlug premium rate adult content dialler variant |
| X |
HELPER |
greece nm.exe |
AsdPlug premium rate adult content dialer variant |
| X |
HELPER |
Netherlands.exe |
AsdPlug premium rate adult content dialer variant |
| X |
HELPER |
new zealand.exe |
AsdPlug premium rate adult content dialer variant |
| X |
HELPER |
sweden.exe |
AsdPlug premium rate adult content dialer variant |
| X |
HELPER |
temp532.exe |
AsdPlug premium rate adult content dialler variant |
| X |
helper.dll |
[path] rundll32.exe [path]
helper.dll |
CnsMin (Chinese Keywords) hijacker related |
| X |
HelpExp.exe |
HelpExp.exe |
Attune HelpExpress - spyware. Disable and uninstall - see
here |
| X |
helpmanager |
spoler.exe |
Added by the RANDEX.J WORM! |
| X |
helpw |
helpw.exe |
Adware downloader |
| X |
hen |
[filename].exe |
Added by the TARNO.G TROJAN! |
| X |
heomstool |
heomstool.exe |
Added by the HEOMS TROJAN! |
| X |
hErcUnes |
softhost.exe |
Added by the GARROCH WORM! |
| U |
Hermes Messenger |
DGDRHE~1.EXE |
A LAN messenger alternative to WinPopUp - Digital Dreams
Software |
| X |
Hewlett Packard Manager |
hpmanager.exe |
Added by the MYTOB.KE WORM! Note - this is not a valid
Hewlett-Packard program |
| N |
Hewlett Packard Recorder |
Remind32.exe |
HP multifunction registration |
| U |
Hf |
Hf.exe |
Hide Folders - hide
your folders so only you can view them |
| X |
HF Security |
hfsecure.exe |
Added by the AGOBOT-TI WORM! |
| U |
hffsrv |
hffsrv.exe |
Hide Files &
Folders is a "password-protected security utility working at the Windows
kernel level allowing you to password-protect files and folders, or to hide
them securely from viewing and searching" |
| U |
hfxp |
hfxp.exe |
Hide Folders XP
- hide your folders so only you can view them |
| X |
hgqhp.exe |
hgqhp.exe |
Added by the FLUSH.F TROJAN! |
| N |
HGTXPEI |
FirstReboot.exe |
Herucles Audio tool for the
Hercules Game Theater XP soundcard. Available via Start -> Settings ->
Control Panel |
| ? |
HiberMonitor |
HCount.exe |
?? |
| U |
Hibernation |
hib32.exe |
Reduces the power consumption
when the laptop isn't being used to preserve battery power. Similar programs
on other laptops reduce the processor clock rate, etc. Required if you run of
battery regularly |
| X |
Hid.exe |
hid.exe |
Added by the RATSOU.B TROJAN! |
| U |
HideOE |
HideOE.exe |
HideOE - allows you to 'hide' Outlook Express or minimize it
to the System Tray |
| X |
HideRun.exe |
Hiderun.exe and svhost.exe and
pro.gif |
Added by the BOOHOO WORM! |
| X |
HideStyle |
Ante Browse Trust.exe |
IE toolbar taking you to
Lop.com. If the exe is running, end it and remove the "Stupidmore"
directory from C:Program Files |
| U |
hidserv |
hidserv.exe |
This
is the Human Interface Device Server for Win98SE/2000/Me/XP, it is required
only if you are using USB Audio Devices you can disable via Msconfig. See
here. Typical examples are USB multimedia keyboards with volume control and
web-ready keyboards. For example - loaded by default with MS DSS80 Speakers
because they have Volume, Mute and Bass controls on the speaker. Some users
may experience problems disabling this - if this is the case then re-enable
it. Equivalent to MMHid in Win98. On HP Computers, HIDSERV is the controller
for the keyboard sound controls on the USB and PS/2 keyboards |
| N |
High Definition Audio Property
Page Shortcut |
HDAudPropShortcut.exe |
Realtek audio card related -
probably adds the odd feature to one of the "Sounds" Control Panel
applet tabs - doesn't appear to be required |
| Y |
HighPoint ATA RAID Management
Software |
raidman.exe |
HighPoint RAID management - hard
disk striping/mirroring utility for increased performance and reliability.
See here for more information on RAID |
| U |
HijackThis startup scan |
HijackThis.exe |
HijackThis
lists the contents of key areas of the Registry and hard drive areas that are
used by both legitimate programmers and hijackers. The program is continually
updated to detect and remove new hijacks. It does not target specific
programs and URLs, only the methods used by hijackers to force you onto their
sites. As a result, false positives are imminent, and unless you're sure
about what you're doing, you always should consult with knowledgable folks
before deleting anything. Required if you'd like HijackThis to run a scan at
startup, and show the results when new items are found (if so, check the
appropriate box in the "Config" section") |
| X |
HijSrv32 |
hijsrv.exe |
Added by the BANKGERM-D TROJAN! |
| N |
HistoryKill |
histkill.exe |
HistoryKill removes your web
surfing path by removing the URL drop-list history, detailed history file,
cache, and cookies in both IE and Netscape Navigator browsers. Available via
Start -> Programs |
| U |
Hitman Pro SurfRight Helper |
srhelper.exe |
Hitman
Pro - a utility to start a number of Security Protection software. They can
be started individualy |
| X |
HitQ |
HitQ.exe |
Hijacker, for more information see here |
| U |
HitwarePKLite |
HITWAR~1.EXE |
Hitware Popup Killer Lite |
| X |
HIV |
HIV.exe |
Added by the HIVA TROJAN! |
| U |
hk |
hk.exe |
KeyLoggerExp keystroke logger/monitoring program - remove unless
you installed it yourself! |
| U |
hkcmd |
hkcmd.exe |
Part of Intels Common User
Interface for chipsets with integrated graphics controllers - which allows
user to change different driver properties through Windows User Interface. If
the user wishes to have "HotKey" access to Intel's customised graphics
properties, it is required, otherwise not. It can be disabled via the Display
Properties in the Control Panel |
| X |
HKEYok |
runlli32.exe |
Added by the QQPASS-U TROJAN! |
| X |
HKLM\Run |
windowsupdate.exe |
Added by the FORBOT-BJ WORM! (where HKLMRun represents
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun) |
| U |
hkserv |
HKserv.exe |
Keyboard manager program
required to use programmable power and function keys on some laptops such as
the Sony PCG R505TS |
| U |
hkss |
hkss.exe |
Compaq HotKey Support -
multimedia keyboard support |
| X |
HLcleanup |
hlsetup2.exe |
LinkReplacer/FFinder
adware |
| X |
hldrrr |
hldrrr.exe |
Added by the BAGLE-KF WORM! |
| X |
hlhtxo.exe |
hlhtxo.exe |
Added by
the QLOWZONES-27 TROJAN! |
| X |
HLL Data Parameter |
hllcxpa.exe |
Added by the RBOT.AFG WORM! |
| X |
HMI PowerSystem |
hmisvc32.exe |
Added by the RANDEX.CZZ WORM! |
| X |
HML PowerSource |
hmlsvc32.exe |
Added
by the SDBOT-XL WORM! |
| U |
Hmonitor |
Hmonitor.exe |
Hardware sensor monitoring
program. Only required if you overclock your system and want to check on the
status |
| X |
HMV PowerSource |
hmusvc32.exe |
Added by the SDBOT-YW WORM! |
| X |
ho2stdll.exe |
ho2stdll.exe |
Added by the BANKER-HO TROJAN! |
| X |
HOI Services |
holsvc32.exe |
Added by the AGOBOT-SF WORM! |
| N |
Holiday Lights |
Holiday Lights.exe |
Holiday Lights
from Tiger Technologies. Festive desktop enhancement that adds lights.
Available via Start -> Programs |
| X |
Hollaback |
slvhosts.exe |
Added by the SDBOT.BMO WORM! |
| N |
Home Theater SchSvr |
SchSvr.exe |
WinScheduler is installed
with Home Theater Remote Control for WinDVD from Intervideo. If you want to
schedule recordings from your TV tuner card, you will need it. Available via
Start -> Programs |
| U |
HomeAlarm |
HomeAlarm.exe |
Chameleon Clock -
system tray clock replacement |
| ? |
HomeCentre WakeUp |
LGWAKEUP.EXE |
Associated with the no longer
supported Xerox HomeCentre printer/scanner |
| X |
Homeland Network |
HomelandNetwork.exe |
Homeland Network Notifier - pops
ads |
| ? |
Honor |
honor.exe |
?? |
| U |
Hook99startup |
hk2re.exe |
"Hook99
enables the user to customize the start button. You can change or remove the
text and replace the Windows flag on button with icon of your choice.
Supports Windows icons, bitmaps and can extract icons from executables and
libraries. Hook99 can also make the background of desktop icons captions
transparent" |
| U |
HookSys |
HookSys.exe |
SurfinGuard Pro from Finjan - internet protection software,
protects against all malicious code delivered through executables, scripting
files, ActiveX and Java |
| U |
HornetMonitor |
MntrHrnt.exe |
Hornet Monitor - monitoring system that detects and responds
to unauthorized access attempts and sources of channel interference on any
local DSSS network |
| Y |
HorngTech4D |
bally4d.exe |
HorngTech 4D mouse driver |
| X |
host |
help.exe |
Identified as the DELF.LF by
Ewido Security Suite |
| X |
Host |
N/A |
Added by the POPDIS or
STARTPAGE.F TROJANS! |
| X |
Host Process |
mame.exe |
Added by the RBOT-APO WORM! |
| X |
hostdll.exe |
hostdll.exe |
Added by the BANKER-BO TROJAN! |
| U |
HostManager |
AOLHostManager.exe |
Manages a component essential to
the operation of most current AOL software. If you remove it from startup it
will load when IE is launched, increasing lauching time |
| N |
HostManager |
AOLSoftware.exe |
Quoted from AOL Beta Team,
"Manages a component essential to the operation of most current AOL
software, client or not. You should be able to remove it from Startup (it'll
just load when Explorer is launched, which will extend load time a bit), but do
leave it on your system". |
| X |
Hostren.exe |
Hostren.exe |
Added by PWS.BANKER.F, a variant of the BANKER-BO TROJAN! |
| X |
hostserv |
hostserv.exe |
Added by the RBOT.BPZ WORM! |
| X |
hostserv |
wiz98.exe |
Added by a
variant of the SDBOT WORM! |
| U |
HostsMan |
hm.exe |
"HostsMan is a
freeware application that lets you manage your Hosts file with ease". It
is mainly intended to block specific domains (mostly advertising servers) by
redirecting them to localhost, but can also be used to add any other
domain/Ip combination that you want to be included in the HOSTS file |
| X |
HostSrv |
sachostx.exe |
Added by the LOOKSKY.H WORM! Drops multiple files in the
System (9x/ME) or System32 (NT/2K/XP) folders |
| X |
HostSrv |
sachostx.exe |
Added by the LOOKSKY.A or
LOOKSKY.F or LOOKSKY.G WORMS! |
| X |
HostSrv |
sachostx.exe... |
Added by the LOOKSKY.E WORM! |
| X |
HostSVC syse |
HostSVC.exe |
Added by the RBOT-ANZ WORM! |
| U |
Hot Corners |
Hotc.exe |
Hot Corners -
"lets you quickly activate or disable your screen saver by moving the
mouse into a given corner of the screen" |
| U |
Hot Key Kbd 2690 Daemon |
SK9910DM.exe |
Multimedia keyboard manager -
required if you use any special keys |
| U |
Hot Key Keybd 9910 Daemon |
SK9910DM.exe |
Multimedia keyboard manager -
required if you use any special keys |
| ? |
Hot Party 22 |
hotpart22.exe |
?? |
| X |
Hot_Kiss |
Hot_Kiss.exe |
Adult content dialler |
| X |
Hot_Tarts |
Hot_Tarts.exe |
Adult content dialler |
| X |
Hot_Tarts_** |
Hot_Tarts_**.exe |
Premium rate adult content
dialer (where * is a random char) |
| X |
Hot_Tarts_Au |
Hot_Tarts_Au.exe |
Premium rate adult content
dialler |
| X |
Hot_Tarts_mc |
Hot_Tarts_mc.exe |
HotTarts adult content dialer |
| X |
HotAction_hr |
hotaction_hr.exe |
Added by the SITEICON-B DIALER! An uninstall option can be
accessed via the Add or Remove Programs dialog in the Windows Control Panel.
The software is listed as "HotAction_hr" |
| X |
Hotbar |
Hbinst.exe |
Hotbar enhances the surfing
experience offering a variety of innovative and fresh skins to the browser
while providing users worldwide with access to various services of added
value and fun. Also regarded as adware/spyware due to it's adds and browsing
habits information gathering - see here |
| X |
Hotbar |
HbOEAddOn.exe |
Hotbar adware |
| X |
Hotfix Updat |
svdhost32.exe |
Added by the GAOBOT.ZW WORM! |
| U |
HotIDE |
hotide.exe |
HotIDE allows Acer TravelMate
owners to hot-swap external drives without switching of their notebooks |
| U |
HotkeyApp |
HotkeyApp.exe |
Programmable keys on Acer,
Fujitsu and other laptops |
| U |
HotKeysCmds |
hkcmd.exe |
Part of Intels Common User
Interface for chipsets with integrated graphics controllers - which allows
user to change different driver properties through Windows User Interface. If
the user wishes to have "HotKey" access to Intel's customised graphics
properties, it is required, otherwise not. It can be disabled via the Display
Properties in the Control Panel |
| X |
HotPix |
hotpix.exe |
Adult content dialler |
| U |
Hotplug |
hot_plug.exe |
Related to the SiS_Hot_Plug_Application. Enables automated
driver loading for hotpluggable devices. If this service is stopped, hotplug
devices will no longer function |
| X |
hotplug |
hotplug.exe |
Added by the SILLYDL TROJAN! |
| N |
HotSync Manager |
hotsync.exe |
Installed when connecting a Palm
HotSync cradle up to a USB port. The Blue and Red Arrow Icon that enables
Palm / Handspring Synchronizing. Available via Start -> Programs |
| X |
hotwetlove |
hotwetlove.exe |
Adult content dialler. Will not
uninstall - components have to be manually deleted |
| U |
HoverDesk |
HoverDesk.exe |
HoverDesk - desktop
replacement software |
| ? |
hp 1000 firmware |
fwdl.exe |
HP LaserJet 1000 related. Is it a driver or automatic firmware update (based upon the
filename)? |
| U |
HP AutoIndexer |
hppautoindexer.exe |
Installed by HP multi-function
printer driver software, related to PC faxing. If you are not using the PC
faxing feature you can go ahead and disable these services from the startup |
| N |
HP CD Writer |
hpcdtray.exe |
System Tray access to a HP
CD-Writer's functions. Available via Start -> Programs |
| N |
HP CD-DVD |
hpcdtray.exe |
System Tray access to a HP
CD-Writer's functions. Available via Start -> Programs |
| N |
HP CD-Writer |
hpcdtray.exe |
System Tray access to a HP
CD-Writer's functions. Available via Start -> Programs |
| X |
hp center |
BACKWEB-*****.exe |
See here - "messaging service that automatically sends
you support information, tips, ideas, and special offers from HP and our
partners, especially designed for HP and Compaq desktop computer
owners". Applies to certain HP Pavilion desktop computers between Fall
2001 and Spring 2003. * can be any digit |
| N |
hp center UI |
ShadowBar.exe |
User Interface for HP Center - see here |
| N |
HP Component Manager |
hpcmpmgr.exe |
Checks the internet for updated
drivers/utilities for your HP product - update manually. Disabling will
remove the error "Windows can't shutdown the computer because
hpcmpmgr.exe can't be ended" |
| X |
HP Deskjet |
HP_DeskJet_500.exe |
Added by the FORBOT-DA WORM! |
| U |
HP Digital Imaging Monitor |
hpqtra08.exe |
System Tray access to HP
Director. Required if you prefer to use the all-in-one buttons to manually
scan documents or transfer photos froma camera, for example |
| U |
HP Display Settings |
hpdisply.exe |
Sets default display settings.
Unchecking this item has been reported to cure a "Problem sending
command to keyboard" error message |
| ? |
HP IDScheduler |
HPIDSCHD.exe |
HP Instant Delivery Scheduler |
| N |
HP Image Zone Fast Start |
hpqthb08.exe |
Improves the startup time of HP
Image Zone. If you disable it, HP Image Zone takes a long time to start up
only the first time you run it. Subsequent startups are much faster than the
first time |
| N |
HP Info Express |
?? |
On HP PCs, allows the computer
to automatically receive notifications from HP over the Internet. Associated
with BackWeb |
| U |
HP Instant Support |
matcli.exe |
"matcli.exe is a motive
Assistant Command line interface that gathers information about your system's
identity like your name email address, city, state, etc and gets written to a
log file". HP Instant Support is required to run with the Help and
Support program. If you uncheck HP Instant Support and and then run Help and
Support it will add another HP Instant Support in the startup menu. If you
remove the HP Instant Support in the add/remove program some help menus in
help and support will not be available. You decide |
| N |
HP Internet Center |
SURFBRD.EXE |
Loads the HP Internet center
surfboard on startup. HP Internet Center allows you to customize the
multimedia keys on the fly without having to go the Control Panel -->
Keyboards to change them |
| N |
HP JetDiscovery |
HPJETDSC.EXE |
HP JetAdmin software which
monitors printing jobs on a network environment |
| N |
HP JetSpeed Autostart |
AUTOSTART.EXE |
Autostart executable for the old
multiplayer game HP Jetspeed |
| U |
HP Laser Jet Director |
hppdirector.exe |
System Tray icon that opens
various functions such as copy, fax, email, scan, copy plus, etc. Right-click
on it and you see a few options such as the preceding bar plus About, Help,
ToolBox, Exit, etc |
| ? |
HP Network Registry Agent |
hpnra.exe |
?? |
| ? |
HP OfficeJet Series xxx Startup |
HPOSTR03.EXE |
xxx represents the series number
- such as 700. What does it do and it it required? |
| ? |
HP OfficeJet Series xxx Startup |
HPOstr05.exe |
xxx represents the series number
- such as 700. What does it do and it it required? |
| N |
HP Parallel Port Test |
hppt.exe |
Associated with a HP ScanJet
scanner |
| X |
HP Photo Manager |
HPPhotoManager.exe |
Added by the SDBOT.AXU WORM! |
| ? |
HP Port Resolver |
hpbpro.exe |
?? |
| N |
HP Precision Scan |
hpmdlbwx.exe |
HP multifunction scanner
software. Available from HP Office Jet R Toolbox so not required |
| N |
HP Presentation Ready |
PresRdy.exe |
HP Omnibook related:
"Press a dedicated button above the keyboard and the system will
instantly load your presentation software and change the screen resolution to
match your display device" |
| U |
hp psc 2000 Series |
hpobnz08.exe |
System Tray icon indicating when
the printer is ready. Can be started manually with HP Director but takes time
to start |
| U |
HP RecordNow |
?? |
From HP "Software for the
CD writer. Do not prevent from starting unless the CD writer is never going
to be used." |
| U |
HP ScanPatch |
HPScanFix.exe |
Program that starts up and
automatically fixes earlier versions of the Scanjet 5100c software. If a
Scanjet 5100C scanner is not going to be used, then it is safe to remove or
prevent from starting |
| N |
HP ScanPicture |
hpsplmwa.exe |
HP multifunction scanner
software. Available from HP Office Jet R Toolbox so not required |
| U |
HP SchedIndexer |
hppschedindexer.exe |
Installed by HP multi-function
printer driver software, related to PC faxing. If you are not using the PC
faxing feature you can go ahead and disable these services from the startup |
| X |
HP Service Drivers |
hdsys.exe |
Added by the SDBOT-ZE WORM! |
| ? |
hp Silent Service |
HpSrvUI.exe |
HP related |
| N |
HP Simple Trax |
Hpcron.exe |
Supplied with HP CD-RW drives -
stores information about CD contents on your hard drive. Available via Start
-> Programs or Desktop Icon |
| N |
HP software update |
HPWuSchd.exe |
HP software updates. If a
shortcut doesn't exist, create your own and run it manually |
| N |
HP software update |
HPWuSchd2.exe |
HP software updates. If a
shortcut doesn't exist create your own and run it manually |
| N |
HP Status |
hpstatus.exe |
HP Printer Status and Alerts |
| ? |
HP Status Server |
hpboid.exe |
Copied during installation of HP
Inkjet Printer Drivers in Win2K/XP. What does it do and
is it required? |
| U |
HP TV Now |
HpTvNow.exe |
Application supplied with HP
notebooks. It activates the S-Video port and is said to improve the quality
of the output signal (resolution/timeouts) |
| N |
HP Updates |
?? |
On HP PCs, allows the computer
to automatically receive notifications from HP over the Internet. Associated
with BackWeb |
| ? |
HP Visualize Init |
HpVisIni.exe |
HP Visualize software related. What does it do and is it required? |
| N |
HP_dla |
dlatray.exe |
On HP PCs, tray icon for dla -
which provides drive letter access to HP's and Veritas' version of DirectCD |
| N |
HP-Aio Flight |
Remind32.exe |
HP multifunction registration |
| N |
HPAIO_PrintFolderMgr |
hpoopm07.exe |
Directly from HP: "This
process has one purpose - detects if the device moves to a different port,
and notifies other processes to look on the new port." For various HP
all-in-one printer/scanner/copier devices. They print and copy fine with those
files disabled, and the HP icon installed on the desktop that points to
"hpodir07.exe" works just fine if you need to use the scanner |
| N |
hpaiodevice |
hpodev07.exe |
Direct from HP - "Device
Objects Server - detects all device events and handles all ongoing
communication on the device. Loads in the Startup group (except when
"portable" is chosen during installation)". Related to various
HP all-in-one printer/scanner/copier devices. They print and copy fine with
those files disabled, and the icon installed on the desktop that points to
"hpodir07.exe" works just fine if you need to use the scanner |
| ? |
HPAiODevice(hp officejet g
series) |
hpoavn07.exe |
HP Printer related, reportedly
lets file transfers from an HP device pass files through Windows firewall. Is it required? |
| N |
HPAiODevice(hp psc 900 series)
-1 |
hpobrt07.exe |
Installed with a Hewlett Packard
900 series colour printer, scanner, fax, photo card slot printer, copier.
Assumed to perform an identical function to the hpaiodevice entry |
| U |
HPBootOp |
HPBootOp.exe |
"HP Boot Optimizer intelligently and dynamically
launches software during startup, based on available resources, to improve
startup performance" |
| X |
hpcmd |
cmd.exe |
Added by the ADCLICK-DS TROJAN! |
| N |
hpcmpmgr |
hpcmpmgr.exe |
Checks the internet for updated
drivers/utilities for your HP product - update manually. Disabling will
remove the error "Windows can't shutdown the computer because
hpcmpmgr.exe can't be ended" |
| U |
HPDJ Taskbar Utility |
hpztsb04.exe |
HP System Tray utility which
allows diagnostic and maintainance of your HP Deskjet series printer |
| U |
HPDJ Taskbar Utility |
hpztsb05.exe |
HP System Tray utility which
allows diagnostic and maintainance of your HP Deskjet series printer |
| U |
HPDJ Taskbar Utility |
hpztsb07.exe |
HP System Tray utility which
allows diagnostic and maintainance of your HP Deskjet series printer |
| U |
HPDJ Taskbar Utility |
hpztsb09.exe |
HP System Tray utility which
allows diagnostic and maintainance of your HP Deskjet series printer |
| U |
HPDJ Taskbar Utility |
hpztsbol.exe |
HP System Tray utility which
allows diagnostic and maintainance of your HP Deskjet series printer |
| U |
HPDJ Taskbar Utility |
hpztsd02.exe |
HP System Tray utility which
allows diagnostic and maintainance of your HP Deskjet series printer |
| N |
hpfsched |
hpfsched.exe |
HPFSCHED is a small TSR that
will remind you to clean the cartridges in your DeskJet from time to time in
order to keep print quality high. It can be removed from the run line in
win.ini if you do not want that feature |
| U |
HPGamesActiveMenu |
ActiveMenu.exe |
Wild Tangent demo games that
come with some HP computers. Unchecking it can prevent the games from running
occasionally. Note that WildTanget's privacy policy used to state that they
also collect and share individuals information but this is no longer the case |
| N |
hpgs2wnd |
hpgs2wnd.exe |
"HP's exclusive Share-to-Web software makes it easy to
share content with others through our affiliate Internet websites".
Available via Start -> Programs |
| U |
Hpha1mon |
Hpha1mon.exe |
Media card reader for some HP
series printers allowing them to read digital camera memory cards directly.
Only needed if you use this feature |
| U |
HPHAxMON |
HPHAxMON.EXE |
Media card reader for some HP
series printers allowing them to read digital camera memory cards directly.
Only needed if you use this feature and known to cause system crashes in some
cases. "x" can be 1, 2 or 3 and depends upon driver version.
Replaced by HPHmon** (where ** is the version number) from version 4 onwards |
| U |
HPHmon** |
HPHMON**.EXE |
Monitors the status of the
memory card reader slot on a HP printers and displays a tray icon if a memory
card isn't inserted. Also creates a virtual drive and assigns it the first
available drive letter - which can lead to problems with drive management. **
represents the version number. Disable if you don't use the reader |
| U |
HPHmon03 |
hphmon03.exe |
Related to the Hewlett-Packard
Photosmart's configuration and diagnostics module |
| U |
HPHmon04 |
hphmon04.exe |
Media card reader for some HP
series printers allowing them to read digital camera memory cards directly.
Only needed if you use this feature |
| ? |
HPHmon05 |
hphmon05.exe |
?? |
| U |
HPHmon06 |
hphmon06.exe |
Related to the Hewlett Packard
software HP Photosmart printer, it provides easy access to flash card reading
functions. This program is not essential to the running of the system. Your
choice |
| X |
Hphome |
hphome.js |
Homepage hijacker |
| N |
HPHUPD** |
hphupd**.exe |
HP software update checker and
wizard launcher. ** represents the version number. Available via Start ->
Programs |
| ? |
hpjsiroute |
hpjsira.exe |
Related to HP laserjet printers
and IP addresses. An IP address is appended to the name field - ie
"hpjsiroute192.168.1.2" |
| X |
HPl Services |
hmlsvc32.exe |
Added by the AGOBOT-SI WORM and variants! |
| Y |
HpLamp |
HPLAMP.EXE |
HP Scanner Utility that controls
your scanners light bulb. Needed if it's switched on |
| U |
hplampc |
hplampc.exe |
HP Scanner Lamp Utility - fixes
an issue with the scanner lamp not going off |
| U |
HPLaptopGamesActiveMenu |
ActiveMenu.exe |
Wild Tangent demo games that
come with some HP computers. Unchecking it can prevent the games from running
occasionally. Note that WildTanget's privacy policy used to state that they
also collect and share individuals information but this is no longer the case |
| Y |
HPLJ Config |
SetConfig.exe |
Connects system to networked HP
printer. |
| U |
HPLogiFinder |
hp_finder.exe |
HP LogiFinder helps detect and
allows the use of the centre button for the Logitech mouse. Can be disabled
if not used |
| U |
HpMmKbd |
HpMmKbd.exe |
HP's multimedia keyboard driver
which enables the end-user to use the automation features of the HP
multimedia keyboard |
| U |
HPMVTray |
HPMVTray.exe |
HP Media Vault Networked Storage Device - System Tray
management utility |
| X |
HPNT |
hpdll.exe |
Malware - recognized by
Kaspersky antivirus as Trojan-Downloader.Win32.VB.ku |
| N |
hpodblia |
hpodblia.exe |
HP OfficeJet Scan Button Monitor
on a multi-function printer/copier/scanner. Start your scanning software
manually |
| N |
hpoddt01.exe |
N/A |
Installed by the "HP Photo
and Imaging Director" software. If you ask for the imaging software,
this program will be started |
| N |
hpodlb08 |
hpodlb08.exe |
HP OfficeJet Scan Button Monitor
on a multi-function printer/copier/scanner. Start your scanning software
manually |
| Y |
hpotdd01.exe |
hpotdd01.exe |
Detection of new imaging,
printing and other peripherals on HP machines such as USB printers, cameras
and Bluetooth products. "This program is a non-essential process, but
should not be terminated unless suspected to be causing problems" |
| Y |
hpppta |
HPPPTA.exe |
HP parallel port driver for
certain hardware |
| X |
HpPrinter |
hpserver.exe |
Added by the CMJSPY-W TROJAN! |
| N |
HPPROPTY |
HPPROPTY.EXE |
HP LaserJet Toolbox |
| U |
HPPWRSAV |
HPPWRSAV.EXE |
Power
save related for HP Scanners. Many users have complained of system freezes
with it running but it stops the light from remaining on all the time. Try
www.hp.com, pick your OS option under the SUPPORT tab, follow
the instructions and you will find an updated lamp control patch |
| ? |
hpqcmon |
hpqcmon.exe |
From HP and related to digital
imaging |
| U |
HPSCANMonitor |
hpsjvxd.exe |
HP scanning software that
enables you to scan images from your scanner. Needed if you're using the
scanner |
| ? |
hpScannerFirstBoot |
scannerfb.exe |
HP scanner related |
| N |
hpsjbmgr |
hpsjbmgr.exe |
HP ScanJet Button Manager. It
allows users of the HPScanJet scanners to indicate what the buttons on the
scanner will do automatically if pushed. Not required at startup, unless the
scanner is used every day, such as in a business environment |
| N |
HPStart |
hpstart.wsf |
This a script used by HP that
runs the first time one of their computers is started. Can't imagine why it
would be starting up after the first boot |
| X |
hpsysconf1 |
[random filename] |
Added by a variant of the VIVIA.A TROJAN! |
| U |
hpsysdrv |
hpsysdrv.exe |
This item keeps track of how
many times the system has been recovered and the times of the first and last
recoveries done on the system. Leaving unchecked will sometimes prevent the
Keyboard Manager program from detecting that the computer is an HP. Since
this program/driver was only made to run on HP, if it can't tell that it is
an HP it will not run. If unchecked, it can prevent the running of the
Application Recovery CDs, the use of the multimedia keys, and the HP Instant
Support. Also seen that without it running, the Riptide Sound card that was
installed on some older HP computers stops working |
| X |
hptools |
hptools.exe |
Added by a
variant of the SDBOT WORM! |
| X |
hptools |
microsoft.exe |
Added by a
variant of the SDBOT WORM! |
| N |
HPU |
ProvenTactics.exe |
Proven Internet
Marketing software |
| U |
hpWirelessAssistant |
HP Wireless Assistant.exe |
The HP Wireless Assistant is a
user application that provides a way to control the enablement of individual
wireless devices (such as Bluetooth or WLAN devices) and that shows the state
of the radios for these wireless devices |
| N |
HPZTS04 |
hpzts04.exe |
Hewlett Packard printer toolbox
shortcut that resides in the system tray |
| U |
hpztsb02 |
hpztsb02.exe |
HP System Tray utility which
allows diagnostic and maintainance of your HP Deskjet series printer |
| U |
hpztsb04 |
hpztsb04.exe |
HP System Tray utility which
allows diagnostic and maintainance of your HP Deskjet series printer |
| U |
hpztsb05 |
hpztsb05.exe |
HP System Tray utility which
allows diagnostic and maintainance of your HP Deskjet series printer |
| U |
hpztsb07 |
hpztsb07.exe |
HP System Tray utility which
allows diagnostic and maintainance of your HP Deskjet series printer |
| U |
hpztsb09 |
hpztsb09.exe |
HP System Tray utility which
allows diagnostic and maintainance of your HP Deskjet series printer |
| U |
hpztsbol |
hpztsbol.exe |
HP System Tray utility which
allows diagnostic and maintainance of your HP Deskjet series printer |
| X |
HQI Services |
hqisvc32.exe |
Added by the AGOBOT-RO WORM! |
| X |
HQI Services |
hqlsvc32.exe |
Added by the AGOBOT-RP WORM! |
| U |
HR |
Hr.exe |
HiddenRecorder periodically takes screenshots of the
computer. If you didn't install this yourself remove it |
| U |
HREF.OCX |
regsvr32.exe ....HREF.OCX |
HREF.OCX
is an ActiveX control developed by xFX JumpStart and used to provide
HTML-alike clickable links on Windows-based programs such as PopUpKiller |
| X |
Hrn_qtv |
hrnsvc32.exe |
Added by the SDBOT-AET WORM! |
| X |
hsim |
isearch.exe |
Unidentified malware |
| X |
hsim |
sexgame.exe |
Unidentified malware |
| X |
hsim |
toolbar.exe |
Unidentified malware |
| U |
HSLAB Logger |
logger.exe |
HSLABLogger logs user activity and Internet activity. The
gathered information can be sent to a predetermined email address. If you
didn't install this yourself uninstall it |
| U |
HSTrans |
hstrans.exe |
Homescan
Internet Transporter - part of ACNielson Homescan. Recognizes when the
ACNielsen Homescan Scanner is attached to the computer and allows it to
transmit scanner information to ACNielsen |
| ? |
HsuGuiControl |
HsuGuiControl.exe |
Part of the Starband Internet
satellite client. What does it do and is it required? |
| U |
Hti |
npdor.exe |
Appears in startup if you have chosen to participate in on
survey by NPD Online Research. Required for the survey to work correctly.
Otherwise not required |
| X |
HTML Help System |
hhs.pif |
Added by the RBOT-ATB WORM! |
| X |
HTML32 Help System |
hhs32.pif |
Added by the RBOT-ATE WORM! |
| U |
HTpatch |
htpatch.exe |
HTpatch.exe is part of the SiS
AGP patch - BUT unless your processor (and motherboard) supports
HyperThreading (HT) and this feature is enabled it will actually SLOW your
graphics card by around 6% |
| X |
HtProtect |
AVprotect.exe |
Added by the NETSKY.L WORM! |
| X |
HTTP Tunneling Server |
mstunnel.exe |
Added by the RBOT.EDL WORM! |
| X |
http://www.lienvandekelder.be |
Lien Van de Kelder.exe |
Added by the MYTOB-AP WORM and variants! |
| X |
http://www.lienvandekelder.be |
Lien Vande Kelder.exe |
Added by the MYTOB-AQ WORM! |
| X |
http://www.lienvandekelder.be |
Lien vd Kelder.exe |
Added
by the MYTOB-M WORM! |
| X |
http://www.lienvandekelder.be |
Lien.exe |
Added by the MYTOB-CZ WORM! |
| X |
http://www.lienvandekelder.be |
Lientjeuh.exe |
Added
by the MYTOB-P WORM! |
| X |
http://www.lienvandekelder.be |
LienVandeKelder.exe |
Added
by the MYTOB-AZ WORM! |
| X |
http://www.lienvandekelder.be |
LienVdK.exe |
Added
by the MYTOB-U WORM! |
| X |
http://www.lienvandekelder.be |
Van de Kelder Lien.exe |
Added by the MYTOB-BF WORM! |
| X |
http://www.lienvandekelder.be |
We Love Lien Van de Kelder.exe |
Added by the MYTOB-CV WORM! |
| X |
http://www.lienvandekelder.com |
Lien Van de Kelder.exe |
Added by the MYTOB-EQ WORM! |
| X |
http://www.lienvandekelder.com/ |
LienVandeKelder.exe |
Added by the MYTOB-EO WORM! |
| X |
httpd |
browse.exe |
Added by the TACTSLAY.C TROJAN! |
| X |
httpd |
c_pan.exe |
Added by a variant of the DELF-A
TROJAN! |
| X |
httpd |
deamon.exe |
Added by the TACTSLAY.C TROJAN! |
| X |
httpd |
deamon.exe |
Added by the TACTSLAY.C TROJAN! |
| X |
httpd |
msgaol.exe |
Added by the TACTSLAY.C TROJAN! |
| X |
httpd |
s_menu.exe |
Added by the TACTSLAY.C TROJAN! |
| X |
https-ssl |
https.exe |
Added by the MOEGA.D WORM! |
| ? |
huhdir |
huhdir.exe |
?? |
| X |
huigezi |
HgzServer.exe |
Added by the GRAYBIRD.C TROJAN! |
| X |
Hvid |
Hvid.exe |
Added by the GEMA TROJAN! |
| X |
HWINFO* |
HWINFO* |
Added by the PUROL WORM! where * is a random character |
| Y |
HWinst |
N/A |
For Gilat Communications
internet satellite systems. Gilat rescue (Satellite system restore). Required
if you have this system. Can cause a BSOD (blue screen of death) if left out |
| X |
Hwp |
system_wc.exe |
Eziin adware |
| X |
hws |
hws.exe |
Added by the STARTPA-CT TROJAN! |
| U |
HWSetup |
HWSetup.exe hwSetUP |
"Toshiba Hardware Setup is
the Toshiba configuration management tool available through Windows."
Allows the user to change BIOS, hard disk, memory, boot disk priority and
other settings |
| X |
hxadsec |
[path to trojan] |
Added by the ADCLICK-AP TROJAN! |
| X |
HXDL.EXE |
HXDL.EXE |
Attune HelpExpress - spyware. Disable and uninstall - see
here |
| X |
HXIUL.EXE |
HXIUL.EXE |
Attune HelpExpress - spyware. Disable and uninstall - see
here |
| U |
HydarVisionDesktopManager |
desk95.exe |
ATI's
HydraVision desktop management software, allowing for multi-monitor support,
as included in ATI HydraVision versions 2.5 and earlier. Has been reported to
cause problems, such as this one. HydraVision can be uninstalled through
Add/Remove Programs |
| U |
HydraVisionDesktopManager |
desk98.exe |
ATI/Appian HydraVision Desktop
Manager software - monitors and regulates window and dialog box placement
according to user preferences when using a multi monitor setup |
| U |
HydraVisionViewport |
viewport.exe |
ATI/Appian HydraVision Desktop
Manager software - monitors and regulates window and dialog box placement
according to user preferences when using a multi monitor setup |
| X |
Hyper Start |
instantmsgrs.exe |
Added
by the RBOT-NH WORM! |
| X |
I am not Ranky. I am eTunnel! |
disney.exe |
Added by an unidentified WORM or
TROJAN! |
| X |
I am not Ranky. I am eTunnel! |
msyervice.exe |
Added by an unidentified WORM or
TROJAN! |
| X |
I am not Ranky. I am eTunnel! |
winsys.exe |
Added by an unidentified WORM or
TROJAN! |
| X |
I/O Controllers |
svcnet.exe |
Added by the TIBIK-B TROJAN! |
| X |
I386 |
I386.exe |
Added by the MYPOWER WORM! |
| ? |
I81SHELL |
I81SHELL.exe |
Appears to be related to drivers
for an Intel 810 graphics chipset on an ASUS motherboard |
| U |
i8kfangui |
i8kfangui.exe |
Graphical interface for fan
speed control |
| U |
IAAnotif |
iaanotif.exe |
IAA Event
Monitor User Notification Tool - part of Intel® Application Accelerator -
"a performance software package for desktop PCs using select Intel®
chipsets" that "replaces the ATA drivers that come with Windows
with drivers optimized for desktop and mobile PCs." If you use the RAID
version it's required to notify you if a RAID 1 disk has failed |
| Y |
iamapp |
iamapp.exe |
AtGuard personal firewall
engine. As Atguard was bought by Symantec some time ago, it's now the Norton
Personal Firewall executable as well |
| X |
Iamnacho On Irc.MusIrc.com Is a
Homosexual! |
XBox64.exe |
Added by the RANDEX.Y WORM! |
| ? |
Iap |
iap.exe |
Possibly part of Dell OpenManage Client Instrumentation -
software that allows remote management application programs to access
information about, monitor the status of or change the state of the client
computer, such as shutting it down remotely? |
| U |
ias |
ias.exe |
InvisibleASpy keystroke logger/monitoring program - remove
unless you installed it yourself! |
| X |
IASHLPR |
IASHLPR.EXE |
Added by the OPASERV.T WORM! |
| X |
ibin |
[path to trojan] |
Added by the PERDA-C TROJAN! |
| X |
ibm |
ibm.exe |
Added by the LEGMIR-AH TROJAN! |
| ? |
IBM Warranty Notification |
ERTS0749.exe |
IBM Warranty Notification - presumably it's a reminder to either register or that warranty
is about to expire? |
| Y |
IBM_PWMGR |
pwmgr.exe |
IBM Password Manager |
| N |
ibmmessages |
ibmmessages.exe |
Allows IBM to push messages onto
users' computers. Quote: "The Access IBM Message Center can display
messages to inform you about software and solutions available from IBM as
well as messages from IBM eSupport" |
| ? |
Ibmmon.exe |
Ibmmon.exe |
?? |
| U |
Ibmpmsvc |
ibmpmsvc.exe |
Power management driver for IBM
laptops. Provides support for the use of four keys on the thinkpad keyboard
with blue key tops - Fn, F3, F4 & F12 - which have specific functions to
control the standby and hibernate buttons. Not required if you don't plan to
go into standy or hibernate modes |
| ? |
IBMPRC |
ibmprc.exe |
IBM application - what does it do and is it required? |
| U |
IBMUltraBayHotSwapCPLLoader |
IBMBAY2N.EXE |
Supports hot swapping in
Thinkpad UltraBay Option on IBM ThinkPad laptops |
| ? |
IBMUltraBayHotSwapSound |
IBMBAYSN.EXE |
Supports hot swapping in
Thinkpad UltraBay Option on IBM ThinkPad laptops. Is it needed though - does
it just play a sound? |
| U |
IBWin Background process |
IBackground.exe |
IBackup for
Windows |
| U |
IBWin Monitor |
IBMonitor.exe |
IBackup for
Windows |
| N |
IC_KEY_3 |
spvic.exe |
Instant Chess related |
| Y |
IcaBar |
icabar.exe |
Related to Citrix MetaFrame |
| X |
icasServ |
icasServ.exe |
Browser hijacker, redirecting to Searchforfree.info. Also
detected as the ICASERV-A TROJAN! |
| X |
ICcontrol |
iccontrol.exe |
Added by the ICcontrol premium rate adult content dialer |
| X |
icdd7ee6 |
rundll32.exe [path]
icdd7ee6.dll, EnableRunDLL32 |
LZIO.com
adware downloader |
| X |
icddefff |
rundll32.exe [path]
icddefff.dll, EnableRunDLL32 |
LZIO.com
adware downloader |
| N |
ICH Synth |
eusexe.exe |
Sound related and can be
disabled without affecting performance although advanced sound features may
be sacrificed. May be related to Compaq PC's with
"SoundMAX integrated Digital Audio" (Analog Devices Inc.) devices |
| X |
icifati |
yujixit.exe |
Added by the SDBOT.ZZH WORM! |
| U |
iClean |
iClean.exe |
IEClean -
"advanced, comprehensive package of tools which perform a number of
functions to allow you to control your online privacy" |
| U |
ICM |
ICM.EXE |
Starts Internet Call
Manager dialog box and/or taskbar icons at bootup. This is a subscription
program from internetcallmanager.com that monitors a dialup phone line for
incoming calls and handles voicemail |
| N |
iCn |
NAG.EXE |
iChoose - shopping browser
enhancement that alerts you to cheaper deals for goods you want to buy, if
they exist. Not related to the Mac icon program of the same name |
| N |
ICO |
ICO.EXE |
Found on Sony Vaio and IBM
Thinkpad (and possibly other) laptops and seems to be related to Mouse Suite
98 Daemon according to the properties. Appears to cause a behaviour where the
desktop suddenly flips back up when playing DirectX associated games |
| N |
Icon Animation |
HDE.EXE |
Part of McAfee Nuts & Bolts.
Provides entertaining animation of your desktop icons |
| N |
Icon Hearit 95 |
hearit95.exe |
Audio desktop customization
utility from Moon Valley Software. Resource hog |
| N |
Icon Hearit 98 |
hearit98.exe |
Audio desktop customization
utility from Moon Valley Software. Resource hog |
| X |
Icon lptt01 |
icon.exe |
RapidBlaster variant (in a
"Icon" folder in Program Files). Recommended you use RapidBlaster
Killer to uninstall - see here |
| X |
Icon ml097e |
icon.exe |
RapidBlaster variant (in a
"Icon" folder in Program Files). Recommended you use RapidBlaster
Killer to uninstall - see here |
| Y |
ICONCLNT |
iconclnt.exe |
APC
PowerChute Tray Icon. Associated with the UPS listing |
| U |
ICONDESK |
ICONDESK.EXE |
Small utility which will allow
you the option of hiding or showing your desktop icons |
| N |
Iconfig.exe |
Iconfig.exe |
Icon for LS-120
"Superdisk" |
| X |
iConfigLoader |
DIIhost.exe |
Added by the GAOBOT.AO WORM! |
| N |
Iconoid |
Iconoid.exe |
Iconoid is a
desktop icon manager |
| N |
Iconsaver |
Iconsaver.exe |
IconSaver is a
desktop icon manager |
| X |
ICQ |
ICQNET.vbs |
Added by the GORMLEZ-A WORM! |
| X |
ICQ Center |
[path to worm] |
Added by the RANDIN WORM! |
| X |
ICQ Chat Service |
icqjdhs.exe |
Added by a variant of the RBOT WORM! |
| X |
ICQ Hacking Pro |
ICQpro.exe |
Added by a variant of the NETSPY TROJAN! |
| N |
ICQ Lite |
ICQLite.exe |
ICQ Lite - compact
version of the popular messaging program |
| X |
icq lite |
scvhost.exe |
Added by the AGENT-DSF TROJAN! |
| X |
icq lite |
winlog.exe |
Added by the IRCBOT-TJ TROJAN! |
| X |
ICQ Lite Messenger |
[random filename] |
Added by an unidentified VIRUS,
WORM or TROJAN! Unlike the legitimate ICQ Lite executable, which will be
located in the ICQLITE folder in Program Files, this particular impostor is
located in the Windows or WinntSystem32 directory |
| X |
ICQ Messenger 2002 |
ICQ2002.exe |
Added by the SDBOT-ABL WORM! |
| X |
ICQ Net |
winlogon.exe |
Added by variants of the NETSKY WORMS! Note - this is not the
legitimate winlogon.exe process which should not appear in Msconfig/Startup! |
| N |
ICQ Plus |
vplus.exe |
ICQ Plus is a freeware utility makes your ICQ skinnable
(change the look). Available via Start -> Programs |
| X |
IcqBeta |
webcamupdate.exe |
Added by an unidentified TROJAN! |
| X |
ICQNet |
winlogon.exe |
Added by the NETSKY-C WORM! Note
- this is not the legitimate winlogon.exe process, which should not appear in
Msconfig/Startup and is always located in the System32 folder. This file is
placed in the Windows or Winnt folder |
| X |
icrosof Avps32 Control |
av32.pif |
Added by the RBOT-AVC WORM! |
| X |
icrosoft Visual |
plscx.exe |
Added by the RBOT-AYO WORM! |
| X |
icrosoft Visual InterDevc |
zvslmqb.exe |
Added by the RBOT-AYP WORM! |
| X |
icrosoft Windows DLL Services
Configuration |
poker3.exe |
Added by the SDBOT-AER WORM! |
| X |
icrosoftf Avpx Control |
avpx.exe |
Added by the RBOT-AYN WORM! |
| U |
ICSDCLT |
rundll32.exe Icsdclt.dll,
ICSClient |
Internet Connection Sharing
allows more than one computer to simultaneously access the internet with a
single connection. Also required when networking two machines |
| N |
ICServer |
Icserver.exe |
Intel Intercast viewer software.
Gives access to selected internet pages which are broadcasted by several TV
stations |
| Y |
ICSMGR |
ICSMGR.EXE |
Monitors DNS and DHCP requests
for ICS (Internet Connection Sharing). Needed if you're sharing the internet
on various computers |
| N |
ID Commander |
IDCom.exe |
Caller ID utility for
identifying incoming telephone numbers |
| X |
ID8525 |
ID8525.exe |
Added by the ID8525.A TROJAN! |
| X |
ID8525 |
id85255.exe |
Added by the ID8525.A TROJAN! |
| ? |
IDA |
IDA.EXE |
HP related - in a Program
FilesHewlett-PackardPC COE folder |
| X |
IDE |
ide.exe |
Added by the ASSASIN.F TROJAN! |
| X |
IDE Loader |
IDElibr32.exe |
Added by the XILON TROJAN! Related to the game "Diablo
II" |
| X |
idecntl |
idecntl.exe |
Added by a variant of the CRYPTER.C TROJAN! |
| U |
iDesktop |
idesktop.exe |
Immersion TouchWare Desktop software for devices such as the
Logitech iFeel Mouse |
| N |
IDMan |
IDMan.exe |
Internet
Download Manager - download files faster, schedule and resume |
| X |
IDTemplates |
IDTemplate.exe |
Added by the BRONTOK-H WORM! |
| N |
IDW Logging Tool |
idwlog.exe |
Added with WinXP SP1. Usually
only found in internal builds only to indicate the current build being used.
Can cause slow network logon problems |
| X |
IE configure |
explorer.exe |
Added by the LINEAGE-C TROJAN! Note - this is not the
legitimate Windows Explorer (explorer.exe) which would not normally appear in
Msconfig/Startup unless you added it manually! |
| U |
IE Doctor |
IEDoctor.exe |
IE Doctor Toolbar - "IE
Doctor can help you to Repair IE easily, protect IE and OE from all malicious
changes. It can Repair the HomePage, context menu, IE toolbar button, startup
items, Favorites, typed URLs and the entire Internet Options" |
| X |
IE Java Update |
iejava.exe |
Added by the AGENT-HD TROJAN! |
| X |
IE Menu Extension toolbar |
rundll32.exe [path] tbextn.dll
DllShowTB |
Topconverting.com180Search
"IEMenuExtension" toolbar |
| U |
IE New Window Maximizer |
iemaximizer.exe |
IE New Window
Maximizer - automatically maximize new Internet Explorer and Outlook Express
windows |
| X |
IE Runtime |
wini.exe |
Added by the PICRATE.B WORM! |
| X |
IE Runtimes |
winis.exe |
Added by the RBOT-ADZ TROJAN! |
| X |
IE**.exe [* = random char] |
IE**.exe [* = random char] |
CoolWebSearch/HomeSearch adware
- for examples, see this log |
| X |
IE**32.exe [* = random char] |
IE**32.exe [* = random char] |
CoolWebSearch/HomeSearch adware
- for examples, see this log |
| X |
IE6 |
porn.pif |
Added by the RBOT-ATF WORM! |
| X |
IE6 |
ssmss.exe |
Added by the GAOBOT.DXO WORM! |
| X |
IE6 |
wkstmg.exe |
Added by a
variant of the SDBOT WORM! |
| X |
IEACCESS |
surfya.exe |
IEAccess premium rate adult content dialer variant |
| X |
IEACCESS |
temp532.exe |
AsdPlug premium rate adult content dialer variant |
| X |
IEAgent update check |
iewatch.exe |
Added by the BOMKA TROJAN! |
| X |
IE-Bar |
iebar.exe |
DesktopMedia adware |
| N |
iecheck |
iecheck.exe |
Integrity checker for
IconEdit2 icon editor. It serves for IconEdit2 internal tasks only and can be
safely deleted from the system if you are running the latest version of
IconEdit2 |
| X |
IECheck |
MSDTCs.exe |
Added by the TIRBOT-D WORM! |
| X |
IECheck |
mssvp.exe |
Added by the TIRBOT-G WORM! |
| X |
IECheck |
xpssl.exe |
Added
by the TIRBOT-E WORM! |
| U |
IECleanAux |
Ieboot6.exe |
IEClean by Kevin
McAleavy - cookie manager, cache cleaner, history cleaner, etc. Performs
cleaning tasks at startup |
| X |
iedll |
iedll.exe |
Homepage hijacker, redirecting
to coolwwwsearch.com |
| X |
IEDriver |
IEDriver.exe |
Installed as part of adware
(Cydoor) based peer-to-peer file sharing software called URLBlaze |
| X |
IEDriver |
TD.exe |
IEDriver
adware variant |
| X |
IEDriver |
xplore.exe |
IEDriver
adware variant |
| X |
IEengine |
IEeng.exe |
STARTPAG.AI hijacker |
| X |
IEFeatures |
IEFeatures.exe |
Added by the POPMON.A TROJAN! - also known as PopMonster
adware |
| X |
IEFeatures |
Internetfeatures.exe |
Added by the POPMON.A TROJAN! - also known as PopMonster
adware |
| X |
IefxTray |
IefxTray.exe |
Added by the RILER-H TROJAN! |
| X |
ieharv.exe |
ieharv.exe |
Added by the BANKER-HH TROJAN! |
| X |
Iehelper |
syslaunch.exe |
Outwar adware downloader |
| X |
iel2cde8 |
rundll32.exe [path]
iel2cde8.dll, EnableRunDLL32 |
LZIO.com
adware downloader |
| X |
ielcaabe |
rundll32.exe [path]
ielcaabe.dll, EnableRunDLL32 |
LZIO.com
adware downloader |
| X |
IELoader32 |
iexplore32.exe |
Added by the SPEX or SPEX.B
WORMS! |
| X |
Iesar |
Iesar.exe |
Browser hijacker - redirecting
to an adult web page |
| X |
Iesearch.exe |
Iesearch.exe |
LookNSearch adware |
| X |
IESet |
IExplorer.dll |
Added by
the PWS-BLUEDIT TROJAN! |
| X |
iestart |
iexp1orer.exe |
Added by the NEMOG.C TROJAN! |
| N |
ietsr |
ietsr.exe |
IEClean by Kevin
McAleavy - cookie manager, cache cleaner, history cleaner, etc |
| X |
ieupdate |
MCP****.exe [**** = random char] |
Added by the ASOXY TROJAN! |
| X |
ieupdate |
mcpdll32.exe |
Adware downloader trojan |
| X |
IEXPL0RER |
IEXPL0RER.EXE |
Added by the AGOBOT-QL WORM! Note the filename has a
"0" rather than an upper case "o" |
| X |
iexpl0res |
iexpl0res.exe |
Added by the RBOT.AEX WORM! Note - this malware actually
changes the default value data of the Registry "Run" key in order
to force Windows to launch it at boot |
| X |
IExploer |
svshosts.exe |
Added by the IRCBOT.BT TROJAN! |
| X |
Iexploit |
Iexploit.html |
Added by the INKER.B WORM! |
| X |
Iexplore |
iexplore.exe |
Added by the BOXER TROJAN! Note
- this is not the legitimate Internet Explorer iexplore.exe process which is
always located in the Program FilesInternet Explorer folder and should not
normally figure in Msconfig/Startup! This file is located in the System
(9x/Me) or System32 (NT/2K/XP) folder |
| X |
IEXPLORE |
iexplore.exe |
Added by the APHEXDOOR TROJAN!
Note - this is not the legitimate Internet Explorer iexplore.exe process
which is always located in the Program FilesInternet Explorer folder and
should not normally figure in Msconfig/Startup! This file is located in the Winnt
or Windows folder |
| X |
IExplore |
IEXPLORE.EXE |
Added by the DLOADER-YZ TROJAN!
Note - this is not the legitimate Internet Explorer iexplore.exe process
which is always located in the Program FilesInternet Explorer folder and
should not normally figure in Msconfig/Startup! This file is located in a "Custom"
subfolder |
| X |
IExplore |
IEXPLORE.exe |
Added by the DLOADR-AAM TROJAN!
Note - this is not the legitimate Internet Explorer iexplore.exe process
which is always located in the Program FilesInternet Explorer folder and
should not normally figure in Msconfig/Startup! This file is located in the "Arquivos
de programasInternet ExplorerCustom" folder |
| X |
IEXPLORE |
IEXPLORE.EXE |
Added by the BANKER-BWE TROJAN!
Note - this is not the legitimate Internet Explorer iexplore.exe process
which is always located in the Program FilesInternet Explorer folder and
should not normally figure in Msconfig/Startup! This file is located in the System
(9x/Me) or System32 (NT/2K/XP) folder |
| X |
Iexplore Services |
iexplore.exe |
Added by an unidentified VIRUS, WORM or TROJAN! Note - this
is not the legitimate Internet Explorer iexplore.exe process which is always
located in the Program FilesInternet Explorer folder and should not normally
figure in Msconfig/Startup! |
| X |
IEXPLORE.EXE |
[path to trojan] |
Added by the BANCOS-CJ TROJAN! |
| X |
IEXPLORE.EXE |
goot.exe |
Added by the BIFROSE-C TROJAN! |
| X |
Iexplorer |
explorer.exe |
Added by the ZAPCHAS-AC TROJAN! Note - the legitimate Windows
Explorer (explorer.exe) is located in the Windows or Winnt folder and would
not normally appear in Msconfig/Startup unless you added it manually! This
one is located in the System folder |
| X |
IExplorer |
Iexplor32.exe |
Added by the BDOOR-BY TROJAN! |
| X |
IExplorer |
IExplorer.EXE |
Added by the BANCOS-CH TROJAN! |
| X |
IEXPLORER |
msiecfg.exe |
Added by the JU or BANCBAN-IP
TROJANS! |
| X |
iexplorer lptt01 |
iexplorer.exe |
RapidBlaster variant (in a
"iexplorer" folder in Program Files). Recommended you use
RapidBlaster Killer to uninstall - see here |
| X |
iexplorer ml097e |
iexplorer.exe |
RapidBlaster variant (in a
"iexplorer" folder in Program Files). Recommended you use
RapidBlaster Killer to uninstall - see here |
| X |
Iexplorer.exe |
Iexplorer.exe |
Added by the BANCBAN-EN TROJAN! |
| X |
IExplorer32 Java Scripting |
IExplore32b.exe |
Added by the RBOT.ABO WORM! |
| X |
IExplorer32c Java Scripting |
IExplore32cb.exe |
Added by the RBOT.ABN WORM! |
| X |
IExplorer6 Java Scripting |
IExplore326.exe |
Added by a
variant of the SDBOT WORM! |
| X |
IExplorer7 Java Scripting |
IExplore327.exe |
Added by a
variant of the SDBOT WORM! |
| X |
ifp |
ipf.exe |
Added by the CLAGGER-AG TROJAN! |
| U |
IFSplash.exe |
IFSplash.exe |
I-FORCE driver for force
feedback steering wheel |
| X |
igamatu |
atecaca.exe |
Added by the IRCBOT.R WORM! |
| X |
igamatu |
ekor.exe |
Added by the SDBOT.AQ TROJAN! |
| U |
igfxtray |
igfxtray.exe |
Part of Intels Common User
Interface for chipsets with integrated graphics controllers - which allows
user to change different driver properties through Windows User Interface.
Quick access to the control panel via a System Tray icon. Available via Start
-> Settings -> Control Panel |
| ? |
Iglpbv |
Iglpbv.exe |
?? |
| N |
igndlm.exe |
DLM.exe |
IGN Download Manager has become
a requirement for downloading files through FilePlanet.com. It is based on
Internet Explorer and it installs through an ActiveX-plugin, hence Internet
Explorer must be installed beforehand and downloads has to be initialized
through that browser |
| X |
igsex2x |
igsex2x.exe |
NewDial premium rate adult content dialler |
| ? |
iHP-100 |
iHPDetect.exe |
Drive Letter
Searcher, iRiver iHP-100 iHP and H Series player related - does it need to
start with Windows every time? |
| X |
iilc |
IILC.EXE |
Homepage hijacker |
| X |
Iinl |
iptl.exe |
PurityScan/Clickspring adware |
| X |
iisvers |
iisvers.exe |
Added by an unidentified TROJAN
or adware |
| N |
iIWiper |
Systemwiper.exe |
System
Wiper from iI Software - allows you to clear the history of your activites
from you computer. Run manually on a regular basis |
| Y |
IJ75P2PSERVER |
IJ75P2PS.EXE |
Printer utility which is
required in order to make the printer work correctly |
| Y |
IKE Service 95 |
IKEService.exe |
Associated with PGP. The PGP Tray can be disabled, but
without IKESERVICE you won't be able to de- or encrypt anything |
| U |
iKeyWorks |
IKEYMAIN.EXE |
A4Tech
wireless keyboard driver and utility |
| X |
iLLeGaL |
Mplayer.exe |
Added by the HOLAR.C (or GALIL)
WORM! Note - this should not be comfused with Windows Media Player which has
the same filename |
| X |
iLLeGaL.exe |
Mplayer.exe |
Added by the HOLAR.C (or GALIL)
WORM! Note - this should not be comfused with Windows Media Player which has
the same filename |
| ? |
ILO_Office_Manager |
IntEdReg.exe /OFFMAN |
Intense Educational Ltd -
Language Office Software. Is it required? |
| U |
iLyric |
iLyric.exe |
iLyric plugin for
Winamp media player. Allows you to retrieve the lyrics for your songs with
the press of a button |
| N |
iM Start Center |
iM_Tray.exe |
Installed with the Sound Blaster
Audigy range of soundcards. A radio tuner installed if the user chooses
during installation. Available via Start -> Programs -> iM Networks
-> iM Radio Tuner |
| X |
im_autorn |
im_1.exe |
Added by the IMAV.A WORM! |
| X |
im_autorn |
im_2.exe |
Added by the BAGLEDL-BO TROJAN! |
| X |
Image |
rundll32 image.dll, Install |
CoolWebSearch
parasite variant |
| Y |
Image & Restore |
IMAGE32.exe |
Part of McAfee Nuts & Bolts.
Image/Restore can recover from drives that have been accidentally formatted
or completely erased, if Image was recently run |
| N |
Image Transfer |
SonyTray.exe |
Sony Image Transfer software
provides direct image transfer from your digital camera to a PC - can be
started manually |
| U |
ImageDrive-{hex numbers} |
ImageDrive.exe |
Nero
ImageDrive from Ahead - virtual CD/DVD drive software |
| U |
Imagefox |
imagefox.exe |
ImageFox 2.0 (formerly available from ACDSee) is an
"add-on" graphics previewer for most Windows Open/Save As dialog
boxes |
| X |
Imagemgt32 |
Imagemgt32.exe |
Added by the GEMA TROJAN! |
| X |
ImagePath |
taskbarmngr.exe |
Added by the SDBOT-XB WORM! |
| X |
IMAPI |
load.exe |
Added by the DOWNDEL-A TROJAN! |
| N |
iMarkup Client |
iUtil.exe |
Enables
the iMarkup Client web page annotation utility to run in the background and
be available in systray. Shortcut available via Start -> Programs |
| U |
Imatio |
imation.exe |
Imation Disk Manager - enables you to create a password
protected area on your Imation USB flash drive |
| X |
IMClass |
Svhosl.exe |
Added by an unidentified WORM or
TROJAN! |
| N |
imekrig |
imekrig.exe |
Part of MS Input Method Editor which is used to ease the
input of Asian characters in MS Office (Chinese, Japanese and this one is
Korean) |
| N |
IMEKRMIG6.1 |
IMEKRMIG.EXE |
Part of MS Input Method Editor which is used to ease the
input of Asian characters in MS Office (Chinese, Japanese and this one is
Korean) |
| N |
Imesh |
?? |
Imesh is a file sharing system |
| N |
Imesh Auto Update |
?? |
Update check for the Imesh file sharing system. Turn the
update off under "options" |
| X |
IMEvtMgr.exe |
IMEvtMgr.exe |
Added by the KEYLOG-AR TROJAN! |
| U |
ImgIcon |
ImgIcon.exe |
Displays Iomega icons in
Explorer/My Computer, ejects Zip disks on shutdown and displays a special
delete confirmation box when deleting files on an Iomega drive. Available via
Start -> Programs. If you disable it remember to eject disks first before powering
the drive down - hence the "U" recommendation. Note - FreeCell may
not run with ImgIcon running |
| X |
imgit |
[path to file] |
Added by the BANKER-EM TROJAN! |
| N |
ImgStart |
ImgStart.exe |
Used by Iomega drives. Details of its purpose can be found
here. Available via Start -> Programs |
| N |
Imjpmig*.* |
IMJPMIG.EXE |
Part of MS Input Method Editor which is used to ease the
input of Asian characters in MS Office (Chinese, Korean and this one is
Japanese). *.* represents the version number |
| ? |
immcheck.exe |
immcheck.exe |
Related to I-FORCE driver for
force feedback steering wheel? |
| X |
ImMsn |
timed.exe |
Added by the WEBDOR.AK TROJAN! |
| U |
IMOL |
IMOLApp.exe |
IncrediMail for Office
Outlook Add-On |
| X |
imonitor |
[path to trojan] |
Added by the IMONI-A TROJAN! |
| N |
Imonitor |
Plguni.exe |
McAfee
QuickClean 3.0 - removes internet clutter and unwanted programs |
| U |
IMONTRAY |
imontray.exe |
System tray monitoring of fans,
temperature, voltage, etc for Intel motherboards. Only needed if you
"overclock" or live in hot environment. Can also cause problems
when running on a laptop if you change PCMCIA cards |
| X |
IMprocess |
IM-svr.EXE |
IMNames adware |
| U |
IMStart |
IMStart.exe |
InterMute
security software related |
| X |
imwinsrvc |
acpmonsrv.exe |
Added by the SLAPER.E TROJAN! |
| X |
IMwire |
imwireup.exe |
SafeSurfing adware variant |
| Y |
InCD |
incd.exe |
Ahead InCD packet writing software - similar to DirectCD. For
Nero 5.0 or 5.5 (InCD3), it does not need to start with Windows. You can run
InCD.exe manually before inserting an appropriately formatted CD-RW (CD-MRW)
disk. For Nero 6.0, 6.3 or 6.6 (InCD4), it does need to start with Windows.
It does not function correctly when you try to run it manually, and you will
not have write access to MRW (Mount Rainier) formatted CD-RW (CD-MRW) or
DVD-MRW disks. To regain write access and other features, InCD 4 must start
with Windows |
| N |
IncMail |
IncMail.exe |
"IncrediMail
is an advanced, feature-rich email program that offers you an unprecedented
interactive experience. Unique multimedia features will enable you to tailor
your email experience so that it fits your mood and personality" |
| N |
InControl Desktop Manager |
DMHKEY.EXE |
For Diamond Multimedia video
cards. Allows System Tray access to desktop utilities such as screen
resolution. Available via Start -> Programs |
| N |
Incredimail |
IncMail.exe |
"IncrediMail
is an advanced, feature-rich email program that offers you an unprecedented
interactive experience. Unique multimedia features will enable you to tailor
your email experience so that it fits your mood and personality" |
| N |
Incredimail |
incredimail.exe |
"IncrediMail
is an advanced, feature-rich email program that offers you an unprecedented
interactive experience. Unique multimedia features will enable you to tailor
your email experience so that it fits your mood and personality" |
| X |
Index Service |
dllhost32.exe |
Added by the AGOBOT.CH WORM! |
| U |
Index Washer |
WashIdx.exe |
Window
Washer from Webroot Software. Useful utility that deletes safe to remove
files, cookies, browsing history, etc. Available via from Start ->
Programs. Disable within the program options - otherwise it is re-enabled in
MSCONFIG |
| X |
Indexindicator |
Indexindicator.exe |
Added by the LAZAR TROJAN! |
| N |
IndexSearch |
IndexSearch.exe |
Associated with PaperPort
scanner software from ScanSoft |
| U |
IndexTray |
IndexTray.exe |
Part of Sharpdesk from Sharp Electronics. "A
desktop-based, personal document management application that lets users
browse, edit, search, compose, process, and forward both scanned and native
electronic documents" |
| X |
ine |
svchosts.exe |
Added by the RBOT.BNL WORM! |
| X |
Inet DataBase |
Inetdbs.exe |
Added by the QEDS WORM! |
| X |
Inet Delivery |
inetdl.exe |
Inet Delivery adware |
| X |
Inet Delivery |
inetdl_2.exe |
Inet Delivery adware |
| X |
Inetapi |
Netapi.exe |
Added by the NETDEVIL.14 TROJAN! |
| U |
inetcntrl |
inetcntrl.exe |
Bsafe Online - internet filter |
| ? |
InetConf |
inetconf.exe |
?? |
| U |
Inetd |
INETD32.EXE |
Windows
Inet Daemon from Hummingbird Communications. "Hummingbird Inetd has the
advanced ability to conserve PC resources by listening for connection
requests and launching server daemons". Provides PCs with the full
functionality of a UNIX workstation |
| U |
inetinfo.exe |
inetinfo.exe |
Executable used by MS Internet
Information Server (IIS). If it's running, then so is IIS. Useful in knowing
whether you require the patch for the Code Red worm. Comes with PWS (Personal
Web Server) or NT4 and handles ASP-, PHP code (+ more) |
| X |
inetinfomon manager |
inetinfomon.exe |
Added by the DONBOMB.A TROJAN! |
| X |
inetmgr |
inetmgr.exe |
Actual Names (AdvSearch) Internet Keywords parasite |
| X |
InetMSN |
msnet.exe |
Added by a variant of the SDBOT TROJAN! |
| X |
InetServices |
wsock32.exe |
Added by the WOCK32-A TROJAN! |
| X |
infamous.exe |
wmplayer.exe |
Added by unknown
malware. WMPLAYER.EXE is stored in the location and uses the same name as
Windows Media Player but that valid Windows program doesn't load at startup.
Infamous.exe is identified by Panda antivirus as Trj/Briss.A |
| U |
Info Select |
is.exe |
Info Select from
Micro Logic - personal information manager |
| X |
Info32x |
Info32x.exe |
Added by the GEMA TROJAN! |
| U |
InfoPenMSN |
InfoPenIM.exe |
InfoPenMSN is a
MSN Messenger plugin that allows you to send data written/drawn by hand |
| ? |
Infoplay.exe |
Infoplay.exe |
Written by New Media
Properties, LLC and you're asked if you want to download and install it if
you visit one of their search engine websites (which I chose not to). What
does it do and is it needed? |
| X |
Information Update |
iu.exe |
Recognized by Kaspersky
antivirus as Downloader.Win32.Centim.ch TROJAN! Note - the file associated
with this is located in the Program FilesInformation Update folder |
| U |
Infra-red Monitor |
IRMON.EXE |
System Tray access to infra-red
devices. Not required unless you use infra-red devices |
| X |
infus |
infus.exe |
Adult content dialler |
| U |
Infuzer |
Infuzer.exe |
Infuzer -
"is a service that copies dates from the web or an email straight to
your electronic calendar". Beware of the following adware trait -
"Infuzer provides web site owners with a unique opportunity to
communicate with their visitors in a way that is useful and relevant to them,
as well as increasing return visits and brand awareness, and providing new
e-commerce opportunities" |
| X |
infwin |
infwin.exe |
VX2.Transponder parasite updater/installer related |
| X |
Init32 |
Init32.exe |
Added by the WINEX.A TROJAN! |
| X |
Initial Page |
install.exe |
EasySearch browser hijack
installer |
| Y |
Initialize8x8 |
8x8_init.exe |
Tool that initializes a Pinnacle
PCTV card - maybe in capture or in showing overlay |
| X |
injob |
injobs.exe |
Added by the BINJO TROJAN! |
| N |
Ink Monitor |
InkMonitor.exe |
Associated with Epson (and maybe
other) printers. Tells you when the ink's running low and asks if you want to
buy another cartridge on-line |
| N |
InkWatch |
InkWatch.exe |
Associated with Canon (and maybe
other) printers. Tells you when the ink's running low and asks if you want to
buy another cartridge on-line |
| Y |
InoRPC |
InoRpc.exe |
Associated with eTrust Antivirus/InoculateIT |
| Y |
InoRT |
InoRT9x.exe |
Associated with the Realtime Monitor of eTrust
Antivirus/InoculateIT version 6 virus scanners from Computer Associates. For
NT/2K/XP users you may need a patch if seeing high CPU useage |
| U |
InoTask |
InoTask.exe |
Scheduled scans and signature updates for eTrust
Antivirus/InoculateIT version 6 virus scanners from Computer Associates.
Leave enabled unless you manually update signatures or perform routine scans.
If enabled it can result in high CPU useage when performing updates |
| ? |
insCOA5 |
insCOA5.exe |
?? |
| U |
InstaAlert |
InstaAlert.exe |
"Kayako
InstaAlert allows you to receive realtime alerts whenever a ticket gets
updated under the assigned departments. The application displays popups as
and when the tickets are created or replied to allowing you to answer your
customer requests and issues promptly" |
| X |
InstaFinderK |
InstaFinderK inst.exe |
InstaFinder adware |
| X |
Install |
Install.exe |
Added by the BANCBAN-HG TROJAN! |
| ? |
Install Pending Files |
sifxinst.exe |
Uninstall program for
Lanovation's Prism Deploy and Prism Pack adminstrators software deployement
tools. For specific information see here. Is it required? |
| N |
InstallAurealDemos |
InstallAurealDemos.js |
Used to initialize the Aureal
A3D demos InstallShield wizard |
| U |
InstallBuddy |
Ibtna.exe |
InstallBuddy - automatically translates and installs your
desktop documents, such as Adobe PDF, HTML, Microsoft Word, Excel and
PowerPoint files, to your Palm organizer when you HotSync |
| X |
Installed shell32.dll |
Office.exe... |
Added by a variant of the LOVGATE WORM! |
| X |
Installer |
dial.exe |
Malware - recognized by
Kaspersky antivirus as the AGENT.MM TROJAN! |
| ? |
InstallNAIProduct |
SETUP.EXE |
Could be related to Network
Associates Inc who own the McAfee VirusScan product amongst others. This was
found in a directory called "VSC". Could it be an installation that
failed and "SETUP.EXE" was left to run at startup as an error? |
| X |
Installs SP2 |
[path] repcale.exe [path]
palsp.exe |
Added by a variant of the RANDON.AN WORM! |
| U |
Installstub |
installstub.exe |
Tool for Outlook and Outlook Express from Plaxo for
organising and keeping contacts organised and updated and providing online
access to your contacts and access from PDA or mobile phone |
| X |
Instance 001 |
[path to worm] |
Added by the Alasrou-A WORM! |
| X |
Instant Access |
linewsrv.exe |
InstantAccess premium rate adult content dialer variant |
| X |
Instant Access |
mwsrvacc.exe |
InstantAccess premium rate adult content dialer |
| X |
Instant Access |
rundll32.exe eg_auth_****.dll,
InstantAccess [**** = digits] |
Electronic_Group/InstantAccess premium rate adult content
dialer variant |
| X |
Instant Access |
rundll32.exe EGCOMLIB_****.dll,
InstantAccess [**** = digits] |
Electronic_Group/InstantAccess premium rate adult content
dialer variant |
| X |
Instant Access |
rundll32.exe
EGCOMSERVICE_****.dll, InstantAccess [**** = digits] |
Electronic_Group/InstantAccess premium rate adult content
dialer variant |
| X |
Instant Access |
rundll32.exe EGDACCESS_****.dll,
InstantAccess [**** = digits] |
Electronic_Group/InstantAccess premium rate adult content
dialer variant |
| X |
Instant Access |
rundll32.exe EGDHTML_1023.dll,
InstantAccess |
Electronic_Group/InstantAccess premium rate adult content
dialer variant |
| X |
Instant Access |
rundll32.exe p2esocks_****.dll,
InstantAccess [**** = digits] |
Electronic_Group/InstantAccess premium rate adult content
dialer variant |
| X |
Instant Buzz Daemon |
IBDaemon.exe |
Instant
Buzz adware |
| N |
Instant Update Center |
reminder.exe |
From Broderbund's PrintMaster
10. It is an event reminder (for calendar dates, etc). Delete from the
startup using Startup Manager program because it keeps re-checking itself
when using MSCONFIG. PrintMaster 11 uses filename PMremind.exe - it has
to be unchecked in startup in the same manner |
| U |
Instant Wireless Configuration
Utility |
WPC11Cfg.exe |
Utility used by the
LINKSYS wireless USB Adapter (WUSB11) and indicates when a wireless access
connection is made by a screen colour change. Also used for configuration |
| U |
Instant Wireless Configuration
Utility |
WUSB11cfg.exe |
Utility used by the
LINKSYS LINKSYS wireless USB Adapter (WUSB11) and indicates when a wireless
access connection is made by a screen colour change. Also used for
configuration |
| N |
InstantAccess |
INSTAN~1.EXE |
From TextBridge Pro 9.0 OCR
scanner software. Available via Start -> Programs |
| U |
InstantDrive |
InstantDrive.exe |
Pinnacle Systems (ex VOB)
InstantDrive - creates a virtual CD-ROM drive on the computer's hard drive.
Part of InstantCD/DVD burning software |
| X |
InstantPleasure |
instantpleasure.exe |
Adult content dialler |
| X |
InstantPleasureXXX |
instantpleasurexxx.exe |
Adult content dialler |
| N |
InstantTray |
PCLETray.exe |
Pinnacle InstantCD/DVD disc creation software. Tray icon
enabling a pop-up menu that lets you call up any of Instant CD/DVD's tools
with one click. Can be started manually |
| X |
instit |
instit.bat |
Added by the OPASERV.H WORM! |
| X |
instit |
INSTIT.BAT |
Added by the OPASERV.K WORM! |
| ? |
InstUtlR.exe |
InstUtlR.exe |
?? |
| X |
intdctrr |
idctup20.exe |
SafeSurfing adware variant |
| X |
Intec Service Drivers |
[path to worm] |
Added by the RBOT-GLU WORM! |
| X |
Intec Service Drivers |
msmsgrs.exe |
Added by the SDBOT-ADN WORM! |
| X |
Intec Services Driverrs |
winrvc.exe |
Added by a
variant of the SDBOT WORM! |
| U |
Intel Active Monitor |
imontray.exe |
System tray monitoring of fans,
temperature, voltage, etc for Intel motherboards. Only needed if you
"overclock" or live in hot environment. Can also cause problems
when running on a laptop if you change PCMCIA cards |
| X |
Intel Driver |
csrs.exe |
Added by a
variant of the SDBOT WORM! |
| U |
Intel File Transfer |
xfr.exe |
Part of Intel's LANDesk
Management Suite 6 and the Common Base Agent (CBA) - used for communicating
between the core server and managed clients |
| U |
Intel PDS |
pds.exe |
Intel Ping Discovery Service
(PDS). Part of Intel's LANDesk Management Suite 6 and the Common Base Agent
(CBA) - used for communicating between the core server and managed clients.
Will start the dial-up if installed and enabled |
| U |
Intel Product Number Utility |
IntelProcNumUtility.exe |
Intel Processor Serial Number Control Utility allows you to
enable and disable the processor serial number capability of an Intel PIII
processor. You can find more information here. System Tray icon providing the
user with a visual state indication. You can find more information here |
| N |
Intel PROSet Tray Icon |
promon.exe |
System Tray icon for Intel PRO
series ethernet adapters giving access to the diagnostic features |
| X |
Intel Service Drivers |
msconfig16.exe |
Added by the MSCONFIG16 TROJAN! |
| X |
Intel system tool |
hookdump.exe |
Added by the SPYRE-H TROJAN! |
| X |
Intel system tool |
svehost.exe |
Added by the AGENT-EBT TROJAN! |
| X |
Intel system tool |
winnook.exe |
Added by the SPYRE-C TROJAN! |
| X |
Intel system works |
iis.exe |
Added by the RBOT.QGA WORM! |
| U |
Intel(R) Common User Interface |
hkcmd.exe |
Part of Intels Common User
Interface for chipsets with integrated graphics controllers - which allows
user to change different driver properties through Windows User Interface. If
the user wishes to have "HotKey" access to Intel's customised graphics
properties, it is required, otherwise not. It can be disabled via the Display
Properties in the Control Panel |
| N |
Intel(R) Common User Interface |
igfxpers.exe |
Part of Intels Common User
Interface for chipsets with integrated graphics controllers - which allows
user to change different driver properties through Windows User Interface.
Not known exactly what it does but apparently it isn't required |
| U |
Intel® Common User Interface |
igfxtray.exe |
Part of Intels Common User
Interface for chipsets with integrated graphics controllers - which allows
user to change different driver properties through Windows User Interface.
Quick access to the control panel via a System Tray icon. Available via Start
-> Settings -> Control Panel |
| X |
intel32.exe |
intel32.exe |
Added by the SmitFraud alias SPYJACK-B TROJAN! |
| U |
IntelAPMClient |
amclient.exe |
LANDesk
Management Suite software component |
| N |
IntelAudioStudio |
IntelAudioStudio.exe |
"Intel Audio Studio combines Intel® High Definition
audio hardware features with Sonic Focus* Audio Refinement and Dolby*
technologies to provide you with a comprehensive tool that puts you in
control of your audio experience". Audio utility supplied with Intel
motherboards |
| X |
InteliSys |
smss.exe |
Advertisingvision adware! Note - this is not the legitimate
smss.exe process which is always located in the System (9x/Me) or System32
(NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This
file is located in the Winnt or Windows folder |
| X |
intell32.exe |
intell32.exe |
Added by the SmitFraud alias Desktophijack.C TROJAN! |
| X |
intell321.exe |
intell321.exe |
Added by the SPYJACK-B TROJAN! |
| X |
Intelliflag_be.exe |
Intelliflag_be.exe |
Added by the Intelliflag SPYWARE! |
| U |
IntelliPoint |
point32.exe |
Microsoft Intellipoint software
for their Intellimouse series of mice - required if you use non-standard
Windows driver features |
| U |
Intellitype |
type32.exe |
For MS programmable keyboards.
If you disable Intellitype in Startup, any "Hot Keys" that are
changed by the user to perform functions other than default settings, defer
back to their default settings unless you have changed them |
| U |
IntelMEM |
IntelMEM.exe |
Related to connection events on
an Intel chipset based modem. It can alert you if the telephone line is being
used when you're trying to get online (when you're using dial-up). It can
also alert you if your modem line is disconnected. Furthermore, it can alert
you if you have made a wrong connection with your modem line |
| U |
IntelProcNumUtility |
cpunumber.exe |
Intel Processor Serial Number Control Utility allows you to
enable and disable the processor serial number capability of an Intel PIII
processor. You can find more information here. System Tray icon providing the
user with a visual state indication. You can find more information here |
| Y |
IntelWireless |
ifrmewrk.exe |
Associated with the Intel
PRO/Set Wireless software |
| U |
IntelZeroConfig |
ZCfgSvc.exe |
Zero Config MFC Application,
part of Intel's ProSET utilities and installed by the drivers for many of
Intel wireless network cards - essential to the proper functioning of many of
the Intel ProSET utilities (but not all) and these System Tray ProSET utilities
are a must if you are using your wireless connection, if only so you know
when the signal is fading or dropping. The problem is that, in some PCs,
ZCFGSVC can be incredibly badly behaved : taking up to 100% of CPU time and
therefore resulting in an extremely slow PC, preventing the installation of
software or Windows updates, or causing "Not Responding" or
"End this Program" shutdown problems. If you experience this, try
first the very latest drivers from Intel or your laptop manufacturer. If that
still does not solve the problem and you have WinXP/2003, try setting the
"Wireless Zero Configuration" service to disabled |
| ? |
Intense Registry Service |
IntEdReg.exe /CHECK |
Intense Educational Ltd -
Language Office Software. Is it required? |
| X |
InterceptedSystem |
[path to worm] |
Added by the ANACON-B WORM! |
| Y |
InterCheck Monitor |
Icmon.exe |
Part of
Sophos ant-virus sofware |
| Y |
InterCheckMonitor |
ICMON.EXE |
Part of
Sophos anti-virus sofware |
| X |
Interdll |
Interdll.exe |
Added by the DELF family of TROJANS! |
| X |
Internal |
[trojan filename] |
Added by the SMOTHER and
TRANSLAT TROJANS! |
| X |
Internal |
regedit.exe /s %windir%c:[month
number] |
Added by the FORTNIGHT.D TROJAN! |
| X |
Internal Memory File |
sysintmemory.exe |
Added by the RBOT-GKT WORM! |
| X |
InternalSystray |
Kazza.exe |
Added by a variant of the OPTIX TROJAN! Note - unlike the
valid KaZaA executable, this is located in C:WindowsSystem (Win9x/Me),
C:WinntSystem32 (WinNT/2K), or C:WindowsSystem32 (WinXP) |
| X |
Internat |
[trojan filename] |
Added by the CMJSPY-Y TROJAN! |
| X |
internat |
internat.exe |
Added by the LYDRA-F TROJAN! Note - the real internat.exe
resides in %windir%system (where %windir% is the Windows directory -
C:Windows or C:Winnt) whereas this version resides in %windir% |
| X |
Internat |
msgsrv32.exe |
Added by the NYRUBOT-A WORM! |
| X |
Internat |
systray.exe |
Added by the ALADINZ.P TROJAN!
Note - this is not the legitimate systray.exe process. If you right-click on
the real systray.exe the "Properties" reveal it to be a Microsoft
file |
| X |
Internat Conf |
bootconf.exe |
Homepage
hijacker, redirecting to coolwwwsearch.com; see for example here |
| N |
internat.exe |
internat.exe |
Microsoft language selection
icon in system tray, located in the System (Win98/Me) or System32
(WinNT/2K/XP) folder |
| X |
Internat.exe |
internat.exe |
Added by the NETSNAKE TROJAN! Note - the real internat.exe
resides in %windir%system (Win98/Me) or %windir%System32 (WinNT/2K/XP) (where
%windir% is the Windows directory - C:Windows or C:Winnt) and has a
"?" icon wheras this version resides in %windir% and has a ZIP icon |
| X |
internct |
WinSocks5.exe |
Added by the GRAYBIRD.F TROJAN! |
| X |
internet |
[trojan filename].exe |
Added by the MIFENG-D TROJAN! |
| X |
Internet |
Internet.exe |
Added
by the PWS-CS TROJAN! |
| X |
Internet |
nteusodp.exe |
Added by the RBOT-GFJ WORM! |
| X |
Internet |
recruit.exe |
Added by the RBOT-AJG WORM! |
| X |
internet |
smss.exe |
Added by the MIFENG-K TROJAN!
Note - this is not the legitimate smss.exe process which should NOT appear in
Msconfig/Startup! |
| X |
Internet |
winlogom.exe |
Added by a
variant of the SDBOT WORM! |
| X |
internet |
winsas32.exe |
Added by a
variant of the SDBOT WORM! |
| U |
Internet Answering Machine |
IAM.exe |
From Callwave - offers a free
utility to monitor your incoming phonecalls if you only have a single
telephone line for internet access |
| U |
Internet Answering Machine |
IAMNET~1.EXE |
From Callwave. It offers a
free utility to monitor your incoming phonecalls if you only have a single
telephone line for internet access |
| U |
Internet Call Manager |
ICM.EXE |
Starts Internet Call
Manager dialog box and/or taskbar icons at bootup. This is a subscription
program from internetcallmanager.com that monitors a dialup phone line for
incoming calls and handles voicemail |
| X |
Internet Config |
svchosts.exe |
Added by the SDBOT TROJAN! |
| X |
Internet Connection Wizard |
[path to trojan] |
Added by the SMUTSRCH-A TROJAN! |
| X |
Internet Connection Wizard |
stisvsq.exe |
EasySearch adware |
| X |
Internet Connection Wizard |
stisvsq1.exe |
Added by the DLOADR-AWD TROJAN! |
| X |
Internet Content Publisher |
ICP.EXE |
Added
by the RBOT-UD WORM! |
| U |
Internet Download Accelerator |
ida.exe |
Internet Download
Accelerator download manager |
| X |
Internet download manager
service |
idman.exe |
Added
by the RBOT-BMS WORM! |
| X |
Internet Exploere Services |
urlmon32.dll.exe |
Added by the EVIAN.C WORM! |
| X |
Internet Explore Microsoft |
lEXPLORE.EXE |
Added by the RBOT-AOF WORM! Note - the filename is spelled
with a lowercase "L" in place of an uppercase "i" |
| X |
Internet Explorer |
http.exe |
Added as part of a new potential
CWS infection, and part of a suite of programs that installs a web server,
php, ftp server, socks, and mail server on your computer without your
knowledge. These files are known to be part of an infection that transmits information
about your bank accounts, passwords, and other financial information. It
should be deleted immediately, you should enable your firewall, and you
should contact your financial services in order to report the issue and to
have your passwords changed |
| X |
Internet Explorer |
iexpiore.exe |
Added by the RBOT-AZC WORM! |
| X |
Internet Explorer |
IEXPLORE.EXE |
Added by the RBOT-EY WORM! Note
- this is not the legitimate Internet Explorer iexplore.exe process which is
always located in the Program FilesInternet Explorer folder and should not
normally figure in Msconfig/Startup! This file is located in the System
(9x/Me) or System32 (NT/2K/XP) folder |
| X |
Internet Explorer |
iexplorer.exe |
Added by the LORSIS WORM! Note - the legitimate IE
(iexplore.exe) does not figure in Msconfig/Startup unless added manually and
this loads from the "RunServices" key |
| X |
Internet Explorer |
IExplorer.exe |
Added by the NETHIEF-O TROJAN! |
| X |
Internet Explorer Configuration |
IEXPLORE.EXE |
Added by the SDBOT-UL WORM! Note
- this is not the legitimate Internet Explorer (iexplore.exe) process, which
is always located in the Program FilesInternet Explorer folder and should not
normally figure in Msconfig/Startup unless you add it manually! This file is
located in the System (9x/Me) or System32 (NT/2K/XP) folder |
| X |
Internet Explorer Security |
iexplore.pif |
Added by the RBOT-ALQ WORM! |
| X |
Internet Explorer Updater |
iexplorer.exe |
Added by the REUR.B WORM! Note - this is not the legitimate
Internet Explorer (iexplore.exe) |
| X |
Internet Explorer Updater |
lexbac.exe |
Added by the DOWNLOAD TROJAN! |
| U |
Internet History Eraser |
HERASER.exe |
Internet
History Eraser - deletes your browsing tracks |
| X |
Internet Loader1 |
MSInstall61.exe |
Added by the KWBOT.B WORM! |
| X |
Internet Mail and News |
[path to trojan] |
Added by the SMUTSRCH-A TROJAN! |
| X |
Internet Mail and News |
msqdevl.exe |
EasySearch adware |
| X |
Internet Mail and News |
msqdevl1.exe |
Added by the DLOADR-AWD TROJAN! |
| U |
Internet Optimizer |
optimize.exe |
Internet connection optimizer.
Leave this enabled if you find it improves your connection |
| X |
Internet Optimizer |
optimize.exe |
Internet Optimizer parasite, MoneyTree variant - ActiveX
control used to download premium-rate dialers |
| X |
Internet Security Service |
msq32.exe |
Added by the RBOT-GFP WORM! |
| X |
Internet Send |
More log.exe |
Unidentfied adware |
| X |
Internet Server |
inetsrv.exe |
Added by the STARTPA-EM TROJAN! |
| X |
Internet Service |
intersvc.exe |
Added by the SPYBOT-DE WORM! |
| X |
internet service |
ssvhost.exe |
Added by a variant of the RBOT WORM! |
| X |
internet service |
svho0st98.exe |
Added by the RBOT.EAT WORM! |
| X |
internet service |
syscfg32.exe |
Added
by the RBOT-QS WORM! |
| X |
Internet Services |
internet.exe |
Added by the MYTOB.BT WORM! |
| X |
Internet Services |
interserv.exe |
Added by the RBOT.BNT WORM! |
| X |
Internet Services |
Netsvc.exe |
Added by the MYTOB.MN WORM! |
| X |
Internet Services |
systemdev.exe |
Added by the SDBOT-PW WORM! |
| X |
INTERNET SERVISES |
winz32.exe |
Added by the KWBOT.Z WORM! |
| Y |
Internet Sharing Server |
iss_srvr.exe |
Intel
AnyPoint internet sharing software. Now discontinued |
| X |
Internet Suspention |
story.exe |
Added by the WOOTBOT.HV WORM! |
| N |
Internet Sweeper |
Sweeper.exe |
Internet Sweeper - removes unnecessart left over files after
browsing the internet |
| U |
Internet Timer |
ITIMER.exe |
Shareware dial-up
connection call cost calculator from Ratsoft |
| X |
Internet Washer Pro |
iw.exe |
Internet Washer manages
temporary browser files, cookies, etc - a 'trial' Internet Washer Pro seems
to have been widely stealth-installed around March 2003 |
| X |
Internet.exe |
Internet.exe |
Added by the MAGICCALL VIRUS! |
| X |
internet.exe |
yinyin3345.vbs |
Added by the YINI MACRO! |
| X |
INTERNET_SERVISES |
winz32.exe |
Added by the SDBOT.Q TROJAN! |
| X |
Internet2 Optimizer |
wkfix.exe |
Added by a variant of the RBOT WORM! |
| X |
InternetExplorer2 |
windows.exe |
Added by the SDBOT-CZP WORM! |
| U |
InternetSpy |
InternetSpy.exe |
Internet Spy -
freeware keylogger that tracks all visited websites including the date and
exact time these sites were visited. The information is stored in a file that
may be accessed by the person who knows where it is saved. Remove unless you
installed it yourself! |
| X |
InternetWasherPro |
iw.exe |
Internet Washer manages
temporary browser files, cookies, etc - a 'trial' Internet Washer Pro seems
to have been widely stealth-installed around March 2003 |
| U |
InternodeUsage |
mum.exe |
Australian ISP's free monthly
download meter |
| X |
Internt |
Internt.exe |
Added by the PEEPER or CARUFAX.A
TROJANS! |
| X |
Intersoft Msngr |
intersoftmsngr.exe |
Added by the AGOBOT-NW WORM! |
| N |
InterTrust Quick Start |
it_cpq~1.exe |
InterTrust offers
something known as Digital Rights Management to control legal software
download and other E-commerce related business |
| X |
InterU |
WINDRV.EXE |
Added by the IRCINTER.A TROJAN! |
| N |
Intervideo Win Cinema Manager |
WINCIN~1.EXE |
WinCinema Manager is needed when using the WinDVD Remote
Control for WinDVD from Intervideo. Available via Start -> Programs |
| N |
Intervideo Win Cinema Manager |
WinCinemaMgr.exe |
WinCinema Manager is needed when using the WinDVD Remote
Control for WinDVD from Intervideo. Available via Start -> Programs |
| N |
Intervideo WinCinema Manager |
WINCIN~1.EXE |
WinCinema Manager is needed when using the WinDVD Remote
Control for WinDVD from Intervideo. Available via Start -> Programs |
| N |
Intervideo WinCinema Manager |
WinCinemaMgr.exe |
WinCinema Manager is needed when using the WinDVD Remote
Control for WinDVD from Intervideo. Available via Start -> Programs |
| N |
Intervideo WinScheduler |
SchSvr.exe |
WinScheduler is installed
with WinDVD Remote Control for WinDVD from Intervideo. If you want to
schedule recordings from your TV tuner card, you will need it. Available via
Start -> Programs |
| N |
Intervideo WinScheduler |
WinScheduler.exe |
WinScheduler is installed
with WinDVD Remote Control for WinDVD from Intervideo. If you want to
schedule recordings from your TV tuner card, you will need it. Available via
Start -> Programs |
| U |
InterWARN |
interwarn.exe |
InterWARN by
Storm Alert Inc. Provides customized, automated access to critical weather
and civil emergency information from the US National Weather Service.
Required if audio and screen crawler alerts are desired. Also available via
Start -> Programs |
| X |
Intespention |
IEXPLORE.exe |
Added by the FORBOT-FL WORM!
Note - this is not the legitimate Internet Explorer iexplore.exe process
which is always located in the Program FilesInternet Explorer folder and
should not normally figure in Msconfig/Startup! This file is located in the
System (9x/Me) or System32 (NT/2K/XP) folder |
| X |
Intmgr |
Intmgr.exe |
Added by the GEMA TROJAN! |
| X |
Intranet |
intranet.exe |
Added by the CHIMOZ.AC TROJAN! |
| X |
intranet |
SYS32CFG.EXE |
Added by the SPYBOT-DW WORM! |
| X |
Intrenat |
Intrenat.exe |
Added by the LEMIR.E TROJAN! |
| N |
Introducing Media Manager |
SPLASHA.EXE |
MS Media Manager tour. Not required |
| N |
Introduction-Registration |
?? |
For Compaq PC's. Should only run
first time, PC Introduction & Compaq registration |
| X |
IntruderAlert |
ia99.exe |
Intruder Alert '99 from Bonzi - spyware |
| X |
IntSys1 |
[path to trojan] |
Added by the BANLOA-ASE TROJAN! |
| U |
Inventory Scan |
LDISCN32.EXE |
LANDesk
Management_Suite software component |
| X |
Ioadqm |
Media Player.exe |
Added by the HAWAWI WORM! |
| N |
iobi |
iobiClient.exe |
iobi Home - a
mail/voice service by Verizon |
| U |
Iolo Task Agent |
Task_Agent.exe |
Iolo System Mechanic
Task Agent. Scheduled maintenance |
| N |
iolo Utility Bar |
SMUtilityBar.exe |
Iolo System Mechanic Utility Bar - can be launched manually |
| U |
ioloDelayModule |
delay.exe |
Part of Iolo System
Mechanic. Used to delay the start of an application which loads automatically
as Windows loads |
| U |
Iomega Automatic Backup |
ibackup.exe |
Iomega
Automatic Backup - automatic backups for use with Iomega portable HDD |
| U |
Iomega Automatic Backup 1.0.1 |
ibackup.exe |
Iomega
Automatic Backup - automatic backups for use with Iomega portable HDD |
| N |
Iomega Backup Scheduler |
dtiom98.exe |
Used by Iomega drives. Details of its purpose can be found
here. Available via Start -> Programs |
| U |
Iomega Disk Icons |
IMGICON.EXE |
Displays Iomega icons in
Explorer/My Computer, ejects Zip disks on shutdown and displays a special
delete confirmation box when deleting files on an Iomega drive. Available via
Start -> Programs. If you disable it remember to eject disks first before powering
the drive down - hence the "U" recommendation. Note - FreeCell may
not run with ImgIcon running |
| U |
Iomega Drive Icons |
IMGICON.EXE |
Displays Iomega icons in
Explorer/My Computer, ejects Zip disks on shutdown and displays a special
delete confirmation box when deleting files on an Iomega drive. Available via
Start -> Programs. If you disable it remember to eject disks first before powering
the drive down - hence the "U" recommendation. Note - FreeCell may
not run with ImgIcon running |
| U |
Iomega ImIconXP |
imiconxp.exe |
Iomega REV System Software - allows your Iomega REV drive to
interact with the operating system via the Iomega REV UDF file system, and
provides drag-and-drop file access, access and write protection, and
formatting of the disks |
| ? |
Iomega QuickSync |
Quicksync.exe |
?? |
| N |
Iomega Startup Options |
IMGSTART.EXE |
Used by Iomega drives. Details of its purpose can be found
here. Available via Start -> Programs |
| N |
Iomega Watch |
IOWATCH.EXE |
Used by Iomega drives. Available
via Start -> Programs |
| N |
IomegaWare |
COMMANDER.EXE |
Used by Iomega drives. Details of its purpose can be found
here. Available via Start -> Programs |
| U |
Iomon98.exe |
Iomon98.exe |
PC-Cillin 98 real time virus
check. Can cause floppy disk accesses to hang |
| X |
IP Stack |
ipstack.exe |
Added by the AGOBOT.CW WORM! |
| X |
IP**.exe [* = random char] |
IP**.exe [* = random char] |
CoolWebSearch/HomeSearch adware
- for examples, see this log |
| X |
IP**32.exe [* = random char] |
IP**32.exe [* = random char] |
CoolWebSearch/HomeSearch adware
- for examples, see this log |
| N |
iPalm |
mon.exe |
Installed
with a Panasonic iPalm digital camera. Used to upload photos from the camera.
If your camera is not connected (via USB port) you do not need this program
loaded |
| X |
IPC Connection |
ipcconn.exe |
Added by the RBOT-AEG WORM! |
| X |
IPC Spool Manager |
winspec.exe |
Added by the SDBOT-BLU WORM! |
| X |
IPC Spool Manager |
wnmgre.exe |
Added
by the SDBOT-ZC WORM! |
| X |
ipcfg.exe |
ipcfg.exe |
Adware
- recognized by McAfee antivirus as a variant of the AdClicker-BM trojan |
| X |
IPConfig |
svcxnv32.exe |
Added by the HACARMY.E TROJAN! |
| X |
IPConfig |
svcxnw32.exe |
Added by a variant of the HACARMY.E TROJAN! |
| X |
IpCtrl |
ipcon32.exe |
Added by an unidentified VIRUS,
WORM or TROJAN! |
| X |
IPFW |
ipwf.exe |
Added by the DLOADER-YF TROJAN! |
| ? |
IPHSend |
IPHSend.exe |
AOL related. What
does it do and is it required? |
| X |
IPInSightLAN 0* |
ipclient.exe |
Installed with
Verizon DSL accounts. IP Insight is a Quality of Service monitor and
diagnostic tool that isn't required - see here for more information. This one
constantly "phones home" and wastes resources. * represents 1 or 2 |
| N |
IPInSightMonitor 0* |
ipmon32.exe |
Installed with
Verizon DSL accounts. IP Insight is a Quality of Service monitor and
diagnostic tool that isn't required - see here for more information. *
represents 1 or 2 |
| Y |
IPinst |
N/A |
For Gilat Communications
internet satellite systems. Gilat rescue (Satellite system restore). Required
if you have this system. Can cause a BSOD (blue screen of death) if left out |
| ? |
iPlusAgent2 |
iAgent2.exe |
Related to iriver portable media products. What does it do
and is it required? |
| X |
ipmon.exe |
ipmon.exe |
Added by the RECERV or R3C.B
TROJANS! |
| X |
IpNetwork |
ipnetwork.exe |
Maxifiles adware |
| X |
Ipnuker |
Ipnuker.vbs |
Added by the INKER.B WORM! |
| X |
iPOD USB Driver |
IPODUSB.EXE |
Added by a variant of the RBOT WORM! |
| X |
iPod USB Service |
iPODService.exe |
Added by a variant of the RBOT WORM! Do NOT confuse with the
Apple iPod process of the same name. The legitimate iPod file will always be
located in the Program FilesiPodbin folder, and is implemented as a system
service, thus NOT listed in Msconfig/Startup! |
| U |
iPodManager |
iPodManager.exe |
Apple iPod Management software
for the iPod MP3 player. Allows updating, formating, restoring and other
functions associated with iPods |
| ? |
iPodWatcher |
iPodWatcher.exe |
Associated with Apple's iPod MP3
player. Detects when the iPod is connected? |
| X |
IPOT Service Drivers |
compaq.exe |
Added by a variant of the FUROOTKIT TROJAN! |
| X |
IPOT Service Drivers |
compaq.exe |
Added by a variant of the FUROOTKIT TROJAN! |
| X |
IPOT USB Service DRIVER |
hpsebc087.exe |
Added
by the SDBOT-WA WORM! |
| X |
IPOT USB Service DRV32 |
hpsebc08.exe |
Added by the SDBOT-WH WORM! |
| N |
IPPDetect |
IPP4Detect.exe |
Part of Presto! Mr.Photo -
"an ideal program for creating, sharing, and manag-ing digital images
and videos" |
| X |
ipreg |
ipreg.exe |
Added by the ZAGABAN-H TROJAN! |
| N |
iPrint Tray |
iprntctl.exe |
Novell® iPrint - based on Novell Distributed Print Services -
enables you to send documents to printers located throughout the Net |
| U |
iProtectYou |
ip.exe |
iProtectYou -
internet filtering/parental control and network monitoring software |
| X |
iprun |
iPY.exe |
iProtectYou spyware |
| U |
ipsecdialer |
IPSECD~1.EXE |
Cisco
VPN Client - lets local users gain Administrator privileges on the operating
system |
| U |
ipsecdialer |
ipsecdialer.exe |
Cisco
VPN Client - lets local users gain Administrator privileges on the operating
system |
| Y |
IPSecMon |
IPSecMon.exe |
Microsoft L2TP/IPSec VPN Client for Win98/Me/NT. Secure
technology for making remote access virtual private network (VPN) connections
across public networks such as the Internet |
| X |
IPTable Configuration |
Winipcfgs.exe |
Added by a variant of the RBOT WORM! |
| N |
iptray |
iptray.exe |
System
Tray access to Intel Desktop Utilities - "provides you with the means to
monitor system temperatures, voltages, fan speeds, and hard drive health;
view detailed system information, and test your system hardware for common
errors" |
| X |
IPv6 Helper Driver |
csass.exe |
Added by the AGOBOT.TC WORM! |
| X |
IPv6 STUN Service |
netstun.exe |
Added by a variant of the SDBOT WORM! |
| N |
IPW |
IPW.exe |
Internet Phone
Wizard from Actiontec - Voice over IP (VoIP) that allows you to "make
and receive free Internet calls on your regular phone" whilst "at
the same time, make and receive regular (landline) calls on your phone" |
| X |
ipwf |
ipwf.exe |
Added by the SCHOEBERL TROJAN! |
| X |
IpWins |
ipwins.exe |
Added by Maxfiles adware |
| X |
ipxwshel |
ipxwshel.exe |
Added
by the WAREZOV.DG WORM! |
| ? |
IQES.exe |
iqes.exe |
?? |
| X |
ir_ftp |
ir_ftp.exe |
Added by the IRFTP TROJAN! |
| X |
ir_ftp |
irwftp.exe |
Added by the BANCOS.H TROJAN! |
| U |
Ir41_32.ax |
regsvr32.exe [path] Ir41_32.ax |
Intel® Indeo® video 4.4
Decompression Filter related |
| X |
irassync |
irasyncd.exe |
IRASSync adware |
| X |
irc session |
sessionmgr.exe |
Added by the SDBOT-ACE WORM! |
| Y |
IREIKE |
IreIKE.exe |
Microsoft L2TP/IPSec VPN Client for Win98/Me/NT. Secure
technology for making remote access virtual private network (VPN) connections
across public networks such as the Internet |
| N |
iRis Active Monitor |
winmon32.exe |
Iris Antivirus - discontinued,
replace with good alternative |
| N |
iRiS AntiVirus Active Monitor |
WIMMUN32.exe |
Iris Antivirus - discontinued,
replace with good alternative |
| U |
iRiver AutoDB |
MLService.exe |
Associated with the iRiver Music Manager |
| N |
iRiver Updater |
Updater.exe |
Updates for the iRiver Music Manager - used with their
digital music players |
| U |
IrMon |
IRMON.EXE |
System Tray access to infra-red
devices. Not required unless you use infra-red devices |
| ? |
IRPMonitor |
itcnmon.exe |
?? |
| X |
irssyncd |
irssyncd.exe |
SafeSurfing adware variant |
| X |
Irwftp |
[path to trojan] |
Added by the BANCOS-AP TROJAN! |
| X |
irwftp |
ftpmon.exe |
Added by the BANCBAN-BO TROJAN! |
| X |
irwftp |
iexplorer.exe |
Added by the BANKER-AN TROJAN! |
| U |
IrXfer |
IrXfer.exe |
Microsoft Infrared Transfer
application |
| N |
IS CfgWiz |
cfgwiz.exe |
Norton Internet Security
configuration wizard |
| X |
Isass |
Isass.exe |
Added by the FUTRO TROJAN! |
| U |
ISBMgr.exe |
ISBMgr.exe |
Related to Sony ISB Utility.
This program is non-essential process to the running of the system, but
should not be terminated unless suspected to be causing problems |
| X |
iscch |
iscch.exe |
Added by the LCPRANK-A WORM! |
| N |
isdbdc |
isdbdc.exe |
For Compaq PC's. May install
properties in dial-up networking when you register with an ISP |
| U |
isDeleteMe |
isDel.bat |
Used by Norton Internet Security
to remove certain files and directories on reboot when uninstalling their
product |
| N |
ISDN Monitor |
Linksts.exe |
Tray icon which gets installed
when you install the drivers for Asuscom internal ISDN modem cards (or
rebadged Asuscom ISDN cards, such as MRi). This icon enables you to monitor
or configure your ISDN card. Once you have configured your ISDN card correctly,
you will never need to use this icon |
| U |
ISDNwatch |
IWatch.exe |
FRITZ!X ISDNWatch - "dialing filter for more security
and control on the ISDN PC. The PC is doubly protected against dialer
programs and premium-service numbers: ISDNWatch allows the user to block
calls to and from both individual numbers and whole number blocks" |
| U |
ISHelp |
help.exe |
ISpy
is a security risk that logs keystrokes and captures screenshots. If you
didn't install this yourself uninstall it |
| U |
iShield |
iShield.exe |
"GuardWare
iShield blocks pornographic images when you surf the Internet on your
computer using a web browser" |
| Y |
ISLP2STA |
ISLP2STA.EXE |
A process from Cisco Systems Inc
associated with Windows Update for wireless NIC drivers |
| Y |
ISP.COM High Speed |
slipgui.exe |
User interface for Slipstream - internet acceleration through
compression/decompression techniques, intelligent cacheing on the server
side, and real-time conversion of large/high-bandwidth images to less bulky
pix. Used by popular ISPs such as IceNet, Wanadoo, Terra, OnSpeed, United
Online and AOL Canada. Required if the user's account is locked in to that
proxy server |
| X |
ISPSERVICE |
psycho.exe |
Added by the IRCFLOOD-O TROJAN! |
| U |
iSpyNOW |
ispynow.exe |
iSpyNOW - remote monitoring and surveillance software |
| X |
Israfel |
Israfel.vbs |
Added by the GAGGLE.D or
GAGGLE.E WORMS! |
| N |
IsReminder |
ISPopup.exe |
Related
to GuardWare iShield - this is the registration reminder for the trial
version, so not required in startup |
| Y |
ISS_Certtool |
certtool.exe |
IBM Client Security Certification Tool |
| X |
issEnc32Svr |
issEnc32.exe |
Added by a variant of the RBOT WORM! |
| N |
ISSI EZUpdate Service |
issimsvc.exe |
Part of IBM Global Services -
used internally by IBM for automatic updating of software and Microsoft
patching |
| U |
ISStart |
ISStart.exe |
LogitechGalleryRepair/LogitechVideoRepair
- part of Logitech Image Studio - installed with Logitech QuickCam cameras.
Required from version 8.11 onwards if you use the software to take pictures
and capture videos, not if you don't. Also not required for versions up to
and including 7.30 and after version 8.30 - hence the "U" rather
than "Y" recommendation |
| Y |
ISSVC |
ISSVC.exe |
Part of Norton Internet Security
Suite |
| X |
IST Service |
istsvc.exe |
ISTBar adware |
| X |
ist service uninstall |
[random filename] |
ISTBar
parasite related |
| X |
istinstall zazzer.exe |
istinstall zazzer.exe |
Unidentified adware
downloader/installer |
| N |
ISUSPM Startup |
ISUSPM.exe |
InstallShield Update Service
Scheduler. Automatically searches for and performs any updates to the
software so you're always working with the most current version |
| N |
ISUSScheduler |
issch.exe |
InstallShield Update Service
Scheduler. Automatically searches for and performs any updates to the
software so you're always working with the most current version |
| X |
isxa |
isxa.exe |
Added by the SMALL-EIV TROJAN! |
| X |
isystem |
isystem.exe |
Added by the CHORUS-A TROJAN! Searchforfree browser hijacker |
| X |
ItalU |
italfds.exe |
Added by a TROJAN! See here TROJAN! |
| U |
Itk |
Itk.exe |
In The Know -
surveillance software that creates records of everything people do on a
computer, ie, spying or monitoring depending upon how you call it |
| U |
itk.exe |
itk.exe |
Insert ToggleKey by
Mike Lin. ITK sounds a tone whenever you press Insert |
| U |
iTouch |
iTouch.exe |
iTouch loads the iTouch
configuration program for Logitech keyboards. It's needed if your keyboard
has shortcut buttons and if you use them. It's also needed if your keyboard
does not have the num lock, caps lock, and scroll lock lights on it and you
use the on-screen displays for num lock, caps lock, and scroll lock |
| N |
ItsDeductiblePopUp |
ItsDeductible.exe |
ItsDeductible from
Income Dynamics. Calculates your noncash donations quickly and easily. This
startup entry checks a registry entry for the next 'PopUp' date and if it is
a past or current date displays a program related tip |
| X |
Itunes |
dials.exe |
Detected as
Trojan-Dropper.Win32.Agent.mm by Kaspersky Anti-Virus |
| X |
ITUNES |
itune.exe |
Added
by the RBOT-ZU WORM! |
| X |
ITUNES |
itunes.exe |
Added by the OSCABOT-L WORM! Note - this file will be placed
in the WindowsSystem32 or WinntSystem32 folder, and should not be confused
with the (legitimate) Apple iTunes process, always located in the Program
FilesiTunes folder |
| Y |
iTunes Helper |
iTunesHelper.exe |
Installed with Apple's iTunes
for Windows. Uses ~3-4MB of memory and if disabled in MSCONFIG or deleted
from the registry it will re-instate itself after running iTunes a few times
- hence the reluctant Y recommendation |
| X |
iTunes Music |
iTunesHelper32.exe |
Added by a
variant of the SDBOT WORM! |
| X |
iTunesAgent |
ita.exe |
Added by the TACTSLAY.U TROJAN! |
| X |
itunesff |
itunesff.exe |
Added by the EB adult premium dialer |
| Y |
iTunesHelper |
iTunesHelper.exe |
Installed with Apple's iTunes
for Windows. Uses ~3-4MB of memory and if disabled in MSCONFIG or deleted
from the registry it will re-instate itself after running iTunes a few times
- hence the reluctant Y recommendation |
| ? |
itype |
itype.exe |
Microsoft IntelliType Pro keyboard related - what does it do
and is it required? |
| N |
Iusage |
netdet.exe |
Internet
Usage Monitor - utility to calculate the cost and time on the internet via
dial-up |
| X |
iut75 |
uzcx.exe |
Added by the DLOADER-AXV TROJAN! |
| N |
IVPServiceMgr |
ivpsvmgr.exe |
Toshiba IVP Service Manager
application which appears as a red satellite dish icon in the System Tray.
This is Toshiba's equivalent to the Windows Automatic Update feature as,
whenever you are connected to the Internet, it will check for Windows updates
and Toshiba updates |
| X |
ivy.exe |
ivy.exe |
Added by the AGENT-ENZ TROJAN! |
| N |
IW ControlCenter |
iwctrl.exe |
Pinnacle Systems
InstantWrite enables you to use your CD-R, CD-RW and DVD-RAM drive just like
a hard disk or floppy disk. You can drag and drop files, create new
directories right on your CD-R, CD-RW or DVD-RAM. Maybe required if you use
this feature on a regular basis |
| U |
iwctrl |
iwctrl.exe |
Pinnacle Systems
InstantWrite enables you to use your CD-R, CD-RW and DVD-RAM drive just like
a hard disk or floppy disk. You can drag and drop files, create new
directories right on your CD-R, CD-RW or DVD-RAM. Maybe required if you use
this feature on a regular basis |
| X |
I-Worm.GiGu |
uGiG.eXe |
Added by the GINK WORM! |
| X |
ixplore |
ixplore.exe |
Added by the SDBOT-CY TROJAN! |
| X |
ixproxy |
[path to trojan] |
Added by the XORPIX-A TROJAN! |
| X |
iyelejiv |
yujixit.exe |
Added by the SDBOT.BJK WORM! |
| ? |
IZE |
N/A |
?? |
| N |
j2 Tray Menu |
HotTray.exe |
eFax
Messenger Tray Menu system tray icon for eFax Messenger Plus. Available via
Start -> Programs. Disabling instructions available here |
| X |
JA Cfg Util v2 |
jacfg2.exe |
Added
by the RBOT-AL WORM! |
| X |
JA Config 32 |
Awesome32.exe |
Added by a
variant of the SDBOT WORM! |
| U |
Jammer |
jammer.exe |
Jammer by Agnitum - "Jammer
is the last word in Internet security. It combines a user-friendly interface
with very sophisticated and powerful security measures that protect your
Windows system while you are surfing the web" |
| X |
Jammer2nd |
Jammer2nd.exe |
Added by the NETSKY.Z WORM! |
| X |
Java applet |
javaup.exe |
Added by the SDBOT-ACF WORM! |
| X |
Java Auto Update |
ujm.exe |
Added by the SDBOT-ADH WORM! |
| X |
Java Runtime Environment |
jbuild.exe |
Added by the DELBOT-J WORM! |
| X |
Java Runtime Value |
runjava.exe |
Added by the RBOT-DDJ WORM! |
| X |
Java Runtimes |
iexplore.exe |
Added by the KILLAV.B WORM! Note
- this is not the legitimate Internet Explorer iexplore.exe process which is
always located in the Program FilesInternet Explorer folder and should not
normally figure in Msconfig/Startup! This file is located in a WinntJavaJava
folder |
| X |
Java Virtual Machine |
javaw.exe |
Added by a variant of the RBOT WORM! |
| X |
Java**.exe [* = random char] |
Java**.exe [* = random char] |
CoolWebSearch/HomeSearch adware
- for examples, see this log |
| X |
Java**32.exe [* = random char] |
Java**32.exe [* = random char] |
CoolWebSearch/HomeSearch adware
- for examples, see this log |
| X |
java-plugin |
javasctp.exe |
Added by the VB.AMX TROJAN! |
| X |
Javascript |
jscript.exe |
Added by the DELBOT-AD WORM! |
| X |
JavaScript Debugging Service |
JsDbgMan.exe |
Added by the DERDEO.E WORM! |
| X |
JavaUpdate0.07 |
[filename] |
Added by the JUPDATE TROJAN! |
| X |
JavaUpdateSched |
jusched32.exe |
Added by the CKB TROJAN! |
| X |
JavaVM |
java.exe |
Added by the MYDOOM.M or
MYDOOM.N or other variants of the MYDOOM WORMS! Note - not to be confused
with the valid Windows "java.exe" which resides in C:WindowsSystem
(Win9x/Me), C:WinntSystem32 (WinNT/2K) or C:WindowsSystem32 (WinXP) as this
resides in C:Windows or C:Winnt |
| X |
jawa32 |
jawa32.exe |
Added by the AGENT.BG WORM! |
| X |
Jawa322 |
jawa32.exe |
Added by a variant of the AGENT.BG trojan |
| N |
JB |
Jiffybar.exe |
"Get Paid As You surf"
application |
| N |
Jet Detection |
ADGJDet.exe |
Added with SoundBlaster Live! or
Audigy soundcards for headphone autodetection |
| Y |
JetAdmin Discovery Indicator |
HPJETDSC.EXE |
HP JetAdmin software for HP
JetDirect Print Servers. HPJETDSC.EXE is the file necessary for the JetAdmin
Discovery Indicator (paper airplane in the taskbar). It gets launched
automatically through the registry, and remains active to control the
Discovery Indicator |
| X |
jete |
yujixit.exe |
Added by the SDBOT.BRT WORM! |
| X |
jiahus |
svchqs.exe |
Added by the WOWPWS-AL TROJAN! |
| X |
jijbl |
ezlwy.bat |
Added by the REDDW WORM! |
| U |
JMB36X Configure |
JMRaidTool.exe |
JMB36x
series Raid configuration utility from JMicron Technology |
| U |
JobHisInit |
JobHisInit.exe |
Used by Ricoh network printers
to enable network printing from the client |
| U |
Job-oversigt |
taskmon.exe |
Task Monitor (on Danish language
versions of Windows) - checks the disk-access patterns of programs when they
are started and stores this information in log files in the Applog folder.
Task Monitor also records the number of times you use a program. Task Monitor
also records the number of times you use a program. The Disk Defragmenter
tool uses this information to optimize your hard disk so that programs that
you use frequently are loaded faster. Not required - but can be useful. Note:
for Norton Anti-Virus 2002 users, loading TaskMonitor will typically solve
many, if not most, of those annoying IE scripting errors (per Symantec's
Knowledgebase) |
| U |
Jog Serve |
JogServ2.exe |
"Jog Dial" on a Sony
Vaio laptop. The dial can select various functions such as control
audio. Needed if you use its features |
| U |
JogServ2 |
JogServ2.exe |
"Jog Dial" on a Sony
Vaio laptop. The dial can select various functions such as control
audio. Needed if you use its features |
| X |
john315 |
srrvc.exe |
Added by an unidentified WORM or
TROJAN! |
| X |
jon315 |
[path to trojan] |
Added by the MAILBOT-BI TROJAN! |
| ? |
jotl |
millenzje.exe |
?? |
| U |
JOYTECH USB Neo S Controller |
JoytechNeoSTrayIcon.exe |
System Tray access to Joytech Neo S PC gamepad controller
software |
| X |
Jreg |
Jreg2b.exe |
BroadcastPC adware variant |
| X |
Jufualt |
svhost.exe |
Added by the SDBOT-ADJ WORM! |
| X |
Jufualt |
winxp2.exe |
Added by the SDBOT-AAB WORM! |
| N |
Juno_uoltray |
exec.exe |
Juno ISP software - not required |
| X |
jusched |
[path to trojan] |
Added by the BANKER-BWR TROJAN! |
| N |
jusched |
jusched.exe |
Checks with Sun's Java updates site to see if newer Java
versions are available. Visit http://java.sun.com or just run the Java
Plug-In Control Panel |
| X |
jushed32.exe |
jushed32.exe |
CoolWebSearch parasite variant -
also detected as the BIZTEN-L TROJAN! |
| X |
jusodl |
severe.exe |
Added by the QQPASS.48436 TROJAN! |
| U |
JussDropUtility |
JussDrop.exe |
Related to DropShots Inc. A
subscription based service for family to connect, converse and share photos
and videos |
| X |
jutsu |
jutsu.exe |
Added
by the RBOT-LS WORM! |
| U |
jv16 PT TempFileTool |
TempTool.exe |
jv16
PowerTools File Cleaner - "allows you to find obsolete and left-over
temporary files" |
| U |
jv16PT - Privacy Protector |
Task.jvb |
jv16
PowerTools Privacy Protector - "allows you to protect your privacy by
automatically clearing out all the unwanted history items and cookies from
you computer, every time you start your computer" |
| U |
Jv16pt Network Resident |
jv16pt_network.exe |
jv16
PowerTools network resident program. Only needed if you are using the
program's network features |
| X |
jvdnlssn |
fljzsshc.exe |
Flingstone.com adware - and its
Golden Palace Casino program |
| X |
JVM0 |
JVM0.exe |
Added by the BANLOA-AX TROJAN! |
| X |
JVM0.12 |
[random filename] |
Added by the TEADOOR-A TROJAN! |
| X |
JVM0.14 |
[random filename] |
Added by the TEADOOR-B TROJAN! |
| X |
JW Manager |
jwmngr.exe |
Added by the DELBOT-G WORM! |
| X |
jxef1104 |
jxef1104.exe |
Added
by the XIPI-A WORM! |
| X |
JXL Radio |
jxl.exe |
Added by the RBOT-EBE WORM! |
| ? |
Jzi16 |
jzi16.exe |
?? |
| X |
K2ps_full.task |
K2ps_full.exe |
Added by the JUNTADOR.K TROJAN! |
| N |
K6CPU.EXE |
K6CPU.EXE |
Authenticates CPU as K6 in
system properties |
| X |
Kadoc |
[random filename].exe |
Added by the STAPREW TROJAN! |
| X |
kak |
kak.hta |
Added by the KAKWORM WORM! |
| U |
Kalibump |
Kalibump.exe |
Used with the now unsupported Kali software for on-line
gaming. This is used to automatically bump up the priority of WinProxy to
GREATLY improve game speed when using a SOCKS proxy |
| X |
kalvsys |
kalv****.exe [* = random char] |
EliteBar adware |
| X |
kalvsys |
kalv***32.exe [* = random char] |
EliteBar adware |
| N |
Kana Reminder |
Reminder.exe |
Kana Reminder
is a program which can be used to set a reminder to be triggered at a
specified time |
| U |
Karen's Once-A-Day II |
PTOAD.exe |
"Have
a job that should be run exactly once each day? Karen's Once-A-Day II is just
what you need!" Scheduler that lets you specify progams, web pages and
files that be run or opened automatically, the first time |
| U |
KASP |
OESpamTest.exe |
Kaspersky
Anti-Spam |
| X |
Kasper Antivirus |
KASPERANTIVIRUS.EXE |
Added by a variant of the SPYBOT WORM! |
| Y |
Kaspersky Anti-Hacker |
KAVPF.exe |
Kaspersky Anti-Hacker firewall |
| X |
Kaspersky Antivirus |
KasperskyAV.exe |
Added by a variant of the RBOT WORM! |
| X |
KasperskyAv |
kaspersky.exe |
Added by the MIMAIL.T WORM! Note - this has nothing to do
with the real Kaspersky AntiVirus |
| X |
KasperskyAVEng |
Kasperskyaveng.exe |
Added by the NETSKY.V WORM! |
| X |
KAT |
KAT.vbs |
Added
by the SOAD-D WORM! |
| Y |
kav |
avp.exe |
AOL's Active Virus Shield |
| X |
KAVFOX |
win1ogoin.exe |
Added by GWGHOST-M TROJAN! |
| X |
KAVPersonal |
svchost.exe |
Added by the LINEAGE-V TROJAN!
Note - this is not the legitimate svchost.exe process which is always located
in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is located in the Winnt or Windows
folder |
| Y |
KAVPersonal50 |
Kav.exe |
Kaspersky Anti-Virus
Personal 5.0 |
| X |
KAVPersonal90 |
wscntfy.exe |
Added by the BANKER-FZ TROJAN! |
| Y |
KavPFW |
KavPFW.exe |
KingSoft Personal Firewall |
| X |
KavRuns |
Windll.exe |
Added by the TRYNOMA TROJAN! |
| Y |
KavStart |
KAVStart.exe |
KingSoft Personal Firewall |
| X |
KavSvc |
******.exe reg_run [* = random
char] |
Added by the QOOLOGIC TROJAN! |
| X |
kavsvc |
[random 6 char filename] |
Qoologic downloader trojan variant using random file names
(examples: nzkklz.exe, rzazzi.exe, ivpaan.exe) - do not confuse with the
Kaspersky antivirus startup item, as described here |
| X |
kavsvc |
[random 6 char filename] |
Added by the QOOLOGIC TROJAN! Uses random file names
(examples: nzkklz.exe, rzazzi.exe, ivpaan.exe) |
| Y |
kavsvc |
kavsvc.exe |
Kaspersky antivirus |
| X |
KAVutil |
[worm filename] |
Added by the WINTOO.B WORM! |
| N |
KAZAA |
kazaa.exe |
KAZAA is a file-sharing program
which unfortunately being ad-based includes "Cy-door" adware. Check
here for information about "Cy-door" and here for a program that
can remove it |
| X |
Kazaa Download Accelerator
Updater (required) |
regsvr32 [path] kdp****.dll [* =
random char] |
SafeguardProtect/Veevo hijacker |
| X |
Kazaa lptt01 |
kazaa.exe |
RapidBlaster variant (in a
"kazaa" folder in Program Files). Recommended you use RapidBlaster
Killer to uninstall - see here. Note - this is not the valid KaZaA file
sharing program which has the same executable name |
| X |
Kazaa ml097e |
kazaa.exe |
RapidBlaster variant (in a
"kazaa" folder in Program Files). Recommended you use RapidBlaster
Killer to uninstall - see here. Note - this is not the valid KaZaA file
sharing program which has the same executable name |
| X |
KAZAACuf |
9 |
Added by the KITRO.D (or
ARGEN.A) WORM! |
| N |
kazaalite |
kazaalite.exe |
Kazaalite
is a file sharing client - not to be confused with the original Kazaa
program. Unlike the original, this one does not contain any advertising or
tracking mechanisms |
| N |
KaZooM |
KaZooM.Exe |
KaZoom from Blue Haven
Media - "add-on application that automatically speeds up the download
process and finds the files you want with far more power than regular KaZaA
searches" |
| Y |
KB891711 |
KB891711.exe |
Installed by the Windows KB891711 critical update, see this
security bulletin - this file reportedly needs to continue running in order
to patch the vulnerability, at least until a more practical solution is
found. There have however been reports of fatal exception errors in systems
running Windows 98, and in such a case Microsoft advises to either uninstall
the patch (Add/Remove Programs) or prevent it from running at startup |
| Y |
KB918547 |
KB918547.EXE |
Bug-fix for a
Microsoft graphics rendering engine vulnerability - see here. Windows 98/Me
only |
| Y |
KB926239 |
rundll32.exe [path] apphelp.dll,
ShimFlushCache |
Microsoft
KB926239 fix. Windows Media Player 10 may close unexpectedly on a Windows
XP-based computer |
| U |
KBD |
KBD.EXE |
Multimedia keyboard manager.
Required if you use the multimedia keys |
| U |
KBD MediaCenter |
MEDIACTR.EXE |
Multimedia keyboard manager.
Required if you use the multimedia keys |
| X |
kbddrv32 |
kbddrv32.exe |
Added by the CRYPTER.A TROJAN! |
| X |
kbddrvinf |
kbddrvinf.exe |
Added by the CRYPTER.A TROJAN! |
| N |
KCeasy |
KCeasy.exe |
KCeasy - a Windows peer-to-peer
filesharing application which uses giFT as its 'back end' foundation. The
networks currently supported are OpenFT and Gnutella |
| U |
KClient |
kstatus.exe |
KClient Kerberos client software
for Win32 systems. It provides the libraries and utilities needed to use
Kerberos-based PC applications developed by Computing Services such as KWeb
and NiftyTelnet |
| N |
kdx |
KHost.exe |
KonTiki
Secure Delivery Plug In related. "The Kontiki Delivery Management System
(DMS) is a secure delivery network for distribution of video, software,
audio, documents, and other digital media. The Kontiki DMS enables
enterprises to efficiently publish, secure, deliver and track digital media
to employees, partners, and customers" |
| U |
KE9801 |
DriBat32.exe |
KE9801 multimedia keyboard
driver - required if you use the multimedia keys |
| X |
Keenvalue |
Keenvalue.exe |
eUniverse/KeenValue adware |
| U |
KEMailKb |
KEMailKb.EXE |
Controls
the buttons at the top of the Micro Innovations 650i Internet Access
Keyboard. If you disable it you cannot use the buttons - like volume control
or shut down |
| ? |
Kemet |
kemet.exe |
?? |
| U |
Kerio VPN Client |
kvpnclient.exe |
Kerio VPN Client |
| X |
kern64dll |
[random filename] |
Added by the TARNO.J TROJAN! |
| X |
Kernal Fault Check |
ntosrkl.exe |
Added by a
variant of the SDBOT WORM! |
| X |
kernctl32 |
rundll32 kctl32.dll, initialize |
Added by the AGENT.AT TROJAN! |
| X |
Kerne0223 |
Kerne0223.exe |
Added by the LEGMIR-ZA TROJAN! |
| X |
Kernel |
bboy.exe |
Added by the MUMU.B WORM! |
| X |
Kernel |
services.exe |
Added by the FOOZ-A TROJAN! Note
- this is not the legitimate services.exe process which is always located in
the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is located in the Windows or Winnt
folder |
| X |
KERNEL 32 |
SKERNEL32.com |
Added
by the SEMAPI-A WORM |
| U |
Kernel and Hardware Abstraction
Layer |
KHALMNPR.EXE |
Part of the Logitech Setpoint
software for their wired and wireless mice and trackballs. Sets the Windows
mouse sensitivity to minimum. The idea is that you will use the SetPoint
Control Panel to adjust your mouse sensitivity. This setting is maintained separately
from the Windows setting, but is combined with the Windows setting to
determine the final sensitivity. For this reason, KHALMNPR sets the Windows
setting to 0 so it doesn't alter the one you set in SetPoint |
| X |
Kernel Faults |
ftphost.exe |
Added by the RBOT.BHU WORM! |
| X |
Kernel Loader |
ntkrnl.exe |
Added by the CERVIVEC.A WORM! |
| X |
Kernel Manager |
krnlmgr.exe |
Added by the JUNY.A TROJAN! |
| X |
Kernel Services |
service32.exe |
Added
by the PRX-B TROJAN! |
| X |
kernel system daemon |
ACTIVAT0R.exe |
Added by the RANDEX.AW WORM! |
| X |
Kernel_check |
wmiprvse.exe |
Added by the SONEBOT-B WORM!
Note - this is not the legitimate wmiprvse.exe process which is always
located in the System32wbem folder and should not normally figure in
Msconfig/Startup! |
| X |
kernel12.exe |
kernel12.exe |
Added by an unidentified WORM or
TROJAN! |
| X |
kernel32 |
kern32.exe |
Added by the BADTRANS.A WORM! |
| X |
kernel32 |
kernel.dli |
Added by the NETDEVIL.B TROJAN! |
| X |
Kernel32 |
Kernel.dll |
Added by the REDLOF.M VIRUS! |
| X |
kernel32 |
kernel32.dlI |
Added by the NETDEVIL.15 TROJAN! |
| X |
kernel32 |
kernel32.dll.vbs |
Added by the WEKODE-A WORM! |
| X |
Kernel32 |
Kernel32.exe |
Added by a number of VIRUSES,
WORMS and TROJANS! |
| X |
Kernel32 |
Kernel32.win |
Added by the GAGGLE.D or
GAGGLE.E WORMS! |
| X |
Kernel32 |
kernel32s.exe |
Added by the SDBOT-PU TROJAN! |
| X |
Kernel32 |
krnl32.exe |
Added by the EPON WORM! |
| X |
Kernel32 |
svchosts.exe |
Added by an unidentified WORM or
TROJAN! |
| X |
kernel32dll |
guardpc.exe |
Added by the FORBOT-CU WORM! |
| X |
KernelCheck |
sys****.exe [* = digit] |
Added by an unidentified TROJAN! |
| X |
KernelCheck |
winser.exe |
Added by the TSPY_LMIR.SL TROJAN! |
| N |
kernelfaultcheck |
dumprep 0 -k |
Used in connection with memory
dumps - you can disable these by - right clicking on My Computer, selecting
Properties and then the Advanced tab. Click on the Settings button in
'Startup and Recovery'. In the bottom pane - under 'Write debugging information'
- click on the down arrow and then select 'None' - OK your way out |
| N |
kernelfaultcheck |
dumprep 0 -u |
Used in connection with memory
dumps - you can disable these by - right clicking on My Computer, selecting
Properties and then the Advanced tab. Click on the Settings button in
'Startup and Recovery'. In the bottom pane - under 'Write debugging information'
- click on the down arrow and then select 'None' - OK your way out |
| X |
KernelFaultCheck |
ptool32.exe |
Added by the LEGMIR-BN TROJAN! |
| X |
KernelFaultChk |
sms.exe |
Added by the DEADHAT WORM! Do not confuse with the valid
"kernelfaultcheck" which runs "dumprep 0 -k" or
"dumprep 0 -u" |
| X |
Kernell |
systems.exe |
Added by the TARNO.C TROJAN! |
| X |
Kernell32 |
Kernell.dll |
Added by the DESTINY.A TROJAN! |
| X |
KernellApps |
csrss.exe |
Added by the BANCBAN-AC TROJAN!
Note - this is not the legitimate csrss.exe process, which should not appear
in Msconfig/Startup! |
| X |
KernellApps |
lexplore.exe |
Added by the BANCBAN-BS TROJAN! |
| X |
KernellApps32 |
smss.exe |
Added by the BANCBAN-AN TROJAN!
Note - this is not the legitimate smss.exe process which should not normally
figure in Msconfig/Startup! |
| X |
Kernelw |
Kernelw32.exe |
Added by the INDOR.E WORM! |
| X |
key |
sys_xp.exe |
Added by the BEAGLE.AC WORM! |
| X |
key |
sysxp.exe |
Added by the BEAGLE.AB WORM! |
| X |
key |
winxp.exe |
Added by the BEAGLE.AG WORM! |
| X |
Key Logger |
csrss.exe |
Added by the BUCHON.A WORM! Note
- this is not the legitimate csrss.exe process which is always located in the
System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure
in Msconfig/Startup! This file is located in the root folder - normally C: |
| N |
Key Text |
KeyText.exe |
Key Text 2000 from
MJMSoft Design - utility to automate repetitive keyboard tasks. Available via
Start -> Programs |
| X |
Key1 |
Rlid.exe |
Added by the LIXY TROJAN! |
| ? |
Key2 |
serve.exe |
?? |
| X |
key2 |
winlog.exe |
Added by the BAGLEDI-AL TROJAN! |
| Y |
KeyAccess |
keyacc32.exe |
KeyServer KeyAccess client
software - "when the KeyServer program is launched, the KeyServer
process becomes active so license requests from client computers can be
serviced. Without KeyAccess, a keyed program cannot run, so license control
is very secure" |
| X |
Keybdcntl |
keybdcntl.exe |
Added by a variant of the CRYPTER.C TROJAN! |
| X |
keyboard |
[path to trojan] |
Added by the DLOADR-AOZ TROJAN! |
| X |
keyboard |
keyboard*.exe [* = number] |
Recognized by Kaspersky
antivirus as TrojanDownloader.VB.zg |
| U |
KeyBoard |
Keyboard.exe |
Labtec keyboard utility |
| X |
keyboard |
kybrdef_7.exe |
DollarRevenue adware |
| U |
Keyboard Manager |
MMKeybd.exe |
Multimedia keyboard manager.
Required if you use the additional keys |
| Y |
Keyboard Preload Check |
Preload.exe |
Millenium Multi-Function
Keyboard driver |
| X |
keyboard_enum |
keyboard_enum.exe |
Added by the GP TROJAN! |
| U |
KeyMaestro |
kmaestro.exe |
Multimedia keyboard manager.
Required if you use the multimedia keys |
| U |
keymap |
keymap.exe |
System Tray utility and
background task used by games produced by Kesmai (published by Interactive
Magic) and which enables you to program keys to do specific actions during
the game |
| X |
keymgrldr |
rundll32 setupapi,
InstallHinfSection... keymgr3.inf |
CoolWebSearch Oemsyspnp parasite variant |
| U |
KeyPatrol |
KeyPatrol.exe |
KeyPatrol - key
logger detector using both behavioral and pattern-matching algorithms that
used to be part of PestPatrol before CA's aquisition |
| X |
keyserv |
keyserv.exe |
KeyThief spyware |
| U |
Keyspan Digital Media Remote |
KDMRdmn.exe |
Remote control driver for Keyspan Digital Media Remote
devices |
| U |
keystroke |
keystroke.exe |
QuickLaunch surveillance software. Uninstall this software
unless you put it there yourself |
| U |
KeyWallet |
KWallet.exe |
"KeyWallet is
a useful and convenient desktop utility that spares you the trouble of
filling in your logins, passwords and other personal data manually" |
| X |
kfienq |
masbl.bat |
Added by the KIFER TROJAN! |
| X |
Kgjg |
rnnypbw.exe |
Added by the QuickLinks/Forethought adware |
| N |
khooker |
khooker.exe |
SiS Keyboard Daemon. System Tray
utility which gets installed by the drivers of the latter day SiS VGA cards.
Can cause errors at startup and isn't required |
| U |
KICKMON.EXE |
KICKMON.EXE |
KeepItClean - utility that
deletes safe to remove files, cookies, browsing history, etc. This is the
scheduler - if you don't schedule clean-ups it isn't required |
| U |
Kill Popup |
KillPopup.exe |
KillPopup -
pop-up stopper |
| N |
KillAndClean |
KillAndClean.exe |
Spyware
remover - not recommended, see here |
| X |
kimochiz.exe |
kimochiz.exe |
Added by the MDROP-BB TROJAN! |
| N |
Kinberlink |
Kinberlink.exe |
Kinberlink
network messaging. Available via Start -> Programs |
| X |
KIT3 |
hpprintqueue.exe |
Added by the ADCLICK-DS TROJAN! |
| U |
KK Loader |
loadkk.exe |
KeyKey XP
Professional from KeyKey.com. "Monitor Instant Messages, Chats, Emails,
Web Site URLs, Passwords, Computer Programs, Start Up and Shut Down time and
much more completely undetected to the user." |
| X |
KKM Service |
kkm.exe |
Added
by the NANPY-I WORM! |
| X |
KL AntiFunLove |
flcss.exe |
Added by the FUNLOVE.4099 WORM! |
| U |
KLog |
Keyspy.exe |
KeyLoggPro.B keystroke logger/monitoring program - remove unless
you installed it yourself! |
| X |
klop |
[path to file] |
Added by the AGENT-WQ TROJAN! |
| X |
klop |
[random].tmp |
Found with Trojan.Win32.StartPage.aw. Possibly a variant of
the AGENT-WQ TROJAN! |
| U |
klp |
explorer.exe |
ComSurveilSys keystroke logger/monitoring program - remove
unless you installed it yourself! Note - the legitimate Windows Explorer
(explorer.exe) is located in the Windows or Winnt folder and would not
normally appear in Msconfig/Startup unless you added it manually! This one is
found in a SystemPALCSS subfolder |
| U |
klp |
run32dll.exe |
PAL PC Spy -
key recorder and screen capture utility which controls and monitors
everything that happens on your pc and online |
| U |
KM9801U |
MMHotKey.exe |
Multimedia key handling for the
relevant type of Turbo-Media keyboard. Shortcut available. Note that with
this running it can crash DirectX8/9 under WinXP when a game switches to
full-screen |
| U |
kmw_run.exe |
kmw_run.exe |
Kensington MouseWorks -
mouse/trackball software. Not required unles you use any special features |
| U |
kmw_show.exe |
kmw_show.exe |
Kensington MouseWorks -
mouse/trackball software. Not required unles you use any special features |
| U |
KN_PanelApp |
PanelApp.exe |
KnowledgePanel
online survey software |
| N |
Kodak Batch Transfer |
pezdow1.exe |
Part of "Kodak Picture
Easy" software for digital cameras. Includes the display of an icon in
the System Tray to quickly transfer photos to a PC |
| U |
Kodak EasyShare software |
EasyShare.exe |
Software bundled with Kodak
digital cameras to manage the connection between the PC and the Camera. Can
be started manually |
| N |
Kodak Picture Easy *.* Batch
Transfer |
PezDownload.exe |
Part of "Kodak Picture
Easy" software for digital cameras. Includes the display of an icon in
the System Tray to quickly transfer photos to a PC. *.* represents the
version |
| N |
Kodak Picture Transfer Software |
pts.exe |
Looks for Kodak camera
connection and media insertion. Available via Start -> Programs |
| N |
Kodak Software Updater |
backweb*****.exe |
Software updater for Kodak Easyshare digital cameras |
| Y |
KodakCCS |
KodakCCS.exe |
Kodak DC File System Driver |
| U |
Komunikator |
tlen.exe |
Tlen - a Polish language instant messaging client |
| U |
KONICA MINOLTA magicolor 2400W
STD |
MSTMON_S.EXE |
Konica Minolta Magicolor 2400W
colour printer monitor |
| N |
Konni Symbol Autostart |
KonniSymbol.exe |
Gives
configuration access to RagTime Solo professional business publishing
software. RagTime Solo is the private user version of RagTime 5 |
| N |
kontiki |
kontiki.exe |
Kontiki Delivery Manager - Windows-based client software that
enables secure delivery of content to users' desktops |
| Y |
KPDrv4XP |
KPDrv4XP.exe |
MediaKey USB Keypad Driver |
| Y |
KPFW32.EXE |
KPFW32.EXE |
KingSoft Personal Firewall |
| Y |
KPFWSvc.EXE |
KPFWSvc.EXE |
KingSoft Personal Firewall |
| U |
Kraidman |
Kraidman.exe |
"Toshiba RAID Support is a Toshiba EasyGuard feature
that uses RAID Level 1 technology to minimise downtime by protecting against
data loss and ensuring quick data recovery" - for Toshiba laptops |
| U |
KREC32 |
krec32.exe |
StarrCommander Pro Keystroke
logging software |
| X |
KRNL |
Kernl32.exe |
Added by the ZOMBY.B TROJAN! |
| X |
Krnlcheck |
csrss.exe |
Added by the BOTNACHALA TROJAN!
Note - this is not the legitimate csrss.exe process which is always located
in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is located in the Windows or Winnt
folder |
| U |
Krnlmod |
Krnlmod.exe |
Keystroke logger/monitoring
program - remove unless you installed it yourself! |
| U |
Kryptel Component Start |
Kicker.exe |
Kryptel
encryption software |
| X |
ksrlnhm |
zxatgso.exe |
Added by the DLOADER-LI TROJAN! |
| X |
Ksrv32 |
Ksrv32.exe |
Added by the AGOBOT-PI WORM! |
| X |
KTAX Auto Loader |
ktax.exe |
Added by the SDBOT-MZ WORM! |
| U |
ktchnsnk |
ktchnsnk.exe |
HP program found with the Office
Jet 500/600/700 series which initializes the Office Jet manager each time the
computer is booted up or rebooted |
| X |
KV_HOST |
cxjx.exe |
Added by the LEGMIR-BB TROJAN! |
| X |
KV2005 |
word.EXE |
Added
by the IW TROJAN! |
| X |
kv3000 |
lover.vbe |
Added by the ZSYANG.B WORM! |
| X |
kvern16.dll |
regsvr32.exe [path] kvern16.dll |
DailyWinner adware |
| X |
kw3eef76 |
rundll32.exe [path]
kw3eef76.dll, EnableRunDLL32 |
LZIO.com
adware downloader |
| N |
kX Mixer |
kxmixer.exe |
Provides Mixer and Control
functionality to KxProject Audio driver for EMU10k based soundcards |
| U |
KX509 |
kx509_kfwk5.exe |
Kerberos Secure
Authentication for Windows |
| ? |
KYE_Showicon |
shwicon.exe |
Card reader for memory cards
from digital cameras. Is it required? |
| X |
KYK Control Settings |
KYSVCXD.EXE |
Added by a variant of the RBOT WORM! |
| X |
KYM Control Settings |
phqghum.exe |
Added by the RBOT.BQD WORM! |
| X |
L4r1$$a |
L4r1$$a.pif |
Added by the ASSIRAL-C WORM! |
| X |
laltin |
L90112201.Stub.exe |
Delfin Media Viewer adware related |
| X |
LAN Driver |
landriver32.exe |
Added by the RBOT.BT WORM! |
| X |
lanbrup |
lanbrup.exe |
SafeSurfing adware |
| U |
LanguageMonitor |
Oplmsb01.exe |
OKI Printer language support
monitor |
| X |
LanGuard |
[path to trojan] |
Added by the DLOADER-VO TROJAN! |
| X |
LanGuard |
languard.exe |
Adware downloader - also detected as the SECONDT-C TROJAN! |
| U |
LANMessage Pro |
LANMES~1.exe |
LANMessage
Pro - "a powerful tool for communicating with other people on your
office/home network" |
| U |
LanSpeed2 |
LanSpeed2.exe |
Monitors any traffic that is
using a LAN adapter (Ethernet or Token ring network card) |
| U |
LaoKey |
LaoKey.exe |
Lao Script for Windows
(LSWin) is an extension to the Windows operating system to allow Lao language
to be used with many different Windows-based applications |
| U |
LapLink scheduler |
Llsched.exe |
Utility that automatically
performs file transfers as unattended background operations |
| X |
lar |
[trojan filename] |
Added by the ROXY.C TROJAN! |
| X |
Lar |
Llass.exe |
Added
by the INOR-A TROJAN! |
| X |
LARISSA ANTI VIRUS |
LARISSA_ANTI_VIRUS.exe |
Added by the KLASSIR TROJAN! |
| ? |
Lasb |
ewat.exe |
?? |
| X |
LasErma |
Ermasys32.exe |
Added
by the LERMA-A WORM! |
| X |
LAsIAf32 |
RePEAtLD.exe |
Added by the REPEATLD WORM! |
| Y |
LASTinst |
N/A |
For Gilat Communications
internet satellite systems. Gilat rescue (Satellite system restore). Required
if you have this system. Can cause a BSOD (blue screen of death) if left out |
| ? |
Later |
later.exe |
?? |
| U |
LaunApp |
LaunApp.exe |
Part of Acer Launch Manager -
programmable keys on such laptops as the TravelMate 610 |
| ? |
Launcg |
launcg.exe |
?? |
| U |
Launch Ai Booster |
OverClk.exe |
ASUS Ai Booster is an
application that allows you to overclock the CPU either manually or
automatically without the hassle of entering the BIOS Setup |
| N |
Launch Context 5.0 |
Launch.exe |
Context - electronic
dictionary |
| U |
Launch LCDMon |
LCDMon.exe |
Logitech LCD G-Series software driver |
| N |
Launch LCDMon |
LCDMon.exe |
Driver/utility for Logitech
G-Series gaming keyboards and mice |
| U |
Launch LGDCore |
LGDCore.exe |
Driver/utility for Logitech
G-Series gaming keyboards and mice |
| X |
Launch Norton AntiVirus 2000 |
jorgf.exe |
Added by the RBOT-AUI WORM! |
| N |
Launch YahooPOPs! at Windows
startup |
YAHOOPOPS.EXE |
YahooPOPs - enables
free POP3/SMTP access to Yahoo! Mail through a service on localhost that
emulates the web interface. Available via Start -> Programs |
| U |
LaunchAp |
LaunchAp.exe |
Programmable keys on Acer,
Fujitsu and other laptops |
| U |
LaunchApp |
Alaunch.exe |
Acer Launch tool utility on laptops |
| U |
Launchboard |
lnchbrd.exe |
"LaunchBoard software from
Darwin turns your keyboard into a remote control for the Internet and your
computer! With LaunchBoard 2.0, you can customize up to 38 keys on your PC
keyboard to instantly launch Web Sites, start applications, perform custom
macros, handle Windows shortcuts, store passwords, and perform loads of other
customizable functions" |
| X |
Launcher |
launcher.exe |
Spyware component related to
DownloadWare and found in Program FilesKFH |
| N |
Launcher |
relaunch.exe |
Audio Applications Launcher for
the Philips Rythmic Edge soundcard (the Philips Rhythmic Edge is the same as
the Thunderbird PCI soundcard - see TBtray). Available via Start ->
Programs |
| X |
Lavasoft Ad-Aware |
Ad-Aware.exe |
Added by the RBOT-SO WORM! Note
- this is not the popular Ad-aware spware/adware removal tool |
| U |
Lavasoft Adwatch |
Ad-watch.exe |
Part of
Lavasoft Ad-aware Plus - realtime spyware-monitor watching your memory and
registry for spyware that tries to install or change your system |
| Y |
laxmsp32.exe |
laxmsp32.exe |
Lexmark Scan and Copy Control
Program for the X63 (and maybe others) printer/scanner. Required for the
scanner to work |
| X |
layersldm |
hostplsrvc.exe |
Added by a
variant of the SDBOT WORM! |
| X |
Laz |
Kernn.exe |
Added by the BANCOS-LN WORM! |
| X |
Lcass |
Lcass.exe |
Added by the SILLYFDC-W WORM! |
| U |
LCDC |
LCDC.exe |
LCDC is an application
that displays various information on your LCD or VFD screen. The number of
things that LCDC can do is expandable by Plugins |
| Y |
LCDMon |
LCDMon.exe |
Driver/utility for Logitech
G-Series gaming keyboards and mice |
| Y |
LCDPlayer |
LCDPlyer.exe |
Related to
SuperAdBlocker |
| N |
lcfep |
lcfep.exe |
Tivoli 'TME' System Tray icon -
"'lcfep' is the program that displays statistics about the Endpoint.
Apparently stopping/removing this process has no impact on the Endpoint
itself which will continue to function normally" |
| ? |
LCIDConfig |
lcidchng.exe |
?? |
| U |
LClock |
lclock.exe |
LClock is a program that makes the Windows' clock look like a
Windows Longhorn Clock |
| X |
lcvga |
lcvga.exe |
Added by the HOSTOL-A TROJAN! |
| X |
ld |
ld.exe |
CoolWebSearch Tooncomics parasite affiliate variant -
redirects to fastwebfinder.com |
| N |
LDM |
backweb-8876480.exe |
Installed with the software for
Logitech products. Automatically checks for software upgrades AND new
products, services and special offerings from Logitech |
| N |
LDM |
ldmconf.exe |
Installed with the software for
Logitech products. Automatically checks for software upgrades AND new
products, services and special offerings from Logitech |
| N |
LDM |
LogitechDesktopMessenger.exe |
Installed with the software for
Logitech products. Automatically checks for software upgrades AND new
products, services and special offerings from Logitech |
| X |
ldriver |
ldriver.exe |
Added by the CHORUS-A TROJAN! Searchforfree browser hijacker |
| U |
LED TRAY |
LEDTRAY.EXE |
Installs a USB compact flash
card reader or drive on start-up. The device is distributed by Microtech and
is made by a company called SnapShot. Required if you want the reader to work |
| U |
ledpointer |
CNYHKey.exe |
Chicony Electronics Multimedia
Keyboard Hotkey Driver |
| N |
LeechGet |
LeechGet.exe |
LeechGet
download manager |
| X |
leeman |
leeman.exe |
Added by the COSIAM-D TROJAN! |
| X |
LEMSRV |
lemsrv.exe |
Added by the IRCBOT-TC TROJAN! |
| X |
LetsSearch |
LetsSearch.exe |
BrowserAid/BrowserPal foistware |
| X |
Letum |
[path to worm] |
Added by the LETUM.A WORM! |
| U |
Lexmark **** Series |
lxbabmgr.exe |
Lexmark System Tray application
(where "****" is the model) that enables scan or fax functions to
run directly from the printer via the buttons. Can be launched from a desktop
shortcut |
| U |
Lexmark **** Series |
lxbkbmgr.exe |
Lexmark System Tray application
(where "****" is the model) that enables scan or fax functions to
run directly from the printer via the buttons. Can be launched from a desktop
shortcut |
| U |
Lexmark **** Series |
lxbmbmgr.exe |
Lexmark System Tray application
(where "****" is the model) that enables scan or fax functions to
run directly from the printer via the buttons. Can be launched from a desktop
shortcut |
| U |
Lexmark **** series |
lxbtbmgr.exe |
Lexmark System Tray application
(where "****" is the model) that enables scan or fax functions to
run directly from the printer via the buttons. Can be launched from a desktop
shortcut |
| Y |
Lexmark 2200 Series Button
Manager |
lxbvbmgr.exe |
Lexmark printer button manager.
Required for correct operation |
| Y |
Lexmark 3100 Series |
lxbrbmgr.exe |
Lexmark printer button manager.
Required for correct operation |
| Y |
Lexmark X6100 Series |
lxbfbmgr.exe |
Lexmark X6100 printer button
manager - required for correct operation |
| Y |
Lexmark Xxx Button Manager |
AcBtnMgr_Xxx.exe |
Associated with the Lexmark Xxx
(where "xx" is the model) all-in-one printer/scanner/copier.
Required for correct operation |
| Y |
Lexmark Xxx Button Monitor |
ACMonitor_Xxx.exe |
Associated with the Lexmark Xxx
(where "xx" is the model) all-in-one printer/scanner/copier.
Required for correct operation |
| X |
Lexmark_X79-55 |
lsasss.exe |
Added by the ZONEBAC TROJAN! |
| N |
LexmarkPrinTray |
printray.exe |
Lexmark Printer icon in the
System Tray for quick access. Not required - uncheck via Printer
configuration rather than MSCONFIG. Can also be listed as PrinTray |
| X |
lexplore |
lexplore.exe |
Added by the BROPIA WORM! Note - the executable is spelt with
a lower case "L" rather than an lower or upper case "i"
which is the case with Internet Explorer |
| N |
lexpps |
lexpps.exe |
For Lexmark printers. From
Lexmark: "This enables bi-directional printing over a peer to peer
network. If the printer is connected directly to your PC, the file is not
used, (or should not be used) at all". It is known that firewalls can
however alert you to "lexpps.exe" requesting server privileges |
| U |
LexStart |
lexstart.exe |
Lexmark printer software may add
Lexstart.exe in the startup folder to handle print commands that you send to
the printer. Sometimes required for the printer to work correctly - not in
the case of a Lexmark Z42 for instance |
| X |
Lfh |
Lfh.exe |
Added by the ZAURGA-A TROJAN! |
| U |
Lfsndmng |
lfsndmng.exe |
LightningFAX Enterprise
Fax Server - "puts faxing at the fingertips of networked enterprise
users. It enables rapid, secure sending and Direct-To-Desktop Delivery of
mission-critical documents" |
| U |
LGDCore |
LGDCore.exe |
Driver/utility for Logitech
G-Series gaming keyboards and mice |
| X |
lgm |
lgm.exe |
Added
by the ACID-F WORM! |
| U |
LGODDFU |
fwupdate.exe |
Auto firmware update program for
LG Electronics CD-ROM/DVD writer |
| U |
LgWDskTp |
LgWDskTp.exe |
Logitech Wireless Desktop
mouse and keyboard software. There is an icon for this program on the taskbar
next to the clock |
| N |
lhttseng |
rundll32.exe ..lhttseng.inf,
RemoveCabinet |
Left over after installation of
the British English version of the Lernout & Hauspie Text To Speech (TTS)
Engine |
| X |
li01f948 |
rundll32.exe [path]
li01f948.dll, EnableRunDLL32 |
LZIO.com
adware downloader |
| N |
LicCrtl |
runservice.exe |
Part of the eLicense Copy
Protection scheme employed by some software and games. When this service is
not running, the eLicense wrapper is unable to extract and execute the
program |
| U |
LicCtrl |
rundll32.exe [path] MMFS.DLL,
Service |
Part of the eLicense Copy
Protection scheme employed by some software and games. When this service is
not running, the eLicense wrapper is unable to extract and execute the
program |
| X |
License Manager |
license_manager.exe |
MediaPipe peer-to-peer file
swapping program also reported as a hijacker |
| X |
lich |
lich.exe |
Added by QLOWZON-BN TROJAN! |
| U |
LidPolicy |
pwrschem.exe |
A utility for configuring
certain HP notebook models to enter Standby mode when the lid is closed only
when running on battery |
| X |
Life FireWall Update1 |
FireWall-Update1.exe |
Added by the RBOT-ARS WORM! |
| ? |
LifeCam |
LifeExp.exe |
Related to Microsoft's LifeCam series of webcams. What does
it do and is it required? |
| N |
LifeDrive Manager |
LifeDriveMgr.exe |
Keeps the Palm LifeDrive Manager utility in the systray.
Shortcut available via Start -> Programs |
| X |
LifeDrive™ Manager |
LifeDriveMgrTray.exe |
System Tray utility for the Palm LifeDrive Mobile Manager |
| N |
LifeScape Media Detector |
PicasaMediaDetector.exe |
Media detector for Picasa's automatic photo organizer |
| X |
lify |
yujixit.exe |
Added by a
variant of the SDBOT WORM! |
| U |
Lightning Download |
Lightning.exe |
Lightning
Download download manager. Can be launched manually, but will need to start
up if you want it to "catch clicks" off Internet Explorer |
| X |
Limewire |
LimeWire.exe |
Added by the RBOT-AGH WORM! |
| N |
LimeWire x.x |
LimeWire.exe |
LimeWire - Peer to Peer (P2P)
file-sharing client. x.x represents the version number. Note - as with all
P2P sharing programs they are susceptible to various forms of malware |
| X |
Limpet |
explorer16.exe |
Added by the RBOT-AJD WORM! |
| X |
li-multi**** |
li-multi****.exe |
Adult web-dialler - **** is
random |
| N |
Line Speed Meter V3.0 |
LineSpeedMeter.exe |
LineSpeedMeter
- detect the download and upload speed of your internet connection |
| U |
Lingvo Launcher |
Lvagent.exe |
ABBYY Lingvo Electronic
Dictionaries |
| U |
LingvoTraining |
Tutor.exe |
ABBYY Lingvo Electronic
Dictionaries |
| X |
Linker |
LinkMaker.exe |
Links adware |
| X |
links |
links.exe |
Added by the LOWZONE-BI TROJAN! |
| N |
Linksts |
linksts.exe |
Tray icon which gets installed
when you install the drivers for Asuscom internal ISDN modem cards (or
rebadged Asuscom ISDN cards, such as MRi). This icon enables you to monitor
or configure your ISDN card. Once you have configured your ISDN card correctly,
you will never need to use this icon |
| X |
Linksts |
linksts.exe |
Tray icon which gets installed
when you install the drivers for Asuscom internal ISDN modem cards (or
rebadged Asuscom ISDN cards, such as MRi). This icon enables you to monitor
or configure your ISDN card. Once you have configured your ISDN card correctly,
you will never need to use this icon |
| X |
Linksys Modem Drivers |
linksys.exe |
Added by the IRCBOT.VD WORM! |
| X |
linkyuu |
linkuyy.exe |
Added by the DLOADER.MC TROJAN! |
| X |
Linux |
Linux.vbs |
Added by
the LOVELETTER.AS VIRUS! |
| U |
LiquidView |
lviewj.exe |
"Liquid View lets you
increase the legibility of the Microsoft Windows interface regardless of your
display's native resolution. The software lets you increase the size of items
that are hard to read on your monitor" |
| X |
li-rcash00001 |
vldial.exe |
Added
by the Vl TROJAN! |
| X |
Lisa |
Lisa.exe |
Added
by the SCOM-D premium rate adult content dialler |
| X |
li-speed**** |
dlres.exe |
Adult web-dialler - **** is
random |
| X |
List checker 32 BIT |
list32.exe |
Added by the RBOT-AHO WORM! |
| X |
Litebot |
[path to trojan] |
Added by the LITEBOT-A TROJAN! |
| X |
li-thund**** |
li-thund****.exe |
Adult web-dialler - **** is
random |
| N |
LIU |
LIU.exe |
Logitech Internet Update. Used
to update drivers/software for Logitech's Wingman, QuickCam, etc devices.
Reports claim it doesn't work very well and you can manually update the files
anyway |
| N |
LIU |
Rubicon.exe |
Logitech Internet Update. Used
to update drivers/software for Logitech's Wingman, QuickCam, etc devices.
Reports claim it doesn't work very well and you can manually update the files
anyway |
| N |
Live Menu |
Dllcmd32.exe |
eFax Send
button for eFax Messenger Plus. Available via Start -> Programs Disabling
instructions available here |
| X |
Live-Help |
lmns.exe |
Added by the RBOT-GHE WORM! |
| N |
LiveMonitor |
LMonitor.exe |
MSI Live Update - auto-detects
and suggests the latest BIOS/Driver/Utilities information |
| N |
LiveNote |
Livenote.exe |
Asus graphics card driver live
update feature |
| X |
LiveSexCams |
LiveSexCams.exe |
Premium rate adult content
dialler |
| X |
LiveUpdate |
[Windows username]05.exe |
Added by the LINEAGE TROJAN! |
| U |
LiveUpdate |
LiveUpdate.exe |
Web-update utility as
used by various types of software - see here |
| X |
li-vita**** |
li-vita****.exe |
Adult web-dialler - **** is
random |
| X |
Livre |
Dibane.bat |
Added by the BANEDI VIRUS! |
| X |
Ljx |
rundll32.exe |
Added by the LINEAG-ABD TROJAN!
Note - this is not the legitimate rundll32.exe process, which is found in the
Windows folder (98ME) or the System32 folder(NT2000XP). This file is located
in the "inf" sub-folder |
| X |
lk3h1 |
[path to file] |
Added by the MOSUCK-G TROJAN! |
| ? |
LLMODCL2 |
rundll.exe setupx.dll,
InstallHinfSection ..LLMODCL2.INF |
?? |
| X |
llsass |
llsass.exe |
Added by the PROXY-GG TROJAN! Note - this malware actually
changes the default value data of the registry "Run" key in order
to force Windows to launch it at boot. Name field may be empty |
| N |
LM Status |
LMSTATUS.EXE |
Xerox WorkCenter XE - language
monitor status application |
| X |
LMA Manager |
lmamanager.exe |
Added by the TILEBOT-AD WORM! |
| U |
LManager |
HotkeyApp.exe |
Acer Launch Manager - on Acer
laptops it allows users to configure shortcut keys and to set the operating
state of the WLAN module and the (optional) Bluetooth radio |
| U |
LManager |
QtaET2S.EXE |
Acer Launch Manager - on Acer
laptops, provides configurability for the special keys on their range of
multimedia keyboards |
| U |
LManager |
QtZgAcer.EXE |
Acer Launch Manager - on Acer
laptops it allows users to configure shortcut keys and to set the operating
state of the WLAN module and the (optional) Bluetooth radio |
| U |
LManager |
QtZpAcer.exe |
Acer Launch Manager - on Acer
laptops it allows users to configure shortcut keys and to set the operating
state of the WLAN module and the (optional) Bluetooth radio |
| X |
lMAPl |
lMAPl.exe |
Added by the AGOBOT-RE WORM! |
| U |
LMgrOSD |
OSDCtrl.exe |
OSD (on-screen-display) utility
- part of Acer Launch Manager. Gives you control to customize the monitor to
your liking...from sound, brightness, contrast, horizontal and vertical
positions, phase, pixel clock, color and language |
| N |
LMonitor |
LMonitor.exe |
MSI Live Update - auto-detects
and suggests the latest BIOS/Driver/Utilities information |
| ? |
lmpdpsrv |
lmpdpsrv.exe |
Related to a Lexmark
printer/scanner. Printer sharing server? Is it required? |
| X |
lmrt |
lmrt.exe |
Unidentified adware |
| N |
LMSTATUS |
LMSTATUS.EXE |
Xerox WorkCenter XE - language
monitor status application |
| Y |
LMSXXD |
LMSXXD.exe |
Driver for Xerox XD series
printer/copiers |
| X |
lmu |
LMU.exe |
Downloader trojan,
recognized by Kaspersky antivirus as Agent.bg |
| X |
lnternet Explorer |
AMSNDMGR.EXE |
Added by the KWBOT.R WORM! Note that the "l" is a
lower case "L" and not an upper case "I" |
| X |
lnwin.exe |
lnwin.exe |
Added by the DLOADR-ATC TROJAN! |
| X |
load |
[path to worm] |
Added by the KELVIR.AI WORM! |
| X |
load |
_Kerne1.exe |
Added by the LINEAGE-AN TROJAN! |
| X |
load |
explorer.exe |
Added by the LINEAGE-OZ TROJAN! Note - the legitimate Windows
Explorer (explorer.exe) is located in the Windows or Winnt folder and would
not normally appear in Msconfig/Startup unless you added it manually! This
one is located in the System (9x/Me) or System32 (NT/2K/XP) folder |
| X |
load |
Internat.exe |
Added by the WOWCRAFT TROJAN! |
| X |
load |
Kerne121.exe |
Added by the LINEAGE-ON TROJAN! |
| X |
load |
Kerne1211.exe |
Added by the LINEAGE-DY TROJAN! |
| X |
load |
mdm.exe |
Added by the BINGHE TROJAN! |
| X |
load |
msgsr32.exe |
Added by the SDBOT-QR WORM! |
| X |
Load |
MyGame.exe |
Added by the LAMEYEAR-A WORM! |
| X |
load |
rundl132.exe |
Added by the LOOKED-CK WORM! |
| X |
load |
rundll32.exe |
Added by the WOWCRAFT TROJAN! |
| X |
load |
svchsot.exe |
Added by the GWGHOST-O TROJAN! |
| X |
load |
svhost32.exe |
Added by the WOWCRAFT TROJAN! |
| X |
Load Service |
SvHost.exe |
Added
by the PESIN-D WORM! |
| U |
LOAD WB |
LOADWB.EXE |
Part of Stardock's
WindowBlinds custom desktop program. "WindowBlinds is the first utility
of its kind. It extends Win98/NT/2K/XP to have a fully skinnable user
interface. You can change the style of title bars, buttons, toolbars and
much more". If you use it - keep it if not then uninstall it |
| Y |
load= |
01comm32.exe |
Related to Elsa CommPro (Communicate Pro) access software for
Microlink modems - this software contains answering machine and fax
functions, plus a terminal program, a WWW-browser launch function, Internet
telephony, and address management. Required if you use those |
| X |
load= |
a1g.exe |
Added by the ATAK.B WORM! |
| N |
load= |
adw30.exe |
After Dark for Windows - screen
saver program. Popular before screen savers were integrated into Win95 |
| Y |
load= |
AICLIENT.EXE |
Asset Insight from
Tangram - asset managing software. Required if an organisation is running a
centrally administered asset management system |
| U |
load= |
asistat.exe |
Status monitor for an NEC
SuperScript printer |
| Y |
load= |
Bfrecv.exe |
Bitware modem driver |
| ? |
load= |
cfgsys32.exe |
?? |
| X |
load= |
dapdll.exe |
Added by the ATAK.E WORM! |
| U |
load= |
esspk.exe |
Speakerphone capability through a soundcard for an ESS modem |
| X |
load= |
hint.exe |
Added by the ATAK WORM! |
| Y |
load= |
hotkey.exe |
Solo 5300 display driver for
Win2K on some Gateway laptops |
| N |
load= |
HPWHRC.EXE |
Loads the Status Window software
for the HP Laserjet printers |
| X |
load= |
inetinfo.exe |
Added by the PROXY-GG TROJAN! |
| X |
load= |
Kerne14.exe |
Added by the LINEAGE-BA TROJAN! |
| X |
load= |
msater.exe |
Added by the RETSAM TROJAN! |
| X |
load= |
shambl3r.exe |
Added by the REMABL WORM! |
| X |
load= |
Spoolsv.exe |
Added by the CIADOOR.B TROJAN! Note - "Spoolsv.exe"
is located in the Windows or Winnt directory, and not in System32, like the
legitimate Spoolsv.exe system file |
| X |
load= |
svhost32.exe |
Added by the LINEAGE-AB TROJAN! |
| N |
load= |
vi_grm.exe |
Monitor drivers for Trio2x/3x
based video cards - displays control panel for quick access to display
settings |
| X |
load= |
win32exec.exe |
Added by the BITTER WORM! |
| ? |
load= |
WINOSCFG.EXE |
Could it be something to do with
configuring Windows on a new PC from an OEM supplier? |
| Y |
load= |
wpshrc.exe |
Required to prevent
configuration errors on a Compaq LBP-660 and LBP-460 parallel port laser
printers (and maybe others) |
| ? |
load= |
WPSLOAD.EXE |
Windows printing system that
comes with the setup for Canon BJC series on the manufacturer's disk |
| ? |
Load= |
wtfeat.exe |
Associated with the Wintab
Digitizer |
| X |
load32 |
1111a.exe |
Added by the DUMARU.AH WORM! |
| X |
load32 |
l32x.exe |
Added by the DUMARU.Z or
DUMARU.Y or DUMARU.AD WORM! |
| X |
load32 |
load32.exe |
Added by the NIBU, BAMBO TROJANS
and DUMARU WORM! |
| X |
LOAD32 |
Lorena.exe |
Added by the MAPSON.C WORM! |
| X |
load32 |
netda.exe |
Added by the NIBU.E TROJAN! |
| X |
load32 |
swchost.exe |
Added by the TURTA.A WORM! |
| X |
load32 |
winldra.exe |
Added by the BACKDOOR.NIBU.J or
DUMARU-BI TROJANS! Note - also known as Srv.SSA-KeyLogger by Sunbelt Software
which has developed a free removal tool for this keylogger |
| X |
Loadab1 |
explorer.exe |
Added by the LINEAGE-AJ TROJAN! Note - the legitimate Windows
Explorer (explorer.exe) is located in the Windows or Winnt folder and would
not normally appear in Msconfig/Startup unless you added it manually! This
one is located in the Program Files folder |
| Y |
LoadBlackD |
blackd.exe |
This
is the "intrusion detection system" of the BlackICE PC Protection
(was Defender) firewall which loads independently of the "user
interface" (BlackICE Utility) |
| ? |
LoadBtnHnd |
BtnHnd.exe |
Fujitsu LifeBook related |
| X |
LoadDBackUp |
BcTool.exe |
Added by the GIBE WORM! |
| X |
loaddll |
loaddll.exe |
Winvest spyware |
| ? |
LoadDvpApi9x |
DVPAPI9X.exe |
Part of Command AntiVirus for
Windows 95/98/Me. Is it needed? |
| X |
loader |
loader.exe |
Homepage hijacker, redirecting
to coolwwwsearch.com. Downloader for iedll.exe |
| X |
loader |
WMPLAYER.EXE |
Unknown baddie - WMPLAYER.EXE is
stored in the location and uses the same name as Windows Media Player but
that valid Windows program doesn't load at startup |
| X |
loader32 |
Loader32.exe |
Added by an unidentified TROJAN! |
| X |
loader32 |
sys*****.exe [***** = random
digit] |
Added by the DOMCOM TROJAN! |
| X |
Loaders |
HeIp.exe |
Added by the SDBOT-ADB WORM! |
| X |
loadfax |
loadfax.exe |
Added by the WINFLUX-C TROJAN! |
| X |
LoadFonts |
LoadFonts.vbs |
Homepage hijacker that changes
your homepage to an adult content site |
| X |
LoadFonts |
Tahoma.vbs |
Homepage hijacker that changes
your homepage to an adult content site |
| X |
LoadGolfCourses |
LoadGolfCourses.exe |
PlayMiniGolf.com foistware -
stealth installed! |
| X |
Load-Guard |
Wscript.exe LGuarg.exe.vbs |
Added by the YENO.B and YENO.C
WORMS! |
| X |
LoadHTML |
rundll32.exe mshtmpre.dll,
MShtmpre |
Mshtmpre adware |
| X |
LoadingAgent |
msload32.exe |
Added by the OBLIVION TROJAN! This executable is one of the
most common but there are more |
| X |
LoadingAgent |
ZipLoader32.exe |
Added by the OBLIVION TROJAN! This executable is one of the
most common but there are more |
| X |
LoadManager |
msload.exe |
Added by the OPASERV.T WORM! |
| X |
loadMecq0 |
explorer.exe |
Added by the MUMUBOY.C TROJAN! Note - the legitimate Windows
Explorer (explorer.exe) is located in the Windows or Winnt folder and would
not normally appear in Msconfig/Startup unless you added it manually! This
one is located in the Program Files folder |
| X |
loadMecq3 |
rundll32.exe |
Added by the LEGMIR-AS TROJAN! |
| X |
loadMect1 |
explorer.exe |
Added by the LINEAGE-L TROJAN! Note - the legitimate Windows
Explorer (explorer.exe) is located in the Windows or Winnt folder and would
not normally appear in Msconfig/Startup unless you added it manually! This
one is located in the Program Files folder |
| X |
loadMefs |
rundll32.exe |
Added by the LEGMIR-JB TROJAN!
Note - this is not the legitimate rundll32.exe process, which is found in the
Windows folder (98ME) or the System32 folder(NT2000XP). This file is located
in the Windowsinf or Winntinf folder |
| X |
loadMefs |
smss32.exe |
Added by the FLOOD-EL TROJAN! |
| N |
LoadMSvcmm |
msvcmm32.exe |
Auto-update for Movielink -
internet movie rental System Tray access |
| X |
LoadOrderVerification |
[random filename] |
Added by the TRON.A TROJAN! |
| U |
Loadout Manager |
nost_LM.exe |
Manager for the Belkin Nostromo n50 SpeedPad game controller
- see here |
| X |
LoadPFW |
wmimgr.exe |
Added
by the QEDS-B WORM! |
| X |
LoadPowerProfile |
ASDAPI.EXE |
Added by the CABRO TROJAN! Not to be confused with the valid
LoadPowerProfile entry where the command is Rundll32.exe powrprof.dll |
| X |
LoadPowerProfile |
rundl.exe |
Added by the TOFAZZOL TROJAN! Not to be confused with the
valid LoadPowerProfile entry where the command is Rundll32.exe powrprof.dll |
| X |
LoadPowerProfile |
Rundll.exe powerprof.dll |
Added by the LOXOSCAM TROJAN! Note - do not confuse with the
valid LoadPowerProfile entry! Notice that the infected version uses
"Rundll.exe" whereas the uninfected version uses
"Rundll32.exe" |
| X |
LoadPowerProfile |
Rundll32.exe |
Added by the MIROOT WORM! Note - do not confuse with the
valid LoadPowerProfile entry which has "powrprof.dll" appended to
the command/data line |
| U |
LoadPowerProfile |
Rundll32.exe powrprof.dll |
Power management specifics such as monitor shut-off, system
standby, etc. Associated with power management and is listed twice - see
here. Loads your selected power scheme. May not be required - depends upon
whether you modify the default Control Panel -> Power Options settings |
| X |
LoadPowerScheme |
rundll32.exe powerprof.dll
CheckPowerProfile |
Ulubione adult content dialer |
| U |
LoadQM |
loadqm.exe |
Installed with MSN Explorer and loads the MSN Queue Manager.
Required to enable the WU AutoUpdate feature. Note that disabling this can
sometimes prevent internet sharing working on Win2K Pro SP2. Reports also
suggest that removing it will re-enable internet access - hence the
"users choice" recommendation. If you have problems leave it,
otherwise I recommend you disable it |
| X |
loads.exe |
loads.exe |
MediaMotor adware |
| X |
loads.exe |
medload.exe |
Medload adware |
| X |
loads.exe |
suploads.exe |
Added by the AGENT-BZ TROJAN! |
| X |
LoadService |
Maaf, tempatmu bukan di sin |
Added by the KAGEN-A TROJAN! |
| X |
LoadService |
Rest In Peace |
Added by the KANGAROO-A WORM! |
| X |
LoadService |
Virus |
Added by the CAGER.A WORM! |
| X |
LoadSIPS |
rundll32.exe [path]
SIPSPI32.dll, SIPSPI32 |
123Mania adware |
| ? |
LoadWatcher |
Test.exe |
Reportedly part of a webcam
surveillance program that's supposed to test SMTP dialling in the event of an
alert? Is this correct? |
| X |
LoadWatcher |
watcher.exe |
Watcher spyware |
| X |
loadwin |
winset.exe |
Added by the QQPASS-I TROJAN! |
| X |
loadwin |
winsys.exe |
Added by the QQPASS-J TROJAN! |
| X |
LoadWindowsFile |
[filename] |
Added by the DELF.B TROJAN! where [filename] is the infected
file |
| X |
Local Area Network |
OpenGL.exe |
Added by a variant of the RBOT WORM! |
| X |
Local Authority Service |
lsass.exe |
Added by the AMRKTMAN-C TROJAN!
Note - this is not the legitimate lsass.exe process which is always located
in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is located in the Winnt or Windows
folder |
| X |
Local Internet Connection |
LIC.exe |
Added
by the SDBOT-YA WORM! |
| X |
LOCAL INTERNET WEB DRIVERS FOR
WIN32 |
phqghume.exe |
Added by a variant of the RBOT WORM! |
| X |
Local Page |
http://find.naupoint.com |
Naupoint browser hijacker |
| X |
Local runole service |
srvc32.exe |
Added by the SMALL-DP TROJAN! |
| X |
Local Security Authority Servce |
lssas.exe |
Added by the POEBOT-T WORM! Note
- this is not the legitimate lsass.exe process |
| X |
Local Security Authority Service |
Isass.exe |
Added by the LINKBOT.M WORM! |
| X |
Local Security Authority Service |
lssas.exe |
Added by the POEBOT-J WORM! Note
- this is not the legitimate lsass.exe process |
| X |
Local Service |
Intenat.exe |
Added by the NUCLEAR-J TROJAN! |
| X |
Local Service |
services.exe |
Added by the P2PWORM-T WORM!
Note - this is not the legitimate services.exe process which is always
located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not
normally figure in Msconfig/Startup! This file is located in a "Cursors"
subfolder of the Windows or Winnt folder |
| U |
LocalProxy |
proxy4free.exe |
"ProxyTools is
a package of Perl network utilities designed mainly to assist those whose
Internet access is censored, unreliable, or otherwise damaged. Uncensored
access is provided to any outside service required (Usenet News, Web
browsing, IRC, Socks etc.). Setup requires installation of Perl and some
modules" |
| X |
Local-Settings-of-[User Name] |
[User Name].exe |
Added by the GAVGENT.A WORM! |
| X |
LocalSystem |
svchost.exe |
EHU adware. Note - this is not
the legitimate svchost.exe process which should NOT appear in
Msconfig/Startup! |
| X |
Locator Service |
[filename] |
Added by the AGOBOT-KY TROJAN! |
| U |
Lock My PC |
lockpc.exe |
Lock My PC - a tool
for quick computer locking when you leave it unattended. It shows a lock
screen, disables Windows hot keys and mouse |
| X |
logg |
logo_1.exe |
Added by the PWFUZZ-A WORM! |
| U |
Logi_Mwx |
Logi_MwX.exe |
Logitech Mouseware driver.
Needed to support some additional functionality of Logitech mice/trackballs
such as "SmartMove". If you disable it and find you don't need it
leave it disabled |
| X |
login |
[path to trojan] |
Added by the HOTWORD-A TROJAN! |
| X |
Login |
lala.exe |
Added by the BUGSPR-A TROJAN! |
| X |
Login |
Login.exe |
Added by the BANCBAN-AH TROJAN! |
| U |
Login |
winlog.exe |
Salfeld
Child Control - parental control software |
| X |
Login Screen Saver |
login.scr |
Added by the RBOT-AVN WORM! |
| X |
Login Service |
[path to file] |
Added by
the MIGMAF TROJAN! |
| X |
LoginPassport |
Lgnpsp32.exe |
Added by the REDIST.C WORM! |
| X |
Logitech |
Logitech.exe |
Added by the RBOT.BJH WORM! |
| X |
Logitech Camera |
Soundcane.exe |
Added by the SDBOT.MUC WORM! |
| X |
Logitech Desktop |
ApPache.exe |
Added
by the RBOT-YP WORM! |
| X |
Logitech Desktop |
IPCONN.EXE |
Added
by the SDBOT-WE WORM! |
| X |
Logitech Desktop Controller |
wrcam.exe |
Added by a variant of the RBOT WORM! |
| N |
Logitech Desktop Messenger |
backweb-8876480.exe |
Installed with the software for
Logitech products. Automatically checks for software upgrades AND new
products, services and special offerings from Logitech |
| N |
Logitech Desktop Messenger |
ldmconf.exe |
Installed with the software for
Logitech products. Automatically checks for software upgrades AND new
products, services and special offerings from Logitech |
| U |
Logitech Hardware Abstraction
Layer |
Khalmnpr.exe |
Part of the Logitech Setpoint
software for their wired and wireless mice and trackballs. Sets the Windows
mouse sensitivity to minimum. The idea is that you will use the SetPoint
Control Panel to adjust your mouse sensitivity. This setting is maintained separately
from the Windows setting, but is combined with the Windows setting to
determine the final sensitivity. For this reason, KHALMNPR sets the Windows
setting to 0 so it doesn't alter the one you set in SetPoint |
| U |
Logitech SetPoint |
KEM.exe |
Keyboard and mouse drivers and
utilities for Logitech's latest products - supersedes iTouch and MouseWare on
their older products. Required if you use special features such as multimedia
keys |
| U |
Logitech SetPoint |
KHALMNPR.EXE |
Part of the Logitech Setpoint
software for their wired and wireless mice and trackballs. Sets the Windows
mouse sensitivity to minimum. The idea is that you will use the SetPoint
Control Panel to adjust your mouse sensitivity. This setting is maintained separately
from the Windows setting, but is combined with the Windows setting to
determine the final sensitivity. For this reason, KHALMNPR sets the Windows
setting to 0 so it doesn't alter the one you set in SetPoint |
| U |
Logitech SetPoint |
Setpoint.exe |
Logitech SetPoint Event Manager
for their range of mice and keyboards. Required if you want to use the
advanced features of these devices and is located in the LogitechSetpoint
sub-folder of Program Files |
| U |
Logitech Utility |
Logi_MwX.exe |
Logitech Mouseware driver.
Needed to support some additional functionality of Logitech mice/trackballs
such as "SmartMove". If you disable it and find you don't need it
leave it disabled |
| N |
Logitech Wakeup |
lgwakeup.exe |
Loads at startup and monitors
the scanner. When a document is inserted in the scanner the wakeup program
feeds the document a fraction of a inch into the scanner and then it launches
the control center software. From the control center you can select whether
to fax or copy or print the scanned documents. If you uncheck the Logitech
wakeup software from the startup it no longer launches the control center or
feeds the document a fraction of an inch. You can manually launch the control
center software via Start ->Programs and still be able to scan images |
| X |
Logitech Wireless |
logitechwls.exe |
Added by the MYTOB-BS WORM! |
| U |
LogitechCameraAssistant |
CameraAssistant.exe |
Related to Logitech QuickCams
and provides additional configuration options for these devices |
| U |
LogitechCameraService(E) |
ElkCtrl.exe |
Related to Logitech Camera
Service and provides additional configuration options for these devices |
| Y |
LogitechCommunicationsManager |
communications_helper.exe |
Installed with a Logitech
Quickcam Messenger and if disabled the camera will not work - at least not in
the quick capture mode |
| N |
LogitechDesktopMessenger |
LogitechDesktopMessenger.exe |
Installed with the software for
Logitech products. Automatically checks for software upgrades AND new
products, services and special offerings from Logitech |
| U |
LogitechGalleryRepair |
ISStart.exe |
LogitechGalleryRepair/LogitechVideoRepair
- part of Logitech Image Studio - installed with Logitech QuickCam cameras.
Required from version 8.11 onwards if you use the software to take pictures
and capture videos, not if you don't. Also not required for versions up to
and including 7.30 and after version 8.30 - hence the "U" rather
than "Y" recommendation |
| N |
LogitechImageStudioTray |
LogiTray.exe |
Logitech Image Studio -
installed with Logitech QuickCams |
| N |
LogitechQuickCamRibbon |
quickcam10.exe |
Installed with a Logitech
Quickcam Messenger. Camera's software which is non-essential. When you open
it, it allows you to open the quick capture, camera settings, etc |
| X |
Logitechs |
Logitechs.exe |
Added by the SDBOT.BWE WORM! |
| N |
LogitechSoftwareUpdate |
ManifestEngine.exe |
Updater, part of Logitech Image
Studio - installed with Logitech QuickCam cameras |
| N |
LogitechVideo[inspector] |
InstallHelper.exe |
Logitech QuickCam software
installation helper |
| U |
LogitechVideoRepair |
ISStart.exe |
LogitechGalleryRepair/LogitechVideoRepair
- part of Logitech Image Studio - installed with Logitech QuickCam cameras.
Required from version 8.11 onwards if you use the software to take pictures
and capture videos, not if you don't. Also not required for versions up to
and including 7.30 and after version 8.30 - hence the "U" rather
than "Y" recommendation |
| N |
LogitechVideoTray |
LogiTray.exe |
Logitech Image Studio -
installed with Logitech QuickCams |
| N |
LogiTray |
LogiTray.exe |
Logitech Image Studio -
installed with Logitech QuickCams |
| U |
LogMeIn GUI |
LogMeInSystray.exe |
RemotelyAnywhere is a
remote administration and remote control solution for Windows. It allows
access to the host computer via the network (the LAN, an intranet or the
Internet) - and on the client side all you need is a web browser, a terminal
emulator or a WAP-enabled phone |
| U |
LogMeIn GUI |
ragui.exe |
RemotelyAnywhere is a
remote administration and remote control solution for Windows. It allows
access to the host computer via the network (the LAN, an intranet or the
Internet) - and on the client side all you need is a web browser, a terminal
emulator or a WAP-enabled phone |
| X |
Logo |
[path to trojan] |
Added by the DLOADER-RH TROJAN! |
| U |
Logon Loader |
LogonLoader.exe |
Logon Loader -
customize boot & login screens |
| U |
Logon Loader Random |
LogonLoader.exe |
Logon Loader -
customize boot & login screens |
| X |
Logon.exe |
logon.exe |
Added by the ZINS.A TROJAN! |
| U |
LogonStudio |
logonstudio.exe |
WinCustomize
LogonStudio - "Allows Windows XP users to edit, change, and apply new
logon screens. LogonStudio comes built with a visual editor to make it easy
to create your own logons which can then be uploaded to websites to be used
by others users" |
| X |
LogService |
lsass.exe |
Added by the IU TROJAN! Note -
this is not the legitimate lsass.exe process which is always located in the
System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure
in Msconfig/Startup! This file is located in the Winnt or Windows folder |
| X |
LogService |
lsrss.exe |
Added by the PAPROXY-D TROJAN! |
| X |
LogService |
wincalc.exe |
Added by the PAPROXY TROJAN! |
| U |
LogWatch |
logwat95.exe |
Licensing patch for products
installed on NT by Computer Associates such as eTrust. Detects and updates
old versions of lic98.dll. Not required if you already have a newer version
or the patch has been applied |
| X |
longos |
WIWT.EXE |
Added by the BANKER-CD TROJAN! |
| Y |
Look 'n' Stop |
looknstop.exe |
Look 'n' Stop personal firewall |
| N |
LookNMeet |
Agent.exe |
LooknMeet
dating service |
| X |
Lookup_Sys |
lookupsys.exe |
P04n trojan |
| N |
Lotus Organizer EasyClip |
easyclip.exe |
"The Easy Clip icon
automates the collection of information from sources such as e-mail to create
an Organizer address, appointment, task or Notepad page." Available via
Start -> Programs |
| N |
Lotus QuickStart |
smartctr.exe |
Lotus central application,
called SmartCenter, which runs on the Windows desktop. SmartCenter toolbar
stretches across the top or, optionally, the bottom of the screen. Uses a lot
of resources. Available via Start -> Programs |
| U |
Lotus SuiteStart |
suitest.exe |
Puts the individual Lotus
components in the system tray taskbar when you start Windows. Can be disabled
via MSCONFIG -> Startup as "Lotus SuiteStart 97 Edition". All
individual components available via Start -> Programs |
| X |
LowVersionSupport |
[filename] |
Added by the LASTRAS TROJAN! |
| U |
LPManager |
LPMGR.exe |
Part of Lenovo's IBM ThinkVantage Productivity Center for -
"guides you to a host of information and tools to help you set up,
understand, maintain, and enhance your ThinkPad® notebook or ThinkCentre®
desktop" |
| X |
Lpr |
Lpr123.exe |
Added by the REMPSTEAL password stealer TROJAN! |
| X |
Lpr123 |
Lpr123.exe |
Added by the REMPSTEAL password stealer TROJAN! |
| U |
LPS |
Lps.exe |
Local Port Scanner - "With
LPS you're able to check your computer for open or listening ports" |
| U |
LPtask |
lptask.exe |
Program
Lock It And Protect Pro - lock and protect your folders from being opened,
moved or deleted |
| X |
LRBZ Utility 32 |
lrbz32.exe |
Added by the AGOBOT-JQ WORM! |
| N |
LS120 Superdisk |
?? |
Supposed to accelerate transfer
rate on LS-120, contributes to system lockups |
| X |
LSA |
lsa.exe |
Added by the SDBOT-YV WORM! |
| X |
LSA |
wfdmgr.exe |
Added by the MYTOB.C WORM! |
| X |
LSA Service |
LSASS.exe |
Added by the AHKER.G WORM! Note
- this is not the legitimate lsass.exe process, which should not appear in
Msconfig/Startup! |
| X |
lsa Services |
lsa2srv.exe |
Added
by the TAME-C WORM! |
| X |
LSA Shell (Export Version) |
LSASS.exe |
Added by several variants of the
AHKER WORM! Note - this is not the legitimate lsass.exe process which is
always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should
not normally figure in Msconfig/Startup! This file is located in the Winnt or
Windows folder |
| X |
LsaManager |
lsamgr.exe |
Added by the BEAGLE.DR WORM! |
| X |
lsass |
[path to lsass.exe] |
Added by the ALADINZ.F TROJAN!
Note - this is not the legitimate lasss.exe process which should NOT appear
in Msconfig/Startup! |
| X |
lsass |
elite***32.exe |
EliteBar adware |
| X |
Lsass |
kavmm.exe |
Added
by an unidentified WORM or TROJAN! NOTE - do NOT confuse with the legitimate
Kaspersky antivirus module as described here. Contrary to this impostor, the
legitimate file will always be located in the Kaspersky Lab folder in Program
Files |
| X |
lsass |
lsasrv.exe |
Added by the MYDOOM.AG or
MYDOOM.AS or MYDOOM.AU WORMS! |
| X |
lsass |
lsass.exe |
Added by the RATSOU.B TROJAN!
Note - this is not the legitimate lsass.exe process which is always located
in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is located in a DebugUserMode subfolder
of the Winnt or Windows folder |
| X |
Lsass |
Lsass.exe |
Added by the ALCOP-B WORM! Note
- this is not the legitimate lsass.exe process which is always located in the
System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure
in Msconfig/Startup! This file is located in the Winnt or Windows folder |
| X |
Lsass |
Lsass.exe |
Added by the VOUMIT-A WORM! Note
- this is not the legitimate lsass.exe process which is always located in the
System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure
in Msconfig/Startup! This file is located in a "mirc32" folder |
| X |
lsass |
start.bat |
Added
by the ZCREW TROJAN! |
| X |
LsasS |
Sygate.exe |
Added by the SDBOT.BCA WORM! |
| X |
Lsass |
woekd.exe |
Added by an unidentified WORM or
TROJAN! |
| X |
LSASS 32 |
ISASS32.pif |
Added by the ASSIRAL-C WORM! |
| X |
LSASS Authority |
lshosts32.exe |
Added by the SDBOT-UY TROJAN! |
| X |
LSASS Authority |
lsvhosts.exe |
Added by the SDBOT.BCE WORM! |
| X |
LSASS Daemon |
LSASSd.exe |
Added by a variant of the AGOBOT/GAOBOT WORM! |
| X |
lsass service |
lsass2.exe |
Added by a variant of the AGOBOT/GAOBOT WORM! |
| X |
lsass16 |
lsass16.exe |
Added by the BANKER-BXX TROJAN! |
| X |
lsass2k Update |
lsass2k.exe |
Added by a variant of the RBOT WORM! |
| X |
LSASS32 |
Isass32.exe |
Added by the KELVIR.M WORM! |
| X |
lsass32 |
lsass32.exe |
Added by the LYDRA-B TROJAN! |
| X |
lsass64BiT.exe |
lsass64BiT.exe |
Added by the FORBOT-CK WORM! |
| X |
lsassig |
lsassig.exe |
Added by the BANCOS-EC TROJAN! |
| X |
lsasss |
lsasss.exe |
Added by the GEEKMY-A TROJAN! |
| X |
lsasss.exe |
lsasss.exe |
Added by the SASSER.E WORM! |
| N |
lsburnwatcher |
lsburnwatcher.exe |
Used for automatically updating
HP programs |
| X |
lsess |
lsess.exe |
Added by the SINNAKA.A WORM! |
| X |
lsmass |
lsmass.exe |
Added by the WALLOP-B TROJAN! |
| X |
lsmss.exe |
lsmss.exe |
Added by the PROXY-GG TROJAN! |
| U |
LSPFix |
LSPmonitor.exe |
eAcceleration Stop-Sign security software related. Previously
not recommended, see here |
| X |
lspins |
igps.exe |
Reported as the VB.KC TROJAN by
Kapersky Anti-Virus |
| U |
LSPmonitor |
LSPmonitor.exe |
eAcceleration Stop-Sign security software related. Previously
not recommended, see here |
| X |
lssass |
lssas.exe |
Added by the AGOBOT.RL WORM!
Note - this is not the legitimate lsass.exe process |
| X |
LSvr |
LSvr.exe |
PowerStrip foistware. Note -
this is not the same as the video tweaking utility of the same name here |
| Y |
LT DAEMON |
ltdaemon.exe |
Acts as a data spooler for the
DSL modem (similar to a cache). Do not uncheck if the DSL modem is being used |
| X |
LTDMgr |
LTDMgr.exe |
PowerStrip foistware. Note -
this is not the same as the video tweaking utility of the same name here |
| X |
LTM2 |
bible.exe |
Added
by the LITMUS.203 TROJAN! |
| X |
LTM2 |
lssas.exe |
Added by a variant of the LITMUS
TROJAN! Note - this is not the legitimate lsass.exe process |
| X |
LTM2 |
MPGSRV32.EXE |
Added by the LITMUS.201 TROJAN! |
| X |
LTM2 |
MSGSRV32.EXE |
Added by the LITMUS.A TROJAN! Note - MSGSRV32.EXE in this
case is in a Litmus sub-directory and is not to be confused with the valid
version in C:WindowsSystem |
| X |
LTM2 |
MSGSRV320.EXE |
Added by the LITMUS.C TROJAN! |
| X |
LTM2 |
MSGSSV32.EXE |
Added by the FC.C TROJAN! |
| X |
LTM2 |
msns6 |
Added by the LITMUS.C TROJAN! |
| X |
LTM2 |
RundlI.exe |
Added by the MULTIDRP.BG TROJAN! |
| X |
LTM2 |
SVCHOST32.exe |
Added by the LITMUS.203B TROJAN! |
| X |
LTM2 |
SVCHOSTÿ.exe |
Added by the DROPPERFL.A TROJAN! |
| X |
LTM2 |
winscan.exe |
Added by the LITMUS-B TROJAN! |
| X |
LTM2 |
winupdate.exe |
Added
by the LITMUS.203 TROJAN! |
| X |
LTM2 |
winvers16.exe |
Added by the SMALL.ND TROJAN! |
| U |
LtMoh |
Ltmoh.exe |
Modem On Hold utility - manages
incoming/outgoing voice calls on a single phone line while being connected to
the internet |
| Y |
LTMSG |
ltmsg.exe |
One of the
"popular" WinModem series. WinModems use software rather than
hardware - hence putting a load on the CPU. Needed if you have it for loading
the drivers. See here for more WinModem information |
| Y |
Lto Manager |
DesktopLtoManager.exe |
Related to Global
Positioning System (GPS) found on HP iPAQ hw6500 unit and others |
| N |
LTSMMSG |
LTSMMSG.exe |
Lucent Tech. Soft Modem
Messaging application - may be found on Fujitsu Lifebook, Acer and Sony Vaio
notebooks, maybe others too |
| X |
LTSMSG |
Shell32.exe |
Added by the LEMIR.B TROJAN! |
| X |
LTT2 |
rundll32.exe |
Added by the LINEAGE-BI TROJAN! |
| Y |
LTWinModem1 |
ltmsg.exe |
One of the
"popular" WinModem series. WinModems use software rather than
hardware - hence putting a load on the CPU. Needed if you have it for loading
the drivers. See here for more WinModem information |
| X |
ltwob |
formatsys.exe |
Added by the SERFLOG.A WORM! |
| X |
ltwob |
msmbw.exe |
Added by the SERFLOG.A WORM! |
| X |
ltwob |
serbw.exe |
Added by the SERFLOG.A WORM! |
| U |
LUGuard |
LUGuard.exe |
PC-Duo Remote Control enables your help desk technicians to
take instant control of any remote desktop PC at any location across the LAN,
WAN or internet |
| X |
lup |
lup.exe |
Added by the IRCBOT_GEN WORM! |
| Y |
Lusetup |
LUSetup.exe |
Symantec LiveUpdate installer - required to install a new
version of the application. Will only run once, and the entry is
automatically deleted after a reboot |
| U |
LVComs |
lvcoms.exe |
Lvcomm server. Related to
Logitech Quick Cam - works fine without it but it is needed for the Logitech
ImageStudio software to connect to the camera |
| N |
LVCOMSX |
LVCOMSX.EXE |
It provides extra functionality
for Logitech multimedia webcam devices. When disabled the camera still works
in quick capture but you can get a slight increase in picture quality - not
so snowy and the movement wasn't so jerky |
| U |
LWBMOUSE |
lwbwheel.exe |
Mouse driver - required if you
use non-standard Windows driver features |
| U |
LWBMOUSE |
MOUSE32A.EXE |
Mouse driver - required if you
use non-standard Windows driver features |
| N |
Lwinst Run Profiler |
lwtest.exe |
Logitech Wingman Profiler for
the Logitech joysticks. Available via Start -> Programs |
| X |
lwjcjuti.exe |
lwjcjuti.exe |
Added by the DWNLDR-GTQ TROJAN! |
| ? |
lxamsp32 |
lxamsp32.exe |
Associated with a Lexmark
Printer - is it required? |
| ? |
LXbbmgr |
LXbbmgr.exe |
Lexmark printer button manager?
Is it required? |
| ? |
LXBLKsk |
LXBLKsk.exe |
Lexmark related. What does it do, and is it required? |
| Y |
lxbrbmgr |
lxbrbmgr.exe |
Lexmark printer button manager.
Required for correct operation |
| ? |
LXBRKsk |
LXBRKsk.exe |
Lexmark printer related. What does it do and is it required? |
| ? |
LXBSCATS |
rundll32 [path] LXBStime.dll,
_RunDLLEntry@16 |
Related
to the DLT LibraryXpressLXB tape backup storage device - what does it do and
is it required? |
| ? |
LXBTCATS |
rundll32 [path] LXBTtime.dll,
_RunDLLEntry@16 |
Lexmark printer related - what does it do and is it required? |
| ? |
lxbxmon.exe |
lxbxmon.exe |
Lexmark 7100 series device
monitor. Is it required? |
| ? |
LXCCCATS |
rundll32 [path] LXCCtime.dll,
_RunDLLEntry@16 |
Lexmark printer related - what does it do and is it required? |
| U |
lxccmon.exe |
lxccmon.exe |
Lexmark 3300 series
printers/scanners |
| U |
LXCGCATS |
LXCGtime.dll |
Lexmark printing software -
reports back on printer and cartridge useage |
| ? |
lxcgmon.exe |
lxcgmon.exe |
Lexmark printer related - what does it do and is it required? |
| ? |
lxcrmon.exe |
lxcrmon.exe |
Lexmark 2400 series printer
monitor - what does it do and is it required? |
| ? |
lxctmon.exe |
lxctmon.exe |
Lexmark 5400 series device
monitor. Is it required? |
| N |
LXSUPMON |
LXSUPMON.EXE |
Lexmark Printer. The printer
should work fine without it |
| ? |
lycosInside |
Lyc_SysTray.exe |
Lycos eMail related - what does it do and is it required? |
| U |
LyraHD2TrayApp |
LYRAHD2TrayApp.exe |
Related to RCA Lyra MP3 Player |
| X |
LzioMediaUpdater |
LzioMediaUpdater.exe |
LZIO.com
adware downloader |
| ? |
M Player Post Installer |
postinstallm.exe |
?? |
| X |
M S DVD DirectX Dll Drivers |
msxdl.exe |
Added by the SDBOT-BJN WORM! |
| X |
M1cr0s0ft S3rcurity |
systemconfig.exe |
Added by the RBOT.BKB WORM! |
| X |
M1cr0s0ft Upd4t4zS |
update32.exe |
Added
by the RBOT-MI WORM! |
| X |
m32info |
m32info.exe |
Added by the CRYPTER.A TROJAN! |
| N |
M3Tray |
m3tray.exe |
Movielink - internet movie
rental System Tray access |
| X |
Macfee Security Patch |
Mpfsheild.exe |
Added
by the RBOT-NP WORM! |
| U |
Machine Debug Manager |
mdm.exe |
Used by developers for debugging. Those who have encountered
it have unchecked it with no degradation in performance. May cause your
computer to "hang" if you have MS Visual Studio installed and this
disabled because it appears to take over error handling - hence the U
recommendatioon. Can also be listed as MDM7. See here to disable |
| X |
Machine Debug Manager |
msdn.exe |
Added by a variant of the RBOT WORM! |
| X |
Machine Update Soft |
wusas.exe |
Added by an unidfentified WORM! |
| N |
MacLic |
MacLic.exe |
Part of Conversions Plus from DataViz - allowing PC and MAC
owners to share disks |
| N |
MacName |
MacName.exe |
Part of Conversions Plus from DataViz - allowing PC and MAC
owners to share disks |
| X |
Macromedia 8 |
Flash Player.exe |
Added
by the JAMBU-A WORM! |
| X |
Macromedia Critical Updater |
rarww.exe |
Added by a variant of the RBOT WORM! |
| X |
Macromedia Dreamweaver XM |
macdwXM.exe |
Added by the AGOBOT-RI WORM! |
| X |
Macromedia Drive |
Iexplor32.exe |
Added by a variant of the RBOT WORM! |
| X |
Macromedia Flash Update |
scvhost.exe |
Added by a variant of the RBOT WORM! |
| Y |
MAD.EXE |
MAD.EXE |
MAD.exe is the MS Exchange 5.5
System Attendant and can also consume a large amount of resources - resolved
by the latest Exchange 5.5 Service Pack. Also part of Exchange 2000 Server
but does it have the same problems?. Apparently you need to leave this running
but is it needed at start-up? |
| N |
MadExe |
LaunchRA.exe |
Part of Dell Resolution Assistant - "a diagnostic
program that allows you to contact Dell. When factory-installed by Dell, it
allowed you to perform hardware and software diagnostics that provided alerts
to potential problems and enabled real-time communication with Dell RA techs.
You can now use RA only to contact Dell by e-mail" |
| U |
MAFWTaskbarApp |
MAFWTray.exe |
Drivers for the M-Audio Firewire
Audiophile - Interface |
| U |
MagicDsk |
MAGICDSK.EXE |
Magic DeskTop is a small and
novel utility which will allow you the option of hiding or showing your
desktop icons |
| U |
MagicKeyboard |
PreMKBD.exe |
Related to Samsung laptops. Provides ability to program keys
to perform specific functions |
| U |
MagicLinker3 |
MagicLnk.exe |
ThaiSoftware
Thai Dictionary |
| N |
Magitime |
Magitime.exe |
Magitime
- connection tracking utility which monitors online time, expense, data
transfer |
| ? |
Mail.com |
mcalert.exe |
Mail.com - free web-mail service. Does mcalert.exe notify you
when new mail has arrived? |
| X |
Mail_Check |
Mail_Check.exe |
Added by the PANOIL.C WORM! |
| U |
MailBell |
mailbell.exe |
MailBell e-mail
notification tool that will notify you about new messages arrived to your
mailbox. Works with both POP3 mailboxes and web-mail based systems. You
should be able to set your mail system to check all accounts at regular
intervals anyway if you prefer (in Outlook for instance) |
| U |
Mailbox Verifier |
mboxvrfy.exe |
Mailbox Verifier (MV)
is free software that will notify you about new messages arrived to your
mailbox. Only works with POP3 mailboxes (not web-mail based systems). You
should be able to set your mail system to check all accounts at regular
intervals anyway if you prefer (in Outlook for instance) |
| U |
MailCleaner |
MAILCLEANER.EXE |
MailCleaner "protect your
computer from viruses sent to your machine via the popular e-Mail reader
Incredimail. In addition the program will check all incoming files downloaded
by Internet Explorer, Netscape Navigator, ICQ and iMesh". Not recommended
as it bundles GAIN adware. Please note that Claria Corporation no longer
support GAIN-Supported software - see here |
| X |
mailman.exe |
mailman.exe |
Added by the CERTIF-E TROJAN! |
| Y |
MailScan Dispatcher |
Launch.exe |
MicroWorld MailScan Dispatcher splits each e-mail message
into various components such as the header, body and attachment. Compressed
formats (ZIP, ARJ, etc.) are scanned for viruses and cleaned |
| U |
MAIN |
main.exe |
SpyCop surveillance software detection - checks to see when
your machine was last scanned and if it was more than a week asks if you want
to scan |
| ? |
Main Executable (HP) |
HP05T0R5.exe |
HP (Hewlett-Packard) related.
Maybe related to printers. Now - what does it do? |
| X |
main16 |
main16.exe |
Added by the CRYPTER.A TROJAN! |
| X |
main32 |
main32.exe |
Added by the CRYPTER.A TROJAN! |
| X |
MainStart |
svcmfte32.exe |
Added by the STINX-A TROJAN! |
| X |
mainviewex |
mainviewex.exe |
Added by the GEMA.D TROJAN! |
| X |
Major Microsoft Windows Driver
Boot loader |
bpool.exe |
Added by the MYTOB.AJ WORM! |
| U |
Malware Sweeper |
MalSwep.exe |
Malware Sweeper -
"Protects the user from malicious malware and monitors the sanity of the
running programs" |
| N |
MalwareWipe |
MalwareWipe.exe |
Spyware
remover - not recommended, see here |
| N |
Malware-Wipe |
Malware-Wipe.exe |
Malware
remover - not recommended, see here |
| N |
MalwareWiped |
MalwareWiped.exe |
Malware
remover - not recommended, see here |
| N |
Malware-Wiped |
Malware-Wiped.exe |
Malware
remover - not recommended, see here |
| N |
MalwareWiper |
MalwareWiper.exe |
Malware
remover - not recommended, see here |
| U |
ManageDesk Lite |
ManageDesk Lite.exe |
ManageDesk Lite from
Managebytes Desktop management software. Each desktop is a separate working
space for you to use |
| X |
ManageProtocolCtrl |
csmsv.exe |
Added by the LOOKSKY.B TROJAN! |
| U |
Manager Monitor |
monitor.exe |
MindStorm AnalyzerPro from
Secure Associates. "A security management tool for customers easy to
manage report and analyze security events across heterogeneous security
devices" |
| X |
Managment Service |
[random filename] |
Added by the RBOT.BIS TROJAN! |
| N |
Mania Win Restore |
RESWIN.EXE |
Pinball Mania for Windows from
21st Century Entertainment LTD (1995). Runs briefly at start-up then
terminates. Available via Start -> Programs |
| X |
Mantis |
[filename] |
Added by the MANTIBE VIRUS! |
| X |
MapiDrv |
mpisvc.exe |
Added by the MIPSIV TROJAN! |
| X |
mapisvc32 |
mapisvc32.exe |
Added by the KX VIRUS and also recognised by Symantec as FPAI
adware |
| X |
mark the service |
xxtra32.exe |
Added by the SDBOT.APP WORM! |
| X |
Martini |
pinmart.exe |
Added by a
variant of the SDBOT WORM! |
| X |
Mascro soft SDK updates2 |
SDKrepair2.exe |
Added by the SDBOT.BXM WORM! |
| N |
masqform.exe |
masqform.exe |
PureEdge Viewer 6.0, reportedly
associated with viewing and text editing US Air Force electronic forms |
| U |
masqform.exe |
masqform.exe |
PureEdge Viewer - provides
automation framework to manage and deploy XML forms-based processes for
e-business and e-government systems. PureEdge was taken over by IBM (see
here) and the product became Workplace Forms |
| N |
Mass storage check registry |
rundll32.exe MSDServ.dll, check
registry |
Used with a USB based smartmedia
card reader |
| X |
Master Card Updaate 32 |
Mastercard32.exe |
Added by a variant of the RBOT WORM! |
| U |
Master Volume Spy |
MASTERVOLUMESPY.EXE |
Volume control for the Gateway
Destination "DestiVu" media interface |
| U |
Matador |
mantispm.exe |
MailFrontier
Desktop (Matador) email spam blocker software |
| U |
Matador |
mlfbuddy.exe |
MailFrontier
- anti-spam application |
| X |
MatrixScreen |
[filename] |
Added by the MATRIXSCREEN TROJAN! |
| X |
MatrixScreenSaver |
mss.exe |
Malware, see here |
| N |
Matrox Color Control |
hgcctl95.exe |
For Matrox video cards. Quick
access to changing colors |
| N |
Matrox Control Center |
mgactrl.exe |
For Matrox video cards. Quick
access to settings |
| N |
Matrox Diagnostic |
mgadiag.exe |
For Matrox video cards. Quick
access to diagnostics |
| N |
Matrox Powerdesk |
PDesk.exe |
For Matrox video cards. Quick
access to tweak your card to your liking |
| N |
Matrox PowerDesk 8 |
Matrox.PowerDesk.exe /silent |
For Matrox video cards. Quick
access to tweak your card to your liking |
| N |
Matrox QuickDesk |
mgaqdesk.exe |
For Matrox video cards. Quick
access to tweak your card to your liking |
| N |
M-Audio Delta Taskbar Icon |
DeltTray.exe |
M-Audio Delta Control Panel for
M-Audio brand Delta series audio cards. System Tray access to audio settings
- available through Control Panel |
| N |
MAV_check |
mav_startupmon.exe |
WinAntiVirus
Pro 2007 virus software - not recommended, see here |
| X |
MaxAlerts |
max.exe |
Bonzi MaxALERT - spyware |
| Y |
MaxtorCombo |
ComboButton.exe |
Required to be able to use the
Maxtor OneTouch button on your external Maxtor harddrive. It is used to start
up backup software (Retrospect) |
| U |
MaxtorOneTouch |
OneTouch.exe |
Maxtor OneTouch Hard Drives/OneTouch Family hard disk backup
software |
| U |
MaxtorReg |
AUTOREG.EXE |
Part of SYSagent - small utility
for retrieving all the hardware and software information required by anyone
administering a machine and/or the network it's a part of |
| Y |
MayaPan |
MayaPan.Exe |
Audiotrak
Maya soundcard driver |
| X |
mb2np |
[random filename] |
Added by the IRCBOT.TJ WORM! |
| U |
MBM 4 |
MBM4.exe |
Motherboard Monitor 4 - only
needed if you overclock your system and want to keep a check on system
temperatures/voltages/etc. Available via Start -> Programs |
| U |
MBM 5 |
MBM5.exe |
Motherboard Monitor 5 - only needed if you overclock your
system and want to keep a check on system temperatures/voltages/etc.
Available via Start -> Programs |
| ? |
MBMon |
Rundll32 CTMBHA.DLL, MBMon |
Creative
Filter AudioControlMB Module - related to the Creative Audigy line of sound
cards. What does it do and is it required? |
| U |
MBNet |
mbnet.exe |
MBNet (Portugal) Credit Card
Processing software |
| U |
MBProbe |
mbrpobe.exe |
MBProbe -
only needed if you overclock your system and want to keep a check on system
temperatures/voltages/etc. Available via Start -> Programs |
| U |
mbssm32 |
mbssm32.exe |
Reported as Micro Bill Systems
foistware - but not according to the company themselves, see here |
| X |
MC |
MAGICON.EXE |
Added by the MAGICON.A TROJAN! |
| X |
MC |
N/A |
Added by the SIMCSS TROJAN! |
| X |
MC |
WINTRIM.EXE |
Added by the WINTRIM_A TROJAN! |
| X |
MC |
wintrims.exe |
Added by
the WINTRIM TROJAN! |
| X |
McAfee |
McAffeAv.exe |
Added by the NETSKY.AL WORM! |
| X |
mcafee |
Win32.dll.vbs |
Added by the CATCHER-B WORM! |
| X |
Mcafee Anti Scan |
NortonScn.exe |
Added by a variant of the RBOT WORM! |
| X |
McAfee Antivirus |
McAfeeAV.exe |
Added by a variant of the RBOT WORM! |
| X |
Mcafee Antivirus Monitoring
System326 |
VSStatmn326.exe |
Added by a
variant of the SDBOT WORM! |
| X |
Mcafee Antivirus Monitoring
System32mn |
VSStatmn32.exe |
Added by a variant of the RBOT WORM! |
| X |
McAfee Antivirus Protection |
mcafeeAV.exe |
Added by a variant of the RBOT WORM! |
| X |
Mcafee Auto Protect |
mcafeshield.exe |
Added
by the RBOT-UH WORM! |
| Y |
McAfee Desktop Firewall Tray |
FireTray.exe |
McAfee Desktop Firewall |
| Y |
McAfee Firewall |
CPD.EXE |
Firewall bundled with McAfee
VirusScan 6.*. Can also be listed as CPD_EXE |
| N |
McAfee Guardian |
CMGRDIAN.EXE |
McAfee's QuickClean, an offline
version of the one in their online Clinic. Normally run offline and not
needed. Incidentally, incorporates more cleanup programs than the likes of
WinOptimizer and System Mechanic |
| X |
McAfee Online virus Scanner |
avp.exe |
Added by the RBOT-GCV WORM! Not
to be confused with AOL's Active Virus Shield (by Kaspersky) |
| N |
McAfee QuickClean Imonitor |
Plguni.exe |
McAfee
QuickClean 3.0 - removes internet clutter and unwanted programs |
| X |
mcafee Software Intrenet |
mcafee.exe |
Added by the RBOT-ATR WORM! Note - this is not a valid McAfee
program |
| X |
McAfee Windows Protection |
mcafee32.exe |
Added by a variant of the SPYBOT WORM! |
| N |
McAfee Winguage |
?? |
Part of McAfee Nuts & Bolts.
"WinGuage is a dynamic reporting tool that constantly monitors your use
of Windows and your applications, to alert you to potential problems before
they become serious". Resource hog. Available via Start -> Programs |
| U |
McAfee.InstantUpdate.Monitor |
RuLaunch.exe |
Instant Updater for McAfee's
VirusScan, Internet Security, Quick Clean, Uninstaller and Firewall products.
In the case of VirusScan leave it enabled unless you update manually on a
regular basis |
| Y |
McAfeeFireTray |
Firetray.exe |
McAfee Desktop Firewall |
| X |
McAfeeScanPlus |
McAfeeScanPlus.exe |
Added by the MEPCOD TROJAN! This trojan file does not belong
to any McAfee Antivirus Software and is found in the Windows or Winnt folder |
| Y |
McAfeeUpdaterUI |
UpdaterUI.exe |
Associated with McAfee
Enterprise 7.0.0. - background process |
| Y |
McAfeeVirusScanService |
Avsynmgr.exe |
From McAfee VirusScan version
5.x. Runs VirusScan System Tray (Vsstat.exe), WebScanX (Webscanx.exe),
VirusScan System Scan (Vshwin32.exe) and VirusScan Console (Avconsol.exe)
under one application |
| Y |
McAfeeWebscanX |
WebScanX.exe |
From McAfee VirusScan up to
version 4.x. Provides functionality for VShield Download Scan and Internet
Filter modules. Enables internet scanning. Guards against malicious ActiveX
programs, etc |
| X |
Mcaffe Antivirus |
Mcafeescn.exe |
Added by a variant of the SPYBOT WORM! |
| U |
McAgentExe |
mcagent.exe |
From McAfee VirusScan On-line.
The Agent is a red M icon that appears in the Windows system tray or
Notification Area (if you're running Windows XP). If you don't see the agent
icon, VirusScan Online may not be installed |
| Y |
Mcappins.exe |
mcappins.exe |
Used by McAfee Virusscan to
perform product updates. When updates are available the program will download
and install them automatically. Recommended to leave enabled |
| N |
MChanger |
MChanger.exe |
Media Changer - utility that
allows you to change wallpapers, sounds, themes, etc |
| N |
McLogLch_exe |
McLogLch.exe |
Related
to McAfee security suite. This is a non-essential program, but should not be
disabled unless suspected to be causing problems |
| X |
MCM3 |
mcm3.exe |
ShopAtHome/SAHagent adware variant |
| ? |
McRegWiz |
mcregwiz.exe |
McAfee antivirus related. What does it do and is it required? |
| X |
Mcrosoftr Update |
Mcrosoftr.exe |
Added by a variant of the RBOT WORM! |
| Y |
McShld9x |
mcshld9x.exe |
Part of McAfee's Virusscan
Online. Must be enabled for scanning to work |
| Y |
MCTskShd |
mctskshd.exe |
Part of McAfee SecurityCenter. Runs in the background
controlling critcal updates and control antivirus related actions. This
program is important for the stable and secure running of your computer |
| U |
McUpdateExe |
mcupdate.exe |
From McAfee VirusScan On-line.
Automatically updates your virus definitions. Leave enabled unless you
regularly update these definitions |
| Y |
McVsRte |
mcvsrte.exe |
Part
of McAfee's SecurityCenter. Must remain checked but one user reports Windows
glitches with no response from McAfee as to why |
| Y |
mcvsshld |
mcvsshld.exe |
McAfee VirusScan On-line. See
also the McAgentExe entry |
| X |
MCX Update |
wisp.exe |
Added by the RBOT-AQH WORM! |
| X |
MCX Updte |
scorti.exe |
Added by the RBOT-ARP WORM! |
| X |
MD IE Plugin |
md.exe |
Marketdart spyware |
| X |
MD IE Plugin |
winy.exe |
Adware |
| N |
mdac_runonce |
runonce.exe |
Associated with MS Data Access
Components (MDAC). Sometimes left over after installation - not required.
NOTE :- don't delete "runonce.exe". |
| N |
MDDiskProtect.exe |
MDDiskProtect.exe |
MediaFour
MacDrive for Windows - easily open, edit and save files from Mac-formatted
disks, format Mac disks and burn Mac CDs and DVDs! |
| X |
mdetect |
[path to trojan] |
Added by the SPABOT TROJAN! |
| X |
mdm |
mdm.exe |
Added by the LYDRA-F TROJAN! Note - this is not the valid
Machine Debug Manager which shares the same filename |
| X |
Mdm |
Mdm.vbs |
Added by the WHITEHO VIRUS or
TRAPPY WORM! |
| U |
MDM7 |
mdm.exe |
Used by developers for debugging. Those who have encountered
it have unchecked it with no degradation in performance. May cause your
computer to "hang" if you have MS Visual Studio installed and this
disabled because it appears to take over error handling - hence the U
recommendatioon. Can also be listed as Machine Debug Manager. See here to
disable |
| X |
Mdmdll |
mdmdll.exe |
Added by the CRYPTER TROJAN! |
| X |
Mdmdll32 |
mdmdll32.exe |
Added by a variant of the CRYPTER.C TROJAN! |
| X |
MDN |
MDN.exe |
Added by the RBOT.AOA WORM! |
| X |
MDN |
MDNS.exe |
Added by the SPYBOT.JPB WORM! |
| X |
MDN |
MDNZ.exe |
Added by the RBOT.AQD WORM! |
| X |
mds.exe |
mds.exe |
Added
by the MADS-A TROJAN! |
| X |
MDSA Sentinel X |
smss.exe |
Added by SentinelX spyware. Note
- SentinelX is spyware that logs keystrokes. It also monitors and records Web
sites visited and applications used. The risk can capture periodic screen
shots and may be configured so as to block access to specific Web sites and
chat rooms, must be manually installed. Note - this is not the legitimate
smss.exe process which is always located in the System (9x/Me) or System32
(NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This
file is located in a "MDSA Software" subfolder of the Program Files
folder |
| X |
mdwmdmsp |
mdwmdmsp.exe |
Adware - recognized by
Kaspersky antivirus as TrojanDownloader.Win32.Agent.am |
| N |
MECA |
Meca.exe |
Meca
cross-platform communications technology, branded messengers will connect
with AOL, MSN, Yahoo!, and ICQ users |
| X |
MedGS |
MEDGS1.exe |
PacerD_Media/Pacimedia.com
adware |
| X |
Media Access |
MediaAccK.exe |
Windupdates MEDIAPAS.A adware |
| X |
Media Access |
MediaAccK.exe |
Added by the PODROP-C TROJAN! |
| X |
Media Gateway |
MediaGateway.exe |
180Solutions adware related |
| X |
Media Load |
msn32.exe |
Added by a unidentified WORM or
TROJAN! |
| U |
Media Manager Indexer |
AIRSVCU.EXE |
Part of MS Visual InterDev,
Media Manager is an easy media file management system that works in
conjunction with Windows Explorer. The Media Manager Indexer is a program
that indexes all the information about your media files and puts it into a
database |
| X |
Media Pass |
MediaPass.exe |
WindUpdates MediaPass adware |
| X |
Media Pass |
MediaPassK.exe |
MediaPass adware |
| X |
Media Player |
media.exe |
Added by the FLDMEDIA-A TROJAN! |
| X |
Media Player |
Sysdll.exe |
Added by the BANKER-BR TROJAN! |
| X |
Media Player |
Sysnet.exe |
Added by the BANKER.MW WORM! |
| X |
Media Player |
wmplayer.exe |
Added by the AGOBOT-BM WORM! |
| X |
Media Player Update |
xpsp1mfh.exe |
Added by a variant of the RBOT WORM! |
| X |
Media Plug x.1.2 |
msdm.exe |
Added by the MULDROP.352 VIRUS! |
| X |
Media Service |
msn64.exe |
Added by the SPYBOT.EV WORM! |
| X |
Media service |
msnmsgxr.exe |
Added by the SDBOT.TF WORM! |
| X |
Media service |
notpad.exe |
Added by a variant of the AGOBOT/GAOBOT WORM! |
| X |
Media service |
SYSTEM64.EXE |
Added by the RBOT.QV WORM! |
| X |
Media Software UPdater |
sscs.exe |
Added
by the RBOT-ABE WORM! |
| X |
Media X Services |
MSNGRx.exe |
Added by the RBOT.AUL WORM! |
| X |
media_driver |
media_driver.exe |
Added by the TUPEG VIRUS! Note - this malware actually
changes the default value data of the Registry "Run" key in order
to force Windows to launch it at boot. Name field may be empty |
| X |
media_manager |
mediaman.exe |
Mini-Player, IMESH related
foistware, see here |
| X |
media_stub |
stub.exe |
Mini-Player, IMESH related
foistware, see here |
| X |
MEDIA32 |
[path to trojan] |
Added by the PURSCAN-Z TROJAN! |
| N |
MediaFace Integration |
Sethook.exe |
Fellowes Neato™ cd label design
software. "Launch NEATO's MediaFACE II label making software directly
from the productname toolbar" |
| U |
Mediafour Mac Volume
Notifications |
Macvntfy.exe |
Mediafour
Xplay - allows you to use an Apple iPod digital music player with a PC
running Windows. If not used regularily start manually before connecting the
iPod |
| U |
Mediafour XPlay Tray
Notification Icon |
Xptryicn.exe |
Mediafour
Xplay - allows you to use an Apple iPod digital music player with a PC
running Windows. If not used regularily start manually before connecting the
iPod |
| U |
MediaKey |
MediaKey.exe |
Multimedia keyboard manager. Required if you use the
multimedia keys |
| U |
MediaLifeService |
MediaLifeService.exe |
Related to MediaPlay Cordless Mouse from Logitech |
| X |
MediaLoads |
dw.exe |
Medialoads adware |
| X |
MediaLoads Installer |
dw.exe |
Medialoads adware |
| N |
MediaMonitor |
Mediam~1.exe |
Installed by Smartdisk MVP CD
burning software. Software will work fine without it |
| X |
mediamotor.exe |
mmups.exe |
Added by the AGENT-BY TROJAN! |
| X |
MediaPath |
Proyecto1.exe |
Added by the GRUEL WORM! |
| X |
MediaPath |
Root.exe |
Added by the GRUEL WORM! |
| X |
MediaPipe P2P Loader |
mpp2pl.exe |
MediaPipe peer-to-peer file
swapping program also reported as a hijacker |
| X |
mediapluscash.exe |
mediapluscash.exe |
MediaGateway adware |
| N |
MediaRing Talk |
mrtalk.exe |
Media Ring Talk, voice
recognition software, Resource hog. Available via Start -> Programs |
| X |
MediaXPServicePack |
mxpsp.exe |
Added by the SDBOT.CDT WORM! |
| X |
Media-XP-Service-Pack3 |
msnzx.exe |
Added by the SDBOT-ACW WORM! |
| ? |
MedionVFD |
MdionLCM.exe |
Related to Medion Display Information. What does it do and is
it required? |
| X |
Meeting Connection |
comsutil.exe |
Added by the PPDOOR-E TROJAN! |
| X |
Meeting Connection |
hgakdl32.exe |
Looks like a variant of the PPDOOR-E TROJAN! |
| X |
Meeting Connection |
wowdache.exe |
Added by the PPDOOR-D TROJAN! |
| U |
MegaPanel |
HSTrans.exe |
Homescan
Internet Transporter - part of ACNielson Homescan. Recognizes when the
ACNielsen Homescan Scanner is attached to the computer and allows it to
transmit scanner information to ACNielsen |
| X |
melg34 |
mdmd.exe |
Added
by an unidentified WORM or TROJAN - see here |
| X |
Members area |
******.exe [* = random digit] |
Premium rate adult content
dialer |
| X |
MemConfig |
SetupIE.com |
Added by the TAPLAK WORM! |
| N |
Memento |
Memento.exe |
Memento
- simple app to keep text notes on your desktop |
| U |
MemMonster |
memmnstr.exe |
MemMonster - memory optimizer.
MS MVPs (Most Valued Professional) recommend not using memory managers with
Win98/SE/ME. See this article and make up your own mind |
| U |
MemoKit |
MK.EXE |
Memory optimizer.
It loads from startup group and it goes off as soon as the program
(memokit.exe) is loaded in the System Tray. Mk.exe does not run while the
memokit.exe is running. Probably loads a flash screen at startup and shutdown
that stays on screen less than 5 seconds and gives you a button to push to
purchase the full version. MS MVPs (Most Valued Professional) recommend not
using memory managers with Win98/SE/ME. See this article and make up your own
mind |
| X |
memory |
outlookrem.exe |
Added by the NOPIR.C WORM! |
| X |
Memory Check |
memore.exe |
Added by the KILLAV.C TROJAN! |
| X |
Memory manager |
himem32.exe |
Added by the MANCSYN TROJAN! |
| X |
Memory Service |
freememory.exe |
Added by the RBOT.GEN WORM! |
| U |
Memory Stick Monitor |
MSstat.exe |
Sony/SmartDisk
memorystick-floppydisk-adapter software - allows you to read memorysticks in
a normal floppydrive |
| N |
Memory Stick Monitor |
MSTAT.exe |
Used with the Sony floppy disk
adapter for memory sticks, showing if there is a stick in the computer |
| X |
Memory Watcher |
MemoryWatcher.exe |
MemoryWatcher spyware |
| U |
Memory+ |
tfimemsr.exe |
Memory optimizer.
MS MVPs (Most Valued Professional) recommend not using memory managers with
Win98/SE/ME. See this article and make up your own mind |
| U |
MemoryBoost |
MemoryBoost.exe |
MemoryBoost - memory optimizing
program made by Tenebril Inc. MS MVPs (Most Valued Professional) recommend
not using memory managers with Win98/ME. See this article and make up your
own mind |
| U |
MemoryCardManager |
MemCard.exe |
Memory
Card Manager - for removable memory cards found on Dell or Lexmark photo
printers |
| X |
MemoryMeter |
MemoryMeter.exe |
Autoinstalling spyware
by Total Velocity |
| U |
MemoryZipperPlus |
memzip.exe |
Memory Zipper Plus -
"optimizes the memory management of your system and boost-up its
performance amazingly!" |
| X |
memreader.exe |
memreader.exe |
Added by the AGOBOT-TY WORM! |
| X |
MEMreaload |
MEMreaload.exe |
Added by the LAZAR TROJAN! |
| N |
MemScanner |
MemScanner.exe |
Part of Enigma SpyHunter - not recommended, see note |
| U |
MemTurbo |
memturbo.exe |
MemTurbo memory optimizer. MS
MVPs (Most Valued Professional) recommend not using memory managers with
Win98/SE/ME. See this article and make up your own mind |
| N |
MenuSnap |
MenuSnap.exe |
MenuSnap from Rietta
Solutions. Utility that re-orders your Start Menu items alphabetically. You
may not want this utility if you're able to do this manually by selecting
Start -> Programs and right-clicking and choosing "Sort by Name"
if availabe |
| N |
Mercora |
MercoraClient.exe |
Mercora MusicSearch
"Search, find and listen to music on the world's largest jukebox, built
by people just like you". Note - if you subscribe make sure you read the
Privacy Policy |
| X |
Message Queuing |
msmqs.exe |
Added by the FREEFORS TROJAN! |
| U |
Message_Blocker |
messageblock.exe |
Message
Blocker - "prevents Outlook Express from loading images or other content
from the internet without confirmation, as well as executing scripts when
displaying a formatted email message" |
| N |
MessagerStarter Freeserve |
StartMessager.exe |
Freeserve Messenger |
| X |
Messanger |
browse.exe |
Added by the TACTSLAY.C TROJAN! |
| X |
Messanger |
deamon.exe |
Added by the TACTSLAY.C TROJAN! |
| X |
Messanger |
msgaol.exe |
Added by the TACTSLAY.C TROJAN! |
| Y |
Messanger |
s_menu.exe |
Added by the TACTSLAY.C TROJAN! |
| X |
Messanger |
trillian.exe |
Added by the RBOT.CKI WORM! |
| X |
Messenger |
messenger.exe |
Added by the KUTEX TROJAN! |
| X |
Messenger |
ntsubsys.exe |
Added by the SDBOT.BGE WORM! |
| Y |
Messenger |
SCANMSG.EXE |
AntiVirus Quick Heal -
virus protection |
| X |
Messenger |
Wmsngr.exe |
Added by a variant of the RBOT WORM! |
| X |
Messenger Block |
msngrblock.exe |
Added by the PATOO WORM! |
| X |
Messenger Protocol |
netsender.exe |
Added by the SDBOT-ACC WORM! |
| X |
Messenger Service |
msmsgs.exe |
Added
by the SDBOT-ZB WORM! |
| X |
Messenger Service |
nvhost.exe |
Added
by the JLOK-A WORM! |
| X |
Messenger Service Updater |
svshost.exe |
Added by the MYTOB.GC WORM! |
| X |
Messenger start-up |
Msgran.exe |
Added by the GRAMOS WORM! |
| X |
Messenger6 |
command.pif |
Added by the INZAE.B WORM! |
| U |
MessengerDiscovery |
MessengerDiscovery.exe |
MessengerDiscovery is a
MSN Messenger add-on - adding over 70 new features. Now superseeded by
MessengerDiscovery Live - with support added for Windows Live |
| N |
MessengerPlus |
MsgPlus.exe |
MessengerPlus - third party MSN
Messenger extension that adds a number of useful features. Bundles the hard
to remove C2Media LOP adware. The software does offer you a choice during
setup - make sure to install MessengerPlus WITHOUT that "sponsor program"! |
| N |
MessengerPlus2 |
MsgPlus.exe |
MessengerPlus - third party MSN
Messenger extension that adds a number of useful features. Bundles the hard
to remove C2Media LOP adware. The software does offer you a choice during
setup - make sure to install MessengerPlus WITHOUT that "sponsor program"! |
| N |
MessengerPlus3 |
MsgPlus.exe |
MessengerPlus - third party MSN
Messenger extension that adds a number of useful features. Bundles the hard
to remove C2Media LOP adware. The software does offer you a choice during
setup - make sure to install MessengerPlus WITHOUT that "sponsor program"! |
| X |
messnger |
[worm filename] |
Added by the DELODER WORM! |
| X |
messnger |
Dvldr32.exe |
Added by the DELODER.A WORM! |
| N |
Metacafe |
MetacafeAgent.exe |
Metacafe - video sharing on the
web. Note - if you subscribe make sure you read the Privacy Policy |
| X |
MeTaLRoCk (irc.musirc.com) has
sex with printers |
metalrock-is-gay.exe |
Added by the RANDEX.Q WORM! |
| X |
MeuPrograma |
accwizz.exe |
Added by the RULAND.A WORM! |
| X |
Mfc**.exe [* = random char] |
Mfc**.exe [* = random char] |
CoolWebSearch/HomeSearch adware
- for examples, see this log |
| X |
Mfc**32.exe [* = random char] |
Mfc**32.exe [* = random char] |
CoolWebSearch/HomeSearch adware
- for examples, see this log |
| ? |
mfgboot |
?? |
?? |
| X |
mFilter |
MNeck.exe |
Added by the CLICKER-AG TROJAN! |
| X |
mfin32 |
mfin32.exe |
MyFreeInternetUpdate - adware
downloader |
| ? |
MGA Hook |
Mgahook.exe |
MATROX Graphics card related. What does it do and is it required? |
| N |
MGA Quickdesk |
MGAQDESK.EXE |
For Matrox video cards. Quick
access to tweak your card to your liking |
| N |
MGA_CD_Install |
mgasetup.exe |
Matrox Millennium video driver.
Not required once drivers installed |
| U |
Mgabg |
Mgabg.exe |
Matrox BIOS Guard - monitors a
Matrox card's BIOS, and will reflash it when needed. Cards like the G400 have
a nasty habit of losing their BIOS, especially on poor power supplies. If you
make an emergency BIOS disk with the utility in their BIOS package, you can
disable Mgabg.exe and just use the crash disk if/when needed |
| Y |
mgavctrl |
mgavrtcl.exe |
McAfee's Virus Scan Online |
| Y |
mgavctrl |
mgavrte.exe |
McAfee's Virus Scan Online |
| Y |
mgavrtclexe |
mgavrtcl.exe |
McAfee's Virus Scan Online |
| Y |
mgavrtclexe |
mgavrte.exe |
McAfee's Virus Scan Online |
| X |
mgmtapi |
mgmtapi.exe |
Unidentified malware |
| X |
MHDOGStart |
mhdogst.EXE |
Added by an unidentified VIRUS,
WORM or TROJAN! A possibility is a trojan known as PENIS |
| N |
MHINIT |
MHINIT.EXE |
Part of the Cybermedia Clean
Sweep package |
| X |
mhs3 |
mhs3.exe |
Added by the PWS-ALZ TROJAN! |
| X |
Mi7sft sdce |
b0yz.exe |
Added by the RBOT.CWG WORM! |
| X |
Mi7sft sdce |
MNSQ.exe |
Added by the RBOT.DMU WORM! |
| X |
Mi7sft sdce |
scorti.exe |
Added by the RBOT.ELC WORM! |
| X |
Mickey Mouse Cereal |
[random filename].exe |
Added by the RANKY.Q TROJAN! |
| X |
Micosoft Data Core |
runservice.exe |
Added by the IRCBOT.BK WORM! |
| X |
Micr Update |
soundblaster.exe |
Added by the SDBOT.NP WORM! |
| X |
Micr0s0ft Ms D0s |
msdx.exe |
Added by the RBOT-AON WORM! |
| X |
Micr0s0ft Upd4t4z |
svchost32.exe |
Added by the RBOT.ALF WORM! |
| X |
Micrcoft Exploerer |
spoolsal.exe |
Added by the RBOT-AKK WORM! |
| X |
Micrcoft Exploerer |
svchose.exe |
Added by the RBOT-ASL WORM! |
| X |
Micrcoft Updat |
Internet.exe |
Added by the RBOT-ANA WORM! |
| X |
Micrcoft Updat |
spoolsae.exe |
Added by the RBOT-AIB WORM! |
| X |
Micrcoft Updat |
spoolsaex.exe |
Added by the RBOT-AJM WORM! |
| X |
Micrcsoft Certificate Services |
cflmon.exe |
Added by the RBOT-FWV WORM! |
| X |
Micro CRC Protocol |
scrc32.exe |
Added by a
variant of the SDBOT WORM! |
| X |
Micro Process |
appconf.exe |
Added by an unidentified WORM or
TROJAN! |
| X |
Micro Update |
dailin.exe |
Added
by the RBOT-ER WORM! |
| N |
Microangelo Desktop |
Muamgr.exe |
Using MicroAngelo On
Display, you can easily select the icon images that you prefer rather than
the default icons displayed by Windows. On Display provides a consistent and
elegant method to customize the icon display for almost every icon on your
system |
| N |
microAttuneDownload |
atmdlusr.exe |
Application Launcher, MS Office
application. USR (US Robotics) modem auto updater. May be a sub-set of Attune |
| X |
MicroCQ0 |
explorer.exe |
Added by the LINEAGE-AK TROJAN! Note - the legitimate Windows
Explorer (explorer.exe) is located in the Windows or Winnt folder and would
not normally appear in Msconfig/Startup unless you added it manually! This
one is located in the Program Files folder |
| U |
MicroDialler |
atdialler1.exe |
Part of the Freeserve Connection Kit - changes the dial-up
for Freeserve AnyTime if access problems are encountered |
| X |
MicroedSoft Toolbar |
Smoked.exe |
Added by the RBOT-ALN WORM! |
| X |
Microfinder lptt01 |
mcf.exe |
RapidBlaster variant (in a
"mcf" folder in Program Files). Recommended you use RapidBlaster
Killer to uninstall - see here |
| X |
Microfinder ml097e |
mcf.exe |
RapidBlaster variant (in a
"mcf" folder in Program Files). Recommended you use RapidBlaster
Killer to uninstall - see here |
| X |
Microfot Update |
winldx32.exe |
Added by a variant of the RBOT WORM! |
| X |
Microft Exploerer |
spoolsac.exe |
Added by the RBOT-AMD WORM! |
| X |
Microft Update 32 |
winssx.exe |
Added by the RBOT-AQS WORM! |
| X |
MicroLoad |
[random filename] |
Added by the DARBY WORM! |
| X |
Micromedia Flash Update |
wdfmrg.exe |
Added by a
variant of the SDBOT WORM! |
| X |
Micromedia Flash Update |
xptxt.exe |
Added by the RBOT-GAB WORM! |
| X |
Microoft Timing |
pupdate.exe |
Added by a variant of the RBOT WORM! |
| X |
MICROSFT ANTIVIRUS UPDATE
SUPPORT |
[random 10-letter filename].EXE |
Added by the RBOT-AQA WORM! |
| X |
MICROSFT ANTIVIRUS UPDATE
SUPPORT |
MSGUPDATED.EXE |
Added by the RBOT-APZ WORM! |
| X |
Microsft Conf 32 |
msaconf.exe |
Added by the RBOT.EYA WORM! |
| X |
Microsft Confige 32 |
msaconfigurez.exe |
Added by the RBOT.CLC WORM! |
| X |
MICROSFT MX UPDATE SUPPORT |
taskmngrs.exe |
Added by the RBOT-AUZ WORM! |
| X |
MICROSFT MX UPDATE SUPPORT |
winmx32.EXE |
Added by the IRCBOT-FD WORM! |
| X |
MICROSFT RAMA UPDATE SUPPORT |
[random filename] |
Added by the RBOT-ASM or
RBOT-AUW WORMS! |
| X |
MICROSFT RAMA UPDATE SUPPORT |
MSN32.EXE |
Added by the RBOT-AWJ WORM! |
| X |
MICROSFT RAMA UPDATE SUPPORT |
mtakthmyn.EXE |
Added by the RBOT-AUJ WORM! |
| X |
Microsft Security Monitor
Process |
cmh.exe |
Added by a
variant of the SDBOT WORM! |
| X |
Microsft Security Monitor
Process |
mssmpp.exe |
Added by a variant of the RBOT-FUB WORM! |
| X |
Microsft Security Monitor
Process |
mssmppp.exe |
Added by a
variant of the SDBOT WORM! |
| X |
Microsft Updtes |
sarvice.exe |
Added by a
variant of the SDBOT WORM! |
| X |
Microsft Upgraed |
[random filename].exe |
Added by a
variant of the SDBOT WORM! |
| X |
microsft windows updates |
mwupdate32.exe |
Added by a variant of the TOXBOT/CODBOT WORM! |
| X |
Microsof Value |
nmatt.exe |
Added by a variant of the RBOT WORM! |
| X |
Microsof Windows Host |
svhost32.exe |
Added by the RBOT.ADY WORM! |
| X |
Microsof Winlog Host |
wilogon32.exe |
Added by the RBOT.XC WORM! |
| X |
Microsofot x386 System Monitor |
system32.exe |
Added by the WOOTBOT.M WORM! |
| X |
Microsoft |
guard.exe |
Added by a
variant of the SDBOT WORM! |
| X |
Microsoft |
iexplore.exe |
Added by the QQROB-R TROJAN!
Note - this is not the legitimate Internet Explorer iexplore.exe process
which is always located in the Program FilesInternet Explorer folder and
should not normally figure in Msconfig/Startup! This file is located in the
System (9x/Me) or System32 (NT/2K/XP) folder |
| X |
Microsoft |
lsass.ppf |
Added by the RBOT-GAA WORM! |
| X |
microsoft |
microsoft.hta |
HTA file which creates an
executable on the hard drive which subsequently proceeds to download files
from a malware site! |
| X |
Microsoft |
mixers.exe |
Added by the AGOBOT-AHU WORM! |
| X |
Microsoft |
msmsger.exe |
Added by a
variant of the SDBOT WORM! |
| X |
Microsoft |
MSUPDATE.exe |
Added by an unidentified WORM or
TROJAN! |
| X |
Microsoft |
msvchost.exe |
Added by the RBOT-GAW WORM! |
| X |
Microsoft |
radnom.exe |
Added by the RBOT-GHO WORM! |
| X |
Microsoft |
rtvcscan.exe |
Added by the RBOT-GGU WORM! |
| X |
Microsoft |
ssmss.exe |
Added by the RBOT-FZF WORM! |
| X |
microsoft |
svchost.exe |
Added by the ASTEF or RESPAN
WORMS! Note - this is not the legitimate svchost.exe process which should NOT
appear in Msconfig/Startup! |
| X |
Microsoft |
svchost.exe |
Added by the ADUYO-A TROJAN!
Note - this is not the legitimate svchost.exe process which is always located
in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is located in the Winnt or Windows
folder |
| X |
Microsoft |
taskbar.exe |
Added by a variant of the RBOT WORM! |
| X |
Microsoft |
updater.exe |
Added by the RBOT-GHP WORM! |
| X |
Microsoft |
wcsntfy.exe |
Added by the AGOBOT-AHT WORM! |
| X |
Microsoft |
win32.exe |
Added by the DARKMOON TROJAN! |
| X |
Microsoft |
windl32.exe |
Added by the SDBOT-DCZ WORM! |
| X |
Microsoft |
wuauclt.exe |
Added by the QQROB-AQ TROJAN!
Note - this is not the legitimate wuauclt.exe process, which should not
appear in Msconfig/Startup! |
| X |
Microsoft (C) HTML Application
host |
[random filename] |
Added
by the RBOT-YB WORM! |
| X |
Microsoft (R) Windows
Configuration Backup Service |
svchost.exe |
Added by the RANKY.X TROJAN!
Note - this is not the legitimate svchost.exe process which is always located
in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is located in either a "config",
"mapping" or "security" subfolder of the Winnt or Windows
folder |
| X |
Microsoft (R) Windows DLL Loader |
rundll32.exe |
Added by the RANKY.W TROJAN!
Note - this is not the legitimate rundll32.exe process, which is found in the
Windows folder (98ME) or the System32 folder(NT2000XP). This file is located
in a "dll" subfolder of the Winnt or Windows folder |
| X |
Microsoft (R) Windows Network
Latency Controller |
1.tmp |
Added by a generic password stealer TROJAN - see here |
| X |
Microsoft (R) Windows Network
Latency Controller |
nlc.exe |
Added by a generic password stealer TROJAN - see here |
| X |
Microsoft (R) Windows Network
Latency Controller |
sp2vc.exe |
Added by a generic password stealer TROJAN - see here |
| X |
Microsoft (R) Windows Network
Security Management Service |
nsms.exe |
Added by the RANKY.LC TROJAN! |
| X |
Microsoft (R) Windows Protected
Content Restoration Service |
services.exe |
Added by the AGENT.AGV TROJAN! |
| X |
Microsoft (R) Windows Protocol
Deployment Manager |
[random].tmp |
Added by an unidentified WORM or
TROJAN! |
| X |
Microsoft (R) Windows TCP/IP
Socket Driver |
[path to trojan] |
Added by the PROXY-DD TROJAN! |
| X |
Microsoft (R) Windows Update
Service |
wuauclt.exe |
Added by a variant of the SDBOT
WORM! Note - this is not the legitimate wuauclt.exe process, which should not
appear in Msconfig/Startup! |
| X |
Microsoft (R) Windows Vista/NT
Runtime Compatibility Service |
nrcs.exe |
Added by the RANKY.X TROJAN! |
| X |
Microsoft .NET Confingurator |
msnconf.exe |
Added by an unidentified VIRUS,
WORM or TROJAN! |
| X |
Microsoft 16Bit Update |
wuapdate16.exe |
Added by the RBOT.CZ WORM! |
| X |
Microsoft 64 Bit Runtime Updater |
wupdt64.exe |
Added by a variant of the RBOT WORM! |
| X |
Microsoft ActiveX Debugger NT |
[path to trojan] |
Added by the BANCOS-DO TROJAN! |
| X |
Microsoft ADservice |
[random filename] |
Added by a variant of the RBOT WORM! |
| X |
Microsoft Agent |
mdss32.exe |
Added by the KEYLOG-AG TROJAN! |
| X |
Microsoft ALG32 Protocol |
alg32.exe |
Added by a variant of the SPYBOT WORM! |
| X |
Microsoft ALGXP Protocol |
alg32.exe |
Added by a
variant of the SDBOT WORM! |
| N |
Microsoft Announcement Listener |
Annclist.exe |
MS WebTV for Windows. Used to
display TV on your PC via a compatible video card with in-built tuner (such
as ATI All-In-Wonder). If you don't use it - uninstall it |
| X |
Microsoft Ansti Update |
msie.exe |
Added
by the RBOT-LE WORM! |
| X |
Microsoft Anti-Spy |
[random filename] |
Added by a
variant of the SDBOT WORM! |
| X |
Microsoft AntiSpyware |
Bazzi.exe |
Added by the AHKER.J WORM! |
| X |
Microsoft AntiSpyware |
KT06.pif |
Added by the IRCBOT.GEN WORM! |
| X |
Microsoft AOL Instant Messenger |
MSAOL32.exe |
Added by the RBOT-AAI WORM! |
| X |
Microsoft AOL32 Protocol |
aol32.exe |
Added by a variant of the SPYBOT WORM! |
| X |
Microsoft Application Center |
mappc.exe |
Added by a variant of the RBOT WORM! |
| X |
Microsoft Application Manager |
msapl32.exe |
Added by the BROPIA-AE TROJAN! |
| X |
Microsoft Associates, Inc. |
iexplorer.exe |
Added by a variant of the LOVGATE WORM! |
| X |
Microsoft AUT Update |
MSlti16.exe |
Added by the RBOT.EB WORM! |
| X |
Microsoft AUT Update |
MSlti32.exe |
Added
by the RBOT-X WORM! |
| X |
Microsoft Authority Service |
lsass.exe |
Added by the KALEL-D WORM! Note
- this is not the legitimate lsass.exe process, which should not appear in
Msconfig/Startup! |
| X |
Microsoft Auto Update |
WINHLP16.EXE |
Added by the RBOT.GY WORM! |
| X |
Microsoft auto update |
winupdate.exe |
Added by the BMBOT TROJAN! |
| Y |
Microsoft auto update |
wuauclt.exe |
Added by the CULT-B TROJAN! Note
- this is not the legitimate wuauclt.exe process, which should not appear in
Msconfig/Startup! |
| X |
Microsoft Automatic Update
Serivce |
msautou.exe |
Added by the RBOT-AOB WORM! |
| X |
Microsoft Automatic Updater |
Explorer.exe |
Added
by the RBOT-SG WORM! Note - the legitimate Windows Explorer (explorer.exe) is
located in the Windows or Winnt folder and would not normally appear in
Msconfig/Startup unless you added it manually! This one is located in the
System32 subfolder |
| X |
Microsoft AutoUpdater |
svhost.exe |
Added by the RBOT.QG WORM! |
| X |
Microsoft Bool Value |
MV2.exe |
Added by a variant of the RBOT WORM! |
| X |
Microsoft boot system cfg32 |
actboost.exe |
Added by the BROPIA.R WORM! |
| U |
Microsoft Broadband Networking |
MSBNTray.exe |
Microsoft Broadband Networking
Tray Application |
| X |
Microsoft Cab Manager |
exec.exe |
Affilred adware |
| X |
Microsoft checker |
MsPMSPTv.exe |
Added by a
variant of the SDBOT WORM! |
| X |
Microsoft Client |
mshost.exe |
Added by the RBOT-AND WORM! |
| X |
Microsoft Client Pc |
spoolsrv.exe |
Added by the RBOT-AQM WORM! |
| X |
Microsoft Client/Server Runtime
Server Subsystem |
csrs.exe |
Added by a variant of the AGOBOT/GAOBOT WORM! |
| X |
Microsoft Client/Server Runtime
Server Subsystem |
csrssa.exe |
Added by a variant of the AGOBOT/GAOBOT WORM! |
| X |
Microsoft Command Line |
wincmd.exe |
Added by a variant of the RBOT WORM! |
| X |
Microsoft Conf Ldr |
sysconf.exe |
Added by a variant of the SDBOT TROJAN! |
| X |
Microsoft ConfgKeys |
wurmgrd32.exe |
Added by the RBOT-ARX WORM! |
| X |
Microsoft Config |
msconf.exe |
Added by the RBOT.PV WORM! |
| X |
Microsoft Config |
MSCONF.EXE |
Added
by the RBOT-LG WORM! |
| X |
Microsoft Config 32 |
msconfigx32.exe |
Reported as the MSCONFIGX32
TROJAN! Possible Rbot variant |
| X |
Microsoft Config 32bit |
mscnfg32.exe |
Added
by the RBOT-Z WORM! |
| X |
Microsoft Config File |
config.exe |
Added by the KILLFILES.GR
TROJAN! This is malware that will attempt to delete all system dlls! |
| X |
Microsoft Configoration Service |
msconfigs.exe |
Added by the RBOT-ETT WORM! |
| X |
Microsoft Configs 32 |
msgconfigrs.exe |
Added by a
variant of the SDBOT WORM! |
| X |
Microsoft Configuration 35 |
microsot1.exe |
Added
by an unidentified TROJAN! |
| X |
Microsoft Configure 32 |
msgconfigre.exe |
Added by a variant of the GAOBOT/AGOBOT WORM! |
| X |
Microsoft Connection Manager
Monitor |
cmmon.pif |
Added by the RBOT-AKV WORM! |
| X |
Microsoft Control Center |
crtl.exe |
Added
by the RBOT-VX WORM! |
| X |
Microsoft Core Support |
[random filename] |
Added by a variant of the RBOT TROJAN! |
| X |
Microsoft Core Support |
MSxUP32.exe |
Added by the RBOT-ANR WORM! |
| X |
Microsoft Corp SQL Certificates |
sqlcer.exe |
Added
by the ZYBOT-C WORM! |
| X |
Microsoft Corp SSL Certificates |
windowz.exe |
Added by the RBOT-GCZ WORM! |
| X |
Microsoft Corp TLS Certificates |
msauth.exe |
Added by the RBOT-GAC WORM! |
| X |
Microsoft Corp Updates |
wupdates.exe |
Added by the RBOT-AUU WORM! |
| X |
Microsoft Corporaticn SQL
Handler |
sqlhandler.exe |
Added by a variant of the RBOT WORM! |
| X |
Microsoft Corporation |
[random filename] |
Added by various VIRUSES, WORMS
& TROJANS! |
| X |
Microsoft Corporation |
jview.exe |
Added by the RBOT-AOD WORM! |
| X |
Microsoft Corporation SYM
monitor |
mssym.exe |
Added by the RBOT-GDB WORM! |
| X |
Microsoft CPXP Protocol |
cpxp.exe |
Added by the RBOT.ATP WORM! |
| X |
Microsoft Crs Fix Serv |
wincrs.exe |
Added by the SDBOT.BWF WORM! |
| X |
Microsoft CSRSS32 Protocol |
csrss32.exe |
Added by a variant of the AGOBOT/GAOBOT WORM! |
| X |
Microsoft CSRSS386 Protocol |
csrss386.exe |
Added by a variant of the SPYBOT WORM! |
| X |
Microsoft Cvrt |
mscvrt32.exe |
Added by an unidentified VIRUS,
WORM or TROJAN! |
| X |
Microsoft Data Helper |
cihost.exe |
Malware, possibly a variant of the LINST TROJAN |
| X |
Microsoft Data Machine |
csdata32.exe |
Added by a variant of the RBOT WORM! |
| X |
Microsoft Database Handler |
mssql32.exe |
Added by the RANDEX.AX WORM! |
| X |
Microsoft Datalog Application |
msdata.exe |
Added by a
variant of the SDBOT WORM! |
| X |
Microsoft DDE Control |
wupades.exe |
Added by a
variant of the SDBOT WORM! |
| X |
Microsoft DDEs Control |
Erun.pif |
Added by the RBOT-AMU WORM! |
| X |
Microsoft Debug Service |
dbgbgr.exe |
Added by a variant of the RBOT WORM! |
| X |
Microsoft Decryption Technology |
Msfenoe.exe |
Added by the SPYBOT-DG WORM! |
| X |
Microsoft Desktop Manager |
msdesk32.exe |
Added by a variant of the RBOT WORM! |
| X |
Microsoft Dev |
iexplorer32.exe |
Added by a variant of the AGOBOT/GAOBOT WORM! |
| X |
Microsoft Development Debugger |
msdev.exe |
Added by a variant of the RBOT WORM! |
| X |
Microsoft Development Services |
msdevelop.exe |
Added by the RBOT-FWS WORM! |
| X |
Microsoft Device Manager |
msdevmgr32.exe |
Added by the LATEDA.B TROJAN! |
| X |
Microsoft Diagnostic |
[random filename] |
Added
by the ACEBOT TROJAN! |
| X |
Microsoft Diagnostic |
msdiag32.exe |
Added
by the RBOT-UC WORM! |
| X |
Microsoft Digital Clock |
msclock.exe |
Added by the NACKBOT-D WORM! |
| X |
Microsoft Directx |
directxat.exe |
Added by the SDBOT-BXF WORM! Note - disables autostart for
the SharedAccess service and deactivates the Microsoft Internet Connection
Firewall (ICF) |
| X |
Microsoft DirectX |
PDSched.exe |
Added by the SDBOT.CN WORM! |
| X |
Microsoft DirectX |
rasmngr.exe |
Added by a variant of the RBOT WORM! |
| X |
Microsoft DirectX |
Spoolserv.exe |
Added by the DINFOR WORM! |
| X |
Microsoft DirectX |
time123.exe |
Added by the SDBOT.MD WORM! |
| X |
Microsoft DirectX |
wuamgrd.exe |
Added by the SDBOT.MY WORM! |
| X |
Microsoft Directx click |
directxclick.exe |
Added by a variant of the RBOT-GHT WORM! |
| X |
Microsoft Directx clicks |
directxclickers.exe |
Added by the RBOT-GHT WORM! |
| X |
Microsoft Directx push |
directxpushup.exe |
Added by a variant of the RBOT-GHT WORM! |
| X |
Microsoft Directxsp |
directxbt.exe |
Added by a variant of the RBOT-GHT WORM! |
| X |
Microsoft Directxspnew |
directxnew.exe |
Added by a variant of the RBOT-GHT WORM! |
| X |
Microsoft DirktorWin |
[random filename] |
Added
by the SPYBOT.GEN3 TROJAN! |
| X |
Microsoft DLL |
fumeta.exe |
Added by the RBOT-AUG WORM! |
| X |
Microsoft DLL Extensions |
SystemDll.exe |
Added by the RBOT-ADV WORM! |
| X |
Microsoft dll Host Service |
wkssr.exe |
Added by a
variant of the SDBOT WORM! |
| X |
Microsoft Dll Management |
windll.exe |
Added
by the RBOT-MT WORM! |
| X |
Microsoft Dll Printer Manager |
dllpt.exe |
Added by the SDBOT.BIH WORM! |
| X |
Microsoft DLL Verifier |
chkfile.exe |
Added by the RBOT-AOC WORM! |
| X |
Microsoft DLL Verifier |
csrssv.exe |
Added by the RBOT-ATK WORM! |
| X |
Microsoft DLL Verifier |
file.exe |
Added by the RBOT-AED WORM! |
| X |
Microsoft DLL Verifier |
mscon.exe |
Added by the SDBOT.EAH WORM! |
| X |
Microsoft DLL Verifier |
winavguard.exe |
Added by the SDBOT.AAD WORM! |
| X |
Microsoft DLLSet32 |
dllset32.exe |
Added by the RBOT.OZ WORM! |
| X |
Microsoft DNS Query |
msdns.exe |
Added by a variant of the WOOTBOT WORM! |
| X |
Microsoft DNSx |
mdnex.exe |
Added by the DELBOT-AI WORM! |
| X |
Microsoft Document |
krisp.exe |
Added by the SDBOT-RQ WORM! |
| X |
Microsoft Domain Controller |
mstc.exe |
Added by the NUGACHE.A WORM! |
| X |
Microsoft Driver |
faet.exe |
Added by a variant of the RBOT WORM! |
| X |
Microsoft Driver Control |
windrv.exe |
Added by the SDBOT.FW WORM! |
| X |
Microsoft Driver Manager |
mswindrv.exe |
Added by the FORBOT-EZ WORM! |
| X |
Microsoft driver update |
Mshome.exe |
Added by the SDBOT.BL WORM! |
| X |
Microsoft Drivers |
WSconf.exe |
Added by a variant of the SDBOT WORM! |
| X |
Microsoft ErgoPack |
wserb32.exe |
Added
by the RBOT-RI WORM! |
| X |
Microsoft EV32 Service |
MSev32.exe |
Added by a variant of the RBOT WORM! |
| X |
Microsoft Event Engine |
EvtEngn.exe |
Added
by the RBOT-XV WORM! |
| X |
Microsoft Excel |
msexcel.exe |
Added
by the RBOT-TQ WORM! |
| X |
Microsoft Excell |
wuamngr32.exe |
Added
by the RBOT-QH WORM! |
| X |
Microsoft Executing |
microsoft.exe |
Added by the AGOBOT.UV WORM! |
| X |
Microsoft Explorer |
explorer.pif |
Added by the SDBOT-ACX WORM! |
| X |
Microsoft Explorer |
explorer.scr |
Added by the RBOT-ADH WORM! |
| X |
Microsoft Explorer |
svapache.exe |
Added
by the RBOT-VR WORM! |
| X |
Microsoft explorer Update |
internal.exe |
Added by an unidentified WORM or
TROJAN! |
| X |
Microsoft Explorer2 |
bitchbot.exe |
Added by the SDBOT.EV WORM! |
| X |
Microsoft Explorer2 |
nome.exe |
Added by the RANDEX.AA WORM! |
| X |
Microsoft Explorer2 |
system.exe |
Added by the IRCBOT.BS TROJAN! |
| X |
Microsoft EXPLOREXP Protocol |
explorexp.exe |
Added by a variant of the SPYBOT WORM! |
| X |
Microsoft Features |
ms32cfg.exe |
Added by the RBOT.HO WORM! |
| X |
Microsoft Features |
msie.exe |
Added by a variant of the RBOT WORM! |
| X |
Microsoft File Demand Manager |
wmgrdf.exe |
Added by a variant of the RBOT WORM! |
| X |
Microsoft Find Fast |
Findfast.exe |
Complete utter waste of space!
Part of MS Office - searches disk drives for Office file types and creates an
index to make opening them easier |
| X |
Microsoft Firewall |
firewallsp2.exe |
Added
by the RBOT-MC WORM! |
| Y |
MICROSOFT FIREWALL CLIENT |
ISATRAY.EXE |
MS
Internet Security and Acceleration Server - see here |
| X |
Microsoft FixUp |
pevblbvr.exe |
Added by the RBOT.DWK WORM! |
| X |
Microsoft FixUp |
wnpzjpuw.exe |
Added by a
variant of the SDBOT WORM! |
| X |
Microsoft Games |
gamemanager.exe |
Added by the SPYBOT.AHQ WORM! |
| X |
Microsoft Generic Update Manager |
wupdate.exe |
Added by the RBOT-AWC TROJAN! |
| X |
Microsoft Genetic Procress |
svchost.exe |
Added by a
variant of the SDBOT WORM! |
| X |
Microsoft Gina V Encryption |
MSGINAV.EXE |
Added by an unidentified VIRUS,
WORM or TROJAN! |
| N |
Microsoft Greetings Reminders |
MHPRMIND.EXE |
Microsoft Home Publishing
greetings reminder |
| N |
Microsoft Greetings Workshop
Reminder |
Gwremind.exe |
You really want to be reminded
about somebody's birthday at the expense of resources? |
| N |
Microsoft Greetings
Reminder |
MHPRMINF.EXE |
You really want to be reminded
about somebody's birthday at the expense of resources? |
| X |
Microsoft Help |
svh0st.exe |
Added by a variant of the SPYBOT WORM! |
| X |
Microsoft Help Support |
mshelp32.exe |
Addded by the KELVIR-BF WORM! |
| X |
Microsoft Help SVC |
msnmngr.exe |
Added by the SDBOT-PQ WORM! |
| X |
Microsoft Help System |
mshelp32.exe |
CoolWebSearch
parasite variant |
| X |
Microsoft Host Protocol |
svhost.exe |
Added by a variant of the RBOT WORM! |
| X |
Microsoft Hosting Service |
WINHOSTING.EXE |
Added by the RBOT.AEV WORM! |
| X |
Microsoft Hosts Service |
Isass.exe |
Added by a variant of the RBOT WORM! |
| U |
microsoft hotmail monitor |
mshotmon.exe |
Added by the MYTOB-FL WORM! |
| X |
Microsoft Hyptertext Helper |
mshtha.exe |
Added by a variant of the SPYBOT WORM! |
| X |
Microsoft IDCN |
mshe1p.exe |
Added by an unidentified TROJAN! |
| X |
Microsoft IE |
Iexplore.exe |
Added by the FORBOT-AG WORM!
Note - this is not the legitimate Internet Explorer iexplore.exe process
which is always located in the Program FilesInternet Explorer folder and
should not normally figure in Msconfig/Startup! This file is located in the
System (9x/Me) or System32 (NT/2K/XP) folder |
| X |
Microsoft IE Execute shell |
IEExec.exe |
Added by the ALADINZ.N TROJAN! |
| X |
MicroSoft IE Sasser |
ISASS.EXE |
Added by the SDBOT.MX WORM! |
| X |
Microsoft IIS |
[filename] |
Added by the FRANCETTE-S WORM! |
| X |
Microsoft IIS |
syshost.exe |
Added by the FRANCETTE WORM! |
| X |
Microsoft Inc. |
iexplorer.exe |
Added by a variant of the LOVGATE WORM! |
| X |
Microsoft Incroporate |
mfs.exe |
Added by the RBOT-ANF WORM! |
| X |
Microsoft Inet Xp.. |
teekids.exe |
Added by the BLASTER.C WORM! |
| X |
Microsoft Installshield |
nundll32.exe |
Added by the AGOBOT-AHZ WORM! |
| X |
Microsoft Instant Messenger |
msngmsngr32.exe |
Added by the SPYBOTER.GEN TROJAN! |
| X |
Microsoft Int Service |
MsIntSrv.exe |
Added by a variant of the RBOT WORM! |
| U |
Microsoft Intellitype Pro |
speedkey.exe |
Additional keyboard shortcuts on
MS programmable keyboard |
| X |
Microsoft Internal AntiVirus
Systems |
dIlhost.exe |
Added by the RBOT-AEV WORM! |
| X |
Microsoft Internet |
expl0rer.exe |
Added by a variant of the SPYBOT WORM! |
| X |
Microsoft Internet |
wincfg16.exe |
Added by a
variant of the SDBOT WORM! |
| X |
Microsoft Internet |
windows32.exe |
Added
by the SDBOT-F WORM! |
| X |
Microsoft Internet Acceleration
Utility |
[path to file] |
Added by the AGENT-CX TROJAN! |
| X |
Microsoft Internet Acceleration
Utility |
[path to trojan] |
Added by the SMUTSRCH-A TROJAN! |
| X |
Microsoft Internet Acceleration
Utility |
iau.exe |
EasySearch adware |
| X |
Microsoft Internet Exp |
iiexplorer.exe |
Added
by the RBOT-KX WORM! |
| X |
Microsoft Internet Explorer |
crsys32.exe |
Added by the RBOT.UZ WORM! |
| X |
Microsoft Internet Explorer |
iexplore.exe |
Added by the POEBOT-J WORM! Note
- this is not the legitimate Internet Explorer iexplore.exe process which is
always located in the Program FilesInternet Explorer folder and should not
normally figure in Msconfig/Startup! This file is located in the System
(9x/Me) or System32 (NT/2K/XP) folder |
| X |
Microsoft Internet Explorer |
iexplorer.exe |
Added
by the SDBOT-XN WORM! |
| X |
Microsoft Internet Explorer |
lEXPLORE.EXE |
Added by the RBOT-AMM WORM! |
| X |
Microsoft Internet Explorer |
mccagent.exe |
Added by the DLOADER-UD TROJAN! |
| X |
Microsoft Internet Explorer |
movies.exe |
Added by the BANCOS-DZ TROJAN! |
| X |
Microsoft Internet Explorer |
svchost.exe |
Added by the IRCBOT-AK TROJAN!
Note - this is not the legitimate svchost.exe process which is always located
in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is located in a "drivers"
subfolder |
| X |
Microsoft Internet Explorer |
svzhost.exe |
Added by a variant of the RBOT WORM! |
| X |
Microsoft Internet Explorer |
sysini.exe |
Added by the DELF-LN TROJAN! |
| X |
Microsoft Internet Firewall
Manager |
GMT16.exe |
Added by the RANDEX.AT WORM! |
| X |
Microsoft Internet Services |
Smss32.exe |
Added by the RBOT.MS WORM! |
| X |
Microsoft Intrenet Explorer |
cnsg.pif |
Added by the RBOT-ARO WORM! |
| X |
Microsoft Intrenet Explorer |
goaw.pif |
Added by the RBOT-API WORM! |
| X |
Microsoft Intrenet Explorer |
Soundsyst.exe |
Added by the RBOT-AQU WORM! |
| X |
Microsoft Intrenet Explorer |
wcumrg.exe |
Added by the SDBOT-AFD WORM! |
| X |
Microsoft IPC |
svshost.exe |
Added by an unidentified VIRUS,
WORM or TROJAN! |
| X |
Microsoft IPC |
system.exe |
Added by the NULLBOT TROJAN! |
| X |
Microsoft IT Update |
[random filename] |
Added by a variant of the RBOT WORM! |
| X |
Microsoft IT Update |
IEserv.exe |
Added by a variant of the RBOT WORM! |
| X |
Microsoft IT Update |
msupdate.exe |
Added by a variant of the RBOT WORM! |
| X |
Microsoft IT Update |
svchsst.exe |
Added
by the RBOT-DH WORM! |
| X |
Microsoft IT Update |
win43.exe |
Added
by the RBOT-SA WORM! |
| X |
Microsoft IT Update |
win64.exe |
Added by the RBOT.GA WORM! |
| X |
Microsoft IT Update |
windows.exe |
Added
by the RBOT-GL WORM! |
| X |
Microsoft IT Update |
winn43.exe |
Added by a variant of the RBOT WORM! |
| X |
Microsoft IT Update |
winsyst32.exe |
Added
by the RBOT-FC WORM! |
| X |
Microsoft Java Virtual Machine |
javavm.exe |
Added by a variant of the RBOT WORM! |
| X |
Microsoft Java Virtual Machine |
MsConfiG.exe |
Added by the FORBOT-DV WORM! |
| X |
Microsoft Java Virtual Machine |
msjvm.exe |
Added by a
variant of the SDBOT WORM! |
| X |
Microsoft Java Virtual Machine |
winscr32.exe |
Added by a variant of the WOOTBOT WORM! |
| X |
Microsoft Java Windows Update |
[filename] |
Added
by the RBOT-DZ WORM! |
| X |
Microsoft JavaVM |
msjarun.exe |
Added
by the RBOT-JW WORM! |
| X |
Microsoft Kernel |
Windows_kernel32.exe |
Added by the NETSKY.AE WORM! |
| X |
Microsoft LAN32 Protocol |
lanXp.exe |
Added
by the RBOT-SS WORM! |
| X |
Microsoft Lmhosting Service |
lmhosts.exe |
Added
by the RBOT-RC WORM! |
| X |
Microsoft Locals 332 |
[random filename] |
Added
by the RBOT-KU WORM! |
| X |
Microsoft Login |
winlogin.exe |
Added by the RBOT-AJP WORM! |
| X |
Microsoft LSA layer |
MSLSA32.exe |
Added by the RBOT-AKZ WORM! |
| X |
Microsoft Lsass Center |
Isass.exe |
Added by a
variant of the SDBOT WORM! |
| X |
Microsoft Lsass Center |
telecomes.exe |
Added by a variant of the RBOT WORM! |
| X |
Microsoft LSASS386 Protocol |
scvhost32.exe |
Added by a variant of the SPYBOT WORM! |
| X |
Microsoft LV |
[path to file] |
Added by the BDL TROJAN! |
| X |
Microsoft Machine |
winjava.exe |
Added by a variant of the AGOBOT/GAOBOT WORM! |
| X |
Microsoft Machine Script |
iexplorersis.exe |
Added by the RBOT-CMH WORM! |
| X |
Microsoft Macro Protection
SubSsy |
msacroprots386.exe |
Added by the RBOT-KE WORM! |
| X |
Microsoft Macro Protection
Subsystems |
Msmacroprot32.exe |
Added by the RBOT.KN WORM! |
| X |
Microsoft Macro Protection
Subsystems |
msmacroprotxz.exe |
Added by a variant of the SPYBOT WORM! |
| X |
Microsoft Management |
lmas.exe |
Added by the FORBOT-CZ WORM! |
| X |
Microsoft Management Console |
[path to trojan] |
Added by the SMUTSRCH-A TROJAN! |
| X |
Microsoft Management Console |
lssas.exe |
EasySearch adware |
| X |
Microsoft Management Console |
lssas1.exe |
Added by the DLOADR-AWD TROJAN! |
| X |
Microsoft Manager |
msmanager.exe |
Added by the MYTOB.LF WORM! |
| X |
Microsoft Map PC |
mappc.exe |
Added by a variant of the RBOT WORM! |
| X |
Microsoft Mapped PC |
mappedpc.exe |
Added by a variant of the RBOT WORM! |
| X |
Microsoft media |
winmplayers.exe |
Added by a variant of the SPYBOT WORM! |
| X |
Microsoft Media player 9 |
msmedia32.exe |
Added by the RBOT-ADO WORM! |
| X |
Microsoft media services |
Iassd.exe |
Added by a variant of the AGOBOT/GAOBOT WORM! |
| X |
Microsoft media services |
winmplayer.exe |
Added by the RBOT.ZO WORM! |
| X |
Microsoft MediaScope |
winmes.exe |
Added
by the RBOT-XU WORM! |
| X |
Microsoft Message Machine |
msmesg32.exe |
Added by the SPYBOT.BI WORM! |
| X |
Microsoft Messenger Management
Controls |
msmgmctl.exe |
Added by the RBOT-APA WORM! |
| X |
Microsoft Messenger Service |
msmsg32.exe |
Added by the RBOT.BOK WORM! |
| X |
Microsoft Messenger XP |
MSMSN32.exe |
Added
by the RBOT-ZP WORM! |
| X |
Microsoft MicroP Protocol |
wdgmr32.exe |
Added by a variant of the RBOT WORM! |
| X |
Microsoft Movie Maker |
Mmaker.exe |
Added by the IRCBOT.C TROJAN! Note that this is not a valid
Microsoft program |
| X |
Microsoft MSGPLUS32 Protocol |
msgplus32.exe |
Added by a variant of the SPYBOT WORM! |
| X |
Microsoft MSNGR32 Protocol |
msngr32.exe |
Added by a variant of the SPYBOT WORM! |
| X |
Microsoft msnseru |
msnseru.exe |
Added by the RBOT-APB WORM! |
| X |
Microsoft MsnST |
msnst32.exe |
Added by a variant of the RBOT WORM! |
| X |
Microsoft MSUPDATE |
SpoolSvc.exe |
Added
by the SXTB-A TROJAN! |
| X |
Microsoft Neser Experience |
nese.exe |
Added
by the RBOT-YH WORM! |
| X |
Microsoft NetMeeting Associates,
Inc. |
NetMeeting.exe |
Added by a variant of the LOVGATE WORM! |
| X |
Microsoft Netview |
gesfm32.exe |
Added by the RANDEX.C WORM! |
| X |
Microsoft Netview |
mssvc32.exe |
Added by an unidentified VIRUS,
WORM or TROJAN! |
| X |
Microsoft Netview Component v5.1 |
msnv32.exe |
Added by the RANDEX.F WORM! |
| X |
Microsoft Network |
msnet.exe |
Added by the MOCKBOT.A WORM! |
| X |
Microsoft Network |
Networksystem.exe |
Added by the SDBOT-AAI WORM! |
| X |
Microsoft Network Daemon for
Win32 |
Netd32.exe |
Added by the SDBOT.R TROJAN! |
| X |
Microsoft Network Host |
svc0host.exe |
Added by the SDBOT-AEN WORM! |
| X |
Microsoft Network Services
Controller |
mmsvc32.exe |
Added
by the NANPY-A WORM! |
| X |
Microsoft Networking Agent For
SP2 |
msnac32.exe |
Added by the SPYBOT.PEN WORM! |
| X |
Microsoft Nod32 Service |
nood32.exe |
Added by the RBOT.EJP WORM! |
| X |
Microsoft NotePad |
notepad.exe |
Added by a variant of the RBOT WORM! |
| X |
Microsoft NT Drivers |
ntdrv.exe |
Added by the SDBOT.AJN TROJAN! |
| X |
Microsoft NT Update |
winexec32.exe |
Added by a variant of the RBOT WORM! |
| X |
Microsoft Nvidia Video |
nvidia.exe |
Added by a
variant of the SDBOT WORM! |
| X |
Microsoft Office |
lserv.exe |
Added by the SDBOT.MH WORM! |
| X |
Microsoft Office |
Microsoft Office.hta |
HTA file which creates an
executable on the hard drive which subsequently proceeds to download files
from a malware site! |
| X |
Microsoft Office |
microsoft.exe |
Added by the BANKER-VF TROJAN! |
| X |
Microsoft Office |
MSMSGR.exe |
Added by the GAOBOT.BB WORM! |
| X |
Microsoft Office |
msmsgr.exe |
Added by the GAOBOT.BB WORM! |
| X |
Microsoft Office |
msoff.exe |
Added by the RAKER-C TROJAN! |
| N |
Microsoft Office |
Msoffice.exe |
Alternative shortcuts to the
Start -> Programs way of running applications installed as part of MS
Office. Some people prefer it but a better way is to create Desktop Shortcuts
if you want access these programs quickly |
| X |
Microsoft Office |
msoffice32.exe |
Added by a variant of the RBOT WORM! |
| X |
Microsoft Office |
msoicons.exe |
Added by the RBOT-ZI WORM! -
NOTE - do no confuse with the legitimate Msoicons.exe file described here.
The latter wil not be listed among your startups! |
| X |
Microsoft Office |
msvcp.exe |
Added by the AGENT-XK TROJAN! |
| X |
Microsoft Office |
Nxcao.exe |
Added
by the RBOT-ZE WORM! |
| X |
Microsoft Office |
nxcxtpr.exe |
Added
by the RBOT-YG WORM! |
| N |
Microsoft Office |
Osa.exe |
Application which launches
common MS Office components to help speed up the launch of Office programs.
It's somewhat of a resource hog, and some users claim there's no difference
with or without it but it usually isn't required. Note - if you make use of
the Microsoft Office Shortcut Bar outside an office program this application
will need to be enabled for it to show |
| N |
Microsoft Office |
Osa9.exe |
Application which launches
common MS Office components to help speed up the launch of Office programs.
It's somewhat of a resource hog, and some users claim there's no difference
with or without it but it usually isn't required. Note - if you make use of
the Microsoft Office Shortcut Bar outside an office program this application
will need to be enabled for it to show |
| X |
Microsoft Office |
svxhost.exe |
Added by a variant of the RBOT WORM! |
| N |
Microsoft Office Fast Cache |
Fastboot.exe |
Part of MS Office 95 (v7.0). According to this it improves
the performance. Most likely a predecessor of MS Find Fast and can be
disabled |
| X |
Microsoft Office Monitor |
alg2k.exe |
Added by the SDBOT-CZO WORM! |
| X |
Microsoft Office Monitor |
aql32.exe |
Added by the RBOT-GCY TROJAN! |
| U |
Microsoft Office OneNote 2003
Quick Launch |
ONENOTEM.EXE |
ONENOTEM.EXE is a part of the
note taking program that ships with Microsoft Office 2003. It's required for
the side note windows to work |
| X |
Microsoft Office Quick Launcher |
iau1.exe |
Added by the DLOADR-AWD TROJAN! |
| N |
Microsoft Office Shortcut Bar |
Msoffice.exe |
Alternative shortcuts to the
Start -> Programs way of running applications installed as part of MS
Office. Some people prefer it but a better way is to create Desktop Shortcuts
if you want access these programs quickly |
| X |
Microsoft Office Start |
winupdates.exe |
Added by the GAOBOT.BC WORM! |
| N |
Microsoft Office Startup |
Osa.exe |
Application which launches
common MS Office components to help speed up the launch of Office programs.
It's somewhat of a resource hog, and some users claim there's no difference
with or without it but it usually isn't required. Note - if you make use of
the Microsoft Office Shortcut Bar outside an office program this application
will need to be enabled for it to show |
| N |
Microsoft Office Startup |
Osa9.exe |
Application which launches
common MS Office components to help speed up the launch of Office programs.
It's somewhat of a resource hog, and some users claim there's no difference
with or without it but it usually isn't required. Note - if you make use of
the Microsoft Office Shortcut Bar outside an office program this application
will need to be enabled for it to show |
| X |
Microsoft Office Studio |
scvhvst.exe |
Added by the RANDEX.CST WORM! |
| X |
Microsoft OfficeXP |
officeXP.exe |
Added by the KILLAV.MA WORM! |
| X |
Microsoft Opeions |
IEXwe.exe |
Added by a variant of the RBOT WORM! |
| X |
Microsoft Outlook Express
Protocol |
svchst.exe |
Added by a variant of the RBOT WORM! |
| X |
Microsoft Patch Update |
bootini.exe |
Added by the RBOT-FMN WORM! |
| X |
Microsoft PC Health Remote
Assistance File Open & Save controls |
sfrcdlg32.exe |
Added by the RBOT-AVY WORM! |
| X |
Microsoft PCHealth32 |
[path to file] |
Added
by the NICE-A TROJAN! |
| X |
Microsoft PCHealth32 |
NDDENB.exe |
Added by the PWSYAHOO-A TROJAN! |
| X |
Microsoft PCI Manager |
mspci.exe |
Added by a
variant of the SDBOT WORM! |
| X |
Microsoft Personal Firewalls |
bakw.exe |
Added
by the RBOT-KS WORM! |
| X |
Microsoft Proc Driver32 |
msprc.exe |
Added by a variant of the WOOTBOT WORM! |
| X |
Microsoft Procedure Call |
MSPCALL.exe |
Added by a variant of the RBOT WORM! |
| X |
Microsoft PSTCP32 Data |
pstcp32.exe |
Added by a variant of the RBOT WORM! |
| X |
Microsoft QMGR |
msnqmgr.exe |
Added by the IRCBOT-S TROJAN! |
| X |
Microsoft RDLL |
sysconf32.exe |
Added by a variant of the SDBOT TROJAN! |
| X |
Microsoft Redirect |
[path to file] |
Added by the BANKER-FW TROJAN! |
| X |
Microsoft Redirect |
systen.exe |
Added by the BANCOS-FO TROJAN! |
| X |
Microsoft Registro |
svchostt.exe |
Added by the BANCOS-DH TROJAN! |
| X |
Microsoft Registry |
csrse.exe |
Added
by the RBOT-PC WORM! |
| X |
MicroSoft Remote Secure Service |
MSRSS.exe |
Added by a variant of the RBOT WORM! |
| X |
Microsoft Restore |
scrgrd.exe |
Added by the SPYBOT.BR WORM! |
| X |
Microsoft Rundll |
windos.exe |
Added
by the SDBOT-WF WORM! |
| X |
Microsoft Runtime |
CfgDll32.exe |
Added by the RANDEX.BD WORM! |
| X |
Microsoft Scanreg |
microsoftscanreg.exe |
Added by the FRANRIV.A WORM! |
| X |
Microsoft SCVHOST32 Protocol |
scvhost32.exe |
Added by a variant of the RBOT WORM! |
| X |
Microsoft sddcE Contol |
taskmnegr.exe |
Added by the RBOT-AUM WORM! |
| X |
Microsoft sdk temp |
sdktemp.exe |
Added by the RBOT-ANP WORM! |
| X |
Microsoft SDKP3 |
mswinsdq.exe |
Added by the RBOT-ARY WORM! |
| X |
Microsoft Secure Messenger.NET
Service |
securitychk.exe |
Added by the SDBOT.VT WORM! |
| X |
Microsoft Security |
winService.exe |
Added by a variant of the RBOT WORM! |
| X |
Microsoft Security Center |
savservices.exe |
Added by the RBOT-ANU WORM! |
| X |
Microsoft Security Center |
wcsntfy.exe |
Added by the SDBOT.BYD WORM! |
| X |
Microsoft Security Controlers |
fxsecues.exe |
Added by a
variant of the SDBOT WORM! |
| X |
Microsoft Security GManagers |
[random filename] |
Added by a
variant of the SDBOT WORM! |
| X |
Microsoft Security Hot Fix
Update |
mshotfix.exe |
Affilred adware |
| X |
Microsoft Security Management |
bling.exe |
Added by the RBOT.XL WORM! |
| X |
Microsoft Security Management |
sp2fix.exe |
Added by the RBOT.UB WORM! |
| X |
Microsoft Security Management |
winamp.exe |
Added by a variant of the RBOT
WORM! Note - this is NOT the popular Winamp media player which resides in a
"Winamp" subdirectory of the Program Files directory |
| X |
Microsoft Security Management |
winnt.exe |
Added
by the RBOT-MQ WORM! |
| X |
Microsoft Security Management |
winserv.exe |
Added
by the RBOT-MJ WORM! |
| X |
Microsoft Security Management |
wuauct1.exe |
Added by a variant of the RBOT WORM! |
| X |
Microsoft Security Manager |
winamp.exe |
Added by the RBOT WORM! Note -
this is NOT the popular Winamp media player which resides in a
"Winamp" subdirectory of the Program Files directory. This file is
located in the System (9x/Me) or System32 (NT/2K/XP) folder |
| X |
Microsoft Security Monitor
Process |
mnsmp.exe |
Added by the RBOT-FUB WORM! |
| X |
Microsoft Security Monitor
Process |
msmp.exe |
Added by a variant of the RBOT-FUB WORM! |
| X |
Microsoft Security Monitor
Process |
mssmp.exe |
Added by the RBOT-FUB WORM! |
| X |
Microsoft Security Panager |
[filename] |
Added by the RBOT-ANL WORM! |
| X |
Microsoft Security Panagers |
[random filename] |
Added by the RBOT-AIG WORM! |
| X |
Microsoft Security Panagers |
zzoboony.exe |
Added by the RBOT-AOI WORM! |
| X |
Microsoft Security Process |
wininit.exe |
Added by the RBOT-FKM WORM! |
| X |
Microsoft Server |
rserv.exe |
Added by the AGOBOT.AVS WORM! |
| X |
Microsoft Server Applacations |
cli.exe |
Added by the RBOT-GAQ WORM! |
| X |
Microsoft Server Applacations |
lsasss.exe |
Added by the RBOT-AQQ WORM! |
| X |
Microsoft Server Applacations |
msnmsg.exe |
Added by a variant of the RBOT WORM! |
| X |
Microsoft Server Applacations |
Q8See.exe |
Added
by the SPYBOT.GEN3 TROJAN! |
| X |
Microsoft Server Applacations |
wuauct1.exe |
Added by a variant of the RBOT WORM! |
| X |
Microsoft Server Application |
Sound.exe |
Added
by the RBOT-NE WORM! |
| X |
microsoft server base |
lass.exe |
Added by a variant of the RBOT WORM! |
| X |
Microsoft Service |
microhost.exe |
Added
by the RBOT-LC WORM! |
| X |
Microsoft Service |
rundll.exe |
Added by the POPO-A WORM! Note -
this is NOT the Windows system file of the same name as described here |
| X |
Microsoft Service |
winsvc.exe |
Added by the SPYBOT-DB WORM! |
| X |
Microsoft Service Controller |
services.exe |
Added by the KALEL-D WORM! Note
- this is not the legitimate services.exe process, which should not appear in
Msconfig/Startup! |
| X |
Microsoft Service Drivers |
System.exe |
Added by a variant of the RBOT WORM! |
| X |
Microsoft Service Drivers |
VSADNIM.exe |
Added by a variant of the RBOT WORM! |
| X |
Microsoft Service Host Process |
svchost.exe |
Added by the KRYNOS.B WORM! Note
- this is not the legitimate svchost.exe process which is always located in
the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is located in a "Help" subfolder
of the Winnt or Windows folder |
| X |
Microsoft Service Pack |
WindowsSP.exe |
Added
by the RBOT-RF WORM! |
| X |
Microsoft Service Pack2.1 |
svchost2.exe |
Added by a variant of the RBOT WORM! |
| X |
Microsoft Services |
bsc32.exe |
Added by the BDOOR-AW TROJAN! |
| X |
Microsoft Services |
lsrv.exe |
Added
by the RBOT-BK WORM! |
| X |
Microsoft Services |
lsserv.exe |
Added by an unidentified VIRUS,
WORM or TROJAN! |
| X |
Microsoft Services |
lssrv.exe |
Added by the RBOT.CW WORM! |
| X |
Microsoft Services |
module.exe |
Added by
the LAVITS WORM! |
| X |
Microsoft Services |
services.exe |
Added by the ALETS TROJAN! Note
- this is not the legitimate services.exe process which is always located in
the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is located in the Windows or Winnt
folder |
| X |
Microsoft Services |
Smss32.exe |
Added
by the RBOT-AD WORM! |
| X |
Microsoft Services |
svshost.exe |
Added by the ALETS.B TROJAN! |
| X |
Microsoft Services |
svssshost.exe |
Added by a variant of the RBOT WORM! |
| X |
Microsoft Services Unitd |
MSU32.exe |
Added by a variant of the RBOT WORM! |
| X |
Microsoft Servicez Manager |
servicemgrz.exe |
Added by the RBOT-ASN WORM! |
| X |
Microsoft Session Manager
Subsystem |
smss.exe |
Added by the KALEL-D WORM! Note
- this is not the legitimate smss.exe process which should NOT appear in
Msconfig/Startup! |
| N |
Microsoft Sidewinder Game
Controller Software |
SWTRAY.EXE |
MS SideWinder game controller
system tray icon. Available via Start -> Programs |
| X |
Microsoft Sinsup |
odjiwjf.exe |
Added
by the RBOT-DN WORM! |
| X |
microsoft software |
****.exe E255 [* = random char] |
Added by an unidentified WORM or
TROJAN! |
| X |
Microsoft software |
cdaccess.exe |
Added by the RBOT.ABK WORM! |
| X |
Microsoft Software |
sysinfo33.exe |
Added by the RBOT.LS WORM! |
| X |
Microsoft Software Update |
nmon.exe |
Added by the RBOT.HZ WORM! |
| X |
Microsoft Sound Driver |
sound32.exe |
Added by a variant of the SPYBOT WORM! |
| X |
Microsoft Sound Technology |
winsound.exe |
Added by the RBOT-AGG WORM! |
| N |
Microsoft Sound Volume Tool |
mssvol.exe |
This is a Blue version of the
yellow speaker icon on the system tray and is used to edit advanced Sound
Features that the MS DSS80 Speakers add. Should be accessible via Start ->
Settings -> Control Panel |
| X |
Microsoft Sounds |
soundman.exe |
Added by the RBOT-GCI WORM! |
| X |
Microsoft SourceSafe |
csrss.exe |
Added by the WEBUS TROJAN! Note
- this is not the legitimate csrss.exe process, which should not appear in
Msconfig/Startup! |
| X |
Microsoft SpA Service |
msapps.exe |
Added
by the RBOT-VI WORM! |
| X |
Microsoft SpA Service |
win32.exe |
Added by the RBOT.ATS WORM! |
| X |
Microsoft SpA Service |
Winupd32.exe |
Added by the RBOT.LT WORM! |
| X |
Microsoft Special offer |
infoebay.exe |
Added by a variant of the RBOT WORM! |
| X |
Microsoft Spool Server for Win32 |
spoolsrv.exe |
Added by the RANDEX.H WORM! |
| X |
Microsoft SSISVRI32 Protocol |
ssisvri.exe |
Added by a variant of the SPYBOT WORM! |
| X |
Microsoft Standard Executions
Library |
win32lib.exe |
Added by the RBOT-AUK WORM! |
| X |
Microsoft standard protector |
[path to trojan] |
Added
by the STOX-C TROJAN! |
| X |
Microsoft standard protector |
winsocks5.exe |
Added by the SMALL.CF TROJAN! |
| X |
Microsoft Sum32 |
sum32.exe |
Added
by the RBOT-YW WORM! |
| X |
microsoft support |
svchostt.exe |
Added by the AGOBOT.AWN WORM! |
| X |
Microsoft Support |
sys32ms.exe |
Added by the RBOT-AHI WORM! |
| X |
Microsoft Svchost local services |
nzm23.exe |
Added by the RBOT-GMC WORM! |
| X |
Microsoft Svchost local services |
winoem.exe |
Added by the RBOT-FPE |
| X |
Microsoft Svchost local services |
winoem.exe |
Added by the RBOT-FPE WORM! |
| X |
Microsoft Synchronization
Manager |
___synmgr.exe |
Added by the MASLAN.A or
MASLAN.C WORMS! |
| X |
Microsoft Synchronization
Manager |
al.exe |
Added by the OPTXPRO.132 TROJAN! |
| X |
Microsoft Synchronization
Manager |
asgard.exe |
Added by the SDBOT-AEA WORM! Note - the legitimate Windows
Explorer (explorer.exe) is located in the Windows or Winnt folder and would
not normally appear in Msconfig/Startup unless you added it manually! This
one is located in the System (9x/Me) or System32 (NT/2K/XP) folder |
| X |
Microsoft Synchronization
Manager |
bot.exe |
Added by the SDBOT.IH WORM! |
| X |
Microsoft Synchronization
Manager |
devldr32.exe |
Added by a variant of the RBOT
WORM! Note - do not confuse with the legitimate Creative Labs devldr32.exe
file |
| X |
Microsoft Synchronization
Manager |
explorer.exe |
Added by the SDBOT-AEA WORM! Note - the legitimate Windows
Explorer (explorer.exe) is located in the Windows or Winnt folder and would
only be in startups if you added it manually. This one is located in the
System (9x/Me) or System32 (NT/2K/XP) folder |
| X |
Microsoft Synchronization
Manager |
firewire.exe |
Added by the SDBOT-AFC WORM! |
| X |
Microsoft Synchronization
Manager |
java.exe |
Added by a
variant of the SDBOT WORM! |
| X |
Microsoft Synchronization
Manager |
netscape.exe |
Added by the RANDEX.AE WORM! |
| X |
Microsoft Synchronization
Manager |
screen.exe |
Added by the SDBOT-ACO WORM! |
| X |
Microsoft Synchronization
Manager |
slhost.exe |
Added by the SDBOT.YH WORM! |
| X |
Microsoft Synchronization
Manager |
svchosts.exe |
Added
by the SDBOT-LM WORM! |
| X |
Microsoft Synchronization
Manager |
svhost.exe |
Added by the SDBOT-PY WORM! |
| X |
Microsoft Synchronization
Manager |
svxhost.exe |
Added by the SDBOT-ZU WORM! |
| X |
Microsoft Synchronization
Manager |
win.exe |
Added by the SDBOT.AK WORM! |
| X |
Microsoft Synchronization
Manager |
wincfg32.exe |
Added by the SDBOT.DO WORM! |
| X |
Microsoft Synchronization
Manager |
WinLoginnn.exe |
Added by the SPYBOT.FO WORM! |
| X |
Microsoft Synchronization
Manager |
winlogon32.exe |
Added by the SDBOT.AEU WORM! |
| X |
Microsoft Synchronization
Manager |
winupdate.exe |
Added by the SDBOT.ER WORM! |
| X |
Microsoft Synchronization
Manager |
wmedia.exe |
Added by the SDBOT.BFC WORM! |
| X |
Microsoft Synchronization
Manager |
xXx.exe |
Added by the SDBOT-KZ WORM! |
| X |
Microsoft System |
mssys32.exe |
Added by the PETTICK.A WORM! |
| X |
Microsoft System |
msupdtm.exe |
Added by the SPYBOT.PKC WORM! |
| X |
Microsoft System |
sys.exe |
Added by the RBOT.AKI WORM! |
| X |
Microsoft System Backup |
[random filename] |
Added by the RBOT-AGM WORM! |
| X |
Microsoft System Checkup |
Cool.exe |
Added by the DONK.B WORM! |
| X |
Microsoft System Checkup |
dbnetlib.exe |
Added by the DONK.L WORM! |
| X |
Microsoft System Checkup |
inetman.exe |
Added by the DONK.O WORM! |
| X |
Microsoft System Checkup |
Keymgr.exe |
Added by the DONK.M WORM! |
| X |
Microsoft System Checkup |
libsys32.exe |
Added by the SDBOT-ACK WORM! |
| X |
Microsoft System Checkup |
libsysmgr.exe |
Added by the SDBOT-CAF WORM! |
| X |
Microsoft System Checkup |
netapi32.exe |
Added
by the DONK-E WORM! |
| X |
Microsoft System Checkup |
ntsysman.exe |
Added by the SDBOT-QW WORM! |
| X |
Microsoft System Checkup |
ntsysmgr.exe |
Added by the DONK.S WORM! |
| X |
Microsoft System Checkup |
sysmgr.exe |
Added by the SDBOT-OO TROJAN! |
| X |
Microsoft System Checkup |
Wnetlib.exe |
Added by the DONK.C WORM! |
| X |
Microsoft System Checkup |
wnetmgr.exe |
Added by the DONK.Q WORM! |
| X |
Microsoft System Debug |
services32.exe |
Added by the RBOT.AKH WORM! |
| X |
Microsoft System DLL Services
Configuration |
windir32.exe |
Added by the SDBOT-ACY TROJAN! |
| X |
Microsoft System File |
svchots.exe |
Added by the RBOT.BYU WORM! |
| X |
Microsoft System Firewall 2006.2 |
msmsgr.exe |
Added by a
variant of the SDBOT WORM! |
| X |
Microsoft System Firewall 2006.2 |
msnmsgr.exe |
Added by a variant of the SDBOT
WORM! Note - this is not the valid MSN Messenger (now Windows Live Messenger)
utility |
| X |
Microsoft System Firewall 2006.2 |
reg32.exe |
Added by a
variant of the SDBOT WORM! |
| X |
Microsoft System Init |
mtmnr0.exe |
Added by the SDBOT.BR TROJAN! |
| X |
Microsoft System NT |
svhost.exe |
Added by the SDBOT.COU WORM! |
| X |
Microsoft System Restore
Configuration |
CBRSS.EXE |
Added by a variant of the SPYBOT WORM! |
| X |
Microsoft System Saver |
[path to worm] |
Added by the RBOT.BSK WORM! |
| X |
Microsoft System Security Agent |
MSTSA.EXE |
Added by the RBOT.CCM WORM! |
| X |
Microsoft System Services |
msmsgr.exe |
Added
by the RBOT-ZH WORM! |
| X |
Microsoft System Services |
msnmgsr.exe |
Added by the KELVIR.K WORM! |
| X |
Microsoft System Update |
sysupdate.exe |
Added by the SDBOT.DG WORM! |
| X |
Microsoft System32 Update |
cmsrg.exe |
Added
by the RBOT-GN WORM! |
| X |
Microsoft Task32 Protocol |
taskmgr32.exe |
Added by a
variant of the SDBOT WORM! |
| X |
Microsoft Taskmanager Updater |
keyboard.exe |
Added by the RBOT-ALU WORM! |
| X |
Microsoft TCP/IP Connection
Monitor |
svchost32.exe |
Added by the RBOT.KS WORM! |
| X |
Microsoft Telecom Center |
tellecom.exe |
Added by a variant of the RBOT WORM! |
| X |
Microsoft Telecoma Center |
tellcoma.exe |
Added by the RBOT-AWX WORM! |
| X |
Microsoft Telecoms Center |
svcchost.exe |
Added by a variant of the RBOT WORM! |
| X |
Microsoft Telecoms Center |
telcoms.exe |
Added by the IRCBOT.GEN WORM! |
| X |
Microsoft Telecoms Center |
winupn.exe |
Added by a
variant of the SDBOT WORM! |
| X |
Microsoft Telecoms Center |
xpfilesys.exe |
Added by the RBOT.BCJ TROJAN! |
| X |
Microsoft Time Manager |
dveldr.exe |
Added
by the RBOT-HQ WORM! |
| X |
MicroSoft Toolbar |
key.exe |
Added by the RBOT-AEW WORM! |
| X |
Microsoft Transfer File Server |
mtfs.exe |
Added by the RBOT.AFE WORM! |
| X |
Microsoft Tray |
[random filename] |
Added by
the DELF.BZ TROJAN! |
| X |
Microsoft TTL Verifier |
msttl.exe |
Added by the RBOT-GAP WORM! |
| X |
Microsoft U |
wuamkopxp.exe |
Added by the RBOT-AHC WORM! |
| X |
Microsoft UMA Update |
MSuma32.exe |
Added by the RBOT.FS WORM! |
| X |
MICROSOFT UNPACCKER SYSTEM |
unpak32.exe |
Added by a variant of the RBOT WORM! |
| X |
MICROSOFT UNPACK SYSTEM |
winrarx.exe |
Added by a variant of the RBOT WORM! |
| X |
Microsoft Updat3 |
mswkst32.exe |
Added by a variant of the RBOT WORM! |
| X |
Microsoft Update |
aaupdt.exe |
Added
by the RBOT-RQ WORM! |
| X |
Microsoft Update |
ascdl.exe |
Added by the GAOBOT.SY WORM! |
| X |
Microsoft Update |
automgr32.exe |
Added by a variant of the RBOT WORM! |
| X |
Microsoft Update |
bling.exe |
Added by the RBOT-AVK WORM! |
| X |
Microsoft Update |
Botnet.exe |
Added by the RBOT.AFL WORM! |
| X |
Microsoft Update |
cmss.exe |
Added by the RBOT-ATQ WORM! |
| X |
Microsoft Update |
devmks32.exe |
Added by a variant of the RBOT WORM! |
| X |
Microsoft Update |
devmks32.exe |
Added by a variant of the RBOT WORM! |
| X |
Microsoft Update |
drive.exe |
Added by the BIFROSE-PN WORM! |
| X |
Microsoft Update |
Isac.exe |
Added
by the RBOT-AU WORM! |
| X |
Microsoft Update |
Kkk.exe |
Added by the RBOT-AHL WORM! |
| X |
Microsoft Update |
lsac.exe |
Added by the GAOBOT.XW WORM! |
| X |
Microsoft Update |
mcupdate.exe |
Added by the RBOT.XT WORM! Note
- this file is located in the WindowsSystem32 or WinntSystem32 folder, and
should not be confused with the McAfee antivirus executable as described here |
| X |
Microsoft Update |
mediap.exe |
Added by a variant of the RBOT WORM! |
| X |
Microsoft Update |
Micr0s0ft.exe |
Added by the AGOBOT.AAR WORM! |
| X |
Microsoft Update |
Microsoft.exe |
Added by the GAOBOT.AFJ WORM! |
| X |
Microsoft Update |
Microsoftx.exe |
Added by a variant of the RBOT WORM! |
| X |
Microsoft Update |
mixer.exe |
Added by the RBOT-AIR WORM! |
| X |
Microsoft Update |
ms.exe |
Added by the SDBOT.CC WORM! |
| X |
Microsoft Update |
msawindows.exe |
Added by the GAOBOT.AFJ WORM! |
| X |
Microsoft Update |
msconfg.exe |
Added by the RBOT.H WORM! |
| X |
Microsoft Update |
msiwin84.exe |
Added by the GAOBOT.AFJ WORM! |
| X |
Microsoft Update |
Mslti32.exe |
Added
by the RBOT-LX WORM! |
| X |
Microsoft Update |
Msnmsngr.exe |
Added by the RBOT.BQS WORM! |
| X |
Microsoft Update |
mssmgrd.exe |
Added by the SDBOT.JT WORM! |
| X |
Microsoft Update |
msupdate.exe |
Added by the BOROBOT-I TROJAN! |
| X |
Microsoft Update |
msupdate32.exe |
Added by a variant of the SPYBOT WORM! |
| X |
Microsoft Update |
msupdate32.exe |
Added by the SPYBOT.LZ WORM! |
| X |
Microsoft Update |
muamgrd.exe |
Added by a variant of the AGOBOT/GAOBOT WORM! |
| X |
Microsoft Update |
Mupdate.exe |
Added
by the RBOT-AG WORM! |
| X |
Microsoft Update |
mvsc.exe |
Added by the SPYBOT.DAZ WORM! |
| X |
Microsoft Update |
NAV.exe |
Added
by the RBOT-IV WORM! |
| X |
Microsoft Update |
navmgrd.exe |
Added by the SDBOT.DP TROJAN! |
| X |
Microsoft Update |
phqghumea.exe |
Added by the SDBOT.AFO WORM! |
| X |
Microsoft Update |
prowind32.exe |
Added by a variant of the AGOBOT/GAOBOT WORM! |
| X |
Microsoft Update |
scvhost.exe |
Added by the RBOT-AEM WORM! |
| X |
Microsoft Update |
sghost.exe |
Added by the SDBOT.AKV WORM! |
| X |
Microsoft Update |
Smss32.exe |
Added
by the RBOT.CB WORM! |
| X |
Microsoft Update |
snlogsvc.exe |
Added by a variant of the RBOT WORM! |
| X |
Microsoft Update |
svghost.exe |
Added by a variant of the RBOT WORM! |
| X |
Microsoft Update |
svhost.exe |
Added
by the RBOT-PI WORM! |
| X |
Microsoft Update |
svzhost.exe |
Added by the RBOT.OX WORM! |
| X |
Microsoft Update |
Sygate.exe |
Added by a
variant of the SDBOT WORM! |
| X |
Microsoft Update |
sys.exe |
Added
by the RBOT-AJ WORM! |
| X |
Microsoft Update |
sys32cfg.exe |
Added by the RBOT.DR WORM! |
| X |
Microsoft Update |
system32.exe |
Added by the RBOT.IS WORM! |
| X |
Microsoft Update |
systemi32.exe |
Added by a variant of the SPYBOT WORM! |
| X |
Microsoft Update |
taskmgr32.exe |
Added
by the RBOT-CV WORM! |
| X |
Microsoft Update |
up2dat5.exe |
Added by a
variant of the SDBOT WORM! |
| X |
Microsoft Update |
update.exe |
Added by a
variant of the SDBOT WORM! |
| X |
Microsoft Update |
update_w.exe |
Added
by the RBOT-EW WORM! |
| X |
Microsoft Update |
VPC32.EXE |
Added by the AGOBOT.XM WORM! |
| X |
Microsoft Update |
wangard.exe |
Added
by the RBOT-LH WORM! |
| X |
Microsoft Update |
wauguard.exe |
Added by the RBOT.AEE WORM! |
| X |
Microsoft Update |
webm.exe |
Added by the SDBOT.WK WORM! |
| X |
Microsoft Update |
win32.exe |
Added by a
variant of the SDBOT WORM! |
| X |
Microsoft Update |
winamp.exe |
Added by a variant of the RBOT
WORM! Note - this is NOT the popular Winamp media player |
| X |
Microsoft Update |
WINDOC.EXE |
Added by the SDBOT.PF WORM! |
| X |
Microsoft Update |
windows24.exe |
Added by a variant of the RBOT WORM! |
| X |
Microsoft Update |
WinDrv32.exe |
Added by the RBOT.EGW WORM! |
| X |
Microsoft Update |
wingrd32.exe |
Added
by the RBOT-DW WORM! |
| X |
Microsoft Update |
wininit.exe |
Added by the RBOT-AKR WORM! |
| X |
Microsoft Update |
win-mang.exe |
Added by the RBOT-AFK WORM! |
| X |
Microsoft Update |
winscv.exe |
Added
by the RBOT-BH WORM! |
| X |
Microsoft Update |
winsys.exe |
Added
by the RBOT-GV WORM! |
| X |
Microsoft Update |
winsys32.exe |
Added by a variant of the RBOT WORM! |
| X |
Microsoft update |
winupdate.exe |
Added by a variant of the RBOT WORM! |
| X |
Microsoft Update |
WinUpdate32.exe |
Added
by the RBOT-TI WORM! |
| X |
Microsoft Update |
winupdater.exe |
Added by the RBOT.BIN WORM! |
| X |
Microsoft Update |
wkfix.exe |
Added
by the RBOT-ABZ WORM! |
| X |
Microsoft Update |
wserv32.exe |
Added by the RBOT.AF WORM! |
| X |
Microsoft Update |
wssvr.exe |
Added
by the RBOT-OD WORM! |
| X |
Microsoft Update |
wtm32.exe |
Added
by the RBOT-AQ WORM! |
| X |
Microsoft Update |
wuagmsd.exe |
Added
by the RBOT-AX WORM! |
| X |
Microsoft Update |
wuagrd.exe |
Added
by the RBOT-FK WORM! |
| X |
Microsoft Update |
wuamagr32.exe |
Added by the SPYBOT.CG WORM! |
| X |
Microsoft Update |
wuamgrb.exe |
Added by the RBOT-AZE WORM! |
| X |
Microsoft Update |
wuamgrd.exe |
Added
by the RBOT-LK WORM! |
| X |
Microsoft Update |
wuamgrd3.exe |
Added by the RBOT-AMC WORM! |
| X |
Microsoft Update |
wuamgrd32.exe |
Added by the RBOT.ZB WORM! |
| X |
Microsoft Update |
wuamk0032.exe |
Added by a variant of the RBOT WORM! |
| X |
Microsoft Update |
wuamk032.exe |
Added by the RBOT-AHD WORM! |
| X |
Microsoft Update |
wuamk0p32.exe |
Added by a variant of the RBOT WORM! |
| X |
Microsoft Update |
wuamkop.exe |
Added by the RBOT-AFI WORM! |
| X |
Microsoft Update |
wuamkop32.exe |
Added by the RBOT.BGU WORM! |
| X |
Microsoft Update |
wuammgr32.exe |
Added
by the RBOT-AW WORM! |
| X |
Microsoft Update |
wuampd.exe |
Added
by the RBOT-UT WORM! |
| X |
Microsoft Update |
wuampkd.exe |
Added by the SDBOT.BBX WORM! |
| X |
Microsoft Update |
Wudates.exe |
Added by a variant of the RBOT WORM! |
| X |
Microsoft Update |
wudmate.exe |
Added by the RBOT.AP WORM! |
| X |
Microsoft Update |
wumgrd.exe |
Added by the SDBOT-KY WORM! |
| X |
Microsoft Update |
xpupdate.exe |
Added
by the RBOT-QE WORM! |
| X |
Microsoft Update 23 |
NtKernelSystem.exe |
Added by a variant of the RBOT WORM! |
| X |
Microsoft Update 23 |
spoolvs.exe |
Added by a variant of the RBOT WORM! |
| X |
Microsoft Update 32 |
[path to file] |
Added by the RBOT-AJJ WORM! |
| X |
Microsoft Update 32 |
explore32.exe |
Added by the SPYBOT.CYM WORM! |
| X |
Microsoft Update 32 |
explorer.exe |
Added by the RBOT-ARF WORM! Note - the legitimate Windows
Explorer (explorer.exe) is located in the Windows or Winnt folder and would
not normally appear in Msconfig/Startup unless you added it manually! This
one is located in the System (9x/Me) or System32 (NT/2K/XP) folder |
| X |
Microsoft Update 32 |
mscnfg.exe |
Added by the RBOT-ALM WORM! |
| X |
Microsoft Update 32 |
mssetup32.exe |
Added by a variant of the RBOT WORM! |
| X |
Microsoft Update 32 |
MSupdate32.exe |
Added by a variant of the SPYBOT WORM! |
| X |
Microsoft Update 32 |
neta.exe |
Added by the RBOT-AMI WORM! |
| X |
Microsoft Update 32 |
network.exe |
Added by the RBOT-ARZ WORM! |
| X |
Microsoft Update 32 |
om4r.exe |
Added by the RBOT-AQP WORM! |
| X |
Microsoft Update 32 |
servic.exe |
Added by the RBOT-AXN WORM! |
| X |
Microsoft Update 32 |
wiit.exe |
Added by the RBOT-AMS WORM! |
| X |
Microsoft Update 32 |
winin.exe |
Added by the RBOT-ARR WORM! |
| X |
Microsoft Update 32 |
wininit.exe |
Added by the RBOT-ANY WORM! |
| X |
Microsoft Update 32 |
wininit32.exe |
Added by a variant of the RBOT WORM! |
| X |
Microsoft Update 32 |
winitXP32.exe |
Added by a variant of the RBOT WORM! |
| X |
Microsoft Update 32 |
wuinit.exe |
Added by the AGOBOT-UE WORM! |
| X |
Microsoft Update 33 |
init.exe |
Added by the RBOT-ATT WORM! |
| X |
Microsoft Update 64 BIT |
schvost.exe |
Added by the RBOT.CAU WORM! |
| X |
Microsoft Update 64 BIT |
wininit32.exe |
Added by the RBOT-AHE WORM! |
| X |
Microsoft Update 64 BIT |
winl32xe.exe |
Added by the RBOT-AQO WORM! |
| X |
Microsoft Update 64 BIT |
winman32.exe |
Added by the RBOT-AKI WORM! |
| X |
MICROSOFT UPDATE CONFIGURATION |
WIN32SNC.EXE |
Added
by the RBOT-AI WORM! |
| X |
Microsoft Update Control |
Ms64.exe |
Added by a variant of the RBOT WORM! |
| X |
Microsoft Update Debugger |
wincfg32.exe |
Added by the SPYBOT.ZC WORM! |
| X |
Microsoft Update Device Drivers |
wuauclt.exe |
Added by a variant of the SDBOT
WORM! Note - this is not the legitimate wuauclt.exe process, which should not
appear in Msconfig/Startup! |
| X |
Microsoft Update DLL |
rxxhost.exe |
Added by a variant of the RBOT WORM! |
| X |
Microsoft Update Drivers |
explorers.exe |
Added by a
variant of the SDBOT WORM! |
| X |
Microsoft Update Emulator |
kern-mxe.exe |
Added by a variant of the RBOT WORM! |
| X |
Microsoft Update Loader |
[random filename] |
Added by a variant of the RBOT WORM! |
| X |
Microsoft Update Loaders 2005 |
winusers.exe |
Added by the RBOT-AIQ WORM! |
| X |
Microsoft Update Loaders 2006 |
winusersystem32.exe |
Added by a variant of the AGOBOT/GAOBOT WORM! |
| X |
Microsoft Update Machine |
[random filename] |
Added by a variant of the RBOT WORM! |
| X |
Microsoft Update Machine |
crss32.exe |
Added by a variant of the RBOT WORM! |
| X |
Microsoft Update Machine |
expl0rer.exe |
Added by the SDBOT.OK WORM! |
| X |
Microsoft Update Machine |
LANWAKE.EXE |
Added
by the RBOT-QZ WORM! |
| X |
Microsoft Update Machine |
linux.exe |
Added
by the RBOT-IM WORM! |
| X |
Microsoft Update Machine |
lmrss.exe |
Added
by the RBOT-DY WORM! |
| X |
Microsoft Update Machine |
lsasse.exe |
Added
by the RBOT-DI WORM! |
| X |
Microsoft Update Machine |
memstat.exe |
Added
by the RBOT-OM WORM! |
| X |
Microsoft Update Machine |
MSOICONS.EXE |
Added by the RBOT.AWS WORM! Note
- do no confuse with the legitimate Msoicons.exe file described here. The
latter should not normally figure in Msconfig/Startup! |
| X |
Microsoft Update Machine |
ntce.exe |
Added
by the RBOT-FA WORM! |
| X |
Microsoft Update Machine |
ntsystem.exe |
Added by the RBOT.GF WORM! |
| X |
Microsoft Update Machine |
qwerty.exe |
Added by a variant of the RBOT WORM! |
| X |
Microsoft Update Machine |
rxhost.exe |
Added by the RBOT.FC WORM! |
| X |
Microsoft Update Machine |
rxxhost.exe |
Added by the RBOT.EP WORM! |
| X |
Microsoft Update Machine |
scvhost.exe |
Added
by the RBOT-GS WORM! |
| X |
Microsoft Update Machine |
servicez.exe |
Added by the SPYBOT.BI WORM! |
| X |
Microsoft Update Machine |
servicz.exe |
Added
by the RBOT-HU WORM! |
| X |
Microsoft Update Machine |
serviz.exe |
Added by a variant of the RBOT WORM! |
| X |
Microsoft Update Machine |
SP2.exe |
Added by the SPYBOT.FP WORM! |
| X |
Microsoft Update Machine |
spoolserv.exe |
Added by a variant of the RBOT WORM! |
| X |
Microsoft Update Machine |
svshost.exe |
Added by the RBOT.AK WORM! |
| X |
Microsoft Update Machine |
system.exe |
Added by a variant of the RBOT WORM! |
| X |
Microsoft Update Machine |
system03.exe |
Added
by the RBOT-NM WORM! |
| X |
Microsoft Update Machine |
systemll.exe |
Added
by the RBOT-JT WORM! |
| X |
Microsoft Update Machine |
Systemnt.exe |
Added by the RBOT.DA WORM! |
| X |
Microsoft Update Machine |
systemse.exe |
Added
by the RBOT-BD WORM! |
| X |
Microsoft Update Machine |
TASKMAN4.EXE |
Added by a variant of the RBOT WORM! |
| X |
Microsoft Update Machine |
taskmngrs.exe |
Added
by the RBOT-CR WORM! |
| X |
Microsoft Update Machine |
TMEMSER.EXE |
Added
by the RBOT-NQ WORM! |
| X |
Microsoft Update Machine |
wftestb.exe |
Added by the RBOT-AFZ WORM! |
| X |
Microsoft Update Machine |
Win32.exe |
Added by the SDBOT.UV WORM! |
| X |
Microsoft Update Machine |
windns.exe |
Added by the RBOT.EF WORM! |
| X |
Microsoft Update Machine |
windowsu.exe |
Added by a variant of the RBOT WORM! |
| X |
Microsoft Update Machine |
windowsup.exe |
Added
by the RBOT-FV WORM! |
| X |
Microsoft Update Machine |
winhost.exe |
Added
by the RBOT-GK WORM! |
| X |
Microsoft Update Machine |
winini.exe |
Added
by the RBOT-KV WORM! |
| X |
Microsoft Update Machine |
wininigo.exe |
Added by a variant of the RBOT WORM! |
| X |
Microsoft Update Machine |
winmgr.exe |
Added by a variant of the RBOT WORM! |
| X |
Microsoft Update Machine |
Winmsixp32.exe |
Added by the RBOT.DN WORM! |
| X |
Microsoft Update Machine |
winnie.exe |
Added
by the RBOT-ACD WORM! |
| X |
Microsoft Update Machine |
winortho.exe |
Added
by the RBOT-NW WORM! |
| X |
Microsoft Update Machine |
Winregs32.exe |
Added by the RBOT.DN WORM! |
| X |
Microsoft Update Machine |
wins32.exe |
Added by the RBOT.EZ WORM! |
| X |
Microsoft Update Machine |
winss.exe |
Added by the RBOT.JU WORM! |
| X |
Microsoft Update Machine |
WINSVC32.EXE |
Added by the RBOT.CU WORM! |
| X |
Microsoft Update Machine |
winupdt.exe |
Added
by the RBOT-FP WORM! |
| X |
Microsoft Update Machine |
winupdte.exe |
Added by the RBOT-GKL WORM! |
| X |
Microsoft Update Machine |
winxpini.exe |
Added
by the RBOT-OB WORM! |
| X |
Microsoft Update Machine |
wuagrd.exe |
Added
by the RBOT-GF WORM! |
| X |
Microsoft Update Machine |
wuamgard.exe |
Added by the SPYBOT.CS WORM! |
| X |
Microsoft Update Machine |
wuamgd.exe |
Added by the SDBOT.HQ WORM! |
| X |
Microsoft Update Machine |
wuamgrd.exe |
Added
by the RBOT-HE WORM! |
| X |
Microsoft Update Machine |
WUAMGRDXS.EXE |
Added
by the RBOT-GL WORM! |
| X |
Microsoft Update Machine |
wuawx.exe |
Added
by the RBOT-CE WORM! |
| X |
Microsoft Update Machine |
wupdate32.exe |
Added by a variant of the RBOT WORM! |
| X |
Microsoft Update Machine |
wupdt32x.exe |
Added by a
variant of the SDBOT WORM! |
| X |
Microsoft Update Machine |
xvshost.exe |
Added by the RBOT.QP WORM! |
| X |
Microsoft Update Machine |
zonealarm.exe |
Added
by the RBOT-BZ WORM! Note - this is not the valid Zone Labs firewall program! |
| X |
Microsoft Update Manager |
scvhost.exe |
Added by the AGOBOT.AXJ WORM! |
| X |
Microsoft Update Manager |
scvideo.exe |
Added by the SDBOT-CVP TROJAN! |
| X |
Microsoft Update Manager |
svshost.exe |
Added by a variant of the RBOT WORM! |
| X |
Microsoft Update Manager |
WINRLS.EXE |
Added
by the RBOT-AF WORM! |
| X |
Microsoft Update Mechene |
Updatez.exe |
Added by the RBOT-GI WORM! |
| X |
Microsoft Update Module |
rundll24.exe |
Added
by the RBOT-PS WORM! |
| X |
Microsoft Update Process |
wmipcvse.exe |
Added by the AGOBOT-JF TROJAN! |
| X |
Microsoft Update Security Patch |
mssecurityupdatepatch.exe |
Added by the AGENT.EF TROJAN! |
| X |
Microsoft Update Server |
mssrv.exe |
Added by an unidentified VIRUS,
WORM or TROJAN! |
| X |
Microsoft Update Service |
csrss32.exe |
Added by the AGOBOT-HC WORM! |
| X |
Microsoft Update Service |
msupdate.pif |
Added by the RBOT-AQB WORM! |
| X |
Microsoft Update Service |
mswin32.exe |
Added by a variant of the SPYBOT WORM! |
| X |
Microsoft Update SERVICE |
phqghum.exe |
Added by a variant of the RBOT WORM! |
| X |
Microsoft update service |
systemm.exe |
Added by a variant of the SDBOT WORM! |
| X |
Microsoft Update Services |
wcsnfty.exe |
Added by the RBOT-AGK WORM! |
| X |
Microsoft Update Services |
wsnfty.exe |
Added by the RBOT-AFU WORM! |
| X |
Microsoft Update Time |
wuam.exe |
Added
by the RBOT-M WORM! |
| X |
Microsoft Update USB2 |
wuammgrd32.exe |
Added by the RBOT-ADT WORM! |
| X |
Microsoft Update v2.6 |
lxxex.exe |
Added by a variant of the RBOT WORM! |
| X |
Microsoft Update Win32a |
winupdate32a.exe |
Added
by the RBOT-LO WORM! |
| X |
Microsoft Update Win32x |
winupdate32x.exe |
Added by the RBOT-AJN WORM! |
| X |
Microsoft Updater |
Winsys32.exe |
Added by a variant of the RBOT WORM! |
| X |
Microsoft Updater Resources |
WinFixd32.exe |
Added by the SPYBOT.CA WORM! |
| X |
Microsoft UPDATER32 |
lsass.exe |
Added by the RANDEX.AR WORM!
Note - this is not the legitimate Lsass.exe system file should normally NOT
figure in Msconfig/Startup! |
| X |
Microsoft Updaters |
sysconfigs.exe |
Added
by the RBOT-DF TROJAN! |
| X |
Microsoft Updaters |
tskmgr.exe |
Added by a variant of the RBOT WORM! |
| X |
Microsoft Updaters Pros |
WINDLL32XP.EXE |
Added by the SPYBOTTER.GEN
VIRUS! |
| X |
Microsoft Updates |
systemc32.exe |
Added
by the RBOT-GR WORM! |
| X |
Microsoft Updates |
wkssvr.exe |
Added by the RBOT.R WORM! |
| X |
Microsoft Updates |
wkssvrs.exe |
Added
by the RBOT-EB WORM! |
| X |
Microsoft Updates |
wtemp32.exe |
Added by the RBOT-AHQ WORM! |
| X |
Microsoft Updates |
wuamgrd.exe |
Added
by the RBOT-CO WORM! |
| X |
Microsoft Updates 2 USB |
wgafixer.exe |
Added by a variant of the RBOT WORM! |
| X |
Microsoft Updates 5 USB |
sp3fixer.exe |
Added by the RBOT-ADS WORM! |
| X |
Microsoft Updates Resources |
WinFixIDs.exe |
Added by a variant of the RBOT WORM! |
| X |
Microsoft Updating |
navguard.exe |
Added by the RBOT.HW WORM! |
| X |
Microsoft Updating |
syswr.exe |
Added by a variant of the RBOT WORM! |
| X |
Microsoft Updating |
wuamguards.exe |
Added
by the RBOT-BY WORM! |
| X |
Microsoft Updating Client |
websvc.exe |
Added by the RBOT.AQ WORM! |
| X |
Microsoft Updating Machine |
sysc0de.exe |
Added by the RBOT.RB WORM! |
| X |
Microsoft Updatting |
miroupdate.exe |
Added by a variant of the RBOT WORM! |
| X |
Microsoft Updote |
[random filename] |
Added by the RBOT-ARC WORM! |
| X |
Microsoft UpMachine |
doezs.exe |
Added by the RBOT.BCT WORM! |
| X |
Microsoft upnp Update |
msie.exe |
Added
by the RBOT-LQ WORM! |
| X |
Microsoft uptime Service |
sycuptime.exe |
Added by the RBOT-AHY WORM! |
| X |
Microsoft uptime Service |
sysuptime.exe |
Added
by the RBOT-ACG WORM! |
| X |
Microsoft UpToDate Driver
(32-bits) |
[random filename].exe |
Added by the SPYBOT.LXJ WORM! |
| X |
Microsoft USB2 Driver |
crmss.exe |
Added
by the RBOT-VK WORM! |
| N |
Microsoft Utility Startup |
OSA9.exe |
Application which launches
common MS Office components to help speed up the launch of Office programs.
It's somewhat of a resource hog, and some users claim there's no difference
with or without it but it usually isn't required. Note - if you make use of
the Microsoft Office Shortcut Bar outside an office program this application
will need to be enabled for it to show |
| X |
Microsoft Values |
igfkishc.exe |
Added by the RBOT-GLO WORM! |
| X |
Microsoft Vertupdate |
MSvert32.exe |
Added by the MYTOB-CY WORM! |
| X |
Microsoft Video Capture Controls |
MSsrvs32.exe |
Added by the SDBOT-AAK WORM! |
| X |
Microsoft Video Controls |
tskmsgr.exe |
Added by a variant of the SPYBOT WORM! |
| X |
Microsoft Virual Machine |
sms.exe |
Added
by the RBOT-SP WORM! |
| X |
Microsoft Visual SourceSafe |
services.exe |
Added by the NEVEG.B or NEVEG.C
WORMS! Note - this is not the legitimate services.exe process, which should
not appear in Msconfig/Startup! |
| X |
Microsoft Visual SourceSafe |
winlogon.exe |
Added by the NEVEG.A WORM! Note
- this is not the legitimate winlogon.exe process, which should not appear in
Msconfig/Startup! |
| X |
Microsoft Visual Studio |
plscdksxg.exe |
Added by the RBOT-AWV WORM! |
| X |
Microsoft Visual Studio VSA |
varpc32.exe |
Added by a variant of the SPYBOT WORM! |
| X |
Microsoft Web Device |
wdevice.exe |
Added by a
variant of the SDBOT WORM! |
| X |
Microsoft web update |
webmsn.exe |
Added by the RBOT-EMQ WORM! |
| U |
Microsoft Webserver |
svctrl.exe |
Personal web server program
which enables you to create and host a web server from your computer. Not
required for most people |
| X |
Microsoft Win Corp TLS
Verification |
mswintls.exe |
Added by the RBOT-GCT WORM! |
| X |
Microsoft WIN32 DOS |
MSdos32.exe |
Added by a
variant of the SDBOT WORM! |
| X |
Microsoft WIN32 Security |
MSsec32.exe |
Added by the RBOT-DOQ TROJAN! |
| X |
MicroSoft Wind0ws Updater |
winsupdater.exe |
Added by a variant of the RBOT WORM! |
| X |
Microsoft Windows |
[path to file] |
Added by the LI TROJAN! |
| X |
Microsoft Windows |
atup |
Added by a variant of the RBOT WORM! |
| X |
Microsoft Windows |
bootini.exe |
Added by the VANEBOT-K WORM! |
| X |
Microsoft Windows |
explorar.exe |
Added by a variant of the RBOT WORM! |
| X |
Microsoft Windows |
Microsoft Windows.hta |
HTA file which creates an
executable on the hard drive which subsequently proceeds to download files
from a malware site! |
| X |
Microsoft Windows |
mstask0.exe |
Added by the SDBOT.FQ WORM! |
| X |
Microsoft Windows 128bit
Subsystem |
system12.exe |
Added by the RANCK-CZ TROJAN! |
| X |
Microsoft Windows 16Bit |
mswinn16.exe |
Added by a variant of the SPYBOT WORM! |
| X |
Microsoft Windows 2000 |
Winupdsdgm.exe |
Added by the GAOBOT.AO WORM! |
| X |
Microsoft Windows 32Bit |
mswinn32.exe |
Added by a variant of the RBOT WORM! |
| X |
Microsoft Windows 64 Bit |
mswin32.exe |
Added by a variant of the RBOT WORM! |
| X |
Microsoft Windows Client
Firewall |
msclt.exe |
Added by the VANEBOT-F WORM! |
| X |
Microsoft Windows Communicator
for NT/XP |
wincomm.exe |
Added by the RBOT.ATH WORM! |
| X |
Microsoft Windows Control |
mswctl32.exe |
Added by the RBOT.JP WORM! |
| X |
Microsoft Windows CSRSS |
csrss.exe |
Added by the KALEL-A WORM! Note
- this is not the legitimate csrss.exe process, which should not appear in
Msconfig/Startup! |
| X |
Microsoft Windows DHCP |
___r.exe |
Added by the MASLAN.A or
MASLAN.C WORMS! |
| X |
Microsoft Windows DLL 32-BIT |
msncheck32.exe |
Added
by the SDBOT-XX WORM! |
| X |
Microsoft Windows DLL Services |
mwindll.exe |
Added
by the SDBOT-VX WORM! |
| X |
Microsoft Windows DLL Services
Configuration |
dllmanager32.exe |
Added by the SDBOT-BTU WORM! |
| X |
Microsoft Windows DLL Services
Configuration |
newdll.exe |
Added by the SDBOT-ZR WORM! |
| X |
Microsoft Windows DLL Services
Configuration |
newdll2.exe |
Added by the SDBOT-ABD WORM! |
| X |
Microsoft Windows DLL Services
Configuration |
poker.exe |
Added by the SDBOT-ZY WORM! |
| X |
Microsoft Windows DLL Services
Configuration |
poker3.exe |
Added by the SDBOT-AAH WORM! |
| X |
Microsoft Windows DLL Services
Configuration |
proxy.exe |
Added by the SDBOT-ZL WORM! |
| X |
Microsoft Windows DLL Services
Configuration |
windir32.exe |
Added by the SDBOT.BHF WORM! |
| X |
Microsoft Windows DLL Services
Configuration |
windir32a.exe |
Added by a variant of the SDBOT.BHF WORM! |
| X |
Microsoft Windows DLL Services
Configuration |
windll32.exe |
Added by the SDBOT.BHD WORM! |
| X |
Microsoft Windows DLL Services
Configuration |
winDSL.exe |
Added by the SDBOT-ZG WORM! |
| X |
Microsoft Windows DLLHandler |
bitpaint.exe |
Added by the SDBOT.AHG WORM! |
| X |
Microsoft Windows Drivers |
windrv.exe |
Added by a
variant of the SDBOT WORM! |
| X |
Microsoft Windows DVR |
windvr.exe |
Added by the RBOT-AXD WORM! |
| X |
Microsoft Windows Explorer |
explorewin.exe |
Added by the IRCBOT.WORM.212480.H WORM! |
| X |
Microsoft Windows Explorer |
iexplorer.exe |
Added by a variant of the RBOT WORM! |
| X |
Microsoft Windows Files Loader |
cgy32win.exe |
Added by the RBOT-AXR WORM! |
| X |
Microsoft Windows Game Updater |
msgame32.exe |
Added by a variant of the RBOT WORM! |
| X |
Microsoft Windows GUI |
msmonk32.exe |
Added by the SDBOT-PE WORM! |
| X |
Microsoft Windows GUI |
Windowz.exe |
Added by the RANDEX.AEV WORM! |
| X |
Microsoft Windows Kernel
Services |
winkrnl386.exe |
Added by the ZEBROXY TROJAN! |
| X |
Microsoft Windows Loader |
wloader.exe |
Added by a variant of the AGOBOT/GAOBOT WORM! |
| X |
Microsoft Windows Logon Process |
winlogon.exe |
Added by the PROXYSER-R TROJAN!
Note - this is not the legitimate winlogon.exe process, which should not
appear in Msconfig/Startup and is always located in the System32 folder. This
worm file is placed in the Winnt or Windows folder |
| X |
Microsoft Windows Media Player |
mediaplayer.exe |
Added by a variant of the RBOT WORM! |
| X |
Microsoft Windows Media Player |
wimp.exe |
Added
by the RBOT-FN WORM! |
| X |
Microsoft Windows Secure |
windocs.exe |
Added by a
variant of the SDBOT WORM! |
| X |
Microsoft Windows Secure |
windocs.exe |
Added by a
variant of the SDBOT WORM! |
| X |
Microsoft Windows Secure Server |
rpcxWindows.exe |
Added
by the RBOT-LL WORM! |
| X |
Microsoft Windows Secure Update |
rpcxwinupdt.exe |
Added by an unidentified WORM or
TROJAN! |
| X |
Microsoft Windows Securety |
wurguar.exe |
Added
by the RBOT-KY WORM! |
| X |
Microsoft Windows Security |
spvsper.exe |
Added by a variant of the SDBOT WORM! |
| X |
Microsoft Windows Security |
wscndrives.exe |
Added by the RBOT-AJK WORM! |
| X |
Microsoft Windows Service |
winsys.exe |
Added by the RBOT-ADP WORM! |
| X |
Microsoft Windows Service Pack |
winspkn.exe |
Added by the RBOT-AYD WORM! |
| X |
Microsoft Windows Services |
msw32.exe |
Added by the RBOT-FWQ WORM! |
| X |
Microsoft Windows Services Edt |
dllrun32.exe |
Added by the RBOT-GAF WORM! |
| X |
Microsoft Windows Services Edt |
ssvvcchhoosst.exe |
Added by the RBOT-FYF TROJAN! |
| X |
Microsoft Windows Session
Manager Subsystem |
smss.exe |
Added by the PROXYSER-R TROJAN!
Note - this is not the legitimate smss.exe process which is always located in
the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is located in the Winnt or Windows
folder |
| X |
Microsoft Windows Socketx32
Services |
winsockx32.exe |
Added by the RBOT-FWT WORM! |
| X |
Microsoft Windows Storage
Machine Service |
winms.exe |
Added by the RBOT-AHK WORM! |
| X |
Microsoft Windows System |
srwhost.exe |
Added by a variant of the RBOT-ASW WORM! |
| X |
Microsoft Windows System |
syshost.exe |
Added by the RBOT-ASW WORM! |
| X |
Microsoft Windows System Kernel |
kernel32.exe |
Added by a variant of the IRC.BOT TROJAN! |
| X |
Microsoft Windows System Service
Manager |
winsvc.exe |
Added by the SPYBOT.LR WORM! |
| X |
Microsoft Windows Task
Management |
mstasks.exe |
Added by a
variant of the SDBOT WORM! |
| X |
Microsoft Windows Task Manger |
Mstosk.exe |
Added by the SDBOT-WW WORM! |
| X |
Microsoft Windows Tasks
Management |
taskmng.exe |
Added by the RBOT-FXK WORM! |
| X |
Microsoft Windows Updata |
scvhost.exe |
Added by a variant of the RBOT WORM! |
| X |
Microsoft Windows Updata |
windows.exe |
Added by a variant of the RBOT WORM! |
| X |
Microsoft Windows Update |
mnswinsx.exe |
Added by the RBOT-AWH WORM! |
| X |
Microsoft Windows Update |
msnmessenger.exe |
Added by the SDBOT.AJ WORM! |
| X |
Microsoft Windows Update |
MSNMSGR.EXE |
Added
by the SDBOT-WM WORM! |
| X |
Microsoft Windows Update |
msnwun.exe |
Added by the SDBOT-RM WORM! |
| X |
Microsoft Windows Update |
msoffice2.exe |
Added
by the RBOT-GB WORM! |
| X |
MICROSOFT Windows update |
pdate.exe |
Added by the RBOT.BZT WORM! |
| X |
Microsoft Windows Update |
rundlls.exe |
Added by the HABRACK WORM! |
| X |
Microsoft Windows Update |
sccvhost.exe |
Added by a
variant of the SDBOT WORM! |
| X |
Microsoft Windows Update |
scrhost.exe |
Added by the RBOT-AOW WORM! |
| X |
Microsoft Windows Update |
scvvhost.exe |
Added by the FORBOT-DH WORM! |
| X |
Microsoft Windows Update |
spools.exe |
Added by the SDBOT.TD WORM! |
| X |
Microsoft Windows Update |
srshost.exe |
Added by a
variant of the SDBOT WORM! |
| X |
Microsoft Windows Update |
svchos.exe |
Added by the SDBOT.AC WORM! |
| X |
Microsoft Windows Update |
svcshost.exe |
Added by the FORBOT-CF WORM! |
| X |
Microsoft Windows Update |
svmhost.exe |
Added by the FORBOT-CH WORM! |
| X |
Microsoft Windows Update |
svshost.exe |
Added by the WOOTBOT.CJ WORM! |
| X |
Microsoft Windows Update |
svzhost.exe |
Added by the FORBOT-EV WORM! |
| X |
Microsoft Windows Update |
swwhost.exe |
Added by a variant of the RBOT WORM! |
| X |
Microsoft Windows Update
Application |
wuap.exe |
Added by a variant of the RBOT WORM! |
| X |
Microsoft Windows Update Logon |
win-logon.exe |
Added by a variant of the RBOT WORM! |
| X |
Microsoft Windows Update Service |
wupdmgr32.exe |
Added by the DOS.AUTOCAT TROJAN! |
| X |
Microsoft Windows Update XP64 |
********.exe [* = random char] |
Added by a variant of the RBOT WORM! |
| X |
Microsoft Windows Updater |
msnupdateit.exe |
Added by the AGOBOT-RL WORM! |
| X |
Microsoft Windows Updater |
spoolvs.exe |
Added by the RBOT.ACQ WORM! |
| X |
Microsoft Windows Updater |
suvhost.exe |
Added by a
variant of the SDBOT WORM! |
| X |
Microsoft Windows Updater |
TMNTSrv.exe |
Added by a variant of the RBOT WORM! |
| X |
Microsoft Windows Updater |
win32upd.exe |
Added
by the RBOT-EC WORM! |
| X |
Microsoft Windows Updater |
windates.exe |
Added by the SDBOT.TE WORM! |
| X |
Microsoft Windows Updater |
WINIUPDATES.EXE |
Added
by the RBOT-KK WORM! |
| X |
Microsoft Windows Updater |
WINUPDATE.EXE |
Added
by the SDBOT-PU WORM! |
| X |
Microsoft Windows Updater |
winupdgm.exe |
Added by the GAOBOT.BI WORM! |
| X |
Microsoft Windows updaterD |
log32zx.exe |
Added by the MYDOOM.W WORM! |
| X |
Microsoft Windows Updates |
explorer32.exe |
Added by the SDBOT.VQ WORM! |
| X |
Microsoft Windows Updates |
wsap32.exe |
Added by a
variant of the SDBOT WORM! |
| X |
Microsoft Windows Updating
System |
msresource.exe |
Added by the RBOT-EAM WORM! |
| X |
Microsoft Windows W32 Services |
mssw32.exe |
Added by a variant of the SPYBOT WORM! |
| X |
Microsoft Windows WinSaSS
Management |
winsass.exe |
Added by the RBOT-APW WORM! |
| X |
Microsoft Windows WKS Service |
gt.exe |
Added by the SDBOT.FV WORM! |
| X |
Microsoft Windows Workstation |
devcode.exe |
Added by the RBOT-AWL WORM! |
| X |
Microsoft Windows XP
Configuration Loader |
m32svco.exe |
Added by the
SDBOT.WORM!.48548 WORM! |
| X |
Microsoft WINGS32 Protocol |
WinSGR32.exe |
Added by the RBOT-APU WORM! |
| X |
Microsoft WinRaR |
winrar.exe |
Added by the RBOT-AEC WORM! |
| X |
Microsoft Winsock |
mswinsck.exe |
Added by the RBOT-ANK WORM! |
| X |
Microsoft Winsock Service |
msusvc.exe |
Added by the RBOT-ANS WORM! |
| X |
Microsoft Winsock Wrapper |
ws2_32s.exe |
Added by a variant of the SPYBOT WORM! |
| X |
Microsoft WinSound |
[random filename] |
Added by a variant of the RBOT WORM! |
| X |
Microsoft WinUpdate |
mntcgf032.exe |
Added
by the RBOT-PF WORM! |
| X |
Microsoft WinUpdate |
spfix.exe |
Added by a variant of the RBOT WORM! |
| X |
Microsoft WinUpdate |
svh0st.exe |
Added by the SPYBOT.DL WORM! |
| X |
Microsoft WinUpdate |
syslx32.exe |
Added by an unidentified VIRUS,
WORM or TROJAN! |
| X |
Microsoft WinUpdate |
syswin32.exe |
Added
by the RBOT-HO WORM! |
| X |
Microsoft WinUpdate |
Winamp61.exe |
Added by a variant of the RBOT WORM! |
| X |
Microsoft WinUpdate |
WinNTinit32.exe |
Added by the RBOT.VS WORM! |
| X |
Microsoft WinUpdate |
Winupd32.exe |
Added by the RBOT.MQ WORM! |
| X |
Microsoft WinUpdates |
serm32.exe |
Added by the RBOT.GE WORM! |
| X |
Microsoft WM |
mswm32.exe |
Added by the BCKDR-AM TROJAN! |
| X |
Microsoft Word |
BootSector.exe |
Added by a variant of the AGOBOT/GAOBOT WORM! |
| X |
Microsoft Word Profissional |
csrss.exe |
Added by the BANCBAN-DB TROJAN!
Note - this is not the legitimate csrss.exe process which is always located
in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is located in a "s1613"
subfolder |
| X |
Microsoft Word Profissional |
csrss.exe |
Added by the BANKER-DJ TROJAN!
Note - this is not the legitimate csrss.exe process which is always located
in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is located in a "protect"
subfolder |
| X |
Microsoft Word Profissional |
csrss.exe |
Added by the BANKER-DJ TROJAN!
Note - this is not the legitimate csrss.exe process which is always located
in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is located in a "JavaVM"
subfolder |
| X |
Microsoft Word Profissional |
Java Plug In close.exe |
Added by the BANKER-EL TROJAN! |
| N |
Microsoft Works Calendar
Reminders |
wkcalrem.exe |
Produces a pop-up reminder of
events scheduled using the MS Works Calendar |
| N |
Microsoft Works Portfolio |
WksSb.exe |
The Works Portfolio tool lets
you collect and organize text and pictures from the Web or your favorite
program.Can be prevented from starting from a setting within Portfolio |
| N |
Microsoft Works Update Detection |
wkdetect.exe |
Checks for updates to MS Works |
| X |
Microsoft World Service |
winworld.exe |
Added by an unidentified IRC
worm with backdoor capability! |
| X |
Microsoft WPCEmail |
svchost.exe |
Added by the SNIFFER-N TROJAN! |
| X |
Microsoft WWW |
free.exe |
Added by a variant of the CWS.AK
TROJAN! |
| X |
Microsoft Wxdate |
Syswu32.exe |
Added by the SPYBOT.HZ WORM! |
| X |
Microsoft X Update |
wuamkoppnp.exe |
Added by the RBOT-ANI WORM! |
| X |
microsoft xdaemon 2.0 |
xdaemon.exe |
Added by the DELF.D TROJAN! |
| X |
Microsoft XML Service |
msxmlx.exe |
Added by the RBOT.KS WORM! |
| X |
Microsoft Xp Systems loader |
winsystem32xp.exe |
Added by the KELVIR.W WORM! |
| X |
Microsoft Xp Systems loaders |
win32xpsys.exe |
Added by the SPYBOT.NYT WORM! |
| X |
Microsoft XPSP Protocol |
xp386.exe |
Added by a variant of the RBOT WORM! |
| X |
Microsoft xpsp2 |
Networksystem.exe |
Added by a
variant of the SDBOT WORM! |
| X |
Microsoft xpsp2 |
xpsp2.exe |
Added by the SDBOT-YQ WORM! |
| X |
Microsoft« ActiveX Debugger NT |
setdebugnt.exe |
Added by the BANCOS-CZ TROJAN! |
| X |
Microsoft© PID Lex |
PIDLex.exe |
Added by the NIOVADOOR TROJAN! |
| X |
Microsoft® System Mapper |
SysMap.exe |
Added by the MAPSY TROJAN! |
| U |
Microsoft® Windows® Operating
System |
ehTray.exe |
Enables the user to access Windows Messenger from within
Windows Media Center Edition |
| N |
Microsoft® Windows® Operating
System |
RunDLL32.exe [path] ehuihlp.dll,
BootMediaCenter |
Starts Windows Media Center
every time Windows Vista (Home Premium or Ultimate) boots. Disable by
unchecking the "Start Windows Media Center when Windows Starts"
option via Windows Media Center -> Tasks -> Settings -> General
-> Startup and Window Behaviour |
| N |
Microsoft® Windows® Operating
System |
rundll32.exe [path]
oobefldr.dll, ShowWelcomeCenter |
Shows the Welcome Center every
time you boot into Windows Vista |
| X |
microsoft420 |
microsoft420.exe |
Added by the MENACE.B WORM! |
| X |
Microsoft64 |
antiv.exe |
Added by the SOBER WORM! |
| X |
Microsoftf DDEs ContDLL |
rune.pif |
Added by the RBOT-AGF WORM! |
| X |
Microsoftf DDEs ContrDL |
runm.pif |
Added by the RBOT-AFQ WORM! |
| X |
Microsoftf DDEs Control |
FEnR.exe |
Added by the RBOT-AIM WORM! |
| X |
Microsoftf DDEs Control |
lxes.exe |
Added by the RBOT.BOF WORM! |
| X |
Microsoftf DDEs Control |
msnn.exe |
Added by the RBOT-AXT WORM! |
| X |
Microsoftf DDEs Control |
soff.pif |
Added by the RBOT-AKH WORM! |
| X |
Microsoftf DDEs Control |
wees.exe |
Added by a variant of the the RBOT.BOF WORM! |
| X |
Microsoftf DDEs Control |
why-.exe |
Added by the RBOT-AMV WORM! |
| X |
Microsoftkeysd |
systemproc.exe |
Added by the FORBOT-BI WORM! |
| X |
Microsoftkeysd |
systemwin32s.exe |
Added by the WOOTBOT.CO WORM! |
| X |
Microsoftkeysds |
lass32.exe |
Added by a variant of the RBOT WORM! |
| X |
MicrosoftKs |
Drivers.bat |
Added by the SHUTDOWN-F TROJAN! |
| X |
microsoftm eegs cuntrol |
loor.pif |
Added by a variant of the RBOT WORM! |
| X |
Microsoftmsn32.exe |
microsoftmsn32.exe |
Added by the CERTIF-C TROJAN! |
| X |
MicrosoftMultimediaTask |
Mmtask.exe |
Adware downloader - not the
valid MusicMatch Jukebox which shares the same filename |
| X |
MicrosoftNetwork Daemon for
Win32 |
NETD32.EXE |
Added by the RANDEX.F WORM! |
| X |
MicrosoftOEM |
smvss.exe |
Added by the DEDLER-G TROJAN! |
| X |
Microsofts media |
wingtp.exe |
Added
by the RBOT-VO WORM! |
| X |
Microsofts media |
winmplayd.exe |
Added by an undidentified WORM
or TROJAN! |
| X |
Microsofts MediaScope |
winmedplay.exe |
Added by a variant of the RBOT WORM! |
| X |
Microsofts MediaScope |
winmep.exe |
Added
by the RBOT-WB WORM! |
| X |
Microsofts Security Manager |
****.exe [**** = random char] |
Added
by the RBOT-WH TROJAN! |
| X |
Microsofts Service |
lcsrv16.exe |
Added by a variant of the RBOT WORM! |
| X |
Microsoft's System Module |
Sysmodule.exe |
Added by the FJ TROJAN! |
| X |
Microsofts Updates |
lsasss.exe |
Added by the RBOT-AEX WORM! |
| X |
Microsofts Updatez |
cmsssr.exe |
Added by an unidentified VIRUS,
WORM or TROJAN! |
| X |
Microsofts Updatez |
exploirez.exe |
Added by a variant of the RBOT WORM! |
| X |
MicrosoftServiceManager |
EXPLORERE.EXE |
Added by the YAHA.AB WORM! |
| X |
MicrosoftServiceManager |
mstask32.exe |
Added by the YAHA.P WORM! |
| X |
MicrosoftServiceManager |
msupdat.exe |
Added by the YAHA.AA WORM! |
| X |
MicrosoftServiceManager |
Wintsk32.exe |
Added by the YAHA.U WORM! |
| X |
Microsoft-software |
****.exe [* = random char] |
Added by a variant of the RBOT WORM! |
| X |
MicrosoftSourceSafe |
lsass.exe |
Added by the WEBUS.B TROJAN!
Note - this is not the legitimate lsass.exe process which is always located
in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is located in the System folder |
| X |
MicrosoftSys |
SPOOLSYS.exe |
Added by the TARNO.N TROJAN! |
| X |
MicrosoftUpdate |
syshelper.exe |
Added by the WOOTBOT.AC WORM! |
| X |
MicrosoftUpdate |
WinUp32.exe |
Added by an unidentified VIRUS,
WORM or TROJAN! |
| X |
Microsoft-Update |
wngard.exe |
Added
by the RBOT-JV WORM! |
| X |
MicrosoftUpdates |
[path to trojan] |
Added by the DELF-LO TROJAN! |
| X |
Microsoft-Updates |
svxhost.exe |
Added
by the RBOT-CT WORM! |
| X |
Microsoft--Updates |
sxvhost.exe |
Added
by the RBOT-FH WORM! |
| X |
MicrosoftValue |
syscnfg.exe |
Added by an unidentified VIRUS,
WORM or TROJAN! "syscnfg.exe" is found in C:windowsfonts (or
C:winntfonts) directory where no *.exe files should reside |
| X |
Microsoftvirus |
sysoverload.exe |
Added by the FORBOT-AL WORM! |
| X |
MicrosoftWindows |
[various filenames] |
MagicSearch
- a CoolWebSearch parasite variant |
| X |
MicrosoftWindows |
a@26m.exe |
Added by the KILLPAR-B TROJAN! |
| X |
MicrosoftXP Service Pack 2 |
servicepack2.exe |
Added by the RBOT.EMC WORM! |
| X |
Microsoftz turn Control |
aexl.exe |
Added by the SDBOT.BCO WORM! |
| X |
Microsoftz turn Control |
read.pif |
Added by the RBOT-AFS WORM! |
| X |
Microsong |
svchosts11.exe |
Added by the SDBOT-EV WORM! |
| X |
Microsot NT Support |
[random filename].exe |
Added by the RBOT-CTI WORM! |
| X |
Microszoft Update Mach1nezs |
svchst.exe |
Added
by the RBOT-ED WORM! |
| U |
Microtek Scanner Finder |
ScannerFinder.exe |
Monitors whether a scanner is
present. Provided with Microtek scanners |
| X |
Microzoft_Ofiz |
KdzEregli.exe |
Added by the AMUS.A WORM! |
| X |
Micrsoft CFG 32 |
lrbzus32.exe |
Added by a variant of the AGOBOT/GAOBOT WORM! |
| X |
Micrsoft Driver |
msdriver.exe |
Added by the SDBOT-XD WORM! |
| X |
Micrsoft Driver |
windrive.exe |
Added by the SDBOT.AF TROJAN! |
| X |
Micrsoft Internet Explorer |
IEXPL0RE.EXE |
Added by the RBOT-AQV WORM! Note the number "0" in
the filename |
| X |
Micsoft-Published-Software |
explrer.exe |
Added by the RBOT-GFL WORM! |
| X |
Micsorosft Security Center |
wcnsfty.exe |
Added by the RBOT-AHU WORM! |
| N |
MightyFAX Controller |
MFNTCTL.EXE |
Mighty
FAX from RKS Software - "installs a printer driver so that you can fax
directly from Windows software" |
| ? |
MigrationVendorSetupCaller |
rundll32.exe migrate.dll,
CallVendorSetupDlls |
?? |
| X |
Military Net Killer |
MNK.exe |
Added by the MILLNET-A WORM! |
| U |
MilShieldSlave |
ShieldWorker.exe |
Mil
Shield from Mil Incorporated. It protects your privacy by removing all tracks
from your online or offline computer activities |
| N |
MimBoot |
mimboot.exe |
Starts Musicmatch Jukebox
at bootup - can be started manually |
| X |
Mincer |
Mincer.exe |
Added by the MINCEME-A WORM! |
| X |
MINIBUG |
MINIBUG.EXE |
Displays ads inside Weatherbug - see here |
| N |
MiniEYE-MiniREAD Launch |
ARLaunch.exe |
eyeQ - improve your
reading speed |
| N |
MINIFERT.EXE |
MINIFERT.EXE |
Part of Backweb |
| U |
minilog |
MINILOG.EXE |
If you don't have ZoneAlarm or
ZoneAlarm Pro running you don't need this. This must be enabled if programs
such as VisualZone Report utility or ZoneLog Analyzer are in use |
| N |
MiniMavis |
MiniMavis.exe |
Mavis Beacon typing tutor |
| X |
minimo |
[path to file] |
Added by the MOSUCK-X TROJAN! |
| N |
MiniNote |
MININOTE.EXE |
Mini
NoteTab was the first in the family of "NoteTab" text and HTML
editors from Fookes Software |
| ? |
Miniphone |
glophone.exe |
VoiceGlo Glophone Voice over
Internet Protocol (VOIP) communications software - "an affordable and
convenient way to call friends and family throughout the world using a
dial-up or broadband Internet connection on your computer" - is it
required in startup? |
| X |
miniport |
usb2chk.exe |
Added by the LAZAR-A TROJAN! |
| X |
MiniPortRt |
miniport_mp.exe |
Malware
- see here |
| X |
MiniServer.exe |
MiniServer.exe |
Added by the LITTLEW-E TROJAN! |
| U |
MinMaxExtender |
Mmext.exe |
MinMaxExtender
- window handling tool |
| X |
Miosf Update |
wimsqaad.exe |
Added by the SDBOT.AG TROJAN! |
| N |
Mirabilis ICQ |
icq.exe |
If connected to the internet,
automatically runs up ICQ. Convenience more than anything. ICQ can be started
from Start -> Programs |
| N |
Mirabilis ICQ |
ICQNet.exe |
If connected to the internet,
automatically runs up ICQ. Convenience more than anything. ICQ can be started
from Start -> Programs |
| N |
Mirabilis ICQ |
NDetect.exe |
If connected to the internet,
automatically runs up ICQ. Convenience more than anything. ICQ can be started
from Start -> Programs |
| U |
Miramar Systems, Inc. |
atmsg.exe |
Miramar PC/Mac networking
software |
| N |
Miranda IM |
miranda32.exe |
Miranda instant messaging
client |
| X |
Mirate Sp 2 Information |
miratesp2.exe |
Added by the RBOT.QH WORM! |
| X |
Mircosoft DNS Service |
svchost.exe |
Added by the IRCBOT-AK TROJAN!
Note - this is not the legitimate svchost.exe process which is always located
in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is located in a "drivers"
subfolder |
| X |
Mircosoft Sockets SP2 |
mssck.exe |
Added by the MYTOB.ET WORM! |
| X |
Mircosoft Update |
wuampkd.exe |
Added by a
variant of the SDBOT WORM! |
| X |
Mircrosoft Svchost32 |
svchost32.exe |
Added by the RBOT-AZW WORM! |
| X |
Mircrosoft Windows Config DLL |
rundllc32b.exe |
Added
by the RBOT-ZY WORM! |
| N |
miroVIDEO Tray Tool |
misitray.exe |
Tool for quickly changing
options for miro/Pinnacle capture cards during capture/playback/output. When
this program is closed, another program (mv-ctrl) is also closed, but mv-ctrl
does not have its own EXE file. Only needed when using the capture card, e.g.
for the above actions |
| U |
MirrorFolderShell |
mrfshl.exe |
MirrorFolder backup software |
| X |
Mirsoft sdcE |
taskmegr.exe |
Added by the RBOT-AWY WORM! |
| X |
Mirsoft sdcE |
taskmegr.exe |
Added by the RBOT.DFQ WORM! |
| X |
Miscrosoft Windows Explorer |
IEEXPLORER.exe |
Reported as the SDBOT.YX WORM! |
| ? |
misiCTRL |
misiCTRL.exe |
Miro
video driver related. Is it required? |
| ? |
misiTRAY |
misiTRAY.exe |
Miro
video driver related. Is it required? |
| X |
Mismo |
win32x.exe |
Added
by the RBOT-JP WORM! |
| N |
Mixer |
Mixer.exe |
C-Media Mixer - C-Media produce
audio chipsets that are often found on popular motherboards with on-board
audio. Provides System Tray access to change audio settings. Available via
Start -> Settings -> Control Panel or Start -> Programs |
| N |
Mixersel |
mixersel.exe |
Configuration for Realtek audio
devices |
| N |
Mixghost |
mixghost.exe |
Management software for Altec
Lansing speakers. If a change is needed, the user can launch it from
the Start menu |
| X |
ml00!.exe |
ml00!.exe |
Malware, detected by GAIN
branded ads (pop-ups and others). ScreenScenes do however offer you the
option of doing away with the ads by purchasing the screensaver for a
whopping $30. Please note that Claria Corporation no longer support
GAIN-Supported software - see here |
| U |
ML1HelperStartUp |
ML1Helper.exe |
ScreenScenes "Midnight
Lake" screensaver. The freeware version comes with GAIN branded ads
(pop-ups and others). ScreenScenes do however offer you the option of doing
away with the ads by purchasing the screensaver for a whopping $30. Please note
that Claria Corporation no longer support GAIN-Supported software - see here |
| X |
ml34 |
[path to trojan] |
Added by the MAILBOT-BH TROJAN! |
| X |
Mlcr0s0ftf DDEs C0ntr0i |
WAed.pif |
Added by the RBOT-BJW WORM! |
| X |
mlibsysmc |
comzcinc.exe |
Added by the SDBOT-CXS WORM! |
| X |
mload |
lxmstart.exe |
Added by an unidentified VIRUS,
WORM or TROJAN! |
| ? |
MM Install |
setup.exe |
Possibly Money Manager
from Moneysoft? |
| X |
MMB2 |
explorer.exe |
Added by an unidentified WORM or
TROJAN! Note - the legitimate Windows Explorer (explorer.exe) is located in
the Windows or Winnt folder and would not normally appear in Msconfig/Startup
unless you added it manually! This one is located in the System (9x/Me) or
System32 (NT/2K/XP) folder |
| X |
MMC |
inisys.exe |
Added by the OSCABOT-I WORM! |
| X |
mmcndmgr |
mmcndmgr.exe |
Added by an unidentified VIRUS,
WORM or TROJAN! |
| N |
MMCWINMGMT |
winmgmt.exe |
Used for Enterprise Management. If you are not an IT
Administrator you don't need it to be running. Also runs from the PCHealth
"scheduler" - refer here |
| X |
mmemdrv |
mmemdrv.exe |
Added by SecondSight spyware. Note - SecondSight is spyware
that captures keystrokes and screen shots, and logs user activity on the
compromised computer. The risk can then send the logged information to a
remote attacker via email, must be manually installed |
| U |
MMERefresh |
MMERefresh.exe |
Part of
Digidesgin Protools. Refreshes your midi ports on the 002(R) (the 002R is a
hardware audio/midi converter connected to your computer via firewire). Must
be running in order to use the MIDI functionality of the Digi002R |
| X |
Mmessenger |
messenger.exe |
Added by the AGOBOT.GM WORM! |
| X |
Mmgsvc |
mmgsvc.exe |
Mmgsvc spyware |
| U |
MMhid |
mmhid.dll |
This
is the Human Interface Device Server for Win98, it is required only if you
are using USB Audio Devices you can disable via Msconfig. See here. Typical
examples are USB multimedia keyboards with volume control and web-ready
keyboards. For example - loaded by default with MS DSS80 Speakers because
they have Volume, Mute and Bass controls on the speaker. Some users may
experience problems disabling this - if this is the case then re-enable it.
Equivalent to Hidserv in Win98SE/2000/Me/XP |
| ? |
MMHK |
mmhk.exe |
A driver found on a Compaq
Presario 800T notebook. Possibly something to do with multimedia hot keys? |
| N |
MMHotKey |
MMHotKey.exe |
Multimedia key handling for the
relevant type of Turbo-Media keyboard. Shortcut available. Note that with
this running it can crash DirectX8/9 under WinXP when a game switches to
full-screen |
| X |
MMicrosoft Security Management |
inetforn.exe |
Added by the RBOT.AFZ WORM! |
| U |
MMKeybd |
MMKeybd.exe |
Multimedia keyboard manager.
Required if you use the additional keys |
| U |
Mmm |
Mmm.exe |
Hace Mmm - free
utility to configure your Windows menus and move and remove menu-items you
never use |
| X |
mmod |
mmod.exe |
eZula TopText adware |
| N |
mmpti |
m1mmpti.exe |
Mpact Mediaware Properties
Taskbar Icon - multimedia software icon for Chromatic Research Mpact video
cards |
| N |
MMReminderService |
MMReminderService.exe |
Mind Manager from Mindjet - "easy way to organize ideas
and information". Registration reminder |
| ? |
MMRun |
mmrun.exe |
?? |
| ? |
mmsys |
recover.exe |
?? |
| X |
MMSystem |
RunDll32 |
Added by the FUNNER-A WORM! |
| N |
mmtask |
mmtask.exe |
Part of MusicMatch Jukebox - digital music player / CD burner
and ripper / music organizer / playlist creator |
| Y |
MMTASK |
mmtask.tsk |
A check on the file's properties
reveals "Multimedia background task support module". MMTASK is a
very simple 16-bit program used by certain multimedia drivers (which are
still 16-bit on Win9x) to perform background processing. Some soundcards need
this to support MIDI, etc |
| X |
MMtask Service |
mmtask.exe |
Added by the BACKGAT.A TROJAN! Not the valid MusicMatch
Jukebox which has the same filename |
| N |
MMTray |
mm_tray.exe |
MusicMatch Jukebox icon in the task tray - digital music
player / CD burner and ripper / music organizer / playlist creator |
| N |
MMTray |
MMTray.exe |
Part of Morgan
Multimedia Codecs. Only required when the codecs are used |
| N |
MMTray2K |
MMTray2K.exe |
Part of Morgan
Multimedia Codecs. Only required when the codecs are used |
| N |
MMTrayLSI |
MMTrayLSI.exe |
Part of Morgan
Multimedia Codecs. Only required when the codecs are used |
| ? |
mmusrstp |
procrun.exe |
?? |
| X |
mmxp2passion.exe |
mmxp2passion.exe |
MediaMotor adware |
| X |
mmxrun |
msosa.exe |
Added by an unidentified TROJAN
or WORM! |
| X |
mmxrun |
mswinindex.exe |
TwoSeven spyware |
| X |
mnklins |
mnklins.exe |
VX2.Transponder parasite updater/installer related |
| X |
MNPol |
mnpol.exe |
Added by the DLUCA.B TROJAN! |
| U |
MNS |
MNS.exe |
Mobile Net Switch
enables you to use your computer on more then one network with the click of a
button. It allows you to automatically select the correct drive mappings,
printer settings, IP settings and much more |
| X |
mnsvc |
mnsvc.exe |
Added by the AUTOUPDER TROJAN! |
| X |
mnsvcsp |
mnsvcsp.exe |
Added by an unidentified VIRUS,
WORM or TROJAN! |
| U |
Mobile Phone Suite |
MobilePhoneSuite.exe |
Logitech Mobile Phone Suite |
| U |
mobile PhoneTools |
mPhonetools.exe |
Motorola
Phone Tools |
| U |
Mobipocket Reader Notifications |
readernotify.exe |
Part of Mobipocket Reader - "Store all your eBooks,
eNews & self-published eDocs on your PC. Download eBooks in Mobi format
from your favorite ebookstores to read on your smartphone, PDA, laptop or on
your desktop PC" |
| N |
mobsync |
mobsync.exe |
MS Syncrhonization Manager -
updates the network copy of materials that were edited offline, such as
documents, calendars, and e-mail messages |
| X |
MOBSYNC32.EXE |
mobsync32.exe |
Added by the FINERO TROJAN! |
| N |
MOD |
muamgr.exe |
Using MicroAngelo On
Display, you can easily select the icon images that you prefer rather than
the default icons displayed by Windows. On Display provides a consistent and
elegant method to customize the icon display for almost every icon on your
system |
| X |
Modem |
locatesvc.exe |
Added by a variant of the SPYBOT WORM! |
| X |
Modem Driverz Updates |
mdmdrv.exe |
Added by a
variant of the SDBOT WORM! |
| U |
MODEMBTR |
MODEMBTR.EXE |
Modem Booster from inKline
Global to improve ISP connections |
| X |
Modeminf |
Modeminf.exe |
Added by a variant of the CRYPTER.C TROJAN! |
| U |
ModemOnHold |
MOH.EXE |
NetWaiting Modem-on-Hold
Application |
| N |
ModemUtility |
mdmsetpe.exe |
System Tray configuration icon
for Aztech modems |
| X |
ModularConfig |
syscnfg.exe |
Added by an unidentified VIRUS,
WORM or TROJAN! "syscnfg.exe" is found in C:windowsfonts (or
C:winntfonts) directory where no *.exe files should reside |
| X |
Module Call initialize |
RUNDLL32.EXE reg.dll, ondll_reg |
Added by a variant of the LOVGATE WORM! |
| X |
Modulo 00FE0F01 Host Internet |
syschost.exe |
Added by the DELF-KW TROJAN! |
| N |
Money Express |
moneyexpress.exe |
Part of MS Money. Available via
Start -> Programs |
| N |
MoneyAgent |
mnyexpr.exe |
Microsoft Money |
| N |
MoneyAgent |
money express.exe |
Part of MS Money. Available via
Start -> Programs |
| N |
MoneyStartUp |
Money Startup.exe |
Microsoft Money |
| N |
MoneyStartUp10.0 |
Activation.exe |
Part of MS Money 2002. Available
via Start -> Programs |
| X |
monitor |
monitor.exe |
Browser hijacker, redirecting to
NCM Search |
| U |
Monitor |
SD Monitor.exe |
"Transfer data quickly between your memory card and your
computer with SanDisk's Readers, Writers and Adapters" |
| U |
Monitor Apache Servers |
ApacheMonitor.exe |
Part of the Apache Web Server
package. Useful only if you're running such a server on your PC. Available
via Start -> Programs |
| U |
Monitor Helper |
monitor.exe |
MyLittleSpy keystroke logger/monitoring program - remove unless
you installed it yourself! |
| X |
Monitoring Service |
svchost.exe |
Added by the CONE.C WORM! Note -
this is not the legitimate svchost.exe process which is always located in the
System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure
in Msconfig/Startup! This file is located in a "tasks" subfolder of
the Winnt or Windows folder |
| X |
Monitormgt |
Monitormgt.exe |
Added by the GEMA TROJAN! |
| U |
MonitorSD |
SDMonitor.exe |
Spyware Detector - spyware remover. Initially not recommended
due to false positives but the later versions have since improved - see here |
| X |
MONPluginSrIvcs |
n3monap23.exe |
Added by a variant of the RBOT WORM! |
| N |
Monstersoundtray |
Freectrl.exe |
Diamond Multimedia sound card
control panel |
| X |
MonTest |
vccxzq.exe |
Added by the SDBOT-EA WORM! |
| U |
MoodBook |
mb.exe |
MoodBook is a free Windows
utility that brings art to your desktop |
| N |
moon phase |
moon.exe |
Moon Phase - tray icon
that indicates the phases of the moon |
| X |
MoreResults |
MoreResults.exe |
MoreResults adware |
| N |
Morpheus |
morpheus.exe |
MusicCity Networks' Morpheus -
another peer-to-peer client based on Kazaa. Notable in that this one doesn't
seem to install the adware that clog the Kazaa download. They claim they are
adware free, and a visitor quotes "I have seen no instance of any since
using it" |
| X |
morphstb |
morphstb.exe |
Adware downloader -
recognized by Kaspersky antivirus as Trojan-Downloader.Win32.Stubby.c |
| X |
mosearch |
mosearch.exe |
Fast Search
in Office XP - similar to the new revision of the Find Fast feature in Office
2000. Fast Search uses the Indexing Services in Office XP to create a catalog
of Office files on your computer's hard disk. As with Find Fast - a waste of
resources. If it can't be disabled via MSCONFIG try here |
| X |
Motherboard Config |
Ati2xxx.exe |
Added by the RBOT-AIK WORM! |
| X |
MotherBoard Sounds |
Sounds.exe |
Added by the RBOT-AAP WORM! |
| N |
Motive SmartBridge |
BTHelpNotifier.exe |
System tray icon for help from
BT Broadband, used to communicate internet problems via the network rather
than telephone. Available via desktop shortcut or Start -> Programs - not
required |
| N |
Motive SmartBridge |
MotiveSB.exe |
System tray icon for the Virtual
Assistant from AT&T Broadband, used to communicate internet problems via
the network rather than telephone. Available via desktop shortcut or Start
-> Programs - not required |
| N |
Motive SmartBridge |
mpbtn.exe |
System tray icon for the Virtual
Assistant from AT&T Broadband, used to communicate internet problems via
the network rather than telephone. Available via desktop shortcut or Start
-> Programs - not required |
| U |
MotiveMonitor |
motmon.exe |
Found on HP/Dell and Compaq
systems (and maybe others). MotiveMonitor is used the suppliers on-line
support and allows the agent at the far end to do harddrive/ram/video/etc
tests on the computer. Can cause some users problems with IE and Netscape by
disabling this - in this case leave it to run. You may also wish to leave it
alone if the PC is still within the support period from the manufcaturer. For
most users it's not required |
| N |
MotiveSB |
MotiveSB.exe |
System tray icon for the Virtual
Assistant from AT&T Broadband, used to communicate internet problems via
the network rather than telephone. Available via desktop shortcut or Start
-> Programs - not required |
| U |
MotMon |
motmon.exe |
Found on HP/Dell and Compaq
systems (and maybe others). MotiveMonitor is used the suppliers on-line
support and allows the agent at the far end to do harddrive/ram/video/etc
tests on the computer. Can cause some users problems with IE and Netscape by
disabling this - in this case leave it to run. You may also wish to leave it
alone if the PC is still within the support period from the manufcaturer. For
most users it's not required |
| X |
motoin |
mm15201518.Stub.exe |
Delfin Promulgate adware variant |
| U |
Motorola Desktop Suite |
DesktopSuite.exe |
Related
to Motorola Desktop Suite - PC software managing Motorola mobiles such as the
A1000 |
| U |
Motorola Desktop Suite mRouter
Config |
mRouterConfig.exe |
Configuration
for Intuwave's mRouter - "that enables easy connectivity between mobile
devices and PCs across Bluetooth, Infrared, USB and serial cable
connections". An integral component of Symbian OS that is provided to
all Symbian licensees |
| U |
Mount Safe & Sound |
Fbmount.exe |
From McAfee VirusScan version
5.x. Creates back-up sets of critical files in a separate area of a hard
drive. If you make regular back-ups it's not needed and can be painful during
system start |
| X |
mouse |
mouse.exe |
Added by the RBOT-AHJ WORM! |
| N |
Mouse 32A |
Mouse32A.exe |
Mouse driver to control mouse
functions from Azona. Available via Start -> Programs |
| N |
Mouse Suite 98 Daemon |
ICO.EXE |
Found on Sony Vaio and IBM
Thinkpad (and possibly other) laptops and seems to be related to Mouse Suite
98 Daemon according to the properties. Appears to cause a behaviour where the
desktop suddenly flips back up when playing DirectX associated games |
| N |
Mouse Suite 98 Daemon |
pelmiced.exe |
Mouse driver. Appears to cause a
behaviour where the desktop suddenly flips back up when playing DirectX
associated games |
| X |
mousebut |
mousebut.exe |
Added by the CRYPTER.A TROJAN! |
| X |
Mousecntl |
mousecntl.exe |
Added by a variant of the CRYPTER.C TROJAN! |
| N |
MouseCount |
MC.exe |
MouseCount by
Kittyfeet Software. "Utility for counting how many times us computer
junkies click our mouse in a given session/day/week/month/year." Not
required |
| X |
MouseDrv |
[path to worm] |
Added by the ZOLOAD-B WORM! |
| X |
MouseDrv |
update.exe |
Added by the ZOTOB.N WORM! |
| U |
mouseElf |
MC.exe |
Genius NetScroll mouse
driver - required if you use non-standard Windows driver features |
| U |
mouseElf |
mouseElf.exe |
System Tray access to the mouse
control panel for Genius Netscroll mice. Required if you use non-standard
Windows driver features |
| U |
MouseImp |
MImpHost.exe |
MouseImp Pro - "A reliable
assistant that turns your mouse into a simple, native but powerful
controlling device" |
| X |
mousepad |
mousepad.exe |
Added
by the CLICKER TROJAN! |
| U |
Mousinfo |
mousinfo.exe |
MS mouse information tool - for
troubleshooting mouse problems |
| X |
MoussaEvil |
[path to file] |
Added by the MUSANUB-A WORM! |
| X |
MoveSearch |
Search.exe |
PigSearch adware |
| N |
Movielink Manager Uninstall |
msvcmm32.exe |
Auto-update for Movielink -
internet movie rental System Tray access |
| X |
MovieM |
lmovie.exe |
Added by the BEAGLE.DS WORM! |
| X |
moviemk |
moviemk.exe |
Added by the DWNLDR-GTB TROJAN! |
| X |
MovieNetworks |
MovieNetworks.exe |
MovieNetworks will
connect you by DOMESTIC PREMIUM RATE TELEPHONE NUMBER 900-xxx-xxxx. So you
get xxx rated pictures and junk. And it will allow you to stay on the
internet on their line and $$$ and remove the C:Program FilesMovieNetworks
directory |
| X |
Movieplace |
Movieplace.exe |
MoviePlace malware |
| X |
Mozila |
mozila.exe |
Added by the DELBOT-AJ WORM! |
| X |
Mozila Firefox |
firebox.exe |
Added by the RBOT-AIP WORM! |
| X |
Mozilla Firefox |
F1REF0X.EXE |
Added by a variant of the SDBOT WORM! |
| N |
Mozilla Quick Launch |
Mozilla.exe |
Netscape 6 and Mozilla browsers |
| N |
Mozilla Quick Launch |
Netscp6.exe |
Netscape 6 and Mozilla browsers |
| U |
Mozy Status |
mozystat.exe |
Mozy - free backup at a secure, remote location |
| X |
MP Tcloakss |
mptclock.exe |
Added by the NACKBOT-B WORM! |
| X |
MP Tcloaxs |
mptcloaxs.exe |
Added by the RANDEX.CT WORM! |
| X |
MP Tclockvv |
mptclock.exe |
Added by the NACKBOT-A WORM! |
| U |
MP_STATUS_MONITOR |
monitr32.exe |
Cannon Multi-Pass status monitor
- your choice |
| X |
Mp3 Loader |
Sysdata.EXE |
Added by the AVETTE-A VIRUS! |
| X |
MP3download |
rundll32.exe MSA64CHK.dll,
DllMostrar |
MatrixDialer related |
| U |
MPEO |
Csinsm32.exe |
Automatic logging of installs
from Norton CleanSweep - available via Start -> Programs |
| Y |
MPFExe |
mpf.exe |
McAfee Personal Firewall |
| Y |
MPFExe |
MpfTray.exe |
McAfee Personal Firewall |
| Y |
MPFTray |
MpfTray.exe |
McAfee Personal Firewall |
| X |
MPL32 driver |
MPL32.exe |
Added by the LOONY-M TROJAN! |
| X |
MPlay64 |
mplay64.exe |
Added
by the MPLAY64 TROJAN! |
| U |
MplSetup |
MplSetup.exe |
Used by Ricoh network printers
to enable network printing from the client |
| X |
MPM Manager |
MPM.exe |
Added by the DONBOMB.A TROJAN! |
| X |
MPNet |
mpn.exe |
Added by the DELBOT-W WORM! |
| U |
MPower |
MPower.exe |
MPower from MindBeat.
"Defragments and frees your RAM giving more stability to your system and
avoiding needless use of swap file. Willl also benchmark (speed test) your
hard disk drives and your CPU load". MS MVPs (Most Valued Professional)
recommend not using memory managers with Win98/SE/ME. See this article and
make up your own mind |
| X |
mppdds |
mppdds.exe |
Added by the PWS-AKZ TROJAN! |
| X |
mppds |
mppds.exe |
Added by the LEGMIR.AQZ TROJAN! |
| X |
MPR MSG |
mprmsg32.exe |
Added by the MYTOB.CF WORM! |
| X |
MPREXE |
MPREXE.EXE |
Added by the OPASERV.T WORM!
Note - this is not the legitimate Mprexe.exe system file |
| Y |
MPREXE.exe |
mprexe.exe |
WIN32 Network Service Interface Process. MPREXE.exe enables
the computer to have multiple clients/protocols for networks. There are some
problems with it sometimes though - see here. Note - why some people have it
listed in start-up programs I don't know but I was asked to include it here.
It automatically runs in the background. NOTE : sometimes it will appear in
start-ups if you have a virus |
| X |
MprHTML |
MprHTML.exe |
Added by a variant of the VAGRNOCKER TROJAN! |
| X |
mprocessor |
mprocessor.exe |
InstallDollars.com foistware |
| U |
MPSExe |
mscifapp.exe |
McAfee.com Privacy Service -
"combines personal identifiable information (PII) protection with online
advertisement blocking and content filtering" |
| Y |
MpsOnn |
MpsOnn.exe |
Canon printer driver |
| ? |
MPT |
MPT.exe |
?? |
| X |
MPtask Services |
mptask.exe |
Added by the LALA or AOT
TROJANS! |
| N |
MPTBox |
MPTBOX.EXE |
Cannon Multi-Pass toolbox - a
button bar |
| X |
mptsgsvc.exe |
mptsgsvc.exe |
Hacker Tool - detected by
DiamondCS TDS-3 anti-trojan as "HackTool.Win32.Hidd.j" |
| N |
MPXTray |
mpxptray.exe |
Windows Media Player PowerToy
which is run from the taskbar. It can be used to hide Windows Media Player
(when in use) and choose various standard buttons (play/pause, next,previous)
etc |
| X |
mqbkup |
mqbkup.exe |
Added by the OPASERV.K WORM! |
| X |
mrsvctr |
mrsvctr.exe |
Added by a
variant of the SDBOT WORM! |
| N |
mrtMngr |
mrtMngr.exe |
Maintenance Release Task Manager
for Intuit's QuickBooks or Quicken |
| U |
MRUBlaster |
indexcleaner.exe |
MRU-Blaster
related - runs once in order to delete the index.dat file in the Temporary
Internet Files and/or Cookies folder |
| U |
MRU-Blaster Scheduler |
scheduler.exe |
Scheduler
for MRU-Blaster - "a program made to do one large task - detect and
clean MRU (most recently used) lists on your computer" |
| N |
MRU-Blaster Silent Clean |
mrublaster.exe |
MRU-Blaster
- performs silent cleaning of MRU lists at boot |
| X |
ms |
svhost32.exe |
Added by the LEGMIR-AQO TROJAN! |
| X |
MS Auto-IPSec Protection |
MSASP32.exe |
Added by the RBOT-AER WORM! |
| X |
MS Autoloader 32 |
MSAuto32.exe |
Added by the SPYBOT.BD WORM! |
| X |
Ms Builders |
Wupated.exe |
Added by the AGOBOT-SS WORM! |
| X |
MS Config |
msdconfig.exe |
Added by the RBOT-CZH WORM! |
| X |
MS Config Loader |
MSWin32bck.exe |
Added by the GAOBOT.AA WORM! |
| X |
MS Config Loader |
svchos1.exe |
Added by the AGOBOT.R WORM! |
| X |
MS Config Loader |
svcrhost.exe |
Added by a variant of the RBOT WORM! |
| X |
MS Config Service |
Msloader32.exe |
Added
by the RBOT-KJ WORM! |
| U |
MS Config v13 |
lrbz32.exe |
Added by the GAOBOT.AOL WORM! |
| X |
Ms configsu |
msconfigsu.exe |
Added by a
variant of the SDBOT WORM! |
| X |
Ms Configuration |
microsoftsa32.exe |
Added by the KELVIR.X WORM! |
| X |
MS Configuration |
MSFramer.exe |
Added by the RANDEX.OL WORM! |
| X |
MS DATABASE |
MSDATA32.EXE |
Added by a
variant of the SDBOT WORM! |
| X |
MS Decryption Software |
active.exe |
MediaTickets
adware variant |
| X |
MS DirectX Sound Drivers |
msdrvdx.exe |
Added by the RBOT.BCX WORM! |
| X |
MS DLL Library Manager |
dllsys64.exe |
Added by the RANKY TROJAN! |
| X |
MS Domain Name Server Deamon |
MSDNSD32.exe |
Added by the RBOT-CMZ WORM! |
| X |
MS Domain Name System |
MSWDNS32.exe |
Added by the RBOT-GKY WORM! |
| X |
MS DVD DirectX Dll Drivers |
mdxdl.exe |
Added
by the SDBOT-XI WORM! |
| X |
MS DVD DirectX Sound Drivers |
msdrvdx.exe |
Added
by the SDBOT-XJ WORM! |
| X |
MS Explorer |
mexplore.exe |
Added by the YAHA.AE WORM! |
| X |
MS FIREWALL |
msfirewall.exe |
Added by the SDBOT-QH WORM! |
| X |
MS FIREWALL |
msfrewall.exe |
Added by the SDBOT-PU WORM! |
| X |
MS HTML |
msHtml.exe |
Added by the PESTDOOR.31 TROJAN! |
| X |
MS HTML |
mslat.exe |
Added by the LATINUS.SVR TROJAN! |
| X |
MS HTML Location Class |
MSHTML32.exe |
Added
by the RBOT-YD WORM! |
| X |
MS Internet Executor 32 |
MSIXEC32.exe |
Added by the RBOT-AEQ WORM! |
| X |
MS Java Applets for Windows NT
& XP |
javaapplet.exe |
Added by the RBOT.BHG WORM! |
| U |
MS Java Applets for Windows NT,
ME & XP |
javaapplets.exe |
Added by the VANEBOT-B WORM! |
| X |
Ms Java for Windows 98, NT, ME
& XP |
msjavames.exe |
Added by the RBOT.BHJ WORM! |
| X |
Ms Java for Windows 98, NT, XP
& ME |
msjavaxps.exe |
Added by the BACKDOOR.GEN TROJAN! |
| X |
Ms Java for Windows NT |
MS32.exe |
Added by the VANEBOT-H WORM! |
| X |
Ms Java for Windows NT |
msi32java.exe |
Added by the VANEBOT-I WORM! |
| X |
Ms Java for Windows NT |
msjava.exe |
Added by the VANEBOT-E WORM! |
| X |
MS Java for Windows NT, XP &
ME |
xpjavams.exe |
Added by the KASSBOT-V WORM! |
| X |
MS Java for Windows XP & NT |
javanet.exe |
Added by the VANEBOT-A WORM! |
| U |
MS Java Service Wrapper for
Windows NT & XP |
wrapper.exe |
Added by the VANEBOT-D WORM! |
| X |
Ms Java Update For Windows NT/XP |
msijavaupdt32.exe |
Added by the RANDEX.AF WORM! |
| X |
MS lsass Startup |
lsass135.exe |
Added by the RBOT.WM WORM! |
| ? |
MS management console |
mms.exe |
Suspicious as the legitimate
"Microsoft Management Console" is "mmc.exe" and not
"mms.exe" and doesn't normally run at startup |
| X |
MS Microsoft Socket Deamon |
MSSCKD32.exe |
Added by a variant of the RBOT WORM! |
| X |
MS MSN Menssenger 7.0 |
MSEXPORT.exe |
Added by a
variant of the SDBOT WORM! |
| X |
MS MSN Menssenger 7.0 |
MSMSN7.exe |
Added
by the RBOT-ACA WORM! |
| X |
MS Network Control |
mswin.exe |
Added by the DUMBA TROJAN! |
| X |
ms ownage |
winPE.exe |
Added by the RBOT-AJL WORM! |
| X |
MS PLUS INC |
wpad.exe |
Added by the MYTOB-AN WORM! |
| X |
Ms Processe Manager |
msproc.exe |
Added by the RBOT.ATO WORM! |
| X |
MS Real Player |
RealPlyr.exe |
Added by the RBOT.MR WORM! |
| X |
MS Registry Service |
MSRMS32.exe |
Added by the RBOT-AKP WORM! |
| X |
MS Remote Procedure Call |
msrpc32.exe |
Added
by the RBOT-QL WORM! |
| X |
MS Screen Saver |
scrsave.scr |
Added by the RBOT-AGT WORM! |
| X |
MS Security |
systm.pif |
Added by the RBOT-AQN WORM! |
| X |
MS Security Authority Service |
lsass.exe |
Added by the KALEL-B WORM! Note
- this is not the legitimate lsass.exe process which is always located in the
System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure
in Msconfig/Startup! This file is located in the System folder |
| X |
MS Security Hotfix |
service5.exe |
Added by the GAOBOT.AG WORM! |
| X |
MS Security Update 993 |
msident.exe |
Added by a
variant of the SDBOT WORM! |
| X |
MS service |
msservice.exe |
Added
by the RBOT-ZG WORM! |
| X |
MS Service Drivers |
winscv.exe |
Added by the SDBOT-COG WORM! |
| X |
Ms sock for Windows NT |
winser.exe |
Added by a
variant of the SDBOT WORM! |
| X |
MS Sound Config 16bit |
sndcfg16.exe |
Added
by the SDBOT.MB TROJAN! |
| X |
Ms Sound Drivers |
msdrv.exe |
Added by the SDBOT-WR WORM! |
| X |
Ms Spool32 |
MS SPOOL32.EXE |
Added by the ASASSIN TROJAN! |
| X |
MS SyS Restore |
sysrestore.exe |
Added by the RBOT.XM WORM! |
| X |
MS Sys Security |
mswin.pif |
Added by the RBOT-APJ WORM! |
| X |
MS System Call Function |
msscf32.exe |
Added by the RBOT-GBZ WORM! |
| X |
Ms System Config |
Mscfg.exe |
Added by the SDBOT-CCR WORM! |
| X |
Ms System Config |
pcedit.exe |
Added by a
variant of the SDBOT WORM! |
| X |
MS System Security |
mswin32.pif |
Added by the RBOT-AOX WORM! |
| X |
Ms task manager |
tskmgr.exe |
Added by the SDBOT.CCD WORM! |
| X |
MS taskbar |
crssr.exe |
Added by the RBOT-AGO WORM! |
| X |
MS taskbar |
nts.exe |
Added by the RBOT-AGB WORM! |
| X |
MS taskbar |
taskbars.exe |
Added by the RBOT.BRW WORM! |
| X |
MS Taskbars |
taskbars.exe |
Added by the SDBOT-ACV WORM! |
| X |
MS taskmanager |
tskmgr.exe |
Added by the RBOT-AKA WORM! |
| X |
MS UniX |
navupdate64.exe |
Added by a variant of the RBOT WORM! |
| X |
MS Unix Binary |
msmq2inst.exe |
Added
by the RBOT-YF WORM! |
| X |
MS Unix Binary |
msnq3insller.exe |
Added by a variant of the RBOT WORM! |
| X |
MS Unix Binary |
msnupdate.exe |
Added by the RBOT-AAM WORM! |
| X |
MS Unix Binary |
Norton2005Update.exe |
Added by a variant of the RBOT WORM! |
| X |
MS Unix Binary |
outlookexpressupdate.exe |
Added
by the RBOT-YU WORM! |
| X |
MS Unix Binary |
trmupdate.exe |
Added
by the RBOT-ACC WORM! |
| X |
MS Unix Binary |
win32ttb.exe |
Added by the SPYBOT.OQ WORM! |
| X |
MS Unix Binary |
Win32Update.exe |
Added by the RBOT-BAS WORM! |
| X |
MS Unix Binary |
WinGuard.exe |
Added
by the RBOT-ACL WORM! |
| X |
MS Update |
syshost.exe |
Added by the EVAMAN-F WORM! |
| X |
Ms Update WinServices NT/XP |
winservnt32.exe |
Added by the VANEBOT-G WORM! |
| X |
MS Updates |
aupd.exe |
Spyware web downloader |
| X |
MS Updates |
mscache.exe |
Spyware web downloader |
| X |
MS Updates |
syshosts.exe |
Added by the MYDOOM.Y WORM! |
| X |
MS Updating Utility |
msupdater.exe |
Added
by the RBOT-XR WORM! |
| X |
MS USB 2.0 Windows Support |
msusb32.exe |
Added by a variant of the RBOT WORM! |
| X |
Ms Valud Loader |
Svhots.exe |
Added by the AGOBOT-SP WORM! |
| X |
ms window update |
******.exe [* = random
character] |
Added by a variant of the RBOT WORM! |
| X |
MS Windows AOL Driver |
MSAOLdrv.exe |
Added by the RBOT-ASP WORM! |
| X |
MS windows Data list process |
MSDATLST.exe |
Added by an unidentified WORM or
TROJAN! |
| X |
MS Windows procces 32 |
msprocces.exe |
Added by the RBOT-AEZ WORM! |
| X |
MS Windows Process Class |
MSPRCSS32.exe |
Added
by the RBOT-YQ WORM! |
| X |
MS Windows Process Init |
MSWPI32.exe |
Added by the RBOT-ASQ WORM! |
| X |
MS Windows Security Updater |
updater.pif |
Added by the RBOT-AKY WORM! |
| X |
MS Windows System Alert |
MSWSA32.exe |
Added by the RBOT-BFN WORM! |
| X |
MS Windows Update |
scguard.exe |
Added
by the RBOT-YZ WORM! |
| X |
MS WINS Binary |
ign32.pif |
Added by the RBOT-ASB WORM! |
| X |
ms************* [* = random
digit] |
ms*************.exe [* = random
digit] |
WINBO adware |
| X |
Ms**.exe [* = random char] |
Ms**.exe [* = random char] |
CoolWebSearch/HomeSearch adware
- for examples, see this log |
| X |
Ms**32.exe [* = random char] |
Ms**32.exe [* = random char] |
CoolWebSearch/HomeSearch adware
- for examples, see this log |
| X |
ms_anti_spyware |
mwfirewall.exe |
Added by the GAMQOWI TROJAN! |
| X |
ms_anti_spywarebxp |
mwfibpx.exe |
Added by the SURILA-J TROJAN! |
| X |
ms_anti_spywarebxp |
mwfirebpx.exe |
Added by the SURILA-D TROJAN! |
| X |
MS_LARISSA |
MS_LARISSA.exe |
Added by the ASSIRAL WORM! |
| X |
MS_NETD_WIN32 |
netd32.EXE |
Added by the RANDEX.F WORM! |
| X |
MS_SETUP.EXE |
MS_SETUP.EXE |
Added by the CHARGE TROJAN! |
| X |
MS_Update Check |
wdfmgr.exe |
Added by the AGOBOT-TB WORM! |
| X |
ms2src |
ms2src.exe |
Added
by a TROJAN - see here |
| X |
MS32DLL |
achi.dll.vbs |
Added
by the ACHI-A TROJAN! |
| X |
MS32DLL |
Bha.dll.vbs |
Added by the BUTSUR-A WORM! |
| X |
MS32DLL |
Bha.dll.vbs |
Added by the BUTSUR-A WORM! |
| X |
MS7531 |
ms7531.exe |
Homepage hijacker |
| X |
MSACM |
msacm.exe |
Added by the OPASERV-O WORM! |
| X |
msadcheck |
msadcheck32.exe |
Browser hijacker, redirecting to
search-system.com |
| X |
MSAdmin |
jdbgmrg.exe |
Added by the DASMIN.A TROJAN!
Note - this is not the valid JDBGMGR.EXE file - see here |
| X |
MSAgent |
hhnt.exe |
Added by the AGENT.JI spyware |
| X |
MSAgent |
mshtm.exe |
Browser hijacker - redirecting
to buldog-search.com |
| X |
MSAgentXP |
MSAgentXP.exe |
Reported by Ewido Security
Suite as TrojanDownloader.Reqlook.c |
| U |
msaim |
msaolim.exe |
MessageSpy keystroke logger/monitoring program - remove unless
you installed it yourself! |
| X |
msappts32 |
msappts32.exe |
Added by the ELBURRO-A TROJAN! |
| X |
MsAudio |
explorer.exe |
Added by the LEGMIR-BY TROJAN! Note - the legitimate Windows
Explorer (explorer.exe) is located in the Windows or Winnt folder and would
not normally appear in Msconfig/Startup unless you added it manually! This
one is located in the System (9x/Me) or System32 (NT/2K/XP) folder |
| X |
MsAudio |
MsVM_STI.EXE RunDll32
cmicnfg.cpl, CMICtrlWnd |
Added by the LEGMIR-BY TROJAN!
Note - this is not associated with C-Media based audio which uses a similar
command entry (see here) |
| X |
MSbackups |
backups.exe |
Added by the BANLOAD-TL TROJAN! |
| X |
MSBB |
msbb.exe |
Advertising spyware |
| X |
msbcs |
msbcs.exe |
Added by the DADOBRA-G TROJAN! |
| X |
MsBootMgr.exe |
MsBootMgr.exe |
Added by the VERIFY TROJAN! |
| X |
msbsc |
[path to trojan] |
Added by the BANKER-DF TROJAN! |
| X |
msccrt |
msccrt.exe |
Added by the PWS-ALA TROJAN! |
| X |
mschkdf.exe |
mschkdf.exe |
Added by a
variant of the SDBOT WORM! |
| X |
MSChoExE |
suge.exe |
Added by a variant of the RBOT WORM! |
| ? |
msci |
mcinfo.exe |
McAfee Internet Security
related. What does it do and is it required? |
| X |
mscman |
mscman.exe |
ClientMan parasite variant |
| U |
mscn |
mscn.exe |
Part of the SafeChildNet
internet filtering program - required if you use it |
| X |
Mscnt |
mscnt.exe |
Added by the DLUCA-C TROJAN! |
| X |
Mscolour |
mscolour.exe |
Added by the GEMA TROJAN! |
| X |
MSCommX |
mscommx.exe |
Added by a variant of the RBOT WORM! |
| X |
MSCONFG32.EXE |
MSCONFG32.EXE |
Added by the OPTIX.04.C TROJAN! |
| X |
Msconfig |
icpldrvx.exe |
Added by the BANLOAD.BFT TROJAN! |
| X |
msconfig |
msconfig.com |
Added by the IRCBOT-SM WORM! |
| N |
MSConfig |
msconfig.exe |
Entry that appears when you
uncheck an item in the MSConfig Startup group, and will disappear if on the
next reboot you select the option to not be reminded that you are running in
Selective Startup mode |
| X |
msconfig |
msconfig.exe |
CoolWebSearch parasite related.
Note - this is not the legitimate msconfig.exe which should only appear in
Msconfig/Startup if you leave the warning box unchecked after changing an
Msconfig entry and rebooting |
| X |
Msconfig |
msconfig.exe |
Added by the WINUR WORM! Note - this is not the real
msconfig.exe as it's located in C:winrun |
| X |
MSConfig |
MSCONFIG32.EXE |
Added by the SPYBOT.B WORM! |
| X |
MSConfig |
MSCONFIG35.EXE |
Added by a variant of the SPYBOT WORM! |
| X |
msconfig |
scvhost.exe |
Added by the AGENT-DSF TROJAN! |
| X |
msconfig |
winlog.exe |
Added by the IRCBOT-TJ TROJAN! |
| X |
msconfig |
wins.exe |
Added by the RBOT.PF WORM! |
| X |
Msconfig lptt01 |
msconfig.exe |
RapidBlaster variant (in a
"msconfig" folder in Program Files). Recommended you use
RapidBlaster Killer to uninstall - see here. Note - this is not the valid
Windows Msconfig which has the same executable name |
| X |
MSConfig Manager |
msupdate.exe |
CoolWebSearch
parasite variant |
| X |
Msconfig ml097e |
msconfig.exe |
RapidBlaster variant (in a
"msconfig" folder in Program Files). Recommended you use
RapidBlaster Killer to uninstall - see here. Note - this is not the valid
Windows Msconfig which has the same executable name |
| X |
msconfig service |
MSupdate32.exe |
Added by a variant of the SPYBOT WORM! |
| X |
msconfig.exe |
proxy.exe |
Added by a variant of the
AGENT.AH downloader TROJAN! |
| X |
msconfig.exe |
uline.exe |
Added by a variant of the
AGENT.AH downloader TROJAN! |
| X |
msconfig38 |
mssvcc.exe |
Added by the RBOT-BJV WORM! |
| X |
MSConfig45 |
MSConfig45.exe |
Added by the SDBOT.OJ TROJAN! |
| X |
MSConfigr |
jdbgmrg.exe |
Added by the DASMIN.C TROJAN!
Note - this is not the valid JDBGMGR.EXE file - see here |
| N |
MSConfigReminder |
msconfig.exe |
Entry that appears when you
uncheck an item in the MSConfig Startup group, and will disappear if on the
next reboot you select the option to not be reminded that you are running in
Selective Startup mode |
| X |
MsConfigs |
MsConfigs.exe |
Added by the ALCAN.A WORM! |
| X |
MS-Connect |
arr.exe |
Adult content dialler - see here |
| X |
MS-Connect |
cdm.exe |
Adult content dialler - see here |
| X |
MS-Connect |
game.exe |
Adult content dialler - see here |
| X |
MS-Connect |
msite18.exe |
Adult content dialler - see here |
| X |
MS-Connect |
web.exe |
Adult content dialler - see here |
| X |
MSControl28 |
crsss.exe |
Added by the SPYBOT.AJX WORM! |
| X |
MSControl31 |
winnsyst.exe |
Added by the RBOT.CFY WORM! |
| X |
MSControl3d1 |
isasse.exe |
Added by the RBOT.CGU WORM! |
| X |
MSCORE |
syscnfg.exe |
Added by an unidentified VIRUS,
WORM or TROJAN! "syscnfg.exe" is found in C:windowsfonts (or
C:winntfonts) directory where no *.exe files should reside |
| X |
Mscsgs |
MSCSGS.EXE |
Added by the ZEZER WORM! |
| X |
Mscsgs32 |
MSCSGS32.EXE |
Added by the ZEZER WORM! |
| X |
mscsvc.exe |
mscsvc.exe |
Added by the BANCOS.T TROJAN! |
| X |
Msctrl32 |
Msctrl32.scr |
Added by the REDIST WORM! |
| X |
MSCVT |
MSCVT.exe |
Added by the SLIDESHOW WORM! |
| X |
MSDcom |
MSDcom.exe |
Added by a
variant of the SDBOT WORM! |
| X |
msdev |
msconfig.exe |
Added by the AGOBOT.AAU WORM!
Note - this is not the legitimate msconfig.exe which should only appear in
Msconfig/Startup if you leave the warning box unchecked after changing an
Msconfig entry and rebooting |
| X |
msdev |
msdev.exe |
Added by the FORBOT-CR WORM! |
| X |
msdirect.exe |
msdirect.exe |
Added by the CERTIF-L TROJAN! |
| X |
MSDLL |
syscnfg.exe |
Added by an unidentified VIRUS,
WORM or TROJAN! "syscnfg.exe" is found in C:windowsfonts (or
C:winntfonts) directory where no *.exe files should reside |
| X |
Msdmxm |
msdmxm.exe |
Added by the DLOAD-DC TROJAN! |
| X |
MSDN |
nese.exe |
Added by the SDBOT.AHY WORM! |
| X |
MSDN for Windows NT & WinXP |
msdnxp.exe |
Added by the IRCBOT-PE WORM! |
| X |
MSDN for Windows with NT's |
msdn-nt.exe |
Added by the RBOT-EWD WORM! |
| X |
MSDN HELP |
msdn.exe |
Added by the AGOBOT.AIB WORM! |
| X |
MS-DOS Boot Service |
Boot32.pif |
Added by the RBOT-AMF WORM! |
| X |
MSDOS Security Service |
msdos.pif |
Added by the RBOT-AMP WORM! |
| X |
MS-DOS Security Service |
ms-dos.pif |
Added by the RBOT-AMR WORM! |
| X |
MSDOS Service |
MSDOS.PIF |
Added by the RBOT-AIY WORM! |
| X |
MS-DOS Service |
MS-DOS.pif |
Added by the RBOT-AII WORM! |
| X |
MSDOS Windows Service |
MSDOS.PIF |
Added by the RBOT-AKF WORM! |
| X |
MS-DOS Windows Service |
MS-DOS.PIF |
Added by the RBOT-AJW WORM! |
| X |
Msdos32 |
Msdos32.pif |
Added by the RECORY WORM! |
| X |
msdos423 |
msdos423.exe |
Added by the MENACE.A WORM! |
| N |
MSDosdrv |
msdosdrv.exe |
Added by the BACROS WORM! |
| N |
MSDTC |
msdtc.exe |
MS Distributed Transaction
Coordinator - handles transactions across multiple servers and is installed
by MS Personal Web Server and MS SQL Server |
| X |
Msemu32 |
Msemu32.exe |
Unidentified
spyware/adware/hijacker |
| X |
mservices.exe |
mservices.exe |
Added by the SDBOT.WJ WORM! |
| X |
Msfind |
Msfind.exe |
CoolWebSearch
parasite variant |
| X |
MSFind32 |
msfind32.exe |
Added by the CAYAM WORM! |
| X |
msfindosa.exe |
msfindosa.exe |
Added by
the DOWNLOADER-BS TROJAN! |
| X |
MSFTP Service Config |
r3grun.exe |
Added by a
variant of the SDBOT WORM! |
| X |
MSFWAVTSM |
FTPDev.exe |
Added
by the RBOT-ACF WORM! |
| X |
Msg Fixage |
msgfixed.exe |
Added by the SDBOT.ZD WORM! |
| X |
MsgApi |
[path to file] |
Added by the DEDLER-D TROJAN! |
| X |
msgb1 |
msgb1.exe |
Added by the DLUCA.GEN TROJAN! |
| N |
MsgCenterExe |
RealOneMessageCenter.exe |
RealNetworks RealPlayer related - disabling this application
will not affect Real Player in any way |
| X |
msgex32 |
msgex32.exe |
Added by the APPFLET-A WORM! |
| X |
Msgmgr |
[path to worm] |
Added by the BABYBEAR WORM! |
| X |
msgserv_ |
Syss.exe |
Added by the FANTA TROJAN! |
| X |
msgsm32 |
msgsm32.exe |
Added by the RBOT-ASG WORM! |
| X |
Msgsrv16 |
Msgsrv16.exe |
Added by the DELF family of TROJANS! |
| Y |
MSGSRV32.exe |
msgsrv32.exe |
Windows
32-bit VxD Message Server. For more information on its function and why it's
needed, see here. Note - why some people have it listed in start-up programs
I don't know but I was asked to include it here. It automatically runs in the
background |
| X |
Msgsvc32 |
[worm filename] |
Added by the NAUTICAL-A TROJAN! |
| X |
MsgSvcMgr32 |
cmdzxdll.exe |
Added by the RBOT-AEK WORM! |
| X |
msgsvr32 |
msgsvr32.exe |
Added by the DEADHAT.B WORM! Note - not to be confused with
the valid "msgsrv32.exe" file which resides in the same directory
(C:WindowsSystem) on a Win9x/Me machine |
| U |
MSGTAG |
MSGTAG.exe |
MSGTAG is an application
that tells you when your emails have been received and opened |
| X |
Msgtray |
sys16.exe |
Added by an unknown VIRUS! |
| X |
Mshelp32 |
mshelp32.exe |
CoolWebSearch
parasite variant |
| X |
MSHT@ |
MSHT@.EXE |
Added by the MAGISTR.A VIRUS! |
| X |
MS-HTML |
[random filename] |
Added by the LATINUS.15 TROJAN! |
| X |
mshtmll |
mshtmll.dll |
Added by the DELF.BAS TROJAN! |
| X |
msident |
msident.exe |
Unidentified adware or trojan |
| X |
msidle |
msidle.exe |
Added by the OPASERV-O WORM! |
| X |
MsIdle32.exe |
MsIdle32.exe |
Added by the VERIFY TROJAN! |
| X |
MSIdll |
winmp.exe |
Added by a variant of the RBOT WORM! |
| X |
MSIE Parsers |
MSIE32ab.exe |
Added by the SDBOT.MV WORM! |
| X |
msiew |
mseiw.exe |
Added by the LITTLOG TROJAN! |
| X |
MSIEXEC |
MSIEXEC.EXE |
Added by the YOSENIO-A VIRUS! |
| X |
MSIEXEC |
MSIEXEC32.exe |
Added by the AINESEY.A WORM! |
| X |
msiexecs.exe |
msiexecs.exe |
Added by a
variant of the SDBOT WORM! |
| X |
MSIMN32 |
MSIMN32.EXE |
Added
by the CWS-M TROJAN! |
| ? |
MSIN |
MSin.exe |
?? |
| X |
Msinet |
Msinet.exe |
Added by the RBOT-AOA WORM! |
| X |
MSInfo |
AVBgle.exe |
Added by the NETSKY.O WORM! |
| X |
MSInfo |
msinfo.exe |
Added by the ALADINZ.M TROJAN! |
| X |
MSInstall |
smvss.exe |
Added by the DEDLER-G TROJAN! |
| X |
msjava service |
xpcd.exe |
Added by the SDBOT.VM WORM! |
| U |
MSKAGENTEXE |
MskAgent.exe |
McAfee Spamkiller |
| X |
MSKCES32 |
[random filename] |
Added by the CLONER TROJAN! |
| U |
MSKDetectorExe |
MSKDetct.exe |
Part of McAfee Spamkiller |
| X |
MSKernel32 |
MSKernel32.vbs |
Added by the LOVELETTER (I LOVE YOU) VIRUS! |
| X |
MSkernel32 |
System.exe 4820 |
Added by the TUXDER TROJAN! |
| U |
MSKExe |
spamkiller.exe |
McAfee Spamkiller |
| X |
mskj |
mskj.exe |
Added by the KAEMON TROJAN! |
| U |
MSKServerExe |
MSKSrvr.exe |
Part of McAfee Spamkiller |
| X |
mslagent |
mslagent.exe |
Added by the WINTRIM-F TROJAN! |
| X |
MSLARISSA |
MSLARISSA.pif |
Added by the ASSIRAL.B WORM! |
| ? |
MSLIB32 |
mswatch32.exe |
?? |
| X |
MSLog |
MicrosoftLog.exe |
Added by a
variant of the SDBOT WORM! |
| X |
Mslogon lptt01 |
mslogon.exe |
RapidBlaster variant (in a
"Mslogon" folder in Program Files). Recommended you use
RapidBlaster Killer to uninstall - see here |
| X |
Mslogon ml097e |
mslogon.exe |
RapidBlaster variant (in a
"Mslogon" folder in Program Files). Recommended you use
RapidBlaster Killer to uninstall - see here |
| X |
MsManager |
msmgr32.exe |
Added by the YAHA.AF WORM! |
| X |
msmanager32 |
msmngr32.exe |
Added by the RANDON-R (or
WOMANIZ.A) WORM! |
| X |
msmautoprotect |
msmssgs.exe |
Added by the BIFROSE-AJ TROJAN! |
| X |
msmc |
ms****.exe [* = random char] |
ClientMan parasite variant |
| X |
msmc |
mscpbo.exe |
ClientMan parasite variant |
| X |
msmc |
msgdmf.exe |
ClientMan parasite variant |
| X |
msmc |
msmc.exe |
ClientMan parasite variant |
| X |
msmc |
msongn.exe |
ClientMan parasite variant |
| X |
MSMcAfeee |
Avsynmgr32e.exe |
Added by the FRAMAR TROJAN! |
| X |
MSMcAfeeh |
Avsynmgr32h.exe |
Added by the FRANGO TROJAN! |
| X |
MSMcAfeeS |
Avsynmgr32S.exe |
Added by the VOLAC or VOLAC.DR
TROJANS! |
| X |
MSMessnger |
msnupd.exe |
Added by the RBOT-ADY WORM! |
| ? |
msmgr |
msmgr.exe |
?? |
| X |
msMGR |
rtkmsg.exe |
Added by the SDBOT-BPY WORM! |
| X |
Msmgt |
msmgt.exe |
Total Velocity
adware/hijacker |
| X |
MSMNTGNT |
MSMNTGNT.EXE |
Added by the BANKER-IE TROJAN! |
| X |
MSMNTJBE |
MSMNTJBE.EXE |
Added by the Bancos-EF TROJAN! |
| X |
MSMNTJNG |
MSMNTJNG.EXE |
Added by the GRABER-G TROJAN! |
| X |
MSMNTMTS |
MSMNTMTS.EXE |
Added by the BANKER-GZ TROJAN! |
| X |
msmon |
msmon.exe |
Added by a variant of the GEMA.D TROJAN! |
| X |
MsMovies |
MsMovies.exe |
Malware - recognized by
Kaspersky antivirus as Trojan-Dropper.Win32.WinAD.h |
| ? |
MsmqIntCert |
regsvr32 /s mqrt.dll |
Microsoft Message Queue Server -
Internal Certificate - see here for more info and here for a potential
problem. Is it required? |
| X |
MSMSGNER |
[4-8 random letters].exe |
Added by the FOWLDO-GEN TROJAN! |
| X |
msmsgr |
msmsgss.exe |
Recognized by Kaspersky
antivirus as RBOT.AJJ |
| U |
MSMSGS |
msmsgs.exe |
KITRO.A
WORM! |
| X |
MSN |
ctfmoons.exe |
Added by the SPYBOT.HI WORM! |
| X |
MSN |
MSN.exe |
Added by the MINIT WORM! |
| X |
MSN |
msn16.exe |
Added
by the SDBOT-VN WORM! |
| X |
MSN |
msnmesengers.exe |
Added
by the RBOT-ME WORM! |
| X |
msn |
msnmsg.exe |
Added
by the RBOT-GO WORM! |
| X |
MSN |
msnmsgr.exe |
Added by the MYTOB or MYTOB.B
WORMS! Note - this is not the valid MSN Messenger (now Windows Live
Messenger) utility |
| X |
MSN |
msnmsgs.exe |
Added
by the RBOT-KL WORM! Note - not to be confused with msmsgs.exe, the well
known MSN Instant Messaging application! |
| X |
MSN |
msnsgr.exe |
Added by an unidentified WORM or
TROJAN! |
| X |
msn |
msnsvc.exe |
Added by a
variant of the SDBOT WORM! |
| X |
MSN 9.0 Plus |
[random letters].exe |
Added by the RBOT-ALY WORM! |
| X |
MSN Administration For Windows |
msnadp32.exe |
Added by the BROPIA.W WORM! |
| X |
MSN ang |
cssrss.exe |
Added by the FORBOT-CE WORM! |
| X |
MSN BETA |
service.exe |
Added by the RBOT.AUU WORM! |
| X |
MSN Checker |
msnchecker.exe |
Added by the SDBOT-AGB WORM! |
| X |
Msn Config |
msngf.exe |
Added
by the RBOT-QG WORM! |
| X |
Msn Configuration Loader |
msngms.exe |
Added by the KELVIR.T WORM! |
| X |
MSN Explorer |
explorer..exe |
Dropper for the Ciadoor.cb TROJAN! |
| X |
MSN Explorer |
msnexplorer.exe |
Added by the AGENT-CAX TROJAN! |
| X |
MSN Funny Images |
imsngsr.exe |
Added by the AGOBOT-TT WORM! |
| N |
MSN Internet Access |
trayclnt.exe |
Quick way to connect to MSN
internet service - replaces "MSN Quick View" from V5.6 onwards |
| X |
MSN Manager |
cvss.exe |
Added by a variant of the SPYBOT WORM! |
| X |
MSN Manager |
mscmgr.exe |
Unidentified malware - causes
multiple browser windows to open |
| X |
MSN Message Background loader |
msnmesg.exe |
Added by a variant of the RBOT WORM! |
| X |
MSN Messages |
msnmesg.exe |
Added by the RBOT-ACN WORM! |
| X |
MSN messanger |
msnmsgsm.exe |
Added by the RBOT-FMP WORM! |
| X |
MSN Messanger |
msnmsgsmn.exe |
Added by the RBOT-FOQ WORM! |
| X |
MSN Messanger |
msnmsng.exe |
Added by the SDBOT.XN WORM! |
| X |
Msn Messeng |
windns.exe |
Added by a variant of the RBOT WORM! |
| X |
Msn Messenge |
IExplorer.exe |
Added by the DELF-LL TROJAN! |
| X |
MSN Messenger |
explorer..exe |
Dropper for the Ciadoor.cb TROJAN! |
| X |
MSN Messenger |
IExplorer.exe |
Added by the BANKER-EU TROJAN! |
| X |
MSN messenger |
messenger.exe |
Added by an unidentified TROJAN!
Note - this is not the real MSN Messenger |
| X |
MSN MESSENGER |
msmmsgr.exe |
Added by the KELVIR.Q WORM! |
| X |
MSN Messenger |
msmsgs.exe |
Added by the DLOADER-LN or
ZLOB-C or ZLOBDROP-C TROJANS! Note - this particular msmsgs.exe file is
located in the WindowsSystem32 or WinntSystem32 folder, and should not be
mistaken for the MSN Messenger file of the same name! |
| X |
MSN Messenger |
msmsgs.exe |
Added by the ZHOPA TROJAN! Note - this particular msmsgs.exe
file is located in the WindowsSystem32 or WinntSystem32 folder, and should
not be mistaken for the MSN Messenger file of the same name! |
| X |
MSN Messenger |
msnmsgr.exe |
Added by the AGOBOT.AOQ WORM! Note - this is not the valid
MSN Messenger utility |
| X |
Msn Messenger |
msnmsgs.exe |
Added by the LOONY-P TROJAN! Note - not to be confused with
msmsgs.exe, the well known MSN Instant Messaging application! |
| X |
MSN Messenger |
msnmsngr.exe |
Added by a variant of the RBOT WORM! |
| X |
Msn Messenger |
msnmsnr.exe |
Added by the BANKER-GG TROJAN! |
| X |
MSN Messenger |
PIC1324.exe |
Added by
the CHOKE.C WORM! |
| X |
MSN Messenger |
Reosmsngr.exe |
Added by a variant of the SPYBOT WORM! |
| X |
MSN Messenger 32 |
msniu.exe |
Added by the RBOT-AWB WORM! |
| X |
MSN Messenger 323 |
msniu3.exe |
Added by the RBOT-AXB WORM! |
| X |
MSN Messenger 6.2 |
tyd.exe |
Added by a variant of the RBOT WORM! |
| X |
MSN MESSENGER 9.0 |
messengerr.exe |
Added by a variant of the RBOT WORM! |
| X |
MSN messenger service |
mssgs.exe |
Added by an unidentified TROJAN!
Note - this is not the real MSN Messenger |
| X |
MSN Messenger Service Starter |
msnmgsr.exe |
Added by the RBOT-AOS WORM! |
| X |
Msn Messenger Update |
msnupdate.exe |
Added by a variant of the RBOT WORM! |
| X |
MSN Messenger User Controls |
msmsgr.exe |
Added by the KELVIR.HI WORM! |
| X |
Msn Messengers |
MSNMSGR.EXE |
Added by the RBOT.KX WORM! |
| X |
MSN MMISSENGER |
mssmmspgr.exe |
Added by the KELVIR.AJ WORM! |
| X |
Msn Patch |
msndp.exe |
Added by the RBOT.AAI WORM! |
| X |
Msn Patches |
msndr.exe |
Added by a variant of the SDBOT WORM! |
| X |
Msn Plus Updater |
msnplus.exe |
Added
by the RBOT-MU WORM! |
| X |
Msn Processe Manager |
msni32.exe |
Added by the RBOT-ADX WORM! |
| N |
MSN Quick View |
Msndc.exe |
Quick way to connect to MSN
internet service |
| X |
MSN Registry loader |
msmnwin.exe |
Added by the KELVIR.FK WORM! |
| X |
MSN Service |
amsnmsgrs.exe |
Added by a
variant of the SDBOT WORM! |
| X |
Msn Service |
matrixcam.exe |
Added by the MYTOB.JH WORM! |
| X |
MSN service |
msnmgr16.exe |
Added by a variant of the RBOT WORM! |
| X |
MSN service |
msnmsgr16.exe |
Added
by the RBOT-RZ WORM! |
| X |
MSN service |
NTDKRN.EXE |
Added by the RBOT.UJ WORM! |
| X |
Msn Service |
raloded.exe |
Added by the MYTOB-DY WORM! |
| X |
MSN Service Updates |
winproc.exe |
Added by the KELVIR-BB WORM! |
| X |
MSN Service Utilities |
nkn.exe |
Added by the KELVIR-BC WORM! |
| X |
MSN Start |
msnmsgr7.exe |
Added
by the RBOT-PH WORM! |
| X |
MSN Update |
DLLCON.EXE |
Added
by the RBOT-EA WORM! |
| X |
MSN Update |
mscon.exe |
Added
by the RBOT-QA WORM! |
| X |
MSN Update |
msn32.exe |
Added by the RBOT.AHN WORM! |
| X |
Msn Update Manager (Sp2) |
MSMSGS.EXE |
Added by the AGOBOT-NL WORM! |
| X |
Msn Update Service |
userx.exe |
Added by the MYTOB.JF WORM! |
| X |
MSN Updater |
msnms.exe |
Added by the FORBOT-CG WORM! |
| X |
Msn Updater |
msnplugins.exe |
Added
by the RBOT-HS WORM! |
| X |
Msn Updater |
windatemanager.exe |
Added by the SDBOT.TS WORM! |
| X |
MSN UPDATERS |
virtualmemory.exe |
Added
by the RBOT-JK WORM! |
| X |
msn.exe |
son.exe |
Added by the STARTPA-GS TROJAN! |
| X |
MSN32 X Service |
MSN32x.EXE |
Added by an unidentified WORM! |
| X |
MSN8m Startup |
msn8m.exe |
Added by a variant of the RBOT WORM! |
| X |
msnager32 |
svchostt.exe |
Added by the WOMANIZ.E TROJAN! |
| N |
msnappau |
msnappau.exe |
Updater for the MSN toolbar that
can be downloaded onto IE. Calls home every day or so to "update"
the toolbar |
| X |
Msnarrator |
msnarrator.exe |
Added by the NARAT.A TROJAN! -
also identified as MPGCOM Toolbar adware |
| X |
MSNavWH |
MSWkwrH.exe |
Added
by the ANAV-A WORM! |
| X |
msndrvsys |
msndrvsys.exe |
Added by the BROGGER-D TROJAN! |
| X |
MSNET |
msnet.exe |
Added by the BOA WORM! |
| X |
MsnExplorer |
MSEXPLOREN.EXE |
Added by the EB TROJAN! |
| X |
MsnExplorer |
msnexploren.exe |
Added by the TACTSLAY.B TROJAN! |
| X |
MsnExplorer |
sdhch.exe |
Added by the TACTSLAY.B TROJAN! |
| X |
MsnExplorer |
SHCH.EXE |
Added by the EB TROJAN! |
| X |
MsnExplorer |
SVCHST.EXE |
Added by the EB TROJAN! |
| X |
MsnExplorer |
winagent.exe |
Added by the EQ TROJAN! |
| ? |
MsnFixer |
msnfixjs.js |
Located in the HPbinmsnfix
directory of a HP PC |
| X |
MSNGrabber |
MSNgrabber.exe |
Added by the ENVID.A WORM! |
| X |
msngta32 |
msngta32.exe |
Added by a variant of the RBOT WORM! |
| N |
MSNIA |
MSNIASVC.EXE |
Added with MSN version 9. Resets
certain internet settings upon bootup and can't be disabled via MSCONFIG |
| X |
msnload32.exe |
msnload32.exe |
Added by the BANCOS.M TROJAN! |
| X |
MSNMESENGER |
Main.exe |
Added by the PRORAT TROJAN! |
| X |
msnmessenger |
msnmessenger.exe |
Added by the BANCBAN-KJ TROJAN! |
| X |
msnmsg |
asgag.exe |
CoolWebSearch
parasite variant |
| X |
msnmsg |
msnmsg.exe |
Added by the BANKER-CLX TROJAN! |
| X |
msnmsg |
TBC.exe |
Added by an unidentified TROJAN! |
| X |
msnmsg.exe |
mscmd32.exe |
Added by a variant of the
AGENT.AH TROJAN! |
| X |
msnmsgq32 |
msnmsgq.exe |
Added by the TACTSLAY.H TROJAN! |
| X |
msnmsgq32 |
msnmsgq32.exe |
Added by the TACTSLAY.F TROJAN! |
| X |
msnmsgq32 |
sssasasb32.exe |
Added by the TACTSLAY.F TROJAN! |
| N |
msnmsgr |
msnmsgr.exe |
MSN Messenger
(now superseeded by Windows Live Messenger) utility. If you don't use MSN
Messenger, this can be annoying. Available via Start -> Programs. Go to MS
Messenger -> Tools -> Options -> Preferences and uncheck "Run
this program when Windows starts" |
| X |
MsnMsgr |
msnmsgr.exe |
Added by the ANNEW-FAM WORM! Note - this is not the valid MSN
Messenger utility |
| X |
MsnMsgr |
MsnMsgrs.exe |
Added by the NETSKY-AD WORM! |
| X |
msnmsgr32-.exe |
msnmsgr-.exe |
Added by a variant of the SPYBOT WORM! |
| X |
MSNMSGR5 |
MSNMSGR5.exe |
Added by the RBOT.PQ WORM! |
| X |
MSNMSGRE |
swef.bat |
IRC backdoor TROJAN or WORM! |
| X |
MSNMSGRR |
swin.bat |
IRC backdoor TROJAN or WORM! |
| X |
MSNMSGRS |
swe.bat |
IRC worm or backdoor trojan! |
| X |
MSNMSGRS |
swiss.bat |
IRC worm or backdoor trojan! |
| X |
MSNMSGRS1 |
swed.bat |
IRC backdoor TROJAN or WORM! |
| X |
msnmsgs.exe |
msnmsgs.exe |
Added by the BANKER-HK TROJAN! Note - not to be confused with
msmsgs.exe, the well known MSN Instant Messaging application! |
| X |
msnmsgsgs |
msnmsgsgs.exe |
Added by the "Catal"
alias Spy.Delitall.B backdoor TROJAN! |
| X |
msnmsgy |
[path to file] |
Added by the BANKER-EQ TROJAN! |
| X |
msnnt |
winampb.exe |
Chinese originated adware -
detected by Kaspersky antivirus as Trojan.Win32.Agent.tl |
| X |
msnnt |
winampf.exe |
Added by the SMALL.DTS TROJAN! |
| X |
MSNPluginSrIvcs |
n3vasap23.exe |
Added by a variant of the RBOT WORM! |
| X |
MSNPluginSrvcs |
p6.exe |
Added by the SDBOT.AKJ or
RBOT-VJ WORMS! |
| X |
MSNPluginSrvcs |
sagate.exe |
Added by the SDBOT.AKJ WORM! |
| X |
MSNPlus |
msnplus.exe |
Added by the BANKER-DAN TROJAN! |
| X |
MSNS PLUS XP2 |
msdupd.exe |
Added by the RBOT-BCE WORM! |
| X |
msnsched2 |
msnsched2.exe |
Added by the SPYBOT.NNT WORM! |
| X |
MSNService |
MSNService.exe |
Added by the CARPET.C WORM! |
| X |
msnsgs |
msnsgs.exe |
Added by the CHEUKO-B TROJAN! |
| X |
msnshed |
msnshed.exe |
Added
by the RBOT-YN WORM! |
| X |
msnsmgr |
MsnMsr.exe |
Added by the LOONY-N TROJAN! |
| N |
msnsyslog |
msnappm.exe |
Related
to Messenger Applications. When you uninstall the trial version the msnappm
keeps saying (You have xx days left) this is adware and it very annoying |
| X |
MSNSysRestore |
pc32.exe |
Added by a variant of the MASTAK
VIRUS! |
| X |
msnToolbaar |
msnmsgesc.exe |
Added by the RBOT.BMF WORM! |
| X |
MSObject32 |
MSObject32.js |
Added by the PUN TROJAN! |
| X |
Msoffice |
msoffice.hta |
Hijacker - redirecting to
Searchdot.net |
| X |
MSOffice |
services.exe |
Added by the DLOADER-EU TROJAN!
Note - this is not the legitimate services.exe process which is always
located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not
normally figure in Msconfig/Startup! This file is located in an "MSOffice"
subfolder |
| X |
MSOffice32 |
msjcf.exe |
Added by the RAKER-A TROJAN! |
| X |
MSOfficeCfg |
msocfg.exe |
Premium rate adult content
dialer |
| X |
MSOfficeCfg |
navchk.exe |
Premium rate adult content
dialer |
| X |
MSOfficeCfg |
qservice.exe |
Premium rate adult content
dialer |
| X |
MSOfficeCfg |
shman.exe |
Premium rate adult content
dialer |
| X |
MSOfficeCfg |
ssvr.exe |
Premium rate adult content
dialer |
| X |
msoffwz |
msoffwz.EXE |
Added by the BANCBAN-HQ TROJAN! |
| X |
M-soft Office |
M-soft Office.hta |
HTA file which creates an
executable on the hard drive which subsequently proceeds to download files
from a malware site! |
| X |
msoft-updater23 |
mssysstems.exe |
Added by the RBOT-ATU WORM! |
| X |
msoft-updater23 |
slssystem.exe |
Added by the RBOT-ASR WORM! |
| X |
MSOleath32 |
winss.exe |
Added by
the KATHER TROJAN! |
| X |
MSOOBD |
MSOOBD.EXE |
Added by the MAGISTR.A VIRUS! |
| X |
mspaint.exe |
check32.exe |
Added by the AGENT.AH TROJAN! |
| X |
MS-patch |
msconfig32.exe |
Added by the RBOT-AUF WORM! |
| X |
MS-patch |
mspatch32.exe |
Added by the RBOT-AWF TROJAN! |
| X |
Mspatch69 |
[path to trojan] |
Added by the MPROX TROJAN! |
| X |
Mspatch89 |
cnqmax.exe |
Added by the RANDEX.P WORM! |
| X |
MSPetServ |
PET32.EXE |
Added by the IRCBOT-VE WORM! |
| X |
msping |
msping.exe |
Added by the FLOODBLACK TROJAN! |
| X |
msping.exe |
msping.exe |
Added by the MZ TROJAN! |
| X |
MSPluginSrvc |
p3.exe |
Added
by the RBOT-WV WORM! |
| X |
MSPLUS |
msplus32.exe |
Added by the MYTOB-AM or
MYTOB-CL WORMS! |
| X |
MSPP System Update 64 |
wiaadmgr.exe |
Recognized by Kaspersky
antivirus as the RANKY.GEN TROJAN! |
| X |
MSPQFile |
MSA****.TMP |
Homepage hijacker. See here for more information. **** can be
anything |
| X |
MSPRO32 |
[path to worm] |
Added by the IBERIO WORM! |
| X |
MSPRO32 |
pnp.exe |
Added by the ZOTOB.O WORM! |
| X |
MSprotect.exe |
MSprotect.exe |
Added by the DABYREV.A VIRUS! |
| U |
mspwr |
pupstman.exe |
"Transparent icon background" feature of
Ashampoo'sPowerUp XP (WinNT/2K/XP) and PowerUp Deluxe (Win98/Me) |
| U |
mspwr |
pupxpman.exe |
Related to Ashampoo's PowerUp XP |
| U |
mspwr |
PuXpMan2.exe |
Related to Ashampoo's Magic Defrag Utility |
| U |
mspwr |
pwrupst.exe |
Ashampoo's PowerUp XP is a "tool for fine-tuning your
Windows NT4, 2000, 2003 Server and XP configuration" |
| N |
MSPY2002 |
ImScInst.exe |
Part of Microsoft's Input
Message Editor (IME) for translating Japanese/Chinese text in IE, Outlook and
Word |
| X |
msqssr |
msqssr.exe |
Detected by Kaspersky as the
DLUCA.GEN TROJAN! |
| X |
MSR |
msr.exe |
Added by the AGOBOT.RT WORM! |
| X |
Msrc |
Msrc.exe |
Added by the KRYPTONIC GHOST
TROJAN! |
| X |
msrdc |
msrdc.exe |
Added by the SDBOT-CXO WORM! |
| X |
msreg.exe |
msrege.exe |
Added by the ZINX TROJAN! |
| X |
msReg32 Loader |
msreg32.exe |
Added by the AGOBOT.IU WORM! |
| X |
MSREGIT |
Msgp.exe |
Added by the KRYPGHOS.13 TROJAN! |
| U |
MSRegScan |
ETNKL.exe |
ComKeylogger surveillance software. Uninstall this software
unless you put it there yourself |
| U |
MSRegScan |
SGP.exe |
SpyGator surveillance software. Uninstall this software
unless you put it there yourself |
| X |
MSRegScan |
SSDemo.exe |
Supremespy spyware |
| X |
MSRegSvc |
regsvc32.exe |
Homepage hijacker that changes
your homepage to an adult content site |
| X |
msresear |
[path to trojan] |
Added by the WEASYW-B TROJAN! |
| X |
msresearch |
msresearch.exe |
TROJAN! - 180SearchAssistant adware related |
| X |
msresearch |
tool3.exe |
Spy Sheriff/SpywareNO malware, also detected as the SPYHOAX-A
TROJAN, pretends to be a spyware remover! - file names spotted sofar include
VXH8JKDQ2.EXE, NS6281400.so, CVXH8JKDQ2.EXE, down3.exe, sefe.exe,
winstall.exe, and tool2.exe |
| X |
msrundll |
msrund1l32.exe |
Added by the BINGHE TROJAN! |
| X |
MS-RunKey |
arr.exe |
MS-Connect dialler/hijacker |
| X |
msrunocx32 |
msrunocx32.exe |
Added by the SKUS WORM! |
| U |
MSSCDL |
MSSCDLL.exe |
SpyCapture keystroke logger/monitoring program - remove unless
you installed it yourself! |
| X |
msserv |
lvsrev.exe |
Added by the BROWMON-B TROJAN! |
| X |
msserv |
msserv.exe |
Added by the BLACKLOG-A TROJAN! |
| X |
msserv32 |
msserv32.exe |
Added
by the RBOT-ACK WORM! |
| X |
msservice |
msserv.exe |
Added by the HYD WORM! |
| X |
MSService_v1.0 |
realsched.exe |
EHU
adware. Note - this is not the legitimate RealOne Player (realsched.exe)
application of the same name |
| X |
MSService_v1.0 |
vfp02.exe |
NewWeb
adware |
| X |
mssfos |
sfool.exe |
Added by the RANDEX.EUS WORM! |
| X |
MSSGisg |
[path to file] |
Added by the RANKY.N TROJAN! |
| X |
MSShow |
MSShow.exe |
Added by the QQROB-M TROJAN! |
| X |
MSSHVC |
MSSHVC.exe |
Added by the NUFFY.A WORM! |
| X |
mssonfig |
winupdate.exe |
Added by a
variant of the SDBOT WORM! |
| X |
mssoul |
msmscc2.exe |
Added by the DAPIZL.A banker
WORM! (A "banker worm" is designed to pillage banking information
and send it back to the perpetrators!) |
| X |
mssp3 |
mssp22.exe |
Added by the IBANK-D TROJAN! |
| X |
MSSQL |
Mssql.exe |
Added by the SDBOT TROJAN! |
| X |
MSSQL for Windows NT & XP |
mssqlsnt.exe |
Added by a
variant of the SDBOT WORM! |
| X |
Msstart |
msstart.exe |
Added by the LIVUP.C TROJAN! |
| X |
MSStartOptimizer |
Iexpres.exe |
Added by the DASMIN-E TROJAN! |
| X |
MSStartOptimizer |
SCVHOST.EXE |
Added by the DASMIN-E TROJAN! |
| X |
MSStartOptimizer |
WINUPD.EXE |
Added by the DASMIN-E TROJAN! |
| X |
msstask |
msstask.exe |
Added by the MYPARTY WORM! |
| X |
mssurfer lptt01 |
mssurfer.exe |
RapidBlaster variant (in a
"surfer" folder in Program Files). Recommended you use RapidBlaster
Killer to uninstall - see here |
| X |
mssurfer ml097e |
mssurfer.exe |
RapidBlaster variant (in a
"surfer" folder in Program Files). Recommended you use RapidBlaster
Killer to uninstall - see here |
| X |
mssvc |
[path to trojan] |
Added by the PSK TROJAN! |
| X |
MSSVC |
svcsys.exe |
Added by the FATOOS-C TROJAN! |
| Y |
MSSVC.EXE |
MSSVC.EXE |
Stealthdisk - hides
folders, files and applications. Will also encrypt them for better protection |
| X |
mssvc32 |
mssvc32.exe |
Added by the AGOBOT-ME WORM! |
| X |
mssync20 |
mssync20.exe |
Added by the LDPINC-QC TROJAN! |
| X |
mssys |
mssys.exe |
Added by the MYSS.B TROJAN! |
| X |
mssysint |
comime.exe |
Added by the NETSNAKE-I TROJAN! |
| X |
mssysint |
Iexplore .exe |
Added by the PWSTEAL.ABCHLP and
PSPIDER.310.B TROJANS! Note - this is not the legitimate Internet Explorer
(iexplore.exe) process as there is a space before the ".exe" |
| X |
mssyslanhelper |
msmsgri32.exe |
Added by the RANDEX.D WORM! |
| X |
MsSystem |
msdos.exe |
Adult
content downloader - see here |
| X |
MsSystem |
mssys.exe |
Added by the VANTA.A TROJAN! |
| X |
MSSYSTEM |
svcsys.exe |
Added by the FATOOS-C TROJAN! |
| U |
Mstapi |
Mstapi.exe |
Keystroke logger/monitoring
program - remove unless you installed it yourself! |
| X |
Mstask |
mstask.exe |
Added by the OPASERV.N WORM!
Note - this is not the legitimate mstask.exe system file and the executable
resides in C:Windows or C:WINNT |
| X |
mstask |
mstask.exe |
Browser hijacker - redirecting to find-more.net. Note - this
is not the legitimate mstask.exe system file |
| X |
MSTask |
run dll.exe |
Yuupsearch adware |
| X |
MStask |
svchost.exe |
Added by the LDPINCH-BV TROJAN!
Note - this is not the legitimate svchost.exe process which is always located
in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is located in the Winnt or Windows
folder! |
| X |
MsTask |
wstask32.exe |
Added by the MYTOB-FE WORM! |
| X |
Mstask32driver |
Mstask32.exe |
Added by the LOONY-D TROJAN! |
| X |
MSTaskbar 32 |
tbsvc32.exe |
Added by the RBOT.BQZ WORM! |
| X |
mstasks |
mstasks.exe |
Added by the MULTIDR-AY TROJAN! |
| ? |
Mstcgww |
MSTCGWW.EXE |
?? |
| X |
mstds.exe |
mstds.exe |
Added by the IPTABLES TROJAN! |
| X |
mstg32.exe |
mstg32.exe |
Added by the AGENT.BI TROJAN! |
| N |
MSTMON_N |
MSTMON_N.EXE |
Generates an error message on
startup if a Konica Minolta printer is not turned on and ready |
| N |
MSTMON_Q |
MSTMON_Q.exe |
Generates an error message on
startup if the Konica Minolta PagePro 1350W printer is not turned on and
ready |
| X |
Mstng32 |
MSTng32.exe |
Added by the TANG WORM! |
| X |
mstsdsc.exe |
mstsdsc.exe |
Added by the CIMUZ-CD TROJAN! |
| X |
msupd |
msupd.exe |
Added
by the IEACCESS DIALER! |
| X |
MSUpdate |
criticalUpdate.exe |
Affilred adware |
| X |
Msupdate |
expIorer.exe |
Added by the TACTSLAY.A TROJAN! |
| X |
msupdate |
msupdate.exe |
Added
by the RBOT-MZ WORM! |
| X |
Msupdate |
outIook.exe |
Added by the TACTSLAY.A TROJAN! |
| X |
MSUpdate |
svchosthlp.exe |
Added by the BLASTER.T WORM! |
| X |
Msupdate |
svchosts.exe |
Added by a variant of the TACTSLAY TROJAN! |
| X |
Msupdate |
svcrhost.exe |
Added by the TACTSLAY.A TROJAN! |
| X |
Msupdate |
svcshost.exe |
Added by the TACTSLAY.A TROJAN! |
| X |
msupdate |
update.exe |
Added by a
variant of the SDBOT WORM! |
| X |
MSUpdate |
wupd.exe |
Added by the ALADINZ.M TROJAN! |
| X |
MSupdate.exe |
N/A |
CoolWebSearch
parasite variant - resets home page to an adult content site |
| X |
MSUpdateDevKit |
axfd.exe |
Added
by the SDBOT-ZD WORM! |
| X |
MsUpdater System |
udpsys32.exe |
Added by the RBOT.AAA WORM! |
| X |
MSupdater.exe |
N/A |
CoolWebSearch
parasite variant. Installs the Winshow.dll browser plugin |
| X |
msupdater25 |
lsasser.exe |
Added by the RBOT-ATS WORM! |
| X |
msupdates |
msupdt.exe |
Added
by the RBOT-JO WORM! |
| X |
MSUpdSrv |
msupdsrv.exe |
Browser hijacker, redirecting to
a adult content site |
| X |
msurl |
msurl32.exe |
Added by the CRYPTER.A TROJAN! |
| X |
msuser32.exe |
msuser32.exe |
Added by the ANDROV TROJAN! |
| X |
MsVBdll |
MsVBdll.pif |
Added by the AIMDES.A WORM! |
| X |
MsVBdll |
sys32dll.exe |
Added by the AIMDES.B or
AIMDES.C WORMS! |
| X |
MSVBVM60 |
MSVBVBM60.pif |
Added
by the SCOLD-B WORM! |
| X |
msvc32 |
msvc32.exe |
ClientMan parasite variant |
| X |
msvc32 |
msvc32.exe |
Added by the AGOBOT-NT WORM! |
| X |
msvcc |
msvchost.exe |
Added by the XOMBE TROJAN! |
| X |
msvcc25 |
salvage.exe |
Added by a
variant of the SDBOT WORM! |
| X |
msvcc25 |
svcchost.exe |
Added by a
variant of the SDBOT WORM! |
| X |
msvccc66 |
svcchosst.exe |
Added
by the RBOT-GLS WORM! |
| X |
MSVersion |
clrschp038.exe |
Added by the POPMON.A TROJAN! - also known as PopMonster
adware |
| X |
MSVersion |
INTERNETFEATURES.exe |
Added by the POPMON.A TROJAN! - also known as PopMonster
adware |
| X |
msvhost |
aig.exe |
Added by the AIMBOT-BC TROJAN! |
| X |
msvload32 |
msvload32.exe |
Added
by the RBOT-ACI WORM! |
| X |
msvsc32 |
msdev.exe |
Added
by the RBOT-GJ WORM! |
| X |
MSVsmt |
rpcxctx.exe |
Added by an unidentified WORM or
TROJAN! |
| X |
MSVSync |
videosync.exe |
Added by a variant of the SPYBOT WORM! |
| X |
MSVXD |
MSVXD.EXE |
Added by the DATOM.A WORM! |
| X |
mswave |
mswave.exe |
Added by the CRYPTER.A TROJAN! |
| X |
Mswavedll |
mswavedll.exe |
Added by the CRYPTER-C TROJAN! |
| U |
MSwheel |
mswheel.exe |
Microsoft Intellipoint software
for their Intellimouse series of mice - required if you use non-standard
Windows driver features |
| X |
MSWin |
mswin.exe |
Added by the BANKER-CU TROJAN! |
| X |
Mswincfg |
Mswincfg32.exe |
Added by the CYBRSPY.D TROJAN! |
| X |
MsWindows DRT Drivers |
wsdrt32.exe |
Added by the RBOT.ALT WORM! |
| X |
MsWindows SSL Drivers |
mssl32.exe |
Added by the SPYBOT.API WORM! |
| X |
MsWindows SysDate |
sysmsvc.exe |
Added by the SPYBOT.FCD WORM! |
| X |
MSWindows Syspg |
mspg32.exe |
Added
by the RBOT-TB WORM! |
| X |
MSWindowsUpdate |
mswinup.exe |
Added by a
variant of the SDBOT WORM! |
| X |
MSWindowsUpdate |
Systern.exe |
Added by the RBOT-AFD WORM! |
| X |
Mswinpid32 |
mswinpid32.exe |
Added by the LAPOS.A TROJAN!
This is a keylogger which emails back to China PayPal passwords and account
information - thus allowing the perpetrators to steal PayPal funds in the
name of the victim! |
| X |
MSWinSrv |
MSWinSrv.exe |
Added by the MTRON TROJAN! |
| X |
MSWinSrv32 |
MSWinSrv32.exe |
Added by the MTRON-B TROJAN! |
| U |
MSWinupd |
winupd.exe |
Added by the DLOADER-YE or
DLOADR-AAA or DLOADER-ZF TROJAN! |
| X |
MSWinupdate |
winupdate.exe |
Added by the DLOADR-AAW TROJAN! |
| X |
MsWinVgr |
msvgr.exe |
Added by the MYTOB.LE WORM! |
| X |
mswiz32 |
mswiz32.exe |
Added by the STRATIO-BG WORM! |
| X |
mswkork Service |
msework.exe |
Added by a variant of the RBOT WORM! |
| X |
msword |
msword.exe |
Added by the RBOT-ADR WORM! |
| X |
mswspl |
[random filename] |
Added by the SMALL.IQ TROJAN! |
| X |
mswspl |
plugin1.exe |
Added by the SMALL.IQ TROJAN! |
| X |
mswspl |
searchbarcash.exe |
SearchBarCash adware |
| X |
mswspl |
vnmispoisn downloader.exe |
SearchBarCash adware variant |
| X |
msxct |
msxct.exe |
eXact Advertising (NaviSearch, BargainBuddy, CashBack) adware |
| X |
Msy1 Startups |
msyj32.exe |
Added by the AGOBOT-QQ WORM! |
| X |
msys lptt01 |
msys.exe |
RapidBlaster variant (in a
"Msyss" folder in Program Files). Recommended you use RapidBlaster
Killer to uninstall - see here |
| X |
Msys32 |
morfitwebentrance.exe |
Morfit ADjectPager - "uses
home page rental technology for generating revenues". Homepage hi-jacker
that re-defines your IE or Netscape start page as
http://www.web-entrance.com/. Any installed application including this must
be un-installed before you can reset your homepage |
| X |
MSysDrv |
msdrv.exe |
Added by the VB.WF TROJAN! |
| X |
Mtr2 |
mtr2.exe |
Added by the KRYPTONIC GHOST
TROJAN! |
| U |
MUAL |
mual.exe |
Millesky video mail updater and
launcher |
| N |
muamgr |
muamgr.exe |
Using MicroAngelo On
Display, you can easily select the icon images that you prefer rather than
the default icons displayed by Windows. On Display provides a consistent and
elegant method to customize the icon display for almost every icon on your
system |
| ? |
Mufix |
mufix.exe |
Part of INFOConnect, web-based,
enterprise client configuration, management, and deployment software, as used
by ABSS (a financial management system used by the US military which will
allow purchase request packages to be electronically submitted to contracting,
and which also facilitates electronic receipt of items and EFT) - what does it do and is it required |
| X |
mule_st_key |
flec006.exe |
Added by the BAGLE.AV TROJAN! |
| U |
MultiCAM Initializer |
MCamBoot.exe |
The MultiCAM
Initializer is part of the MultiCAM software package provided by Vista
Imaging in order to run up to 10 USB ViCAM or 3Com Home Connect PC Digital
cameras on a single computer. Clears itself from memory once initialized but
can also be safely disabled |
| U |
Multi-function keyboard |
GWHotkey.exe |
Software that sets up the
Gateway AnyKey keyboard shortcuts (a series of buttons that allow one-click
access to e-mail, browser, volume and CD/DVD controls, etc) |
| X |
Multimedia Codecs |
mcc.exe |
Added by the DLOADER-MB TROJAN! |
| X |
Multimedia extensions |
[path to trojan] |
Added by the SMUTSRCH-A TROJAN! |
| X |
Multimedia extensions |
mservice.exe |
EasySearch adware |
| X |
Multimedia extensions |
mservice1.exe |
Added by the DLOADR-AWD TROJAN! |
| U |
Multimedia KBD |
MMKeybd.exe |
Multimedia keyboard manager.
Required if you use the additional keys |
| U |
MULTIMEDIA KEYBOARD |
MMKeybd.exe |
Multimedia keyboard manager.
Required if you use the additional keys |
| X |
multiran |
multiran.exe |
Added by the COSIAM-E TROJAN! |
| U |
MultiRes |
MultiRes.exe |
MultiRes - system tray
utility allowing quick access to changing desktop resolutions and has the
ability to lock the screen refresh rate in WinNT/2K/XP |
| U |
MUPS |
MUPS.exe |
Lauches the Belkin Bulldog Plus Service - required if you
want to access the UPS advanced functions |
| Y |
murphy shield |
lmgui.exe |
Firewall part of
BitDefender virus scanner/firewall |
| N |
Music01 Server |
Music01 Server.exe |
J River Media
Jukebox |
| X |
MusIRC (irc.music.com) client |
musirc4.71.exe |
Added by the RANDEX.Q WORM! |
| ? |
Mustek MDC 3000 |
Mounter.exe |
Related
to software for the Mustek MDC 3000 digital camera - what does it do and is
it required? |
| N |
MutexServiceEx |
Sys32Smm.exe |
Webroot Sofware's discontinued
"Privacy Master" |
| U |
MVRescue |
mvrescue |
Related to Multivision Computers
back up/restore program. Multivision Computers ceased operating in 2004 |
| X |
mvsyswina |
acsysiom.exe |
Added by a
variant of the SDBOT WORM! |
| U |
MW1HelperStartUp |
MW1HEL~1.EXE |
ScreenScenes "Magic
Waterfall" screensaver. The freeware version comes with GAIN branded ads
(pop-ups and others). ScreenScenes do however offer you the option of doing
away with the ads by purchasing the screensaver for a whopping $30. Please note
that Claria Corporation no longer support GAIN-Supported software - see here |
| U |
MW1HelperStartUp |
Mw1helper.exe |
ScreenScenes "Magic
Waterfall" screensaver. The freeware version comes with GAIN branded ads
(pop-ups and others). ScreenScenes do however offer you the option of doing
away with the ads by purchasing the screensaver for a whopping $30. Please note
that Claria Corporation no longer support GAIN-Supported software - see here |
| U |
mwavscan |
mwavscan.com |
MicroWorld Anti Virus Toolkit is
a free anti-virus scanner that runs on-demand. You can choose to scan your
entire system, including memory, services, starup items and registry, or only
scan files in a specified folder or drive |
| U |
MWLExe |
MwlGui.exe |
Part
of McAfee Wireless Protection for Wi-Fi users |
| N |
MWProEng |
MWProEng.exe |
Logitech Mouseware Pro software
- only required when using special functions |
| N |
MWSnap |
MWSnap.exe |
MWSnap -
screen capture utility. Start manually when required |
| X |
mwsoemon |
mwsoemon.exe |
MyWebSearch parasite |
| X |
Mwsvm |
mwsvm.exe |
SeekSeek search hijacker related - see here |
| X |
mxb2 |
[path to worm] |
Added
by the IXBOT-G WORM! |
| X |
MxHLp32 |
MxHLp32.exe |
Added by a variant of the VAGRNOCKER TROJAN! |
| U |
MXO Auto Loader |
MXOaldr.exe |
Maxtor includes a driver to
bypass the Windows certified drivers check just when it detects an external
drive. MXOaldr.exe is installed with the new driver and if disabled the
button on a Maxtor OneTouch External Store no longer functions |
| U |
MXOBG |
MXOALDR.EXE |
Maxtor includes a driver to
bypass the Windows certified drivers check just when it detects an external
drive. MXOaldr.exe is installed with the new driver and if disabled the
button on a Maxtor OneTouch External Store no longer functions |
| ? |
mxomssmenu |
maxmenumgr.exe |
Related to Maxtor's One Touch series of external hard drives.
What does it do and is it required? |
| U |
MxRunner |
MxRunner.exe |
EasyUninstall from Aladdin
Systems (formerly by Ontrack) |
| X |
My Agent |
msagent.exe |
Added by the NEGASMS.A TROJAN! |
| X |
My App |
SMSSvc.exe |
Added by the NEGASMS.A TROJAN! |
| X |
My Search Bar Eq |
S4BAREQ.EXE |
MySearch parasite |
| X |
My Web Search Bar |
MWSBAR.DLL |
MyWay - an
IE Browser Helper Object used by adware WebSearch to add an IE toolbar to
provide search features, and hijack browser search requests to its
controlling servers run by MyWay |
| X |
MyAccessMedia |
tmp**.exe [* = random
char/digit] |
My AccessMedia toolbar related,
stealth installed! |
| U |
MyAgtTry |
MyAgtTry.exe |
System tray notification for McAfee VirusScan ASaP on-line
scanner. Not required to be protected but you lose notifications |
| X |
Myapp |
[filename] |
Added by the FATEE.B WORM! |
| X |
Myapp |
service.exe |
Homepage hijacker |
| X |
MyAV |
avpguard.exe |
Added by the NETSKY.J WORM! |
| Y |
MyCIO Agent Service |
myagtsvc.exe |
McAfee VirusScan ASaP Agent service |
| U |
myCIO.com ASaP |
MyAgtTry.exe |
System tray notification for McAfee VirusScan ASaP on-line
scanner. Not required to be protected but you lose notifications |
| N |
myCIO.com Splash |
Splash.exe |
Splash screen for McAfee VirusScan ASaP on-line scanner |
| X |
MyCometCursor |
MYCOME~1.EXE |
Comet Cursor adware |
| X |
MyDailyHoroscope |
MYDAIL~1.EXE |
MyDailyHoroscope foistware |
| X |
MyDailyHoroscope |
MyDailyHoroscope.exe |
MyDailyHoroscope foistware |
| U |
My-disgo |
MyKey disgo.exe |
Related to disgo pro. Program will synchronize data |
| U |
MyEmoticons |
MYEMOTICONS.EXE |
MyEmoticons from Persona
Ltd - add icons (emoticons) to your E-mail |
| X |
MyFastAccess |
myfastupdate.exe |
My-Fast-Access toolbar updater |
| X |
myhuy |
huy.exe |
Added by the BLASTER-C WORM! |
| X |
myhuy |
huy2.exe |
Added by the BLASTER-L WORM! |
| U |
MyIE.exe |
MyIE.exe |
MyIE2/Maxthon
browser related |
| X |
MyLife |
CmdServ.exe |
Added by the HOLAR.A WORM! |
| X |
myMh2 |
iexpl0re.exe |
Added by the DELF.FAI TROJAN! |
| U |
myNetWatchman |
nwclient.exe |
Sends your firewall
alerts to a website, which then filters them and forwards details of
suspicious activities to the host ISP they originated from. Only needs to be
running when your firewall is running |
| X |
MyPointsPointAlert |
wjview
...MyPointsPointAlertrun.exe |
"With MyPoints you can earn
rewards from name-brand merchants. You can even earn vacations and frequent
flyer miles". Dubious privacy policy |
| U |
MyPopupKiller |
mpk.exe |
MyPopupKiller -
popup killer |
| U |
myprint mileage |
mpm.exe |
Reports battery status on a
portable printer |
| X |
Mysee Alert |
Mysee Alert.exe |
MySee Alert adware |
| X |
MyShares |
MyShares.exe |
EHU
adware |
| X |
MySLScan |
msvc32.exe |
Added by the FORBOT-EH WORM! |
| X |
mysoft |
winexplor.exe |
Browser hijacker, also detected as the STARTPA-JR TROJAN! |
| N |
MySoftware NewsFlash |
Newsflsh.exe |
Runs in your task bar and receives alerts and release
information on MySoftware products from Avenquest |
| N |
MySpaceIM |
MySpaceIM.exe |
MySpaceIM internet messenger |
| X |
mysvcig38 |
mysvcc.exe |
Added by the RBOT-FOU WORM! |
| X |
mysvcig38 |
recsl.exe |
Added by a variant of the RBOT-FOU WORM! |
| X |
MyTam |
MyTam.exe |
Covert Sys Exec malware variant |
| U |
MytekSystrayExePath |
MyTekSystray.exe |
MyTek system tray - web site
providing computer tech support in Australia |
| X |
MyTotalSearch Email Plugin |
mtsoemon.exe |
MyTotalSearchBar adware |
| X |
MyVBApp |
install.exe |
Detected as Generic Downloader.s by McAfee, probable variant
of ReferAd adware! |
| X |
MyVBApp |
setup.exe |
Recognized by Kaspersky
antivirus as the Clicker.Win32.VB.kb TROJAN! File location is in the Root
folder (C:), (D:), etc |
| X |
MyVBApp |
SysNT.exe |
ReferAd adware |
| X |
MyVirt.exe |
MyVirt.exe |
Added by the REMADM-C TROJAN! |
| U |
MyVitalAgent |
VtlAgent.exe |
MyVitalAgent
from Lucent Technologies. Replacement for Net.Medic, monitoring all popular
internet transactions and alerting the user of the location of connection
problems. Available via Start -> Programs |
| X |
MyWebSearch Email Plugin |
mwsoemon.exe |
MyWebSearch parasite |
| U |
N2PTray |
Net2fone.exe |
An Internet telephony
application. Needed only if you have an account at Net2Phone, Inc |
| N |
NADaemon |
NADAEMON.EXE |
Program by NetActive which
appears to be piggybacked onto some Nvidia graphics cards software. They seem
to look after "digital rights management". One user reports
disabling it has no detrimental affect - not required |
| N |
Naggerrunkey |
nagger.exe |
Packard Bell Free Internet
Signup screen |
| Y |
Naimagent_service |
EPOAgentnaimas32.exe |
Networked version of McAfee
VirusScan. Installs, configures and updates the software and DAT (virus
definition) files on local computers from a network server. A resource hog
but required for DAT updates and if disabled can also cause random freezes
and error messages |
| Y |
Naimagent_UI |
EPOAgentnaimag32.exe |
Workstation background program
for Network Associates McAfee ePolicy Orchestrator - a network management
tool for enforcing antivirus protection of the workstations using system
policies. Works with both McAfee and Norton AntiVirus. NAIMAG32 and NAIMAS32
communicate with the ePolicy Orchestrator processes on the network fileserver
to check for virus updates or for the need to perform a virus scan |
| Y |
Naimagent_UI |
naimag32.exe |
Workstation background program
for Network Associates McAfee ePolicy Orchestrator - a network management
tool for enforcing antivirus protection of the workstations using system
policies. Works with both McAfee and Norton AntiVirus. NAIMAG32 and NAIMAS32
communicate with the ePolicy Orchestrator processes on the network fileserver
to check for virus updates or for the need to perform a virus scan |
| X |
Name |
Iexplorer0.exe |
Added by the THREADSYS TROJAN! |
| X |
Name Server |
mswins.exe |
Added by a
variant of the SDBOT WORM! |
| X |
NAMEDPIPE SYSTEM |
namedpipe.exe |
Added by the MYTOB-FH TROJAN! |
| X |
nano |
svchost.exe |
Added by the NANO-A TROJAN! Note
- this is not the legitimate svchost.exe process which is always located in
the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is located in the Winnt or Windows
folder |
| X |
NAP32 |
NAP32.exe |
Premium rate adult content
dialler |
| X |
Narrator |
******.exe [* = random char] |
Added by the QOOLOGIC TROJAN! |
| U |
Narrator |
Narrator.exe |
Associated with the Narrator
accessibility feature on Windows XP. It is used to convert text to speech |
| X |
Natal |
Natal.scr |
Added by the OPASERV.AE WORM! |
| X |
NAV |
RuxDLL32.exe |
Added by the MAPSON.D WORM! |
| X |
nAv AGENT |
N/A |
Added by the RIOSYS MACRO! Note the lower-case "n"
and "v" in the name as this is not the valid Norton AntiVirus entry
of the same name - indeed it closes Norton AV processes |
| Y |
NAV Agent |
navapw32.exe |
Norton Anti-Virus's background
scanning process |
| X |
NAV Agent |
systems.exe |
Added by the TARNO.C TROJAN! Note - this is not the valid
Norton Antivirus entry of the same name |
| X |
NAV Agent |
winsnav.vbs |
Added by the ANPES WORM! |
| X |
NAV Agent |
wmilib32.exe |
Added
by the VB-XU TROJAN! |
| X |
NAV Auto Prot |
navprot1.exe |
Added by the RBOT.ZAC WORM! |
| X |
NAV Auto Protect |
dnsserv.exe |
Added by a variant of the SDBOT WORM! |
| X |
NAV Auto Protect |
mcafee32.exe |
Added by a variant of the SPYBOT WORM! |
| X |
NAV Auto Protect |
msfwe1.exe |
Added by a variant of the RBOT WORM! |
| X |
NAV Auto Protect |
navprotect.exe |
Added by a variant of the RBOT WORM! |
| X |
NAV Auto Update |
Navautoupdate.exe |
Added by a variant of the SPYBOT WORM! |
| X |
NAV Auto Updates |
csrssp.exe |
Added by a variant of the SDBOT WORM! |
| X |
NAV Auto Updates |
navupdaters.exe |
Added
by the RBOT-UN WORM! |
| X |
NAV Auto Updates |
navupdaterx.exe |
Added by a variant of the RBOT WORM! |
| X |
NAV Auto Updates |
navwindows.exe |
Added by a variant of the SDBOT WORM! |
| X |
NAV Auto Updates |
slserves.exe |
Added by a
variant of the SDBOT WORM! |
| N |
NAV CfgWiz |
cfgwiz.exe |
Introduced with Norton
Anti-Virus 2002, this is a real resource hog. Many NAV users will find they
can live without loading it |
| N |
NAV Configuration Wizard |
cfgwiz.exe |
Introduced with Norton
Anti-Virus 2002, this is a real resource hog. Many NAV users will find they
can live without loading it |
| U |
NAV DefAlert |
DefAlert.exe |
Norton Anti-Virus Definitions
Alert. Warns you if virus definitions are out of date. Leave enabled unless
you manually update virus definitions on a regular basis |
| X |
NAV Live Update |
[path to worm] |
Added by the DEBORMS.C WORM! Note - this is not a valid
Norton Anti-Virus (NAV) function from Symantec |
| X |
NAV Scan Service |
NAVSCAN32.EXE |
Added by the SDBOT.VG WORM! |
| X |
NAV_Update |
NAV_Update.exe |
Unidentified WORM or TROJAN! |
| X |
NavAgent32 |
lasvr32.exe |
Added by the FEMOT.D WORM! |
| X |
NavAgent32 |
SCardSvr32.Exe |
Added by the MOFEI.B WORM! |
| X |
navapp |
navapp.exe |
NavExcel adware variant |
| Y |
navapw32 |
navapw32.exe |
Norton Anti-Virus's background
scanning process |
| X |
NAVCheck |
navchk.exe |
Premium rate adult content
dialer |
| X |
NAVCheck |
shman.exe |
Premium rate adult content
dialer |
| U |
Naviscope |
naviscope.exe |
Naviscope is a multipurpose browser enhancement that can
speed up Web searches, lock out cookies, examine HTML send/receive headers,
provide single-click network diagnostics, and much more |
| X |
NaviSearch |
nls.exe |
NaviSearch, eXact Advertising
variant |
| N |
NavLoad |
NAVBrowser.exe |
Registration reminder for
CorelDRAW 10 |
| X |
navman_20 |
sysnav32.exe |
Hijacker,
possibly a CoolWebSearch parasite variant |
| ? |
NAVMD25 |
UpdtNv28.exe |
Added by Symantec for updating
the MicroDefs for their AV products - is it required? |
| X |
NAVNet |
***.tmp [* = random digit] |
Unidentified adware |
| X |
navp.exe |
navp.exe |
Added by the AGOBOT-OE WORM! |
| X |
NavPass |
NavPass.exe |
Free system for gaining access
to and downloading from adult content web-sites |
| X |
NavScan |
[filename] |
Added by the OBSORB TROJAN! |
| X |
NAVSCAN32.EXE |
NAVSCAN32.exe |
Added by the SDBOT-DO WORM! |
| X |
NAVSCANNER32 |
NAVSCANNER32.EXE |
Added by the RBOT.QC WORM! |
| X |
NAVUpd |
rundll32.exe navupd.dll, Startup |
Added by the NAVU TROJAN! |
| X |
nawadll32 |
nawadll32.exe |
Added by the SDBOT-ZI WORM! |
| X |
nawdll32 |
nawdll32.exe |
Added by the SDBOT-ZM WORM! |
| N |
NB Common Dialog Enhancements |
COMDLGEX.EXE |
Part of McAfee Nuts & Bolts.
With Common Dialog Enhancements, you can add MRU list box to open dialogs |
| N |
NB Start Menu |
STARTM.EXE |
Part of McAfee Nuts & Bolts.
Provides the same control as MSCONFIG and can be used instead if you have
N&B |
| N |
NB Windows Patterns |
WINDBKGND.EXE |
Part of McAfee Nuts & Bolts.
With Background Patterns, you can change background patterns of wizard and
dialog windows |
| U |
NBJ |
NBJ.exe |
Ahead Nero BackItUp - backup
program. Only required for if you have scheduled back-ups |
| U |
NbkCtrl |
NbkCtrl.exe |
Scheduling engine of NovaSTOR
Backup Service. Only required if scheduling is enabled and wanted - see here |
| U |
NBKeyScan |
NBKeyScan.exe |
This
tool comes with a special version of Nero BackItUp for some external
harddisks. Controls two buttons on the drive - one button power off the drive
and the other directly calls Nero BackItUp to make a quick backup |
| X |
NBT System alias |
[path] repcale.exe [path]
beird.exe |
Added by a variant of the RANDON.AN WORM! |
| ? |
nbustrce1D |
nbustrce1D.exe |
Device driver, possibly CD/DVD -
what exactly is it and is it required in startup? |
| X |
NC1565 |
winntsrv -l -p10001 -d -e
cmd.exe -L |
Added by the NEWLEY-A WORM! |
| X |
Ncao |
osoa.exe |
PurityScan/Clickspring adware |
| X |
Ncao |
urpo.exe |
PurityScan/Clickspring adware |
| ? |
NCClient |
N/A |
?? |
| N |
NCD |
ncd.exe |
Norton Change Directory - from
the DOS days that allows the user to change directories on their machine
without typing the complete path |
| ? |
NCLAUNCH |
NCLAUNCH.exe |
Part of SWF Studio
from Northcode Inc. - an extension to Flash. Bundled when you create a
self-installing screen-saver on Win2K/XP. Is it required? |
| X |
nClient |
cnen.exe |
Added by the DELBOT-AL WORM! |
| N |
NCS_SS |
Csinsm32.exe |
Same as CleanSweep Smart
Sweep-Internet Sweep |
| X |
NDAv |
csnss.exe |
Added by the SERFLOG.C WORM! |
| X |
NDAv |
svhost.exe |
Added by the SERFLOG.C WORM! |
| ? |
NDDEAGNT |
NDDEAGNT.EXE |
WinNT default process. Network
Dynamic Data Exchange (DDE) Agent, handles requests for network DDE services |
| X |
NDIS Adapter |
lsass2.exe |
Added by the WOOTBOT.CW WORM! |
| X |
NDIS Adapter |
ndis.exe |
Added by the SDBOT.VF WORM! |
| X |
NDIS Adapter |
servenxpp.exe |
Added by the FORBOT-GP WORM! |
| X |
NDIS Adapter |
windows.exe |
Added by the FORBOT-BR WORM! |
| X |
ndlhosta |
uiremsyl.exe |
Added by a
variant of the SDBOT WORM! |
| X |
Ndpldaemon |
[path to trojan] |
Added by the RPCSDBOT-A TROJAN! |
| X |
NDplDeamon |
nstask32.exe |
Added by the RANDEX.E WORM! |
| X |
NDplDeamon |
winlogin.exe |
Added by the RANDEX.E WORM! |
| U |
NDPS |
DPMW32.EXE |
Novell Distributed Printer
Services - part of Novell's Netware Client and Groupwise products. Not
required if you don't use this feature |
| X |
NDrv |
NDrv.exe |
PurityScan/Clickspring adware |
| U |
NDSTray |
NDSTray.exe |
ConfigFree Tray on a Toshiba
laptop. Tray utility for their network switching application which permits
switching network devices and settings with a click on the tray icon. While
it is not required, for people who span multiple networks and want an easy
way to go from wired to wireless and change addresses and other network
settings, it's a must have |
| U |
NDSTray.exe |
NDSTray.exe |
ConfigFree Tray on a Toshiba
laptop. Tray utility for their network switching application which permits
switching network devices and settings with a click on the tray icon. While
it is not required, for people who span multiple networks and want an easy
way to go from wired to wireless and change addresses and other network
settings, it's a must have |
| X |
Ndtstat |
Ndtstat.exe |
Added by a variant of the
BANLOAD family of TROJANS! |
| N |
Necbar |
Necbar.exe |
Nec Assistant; Ark's Navigator,
a graphical interface for NEC computers |
| Y |
NECMFK |
necmfk.exe |
NEC wireless keyboard driver |
| U |
Necutray |
Necutray.exe |
Driver for external USB storage
devices (hard drives, flsh disks, etc) |
| ? |
neqprvfy.exe |
neqprvfy.exe |
Appears to be related to the
downloading of some application - possibly verifying updates? |
| X |
Nero |
shch.exe |
Added by a variant of the EB TROJAN! |
| X |
Nero Checker |
nerocheck.exe |
Added by the PROXY-X TROJAN! Note - this is not related to
"Nero Burning Rom" CD writing software |
| N |
Nero DriveSpeed |
DRIVESPEED.EXE |
Ahead Nero DriveSpeed - set the CD reading speed of a CD/DVD
drive on-the-fly to reduce the noise on high-speed drives |
| X |
Nero Updater.6.12 |
wmp9.exe |
Added by the AGOBOT-AAG WORM! |
| X |
Nero.ma |
***.exe [*** = 2 to 3 digits] |
Added by the JONBARR.D WORM! |
| X |
NeroAutoStartClient |
NeroASM.exe |
Added by the AGOBOT.VG WORM! |
| U |
NeroCheck |
nerocheck.exe |
Associated with "Nero
Burning Rom" CD writing software. Checks for driver issues |
| X |
NeroCheck |
regedit.exe |
Added by the DOOMJUICE.B WORM! Note - this is not the valid
Ahead Nero CD/DVD burning program. Also, it is not the valid Windows registry
editor which resides in Windows or Winnt and will not figure in
Msconfig/Startup! This version resides in the System (9x/Me) or System32
(NT/2K/XP) folder |
| X |
NeroFil |
NeroFil.EXE |
Added by the RBOT.EAM TROJAN! |
| U |
NeroFilterCheck |
NeroCheck.exe |
Associated with "Nero
Burning Rom" CD writing software. Checks for driver issues |
| U |
NeroHomeFirstStart |
NMFirstStart.exe |
Associated with Nero Scout,
added by version 7 of the Nero digital media suite (CD & DVD burning,
authoring, etc). Thanks to Help2Go.com, if you feel this is draining more
resources that necessary you can disable it by clicking here |
| X |
NeroLoader |
NeroLoader.exe |
Added by the BANCBAN-EJ TROJAN! |
| N |
NeroNETTrayIcon |
NNServiceCtrl.exe |
System
tray access to NeroNET - Ahead Software's network-capable extension of their
CD/DVD burning program. NeroNET allows a burner to be shared across a network |
| X |
NeroUpdater6.8 |
winjava.exe |
Added by the AGOBOT.AMK WORM! |
| X |
Net |
WINREG.EXE |
Added by the ASSASIN.D TROJAN! |
| U |
Net Accelerator |
NetAccelerator.exe |
Rizal NetAccelerator -
"Optimizing Dial-Up, Lan, Cable, DSL, and Satellite connections do you
want to speed up your Internet access up to 200% - 300% ???". Only
required if you find it helps improve your performance |
| U |
Net Activity Diagram |
nad.exe |
Net Activity Diagram from MetaProducts. Monitors your
computer internet activity. Available via Start -> Programs |
| X |
NET Bios Stats |
ntbstats.exe |
Added by the SDBOT-ZX WORM! |
| X |
NET DEMON |
ndemon.exe |
Added by the AGOBOT-LA WORM! |
| U |
Net iD |
iid.exe |
"With the Net_iD
program, you can easily and securely logon with a smart card into a domain, a
virtual private network (VPN) or in Citrix and Terminal Server
environments" |
| X |
Net**.exe [* = random char] |
Net**.exe [* = random char] |
CoolWebSearch/HomeSearch adware
- for examples, see this log |
| X |
Net**32.exe [* = random char] |
Net**32.exe [* = random char] |
CoolWebSearch/HomeSearch adware
- for examples, see this log |
| U |
NetAccelerator |
NetAccel.exe |
NetAccelerator is a
"software utility that optimizes your internet access up to 1200%
faster!. NetAccelerator speeds all modems allowing you to download faster,
browse faster, surf faster!. Only required if you find it helps improve your
performance |
| X |
NetAdm7 |
NETADM7.EXE |
Added by the BANCOS.F TROJAN! |
| X |
Netapi |
Netapi.exe |
Added by the NETDEVIL.14 TROJAN! |
| X |
netapi32 |
netapi32.exe |
Added by an unidentified TROJAN! |
| X |
NetApp |
winserv.exe |
Added by the SHADOWTHIEF TROJAN! |
| X |
Netbeans |
netbeans.exe |
Added by the DELBOT-R WORM! |
| X |
Netbios Helper |
nbthlp.exe |
Added by
the BANKER.Y TROJAN! |
| X |
NetBiosSrvc |
HPSrvPrt.exe |
Added by the SDBOT-COL WORM! |
| X |
netconfig |
netconfig.exe |
Added by the NETWARE TROJAN! |
| U |
NetCruiser Dialer |
NCDialer.exe |
NetCruiser
Dialer from NetCruiser Software. "An Internet dialer and connection
monitor with features to launch applications when a connection is detected,
dial and hangup at predefined times and automatic redialing of dropped
connections" |
| X |
netdaemon |
netdaemon /v |
Malware designed to
"kill" a number of antispyware applications (SpyBot, Giant,
SpyDoctor, SpySweeper, SpyHunter, Anvir, WinPatrol, and more) |
| X |
netdll32 |
netdll32.exe |
Added by the CRYPTER.A TROJAN! |
| X |
netdllex |
netdllex.Exe |
Added by the CRYPTER.A TROJAN! |
| X |
NetDy |
VisualGuard.exe |
Added by the NETSKY.N or
NETSKY.W WORMS! |
| X |
NETFP32.EXE |
NETFP32.EXE |
Added by the AGENT.CD TROJAN! |
| ? |
netfxupdate |
netfxupdate.exe |
Would appear to be a valid Microsoft .NET file (see here) but
other sources suggest it could be a trojan |
| ? |
NetFxUpdate_v1.0.3705 |
netfxupdate.exe |
Would appear to be a valid Microsoft .NET file (see here) but
other sources suggest it could be a trojan |
| U |
NETGEAR WG111T Smart Wizard |
wlan111t.exe |
Configuration utility for the Netgear WG111T multi-rate
Wireless USB 2.0 Adapter that "provides wireless access to your desktop
or notebook PC through the computer's USB port" |
| U |
NetGuard |
NetGuard.exe |
FBM Software ZeroSpyware 2004
spyware detector and remover - real time monitor |
| X |
nethost.exe |
[path to file] |
Added by the PERDA-J TROJAN! |
| N |
Net-It Launcher |
NILaunch.exe |
Net-It - web publishing software |
| U |
Netlimiter |
Netlimiter.exe |
Netlimiter - "An
internet traffic control tool to monitor applications which access the
internet and actively control their internet traffic. Use it o set
(download/upload) speed limits for applications or even single connection.
NetLimiter also allows you to share your internet connection bandwidth among
all applications running on your PC." |
| N |
Netline User |
netchk.exe |
Netline supplies internet
related products and services and this program identifies user ID and IP
information. Found installed along with the Falcon 4 game, for example |
| X |
NetLink |
netlink32.exe |
Added by the GAOBOT.WO WORM! |
| X |
NetLogon |
userint.exe |
Added by the SDBOT-BC WORM! |
| U |
NetManageImport |
nmcpdata.exe |
NetManage
business software related |
| X |
NetManagerService |
ntss.exe |
Added by the BESTPICS.A TROJAN! |
| X |
NetMeter |
NetMeter.exe |
NetRatings Premeter spyware |
| X |
NetMeter |
NielsenOnline.exe |
Appears
to have possible Malware functions, for more information see here |
| X |
NetMon |
netmon.exe |
Added by the MIMAIL.M WORM! |
| X |
Netmonw |
Netmonw.exe |
Added by the BDOOR-FX TROJAN! |
| U |
netmsg |
netmsg.exe |
Net_Message is a
small tool to send messages across the network, using the Windows Messenger
Service, so there is no client install required to receive the messages. It
has a number of other features as well |
| U |
NetPatrol |
winclient.exe |
NetPatrol
network monitoring software |
| X |
netpc32.exe |
netpc32.exe |
Malware,
probably a CoolWebSearch parasite variant |
| N |
NetPerSec |
NetPerSec.exe |
NetPerSec
- measures the real-time speed of your Internet connection |
| N |
NetPumper |
NetPumperIEProxy.exe |
NetPumper download manager -
bundles Cydoor and SaveNow adware, see here |
| X |
NetReach |
nrcheck.exe |
Added by an unidentified VIRUS,
WORM or TROJAN! |
| X |
Netropa Internet Receiver |
Netropa.exe |
Netropa Internet Receiver. Shows
a scrolling bar with the news. Major resource hog and flagged as spyware |
| U |
NetRun |
NetRun.exe |
NetRun - will 'RUN'
a 'List' of programs only when a internet connection is detected, and
close/kill the same 'List' when the connection is lost |
| N |
Netscape Messenger |
NETSCAPE.EXE |
In Netscape 6 (I know for sure
with 6.2.1, maybe with 6.0) Netscape.exe is the main executable file for
Netscape Navigator, Netscape Mail and News, and Netscape Messenger (the new
name for the embedded AIM, no doubt to make it sound like Windows Messenger,
the XP version of MSN Messenger). Basically, netscape.exe can be more than
just Netscape Messenger, and Messenger can be more then just AIM in disguise,
depending on the version of Netscape installed |
| N |
Netscp6 |
Netscp6.exe |
Netscape 6 |
| U |
NetScreen-Remote |
SafeCfg.exe |
NetScreen
Remote VPN client software |
| X |
NetService |
ntsvc.exe |
Added by the QQPASS-DU TROJAN! |
| X |
NETServices |
csxrs.exe |
Added by a
variant of the SDBOT WORM! |
| X |
netservices |
recall.exe |
Added by a variant of the SDBOT WORM! |
| X |
netservices |
svchostn.exe |
Added by the SDBOT.GI WORM! |
| U |
NetShow Powerpoint Helper |
NSPPTHLP.EXE |
If disabled, user created fonts
can no longer be seen by other programs |
| X |
NetStart |
svchost.exe |
Added by the MKAR-A VIRUS! Note
- this is not the legitimate svchost.exe process which is always located in
the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is located in a NETSTART subfolder |
| N |
NetStat Live |
Nsl.exe |
AnalogX NetStat Live - TCP/IP protocol monitor which can be
used to see your exact throughput on both incoming and outgoing data |
| X |
netsv32 |
netsv32.exe |
Added by the SDBOT-PX WORM! |
| Y |
NettGain2000 |
WgwMngr.exe |
Part of Flash-Networks
NettGain2000 product. NettGain 2000 is a combined hardware/software
networking solution, which is designed to improve performance of satellite
networks by increasing data transmission speeds and maximizing the existing
bandwidth for complete utilization when sending TCP/IP applications over a
satellite. It is needed when connecting to the internet via satellite to
provide speed faster than 60k or so |
| Y |
NettGain2000 Verifier |
NettGain2000 Verifier.exe |
Part of the Starband satellite
client that attempts to optimize your satellite connection to increase speed |
| U |
NetTime |
NETTIME.EXE |
From a visitor - "This is
the executable for NetTime. It is started from the registry when you check
the box to start at startup. NetTime allows you to synchronize your
computers' clock with a server on your local net or the internet using any of
several protocols, e.g. NTP." |
| U |
NetTurbo |
netturbo.exe |
NetTurbo from
SharewareOnline.com. "Accelerate Your Internet Connections by up to
600%". If you find it helps your connectivity leave it enabled |
| X |
Netunit32 |
wunit32.exe |
Added by an unidentified WORM or
TROJAN! |
| X |
NETVISIONAdulti |
[random filename] |
Trafficadvance dialer |
| X |
NETVISIONPasse-partout |
Passe-partout.exe |
Added by the DIALCAR-M DIALER! |
| X |
NetWatch32 |
netwatch.exe |
Added by the MIMAIL.C WORM! |
| N |
Netword Agent |
nwant33.exe |
An interesting browser utility
that allows you to navigate by typing a single word or phrase (a
"NetWord") related to what you're looking for into your browser's
location field. It also puts an icon in the system tray icon that is a circle
with the letter N in the center to access the menu faster. Available via
Start -> Programs |
| X |
NetWork |
csrs.exe |
Added by the AGOBOT.JJ WORM! |
| X |
Network Access |
winssh.exe |
Added by a
variant of the SDBOT WORM! |
| X |
Network Administration |
NAS.exe |
Added by the ANTILAM.20.Q TROJAN! |
| X |
Network Administration Service |
rsvc32.exe |
Added by the RBOT.ABH WORM! |
| U |
Network Associates Error
Reporting Service |
TBMon.exe |
Network Associates Error
Reporting Tool - tool traps errors and requests submission to NAI for the
purpose of betatesting new software |
| X |
Network Connections |
internat.exe |
Added
by the ZD TROJAN! |
| X |
network device driver |
msfirewall.exe |
Added by the DELF-LB TROJAN! |
| U |
NetWork Device Switch |
NetDevSW.exe |
Toshiba laptops with built-in
Wi-Fi. Allows switching between Wi-Fi and internal ethernet. Only necessary
if you have regular need to switch back and forward between these network
interfaces. Located in Startup folder so make own shortcut to it and disable
if not really necessary |
| X |
Network Host Controller |
[path to trojan] |
Added by the WHISPER TROJAN! |
| X |
Network Host Service |
[random]32.exe |
Added by the RBOT-BAB WORM! |
| X |
Network Host Service |
msmnart32.exe |
Added by the RBOT-CJV WORM! |
| X |
Network protocol service |
wintcp.exe |
Added by a variant of the AGOBOT/GAOBOT WORM! |
| X |
Network Protocol Service |
wuamgrd.exe |
Added by the RBOT.EA WORM! |
| X |
Network Security |
secsvc.exe |
Added by the RBOT-ALX WORM! |
| X |
Network Security Guard |
**********.exe [* = random char] |
CoolWebSearch
parasite variant |
| X |
Network Security Guard |
[path to trojan] |
Added by the COLEM-A TROJAN! |
| X |
Network Service |
MccTrayApp.exe |
Added by an unidentified WORM or
TROJAN! |
| X |
Network Service |
svchost.exe |
Added by the STARTPA-CC TROJAN!
Note - this is not the legitimate svchost.exe process which is always located
in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is located in the Winnt or Windows
folder |
| X |
Network Service |
svhost.exe |
Added by the HACDEF-K TROJAN! |
| X |
Network Service Manager |
netsvc.exe |
Added by a variant of the AGOBOT/GAOBOT WORM! |
| X |
Network Service Manager |
netsvc.exe |
Added by a variant of the GAOBOT/AGOBOT WORM! |
| X |
NetworkAssociates Inc |
internet.exe |
Added by the LOVGATE WORM! |
| X |
NetworkClient |
NetworkClient.exe |
Added by the LEMUR WORM! |
| X |
NetworkKey |
netkey.exe |
Added by the IRCBOT-AJ TROJAN! |
| X |
Networks Configurator |
NetConfs.exe |
Added
by the RBOT-OX WORM! |
| X |
Networks Controler |
Netsis.exe |
Added
by the RBOT-NG WORM! |
| N |
NetworkSetup |
dlink.exe |
D-Link System Tray icon |
| X |
Netzip Smart Downloader |
npnzdad.exe |
Advertising spyware |
| N |
NetZIPFolders |
nzfprop.exe |
Netzip Classic zip file manager |
| X |
NeuroMedia(IESpeaker) |
NeuroMedia.exe |
Part
of an older freeware version of IESpeaker - a program that allows you to
listen to web pages. NeuroMedia.exe only downloads advertisments. Not
included in the paid-for version currently available |
| N |
NeuroSpeech OESpeaker |
OEMonitor.exe |
Part
of OESpeaker - a program that allows you to listen to long E-mails instead of
reading them in Outlook Express. OEMonitor.exe checks whether OE is open or
not |
| X |
New Csnm Manager |
csmn.exe |
Added by the SDBOT.BZS WORM! |
| X |
New.net |
rundll32.exe NewDotNetStartup
Newdot~2.exe |
NewDotNet foistware |
| X |
New.net Startup |
rundll32 [path],
NewDotNetStartup -s |
NewDotNet foistware |
| X |
NEWDOT~1 |
rundll32.exe NewDotNetStartup
Newdot~2.exe |
NewDotNet foistware |
| X |
Newman |
playavi.exe |
Added by the LINEAGE-AT TROJAN! Note - This trojan file is
found in the Windowsjava or Winntjava folder |
| X |
newname |
[path to trojan] |
Added by the DRSMARTL-S TROJAN! |
| ? |
News Service |
ispnews.exe |
F-Secure antivirus related.
However, is this particular item required? |
| N |
Newsalrt |
NEWSALRT.EXE |
MSNBC News system tray utility
to alert you to new news |
| X |
Newsgroup lptt01 |
newsgroup.exe |
RapidBlaster variant (in a
"newsgroup" folder in Program Files). Recommended you use
RapidBlaster Killer to uninstall - see here |
| X |
Newsgroup ml097e |
newsgroup.exe |
RapidBlaster variant (in a
"newsgroup" folder in Program Files). Recommended you use
RapidBlaster Killer to uninstall - see here |
| N |
NewsUpd |
newsupd.exe |
For Creative Soundblaster
Live! series soundcards. System tray application for News updates. Available
via Start -> Programs. Also spyware - see here. |
| X |
NewtonKnowsUpd |
NewtKnow.exe ...NewtnUpd.dll,
runkey |
NewtonKnows
hijacker |
| U |
NexusServer |
PNXSERVR.exe |
Related to ProCoder 2.0 from Canopus. "ProCoder 2.0
software combines speed and flexibility into a streamlined video conversion
tool for professionals. Featuring, extensive input/output options, advanced
filtering, batch processing and an easy-to-use interface, ProCoder 2.0 is the
ideal solution for high-quality multi-format video creation" |
| U |
NFM Service |
NPDOR9x.exe |
Appears in startup if you have chosen to participate in on
survey by NPD Online Research. Required for the survey to work correctly.
Otherwise not required |
| X |
Nfo |
nfomon.exe |
Delfin Media Viewer adware related |
| N |
nForce Tray Options |
sstray.exe |
nVidia nForce Taskbar Utility -
quick access to the nForce2 "Sound Storm" control panel and related
utilitys |
| U |
NGClient |
ngctw32.exe |
Symantec Ghost Server software -
needed for a "a Ghost multicast" (transfer images to multiple
machines). Can be launched manually |
| X |
ngpw36 |
ngpw36.exe |
AdBlaster adware variant |
| N |
NGServer |
ngserver.exe |
Symantec/Norton Ghost Console
service |
| N |
NI.UERSM_0001_N68M1602 |
UERSM_0001_N68M1602NetInstaller.exe |
ErrorSafe security risk that may give exaggerated reports of
threats on the computer. The program then prompts the user to purchase a
registered version of the software in order to remove the reported threats |
| X |
NI.UWA6P_0001_N56M1001 |
WinAntiVirusPro2006Installer.exe |
WinFixer web installer. Winfixer is "Foistware",
pretending to be system optimization, protection and recovery software -
stealth installed, see here |
| U |
NI.UWA6P_0001_N69M0303 |
WinAntiVirusPro2006Installer[1].exe |
WinFixer web installer. Winfixer is "Foistware",
pretending to be system optimization, protection and recovery software -
stealth installed, see here |
| N |
NI.UWA6P_0001_N73M1004 |
WinAntiVirusPro2006FreeInstall.exe |
WinAntiVirus
Pro 2006 virus software - not recommended, see here |
| N |
NI.UWA6P_0001_N91M1807 |
winantiviruspro2006freeinstall[1].exe |
WinAntiVirus
Pro 2006 virus software - not recommended, see here |
| N |
NI.UWA7P_0001_N91M0809 |
winantiviruspro2007freeinstall[1].exe |
WinAntiVirus
Pro 2007 virus software - not recommended, see here |
| X |
NI.UWAS6_0001_N68M2301 |
UWAS6_0001_N68M2301NetInstaller.exe |
WinFixer web installer. Winfixer is "Foistware",
pretending to be system optimization, protection and recovery software -
stealth installed, see here |
| X |
NI.UWFX5 |
UWFX5NetInstaller.exe |
WinFixer web installer. Winfixer is "Foistware",
pretending to be system optimization, protection and recovery software -
stealth installed, see here |
| X |
NI.UWFX5[various] |
[various filenames] |
WinFixer web installer. Winfixer is "Foistware",
pretending to be system optimization, protection and recovery software -
stealth installed, see here. Example filenames are
UWFX5LP_0001_0802NetInstaller.exe, UWFX5V_0001_0802NetInstaller.exe, UWFX5_0001_N66M1101NETINSTALLER.EXE,
1D7C.tmp, WinFixerScannerInstall[1].exe |
| X |
NI.UWFX5T |
UWFX5TNetInstaller.exe |
Added by the DOWNLDR-BO TROJAN! |
| X |
NiceDownloads |
rundll32.exe MSA64CHK.dll,
DllMostrar |
MatrixDialer related |
| X |
Nielsen NetRatings |
insight.exe |
NetRatings Premeter spyware |
| U |
NIHomeAM |
LiteClientAM.exe |
A managed web based
internet security service that provides comprehensive & total protection
for laptops/desktops - regardless of how, when or where they connect to the
Internet. Made by Netintelligence Ltd |
| X |
nikLaus |
nikLaus.exe |
Added by the NIKLAS WORM! |
| N |
NInit |
NInit.exe |
Norton Uninstall Deluxe.
Monitors programs being installed and logs them for removing later. Available
via Start -> Programs for manual logging - not required |
| Y |
nisserv |
NISSERV.EXE |
Norton Personal Firewall |
| Y |
Nisum |
NISUM.EXE |
Norton Personal Firewall |
| U |
niSvcLoc |
niSvcLoc.exe |
Related to National
Instruments Corp. LabView |
| X |
NJG40 |
NJG40.EXE |
Added by the BANCOS.D TROJAN! |
| N |
NkbMonitor |
NkbMonitor.exe |
Part of Nikon PictureProject - image management for Nikon
digital cameras |
| N |
NkvMon.exe |
NkvMon.exe |
Nikon View 5 - for transferring
pictures from Nikon digital cameras |
| N |
NkVwMon.exe |
NkVwMon.exe |
Nikon View - for transferring
pictures from Nikon digital cameras |
| U |
NliaClient |
Netpia.exe |
Netpia
NLIA System - "In the existing Internet address system, the Domain Name
System (DNS) layer runs on the IP address layer. In the NLIA system, however,
the upper layer is implemented on DNS" |
| X |
NLS Keyboard |
keyboard.exe |
Added by a variant of the SPYBOT WORM! |
| X |
NLS Monitor |
nlsmon.exe |
Added by the RBOT-AXJ WORM! |
| U |
nmapp |
nmapp.exe |
Pure Networks
"Network Magic eliminates common frustrations and saves time by
simplifying and automating set up, management and repair of home networks,
and makes printer and file sharing effortless" |
| U |
NMBgMonitor |
NMBgMonitor.exe |
Associated with Nero Scout,
added by version 7 of the Nero digital media suite (CD & DVD burning,
authoring, etc). Thanks to Help2Go.com, if you feel this is draining more
resources that necessary you can disable it by clicking here |
| U |
NMFirstStart |
NMFirstStart.exe |
Associated with Nero Scout,
added by version 7 of the Nero digital media suite (CD & DVD burning,
authoring, etc). Thanks to Help2Go.com, if you feel this is draining more
resources that necessary you can disable it by clicking here |
| X |
nmgr |
nnmgr.exe |
Added by the Adware.FFToolBar adware toolbar |
| ? |
NMSSvc |
NMSSVC.EXE |
NIC Management Service -
diagnostics program for Intel Pro family network cards |
| Y |
NMSVC |
nmSvc.exe |
Covenant Eyes - surveillance software that creates records of
everything people do on a computer, ie, spying or monitoring depending upon
how you call it. Disabling it means loss of internet connection until
renabled - therefore required if you use it |
| ? |
nMTaskBarService |
nMtsk.exe |
Taskbar control for ISDN
NetMod modem. What does it do and is it required? |
| U |
NNLL |
nnll.exe |
Net Nanny
internet filter |
| X |
nnqcouu |
nnqcouu.exe |
The Abi Network adware |
| U |
NNSvc |
nnsvc.exe |
Net Nanny
internet filter |
| X |
No Credit Card |
plugin-[random].exe |
Adult content pop-up dialler |
| U |
NoAds |
NoAds.exe |
Blocks advertisement banners in
Internet Explorer |
| U |
NoAdware |
NoAdware.exe |
NoAdware - spyware remover. This version is not recommended -
see here |
| U |
NoAdware3 |
NoAdware3.exe |
NoAdware - spyware remover. Initially not recommended due to
false positives and aggressive advertising but the later versions have since
improved - see here |
| U |
NoAdware4 |
NoAdware4.exe |
NoAdware - spyware remover. Initially not recommended due to
false positives and aggressive advertising but the later versions have since
improved - see here |
| X |
Nocana |
[path to worm] |
Added by the ANACON-B WORM! |
| X |
NOD32 FiX |
regedt32.exe |
NodFix
is a is a potentially unwanted application. This application is given an (X)
status because we does not and will not support Cracks or Warez. Do not
delete the regedt32.exe as it is the legitimate Windows application. NodFix
interferes with the default settings of the NOD32 AV application allowing to
bypass its free using period as well as changes the default update server to
that eval signatures thus allowing to update NOD32 without password. Note -
to avoid interfering with the NOD32 application original settings no full
cleanup can be provided |
| X |
Nod32 Free antivirus |
nod32krn.exe |
Added by the RBOT-AAO WORM! Note
- not the popular free NOD32 antivirus software, which shares the same
filename |
| X |
Nod32 Service |
alserv32.exe |
Added by the RBOT.DHN WORM! |
| X |
Nod32 Service |
nod64.exe |
Added by a
variant of the SDBOT WORM! |
| U |
Nod32CC |
nod32cc.exe |
Control Center
part of Eset's NOD32 virus-scanner. Leave this enabled if you want to update
your virus data files via the click of a button |
| Y |
NOD32kernel |
Nod32krn.exe |
NOD32 antivirus |
| Y |
nod32kui |
nod32kui.exe |
NOD32 antivirus |
| Y |
NOD32POP3 |
Pop3scan.exe |
POP3 E-mail
part of Eset's NOD32 virus-scanner |
| X |
Nod3d2 Free antivirus |
N0D32KRN.EXE |
Added
by the RBOT-ABQ WORM! |
| ? |
NodeMnger |
Nodemngr.exe |
Part of the Dell OpenManage
Client installation - to allow Dell representatives to remote logon? |
| X |
nodriver |
AUEKXRZ.EXE |
Added by a variant of the SPYBOT WORM! |
| X |
Noha |
aasd.exe |
PurityScan/Clickspring adware |
| U |
No-IP DUC |
DUC20.exe |
Part of http://www.no-ip.com provided service. Keeps
No-IP's dynamic nameserver (DNS) updated if and when your computer's
(network's) dynamic IP-address changes so that you can run servers on
computers with dynamic IP. Shortcut available |
| X |
Nokia Check |
nokiacheck.exe |
Added by the WORM_RBOT.CDC WORM! |
| N |
Nokia Connection Monitor |
NclConf.exe |
Monitors the infrared port, the
serial ports and the Bluetooth for a Nokia phone connection. It is installed
by the Nokia PC Suite (and Nokia PC Connectivity SDK), and the tray icon
shows if a phone has been connected. If you have a conflict with another
program, such as TV tuner card remote control monitor, you can disable it,
and run only when needed. Available via a desktop shortcut or Start ->
Programs - not required |
| U |
Nokia Tray Application |
NclTray.exe |
Nokia PC Suite 5 - "A
collection of powerful tools that you can use to manage your phone features
and data." Synchronize the phone with, for example Outlook. You can also
use it to browse your phone, edit the phone list and so on |
| U |
NOMAD Detector |
ctnmrun.exe |
Detects the Creative NOMAD
jukebox/MP3 player at the time it is attached to USB and starts the needed
application (Creative PlayCentre 2) that you use to copy MP3 files to and
from it. This is required if you want PlayCentre 2 to take control of the
NOMAD once connected |
| N |
NomdCheck |
nomdchek.exe |
Part of Intel's Native Audio |
| U |
nomtray |
nomtray.exe |
System Tray access to NetMotion Wireless options - including
connectivity status (see here) |
| X |
Nord |
nordsys.exe |
Added
by the DREF-S WORM! |
| U |
Norman ZANDA |
ZLH.EXE |
System Tray icon for Norman Antivirus |
| X |
NortE Antivirus |
norte.exe |
Added by the RBOT.BQQ WORM! |
| X |
NortE Antivirus |
norten.exe |
Added by the RBOT-AFF WORM! |
| X |
norten Software Intrenet |
norten.pif |
Added by the RBOT-AWA WORM! |
| X |
Norton Antiviral Scanner |
navscnr.exe |
Added by the DELBOT-K WORM! |
| X |
Norton Antivirus |
nortonav.exe |
Added by the RBOT-AYE TROJAN! Note - this is not the real
Norton AV! |
| X |
Norton Antivirus 2004 |
SYMANTECAV2.EXE |
Added by the SPYBOT-DY WORM! Note - this is not the real
Norton AV! |
| X |
Norton Antivirus 7.0a |
[path to file] |
Added by the PERDA-B or RANCK-CT
TROJANS! |
| X |
Norton Antivirus AV |
FVProtect.exe |
Added by the NETSKY.P WORM! Note - this is not the popular AV
software! |
| X |
Norton AntiVirus Sys |
NAVsys32.exe |
Added by a variant of the WOOTBOT WORM! |
| X |
Norton Antivirus Updater |
nortonav.exe |
Added by the DELBOT-T WORM! Note - this is not the real
Norton AV! |
| X |
Norton Auto Protect |
crss32.exe |
Added by the SDBOT.ATF WORM! |
| X |
Norton Auto Protect |
nava.exe |
Added by an unidentified WORM or
TROJAN! |
| X |
Norton Auto-Protect |
ccApp.exe |
Added by the AKHER.D WORM! Note - for the valid Norton AV
entry the filename is "navapexe". This is also not the valid Norton
AV file with the same filename |
| Y |
Norton Auto-Protect |
navapw32.exe |
Norton Anti-Virus's background
scanning process |
| X |
Norton Auto-Protect |
SERVICES.exe |
Added by the Ahker.B WORM! Note
- this is not the legitimate services.exe process which is always located in
the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is located in the Windows or Winnt
folder. Also, this is not part of Norton AV |
| ? |
Norton AV Preload |
Premend.exe |
Norton Antivirus related. What does it do and is it required |
| X |
Norton AV Protection Startup |
Ati2xxx.exe |
Added by a variant of the RBOT WORM! |
| N |
Norton Crashguard Monitor |
cgmenu.exe |
Troublesome program that doesn't
actually work with WinME so Norton removed it from SystemWorks 2001 |
| N |
Norton Disk Doctor |
Ndd32.exe |
Norton Disk Doctor from Norton
Utilities. Automatically runs at start-up, checking for disk errors. Better
than ScanDisk but can be started manually via Start -> Programs. Delete
the shortcut in the Start -> Programs -> Startup folder as well |
| X |
Norton Drive Protection |
msdt32.exe |
Added by the FORBOT-GB WORM! Note - this not a valid Norton
program! |
| Y |
Norton eMail Protect |
POPROXY.EXE |
Proxy E-mail protection from
Norton Anti-Virus (prior to 2002). If you have it installed, leave it enabled
to automatically check for suspect attachments in E-mails that may contain
viruses. It downloads the E-mail into poproxy, which serves as a proxy server
on the local machine, before scanning it |
| X |
Norton Firewall |
[path to trojan] |
Added by the BANKER-ET TROJAN! |
| N |
Norton Ghost 9.0 |
GhostTray.exe |
Norton
Ghost tray icon - the application can be launched manually |
| X |
Norton Guard 32 |
ntguard32.exe |
Added by a variant of the RBOT WORM! |
| X |
Norton Live Update Server |
cpsdv.exe |
Added by the AGOBOT.EW TROJAN! |
| X |
Norton Live Updater |
Cavapsvc.exe |
Added by the GAOBOT.AO WORM! |
| X |
Norton Live Updater |
Sochost.exe |
Added by the GAOBOT.AO WORM! |
| N |
Norton Navigator Loader |
nnloader.exe |
An older Norton utility for file management under Windows 95.
More information here |
| Y |
Norton Personal Firewall |
IntroWiz.exe |
Part of Norton Personal Firewall
or Norton Internet Security |
| X |
Norton Personal Firewall |
jah.exe |
Added by a variant of the SDBOT WORM! |
| X |
Norton Personal Firewall |
lah.exe |
Added by a variant of the RBOT WORM! |
| X |
Norton Personal Firewall |
npfw.exe |
Added
by the RBOT-UI WORM! |
| X |
Norton Personal Firewall |
npfw32.exe |
Added
by the RBOT-UQ WORM! |
| U |
Norton Program Scheduler |
NPSsvc.exe |
Installed on a Windows system
where the Windows Task Scheduler isn't used as part of the OS (Win95,
WinNT(?), Win2K(?)) to schedule automatic tasks such as Norton Anti-Virus
scans |
| U |
Norton Program Scheduler |
nsched32.exe |
Installed on a Windows system
where the Windows Task Scheduler isn't used as part of the OS (Win95,
WinNT(?), Win2K(?)) to schedule automatic tasks such as Norton Anti-Virus
scans |
| ? |
Norton Program Scheduler Event
Checker |
npscheck.exe |
Part of Norton Anti-Virus. What
does it do? Apparently it can safely be disabled without causing problems.
Can also be listed as NPS Event Checker |
| X |
Norton Protect |
npprotect.exe |
Added
by the RBOT-WW WORM! |
| X |
Norton protect |
nvsvc.exe |
Added by a variant of the RBOT WORM! |
| X |
Norton Protect Activies |
csrss.exe |
Added by the BANKER-CZ TROJAN!
Note - this is not the legitimate csrss.exe process which is always located
in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is located in a "D5133"
subfolder |
| X |
Norton Service Driver |
wsul.exe |
Added
by the RBOT-ABI WORM! |
| X |
Norton Service Process |
navapvc.exe |
Added by a variant of the AGOBOT/GAOBOT WORM! |
| X |
Norton SpySweeper AutoUpdate |
navsw.exe |
Added by the FORBOT-AS WORM! |
| X |
Norton System |
csrs.scr |
Added by the BANLOA-AFM TROJAN! |
| N |
Norton System Doctor |
Sysdoc32.exe |
Norton Disk Doctor from Norton
Utilities. Automatically runs at start-up, major resource hog and best
started manually form Start -> Programs. Delete the shortcut in the Start
-> Programs -> Startup folder as well |
| N |
Norton SystemWorks |
cfgwiz.exe |
Norton System Works
configuration wizard. Reportedly a resource hog. Many users find they can
live without loading it |
| X |
Norton Update |
ccUpdate.exe |
Added by a variant of the AGOBOT/GAOBOT WORM! |
| X |
Norton Update |
cUpdate.exe |
Added by the AGOBOT.APP WORM! |
| X |
Norton Update |
winsvc.exe |
Added by the AGOBOT.ALP WORM! |
| X |
Norton updated |
NVSV32.EXE |
Added by the SDBOT.ABH WORM! |
| X |
Norton Updater |
ccUpdate.exe |
Added by a variant of the AGOBOT/GAOBOT WORM! |
| X |
Norton Updater |
lsa.exe |
Added by a variant of the RBOT WORM! |
| X |
Norton Updater |
navupdtr.exe |
Added by the SDBOT.AXV WORM! |
| X |
Norton Updater |
NortonUpdate.exe |
Added by an unidentified WORM or
TROJAN! |
| X |
Norton Updater |
winset.exe |
Added by a variant of the SPYBOT WORM! |
| X |
Norton Wizzard |
nwiz.exe |
Added by the GAOBOT.ADV WORM! Note - this is not the valid
nVidia application that shares the same name |
| X |
norton32 |
norton32.exe |
Added by an unidentified VIRUS,
WORM or TROJAN! |
| X |
NortonAntivirus |
LSASS.exe |
Added by the PEXMOR WORM! Note -
this is not the legitimate lsass.exe process which is always located in the
System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure
in Msconfig/Startup! This file is located in a "Temp" subfolder of
the Winnt or Windows folder. It also has nothing to do with Norton AV |
| X |
nortonav |
CCUPD32.EXE |
Added by an unidentified WORM or
TROJAN! |
| X |
NortonAV |
norton_antivirus.exe |
Added by the NETJOE TROJAN! Note - this is not the legitimate
Symantec AV program |
| X |
nortonp |
nortonp.exe |
Added
by the JD-A TROJAN! |
| X |
Nortons AV SYSTEM |
scvchost.exe |
Added by a variant of the RBOT WORM! |
| X |
Nortons AVS Systems |
arse.exe |
Added by the RBOT.AWY WORM! |
| X |
nortonsantivirus |
ccEvtMngr.exe |
Added by the HZDOOR-A TROJAN! |
| X |
NortonVPlus |
svchost.exe |
Added by the ROAMER-A TROJAN!
Note - this is not the legitimate svchost.exe process which should not
normally figure in Msconfig/Startup! |
| U |
Notebook Maximizer |
maximizer_startup.exe |
Toshiba Notebook Maximizer
software - adjust settings to save battery power and increase efficiency |
| ? |
NotebookManager |
nbm.exe |
Associated with Acer notebook
PCs. What does it do and is it required? |
| X |
NotePad |
[worm filename] |
Added by the SILLYFDC-G WORM! |
| X |
NOTEPAD |
NOTEPAD.exe |
Added as the result of the RUSTY
VIRUS! Note - not to be confused with the valid Windows "NOTEPAD"
text editor! This malware actually changes the default value data of the
Registry "Run" key in order to force Windows to launch it at boot.
Name field may be empty |
| X |
Notepad |
ntoepad.exe |
Added by the DELBOT-AK WORM! |
| X |
Notepad lptt01 |
notepad.exe |
RapidBlaster variant (in a
"Notepad" folder in Program Files). Recommended you use
RapidBlaster Killer to uninstall - see here. Note - this is not Windows
Notepad which has the same executable name |
| X |
Notepad ml097e |
notepad.exe |
RapidBlaster variant (in a
"Notepad" folder in Program Files). Recommended you use
RapidBlaster Killer to uninstall - see here. Note - this is not Windows
Notepad which has the same executable name |
| X |
notepad.exe |
msmsgs.exe |
Added by a variant of the FAKESPY-B TROJAN! Note - this
particular msmsgs.exe file is located in the WindowsSystem32 or WinntSystem32
folder, and should not be mistaken for the MSN Messenger file of the same
name! |
| X |
notepad.exe |
msmsgs.exe |
Added
by the ZLOB-I TROJAN! Note - not be mistaken for the MSN Messenger file of
the same name! |
| X |
notepad.exe |
msmsgs.exe |
Added by the ZLOB-I and ZLOB-H
TROJANS! Note - not to be confused with msmsgs.exe, the well known MSN
Instant Messaging application! |
| X |
notepad.exe |
upx.exe |
Added by a variant of the
AGENT.AH TROJAN! |
| X |
notepad2.exe |
popuper.exe |
Added
by the PUPER-E TROJAN! |
| X |
notes |
notepaad.exe |
Added by the RBOT.BME WORM! |
| X |
Notification Utility |
altpayV2.exe |
Reported by Ewido Security
Suite as WeirWeb adware |
| X |
Notn |
Eber.exe |
PurityScan/Clickspring adware |
| X |
Notn |
wtta.exe |
PurityScan/Clickspring adware |
| U |
NovaBackup * Tray Control |
NbkCtrl.exe |
Scheduling engine of NovaSTOR
Backup Service. Only required if scheduling is enabled and wanted - see here.
* represents the version number |
| ? |
NovaPortal Single User Service |
NPSU.exe |
?? |
| U |
NovastorSchedulerd |
SCHENGD.EXE |
NovaStor NovaBACKUP Scheduler -
back-up utility. If you don't have regularly scheduled back-ups you don't
need it |
| X |
NOYPI_KANG_ASTIG |
Exit to DosPrompt.pif |
Added by the FILUKIN.A WORM! |
| X |
np |
upnp.exe |
Added by the YABE.AE TROJAN! |
| X |
NPF Value |
NPFMONTR.exe |
Added by a variant of the SPYBOT WORM! |
| ? |
NPFMonitor |
NPFMntor.exe |
Norton AntiVirus Firewall
Install Monitor. What does it do and is it required? |
| U |
NPROTECT |
nprotect.exe |
Norton Protected Recycle Bin
from Norton Utilities. Adds an extra layer of safety before you remove
deleted files from the Recycled Bin. Can be listed twice which is valid |
| ? |
NPS Event Checker |
npscheck.exe |
Part of Norton Anti-Virus. What
does it do? Apparently it can safely be disabled without causing problems.
Can also be listed as Norton Program Scheduler Event
Checker |
| X |
NS |
ns.exe |
Added by the AGOBOT-HS WORM! |
| X |
NSCheck |
NSCHECK.EXE |
MarketScore parasite - ActiveX control used to download
premium-rate dialers |
| X |
nscntrl |
nscntrl.exe |
Added by the DLOAD-DC TROJAN! |
| X |
nsdcmd services |
nsdcmdav.exe |
Added by a variant of the AGOBOT/GAOBOT WORM! |
| X |
nsdcmd vid process |
nsdcmdwin.exe |
Added by a variant of the AGOBOT/GAOBOT WORM! |
| X |
nsdlua |
nsdlua.exe |
All-In-One Telcom - adult
content dialler |
| X |
nsdriver |
nssys32.exe |
NetShagg
adware |
| X |
nse |
nse.exe |
Added by the AGOBOT-ML WORM! |
| U |
Nsengine |
Nsengine.exe |
Scheduling engine of NovaSTOR
Backup Service. Only required if scheduling is enabled and wanted - see here |
| U |
NSHelper |
aexnsinstallhelper.exe |
Altiris Express Notification
Server Install helper - monitors integrity of the installation |
| X |
nssysconf |
[random filename] |
Added by the VIVIA.A TROJAN! |
| X |
nstat |
netstat.exe |
Adult content dialler |
| X |
NSupdate |
NSupdate.exe |
Added
by the Dial/Laet-B premium rate dialer! |
| X |
Nsv |
nsvsvc.exe |
Delfin Promulgate adware |
| X |
nsvcin |
n20050308.exe |
Delfin Media Viewer adware related |
| X |
Nsvdr |
nsvdr.exe |
Adult content dialler |
| U |
nsys |
nsys.exe |
NetSpy keystroke logger/monitoring program - remove unless you
installed it yourself! |
| X |
nsys32 |
nsys32.exe |
Added by the AGOBOT-SU WORM! |
| N |
NSystemMonitor |
Symmon.exe |
Norton Uninstall Deluxe -
monitors programs being installed and logs them for removing later. Available
via Start -> Programs for manual logging |
| N |
NT Kernel Patch |
ntkrnlpt.exe |
FaxServe network fax
software |
| X |
NT Logging Service |
Syslog32.exe |
Added by the DONK.B WORM and variants! |
| X |
NT MICROSOFT SVCD |
ntvsvcd.exe |
Added by a variant of the RBOT WORM! |
| X |
NT security |
rundll32.com |
Added by the RBOT-AJC WORM! |
| X |
NT Service |
NTOKSRNL.EXE |
Added by the RBOT-AAG WORM! |
| X |
NT Services |
ntsvc.exe |
Added by the AGOBOT.VJ WORM! |
| X |
Nt System Protocol |
ntsystem.exe |
Added by the RBOT.DSB TROJAN! |
| X |
NT Virtual Machine |
[path to file] |
Added by the SCAERBOT-A WORM! |
| X |
Nt**.exe [* = random char] |
Nt**.exe [* = random char] |
CoolWebSearch/HomeSearch adware
- for examples, see this log |
| X |
Nt**32.exe [* = random char] |
Nt**32.exe [* = random char] |
CoolWebSearch/HomeSearch adware
- for examples, see this log |
| X |
Ntcheck |
mapserver.exe |
Added by the TOMPAI-B WORM! |
| X |
NTCommLib3 |
NTCommLib3.exe |
Admess adware variant |
| X |
ntddetect |
ntddetect.exe |
Added by the AGENT-CU TROJAN! |
| X |
NTdhcp |
CiKewl.exe |
Added by the QQROB-N TROJAN! |
| X |
NTdhcp |
NTdhcp.exe |
Added by the QQROB-C TROJAN! |
| X |
ntdll |
ntdll.exe |
Added by the BIONET.404 TROJAN! |
| X |
ntdll.dll |
TrustCleaner.exe |
Smitfraud variant |
| X |
NTDLM |
csrss.exe |
Added by the HALE TROJAN! Note -
this is not the legitimate csrss.exe process which is always located in the
System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure
in Msconfig/Startup! This file is located in a "Qossrv" subfolder |
| X |
Ntech.patchs |
[trojan filename] |
Added by the LEMIR.G TROJAN! |
| X |
ntechin |
n20050308.exe |
Delfin Media Viewer adware related |
| X |
nternet Explorer |
iexplore.exe |
Added by the FORBOT-CT WORM!
Note - this is not the legitimate Internet Explorer (iexplore.exe) process,
which is always located in the Program FilesInternet Explorer folder and
should not normally figure in Msconfig/Startup unless you add it manually! This
file is located in the System (9x/Me) or System32 (NT/2K/XP) folder |
| X |
NTFS16 |
ntfs16.exe |
Added
by the RBOT-LY WORM! |
| Y |
NTFSCLUP |
NTFSCLUP.EXE |
Part of ConfigSafe- "checks
if an ntfssos restore has been performed since it was last run. It exits
immediately after running. 99+% of the time it will only execute about a
dozen instructions before exiting" |
| X |
ntfsmonitorpro |
ntfs64.exe |
Added by the FORBOT-EB WORM! |
| X |
NTFSS Microsoft System |
filees.exe |
Added by the RBOT.GAB WORM! |
| X |
NTFSS MICROSOFT SYSTEM |
filess.exe |
Added by the RBOT.AXZ WORM! |
| Y |
ntl Netguard |
RPS.exe |
ntl
Netguard - anti-virus a package of services, specifically designed to keep
you safe and secure with their ntlworld online services |
| X |
ntldr |
ntldr.exe |
Browser hijacker to
search-control.com (TrojanDropper.Win32.Small.ig). In addition to Registry
changes found by HijackThis, also creates the following system files:
C:WINDOWSSYSTEMntldr.exe, C:m.exe, C:WINDOWSSearch-For-You.url, C:n.bat,
C:q.exe, C:r.bat |
| N |
ntlfreedom |
rundll32 [path] RyDial.dll,
QuickStart |
NTL
Freedom dial-up ISP software - not required |
| X |
ntmsevt |
ntmsevt.exe |
Added by the STOPED-B TROJAN |
| X |
NTP Server |
[path to trojan] |
Added by the RANKY.F TROJAN! |
| Y |
nTrayFw |
ntrayfw.exe |
Software interface for NVIDIA
ActiveArmor - hardware firewall built into nVidia nForce motherboard chipsets |
| N |
NTrtc |
ntrtc.exe |
Dell year 2000 tool to deal with
non-standard applications. Only required on older Dell PCs that may need this
support |
| X |
NTSet32 |
services.exe |
Added by the WINSPY-C TROJAN!
Note - this is not the legitimate services.exe process which is always
located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not
normally figure in Msconfig/Startup! This file is located in a "dll32"
subfolder of the Windows or Winnt folder |
| X |
NTSF MICROSOFT SYSTEM |
fufffy.exe |
Added by the RBOT-AEL WORM! |
| X |
NTSF Microsoft System |
fylez.exe |
Added by a variant of the RBOT WORM! |
| X |
NTSF MICROSOFT SYSTEM |
marya.exe |
Added by the RBOT-AXY WORM! |
| X |
NTSF MICROSOFT SYSTEM |
ntssf.exe |
Added by a variant of the RBOT WORM! |
| X |
NTSF MICROSOFT SYSTEM |
scvhost.exe |
Added by a variant of the RBOT WORM! |
| X |
NTSF MICROSOFT SYSTEM |
sysman.exe |
Added by the RBOT.EDP WORM! |
| X |
NTSF MICROSOFT SYSTEM |
winsis32.exe |
Added by a variant of the RBOT WORM! |
| X |
NTSF MICROSOFT SYSTEM |
wntsf.exe |
Added by the RBOT.ATC WORM! |
| X |
ntsmod |
ntsmod.exe |
Adware
downloader/installer, probably VX2/Look2Me related - also detected as the
WIN32.VB.RL TROJAN! |
| X |
NTsocket |
NoeWinnt.exe |
Added by the ATAKA-E TROJAN! |
| X |
NTsrv.exe |
NTsrv.exe |
Added by a variant of the SERVU-O TROJAN! |
| X |
Ntsysv |
ntsysv.exe |
Added by the MIFENG-E TROJAN! |
| U |
nTune |
nTune.exe |
nVidia
nTune - motherboard monitoring and overclocking utility for nVidia nForce
chipset based motherboards |
| X |
ntupd32 |
ntupd32.exe |
Unidentified adware/spyware |
| X |
ntupdate |
dnsvc.exe |
Added by the SDBOT-TC WORM! |
| X |
NTupdater |
[path to trojan] |
Added by the DIGARIX-D TROJAN! |
| U |
NTVDM |
NTVDM.EXE |
Windows NT Virtual DOS Machine (NTVDM) for running 16-bit
tasks on the 32-bit OS's (Windows NT, 2K and XP). Required if hardware on a
machine with these OS's needs 16-bit DOS drivers. You can find a bit more
about NTVDM here |
| X |
ntvdmd |
ntvdmd.exe |
Adware downloader - also detected as the DLOADER-YP TROJAN! |
| X |
ntvdscm |
ntvdscm.exe |
Added by the SCKEYLOG-I TROJAN! |
| X |
NT-Virtual Device Manager |
ntvdmn.exe |
Added by the SDBOT-AAA WORM! |
| X |
ntx32 |
ntx32.exe |
Added by an unidentified WORM or
TROJAN! |
| X |
Numerical Xterm Agent |
0x32.exe |
Added by the RBOT-FWP WORM! |
| X |
Numerical Xterm Agents |
2x32.exe |
Added by the RBOT-FWY WORM! |
| X |
Numerical Xtermz Agent |
1x32.exe |
Added by the RBOT-FWX WORM! |
| Y |
NuTCSetupEnviron |
ncoeenv.exe |
Used
by the MKS Toolkit for Enterprise Developers product. NuTCracker is a Unix
runtime environment for Windows, so disabling this would be unwise if you are
using NuTCracker or any 3rd party package that is using it. Since you might
not know what is actually using it it's probably best left alone |
| X |
NvagNT |
nvagNT.exe |
Added by the AGOBOT-RV WORM! |
| X |
nvc Win32 |
nvcvc.exe |
Added by the RBOT-ADD WORM! |
| X |
nvchost |
winlogon.exe |
Added by the KLONE-J TROJAN! |
| X |
NvClipRsv |
svchost.exe |
Added by the DUMARU-K WORM! Note
- this is not the legitimate svchost.exe process which is always located in
the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is found in the Winnt or Windows folder |
| X |
NvClipRsv |
swchost.exe |
Added by the DUMARU-AK WORM! |
| ? |
NVCLOCK |
rundll32 nvclock.dll, fnNvclock |
Overclocking utility for nVidia
based graphics cards? |
| ? |
NvColorInit |
rundll32.exe NvQtwk.dll,
NvColorInit |
Associated with Nvidia based
graphics cards |
| X |
NVCOM |
NVCOM.exe |
Added by the AGOBOT-SB WORM! |
| X |
NvCpl |
[random filename] |
Added by the AGOBOT-APJ WORM! |
| X |
NvCpl |
NvCpl.EXE |
Added by the YANZ.B WORM! |
| X |
NvCpl |
rundl32.exe |
Added by the AGOBOT-TO WORM! Note - the valid version of this
entry has the command line as "rundll32.exe NvCpl.dll,NvStartup" |
| U |
NvCpl |
rundll32.exe NvCpl.dll,
NvStartup |
Intializes the clock and memory
settings on nVidia based graphics cards. Enable if you overclock your card |
| X |
NvCpl |
windowsp.exe |
Added by a
variant of the SDBOT WORM! |
| X |
NvCpl32Deamon |
nvcpl.exe |
Added by the RPCSDBOT.B WORM! |
| X |
NvCplD |
m2gr32.exe |
"Switch" premium rate adult content dialler |
| X |
NvCplD |
ntcpl.exe |
Switch adult content dialler |
| X |
NvCplDaemon |
msmsgrs.exe |
Added by the DLOADER-YI TROJAN! |
| U |
NvCplDaemon |
rundll32.exe NvCpl.dll,
NvStartup |
Intializes the clock and memory
settings on nVidia based graphics cards. Enable if you overclock your card |
| N |
NvCplDaemon |
rundll32.exe NvQtwk.dll,
NvCplDaemon |
System
Tray icon used to change display settings, change the clock rate and memory
speed for nVidia based graphics cards. This is unnecessary since you can
easily configure these settings the way you want them in the Display
Properties and not have to mess with them again. Also disable the
"NVIDIA Driver Helper Service" if enabled as it can cause this
entry to be re-enabled on re-boot (note that this service can also cause
extreme shutdown delays if enabled - see here) |
| X |
NvCplDaemon32 |
anvshell32.exe |
Added
by the XU TROJAN! |
| X |
NvCplDeamon |
nvdisp.exe |
Added by the PEEPVIE-I TROJAN! |
| X |
NvCplDmn |
NAVSVC.EXE |
Added by an unidentified VIRUS,
WORM or TROJAN! |
| X |
NvCplScan |
kav32.exe |
Added by the FORBOT-EW WORM! |
| X |
NvCplScan |
msc32.exe |
Added by the FORBOT-DD WORM! |
| X |
NvCplScan |
nvsc32.exe |
Added by the BROPIA.N WORM! |
| X |
NvCplScan |
winasp.exe |
Added by the FORBOT.BZ WORM! |
| X |
nvctrl.exe |
nvctrl.exe |
Added by the ZLOB.G TROJAN! |
| X |
nvd32 lptt01 |
nvd32.exe |
RapidBlaster variant (in a
"nvd32" folder in Program Files). Recommended you use RapidBlaster
Killer to uninstall - see here |
| X |
nvd32 ml097e |
nvd32.exe |
RapidBlaster variant (in a
"nvd32" folder in Program Files). Recommended you use RapidBlaster
Killer to uninstall - see here |
| U |
NVHotkey |
rundll32.exe [path] nvHotkey.dll |
Enables the use of "hot
keys" for changing setting on Nvidia graphics |
| X |
Nvid |
[8 random charachters] |
Unidentified adware |
| X |
Nvid32 |
Nvid32.exe |
Added by the GEMA TROJAN! |
| X |
Nvidex32 |
Nvidex32.exe |
Added by the GEMA TROJAN! |
| Y |
NVIDIA ActiveArmor |
ntrayfw.exe |
Software interface for NVIDIA
ActiveArmor - hardware firewall built into nVidia nForce motherboard chipsets |
| X |
Nvidia Control Daemon |
nksvc32.exe |
Added by an unidentified WORM or
TROJAN! |
| X |
Nvidia Control Panel |
ncsvc32.exe |
Added by an unidentified VIRUS,
WORM or TROJAN! |
| X |
NVIDIA Driver |
MSPMSPSU.EXE |
Added by the WOOTBOT.Y WORM! |
| X |
nVidia Drivers |
nVidiaDrvers.exe |
Added by the SDBOT-AFX WORM! Note - this is not related to
any nVidia based motherboard or graphics card |
| N |
NVIDIA nForce APU1 Utilities |
NVATray.exe |
nVidia's nForce
Audio Processing Unit (APU)- "provides 3D positional audio and DirectX
8.0 compatibility, and encodes and decodes Dolby Digital 5.1 audio in real
time" |
| U |
NVIDIA nTune |
nTune.exe |
nVidia
nTune - motherboard monitoring and overclocking utility for nVidia nForce
chipset based motherboards |
| U |
NVidia System Utility |
NVSystemUtility.exe |
NVidia
System Utility (now nTune) lets you adjust bus speeds, hardware voltages,
memory controller timings, and fan speed as well as additional settings to
increase performance aggressiveness and hardware voltages. Will also display
a dynamic graph of CPU and system temperatures, hardware voltages, and memory
bus speeds |
| X |
NVIDIA Video drivers |
video_32D.exe |
Added by the AGOBOT.KV WORM! |
| X |
NVIDIA Video drivers |
video_32sD.exe |
Added
by the RBOT-BB WORM! |
| X |
Nvidia32 |
nvidia32.exe |
CoolWebSearch parasite variant -
also detected as the HOSTS-B TROJAN! |
| N |
NvidiaQuickTweak |
rundll32.exe NvQtwk.dll,
NvTaskbarInit |
System Tray icon used to manage
settings for nVidia based graphics cards. May be required for some 3D
applications to recognize your card correctly - such as the game
"Everquest". Otherwise, settings can be changed manually via
Display Properties |
| X |
nvidll32 |
nvidll32.exe |
Added
by the RBOT-XK WORM! |
| U |
NVIEW |
rundll32.exe nview.dll,
nViewLoadHook |
This is a DLL to enable multiple
display monitors on a single computer. It can be a cause of numerous problems
on some computers |
| X |
nviload32 |
nviload32.exe |
Added by the SDBOT-VT WORM! |
| N |
NvInitialize |
rundll32.exe NvQtwk.dll,
NvXTInit |
Thought to enable the clock
frequency option on nVidia control panels. You can overclock without leaving
this enabled |
| X |
nvirundll |
nvirundll.exe |
Added by the SPYBOT.NPS WORM! |
| X |
nvjxue |
nvjxue.exe |
Added by the EYEVEG-J WORM! |
| Y |
NVmax |
NVmax.exe |
NVmax is a old tweaking utility
for NVidia graphics cards. In the startup list if the user chooses to
overclock their card |
| N |
NVMCTRAY |
RUNDLL32.EXE ...NVMCTRAY.DLL,
NvTaskbarInit |
System Tray icon used to manage
settings for nVidia based graphics cards. May be required for some 3D
applications to recognize your card correctly - such as the game
"Everquest". Otherwise, settings can be changed manually via
Display Properties |
| U |
NvMediaCenter |
RunDLL32.exe NvMCTray.dll,
NvTaskbarInit |
System Tray icon used to manage
settings for nVidia based graphics cards. May be required for some 3D
applications to recognize your card correctly - such as the game
"Everquest". Otherwise, settings can be changed manually via
Display Properties |
| N |
NVMixerTray |
NVMixerTray.exe |
System Tray access to audio
controls from nVidia's motherboard ForceWare software |
| X |
nvmsgdwn |
NVMSGDWN.EXE |
Added by the GRABER-D TROJAN! |
| X |
nvpatch |
napatch.exe |
Added by the SASSER-F WORM! |
| U |
NvPvrNetMon |
NvPvrNetMon.exe |
Network
monitor for the Personal Video Recorder function of the NVIDIA ForceWare
Multimedia application - "makes sure you don’t miss your favorite show.
If you won’t be home to watch the show, just use the PVR to set future
recordings" |
| N |
NVQuickTweak |
rundll32.exe NvQtwk.dll,
NvTaskbarInit |
System Tray icon used to manage
settings for nVidia based graphics cards. May be required for some 3D
applications to recognize your card correctly - such as the game
"Everquest". Otherwise, settings can be changed manually via
Display Properties |
| N |
NVRaidService |
nvraidservice.exe |
nVidia NVRaid - hard disk
striping/mirroring utility for increased performance and reliability. Doesn't
seem to be required if you have a RAID setup as there is no performance
difference without it |
| ? |
NVRotateSysTray |
nvsysrot.dll |
Related to NVIDIA nView Control Panel. What does it do and is
it required? |
| N |
NVRT |
nvrt.exe |
NVRefreshTool is a utility that
will automatically detect the maximum refresh rate at each resolution that
your monitor supports |
| ? |
NVRTClk |
NVRTClk.exe |
Related to a Gigabyte video
card. What does it do, and is it required? |
| X |
nvsv32.exe |
asr_fnt.exe |
Added by the WOOTBOT.GE WORM! |
| X |
nvsv32.exe |
cstr.exe |
Added by a
variant of the SDBOT WORM! |
| X |
nvsv32.exe |
nvsv32.exe |
Added by the FORBOT-DI WORM! |
| X |
nvsv32.exe |
nvsv33.exe |
Added by the WOOTBOT.FP WORM! |
| N |
NvSvc |
nvsvc.exe |
NVIDIA Driver Helper Service -
installed when you change from the WDM drivers to nVidia's latest versions
but not requied. Extreme shutdown delays can be encountered with this service
active, but no adverse side effects with it disabled. NOTE: If using drivers
other than nVidia's, such as Asus, this service may have been renamed to
reflect that |
| X |
nvsvc |
nvsvc.exe |
Added by the BANKER-HQ TROJAN!
Note - this is not the valid NVIDIA Driver Helper Service and is located in
the System (9x/Me) or System32 (NT/2K/XP) folder |
| X |
NVSVC |
nvsvc.exe |
Added by the AGOBOT.ALX WORM!
Note - this is not the valid NVIDIA Driver Helper Service and is located in
the System (9x/Me) or System32 (NT/2K/XP) folder |
| X |
nvsvca32 |
clfmon.exe |
Added by the TACTSLAY.E TROJAN! |
| X |
nvsvca32 |
nvsvca32.exe |
Added by the TACTSLAY.E TROJAN! |
| X |
NVSystem32 |
nvscv32.exe |
Added by the AGOBOT-NO WORM! |
| X |
NvUpdater |
nwiz32.exe |
Added by a variant of the RBOT WORM! |
| X |
NvXplDeamon |
xstyles.exe |
Added by the SMALL.AJ VIRUS! |
| ? |
NWEReboot |
dummy.exe |
?? |
| U |
nwiz |
nwiz.exe |
Nvidia nView Wizard - present
with the newer versions of nVidia graphics cards drivers. Allows you to
immensely improve desktop layouts by setting preferences and optimizations.
If you use any of the special nView features available in the control panel leave
this alone - otherwise you can disable it |
| X |
nwiz32 |
nwiz32.exe |
Added by the SINBANK-A TROJAN! |
| Y |
Nwpopup |
Nwpopup.exe |
Broadcast
message handler part of Novell Netware that displays server, printer and
other messages |
| U |
nwrecmsg |
nwrecmsg.exe |
Broadcast
message handler part of Novell Netware that displays server, printer and
other messages - can cause crashes |
| U |
nwss |
Sp0.exe |
SpyOutside surveillance software. Uninstall this software
unless you put it there yourself |
| Y |
NWTRAY |
nwtray.exe |
Novell
Netware. Displays the red "N" tray icon which can be disabled (by
right-click on the icon) but is also needed by the client |
| ? |
oadaemon |
oadaemon.exe |
Background process that
establishes connection with a C3-1000 scanner and watch general status of the
device and for scanner button presses. Can it be started
manually? |
| Y |
oahstifr |
oahstifr.exe |
Comes with
HyperTextStudio. From the supplier - "The Osserver maintains the
database for HyperText Studio projects - absolutely vital, it verifies all
the links etc in a site. It runs as a service in NT, 2K and XP but needs to
start up in Win 9.x so you'll see a DOS box for a short while during boot
up." |
| U |
OAKSTART |
OAKSTART.EXE |
Sets the spindown timeout and
access speeds at startup and displays a splash screen for CD-RW. |
| N |
OAKTASK |
OAKTASK.EXE |
Taskbar utility for a
"control panel" for a CD-RW |
| U |
OASClnt |
oasclnt.exe |
McAfee VirusScan On-Access Scan
Client service |
| Y |
Object Store Server |
osserver.exe |
Comes with
HyperTextStudio. From the supplier - "The Osserver maintains the
database for HyperText Studio projects - absolutely vital, it verifies all
the links etc in a site. It runs as a service in NT, 2K and XP but needs to
start up in Win 9.x so you'll see a DOS box for a short while during boot
up." |
| ? |
objtjprx |
objtjprx.exe |
?? |
| ? |
obsver |
obsver.exe |
Part of LingoWare
translating software - what does it do and is it required? |
| N |
OCAudioIni |
OCAudioIni.exe |
One-click
Audio Converter - allows you to convert files of multiple audio formats right
from Windows Explorer |
| N |
ocraware |
ocraware.exe |
Optical Character Recognition software as part of OmniPage Limited Edition -
supplied with some scanners. Scan directly into most word processor
applications, such as Word, WordPerfect, etc. Available via Start ->
Programs |
| U |
Octoshape Streaming Services |
OctoshapeClient.exe |
Octoshape Live Streaming -
"is a revolutionary technology that will reduce your bandwidth cost and
improve the quality in sound and picture" |
| X |
ocx32 |
ocx32.exe |
Added by the ASTEF or RESPAN
WORMS! |
| X |
OCXUPDT32 |
ocxupdt32.exe |
Added by the AGOBOT-IF WORM! |
| X |
OD |
SYSCNTR.EXE |
HotVideo dialler |
| U |
ODBC BackUp |
fdxxl.exe |
G Data "PC Spion". PC monitoring and surveilling
software, captures all users activity on the PC, see here. Disable/remove if
you didn't install it yourself! |
| X |
oddworldz.exe |
oddworldz.exe |
Added by the MULTIDR-EG TROJAN! |
| X |
od-matrxx |
od-matrxx.exe |
Adult dialler - xx can be any
number |
| N |
Odometer |
Odometer.EXE |
Mouse odometer - tracks how far
your pointer/arrow has traveled on the screen. Shortcut available |
| U |
ODSPConfig |
ODSPConfig.exe |
DsktopSurveil surveillance software. Uninstall this software
if you did not install it yourself |
| X |
od-stndxx |
od-stndxx.exe |
Adult dialler - xx can be any
number |
| X |
od-teenxx |
od-teenxx.exe |
Adult dialler - xx can be any
number |
| X |
oe_drop_spam |
oesrv.exe |
Dropspam
adware |
| Y |
OE_OEM |
TMAS_OEMon.exe |
Related to Trend Micro PC-cillin
- Internet Security 12 |
| X |
Oeloader |
Oeloader.exe |
Xupiter OrbitExplorer toolbar
related. Drive-by foistware. Use Spybot S&D, Adware or similar to detect
and remove and to prevent it re-installing in the future see here |
| X |
OEM Tools 32 |
tres32.exe |
Added by the RBOT.QB WORM! |
| X |
OEM32 Tools |
sres32.exe |
Added by a variant of the SPYBOT WORM! |
| N |
OEMCLEANUP |
oemreset.exe |
Resets OEM installation settings
at bootup. Not required unless you're new to PC's |
| U |
OEMRESET |
oemreset.exe |
Resets OEM installation settings
at bootup. Not required unless you're new to PC's |
| U |
OEMRUNONCE |
oemrun.exe |
Windows Millennium file - used
by setup when installing the OEM 'express' version of the operating system.
Uncheck after setup has finished |
| U |
oeplugin |
bxOEPlugin.exe |
noHTML for Outlook
Express is an add-on that protects Outlook Express from email viruses and
email scripts by converting incoming email messages from HTML format to
simple text |
| ? |
OEPowerPlugs |
winoeinit.exe |
?? |
| U |
oepsrv |
oepsrv.exe |
Outlook Express
Protector is designed for controlling access to Outlook Express and its
e-mail and address data bases |
| X |
OESET |
setup60.exe |
Added by the WAREZDL.28672 TROJAN! |
| U |
OESpamTest |
OESpamTest.ExE |
Kaspersky
Anti-Spam |
| N |
OEXCheck |
EA2Check.exe |
Express Assist
from AJSystems.com. Utility for use with Outlook Express to backup, restore,
synchronize amongst others |
| X |
Offer Companion |
offers.exe |
Adware |
| X |
Offers |
offers.exe |
Adware |
| X |
Office |
Office.exe |
Added by the KRAIMER.12 TROJAN! |
| U |
Office Mail |
off_mail.exe |
Office Mail
from Burrotech Ltd - "complete email solution for small/medium
businesses, homes, schools and colleges. It is a small email server which
forms the perfect gateway between your internal and external email" |
| U |
Office Mail Alerter |
om_Alerter.exe |
Office Mail Alerter -
"alert Office Mail users when they receive new emails" via a System
Tray icon |
| X |
Office Monitor |
adv32.exe |
Added by the SDBOT-CWO WORM! |
| X |
Office Monitorse |
[path to worm] |
Added by the SDBOT-CZX WORM! |
| X |
Office Startup |
Exploer.exe |
Added by the GAOBOT.BV WORM! Note the different filename to
the valid MS Office entries |
| N |
Office Startup |
Osa.exe |
Application which launches
common MS Office components to help speed up the launch of Office programs.
It's somewhat of a resource hog, and some users claim there's no difference
with or without it but it usually isn't required. Note - if you make use of
the Microsoft Office Shortcut Bar outside an office program this application
will need to be enabled for it to show |
| N |
Office Startup |
Osa9.exe |
Application which launches
common MS Office components to help speed up the launch of Office programs.
It's somewhat of a resource hog, and some users claim there's no difference
with or without it but it usually isn't required. Note - if you make use of
the Microsoft Office Shortcut Bar outside an office program this application
will need to be enabled for it to show |
| X |
Office SturtUp |
osa9.exe |
Added by the CLICKER-EC TROJAN! Note - this trojan is located
in the Windows or Winnt folder and should not be confused with the Microsoft
office program, located in Program FilesMicrosoft Office... |
| X |
office_update |
[path to trojan] |
Added by the DLOADER-ZB TROJAN! |
| X |
OfficeAgent |
expIorer.exe |
Added by the TACTSLAY.A TROJAN! |
| X |
OfficeAgent |
outIook.exe |
Added by the TACTSLAY.A TROJAN! |
| X |
OfficeAgent |
svcrhost.exe |
Added by the TACTSLAY.A TROJAN! |
| X |
OfficeAgent |
svcshost.exe |
Added by the TACTSLAY.A TROJAN! |
| X |
OfficeDeamon |
msorunner.exe |
Added by a variant of the TACTSLAY TROJAN! |
| Y |
OfficeGuard RegChecker |
ogrc.exe |
Kaspersky Labs anti-virus |
| X |
OfficeGuardUI |
svcss.exe |
Added by the DEDLER-C TROJAN! |
| ? |
officejet 6100 |
hposol08.exe |
Associated with a HP PSC2110
(and maybe others) all-in-one machine |
| U |
OFFICEKB |
kbdap32a.EXE |
Micro
Innovations keyboard management |
| X |
OfficeQuickAccess |
OfficeHost.vbs |
Added by the PEXMOR WORM! |
| X |
Offices |
msnmgd32.exe |
Added by the FORBOT-DV WORM! |
| X |
Offices Monitors |
[path to worm] |
Added by the RBOT-GKO WORM! |
| X |
Offices Monitorse |
[path to worm] |
Added by the RBOT-GKO WORM! |
| X |
Offices Monitorse |
algose32.exe |
Added by the RBOT-GDD WORM! |
| Y |
OfficeScan95 |
pccwin97.exe |
Trend Micro antivirus OfficeScan |
| Y |
OfficeScanNT Monitor |
pccntmon.exe |
Trend Micro OfficeScan Antivirus real-time scan monitor |
| X |
OFFICEXP |
OFFICEXP.exe |
Added by the WOOTBOT.HE WORM! |
| N |
OfotoNow USB Detection |
Rundll32.exe OFUSBS.DLL,
WatchForConnection OfotoNow |
Autodetects
when a digital camera is attached to a USB port and launches OfotoNow image
software. Available via Start -> Programs |
| Y |
ogrc |
ogrc.exe |
Kaspersky Labs anti-virus |
| N |
Oil Change |
OCTray32.exe |
From CyberMedia/Network
Associates. Checks for updates to software installed on your PC. Available
via Start -> Programs |
| ? |
OIM |
oim.exe |
Related to the O2 (was "genie") mobile phone
service. What does it do and is it required? |
| U |
OKI LPR Utility |
okilpr.exe |
OKI printer utility |
| X |
OLE |
[filename] |
Added by the STAWIN or TARNO.D
TROJANS! |
| X |
OLE Automation Server |
ole32aut.vbe |
CoolWebSearch
parasite variant |
| X |
oleaccrc |
oleaccrc.exe |
Adware downloader -
recognized by Kaspersky antivirus as TrojanDownloader.Agent.am |
| X |
OLEDb Service |
runoledb32.exe |
Added by a variant of the SPYRE.B TROJAN! |
| X |
olehelp |
olehelp.exe |
Added by the BOOKMARKER.D or
BOOKMARKER.G TROJANS! |
| X |
OleLoader |
ole32.exe |
Added by the DELF.BR TROJAN! |
| U |
olesvr |
olesvr.exe |
Salfeld
Child Control - parental control software |
| X |
Olive System |
Szchost.exe |
Added by the MERCURYCAS.A TROJAN! |
| X |
Olympic |
IE4321.exe |
Adult content premium rate
dialer - also detected as SMALL.CZ |
| U |
OM_Monitor |
FirstStart.exe |
Olympus Master - digital camera management tools |
| U |
OM_Monitor |
MONITOR.EXE |
Olympus Master - digital camera management tools |
| X |
Omf4 |
OMF4.EXE |
Added by the FREEMEGA TROJAN! |
| N |
OmgStartup |
omgstartup.exe |
Sony program called OpenMG
Jukebox - player and music organizer |
| U |
OmniHTTPd |
ohttpd.exe |
OmniHTTPd web server
from Omnicron |
| N |
OmniPage |
Opware32.exe |
Part of OmniPage from
Nuance (was Scansoft) - "the fastest, easiest way to turn paper
documents into digital files you can edit". Links Word, via OLE, with
OmniPage. If running, a user can call up OmniPage from inside of Word and ask
it to scan something, via "File, Acquire Page". Also some of
OmniPage's Options dialog boxes are accessible from within Word. Only
required by novices and is Available via Start -> Programs |
| U |
OmniPass |
scureapp.exe |
OmniPass from Softex Inc. -
secure password management software |
| U |
On Screen Display |
OSD.EXE |
By Netropa for HP and other
brands. Same group as KBD MediaCenter & Touch Manager. Pressing a
"hot key" on such a keyboard brings a corresponding panel on the
screen for volume, etc. Nice but not required if you don't adjust things
regularly - can also freeze |
| X |
once |
help.exe |
Identified as the DELF.LF by
Ewido Security Suite |
| N |
One Touch Monitor |
1tou~2.exe |
For Visioneer OneTouch scanners.
System tray access to the control panel for the scanner |
| N |
One Touch Monitor |
ONETOU~2.EXE |
For Visioneer OneTouch scanners.
System tray access to the control panel for the scanner |
| N |
One Touch Monitor |
OneTouchMonitor.exe |
For Visioneer OneTouch scanners.
System tray access to the control panel for the scanner |
| Y |
OneCareUI |
winssnotify.exe |
Related to Windows
OneCare Live from Microsoft |
| N |
ONETOU~2 |
1tou~2.exe |
For Visioneer OneTouch scanners.
System tray access to the control panel for the scanner |
| N |
ONETOU~2 |
ONETOU~2.EXE |
For Visioneer OneTouch scanners.
System tray access to the control panel for the scanner |
| N |
ONETOU~2 |
OneTouchMonitor.exe |
For Visioneer OneTouch scanners.
System tray access to the control panel for the scanner |
| N |
OneTouch Monitor |
OneTouchMon.exe |
For Visioneer OneTouch scanners.
System tray access to the control panel for the scanner |
| N |
OneTouchMonitor |
1tou~2.exe |
For Visioneer OneTouch scanners.
System tray access to the control panel for the scanner |
| N |
OneTouchMonitor |
ONETOU~2.EXE |
For Visioneer OneTouch scanners.
System tray access to the control panel for the scanner |
| N |
OneTouchMonitor |
OneTouchMonitor.exe |
For Visioneer OneTouch scanners.
System tray access to the control panel for the scanner |
| X |
Onflow |
onflow.exe |
Onflow is a internet company
that offers an online advertising program. Not required - uninstall |
| U |
OnfolioStorage |
onfserv.exe |
"Onfolio is the complete solution for collecting,
organizing and sharing online content" |
| ? |
online cdrom |
Active acid.exe |
?? |
| X |
Online Service |
svchost.exe |
Added by the HOSTIDEL.B or
HOSTIDEL.C or TARNO.B TROJANS! Note - this is not the legitimate svchost.exe
process which should NOT appear in Msconfig/Startup! |
| X |
online_party |
online_party.exe |
Adult content dialler |
| U |
OnlinePCfix SmoothSurfer |
SS.exe |
Smooth-Surfer - blocks
banners, ads, popups, and cleans MRU and Recent file lists |
| N |
OnlineTime |
onlinetime.exe |
OnlineTimer - monitors your Windows dial-up network and logs
the time you spend online as well as the resulting costs |
| X |
Onluna Sarvice |
sachost.exe |
Added by the TOFGER-AA TROJAN! |
| X |
Onlune Sarvice |
sachost.exe |
Added by the DAEMONI-J TROJAN! |
| X |
only23 |
SCVHOST.exe |
Added by the PUQ TROJAN! |
| X |
OnSrvr |
OnSrvr.exe |
OnWebMedia adware |
| X |
oo4 |
RunDLL32.EXE [path] oo4.dll,
DllRun |
BookedSpace parasite |
| ? |
OOLHELPT |
OOLHELPT.exe |
?? |
| N |
OP12 Reminder |
Ereg.exe |
Registration reminder
for OmniPage from Nuance (was Scansoft) |
| U |
OpAgent |
OpAgent.exe |
Part of Nuance (was
Scansoft) OmniPage Pro document conversion software |
| X |
Open Service Drivers |
opiater.exe |
Added by a variant of the RBOT WORM! |
| X |
Open Site |
opensite.exe |
OpenSite adware |
| X |
Open Site |
opnste.exe |
OpenSite adware |
| X |
Open2Enter |
runme.exe |
Adult content dialler |
| X |
Open2Enter |
runme2.exe |
Adult content dialler |
| X |
OpenGL Drivers |
0penGLD.exe |
Added
by the YIMP-A WORM! |
| X |
OpenMstart |
mcmgr32.exe |
"Switch" adult content dialler |
| X |
OpenMstart |
mmgr32.exe |
"Switch" adult content dialler |
| X |
OpenMstart |
Snt.exe |
"Switch" premium rate adult content dialler |
| N |
OpenOffice.org *.*.* |
quickstart.exe |
OpenOffice.org office suite
quick start (where "*.*.*" is the version number) |
| N |
OpenOffice.org x |
QUICKS~1.EXE |
Displays OpenOffice quick
start applet in System tray. Right clicking on the icon allows rapid starting
up of components of the OpenOffice suite. Available via Start -> Programs.
Will automatically be started when any OpenOffice component is started from
Start -> Programs. A resource hog (takes > 16 MB of memory).
"x" represents the version number |
| U |
openvpn-gui |
openvpn-gui.exe |
"OpenVPN is a full-featured SSL VPN solution which can
accomodate a wide range of configurations, including remote access,
site-to-site VPNs, WiFi security, and enterprise-scale remote access
solutions with load balancing, failover, and fine-grained
access-controls" |
| U |
Openwares LiveUpdate |
LiveUpdate.exe |
Web-update utility as
used by various types of software - see here |
| N |
Operations Typhoon Rising
Registration |
NOVG.EXE |
Joint
Operations registration reminder |
| N |
Operator |
?? |
Media Pilot operator, in
Win.ini. Locks port open |
| U |
Operator |
xtmop.exe |
Fax/Phone answering facility for
Extreem Machine - as supplied with the old Diamond SupraExpress modems. No
longer supported |
| N |
OpiStat |
OPISTAT.EXE |
OpiStat is a
European Research Institute whose goal is to understand consumer needs and
opinions better |
| X |
OPQFile |
regedit.exe /s ...rad03FA6.tmp |
Unsavoury program that resets
your homepage every time you restart - uncheck in MSCONFIG and delete it via
a registry edit |
| X |
opr |
opr.exe |
MediaMotor adware |
| U |
OpScheduler |
OpScheduler.exe |
Part of Nuance (was
Scansoft) OmniPage Pro document conversion software |
| X |
opsql update check |
opsql.exe |
Added
by the RBOT-ACJ WORM! |
| X |
OPTIMIZER |
iexplore.exe |
Added by the EVEVINC TROJAN!
Note - this is not the legitimate Internet Explorer iexplore.exe process
which is always located in the Program FilesInternet Explorer folder and
should not normally figure in Msconfig/Startup! This file is located in the
System (9x/Me) or System32 (NT/2K/XP) folder |
| X |
Optimum Online |
Netsurf.exe |
OptimumOnline ISP software
related spyware - displays advertising popups and collects information about
user activity |
| X |
Optional Web Drivers For WIN32 |
phqghume.exe |
Added by a variant of the RBOT WORM! |
| U |
OPTMOUSEMOUSE |
optmouse.exe |
Related to a Samsung optical mouse |
| U |
Optus Cable Data Monitor |
datamonitor.exe |
Allows Optus customers to
monitor their actual data usage against Optus' "data allowance
limits" |
| U |
OptusNetUsage |
OptusNet Usage Meter.exe |
Designed specifically for
OptusNet users who wish to have their connection monitored on a frequent
basis. It can also estimate when you are going to hit your usage limit, and
how far over your suggested limit you should be |
| N |
Opware12 |
Opware12.exe |
OmniPage from Nuance
(was Scansoft) - version 12. If running, a user can call up OmniPage from
inside of Word and ask it to scan something, via "File, Acquire
Page." Also some of OmniPage's Options dialog boxes are accessible from
within Word. Only required by novices and is available via Start ->
Programs |
| N |
Opware14 |
Opware14.exe |
OmniPage from Nuance
(was Scansoft) - version 14. If running, a user can call up OmniPage from
inside of Word and ask it to scan something, via "File, Acquire
Page." Also some of OmniPage's Options dialog boxes are accessible from
within Word. Only required by novices and is available via Start ->
Programs |
| N |
Opware15 |
Opware15.exe |
OmniPage from Nuance
(was Scansoft) - version 14. If running, a user can call up OmniPage from
inside of Word and ask it to scan something, via "File, Acquire
Page." Also some of OmniPage's Options dialog boxes are accessible from
within Word. Only required by novices and is available via Start ->
Programs |
| N |
OpwareSE2 |
OpwareSE2.exe |
Hardware bundled
version of OmniPage from Nuance (was Scansoft). If running, a user can call
up OmniPage from inside of Word and ask it to scan something, via "File,
Acquire Page." Also some of OmniPage's Options dialog boxes are
accessible from within Word. Only required by novices and is available via
Start -> Programs |
| N |
OpwareSE4 |
OpwareSE4.exe |
Hardware bundled
version of OmniPage from Nuance (was Scansoft). If running, a user can call
up OmniPage from inside of Word and ask it to scan something, via "File,
Acquire Page." Also some of OmniPage's Options dialog boxes are
accessible from within Word. Only required by novices and is available via
Start -> Programs |
| U |
Oracle Web-to-Go |
webtogo.exe |
"Oracle Web-to-go, a component of Oracle9i Lite,
consists of a collection of modules and services that facilitate development,
deployment, and management of mobile Web applications" |
| X |
OrbitUpdate |
update.exe |
Xupiter OrbitExplorer toolbar
related. Drive-by foistware. Use Spybot S&D, Adware or similar to detect
and remove and to prevent it re-installing in the future see here |
| X |
OrbitView |
view.exe |
Xupiter OrbitExplorer toolbar
related. Drive-by foistware. Use Spybot S&D, Adware or similar to detect
and remove and to prevent it re-installing in the future see here |
| X |
order_Shell |
order_smey.exe |
Added by the BANKSNIF-H TROJAN! |
| N |
OrderReminder |
OrderReminder.exe |
The HP Order Reminder utility is
installed with the HP LaserJet printer software and allows you to set
specific times for reminders to check the current level of toner in the print
cartridge - it also contains an Order Now link to a Web page that helps you
order supplies online from a reseller of your choice |
| X |
orderShell |
order****.exe [* = random char] |
Added by the DLOADR-UN TROJAN! |
| ? |
org5.exe |
org5.exe |
Lotus Organizer 5 application
file, Lotus Organizer software. What does it do and is it
required? |
| X |
OrgyCam |
OrgyCam.exe |
Adult content dialler |
| U |
OrigRage128Tweaker |
RAGE128TWEAK.EXE |
Third party tweaker for ATI Rage
128 Video cards from http://www.rageunderground.com |
| U |
ORiNOCO |
Cmluc.exe |
Client
Manager software for a Proxim ORiNOCO 11a/b/g wireless LAN PCI card |
| X |
OS Security |
mswind32.pif |
Added by the RBOT-ASU WORM! |
| X |
OSA |
winword.exe |
Added by the KANGAROO-A TROJAN! |
| X |
Osa32 |
NTOSA32.exe |
Added by the ANIG WORM! |
| ? |
osCheck |
osCheck.exe |
Part of Norton
Antivirus. What does it do and is it required? |
| U |
OSD |
OSD.exe |
By Netropa for HP and other
brands. Same group as KBD MediaCenter & Touch Manager. Pressing a
"hot key" on such a keyboard brings a corresponding panel on the
screen for volume, etc. Nice but not required if you don't adjust things
regularly - can also freeze |
| X |
OSS |
ossproxy.exe |
MarketScore parasite - ActiveX control used to download
premium-rate dialers |
| X |
OSS |
rk.exe |
MarketScore parasite - ActiveX control used to download
premium-rate dialers |
| X |
OSS |
rlvknlg.exe |
MarketScore parasite - ActiveX control used to download
premium-rate dialers |
| X |
OSSProxy |
OSSPROXY.EXE |
MarketScore parasite - ActiveX control used to download
premium-rate dialers |
| U |
OStivityInvAgt |
ostivity.exe |
OStivity -
"a desktop and server hardware and software asset/inventory solution for
small to enterprise sized organizations that need to quickly gain knowledge
of 'what's installed' without having to manually touch every computer in the
company. The next time the computer logs into the network, a complete
inventory (software and hardware) is taken of the system" |
| X |
Osus |
acao.exe |
PurityScan/Clickspring adware |
| X |
Osus |
rrup.exe |
PurityScan/Clickspring adware. The executable is located in
the user's "Application Data" folder or the Program Fileshtwu
folder |
| X |
otcx |
otcxxh.exe |
Added by the CAROOL TROJAN! |
| X |
outlook |
outlook.exe |
Added by the SDBOT-RU WORM! |
| X |
outlook |
outlook.exe |
Added by the ALCRA.F WORM! Note - this is not the valid MS
Office program which is found in Program FilesMicrosoft OfficeOffice. This
file is found in Program FilesOutlook |
| X |
Outlook Express Config |
*****.exe [* = random char] |
Added by a variant of the RBOT WORM! |
| X |
Outlook Express Protocol |
look.exe |
Added by the RBOT-ACS WORM! |
| X |
Outlook Mail Services |
express.exe |
Added by the RBOT.CJN WORM! |
| X |
Outlook Mail Services |
outlook.exe |
Added by the RBOT-BKA TROJAN! Note that the valid MS Outlook
executeable is located in the Program FilesMicrosoft OfficeOffice directory
wheras this one is found in the System (9x/Me) or System32 (NT/2K/XP) folder |
| X |
OutLooks |
InSane.exe |
Added by the SWOOP TROJAN! |
| Y |
Outpost Firewall |
outpost.exe |
Outpost
personal firewall |
| Y |
OutpostFeedBack |
feedback.exe |
Part of Outpost firewall by Agnitum. The feedback service is
for reporting issues directly to Agnitum from within OP |
| X |
outpostupdate |
outpostupdate.exe |
Added by the COSIAM-C TROJAN! |
| X |
Outwar |
syslaunch.exe |
Outwar adware downloader |
| ? |
OVCJ |
ovcj.exe |
?? |
| N |
Overnet |
Overnet.exe |
Overnet peer-to-peer (P2P) file sharing program |
| X |
ovyriwi |
telace.exe |
Added by the SDBOT.BVS WORM! |
| U |
OWCCardbusTray |
ocbtray.exe |
Icon in the system tray for
safely removing PCMCIA cards. Only required if you have a laptop or desktop
which includes a PCMCIA card interface |
| U |
OWCWebCamDV |
wcdvtray.exe |
WebCamDV from
Orange Micro, Inc - enables the user to use a DV camera connected via
Firewire as a Webcam |
| X |
OWMngr |
OWMngr.exe |
OnWebMedia/SearchSeekFind advertising foistware |
| U |
OxigenClientAdmin |
Oxigen.exe |
Open University Oxigen
screensaver admin client. Downloads the latest information from the net to
display in the screen saver |
| X |
oz2 |
oz2.exe |
Added by the MYDOOM.W WORM! |
| N |
p_981116 |
p_981116.exe |
Win32 cabinet self extractor. More info here |
| X |
P0w3rF1Y |
svchost.exe |
Added by the MM TROJAN! Note -
this is not the legitimate svchost.exe process which is always located in the
System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure
in Msconfig/Startup! This file is located in the Winnt or Windows folder |
| U |
P17Helper |
Rundll32 P17.dll, P17Helper |
ASIO (Audio Stream In/Out) drivers for the SoundBlaster
Audigy 2 series soundcards - for recording and home project studios. Required
if you use this functionality |
| N |
P2P Networking |
P2P |
Peer to Peer (P2P) sharing of
files on the internet |
| N |
P2P NETWORKING |
P2P Networking.exe |
Peer to Peer (P2P) sharing of
files on the internet |
| X |
p2p networking |
p2pnetworking.exe |
Added by the RBOT-ECP WORM! |
| X |
P2P Networking2 |
P2P Networking2.exe |
P2P Networking2.exe is an
advertising program by Joltid. This process monitors your browsing habits and
distributes the data back to the author's servers for analysis. This also
prompts advertising popups. This program is a registered security risk and should
be removed immediately |
| N |
P2P Networking3 |
P2P Networking3.exe |
P2P Networking, a component bundled with Kazaa that enables
other applications to use Peer-to-Peer functionality. Not required - see here |
| X |
p2pnetwork |
p2pnetwork.exe |
Added by the ALCAN.A WORM! |
| X |
p2pnetworking |
p2pnetworking.exe |
Added by the RBOT-AFL WORM! |
| X |
P3p4chk |
P3p4chk.exe |
Added by the GEMA TROJAN! |
| X |
p4mx4 |
p4mx4.exe |
Added by the CRYPTER.A TROJAN! |
| X |
PaciSoft |
pacis.exe |
PacerD
Media/Pacimedia.com adware installer |
| ? |
Packard Bell EverSafe Tray
Control |
TrayControl.exe |
Packard Bell EverSafe software. What does it do, and is it required? |
| N |
PadTouch |
PadExe.exe |
Toshiba Touch and Launch -
offers easy movement and freedom of programs navigation with TouchPad |
| U |
Pagekeeper Jobs |
pkjobs.exe |
PageKeeper Jobs is a separate
PageKeeper program that handles the analysis of new documents and keeps track
of the location and content of current documents in PageKeeper. Pagekeeper
comes bundled with scanners such has HP, Microtek, etc |
| U |
Pagekeeper Lite |
pkjobs.exe |
PageKeeper Jobs is a separate
PageKeeper program that handles the analysis of new documents and keeps track
of the location and content of current documents in PageKeeper. Pagekeeper
comes bundled with scanners such has HP, Microtek, etc |
| X |
PAgent |
PAgent.exe |
Scans your hard drive for the popular P2P file-sharing
applications BearShare, Grokster, Kazaa, Limewire and Morpheus. After
searching the entire local filesystem for any files with those names it
connects to the DownloadWare servers and tells it what, if anything, is found |
| N |
Pagis Scheduler |
Monitor.exe |
Scheduler for the Pagis scanning
suite from Scansoft (now Nuance) |
| ? |
pagmstart |
client.exe |
?? |
| N |
Pagoo |
PAGOO.EXE |
Pagoo - internet call
waiting. Intercepts telephone calls like an answering machine and plays the
voice message on your PC. Only required when you're on-line and via dial-up
modem |
| X |
paint.exe |
shnlog.exe |
Added
by the PUPER-A TROJAN! |
| X |
PaintingRoom evidence monitor |
paintingroom.exe |
Paintingroom.com smiley software
- not recommended as the site tries to drop a trojan on you... |
| X |
PaintingRoom smile monitor |
paintingroom.exe |
Paintingroom.com smiley software
- not recommended as the site tries to drop a trojan on you... |
| N |
PAL Evidence Eliminator |
Cleaner.exe |
PAL Evidence
Eliminator - cover the tracks of your browsing habits and E-mails if you
think you need to. Run manually on a regular basis |
| N |
Palm Desktop |
Palm.exe |
Palm Desktop Software for use with Palm handheld devices.
Available via Start -> Programs |
| ? |
Palm MultiUser Config |
Configtool.exe |
MultiUser configuration for a
Palm PDA device?. Is it required? |
| N |
palmOne Registration |
register.exe |
Registration reminder for Palm products |
| X |
PalNetaware |
pnetaware.exe |
PalTalk adware - as included in
Morpheus |
| N |
PaltalkNetaware.exe |
PALNETAW~1.EXE |
Voice chat program. This program
stores all buddy list info apparently on the server itself so you never
lose your buddy list should you need to reinstall the program due for
whatever reason or even reformat. Available via Start -> Programs. Delete
the shortcut in Start -> Programs -> StartUp as well otherwise it will
be reinstated |
| U |
pamela.exe |
pamela.exe |
Pamela is a plug-in or add-on
that adds features to Skype peer to peer voice service |
| U |
Panasonic Communications Utility |
Mfpscdl.exe |
Port manager for Panasonic Panafax fax_machines |
| U |
Panasonic HotKey Manager |
HKEYAPP.EXE |
HotKey management for Panasonic
rugged mobile PCs |
| U |
Panda Antispam Server Service |
PasSrv.exe |
AntiSpam
software, part of Panda Platinum Internet Security |
| Y |
Panda Cleaner |
pavdr.exe |
Panda
software related - possibly Panda ActiveScan |
| Y |
Panda Preventium+ Service |
PREVSRV.EXE |
Panda
Antivirus |
| U |
Panda Scheduler |
pavsched.exe |
Panda
Antivirus scan scheduler. Required if this is your virus scanner program and
you have scans scheduled on a regular basis. I recommend that you scan
manually so you don't need this but if you tend to forget then leave it |
| X |
Panda Software Intrenet |
panda.pif |
Added by the RBOT-ATZ WORM! |
| X |
PandaAVEngine |
PandaAVEngine.exe |
Added by the NETSKY.R WORM! |
| U |
PandaScheduler |
pavsched.exe |
Panda
Antivirus scan scheduler. Required if this is your virus scanner program and
you have scans scheduled on a regular basis. I recommend that you scan
manually so you don't need this but if you tend to forget then leave it |
| U |
Pando |
Pando.exe |
"Pando is free software that lets you send and receive
files and folders of any size* with your existing email address" |
| X |
Pantera |
pantera.exe |
Added by the SDBOT.AYN WORM! |
| N |
Paperport |
runppdrv.exe |
Loads the drivers associated with monitoring scanner status
associated with PaperPort software. Can be a resource hog - see here |
| N |
PaperPort PTD |
pptd40nt.exe |
"PaperPort" software
associated with scanners |
| N |
PaperQuote System Tray Icon |
PQTRAY.EXE |
PaperQuote is a
"wallpaper" changer with daily quotes that are either for
inspiration or motivation |
| X |
Parallel Tasking |
ptask.exe |
Added by the SMALL-CJ TROJAN! |
| U |
ParetoLogic Anti-Spyware |
Pareto_AS.exe |
"ParetoLogic
Anti-Spyware delivers Active Protection in the form of real-time
blocking" |
| U |
PartSeal |
PartSeal.exe |
System backup for Sony Vaio PCs.
Adds a recovery mechanism for users over and above any System Restore
features - allowing users to revert a drive back to the state it was when
bought form the factory by hitting F10. The user obviously loses any data stored
if not backed-up elsewhere |
| N |
pas_check |
pasmon.exe |
SystemDoctor is a security risk that may give exaggerated
reports of threats on the computer. The program then prompts the user to
purchase a registered version of the software in order to remove the reported
threats |
| N |
PAS_Check |
udcpas.exe |
DriveCleaner is a security assesment tool which gives
exaggerated reports of security and privacy risks on a computer. The program
then prompts the user to purchase a registered version of the software in
order to remove the reported risks |
| U |
Password Door Loader |
PDMonitor.exe |
Password Door
- password protection software |
| U |
Password Tracker Deluxe |
PwTrkr.exe |
"Password Tracker Deluxe stores passwords and usernames
neatly and securely (encrypted) on your computer" |
| N |
PasteLister |
plister.exe |
PasteLister -
clipboard extender. Start manually when required |
| X |
Patch |
patch.exe |
Added by the NETBUS WORM! |
| X |
Patches Value |
WinGamed.exe |
Added by the SDBOT.BR WORM! |
| ? |
Path |
lide.exe |
?? |
| X |
pathname |
pathname.exe |
Added by the IRCCONTACT TROJAN! |
| ? |
PathNvidiaTV |
patchnvidiaTVout.exe |
Appears to be related to Nvidia
Gigabyte Video card. Typical file location is the Program FilesGigabyteNvidia
folder |
| X |
PAV.EXE |
%Number% |
Added by the KITRO.D (or
ARGEN.A) WORM! %Number% can be any number |
| Y |
PAV.EXE |
PAV.EXE |
PER Antivirus |
| Y |
PAVFIRES |
PavFires.exe |
Panda
Antivirus |
| Y |
PAVFNSVR |
PavFnSvr.exe |
Panda
Antivirus |
| Y |
Pavkre9x |
pavkre9x.exe |
Panda
Antivirus |
| Y |
PavProc |
PavPrS9x.exe |
Panda
Antivirus |
| Y |
PavProt |
PavProt.exe |
Panda
Antivirus |
| Y |
Pavprot9 |
Pavprot9.exe |
Panda
Antivirus |
| X |
PayTime |
paytime.exe |
Added by the STARTPA-YR TROJAN! |
| U |
pbagent |
pbagent.exe |
Probot keystroke logger/monitoring program - remove unless you
installed it yourself! |
| U |
PBKScheduler |
PBKScheduler.exe |
Scheduler for CyberLink PowerBackup - archiving/backup
utility |
| U |
PC Alert III |
alert.exe |
MSI PC Alert III - allows you to
view your system and cpu temperature, fan rpm and more. Only required if you
overclock |
| U |
PC Booster |
pcbooster.exe |
PC
Booster from inKline Global - "easy-to-use computer system optimizer
that gives your system the extra speed and stability you want while ensuring
that your computer is kept clean and in tip-top condition" |
| U |
PC Doc Pro - 3.1 |
pcdocpro.exe |
PC Doc Pro (now Win Doc Pro)
- system health check and fix utility |
| U |
PC Dynamics SdwMon32 |
sdwmon32.exe |
SafeHouse
"Personal Privacy" protects and hides your private and personal
photos, videos, files and folders by making them "invisible" and
encrypted |
| U |
PC Pitstop Optimize Scheduler |
PCPOptimize.exe |
PC Pitstop
Optimize - "an application that will make your PC run faster, make it
more stable, and clean up hard drive space" |
| U |
PC Spy Keylogger |
ToolKeylogger.exe |
PCSpyKeyLogger keystroke logger/monitoring program - remove
unless you installed it yourself! |
| X |
PC2X |
initial.bat |
Added by the DWNLDR-FZZ TROJAN! |
| U |
pcAnywhere Agent |
pcamgt.exe |
Part
of pcAnywhere 9.0 or later. This process listens for incoming PC Anywhere
connections if your PC is configured as a PC Anywhere host |
| Y |
PCBG |
PCBODYGUARD.EXE |
PC Bodyguard from
Calluna - protects system files and settings from being deleted, modified,
etc |
| Y |
PCBODYGUARD |
PCBODYGUARD.EXE |
PC Bodyguard from
Calluna - protects system files and settings from being deleted, modified,
etc |
| U |
PcBoost |
PcBoost.exe |
PCBoost from PGWARE, LLC increases computer performance by
allocating higher portions of CPU power to active applications and games |
| Y |
PCCClient.exe |
PCCClient.exe |
PC-Cillin 2002 antivirus
software |
| Y |
pccguide.exe |
pccguide.exe |
PC-Cillin 2002 antivirus
software |
| Y |
PCCIOMON.EXE |
PCCIOMON.EXE |
PC-Cillin 2000 antivirus
software. This is the actual virus-scanner |
| Y |
PCClient.exe |
PCClient.exe |
Trend Micro PC-Cillin Internet Security |
| X |
PC-Config32 |
corona.exe |
Added by the CORONEX.A WORM! |
| Y |
PccPfw |
PccPfw.exe |
Trend Micro PC-Cillin Internet Security |
| Y |
PcCtlCom |
Pcctlcom.exe |
Trend Micro PC-cillin Internet Security |
| N |
PCDRealtime |
realtime.exe |
Apparently the monitoring device
for PC Doctor Online. It provides a "free" examination on system
files (i.e. registry), reports the number of errors it finds, and invites you
to "order" the fee-based fixes from its web site |
| X |
PcEXPLODE |
specialfile.exe |
Added by the RBOT.RH WORM! |
| N |
PCHbutton |
PCHbutton.exe |
Used by HP Instant Support |
| N |
PCHealth |
pchschd.exe |
This is a "scheduler" and does not turn off PC
Health. For more information refer here |
| X |
PCHEasySearch |
STUpdate.exe |
PCH EasySearch bar |
| ? |
PCIMODEM |
pcimodem.exe |
Associated with Lucent based
Aztech MDP7800-U PCI modems. Is it required? |
| U |
PCLEPCI |
ppe.exe |
Pinnacle Systems PCI Performance Enhancer. "This tool
helps to increase the PCI Busmaster performance of all Pinnacle PCI
boards." |
| X |
PClK |
PClK.exe |
Added by the LEGMIR-BL TROJAN! |
| ? |
PCMCIA Resource Monitor |
nvp2pmon.exe |
NVIDIA nForce P2P Driver. What does it do and is it required? |
| U |
PCMMRealtime |
pcmm.exe |
PC MightyMax - diagnostic
program that identifies and fixes problems. However, some users report it
does the opposite and messes up their systems (see here) and they also have
problems removing it (see here) |
| U |
PCMService |
PCMService.exe |
Part of Cyberlink's Power Cinema. Commonly distributed with
the Dell MultiMedia software suite. It is used to watch movies, play music
and even watch TV in a central location |
| U |
PCPitStopEraser |
PCPitStopErase.exe |
"PC
PitStop Erase is both a free privacy scanner and paid tracks cleaner" |
| U |
PCPOptimize |
PCPOptimize.exe |
PC Pitstop
Optimize - "an application that will make your PC run faster, make it
more stable, and clean up hard drive space" |
| X |
PCprot |
crcss.exe |
Added by an unidentified WORM! |
| ? |
pcqmqgn.exe |
pcqmqgn.exe |
?? |
| U |
PCRecSA |
PCRecSA.exe |
Part of the IBM/XPoint Rapid
Restore backup utility. If you choose, you can use it to create a
"clean" backup of your hard drive. The process involves the
software partitioning your hard drive, making a compressed image of the
working drive which will then allow you to revert to that should you need to |
| X |
pcServer |
server.exe |
Ssppyy spyware |
| X |
PCShield |
regsvr32 [path] sfg_****.dll [*
= random char] |
SafeguardProtect/Veevo hijacker |
| N |
PCStart |
Pcm25.exe |
Runs as part of PCMonitor which is a program for monitoring
your activity on your system. It makes screen dumps and key logging. It can
hang-up your system because the screen dump page gets VERY big |
| N |
PCSuiteTrayApplication |
LaunchApplication.exe |
System Tray icon for Nokia PC
Suite. PC Suite lets you synchronize, edit, and back up many of your phone's
files on a compatible PC through a wireless or cable connection. PC Suite can
also be launched through Start Menu |
| N |
PCSuiteTrayApplication |
TrayApplication.exe |
System Tray icon for Nokia PC
Suite. PC Suite lets you synchronize, edit, and back up many of your phone's
files on a compatible PC through a wireless or cable connection. PC Suite can
also be launched through Start Menu |
| X |
Pcsv |
pcsvc.exe |
Delfin
Media Viewer or "Promulgate" adware |
| N |
PcSync |
PcSync.exe |
If a Nokia phone has been
connected, synchronises the phone with MS Outlook or other organiser
software. It is installed by the Nokia PC Suite, and the tray icon shows if a
phone has been connected. Available via a desktop shortcut or Start ->
Programs |
| X |
PcSync |
PcSync.exe |
Added by the RBOT-XJ WORM! Note
- do not confuse with the Nokia application described here |
| Y |
PCTAVApp |
PCTAV.exe |
Related to PC TOOLS
Antivirus software |
| U |
PcThrust |
PcThrust.exe |
PCThrust from SwiftDog -
"increases computer performance by allocating higher portions of CPU
power to active applications and games" |
| U |
pctspk |
pctspk.exe |
Used for modems based upon
PC-TEL chipsets. Normally used for some Voice and Speakerphone functions and
also for some Power management options. If you remove it you may not be able
to use any of those functions |
| U |
PCTVOICE |
pctvoice.exe |
The program PCTVoice is used by
the modem to interface with your computer and also used for some V.80
functions for Video Conferencing. if you uncheck it, it comes back. It's
better to leave it |
| U |
PCTVRemote |
remoterm.exe |
Controls the remote control on
some Pinnacle TV tuners |
| U |
PCWatch |
pcwatch.exe |
PCWatch surveillance software. Uninstall this software if you
did not install it yourself |
| X |
PDA Commander |
stisvc32.exe |
Added by the AGOBOT-TX WORM! |
| U |
PdaNet Desktop |
PdaNetPC.exe |
PdaNet from June Fabrics
Technology Inc. Use Windows Mobile Smartphone or PocketPC Phone as wireless
modem for your PC |
| X |
PDASCAN |
pdascan.exe |
Added by the AGOBOT-QY WORM! |
| U |
PDDM |
pddm.exe |
Patchlink
Update - "core product of the leading patch and vulnerability management
software solution for medium and large enterprise network security" |
| U |
PDEngine |
PDEngine.exe |
PerfectDisk
from Raxco - disk defragmenter. Only required if you schedule disk
defragmenting at re-boot |
| N |
pdexplo |
PDEXPLO.EXE |
PowerDesk Pro by PowerDesk Pro by Ontrack. Enhanced desktop
and file manager. Available via Start -> Programs |
| ? |
PDF Converter Registry
Controller |
RegistryController.exe |
Nuance (was
Scansoft) PDF Converter Registry Controller related - what does it do and is
it required? |
| U |
pdfFactory Dispatcher v1 |
fppdis1a.exe |
FinePrint
pdfFactory Dispatcher - background task which handles the creation of PDF
files when you print to the FinePrint pdfFactory printer. Version 1.x of the
software. "pdfFactory products offer a unique approach to PDF creation
that is simpler, more effective and less expensive than that offered by other
programs" |
| U |
pdfFactory Dispatcher v2 |
fppdis2a.exe |
FinePrint
pdfFactory Dispatcher - background task which handles the creation of PDF
files when you print to the FinePrint pdfFactory printer. Version 2.x of the
software. "pdfFactory products offer a unique approach to PDF creation
that is simpler, more effective and less expensive than that offered by other
programs" |
| U |
pdfFactory Pro Dispatcher v1 |
fppdis1.exe |
FinePrint pdfFactory Pro Dispatcher - background task which
handles the creation of PDF files when you print to the FinePrint pdfFactory
PRO printer. Version 1.x of the software. "pdfFactory products offer a
unique approach to PDF creation that is simpler, more effective and less
expensive than that offered by other programs" |
| U |
pdfFactory Pro Dispatcher v3 |
fppdis3a.exe |
FinePrint pdfFactory Pro Dispatcher - background task which
handles the creation of PDF files when you print to the FinePrint pdfFactory
Pro printer. Version 3.x of the software. "pdfFactory products offer a
unique approach to PDF creation that is simpler, more effective and less
expensive than that offered by other programs" |
| U |
pdfMachine dispatcher |
mapisnd.exe |
pdfMachine
Windows print driver |
| N |
pdfSaver3 |
pdfSaver3.exe |
PDF-XChange - create Adobe compatible PDF files from
virtually any Windows software such as MS Word, Excel, AutoCAD, MS Publisher
etc |
| N |
PDirect |
PDirect.exe |
IBM Presentation Director
software |
| U |
pdp Server |
ctpdpsrvr.exe |
Included and setup with the
drivers for my Compaq A3000 all-in-one printer/scanner - maybe for
networking. Works fine without it - but may be needed when used over a
network |
| U |
PDService.exe |
pdservice.exe |
Related to Utimaco Safeware Easy. "Your electronic safe
for protecting confidential data" |
| U |
PDVDServ |
PDVDServ.exe |
Remote
Control background application for Cyberlink's PowerDVD version 5 and above.
Enables you to use a remote control with your DVD drive if your drive came
with one. Not required if you don't have a remote control, or don't wish to
use one |
| N |
Pe2ckfnt SE |
chkfont.exe |
Used to check whether the fonts
are installed properly on your computer or not for a scanner. If you don't
want to execute it, you can uncheck it in the startup menu |
| X |
PECarlin |
PECarlin.exe |
Adware - see here |
| ? |
Peeramid |
PService.exe |
In a "Koptimizer"
folder in Program Files. What does it do and is it
required? |
| U |
PeerGuardian |
PeerGuardian_1.99b_pr14.exe |
PeerGuardian - IP blocker
for Windows. Used to protect privacy on P2P networks by blocking IP addresses
specified in blocklists. Features support for multiple lists, a list editor,
automatic blocklist updates, and blocking all of IPv4 (TCP, UDP, ICMP, etc) |
| U |
PeerGuardian |
pg2.exe |
PeerGuardian - IP blocker
for Windows. Used to protect privacy on P2P networks by blocking IP addresses
specified in blocklists. Features support for multiple lists, a list editor,
automatic blocklist updates, and blocking all of IPv4 (TCP, UDP, ICMP, etc) |
| U |
Pent@VALUE 3.2 |
Pent@VALUE.exe |
Pent@VALUE Digital Satellite
Internet PC Receiver |
| X |
PeqBL100 |
PEQBL100.exe |
Added by the ENVID.D WORM! |
| Y |
PER Email Protection |
pavmail.exe |
PER Antivirus |
| N |
PerfectPrint |
pfppop70.exe |
Print engine used by Corel
WordPerfect 7 and Presentations 7 |
| X |
PerfFont (Performance True Type
Font) |
perfont.exe |
Added by the MUTECH-E TROJAN! |
| U |
perfmon |
perfmon.vbs |
MindStorm AnalyzerPro from
Secure Associates. "A security management tool for customers easy to
manage report and analyze security events across heterogeneous security
devices" |
| X |
Perfomance Monitor |
davcsync.exe |
Added
by the LAMUD-A WORM! |
| X |
Perfomance Settings |
svchost.exe |
Added by the TOFGER-AP TROJAN!
Note - this is not the legitimate svchost.exe process which is always located
in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is found in the Winnt or Windows folder |
| X |
Performance |
MyHeart.exe |
Added
by the PESIN-D WORM! |
| X |
Performs peer to peer connection |
WinPTTP.exe |
Added by the RBOT-GMI WORM! |
| Y |
PersFw |
PersFw.exe |
Kerio or Tiny Personal Firewall |
| N |
Persistence |
igfxpers.exe |
Part of Intels Common User
Interface for chipsets with integrated graphics controllers - which allows
user to change different driver properties through Windows User Interface.
Not known exactly what it does but apparently it isn't required |
| X |
Personal Computer |
scvhost.exe |
Added by the RBOT-AJE WORM! |
| X |
Personal Firwall |
ptmedsrv.exe |
Added by the SDBOT.XY WORM! |
| U |
Pervasive.SQL Workgroup Engine |
W3dbsmgr.exe |
Database Service Manager for
Pervasive SQL 2000 Workgroup edition. Required if you use Pervasive SQL but
it's recommended you start it manually before using it as it has a tendancy
to crash/freeze if loaded with other applications at startup |
| U |
PestPatrol Control Center |
PPControl.exe |
PestPatrol
Control Terminal - utility that launched PestPatrol features such as
PPMemCheck and CookiePatrol before CA's acquisition |
| ? |
PestPatrolCL |
PestPatrolCL.exe |
PestPatrol's command line
scanner, combines with the Windows Task scheduler and is required in cases
where schedules for regular scanning are set |
| N |
PestTrap |
PestTrap.exe |
Spyware
remover - not recommended, see here |
| U |
Petit Larousse 2001 |
HIPL2000Popup.exe |
Popup dictionary tool |
| X |
Pex Sound Driver |
Today's Results.vbs |
Added
by the TRODE-A WORM! |
| X |
pex Sound driver 2 |
Today's Results.vbs |
Added
by the TRODE-A WORM! |
| ? |
PFW_CfgEngine |
PFWCFG~1.EXE |
Personal Firewall related? |
| ? |
PFW_PullSrv |
PULL.EXE |
Personal Firewall related? |
| X |
PgMonitr |
PgMonitr.exe |
Delfin Promulgate adware variant |
| Y |
PGPSDKSVC |
pgpsdkserv.exe |
PGPsdkServ.exe is the new SDK
service which is responsible for performing all PGP key management and
cryptographic functions. This functionality was moved into a service to allow
multiple modules simultaneous read/write access to the keyrings, among other
things. As you can imagine, it is necessary for PGPsdkServ to be running in
order to perform practically any PGP functionality |
| U |
PGPSERVICE |
pgpservice.exe |
PGPservice.exe has two main
purposes: (1) it handles a large part of the PGPnet functionality (along with
the PGPnet driver) and (2) it allows efficient access to the PGP preferences
database. The individual PGP modules normally access the preferences through
PGPservice, but they are capable of a "fall-back" mode where they
can handle such access on their own. Thus, if you are not running PGPnet, you
may not immediately notice much of a difference if you disable PGPservice. If
you are running PGPnet, you will notice a big difference |
| N |
PGPtray |
pgptray.exe |
PGP 7.x. Provides icon tray
shortcuts to PGP programs from Network Associates. Available via Start ->
Programs |
| X |
PGQL |
pgql.exe |
Added by the PQN TROJAN! |
| X |
PGStub.exe |
[various filenames] |
Unidentified adware |
| X |
pgtaff |
pgtaff.exe |
AdRotator adware variant |
| U |
phc700 |
vphc700.exe |
Related to the Philips SPC700NC web camera |
| Y |
PhiBtn |
PhiBtn.exe |
Snapshot and Launch button
application from Philips belonging to Philips SPC 900NC Camera |
| N |
Phime2002a |
TINTSETP.EXE |
Part of Microsoft's Input
Message Editor (IME) for translating Japanese/Chinese text in IE, Outlook and
Word |
| N |
PHIME2002ASync |
TINTSETP.EXE |
Part of Microsoft's Input
Message Editor (IME) for translating Japanese/Chinese text in IE, Outlook and
Word |
| X |
PHIME2004C |
CTFMDN.exe |
Added by the DLOADR-AMV TROJAN! |
| X |
PHIME2OO2ASyst |
[path to trojan] |
Added by the DBDOOR-B TROJAN! |
| U |
PhoneFree version 6.2 |
PHONEF??.EXE |
An Internet telephony
application. Complicated registration and ad banners tailored to your profile
- see here |
| N |
Photo Express Calendar Checker
SE |
CALCHECK.EXE |
If you create multiple
Weekly/Monthly/Yearly calendars to use as your wallpaper, Photo Express will
replace the wallpaper automatically. Photo Express 2.0 has a calendar checker
which checks the date on your system and updates your wallpaper accordingly |
| N |
Photo Loader supervisory |
Plauto.exe |
Casio's Photo Loader software.
Hook up your camera to the USB port, and it pops up and asks you if you want
to load your pictures |
| X |
Photoshop |
svchost.exe |
Added by the CDOPEN-E TROJAN!
Note - this is not the legitimate svchost.exe process which is always located
in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is located in the "Program Files"
folder |
| N |
PhotoShow Deluxe Media Manager |
mssysmgr.exe |
Simple Star
PhotoShow Deluxe photo editing and organizing software, makes it easy to send
and share digital photos. Bundled with software from Nero, ComCast, SnapFish,
MacroMedia and others |
| N |
PhotoWise QuickLink |
quicklnk.exe |
Agfa PhotoWise - "PhotoWise
QuickLinkTM lets you drag and drop photos right from the camera into your
document (applications must be OLE-compliant). Use PhotoWise to print contact
sheets and photographic prints. Create slide shows, screen savers, wallpaper
and more." |
| U |
PhraseExpress |
phrase.exe |
"PhraseExpress
organizes your frequently used text phrases and allows pasting them into any
application" |
| X |
PIC SYSTEM |
picx.exe |
Added by the MYTOB.LL WORM! |
| N |
Picasa Media Detector |
PicasaMediaDetector.exe |
Media detector for Picasa's automatic photo organizer |
| N |
PicasaNet |
Hello.exe |
Hello is an application
that allows Blogger users to post digital photos and captions directly to
their personal weblogs, or blogs |
| N |
Pickatag |
pickatag.exe |
Pick-a-tag - "freeware utility for random selection of
your taglines. This utility randomly picks a tagline out of a list of
taglines. It will create a signature file which your mailer can use to place
under your messages" |
| N |
PICPRTR |
PICPRTR.EXE |
Program for viewing and
measuring a variety of 3D CAD data formats |
| X |
picsvr |
picsvr.exe |
Delfin Promulgate adware |
| N |
pictureBUZZTray |
swtray.exe |
System Tray access to
PictureBUZZ on-line printing software from Streetwise Software. If you use
the software set the page you use as a favourite in your browser and run it
manually |
| U |
PiDunHK |
PIDUNHK.EXE |
Part of the Prodigy Internet
software - part of the dialer/DUN. Presumably needed for users of that
service otherwise you may not be able to connect, although you may try
creating your own shortcut and see what happens |
| X |
pigglett |
pigglett.exe |
Added by a variant of the SMALL.EP TROJAN! |
| U |
piiserviceOE |
N/A |
Spam Inspector (nee Postal
Inspector) from The Giant Company or iHateSpam from Sunbelt Software - spam
filter add-ons for OE |
| X |
pilif |
pilif.exe |
Added by the FILI WORM! |
| N |
Pinger |
pinger.exe |
Pinger is the resident program
for Toshiba updates. Periodically checks to see if there are any
software/driver upgrades for your particular computer model. If it finds any,
it posts a notification |
| X |
PingTimeout Institution |
internal.exe |
Added by the SDBOT.BMH WORM! |
| X |
PingTimeout Institution |
pingchek.exe |
Added by the SDBOT-VY WORM! |
| Y |
PinnacleDriverCheck |
PSDrvCheck.exe |
Part of Pinnacle Systems
InstantCD/DVD and InstantCopy CD/DVD copying software that verifies drive
settings. Once loaded it doesn't use any resources so you can leave it
enabled |
| N |
Piolet |
piolet.exe |
Piolet - peer-to-peer file sharing client |
| X |
PIPE SYSTEM |
pipe.exe |
Added by the MYTOB-FF WORM! |
| N |
Piracy |
SysUtil.exe |
Software
Piracy Alert feature bundled with PGWare software. Cries foul when it detects
an 'illegal' version. The alerts are reported to disappear as soon as the
software is correctly registered. There are privacy issues though: "The
Software includes a feature that assigns a unique order number to GameGain
based on purchase information. The Software reports this number to us via the
internet either when you run the Software or enter the registration number,
or both. The Software may also identify and report to us your IP address,
date and time of installation, registration and/or use. We use this
information strictly to count the number of installations, detect
unauthorized access or piracy of the Software, and develop rough statistical
data regarding the geographic location of our users" |
| N |
PivotSoftware |
wpctrl.exe |
PivotPro from Portrait
Studios - allows a screen to be rotated to match rotated LCD screens, for
example). Shortcut available via Display Properties |
| X |
Pixel32 |
Pixel32.exe |
Added by the GEMA TROJAN! |
| X |
Pixelpwr32 |
Pixelpwr32.exe |
Added by the GEMA TROJAN! |
| X |
Pixelsvr |
Pixelsvr.exe |
Added by the GEMA TROJAN! |
| U |
pjWebCam |
pjWebCam.exe |
Webcam automation software that
saves regular photos from webcam and can also act as HTTP server |
| X |
PK Guard |
pkguard32.exe |
Added by the GUAPIM WORM! |
| X |
PK Services |
pksvc.exe |
Added by the FORBOT-BW WORM! |
| U |
PktAnything |
PocketCompanion.exe |
PocketAnything
lets you save anything on your computer to your mobile, with one click |
| U |
Planlægningsagent |
mstask.exe |
Windows Task Scheduler (on
Danish language versions of Windows) - displayed as a box with a stopwatch in
the System Tray. Required if you have regularly scheduled tasks like
defragmenting, ScanDisk, weekly virus scans and so on |
| X |
Plasdll service |
[random filename] |
Added by a
variant of the SDBOT WORM! |
| X |
Playboy |
playavi.exe |
Added by the GAMANLOCK TROJAN! |
| U |
PLEAPCPUCPL |
pleapu.exe |
CPU Control Panel for the
Powerleap CPU upgrade |
| ? |
PLFFAP |
HotfixQ0306270.exe |
Prolific Technology Inc. USB
Flash Disk driver - is it required in startup? |
| N |
Plguni |
Plguni.exe |
McAfee
QuickClean 3.0 - removes internet clutter and unwanted programs |
| U |
plmg.exe |
plmg.exe |
Paragon Last Minute Bidder -
auction assistant software |
| ? |
PLoader |
umsd.exe |
USB Mass Storage Disk related
tray icon. Is it required? |
| X |
Plob |
kernel.com |
Added by the OPTIXPRO.12 TROJAN! |
| X |
Plook |
plook.exe |
AffiliateTarget.com alias PLook adware |
| U |
Pluck Tray |
PluckTray.exe |
RSS (XML TAGS) reader program |
| ? |
PluckSvr |
PluckUpdater.exe |
Pluck Toolbar updater |
| X |
Plug And Play |
msnmsg.exe |
Added
by the RBOT-ID WORM! |
| X |
Pluto! Pager |
srvhandle.exe |
Added by the REDPLUT VIRUS! |
| U |
PLXSTART |
PLXSTART.EXE |
Sets the spindown timeout and
access speeds at startup and displays the "Plextor Manager 2000"
splash screen for Plextor CD-RW. |
| N |
PLXTASK |
PLXTASK.EXE |
Taskbar utility for a
"control panel" for a Plextor CD-RW. Has MVP 2000 (audio CD
player), DiscDupe 2000 (self explanatory CD copying program) and AudioCapture
2000 (rips audio CDs into MP3 or WAV files) |
| X |
pm32ctrl |
pwr32crtl.exe |
Added by the CRYPTER.A TROJAN! |
| X |
pm32info |
pm32info.exe |
Added by the CRYPTER.A TROJAN! |
| X |
pmc |
764.exe |
Adult content dialler |
| X |
pmcqt |
pmcqt.exe |
Added by the DLUCA-V TROJAN! |
| X |
Pmedia |
winsrvc.exe |
Internet marketing sofware from
Permissioned Media Inc as used in E-Card FriendGreetings foistware - see
here. Treated by Trend as the FRIENDGRT.B WORM! |
| ? |
PmProxy |
PmProxy.exe |
Associated with Analog Devices
"SoundMAX" audio chipset - often built-in to motherboards. What does it do and is it required? |
| X |
pmr |
pmr.exe |
PowerStrip foistware. Note -
this is not the same as the video tweaking utility of the same name here |
| U |
PMT |
personalmoneytree.exe |
According to the web
site Personal Money Tree is an automatic cash rebate program. Note: Not
recommended |
| N |
PMTSHOOT |
pmtshoot.exe |
MS tool for troubleshooting
power management problems |
| U |
PMXInit |
pmxinit.exe |
Restores user display
preferences Kyro2 based graphics cards. Not required unless you change the
default settings - such as gamma |
| N |
PNAgent |
PNAgent.exe |
PhatNoise Music Manager - manages WMA, MP3, WAV, etc music
files |
| X |
PNP |
wuaaclt.exe |
Added by the LILBRE-A WORM! |
| X |
PnP Driver |
playboy.exe |
Added by the FORBOT-FR WORM! |
| X |
PNP FIX |
[worm filename] |
Added by the RBOT-AKQ WORM! |
| U |
Pnpchk |
Pnpchk.exe |
Aztech Labs Sound 3 PnP driver |
| X |
pnpsvc_lock |
******.exe [* = random digit] |
Browser hijacker |
| X |
pnpsvc_lock |
startsvs.exe |
Browser hijacker |
| U |
PNSetup |
PNSetup.exe |
PopNot - pop-up killer |
| X |
PNtask Services |
pntask.exe |
Added by the LALA.C TROJAN! |
| X |
pnvifj |
jusodl.exe |
Added by the QQPASS.48436 TROJAN! |
| U |
Pocket Sheet Sync |
PSXLTRAY.EXE |
Casio
Pocket Sheet synchronization software |
| X |
Poet |
Poet.exe |
Added by the DOEP.A WORM! |
| X |
Pofatch |
nstrue.exe |
Added by the RANDEX.Z WORM! |
| U |
point32 |
point32.exe |
Microsoft Intellipoint software
for their Intellimouse series of mice - required if you use non-standard
Windows driver features |
| U |
POINTER |
point32.exe |
Microsoft Intellipoint software
for their Intellimouse series of mice - required if you use non-standard
Windows driver features |
| X |
Points Manager |
points manager.exe |
Altnet TopSearch adware |
| X |
Pollon |
pollone.exe |
Added by the SPYBOT.FW WORM! |
| X |
polo.exe |
polo.exe |
Added by the AGENT-PE TROJAN! |
| X |
POP |
PopSrv***.exe |
PeopleonPage
foistware, bundled with Grokster where *** are random digits |
| X |
POP Manager |
popmgr.exe |
Added by the BCKDR-PYV TROJAN! |
| X |
pop06ap |
pop06ap2.exe |
MediaMotor adware |
| X |
pop06apelt |
thiselt.exe |
ZenoSearch adware |
| U |
pop3 Server |
config.cfg |
Part of
HTML2POP3 - "Convert Webmail to POP3.Is also included a SMTP/POP3
tunneling system that allow send and receive email in a private network HTTP
PROXY based. All connection are plugin based. Over 250 email server supported
and tested" |
| Y |
pop3trap.exe |
pop3trap.exe |
PC-Cillin 2000 antivirus
software -> E-mail scanner |
| X |
PopeSvr |
PopeSvr.exe |
Added by the LEGMIR-AJ TROJAN! |
| X |
PopMark |
WinTask.exe |
"Pop Marketing" adware |
| U |
PopNot |
PopNot.exe |
PopNot - pop-up killer |
| U |
PopOops |
PopOops.exe |
PopOops - pop-up
killer |
| U |
Popopen |
popopen.exe |
PopOpen makes your windows spring open with animation effects |
| Y |
Poproxy |
POPROXY.EXE |
Proxy E-mail protection from
Norton Anti-Virus (prior to 2002). If you have it installed, leave it enabled
to automatically check for suspect attachments in E-mails that may contain
viruses. It downloads the E-mail into poproxy, which serves as a proxy server
on the local machine, before scanning it |
| X |
popsrv146 |
popsrv146.exe |
AproposMedia adware |
| U |
PopSubtract |
PopSub.exe |
PopSubtract -
pop-up killer |
| U |
Popup Ad Filter |
PopFilter.exe |
Popup Ad Filter - pop-up killer |
| U |
Popup and Advertisement Killers |
adkillers.exe |
Added by the RBOT-DDH WORM! |
| X |
Popup Blocker System |
PopUpBlocker.exe |
Added by a variant of the RBOT WORM! |
| X |
Popup Blocker System326a
Monitoring |
PopUpBlocker6a.exe |
Added by the RBOT.AUH WORM! |
| X |
Popup Blocker System8 Monitoring |
PopUpBlocker8.exe |
Added by a variant of the RBOT WORM! |
| X |
Popup Blocker Updater |
regsvr32 [path] veev****.dll [*
= random char] |
SafeguardProtect/Veevo hijacker |
| U |
PopUp Buster+ |
popupbuster.exe |
PopUp Buster - free Pop-up
blocker |
| X |
Popup Defence Updater |
regsvr32 [path] pdf****.dll [* =
random char] |
SafeguardProtect/Veevo hijacker |
| U |
Popup Defender |
PD.exe |
Popup Defender - pop-up killer |
| U |
Pop-Up Smasher |
PopupSmasher.exe |
Pop-Up Smasher - pop-up
killer |
| U |
Pop-Up Stopper |
dpps2.exe |
Pop-Up
Stopper Companion from Panicware. Pop-up blocker integrated into the IE
toolbar. Note that the Pro version doesn't load in startup as it is installed
as an Internet Explorer toolbar. Can cause problems with IE if you use WinXP
and uninstall Service Pack 1. Uninstalling the software leaves it in the
startup group |
| U |
Popup Terminator |
GLADManager.exe |
Popup
Terminator - pop-up killer |
| U |
Pop-Up_Blocker |
Popup.exe |
A
Tweak-XP component, blocks advertisement pop-up windows in Internet Explorer.
Can be enabled/disabled via Tweak-XP -> Internet Tweaks |
| U |
Pop-Up_Scanner |
Popupscn.exe |
Panicware popup blocker |
| U |
PopupEliminator |
Popup Eliminator.exe |
Popup Eliminator -
pop-up killer |
| U |
PopUpKiller |
PopUpKiller.exe |
PopUpKiller
- pop-up killer |
| X |
popuppers |
newpop63.exe |
Medload adware |
| X |
popuppers64 |
a64sddd.exe |
Popuppers adware, also detected as the LOWZONE-AA TROJAN! |
| X |
popuppers65 |
[path to file] |
Medload adware |
| U |
PopUpStopperCompanion |
PSComp.exe |
PopupStopper
Companion popup blocker |
| U |
PopUpStopperFreeEdition |
PSFREE.EXE |
Panicware's
Pop-Up Stopper - free limited features version |
| U |
PopUpStopperProfessional |
PopUpStopperProfessional.exe |
Panicware's
Pop-Up Stopper - paid for version |
| U |
PopupVanish |
PopupVanish.exe |
Pop-up blocker |
| U |
PopUpWasher |
PopUpWasher.exe |
PopUpWasher
pop-up killer |
| N |
PopUpWatch |
PopUpWatch.exe |
BPS
spyware remover - not recommended, see here |
| ? |
POS-Partnerbatchprocessor |
BATCH.EXE |
VISA credit card batch
processing related to Appcon. Is it needed or can it be
started manually via Start -> Programs or a manually created shortcut? |
| N |
Post-It(r) Software |
Psnotes.exe |
Pop-up "yellow" notes
on screen. Available via Start -> Programs |
| U |
POW! |
pow.exe |
Pop-up killer |
| X |
Power Scan |
powerscan.exe |
Foistware by Integrated Search Technologies - the people
behind ISTBar adware |
| U |
Power_Gear |
BatteryLife.exe |
Power management for all Asus
notebook. Useful but not critical |
| U |
Power2GoExpress |
Power2GoExpress.exe |
Power2GoExpress - all media disc burning software |
| N |
PowerBar |
Powerbar.exe |
Part
of Cyberlink's PowerDVD software. Not sure what exactly it does, but not
required in startup |
| Y |
PowerChute |
Pwrchute.exe |
"During a power outage, if
you're not available to save your files & close down
Windows....PowerChute will do that for you. PowerChute will save your
application files, close your applications and shut down your computer just
like you would...otherwise, the APC UPS (Uninterruptible Power Supply) unit
would go to battery until it wore down, then your computer would
shutoff" |
| X |
PowerChute |
Pwrchute.exe |
Added by the LAZAR-A TROJAN! Note - this is located in the
Program FilesAPC_Power directory |
| U |
PowerDOCSAPIHost |
papihost.exe |
Hummingbird
PowerDOCS - "delivers powerful enterprise document management
functionality via a tightly integrated Microsoft WinNT/98/2K
environment" |
| N |
PowerDVD |
PowerDVD.exe |
Launches
Cyberlink's PowerDVD software and creates a system tray icon. If enabled,
PowerDVD will open automatically when a DVD movie is inserted. Launch
manually |
| U |
PowerKey |
PowerKey.exe |
Part of Acer Launch Manager - programmable keys on such
laptops as the TravelMate 610 |
| X |
PowerManagement |
Rundlll.exe |
Added by the SURDUX TROJAN! |
| X |
PowerManager |
Svchost.exe |
Added by the JEEFO VIRUS! Note -
this is not the legitimate svchost.exe process which is always located in the
System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure
in Msconfig/Startup! This file is found in the Winnt or Windows folder |
| Y |
PowerPanel |
POWPANEL.EXE |
Power management utility on
notebooks/laptops - automatically switches modes when running on battery |
| U |
PowerPanel Personal Edition User
Interaction |
pppeuser.exe |
CyberPower
PowerPanel Personal Edition UPS Monitoring & Control Software - "is
included with CyberPower's products. This exclusive software allows control
and monitoring of your UPS to provide protection for your computer system,
components, peripherals, and most importantly, your data" |
| X |
PowerPrifile |
rundl132 kenel.dll,
PowerProfileEnable |
Added by the INMOTA WORM! |
| U |
PowerPro |
powerpro.exe |
Part of the power professional
program that loads the floating menu bar. Can be accessed from Start ->
Programs, but I'd leave it alone if you use this program |
| X |
PowerProf |
PowerProf.exe |
Added by the LOREX.B TROJAN! |
| X |
PowerProfile |
mfcp30.exe |
Added by the RINDAS-A TROJAN! |
| N |
PowerQuest Startup Utility |
PQINIT.EXE |
From a visitor - "This
seems to be installed when you install Power Quest Partition Magic. I think
that it implements the changes when you use the magic mover app. If you don't
have any mappings set up, it does nothing (except waste bytes and cycles). I
disabled it using msconfig.exe with no problems" |
| ? |
POWERR~1 |
POWERR~1.exe |
Power monitoring? |
| N |
PowerReg Scheduler |
PowerReg Scheduler.exe |
PowerREGISTER
from Leadertech. Registration reminder as used by Iomega, Hasbro &
Microprose - amongst others |
| N |
PowerReg SchedulerV2 |
PowerReg SchedulerV2.exe |
PowerREGISTER
from Leadertech. Registration reminder as used by Iomega, Hasbro &
Microprose - amongst others |
| N |
PowerReg SchedulerV3 |
PowerReg SchedulerV3.exe |
PowerREGISTER
from Leadertech. Registration reminder as used by Iomega, Hasbro &
Microprose - amongst others |
| ? |
PowerS |
PowerS.exe |
ProlinkTest for either
their AGP graphics card or TV/FM capture card. Is it required? |
| ? |
PowerSet |
Regedit.exe /s
...PowerSet_8100_CU.REG |
Appears to be Toshiba power
management related |
| N |
PowerStrip |
powerstrip.exe |
PowerStrip is
a Video Mode Editor to allow special Refresh Rates and Tweaking of Video
Settings |
| N |
PowerStrip |
PSTRIP.EXE |
PowerStrip is
a Video Mode Editor to allow special Refresh Rates and Tweaking of Video
Settings |
| U |
PowerTools Tray Icon |
pttray.exe |
PowerTools
- add-on for AOL |
| U |
Powertweak |
PT2.EXE |
"Powertweak is
designed to configure your system in the best way. A processor, the core of
the system, or a chipset (a set of components that manage the data flows
between the different parts of the system) can be configured." This item
is added to startup if 'Use predefined settings' is enabled in the programs
options |
| U |
Powertweak |
PTCTRL.EXE |
"Powertweak is
designed to configure your system in the best way. A processor, the core of
the system, or a chipset (a set of components that manage the data flows
between the different parts of the system) can be configured." This item
is added to startup if 'Configure system at logon' is enabled in the programs
options |
| U |
PP Gamma |
ppgamma.exe |
Profile Prism
software that allows monitor calibration and can generate ICC profiles for
digital cameras |
| N |
PP****usb |
FBDirect.exe |
Software that monitors the
status of a Visioneer OneTouch scanner button and allows you to scan, fax,
copy, print, and easily communicate by simply dragging and dropping scans on
your PaperPort Desktop!. The **** represents the model, 5300, 7600, etc. Available
via Start -> Programs |
| U |
PP2000 Instaupdate |
PPInupdt.exe |
Protector Plus anti-virus
software - instant update program for virus data updates. Not required if you
regularly update virus data manually |
| Y |
PP2000 Real Time Scan |
PPVstop.exe |
Protector Plus anti-virus
software - real time scanner |
| Y |
PP2000 Taskbar Control |
PPTbc.exe |
Protector Plus anti-virus
software - system tray access |
| N |
PP3100b |
flatbed.exe |
Twain driver for the Visioneer
PaperPort 3100b scanner that allows you to scan, fax, copy, print, and easily
communicate by simply dragging and dropping scans on your PaperPort Desktop |
| U |
ppass |
Antispy.exe |
AntiSpy firewall - "program designed to combat against
various types of intrusion and monitoring programs currently in use or
presently being developed worldwide" |
| U |
PPControl |
PPControl.exe |
PestPatrol
Control Terminal - utility that launched PestPatrol features such as
PPMemCheck and CookiePatrol before CA's acquisition |
| U |
PPCRunonce |
PPCRunOnce.exe |
Related to PeoplePC ISP software - may display advertising,
see here |
| U |
PPHIDPAD |
pphidpad.exe |
PenPower Chinese handwriting recognition software |
| U |
PPK Setup(Server) |
SEServe.exe |
Programmable Power Key on Sony
Vaio laptops. "Using the Programmable Power Key (PPK) button, collect
your e-mail automatically with one key stroke. You can also program your PPK
to turn on your SuperSlim Notebook at a predetermined time and perform simple
tasks - completely unattended" |
| U |
PPMemCheck |
ppmemcheck.exe |
PPMemCheck -
used to be part of PestPatrol before CA's acquisition |
| X |
PPPOEO |
pingppac.exe |
Added by the SPYBOT.KHC WORM! |
| N |
PProTray |
pprotray.exe |
Part of the power professional
program. Loads the System Tray control |
| ? |
PPScheduler |
PPScheduler.exe |
Nuance (was ScanSoft)
PaperPort Scheduler - what does it do and is it required? |
| U |
PPSVC |
[path to file] |
PC Police surveillance software that logs keystrokes, files
looked at, applications used, and chats on either MSN, Yahoo, ICQ or AOL.
This information can then be transmitted to a remote user. Uninstall this
software if you did not install it yourself |
| U |
PPSYS |
ppsys.exe |
PC Police commercial keystroke logger. Uninstall this
software if you did not install it yourself |
| N |
pptd40nt |
pptd40nt.exe |
"PaperPort" software
associated with scanners |
| U |
PPUpdate |
ppupdater.exe |
PPUpdater -
updater that used to be part of PestPatrol before CA's acquisition |
| N |
PPWWebCap |
PPWebCap.exe |
"PaperPort" software
associated with scanners |
| X |
pqhelper |
pqhelper.exe |
Searchcentrix hijacker |
| U |
PractiSearch |
PSearch.exe |
PractiSearch web search
software |
| U |
Praize Messenger |
itLoad.exe |
Praize IM Christian chat
instant messenger |
| U |
Prayer |
PTW.EXE |
Islamic Adhan program (call
fpr daily prayers) |
| X |
prdtect |
prdtect.exe |
Prutect malware from e2Give - attempts to shut down or tamper
with a number of anti spyware applications, like Ad-Aware and SpyBot S&D.
Note - has been seen using alternative file names like prttect.exe,
prmtect.exe and so forth! |
| ? |
PreAnnotate |
PreAnntt.exe |
Genius Wizard Pen Tablet driver
related. Is it required? |
| N |
Precision Time Clock Checker |
PrecisionTime.exe |
Precision Time 2.0. Checks your
computer clock time against the Naval Observatory or some other source to
assure accurate time |
| X |
PrecisionTime |
PrecisionTime.exe |
PrecisionTime - clock
synchronizing software containg spyware by Claria/GAIN. Please note that
Claria Corporation no longer support GAIN-Supported software - see here |
| X |
precpop2 |
starter.exe |
PrecisionPop adware |
| X |
Prein |
APP****.tmp [* = random char or
digit] |
Unidentified adware |
| Y |
Preload |
Preload.exe |
Millenium Multi-Function
Keyboard driver |
| ? |
PreloadApp |
hphprld.exe |
HP PhotoSmart printers related. What does it do and is it required? |
| X |
Premeter |
nrpr.exe |
NetRatings Premeter spyware |
| X |
Premeter |
prmt.exe |
NetRatings Premeter spyware |
| X |
Preview AdService |
PrevAdServ.exe |
Windupdates adware variant |
| X |
PrevX |
prevx.exe |
Added by the IRCBOT-TF WORM!
Note - this worm is located in the System (Win9x/Me) or System32
(XP/WinNT/2K) directory and is not the PrevX Home intrusion prevention
software |
| Y |
PrevxHome |
SAGUI.exe |
PrevX Home intrusion prevention software |
| Y |
PrevxOne |
PXConsole.exe |
Prevx intrusion prevention software |
| Y |
PrevxPro |
SAGUI.exe |
PrevX Home intrusion prevention software |
| X |
prgtect |
prgtect.exe |
Prutect malware from e2Give - attempts to shut down or tamper
with a number of anti spyware applications, like Ad-Aware and SpyBot S&D.
Note - has been seen using alternative file names like prttect.exe,
prmtect.exe and so forth! |
| N |
Price Patrol |
neo.exe |
Price Patrol
by Half.com - internet shopping companion for finding the best on-line prices |
| ? |
PrimaLauncher |
Launcher.exe |
Associated with PrimaScan
scanners. Is it required? |
| U |
Primax 3D Mouse |
3dmoused.exe |
Enables the scroll button on the
Primax 3-D Scroll mouse |
| ? |
Primsta |
Primsta.exe |
Linksys Wireless CompactFlash
Card driver related. Is it required? |
| X |
Print Driver Helper Service |
crsrr.exe |
Added by the AGENT-BC TROJAN! |
| N |
Print Master Event Reminder |
PMremind.exe |
Print Master Gold - calander
feature that pops up reminders, such as birthdays |
| N |
Print Screen Deluxe |
psdeluxe.exe |
Utility allows "Print
Scrn" or "Print Screen" key to capture, print or save the
current window |
| X |
Print Services |
spolserv32.exe |
Added by the RBOT.ZP WORM! |
| X |
print sharing |
[path] hidden32.exe [path]
explorer.exe |
Added by the ZCREW.B TROJAN! Note - the legitimate Windows
Explorer (explorer.exe) is located in the Windows or Winnt folder and would
not normally appear in Msconfig/Startup unless you added it manually! |
| X |
print sharing |
start.bat |
Added
by the ZCREW TROJAN! |
| X |
Print Spooler |
spool.exe |
Added by the IS TROJAN! |
| X |
Print Spooler |
spools.exe |
Added
by the RBOT-LD WORM! |
| X |
Print Spooler |
Spoolsv.exe |
Added by the CIADOOR.B TROJAN! Note - "Spoolsv.exe"
is located in the Windows or Winnt directory, and not in System32, like the
legitimate Spoolsv.exe system file |
| X |
Print Spooler |
spoolsv32.exe |
Added by the RBOT.SW WORM! |
| X |
Print Spooler |
spoolsvc32.exe |
Added by the SDBOT.BB TROJAN! |
| X |
Printer |
[path to file] |
Added by the LOWTAPER TROJAN! |
| X |
Printer |
dipset.exe |
Added
by a variant of the FBSR TROJAN! |
| N |
Printer |
Spyassault.exe |
Spyware
remover - not recommended, see here |
| U |
printer |
SpyAssaultScanner.exe |
SpyAssault keystroke logger/monitoring program - remove unless
you installed it yourself! |
| N |
printer |
SpyAssaultScanner.exe |
Spyware
remover - not recommended, see here |
| X |
Printer |
vmmon32.exe |
Added by the RBOT-CSB WORM! |
| X |
Printer Monitor |
webprinter.exe |
Added by the IRCBOT-Z TROJAN! |
| X |
Printer Spool |
updater.exe |
Added by a variant of the RBOT WORM! |
| X |
Printer spool Service |
spool.exe |
Added
by the RBOT-ACP WORM! |
| X |
printer spooler |
commonaccess.exe |
Added by the DELF-LB TROJAN! |
| X |
Printer Spooler Subsystem |
spoolss.exe |
Added by a variant of the RBOT
WORM! - Note - this is NOT the legitimate Windows spoolss.exe process,
located in the Winnt/System32 or WindowsSystem32 folder, and which should NOT
figure in Msconfig/Startup! |
| ? |
Printer Update |
CFGREG.EXE |
Maybe a registration reminder or
automatically updates drivers or application software for a printer? |
| X |
PrinterSpool |
[path] RESTORE.EXE [path]
SPOOL.EXE |
Added by the ALADINZ.K TROJAN! |
| X |
Printing Driver |
msprint.exe |
Added by the RBOT.JH WORM! |
| N |
Printkey2000 |
printkey2000.exe |
Screen grabber that intercepts
the pressing of the Print Screen (Prn Scrn) key. Start manually when required |
| X |
PrintMngr |
system.exe |
Added by an unidentified TROJAN! |
| N |
printnow |
printnow.exe |
PrintNow
- a utility that primarily allows "Print Srceen" or "Alt+Print
Screen" screenshots to be sent directly to a printer |
| N |
PrinTray |
Printray.exe |
Lexmark/Compaq printer icon in
the System Tray for quick access. Not required - uncheck via Printer
configuration rather than MSCONFIG. See also LexmarkPrintray and
CompaqPrinTray |
| N |
PrintScreen |
UNWISE.EXE |
Gadwin PrintScreen
- utility to capture, print or save the current window |
| N |
Printscreen 95 |
PRT95MIN.EXE |
Printscreen 95 - utility
to capture, print or save the current window |
| X |
PrintSpoolSv |
System.exe |
Added by the BDOOR-S TROJAN! |
| U |
PRISMSTA.EXE |
PRISMSTA.EXE |
Creates a system tray icon for
accessing information about Intersil Prism Wireless Settings. Intersil
silicon is used by Trendware/Trendnet for example |
| U |
PRISMSVR |
PRISMSVR.EXE |
Configuration and settings
utility for PRISM chipset based wireless modems such as the 2Wire Wireless
Gateway (2701HG) and Siemens Gigaset USB Adapter |
| N |
Privacy Eraser Pro |
PrivacyEraser.exe |
Privacy Eraser Pro -
protects your Internet privacy by cleaning up all Internet history tracks and
past computer activities |
| U |
PrivacyKeyboard |
PrivacyKeyboard.exe |
PrivacyKeyboard
is a product "that can provide every computer with strong protection
against ALL types of keylogging programs and keylogging hardware devices,
both known and unknown, currently in use or presently being developed
worldwide" |
| X |
PrivacyScanner |
pscan.exe |
Privacy Champion, a stealth
installed 'Privacy Scanner'. It purportedly scans your PC for links to adult
content websites, and then offers to "clean" them. Produces loads
of False Positives as goad to purchase |
| X |
PrivateNet |
[various filenames] |
Premium rate adult content
dialler |
| U |
Privoxy |
privoxy.exe |
Privoxy - web proxy with advanced filtering capabilities for
protecting privacy, filtering web page content, managing cookies, controlling
access, and removing ads, banners, pop-ups and other obnoxious Internet junk |
| X |
PrizeSurfer |
prizesurfer.exe |
"PrizeSurfer is the free
software that automatically enters you to win cash and prizes just for
surfing the web and shopping online!" Stealth installed malware |
| X |
prjtect |
prjtect.exe |
Prutect malware from e2Give - attempts to shut down or tamper
with a number of anti spyware applications, like Ad-Aware and SpyBot S&D.
Note - has been seen using alternative file names like prttect.exe,
prmtect.exe and so forth! |
| X |
prktect |
prktect.exe |
Prutect malware from e2Give - attempts to shut down or tamper
with a number of anti spyware applications, like Ad-Aware and SpyBot S&D.
Note - has been seen using alternative file names like prttect.exe,
prmtect.exe and so forth! |
| X |
prltect |
prltect.exe |
Prutect malware from e2Give - attempts to shut down or tamper
with a number of anti spyware applications, like Ad-Aware and SpyBot S&D.
Note - has been seen using alternative file names like prttect.exe,
prmtect.exe and so forth! |
| X |
prmt |
prmt.exe |
NetRatings Premeter spyware |
| X |
prmtect |
prmtect.exe |
Prutect malware from e2Give - attempts to shut down or tamper
with a number of anti spyware applications, like Ad-Aware and SpyBot S&D.
Note - has been seen using alternative file names like prttect.exe,
prmtect.exe and so forth! |
| U |
PrnSys Executable |
PrnSys.exe |
Print screen utility bundled
with some HP printer software - not required, but your choice if you like
that feature |
| X |
pro |
[path to file] |
Added by the SPYWAD-F TROJAN! |
| X |
pro |
SpySheriff.exe |
Added by the SPYWAD-I TROJAN! |
| U |
Pro PCL Status Monitor |
PENGSS.EXE |
Xerox printer/fax/copier status
monitor (PCL = printer control language) |
| X |
ProAntiVirus |
ProAntiVirus.exe |
Added by the RBOT-FTP WORM! |
| ? |
ProArt |
ProArt.exe |
?? |
| X |
Proc992 |
[path to file] |
Added
by the IXBOT-C WORM! |
| X |
Proc993 |
wqxfne.exe |
Added
by the IXBOT-D WORM! |
| X |
process.exe |
process.exe |
Added by the BANCOS.P TROJAN! |
| U |
ProcessGovernor |
processgovernor.exe |
ProcessGuvernor "helps regulate the CPU load on a
computer running Microsoft Windows. It keeps single programs from hijacking
the computer's performance and effectively causing a freeze for several
minutes. ProcessGovernor automatically adjusts process priorities according
to a predefined ruleset" |
| U |
ProcessSupervisorGUI |
ProcessSupervisor.exe |
Process Supervisor "is a technology designed to
automatically configure and manage processes on one or more computers for the
goal of maintaining system stability and responsiveness, restricting
executables from running, and logging of program executions" |
| U |
ProcessTamer |
ProcessTamerTray.exe |
Mouser's Software Process Tamer "is a tiny (140k) and
super efficient utility for Microsoft Windows XP/2K/NT that runs in your
system tray and constantly monitors the cpu usage of other processes" |
| X |
procmon |
procmon.exe |
Added by the BIONET.40A TROJAN! |
| ? |
Prodigy DSL |
EnterNetDUN.Exe |
Prodigy EnterNet DUN PPPoE
Client - is it required? |
| N |
ProdikeysAutorun |
Prodload.exe |
Creative
Prodikeys software. "an interactive music entertainment device which not
only functions as a full-featured, ergonomic “QWERTY” keyboard but also comes
equipped with 37 touch-sensitive music keys and accessible music controls for
endless entertainment at your desktop. Coupled with the Sound Blaster audio
card, you can explore a wide array of realistic instrument sounds and have
non-stop fun making music right at your desktop" |
| N |
ProDsl |
ProDsl.exe |
Intel Pro/DSL 2100 modem
connection manager. Available via Start -> Programs |
| X |
Profile |
Profile.vbs |
Added by the WHITEHO VIRUS or
TRAPPY WORM! |
| X |
profiler |
liteout.exe |
Added by the ZAPCHAS-G WORM! |
| X |
profiler |
prof.exe |
Added by the ZAPCHAS-G WORM! |
| N |
Profiler |
Profiler.exe |
Enables the "Profiler" to be launched from a System
Tray icon for Saitek's game controllers. Available via Start -> Programs |
| X |
Prog |
csrss.exe |
Added by the WEBUS TROJAN! Note
- this is not the legitimate csrss.exe process, which should not appear in
Msconfig/Startup! |
| X |
Prog |
lsass.exe |
Added by the WEBUS.B TROJAN!
Note - this is not the legitimate lsass.exe process which is always located
in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is located in the System folder |
| X |
Program File |
Progmon.exe |
Added by the PEEPER TROJAN! |
| X |
Program in Windows |
iexplore.exe |
Added by the LOVGATE-W WORM!
Note - this is not the legitimate Internet Explorer (iexplore.exe) process,
which is always located in the Program FilesInternet Explorer folder and
should not normally figure in Msconfig/Startup unless you add it manually! This
file is located in the System32 folder |
| U |
Program Neighborhood Agent |
pnagent.exe |
Citrix Program Neighborhood Agent |
| ? |
ProgramWindow |
more comp.exe |
?? |
| N |
projselector |
projselector.exe |
Roxio Project Selector - can be
started manually |
| N |
Promon.exe |
promon.exe |
System Tray icon for Intel PRO
series ethernet adapters giving access to the diagnostic features |
| X |
PromulGate |
PgMonitr.exe |
Delfin Promulgate adware variant |
| N |
PRONoMgr.exe |
PRONoMgr.exe |
System Tray icon for Intel PRO
series ethernet adapters giving access to the diagnostic features |
| U |
PRONoMgrWired |
PRONoMgr.exe |
Intel's Pro 100 Ethernet card
manager |
| U |
Propel Accelerator |
PropelAC.exe |
Propel Internet Accelerator |
| U |
ProPort Startup |
ProPort.exe |
Proport is a port
monitor/protector. Monitors an infinite amount of ports for trojans and
nukes. Some additional features are auto connection-kill, and IP resolving |
| X |
ProSiteFinder |
prositefinder.exe |
180Solutions adware related |
| X |
Proteção de tela |
ssmaze.scr |
Added by the BANCBAN-FB TROJAN! |
| X |
protect |
protect.scr |
Added by the DLOADER-TQ TROJAN! |
| U |
Protect |
SHVRTF.EXE |
PC Angel takes a 5-second
snapshot of the current system registry each time the PC boots up. In the
event of a crash, PC ANGEL will retrieve everything up to the minute before
the crash or the last known stable registry |
| X |
Protected Storage |
RUNDLL32.EXE MSSIGN30.DLL
ondll_reg |
Added by the LOVGATE-W WORM! |
| X |
Protection |
[path] runtask.exe [path]
protection.exe |
Added by a variant of the
AGENT.3.AU TROJAN! |
| X |
Protection |
Firewall.exe |
Added by the ELIPTER.A or
ELIPTER.B WORMS! |
| X |
Protection |
IExplore .exe |
Added by the ELIPTER.D WORM!
Note - this is not the legitimate Internet Explorer (iexplore.exe) process as
there is a space before the ".exe" |
| X |
Protection |
Norton Internet Security.exe |
Added by the ELITPER.E WORM! |
| X |
Protection |
Protection.exe |
Added by the FEBELNECK-A WORM! |
| X |
ProtocolDiskChk |
ssrms.exe |
Added by the ML TROJAN! |
| X |
ProtocolDiskChk |
svcvlw32.exe |
Added by the STINX-Y TROJAN! |
| X |
ProtocolEventTsk |
csrwjd.exe |
Added by STINX-N TROJAN! |
| X |
Provan Security |
psecure.exe |
Added by the RBOT.BRV WORM! |
| Y |
proxim_orinoco_11abg |
orinoco.exe |
Proxim
ORiNOCO 11a/b/g PCI Card wireless configuration utility |
| N |
PROXOMITRON |
PROXOM~1.EXE |
HTML proxy |
| N |
PROXOMITRON |
PROXOMITRON.EXE |
HTML proxy |
| U |
ProxyWay |
proxyway.exe |
ProxyWay anonymous
proxy surfing software |
| U |
PRPCMonitor |
PRPCUI.exe |
Intel® SpeedStep™ interface.
This automatically detects whether a mobile PC is using battery or AC power.
When using battery power, SpeedStep scales the processor clock frequency and
voltage to reduce the power it needs by 40% |
| X |
prqtect |
prqtect.exe |
Prutect malware from e2Give - attempts to shut down or tamper
with a number of anti spyware applications, like Ad-Aware and SpyBot S&D.
Note - has been seen using alternative file names like prttect.exe,
prmtect.exe and so forth! |
| X |
prrtect |
prrtect.exe |
Prutect malware from e2Give - attempts to shut down or tamper
with a number of anti spyware applications, like Ad-Aware and SpyBot S&D.
Note - has been seen using alternative file names like prttect.exe,
prmtect.exe and so forth! |
| X |
prstect |
prstect.exe |
Prutect malware from e2Give - attempts to shut down or tamper
with a number of anti spyware applications, like Ad-Aware and SpyBot S&D.
Note - has been seen using alternative file names like prttect.exe,
prmtect.exe and so forth! |
| X |
prtcct |
prtcct.exe |
Prutect malware from e2Give - attempts to shut down or tamper
with a number of anti spyware applications, like Ad-Aware and SpyBot S&D.
Note - has been seen using alternative file names like prttect.exe,
prmtect.exe and so forth! |
| X |
prttect |
prttect.exe |
Prutect malware from e2Give - attempts to shut down or tamper
with a number of anti spyware applications, like Ad-Aware and SpyBot S&D.
Note - has been seen using alternative file names like prttect.exe,
prmtect.exe and so forth! |
| X |
PrU Async Service |
[path to worm] |
Added by the IRCBot-UG WORM! |
| X |
prutcct |
prutcct.exe |
Prutect malware from e2Give - attempts to shut down or tamper
with a number of anti spyware applications, like Ad-Aware and SpyBot S&D.
Note - has been seen using alternative file names like prttect.exe,
prmtect.exe and so forth! |
| X |
prutdct |
prutdct.exe |
Prutect malware from e2Give - attempts to shut down or tamper
with a number of anti spyware applications, like Ad-Aware and SpyBot S&D.
Note - has been seen using alternative file names like prttect.exe,
prmtect.exe and so forth! |
| X |
prutgct |
prutgct.exe |
Prutect malware from e2Give - attempts to shut down or tamper
with a number of anti spyware applications, like Ad-Aware and SpyBot S&D.
Note - has been seen using alternative file names like prttect.exe,
prmtect.exe and so forth! |
| X |
pruthct |
pruthct.exe |
Prutect malware from e2Give - attempts to shut down or tamper
with a number of anti spyware applications, like Ad-Aware and SpyBot S&D.
Note - has been seen using alternative file names like prttect.exe,
prmtect.exe and so forth! |
| X |
prutict |
prutict.exe |
Prutect malware from e2Give - attempts to shut down or tamper
with a number of anti spyware applications, like Ad-Aware and SpyBot S&D.
Note - has been seen using alternative file names like prttect.exe,
prmtect.exe and so forth! |
| X |
prutlct |
prutlct.exe |
Prutect malware from e2Give - attempts to shut down or tamper
with a number of anti spyware applications, like Ad-Aware and SpyBot S&D.
Note - has been seen using alternative file names like prttect.exe,
prmtect.exe and so forth! |
| X |
prutpct |
prutpct.exe |
Prutect malware from e2Give - attempts to shut down or tamper
with a number of anti spyware applications, like Ad-Aware and SpyBot S&D.
Note - has been seen using alternative file names like prttect.exe,
prmtect.exe and so forth! |
| X |
prutsct |
prutsct.exe |
Prutect malware from e2Give - attempts to shut down or tamper
with a number of anti spyware applications, like Ad-Aware and SpyBot S&D.
Note - has been seen using alternative file names like prttect.exe,
prmtect.exe and so forth! |
| X |
prvtect |
prvtect.exe |
Prutect malware from e2Give - attempts to shut down or tamper
with a number of anti spyware applications, like Ad-Aware and SpyBot S&D.
Note - has been seen using alternative file names like prttect.exe,
prmtect.exe and so forth! |
| X |
prxtect |
prxtect.exe |
Prutect malware from e2Give - attempts to shut down or tamper
with a number of anti spyware applications, like Ad-Aware and SpyBot S&D.
Note - has been seen using alternative file names like prttect.exe,
prmtect.exe and so forth! |
| X |
ps1 |
ps1.exe |
PacerD
Media/Pacimedia.com adware |
| U |
PS2 |
ps2.exe |
Multimedia Keyboard companion on
HP computers. If this is prevented from starting, then some keyboard
functionality will be lost. |
| X |
psaload32 |
psaload32.exe |
Added by the RBOT-ADL WORM! |
| X |
PSC main |
sttool32.exe |
Added by the OBFUSCATED.EV TROJAN! |
| X |
PSCastor |
PSCastor.exe |
Added by the PSCastor TROJAN! |
| X |
PSCMain |
pscmain2.exe |
Added by the OBFUSCATED.EV TROJAN! |
| X |
PSD Tools Channel |
ChannelUp.exe |
BuddyLinks adware |
| Y |
PSDrvCheck |
PSDrvCheck.exe |
Part of Pinnacle Systems
InstantCD/DVD and InstantCopy CD/DVD copying software that verifies drive
settings. Once loaded it doesn't use any resources so you can leave it
enabled |
| X |
PService |
svcnow32.exe |
Added by the SPYBOT-DJ TROJAN! |
| U |
PSFree |
PSFree.exe |
Pop-Up
Stopper Free from Panicware. Pop-up blocker integrated into the IE toolbar.
Note that the Pro version doesn't load in startup as it is installed as an
Internet Explorer toolbar. Can cause problems with IE if you use WinXP and
uninstall Service Pack 1. Uninstalling the software leaves it in the startup
group |
| X |
PSGuard |
PSGuard.exe |
Variant of the SmitFraud alias FAKEALE-C TROJAN! |
| X |
PSGuard spyware remover |
PSGuard.exe |
Variant of the SmitFraud alias FAKEALE-C TROJAN! |
| X |
pshower |
pshwr.exe |
SafeSurfing adware variant |
| Y |
PSIMSVC |
PSIMSVC.exe |
Panda
Antivirus |
| N |
PSIWin2.3 Connection Server |
Psconsv.exe |
Allows connectivity between a PC
and a Psion device. Access can be gained from the Desktop or Start ->
Programs |
| U |
pskl |
keyspy.exe |
KeyboardLogger keystroke logger/monitoring program - remove
unless you installed it yourself! |
| X |
PSLister |
PSLister.exe |
Added by PurityScan C adware |
| U |
PsMFCard |
PsMFCard.exe |
Component of the Toshiba
Controls. Provides power-saving functions for the PCMCIA slots. Through the
Power Save Mode Properties dialogue, the user can select from 3 PCMCIA power
options - On, Auto1 and Auto2. Disabling this item has no adverse effects, except
disabling the ability to reduce power consumption by powering-down the PCMCIA
slots when not in use |
| Y |
PSNotify |
psnotify.exe |
Pharos SignUp Vx - "PC reservation and management
application that addresses the PC scheduling needs of public libraries and
higher education labs and libraries" |
| X |
PSof1 |
PSof1.exe |
PacerD
Media/Pacimedia.com adware installer |
| X |
PSoft1 |
psoft1.exe |
PacerD
Media/Pacimedia.com adware installer |
| Y |
PsPCCard |
PsPCCard.EXE |
Background Power Saving task
found on Toshiba laptops and which handles turning Power Saving ON and OFF on
any inserted PC Card (PCMCIA card). Only ever disable if you do not use any
power saving or hibernation settings (ie: they are all OFF) |
| U |
PspContr |
pspcontr.exe |
Driver/controller for the
Philips SpeechMike 6174. As the Philips FreeSpeech application is no longer
supported it can be disabled but the Mike can still be used for certain
functions using this driver |
| Y |
PSQLLauncher |
launcher.exe |
IBM ThinkVantage Fingerprint Software |
| U |
PsSound |
PsSound.exe |
On a Toshiba laptop. Operates
your sound in one of 4 modes, off, on , on only with powerr, same as #3 but
longer delay |
| U |
pst |
memaker2.exe |
SpymodePCSpy surveillance software. Uninstall this software
unless you put it there yourself |
| ? |
PSTORES |
PSTORES.EXE |
Part of Windows Services
Protected Storage? |
| N |
ptfb |
ptfb.exe |
Push the
Freakin' Button - "When a dialog causes irritation, you simply tell PTFB
which button should be pressed, and it will handle the dialog in future" |
| ? |
Ptipbmf |
rundll32.exe ptipbmf.dll,
SetWriteCacheMode |
Installed with the miniport
drivers for Promise hard drive controllers in both RAID and non-RAID
installations. May be necessary in order to maintain
preferences applied to the RAID array connected to the Promise controller |
| U |
PtiuPbmd |
Rundll32.exe ptipbm.dll,
SetWriteBack |
Installed with the miniport
drivers for Promise hard drive controllers in both RAID and non-RAID
installations. Tells the drivers that the connected Drives should use the
"Write Back" Caching. You can disable this if you don't want to use
"Write Back" Caching or if you have not connected any driver to
your Promise Controller |
| X |
PTRGMYGK |
rundll32.exe ptmg1v.dll,
DllRunMain |
Added by an unidentified TROJAN,
WORM or other malware! |
| U |
PTRUN32 |
ptr32w.exe |
ParentTools surveillance software. Uninstall this software
unless you put it there yourself |
| U |
ptrun32 |
ptrun32.exe |
Parent Tools for AIM |
| N |
Ptsnoop |
Ptsnoop.exe |
These descriptions I've come
across - all valid as far as I can see :- (1) Program installed with some
modems that monitors the COM ports for the modem driver. Not required from
what I've read - may need a registry edit to get rid of it (2) Backdoor trojan
virus that copies itself as PTSNOOP.EXE -see here for more info(3) Apparently
the people who put it out claim it's a driver for a Voice modems (don't know
who they are though - Ed) Note: If using AOL and you disable this you may
lose your connection or lock up (4) Can also be an older Logitech scanner
program. Remove from the Win.ini tab under Load='path'PTSNOOP and the
System.ini tab under drivers='path'ptrtkr.drb. Can cause parallel port
conflicts big time dragging system resources way down when a conflict exists
(5) Allows audio monitoring of modem phone dialling tones and can be useful
if you have connection problems (6) Karen Kenworthy's Snooper - "logs
the start and stop time of all programs run under Windows" |
| U |
pttrun |
pttrun.exe |
Transmeta Crusoe processor
related. Reduces application launch times and makes the computer "more
responsive" |
| N |
PtUDFApp |
PtUDFApp.exe |
Sony abCD program, included on
the CD Xtreme install CD, used to format CD-RWs for packet writing (similar
to DirectCD). Available via Start -> Programs. Note that you must add a /T
switch to the command line to get it to load to the taskbar |
| U |
PUAC v2.0.7 |
Puac.exe |
"Peter's Ultimate
Alarm Clock" |
| X |
Public Microsoft ODBC |
ODBC32*.exe [* = random char] |
Added by the MASLAN.D WORM! |
| U |
pumcfgp |
proxycfg.exe |
"GuardWare
iShield blocks pornographic images when you surf the Internet on your
computer using a web browser" |
| N |
Pure Networks Port Magic |
PortAOL.exe |
Pure Networks
Port Magic, as available in the latest version of the AOL® 9.0 Optimized SE
software; automatically configures most in-home Internet gateways, improving
access and performance for applications such as instant messaging, online
gaming, and streaming music and video. See here |
| U |
Purgative |
PURGATIVE100.EXE |
AIM (AOL Instant Messenger) Ad
Remover Using Active Memory Edits instead of a patch/crack |
| X |
Purgatory |
Purga.exe |
Added by the PORGORY-B WORM! |
| N |
Push Client |
pull.exe |
Client software from
Interwise that MS use for their webcasts |
| N |
Push The Freakin' Button |
ptfb.exe |
Push the
Freakin' Button - "When a dialog causes irritation, you simply tell PTFB
which button should be pressed, and it will handle the dialog in future" |
| N |
PUSH6599 |
PUSH6599.EXE |
Scan button monitor for Relysis
Episode MF6599 USB scanner as you can start scanning manually via the
scanning software |
| X |
PutA!! |
PutA!!.exe |
Added by the OPASERV.L WORM! |
| X |
PutAS! |
PutA!!.com |
Added by the OPASERV.Z WORM! |
| X |
putil |
[filename] |
Added by the LDPINCH TROJAN! |
| U |
PV92TRAY |
PV92Tray.exe |
PCtel HSP V.92
modem configuration utility |
| X |
PVModule |
pvmodule.exe |
Adperform.com/adoptim.com
adware, file located in a Program FilesPrintView folder and detected by
AntiVir antivirus as TR/Dldr.Agent.alb. NOTE: the 'real' PrintView installs
in a C:CBR folder instead! |
| N |
PVR |
PVR.exe |
Pocket Voice Recorder -
freeware sound recorder that records from microphone and any other input line
available with your sound card |
| U |
PVUnInst1 |
PVUnInst1.exe |
Privacy View - privacy
software that ensures that all your private computer files, photos,
documents, and websites remain secure from prying eyes |
| X |
Pwr32ctr |
Pwr32ctr.exe |
Added by the GEMA TROJAN! |
| X |
Pwr32ctrl |
Pwr32ctrl.exe |
Added by the GEMA TROJAN! |
| X |
Pwr32mgt |
Pwr32mgt.exe |
Added by the GEMA TROJAN! |
| U |
PWRESET |
pwreset.exe |
Related to the Avaya IP Softphone |
| N |
PWRISOVM.EXE |
PWRISOVM.EXE |
PowerISO - a powerful CD/DVD
image file processing tool |
| Y |
PWRMGRTR |
PWRMGRTR.DLL |
Power
Manager - background monitor module for IBM ThinkPad laptops. Leave it alone
to ensure proper power management functions |
| Y |
Pwrmonit |
Rundll32 PwrMonit.dll |
IBM's proprietary 'battery
maximiser' and power monitoring software for laptops |
| X |
Pwroff |
Pwroff.exe |
Added by the GEMA TROJAN! |
| U |
Pwrsave |
Pwrsave.exe |
Toshiba Power Saver utilities.
Required on a laptop if you run of a battery and want to conserve power |
| ? |
Pwruplogin |
pulogin.exe |
?? |
| U |
PwrupTweakMe |
PUPXPTWK.EXE |
Ashampoo's PowerUp XP is a "tool for fine-tuning your
Windows NT4, 2000, 2003 Server and XP configuration". Boot-up options
won't work if disabled |
| U |
PWS Tray |
PwsTray.exe |
Microsoft's Personal Web Server,
an application which allows PCs to behave as web servers (allows you to test
your .asp pages on your own PC without having to load them onto the
internet). Available via Start -> Programs |
| N |
Q152404 |
wsript.exe Q152404.VBS |
Appears to run Scandisk at
bootup on NEC PCs |
| X |
q36i36O |
lms2cenu.exe |
Added by the SECONDTHOUGHT
VIRUS! |
| N |
QAGENT |
qagent.exe |
Quicken program is controlled by
a separate utility program called the Quicken Download Manager (also known as
Qagent). When Quicken Download Manager option is enabled, background
downloading takes advantage of unused bandwidth to download current financial
information anytime your computer is connected to the Internet |
| X |
qappsrvc32.exe |
qappsrvc32.exe |
Recognized by Kaspersky
antivirus as Trojan-Proxy.Win32.Webber.m |
| N |
QBCD autorun |
autorun.exe |
Quick Books CD |
| X |
qbkupdbs |
mqbkup.exe |
Added by the OPASERV.K WORM! |
| X |
qbotd |
[random filename] |
Added by the BOTTEN TROJAN! |
| ? |
qBrowse |
qbrowse.exe |
?? |
| X |
QBRSR |
QuickBrowser.exe |
top-banners.com adware |
| U |
Qchex Tray Icon |
Qchex.exe |
Related to G7 Productivity Systems Check Software |
| U |
QCTRAY |
Qctray.exe |
System Tray icon providing
access to the "IBM Access Connections" wizard on ThinkPad laptops
and also allows to change the network environment. Not the same as QCWLIcon,
which is pertinent only to the Wireless LAN |
| U |
QCWLICON |
Qcwlicon.exe |
Used by IBM Thinkpad laptops
with built-in wireless card (802.11). System Tray icon that provides a
shortcut to "Wireless Connection Status" and allows to turn WL on
and off |
| N |
QD FastAndSafe |
QDCSFS.exe |
Automatically runs Fast &
Safe clean-up from Norton/Quarterdeck Cleansweep. Deletes safe to remove
files such as Temporary Internet Files (cache). Recommended you run it
manually |
| U |
QDM |
QdmStart.exe |
QDM (QDI Desktop Manager) - part
of QDI ManageEasy for QDI's series of motherboards for monitoring PSU,
temperatures, BIOS information, etc. Only required if you overclock system
components and need to monitor temperatures, etc |
| U |
QDMStart |
QdmStart.exe |
QDM (QDI Desktop Manager) - part
of QDI ManageEasy for QDI's series of motherboards for monitoring PSU,
temperatures, BIOS information, etc. Only required if you overclock system
components and need to monitor temperatures, etc |
| ? |
Qdsafe |
?? |
?? |
| ? |
Qexplo |
Qexplo.exe |
?? |
| X |
qgqqft |
[path to Trojan] |
Added by the RANKY.T TROJAN! |
| Y |
QH Live Update Scheduler |
UPSCHD.EXE |
Quick
Heal Anti-Virus |
| Y |
QH Office 2K Check |
O2KCHECK.EXE |
Quick
Heal Anti-Virus MS Office documents virus checker |
| U |
QlbCtrl |
QlbCtrl.exe |
HP Quick Launch Buttons control center on their laptops |
| ? |
QMusic |
QMAgent.exe |
?? |
| N |
QNPlus |
QNPlus.exe |
Quick
Notes Plus by Conceptworld - sticky notes tool |
| U |
Qoeloader |
Qoeloader.exe |
Qurb 2.0 anti-spam tool for Outlook/Outlook Express. Required
when supporting OE but not for Outlook. Shortcut available via Start ->
Programs |
| U |
QPService |
QPService.exe |
HP QuickPlay - "brings your favorite music and movies to
life with the touch of a button" |
| X |
QQ |
sendmess.exe |
Added by the SEMES TROJAN! |
| X |
QQ.exe |
QQ.exe |
Added by a variant of the SDBOT
WORM! Note - this is not the Tencent QQ Asian instant messanger program and
resides in the Windows folder |
| X |
QQKAV |
scvhsot.exe |
Added by the QQROB.ARQ WORM! |
| X |
QQServer |
QQ.exe |
Added by the DOWNLDR-AN TROJAN! |
| X |
qservices |
qservice.exe |
Added by the PROGENT-A TROJAN! |
| N |
QSort2000 |
QSORT.EXE |
Utility that sorts your Start
menu and Favourites in alphanumerical order. Not required - at any time you
can right-click on these lists and choose "Sort by Name" |
| U |
QT4HPOT |
OneTouch.exe |
Hewlett Packard One Touch
keyboard driver. Required if you use the additional keys |
| U |
QTaskStartup |
qtask.exe |
Feature of Quicken.com Brokerage to customize and display
Desktop Alerts and icon. It is not required for the Quicken Program to run
correctly, it is only required for the Desktop Alerts feature |
| X |
QTime |
nrchk.exe |
Premium rate adult content
dialler |
| N |
QTSTUB.EXE |
Qtstub.exe |
Part of an old version of the
Quick Tax application. It enables Quick Tax Calendar Popup to show tax
calendar reminders |
| X |
QTSvc |
msocfg.exe |
Premium rate adult content
dialler |
| X |
QTSvc |
navchk.exe |
Premium rate adult content
dialler |
| X |
QTSvc |
shman.exe |
Premium rate adult content
dialler |
| X |
QTSvc |
ssvr.exe |
Premium rate adult content
dialler |
| N |
qttask |
Qttask.exe |
System Tray access to Apple's
"Quick Time" viewer from version 5 onwards |
| U |
QtVprMtx |
QTVPRMTX.EXE |
Multimedia
keyboard driver from Dritek System Inc |
| X |
Quantifier Security |
qsecue.exe |
Added by the SPYBOT.UOL WORM! |
| ? |
QUBCity |
qtp.exe |
?? |
| ? |
Queensla |
Queensla.exe |
?? |
| U |
Quick Controls |
Astrotoolbar.exe |
Gateway Astro Screen and Sound
Controls tray icon |
| U |
Quick Heal Firewall Pro |
qhfw.exe |
Quick Heal Firewall Pro |
| U |
Quick Heal Messenger |
QHM32.EXE |
Quick
Heal Anti-Virus Messenger - keeps you informed about the latest threats,
hoaxes etc |
| Y |
Quick Heal On-Line Protection |
Cateye.exe |
Quick Heal - virus
scanner |
| Y |
Quick Heal Startup Scan |
QHSTRT32.EXE |
Quick Heal - virus
scanner |
| N |
Quick Shelf xx |
qushelfxx.exe |
Places an icon in the system
tray for launching MS Bookshelf. Available via Start ->
Programs"xx" represents the version number - ie, 98, 99 |
| Y |
Quick Startup |
Fquick32.exe |
For a Nisis G6 USB Graphics
Tablet. Re-enables itself if disabled therefore best left alone |
| N |
Quick Time Task |
qttask.exe |
System Tray access to Apple's
"Quick Time" viewer from version 5 onwards |
| N |
Quick View Plus |
QVP32.EXE |
Quick View Plus from Inso
Corporation. Multiple file type viewer. Available via Start -> Programs |
| N |
QuickBooks Delivery Agent |
QBDAGENT.EXE |
As far QAGENT but for
QuickBooks. Can also have the version number in the name |
| N |
Quickbooks Update Agent |
qbupdate.exe |
Associated with Intuit's
Quickbooks but not required. Possibly to do with the payroll update service
but you're prompted to check for updates when appropriate whether this is
running or not |
| U |
QuickCamPro |
QuickCamPro.exe |
System Tray for Picture Capture
utility that can run unattended. Pictures every 30 seconds for example, auto
FTP Upload, etc |
| X |
quicken |
quicken.exe |
CoolWebSearch Therealsearch parasite variant |
| X |
quicken |
Waol.exe |
CoolWebSearch Therealsearch parasite variant |
| X |
quicken |
Winrar.exe |
CoolWebSearch Therealsearch
parasite variant. Note - this is not the file zipping utility also known as
WinRAR! |
| N |
Quicken Scheduled Updates |
bagent.exe |
Quicken background downloading
module |
| N |
Quicken Startup |
QWDLLS.EXE |
Quicken option to load DLLs at
startup |
| N |
QuickenSEMessage |
Qsemsg.exe |
Quicken option |
| N |
QuickFinder Scheduler |
QFSCHD100.exe |
Used in Corel 2002 & Corel
Suite 7 - finds files faster by indexing your files (similar to Microsoft's
Find Fast or Fast Search for its Office products) |
| N |
QuickFinder Scheduler |
QFSched.exe |
Used in Corel 2002 & Corel
Suite 7 - finds files faster by indexing your files (similar to Microsoft's
Find Fast or Fast Search for its Office products) |
| Y |
QuickLaunchEr |
QuickLaunchEr.Exe |
QuickLaunchEr - allows you to
quickly launch programs from an icon in the system tray |
| N |
Quicklink III |
QL.EXE |
HP fax program and only needs to
be in the start-up group if you allow your phone to automatically answer your
phone in fax mode, that is, to receive faxes after a certain number of rings.
Available via Start -> Programs |
| N |
Quicknote |
quicknote.exe |
JC&MB
Quicknote Virtual Scrapbook |
| U |
QuickPassword |
agquickp.exe |
Smart card-based authentication
and digital signature client software |
| N |
QuickRes |
QUICKRES.EXE |
Utility to quickly change
desktop resolution - left over from Win95 Power Toys. In Win98 and above
incorporated via Control Panel -> Display. Not required unless you have to
change resolutions on a regular basis |
| N |
quickset |
quickset.exe |
Dell taskbar icon allowing you
to quickly change settings |
| X |
Quicktime |
qttasks.exe |
Added by the ADCLICK-AK TROJAN! |
| X |
Quicktime |
shch.exe |
Added by a variant of the EB TROJAN! |
| X |
Quicktime Mediaplayer |
winmplyer32.exe |
Added
by the RBOT-PM WORM! |
| X |
Quicktime Mediaplayr |
wnmplyr.exe |
Added by a variant of the RBOT WORM! |
| X |
Quicktime Pro 3.0 |
winuodps.exe |
Added by the GAOBOT.BH WORM! |
| X |
Quicktime Task |
[random filename] |
Trafficadvance dialer |
| N |
QuickTime Task |
Qttask.exe |
System Tray access to Apple's
"Quick Time" viewer from version 5 onwards |
| X |
QuickTime Task |
qttasks.exe |
CoolWebSearch
parasite variant |
| N |
QuickTime Update Completion x |
quicktimeupdatehelper.exe |
Different numbers caused by
number of launches. So if 3 updates are made separately, 3 would appear (in
theory) |
| X |
QuicktimeMngr |
QUICKTIMEMNGR.EXE |
Added by the WOOTBOT.AW WORM! |
| X |
QuickTimeUpdate |
QuickUpdate.exe |
Added by the BIFROSE-CW TROJAN! |
| X |
Quicktlme |
ru.exe |
Adult content dialler |
| U |
QuickTV |
QuickTV.exe |
Infra-red remote control driver for the AVerTV Studio TV
tuner/personal video recoder from AVerMedia. Required if you use the remote
control |
| X |
Quickzip |
Ls.exe |
MsConnect browser hijacker and
dialler |
| X |
QuickZip |
lu.exe |
MsConnect browser hijacker and
dialler |
| N |
QuikShield |
qkshield.exe |
QuikShield popup blocker - reportedly stealth installed, see
here |
| N |
QuikSync |
QUIKSYNC.EXE |
Used by Iomega drives. Available
via Start -> Programs |
| X |
qwe |
qwe.exe |
Added by the LINEAGE-F TROJAN! |
| ? |
QWERTY |
qwerty.exe |
Possibly adult content related
adware |
| X |
qwertybot.exe |
qwertybot.exe |
Added by the AGENT.ALF TROJAN! |
| U |
QWS3270 Sessions |
sessions.exe |
QWS3270 Secure terminal
emulation software |
| X |
R |
[path] rundll32.exe msprt.dll |
Chinese originated browser
hijacker - redirecting to 4199.com |
| Y |
r_server |
r_server.exe |
Radmin
- remote admistrator server |
| X |
r_server |
service.exe |
Added by the MULTIDR-CP TROJAN! |
| X |
RA Server |
Slave.exe |
Added by the RA TROJAN! |
| X |
RabbitWannaHome |
rabbit.exe |
Added by the MIMAIL.S WORM! |
| Y |
Rabo Session Monitor |
RaboSessionMon.exe |
Related to RaboBank
electronic banking software |
| N |
RaConfig2500 |
RaConfig2500.exe |
RaLink wireless LAN
configuration utility |
| N |
RadarSync |
RadarSync.exe |
Radarsync utility comes from DFI
with their latest motherboards, e.g., DFI LanParty Ultra - checks for BIOS
and driver updates periodically |
| U |
RadBoot |
RadBoot.exe |
RadLinker - tweaker/linker for
ATI Radeon based graphics cards. It allows you easy access to per game
settings |
| U |
Radio365Agent |
Radio365TrayAgent.exe |
Radio365 - create
playlists and broadcast live straight from your PC! |
| U |
RadioSvr |
RadioSvr.EXE |
Used to configure wire less
networks. Windows automatically detects the Wireless network and it
configures the network |
| U |
RAID Event Monitor |
iaanotif.exe |
IAA Event
Monitor User Notification Tool - part of Intel® Application Accelerator -
"a performance software package for desktop PCs using select Intel®
chipsets" that "replaces the ATA drivers that come with Windows
with drivers optimized for desktop and mobile PCs." If you use the RAID
version it's required to notify you if a RAID 1 disk has failed |
| U |
RaidTool |
raid_tool.exe |
VIA V-RAID Tool - hard disk
striping/mirroring utility for increased performance and reliability |
| U |
Rainlendar |
Rainlendar.exe |
Rainlendar is a
customizable calendar that displays the current month |
| U |
Rainlendar2 |
Rainlendar2.exe |
Rainlendar is a
customizable calendar that displays the current month |
| U |
RAM Idle Professional |
RAM_XP.exe |
RAM Idle LE - "A smart
memory management program that will keep your computer running better,
faster, and longer. RAM Idle works by freeing up physical RAM wasted by
Windows and other applications. In addition, RAM Idle also includes Cache and
startup manager program that will give you more power to optimize your
Windows." MS MVPs (Most Valued Professional) recommend not using memory
managers with Win98/SE/ME. See this article and make up your own mind |
| U |
RAMASST |
RAMASST.exe |
Optionally installed with some
DVD drives (LG, Panasonic, etc). Disables Windows XP's CD-burning abilities
because they cause some incompatibilities. It does not affect your ability to
burn CDs. If you do not have this program running, you may have some compatibility
issues with burnt DVDs |
| X |
RamBooster2 |
rb.exe |
Added by the AKAK TROJAN! |
| U |
RAMDef |
ramdef.exe |
Ram Def Xtreme - monitors and
defragments your system RAM to improve reliability and speed. MS MVPs (Most
Valued Professional) recommend not using memory managers with Win98/SE/ME.
See this article and make up your own mind |
| U |
RAMDrive |
RDTask.exe |
Virtual
Hard Drive (Ram Drive) from Farstone - takes a portion of your system memory
(RAM) and uses it to simulate a hard disk drive |
| U |
RamIdle |
ramidle.exe |
RAM Idle LE - "A smart
memory management program that will keep your computer running better,
faster, and longer. RAM Idle works by freeing up physical RAM wasted by
Windows and other applications. In addition, RAM Idle also includes Cache and
startup manager program that will give you more power to optimize your
Windows." MS MVPs (Most Valued Professional) recommend not using memory
managers with Win98/SE/ME. See this article and make up your own mind |
| U |
RAMpage |
RAMpage.exe |
Small Windows utility that
displays the amount of available memory in an icon in the System Tray. It can
also free memory by double clicking the tray icon, or by setting a threshold
that activates the program automatically, or by having it run automatically
when an application exits. RAMpage is free, and open source |
| X |
Randex virus built for IRBMe |
irbme.exe |
Added by the RANDEX.RH WORM! |
| X |
random |
random.exe |
Added by the DLOADER-KM TROJAN! |
| X |
Random Interface Network |
rst.exe |
Added by the DELBOT-P WORM! |
| X |
Random Interface Network Manager |
rinsv.exe |
Added by the DELBOT-L WORM! |
| X |
Random Unique ID |
[worm filename] |
Added
by the XROVE-A WORM! |
| X |
RandomWin32 |
mgnwin32.exe |
Added by the SDBOT-DV WORM! |
| Y |
rant |
rant.exe |
Added
by the RBOT-ZB WORM! |
| Y |
RapApp |
RAPAPP.EXE |
Application
protection component of BlackICE PC Protection (was Defender) firewall,
informing you of any modifications to programs, files or folders and
detecting unknown programs trying to launch |
| X |
Rapdata |
ravsecs.exe |
Added by the QQPASS-V TROJAN! |
| X |
Rapdatae |
rabseuser.exe |
Added by the QQPASS-S TROJAN! |
| X |
Rapdatybs |
ravseteyns.exe |
Added by the PWS-ACP TROJAN! |
| U |
Rapid Restore |
rrpcsb.exe |
XPoint
"Rapid Restore PC" - a "Managed Recovery™ solution that
enables IT Administrators to protect the corporate image, while offloading
personal data backup and recovery chores to the end user" |
| X |
RapidBlaster |
rb32.exe |
RapidBlaster parasite.
Recommended you use RapidBlaster Killer to uninstall - see here |
| X |
Raptelnet |
ravspeger.exe |
Added by the QQPASS-AA TROJAN! |
| X |
Raptelt |
ravspegtl.exe |
Added by the QQPASS-AB TROJAN! |
| Y |
Raptor Mobile |
vpnservices.exe |
Symantec VPN Client used to
connect to corporate networks. If unchecked, must be uninstalled using
Add/Remove Programs as it tightly integrates into networking |
| X |
RasCon Remote Access Service
Manager |
rasmngr.exe |
Added by the SPYBOT.EM WORM! |
| X |
rasctrs |
rasctrs.exe |
Hijacker, also detected as the ADWAHECK TROJAN! |
| X |
Rase |
boln.exe |
PurityScan/Clickspring adware |
| X |
rasman |
rasman32.exe |
Added by the BCKDR-QGN TROJAN! |
| X |
RasMan.exe |
RasMan.exe |
Added by the FEUTEL-H TROJAN! |
| X |
rate.exe |
********.exe [* = random char] |
Unidentified adware |
| X |
rate.exe |
i11r54n4.exe |
Added by the BEAGLE.E WORM and variants! |
| ? |
rav_temp.exe |
rav_temp.exe |
?? |
| Y |
RAV8Tray |
ravtray8.exe |
RAV anti-virus
related |
| X |
RavAv |
AdobeR.exe |
Added by the RJUMP.D WORM! |
| X |
RavAv |
RavMon.exe |
Added by the BDOOR-DIJ TROJAN!
Note - this file is located in the %WinDir% directory, and must NOT be
confused with the legitimate RAV antivirus file of the same name! |
| X |
RavAv |
RavMonE.exe |
Added
by the RJUMPF-F WORM! |
| X |
RAVEN_VLZS.EXE |
RAVEN_VLZS.EXE |
DownloadReceiver
parasite - no longer in existence |
| Y |
RavMon |
RavMon.exe |
RAV AntiVirus |
| X |
ravshell |
expl0rer.exe |
Added by the DLOADER.MAR TROJAN! |
| X |
Ravshell |
explore3.exe |
Added by the PAKES.HZ TROJAN! |
| X |
Ravshell |
IEXPLORER.EXE |
Added by the AGENT.URZ TROJAN! |
| X |
Ravshell |
rund1132.exe |
Added by the AGENT.OKZ TROJAN! |
| X |
Ravshell |
svch0st.exe |
Added by the NSPM.PU TROJAN! |
| X |
ravtask |
rund1132.exe |
Added by the DLOADER.IYT TROJAN! |
| X |
ravtask |
svch0st.exe |
Added by the LINEAG-AIN TROJAN! |
| X |
RavTime |
Mstray.exe |
Added by the WUKILL.A WORM! |
| X |
RavTimer |
explores.exe |
Added by the HOMEY-A TROJAN! |
| X |
RavTimer |
RavTimer.exe |
RAV AntiVirus |
| X |
RavTimeXP |
[worm filename] |
Added by the WULLIK.B WORM! |
| X |
RavTimeXP |
Virus |
Added by the CAGER.A WORM! |
| X |
RavTimXP |
[worm filename] |
Added by the WULLIK.B WORM! |
| X |
RavUptets |
agetlke.exe |
Added by the QQPASS-AK TROJAN! |
| X |
RavUptkt |
agetlktz.exe |
Added by the QQPASS-AJ TROJAN! |
| X |
RavUptpe |
ravsesur.exe |
Added by the QQPASS-T TROJAN! |
| X |
RAX SYSTEM |
scrigz.exe |
Added by the MYTOB.KR WORM! |
| N |
Ray Process Killer |
Prkill.exe |
Ray Process Killer -
clicking right mouse button produces popup menu with current active tasks.
You can choose any task and click "Ok" to terminate it. Use
CTRL+ALT+DEL instead |
| U |
razer |
razerhid.exe |
Razer mouse driver |
| X |
rb32 lptt01 |
rb32.exe |
RapidBlaster variant (in a
"RapidBlaster" folder in Program Files). Recommended you use
RapidBlaster Killer to uninstall - see here |
| X |
rb32 ml097e |
rb32.exe |
RapidBlaster variant (in a
"RapidBlaster" folder in Program Files). Recommended you use
RapidBlaster Killer to uninstall - see here |
| X |
rbenh ml***e |
rbenh.exe |
RapidBlaster variant (in a
"RBEnhance" folder in Program Files) where *** represents random
digits. Recommended you use RapidBlaster Killer to uninstall - see here |
| X |
RBOT v2 with NetAPI exploit
traded with billgates I gave my mother Greetz - OG - Bluehell Irc Server |
glossary.exe |
Added by the VANEBOT-J WORM! |
| X |
Rcf Driver |
rcf.exe |
Added by the RANDEX.BLD WORM! |
| X |
rCron |
dservice.exe |
Switch premium rate adult
content dialer |
| X |
rCron |
rcron.exe |
"Switch" adult content dialler |
| U |
RCScheduleCheck |
RCSCHED.EXE |
Scheduler for VCOM's Recovery Commander - which "can
restore your non-booting system back to normal. It only takes a few minutes
to get your system back up and running" |
| X |
RCSync |
RCSync.exe |
PrizeSurfer related.
"PrizeSurfer is the free software that automatically enters you to win
cash and prizes just for surfing the web and shopping online!" Stealth
installed malware |
| U |
RCSystem |
DLLML.exe RCSystem |
Related to Creative DLL
Module Loader for the Sound Blaster X-Fi (and maybe others). This program is
non-essential process to the running of the system, but should not be
terminated unless suspected to be causing problems |
| U |
RDClient |
RDCLIENT.EXE |
Remote Disconnection
Utility from Twiga. Used for connecting and disconnecting dial up connections
on a network - only needed if there is a shared internet connection |
| X |
RDLL |
RunDll16.exe |
Added by the SDBOT.F TROJAN! |
| X |
rdvs |
[worm filename] |
Added by the ULTIMAX WORM! |
| X |
Reactor3 |
[random name]32.exe |
Added by the BOFRA.A WORM! |
| X |
Reactor5 |
[random name]32.exe |
Added by the BOFRA.D WORM! |
| X |
Reactor6 |
[random name]32.exe |
Added by the BOFRA.C WORM! |
| X |
Reactor7 |
[random name]32.exe |
Added by the BOFRA.B WORM! |
| X |
Reactor8 |
[random name]32.exe |
Added by the BOFRA.E WORM! |
| X |
Reactor9 |
[random name]32.exe |
Added by the BOFRA.E WORM! |
| X |
readdb40 |
rundll32.exe [path]
readdb40.dll, EnableRunDLL32 |
LZIO.com
adware downloader |
| N |
REAL |
realjbox.exe |
Real Jukebox - MP3 and music files player |
| X |
Real Internet Player |
Reaiplay.exe |
Added by a variant of the SPYBOT WORM! |
| X |
Real player updater |
realupd.exe |
Added by
the PARLAY TROJAN! |
| X |
real scheduler.hta |
RealAudio.exe |
Added by the CEEGAR TROJAN! Note
- this is not associated with the popular RealPlayer media player |
| U |
Real Spy Monitor |
Winrsm.exe |
Realspy keystroke logger/monitoring program - remove unless you
installed it yourself! |
| X |
Real Statics Agent |
ccreal.exe |
Added by a variant of the RBOT WORM! |
| X |
RealAudio |
RealAudio.exe |
Added by the CEEGAR TROJAN! Note
- this is not associated with the popular RealPlayer media player |
| X |
Realaudio Player |
realaudio32.exe |
Added by the AGOBOT.AFR WORM! |
| N |
RealDownload |
RealPlay.exe |
Download manager. Available via
Start -> Programs |
| X |
RealDownload Express |
npnzdad.exe |
Advertising spyware |
| N |
Reality Fusion GameCam SE |
RFTRay.exe |
Reality Fusion GameCam Video
Interaction Technology Software that comes with the Logitech QuickCam PC
video camera and other USB cameras. It's only an icon that appears on your
System Tray. Available via Start -> Programs |
| N |
RealJukeboxSystray |
tsystray.exe |
System Tray icon for RealJukebox |
| X |
realone_nt2003 |
moniker.exe |
Added by the SNONE.A WORM! |
| X |
RealP1ayer |
[path to file] |
Added by the RPLAY.A TROJAN! Note that the name has a number
"1" in place of the second lower case "L" |
| N |
realplay |
realplay.exe |
System Tray icon for RealPlayer.
If you subsequently start RealPlayer manually it adds itself back to the
start-up list. You can stop this from happening by right-clicking on the tray
icon and disabling StartCenter via Preferences |
| X |
realplay lptt01 |
realplay.exe |
RapidBlaster variant (in a
"RealPlay" folder in Program Files). Recommended you use
RapidBlaster Killer to uninstall - see here. Note - this is not RealPlayer
which can have the same executable name |
| X |
realplay ml097e |
realplay.exe |
RapidBlaster variant (in a
"RealPlay" folder in Program Files). Recommended you use
RapidBlaster Killer to uninstall - see here. Note - this is not RealPlayer
which can have the same executable name |
| X |
RealPlayer Ath Check |
rnathchk.exe |
Added by the MYTOB.AG WORM! |
| X |
Realplayer Codec Support |
realsched.exe |
Added by the AGOBOT-AAD WORM! Note - this is not the legitimate
RealOne Player (realsched.exe) application of the same name |
| X |
Realplayer One |
realplay.exe |
Added
by the RBOT-NK WORM! |
| X |
Realplayer.exe |
Realplayer.exe |
Added by the DELF.CNV TROJAN! |
| N |
RealPlayer2 |
MsgCenterExe |
RealNetworks RealPlayer related - disabling this application
will not affect Real Player in any way |
| X |
RealPlayerUpdater |
realupd32.exe |
Added by the LOHAV-T TROJAN! |
| ? |
Realpopup |
Realpopup.exe |
RealPopup - "Replaces
old winpopup with a full featured freeware tool which remains stable and
simple as its predecessor" |
| N |
Realsched |
realsched.exe |
Application Scheduler installed along with RealOne Player.
Runs independently of RealOne Player, to remind AutoUpdate and Message Center
to perform their tasks at pre-scheduled intervals. If it can't be disabled
try deleting or renaming realsched.exe and then delete the entry in the
registry |
| U |
RealSPEED |
RealSPEED.Exe |
RealSPEED - tweaking
utility to speed-up your internet connection |
| X |
Real-Tens |
Real-Tens.exe |
DownloadWare adware |
| U |
Realtime Audio Engine |
mmrtkrnl.exe |
Associated with ALCATech BPM Studio |
| Y |
Realtime Monitor |
realmon.exe |
Realtime scanner part of eTrust Antivirus/InoculateIT version
6 virus scanners from Computer Associates |
| ? |
RealTimeUpdate |
RealTimeUpdate.exe |
Product description in
properties is "InternetExplorerCommunicationAgent Module" ? |
| X |
realtpsk |
realsched.exe |
Chinese
originated adware - detected by Panda antivirus as NewWeb. Note - this is not
the legitimate RealOne Player (realsched.exe) application of the same name |
| N |
RealTray |
RealPlay.exe |
System Tray icon for RealPlayer.
If you subsequently start RealPlayer manually it adds itself back to the
start-up list. You can stop this from happening by right-clicking on the tray
icon and disabling StartCenter via Preferences |
| X |
RealUpdater |
realupd.exe |
Added by the PARLAY or
MITGLIEDER.I TROJANS! |
| X |
RebateNation0 |
RebateNation0.exe |
RebateNation adware |
| N |
Reboot |
Reboot.exe |
MS-DOS/Win3.1 utility use to
clean boot a system. Sometimes installed by default from some driver CDs for
motherboards |
| Y |
Recguard |
recguard.exe |
On HP computers, Recguard
prevents the deletion or corruption of the WinXP Recovery Partition. Without
it enabled, it is possible to knock that completely out and force the
customer to send the PC back to HP for a re-image, possibly at the customer's
expense |
| N |
Reclip |
reclip.exe |
Reclip Popup
Clipboard manager |
| X |
Recommended Hotfix -
{0421701D-CF13-4E70-ADF0-45A953E7CB8B} |
RH.DLL |
SmartPops search hijacker |
| N |
Recover |
N/A |
Added during the installation of
Comcast High Speed Internet software. During installation the system reboots
and if the disk is removed a screen appears asking for the disk to be
re-inserted to complete installation. Not required once installion is complete |
| X |
recover.bmp.exe |
Rundll.exe |
Added by the ANAFTP-01 TROJAN!
Note - this is NOT the Windows system file of the same name as described here |
| N |
RecoverFromReboo |
RECOVE~1.EXE |
Part of a DSL installer package
from SBC (probably SBC/Yahoo DSL). If the installation is botched, this entry
may be left in the registry |
| N |
RecoverFromReboo |
RecoverFromReboot.exe |
Part of a DSL installer package
from SBC (probably SBC/Yahoo DSL). If the installation is botched, this entry
may be left in the registry |
| N |
RecoverFromReboot |
RECOVE~1.EXE |
Part of a DSL installer package
from SBC (probably SBC/Yahoo DSL). If the installation is botched, this entry
may be left in the registry |
| N |
RecoverFromReboot |
RecoverFromReboot.exe |
Part of a DSL installer package
from SBC (probably SBC/Yahoo DSL). If the installation is botched, this entry
may be left in the registry |
| X |
Recoveru system |
svchast.exe |
Added by a variant of the LINEAGE-AV TROJAN! |
| X |
Recoveru systems |
svchost.exe |
Added by a variant of the SDBOT
WORM! Note - this is not the legitimate svchost.exe process which is always
located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not
normally figure in Msconfig/Startup! ! This file is located in the "temp"
folder |
| N |
RecShe |
RecSche.exe |
Recording scheduler for WatchTV
Capture Card (TV Tuner card) |
| X |
Recycle Bin Handler |
recycler.exe |
Added by the SHUCKBOT-A TROJAN! |
| X |
Recycle Bin Handler 2005 |
system.exe |
Added by the HO TROJAN! |
| X |
RecycleSTR |
msreg32.exe |
Added
by the RBOT-TC WORM! |
| N |
Red Flag |
redflag.exe |
PMS prediction program with
modes for guys and girls - no longer available |
| U |
Red Swoosh EDN Client |
RSEDNClient.exe |
Red Swoosh - mechanism used by
web sites to allow you to download files from those sites quicker and more
efficiently via P2P. Note from the license agreement they automatically
update the software, can download other published content that it feels may interest
you without your knowledge and share non-personally identifiable information
with others in the network - but you must agree to this when installing the
software |
| X |
redirect |
redirect*.exe |
Dotcomtoolbar/Linksummary
hijacker installer - where * is a random digit |
| N |
Redline Taskbar |
taskbar.exe |
Taskbar icon for the Redline
RegTweak overclocking program as supplied with Sapphire ATI graphics cards |
| X |
REEGRUN |
[path to file] |
Added by the SECDROP.AI TROJAN |
| X |
Reek 32 Server |
reek32.exe |
Added by the RANDEX.AL WORM! |
| U |
Referee |
referee.exe |
MediaComm's monitor for file association changes. Stop rogue
programs from screwing your settings either on installation or whenever they
run |
| N |
Refresh |
Refresh.exe |
(Iomega) Refresh - loads the
Iomega desktop icons at startup |
| X |
Reg |
Reg.hta |
Passon homepage hi-jacker |
| ? |
Reg Check |
lpt.exe |
Related to Supanet ISP software - what does it do and is it
required? |
| X |
reg run |
Systen.exe |
Added by the BANCOS-BS TROJAN! |
| X |
Reg Service |
ipcfg.exe |
Added by the AGOBOT-SO WORM! |
| X |
Reg Service |
NT32.exe |
Added by the AGOBOT.G TROJAN! |
| X |
Reg Service |
REGSRV32.EXE |
Added by the RBOT.ZW WORM! |
| X |
Reg Service |
WinnConfig.exe |
Added by the AGOBOT-PF WORM! |
| X |
Reg Service |
winslogon.exe |
Added by the AGOBOT-SC WORM! |
| X |
Reg Service |
winsy.exe |
Added by a variant of the SPYBOT WORM! |
| X |
Reg Services |
Winboot32.exe |
Added by the RBOT.PB WORM! |
| X |
reg_key |
FUKULAMER.exe |
Added by the BEAGLE.AH WORM! |
| X |
reg_key |
loader_name.exe |
Added by the BEAGLE.Y or
BEAGLE.Z or BEAGLE.AA WORMS! |
| X |
Reg_WFT |
Regsysw.com |
Added by the WILSEF VIRUS! |
| X |
Reg_WFT |
scanreg32.com |
Added by the SENNASPY-F TROJAN! |
| X |
reg1.reg |
vuamgard.exe |
Added by a variant of the IRC.BOT TROJAN! |
| U |
reg2.0 |
SVCH0ST.EXE |
eSpyNow surveillance software. Uninstall this software unless
you put it there yourself. Note - the filename has the digit 0 rather then
the uppercase "o" |
| X |
Reg32 |
Reg32.exe |
Hijacker - redirecting to
only-virgins.com |
| X |
reg32 |
reg32.exe |
Added by the NOUPDATE.B TROJAN! |
| X |
Reg32 |
reg33.exe |
CoolWebSearch parasite variant -
also detected as the STARTPA-M TROJAN! |
| X |
regcheck |
[path to file] |
Added by the SERVPAM TROJAN! |
| X |
Regcheck |
~CAB001.EXE |
Added by the CYBRSPY.13A or
CYBRSPY.13B TROJANS! |
| X |
RegCleaner |
SYSio32.exe |
Added by an unidentified VIRUS,
WORM or TROJAN! Note - do not confuse this with the popular RegCleaner
registry cleaner freeware |
| X |
RegCompres |
Regcpm32.exe |
Added by the POLDO.B TROJAN! |
| X |
RegCompres |
REGCPM32.EXE |
Added by the DASMIN-E TROJAN! |
| X |
Regcxdinaf |
REGCXDINAF.EXE |
Added by the BANCOS-BW TROJAN! |
| X |
Regcxn |
Regcxn.exe |
Added by the COIBOA-D TROJAN! |
| U |
regdefend |
regdefend.exe |
"RegDefend
is a configurable, kernel based registry protection system, designed to
intercept selected changes before they occur, thus also preventing malicious
software like viruses, trojans and worms from using the registry to their
advantage" |
| X |
RegDone |
services.exe |
Added by the NEVEG.B or NEVEG.C
WORMS! Note - this is not the legitimate services.exe process, which should
not appear in Msconfig/Startup! |
| X |
RegDone |
winlogon.exe |
Added by the NEVEG.A WORM! Note
- this is not the legitimate winlogon.exe process, which should not appear in
Msconfig/Startup! |
| X |
RegDone Ex |
csrss.exe |
Added by the WEBUS TROJAN! Note
- this is not the legitimate csrss.exe process, which should not appear in
Msconfig/Startup! |
| X |
RegDoneEx |
lsass.exe |
Added by the WEBUS.B TROJAN!
Note - this is not the legitimate lsass.exe process which is always located
in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is located in the System folder |
| X |
regedit |
autoexe.exe |
Added by a variant of the RBOT WORM! |
| X |
regedit |
regedit.exe |
Added by the BRID.A WORM! Note - this is not the valid
Windows registry editor which resides in Windows or Winnt and will not figure
in Msconfig/Startup! This version resides in the System (9x/Me) or System32
(NT/2K/XP) folder |
| X |
REGEDIT |
Regsrv32.com |
Added by the SOUTHGHOST WORM! |
| X |
regedit |
svchost.exe ccRegVfy |
Added by the HOTWORD.B TROJAN!
Note - this is not the legitimate svchost.exe process which should not
normally figure in Msconfig/Startup! |
| X |
RegEdit32 |
RegEdit32.exe |
Added by the VOUMIT-A WORM! Note - this is not the legitimate
regedit32.exe application which is always located in the System (9x/Me) or
System32 (NT/2K/XP) folder and should not normally figure in
Msconfig/Startup! This file is located in a "mirc32" folder |
| X |
Regexit |
runlli32.exe |
Added by the QQPASS-U TROJAN! |
| X |
Regexit |
Updadv.exe |
Added by the QQPASS-N TROJAN! |
| U |
RegFreeze |
regfreeze.exe |
RegFreeze
anti-spyware software |
| X |
reggsdg |
spoolserv.exe |
Added by the SDBOT-MS WORM! |
| U |
RegHelp |
svchosts.exe |
SpyGraphica spy software -
"Stealth monitoring of ALL PC or Network Activity with DVD-like
playback. EVERY keystroke can be e-mailed in a detailed activity report every
15 minutes...anywhere in the world." |
| ? |
reginfo32 |
reginfo32.exe |
?? |
| U |
REGIST~1 |
REGIST~1.EXE |
Part of the
OCR software TextBridge Pro 9.0 (and possibly earlier versions). Typically
used with imaging devices such as scanners and digital cameras for creating
text documents from images. This item will probably be displayed twice and
will re-instate itself whenever you start the main program so leave it - once
started it frees the memory it used. Its purpose and an explanation of how to
correct a problem it creates for "Send To" can be found here. Note
that you don't have to uninstall TextBridge for this fix to work and the
program works fine afterwards. Not used on later versions of the software -
hence the 'U' recommendation |
| X |
Register Manager |
RegistryManage.exe |
Added by the SDBOT.AYH WORM! |
| N |
Register MediaRing Talk |
register.exe |
If you don't want to register
MediaRing and be reminded about it every bootup disable it |
| ? |
Register SeqChk |
regsvr32.exe ..csseqchk.dll |
?? |
| U |
RegisterDropHandler |
REGIST~1.EXE |
Part of the
OCR software TextBridge Pro 9.0 (and possibly earlier versions). Typically
used with imaging devices such as scanners and digital cameras for creating
text documents from images. This item will probably be displayed twice and
will re-instate itself whenever you start the main program so leave it - once
started it frees the memory it used. Its purpose and an explanation of how to
correct a problem it creates for "Send To" can be found here. Note
that you don't have to uninstall TextBridge for this fix to work and the
program works fine afterwards. Not used on later versions of the software -
hence the 'U' recommendation |
| X |
Registration Service |
toker.exe |
Added by the SDBOT-BB WORM! |
| N |
Registration-Studio 8 |
RegTool.exe |
Registration for Pinnacle Studio Version 8 home video
software from Pinnacle Systems |
| U |
Registry |
class0117[random].exe |
Blackbox captures emails and chat logs, and monitors Internet
activity - remove if you didn't intentionally install it |
| X |
Registry |
wscript.exe [path]
ShakiraPics.jpg.vbs |
Added by the VBSWG.AQ WORM! |
| X |
Registry Checkup |
winreg.exe |
Added by an unidentified WORM or
TROJAN! |
| X |
Registry Checkup System326a
Monitor |
Winregs326a.exe |
Added by a
variant of the SDBOT WORM! |
| X |
Registry Integrity Checker |
regintmon.exe |
Added by a variant of the AGOBOT/GAOBOT WORM! |
| X |
Registry Integritycheck |
WCPDT.EXE |
Added by the AGOBOT-RF WORM! |
| X |
Registry Loader |
regloadr.exe |
Added by the GAOBOT.AO WORM! |
| X |
Registry Loader |
winhlpp32.exe |
Added by the GAOBOT.AO WORM! |
| X |
Registry oidet |
win32.exe |
Added by the RBOT.BMT WORM! |
| X |
Registry Protector |
regprotect.exe |
Added by the ARIVER.A WORM! |
| X |
Registry Scanner |
regscanr.exe |
Added by a variant of the OPTIX TROJAN! |
| X |
Registry Server |
regsrv32.exe |
Added
by the RBOT-GM WORM! |
| X |
Registry Service |
REGSRV32.EXE |
Added by a variant of the RBOT WORM! |
| X |
Registry Service |
resvs.exe |
Added by the DELBOT-I WORM! |
| X |
Registry Services |
Registry.exe |
Added by the CILE TROJAN! |
| X |
Registry Startup Check |
checkreg.exe |
Added by the REMLOAD-A or
DANMEC-B TROJANS! |
| X |
Registry System16 Checkup
Monitor |
SystemReg16.exe |
Added by a variant of the RBOT WORM! |
| X |
Registry System166 Checkup
Monitor |
SystemReg166.exe |
Added by a variant of the RBOT WORM! |
| X |
Registry Value Name |
roses.exe |
Added by the RBOT-AFT WORM! |
| X |
Registry Value Name |
service.exe |
Added by the RBOT-AHT WORM! |
| X |
Registry Value Name |
winapi32.exe |
Added by a variant of the RBOT WORM! |
| X |
Registry Value Name Start |
MsPMSPSa.exe |
Added by a
variant of the SDBOT WORM! |
| X |
RegistryCheck |
rundll32.exe chkreg.dll,
CheckRegistry |
Ulubione adult content dialer |
| X |
RegistryChk |
winbackup.exe |
Added by the MERTIAN WORM! |
| U |
RegistryMechanic |
RegMech.exe |
Registry
Mechanic - "you can safely clean and repair Windows registry problems
with a few simple mouse clicks! Problems with the Windows registry are a
common cause of Windows crashes and error messages" |
| X |
RegistryMonitor |
registry.pif |
Affilred adware |
| X |
Regkey for autostart |
winservice.exe |
Added
by the RBOT-NU WORM! |
| U |
RegKillTray |
RegKillTray.exe |
DVD
region killer part of CloneDVD from Elaborate Bytes AG. Copies the main
movie, Special Features and/or the original menu onto a DVD Recordable or
onto your harddisk |
| X |
Regmonitor |
regmaping.exe |
Added by the BEAGLE.DO WORM! |
| X |
REGMSYS |
[path to file] |
Added by the LOWZONE-AX TROJAN! |
| X |
RegMutex |
lexplore_.exe |
Added by the MSNOPT-A TROJAN! |
| N |
RegPowerClean |
RegPowerClean.exe |
RegistryPowerCleaner is a security risk that may give
exaggerated reports of errors in the registry of the compromised computer |
| Y |
RegProt |
Regprot.exe |
RegistryProt
from Diamond Computer Systems - protects the system registry against changes |
| X |
Regptmens |
REGPTMENS.EXE |
Added by the BANCOS-ED TROJAN! |
| X |
Regro |
rundll132.exe |
Added by the OKARAG TROJAN! |
| X |
REGRUN |
[path to trojan] |
Added by the LOWZONE-AH TROJAN! |
| X |
REGRUN |
dialer.exe |
Adware downloader - also
detected as a variant of the LOWZONES.BW or AGENT.RD TROJANS! |
| X |
RegRun |
mActiveX.exe |
Adware downloader - also
detected as a variant of the LOWZONES.BW or AGENT.RD TROJANS! |
| X |
REGRUN |
regeditt.exe |
Adware downloader - also
detected as a variant of the LOWZONES.BW or AGENT.RD TROJANS! |
| X |
REGRUN |
sory.exe |
Adware downloader - also
detected as a variant of the LOWZONES.BW or AGENT.RD TROJANS! |
| X |
REGRUN |
winfix22490.exe |
Adware downloader - also
detected as a variant of the LOWZONES.BW or AGENT.RD TROJANS! |
| U |
RegRun WinBait |
winbait.exe |
Part of RegRun - used to detect unknown viruses. RegRun compares
winbait.exe with the original copy called winbait.org and warns if the files
are different.. |
| Y |
Regrun2 |
WatchDog.exe |
Greatis Software's
RegRun 3 Security Suite which amongst other things replaces MSCONFIG. The
WatchDog check for registry changes caused by trojan's, viruses, etc |
| X |
REGRUNM |
autoprotect.exe |
Added by an unidentified WORM or
TROJAN! |
| X |
Regrx |
rundll32.exe |
Added by the WAYIC-A TROJAN!
Note - this is not the legitimate rundll32.exe process, which is found in the
Windows folder (98ME) or the System32 folder(NT2000XP). The file is located
in C:Windows |
| X |
RegScan |
DLLSRV32.EXE |
Added by the AGOBOT.AEW WORM! |
| X |
RegScan |
Regscan.exe |
Added by the TALEX TROJAN! |
| X |
Regscan |
regscanr.exe |
Added by the OPTIX-SE TROJAN! |
| ? |
RegServer |
regserve.exe |
Related to XGI Technology's Volari graphics cards - what does
it do and is it required? |
| X |
regservices.exe |
regservices.exe |
Added by an unidentified VIRUS,
WORM or TROJAN! |
| N |
RegShave |
regshave.exe |
Part of the USB driver for your
Fuji digital cameras - used when uninstalling the USB drivers, erasing all
entries from the registry. Only required BEFORE attempting to uninstall the
Fuji software or the uninstall may not work correctly |
| X |
regsrv |
regsrv.exe |
Added by the OPTIXPRO.11 TROJAN! |
| X |
regsrv |
scvhost.exe |
Added by the AGOBOT.E WORM! |
| X |
regsrvc |
regsrvc.exe |
Added by the STOPED-A TROJAN! |
| X |
Regsv |
regsv.exe |
Search hijacker - redirecting to
scheo.com |
| X |
Regsvc |
regsv.exe |
Added by an unidentified TROJAN! |
| X |
regsvc32 |
regsvc32.exe |
Homepage hijacker that changes
your homepage to an adult content site |
| X |
regsvr |
regsvr.exe |
Added by the WEBMONEY-G TROJAN! |
| X |
RegSvr32 |
msmsgs.exe |
Added by the ZLOB.B TROJAN! |
| U |
REGSVR32 |
regsvr32.exe ctasio.dll |
ASIO (Audio Stream In/Out) drivers for the SoundBlaster
Audigy 2 series soundcards - for recording and home project studios. Required
if you use this functionality |
| X |
regsync |
regsync.exe |
SafeSurfing adware |
| ? |
regtmlp |
N/A |
?? |
| U |
RegTweak |
RegTwk.exe |
Rage3d Tweak - ATI
Radeon tweaker which allows access to registry tweak options, custom display
modes, refresh rates and overclocking all through an easy to use interface |
| X |
RegVer |
REGVER.EXE |
Added by the LATINUS.16 TROJAN! |
| X |
RegVfy32 |
Regverif32.exe |
Added by the SYGYP.A WORM! |
| X |
RegWrite |
csrss.exe |
Added by the SOKACAPS TROJAN!
Note - this is not the legitimate csrss.exe process which is always located
in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is located in a WindowsMedia folder |
| Y |
Regx10EXE |
atix10.exe |
ATI
Remote Wonder™ - PC wireless remote control driver. Required if you use it |
| U |
ReleaseRAM |
RRAM.exe |
"Release RAM allows your
computer to run faster and uses your computer's RAM more efficiently".
MS MVPs (Most Valued Professional) recommend not using memory managers with
Win98/SE/ME. See this article and make up your own mind |
| X |
Reload |
reload.exe |
Added by the LAZAR TROJAN! |
| X |
reload |
reload.vbs |
Added by
the LOVELETTER.AS VIRUS! |
| N |
RemHelp |
Remhelp.exe |
BT Voyager ADSL Modem Help
related |
| N |
Remind_XP |
Remind_XP.exe |
HP-specific program that reminds
users to create System Recovery CDs. Once they use the Recovery CD Creator
(Start -> PC Help & Tools -> Recovery CD Creator) to make the
recovery CDs the entry will remove itself from the startup list |
| N |
Reminder |
Remind_XP.exe |
HP-specific program that reminds
users to create System Recovery CDs. Once they use the Recovery CD Creator
(Start -> PC Help & Tools -> Recovery CD Creator) to make the
recovery CDs the entry will remove itself from the startup list |
| N |
Reminder |
reminder.exe |
From MS Money. Reminds you of
your bills |
| N |
Reminder-cpqXXXXX |
remind32.exe |
Compaq printer Registration |
| N |
Reminder-hpcXXXXX |
remind32.exe |
HP CD-Writer Registration |
| N |
Reminder-ranXXXXX |
remind32.exe |
Registration reminder widget for
Rand Mcnally maps |
| N |
reminder-ScanSoft Product
Registration |
remind32.exe |
Registration reminder for
ScanSoft products such as PaperPort |
| U |
RemindMe |
RemindMe.exe |
Remind-Me - calendar
software |
| X |
Remndr |
CsRemnd.exe |
CasinoOnline foistware |
| U |
Remote |
Remote.exe |
Remote
Control driver for LifeView internal and external TV products |
| U |
Remote Access |
rnaapp.exe |
Dial-up networking application -
not normally found in the startup locations. It runs when you connect to the
net via this method (ie, analogue 56K modem) and terminates after the
connection is closed |
| X |
Remote Access Slave |
Synchost.exe |
Added by the RIPJAC TROJAN! |
| N |
Remote Control |
Rc.exe |
Hinet Hi-Five ISP software |
| N |
Remote Controller |
TVRMVCR.EXE |
ProLink PlayTVpro TV tuner software |
| U |
Remote Desktop Computing |
marspc.exe |
Marspc
Remote Desktop Computing |
| X |
Remote Desktop Help Session
Manager |
WinRDH.exe |
Added by a
variant of the SDBOT WORM! |
| U |
Remote Management Agent |
zenrc32.exe |
Part of
Novell's ZENworks - "Complete End-to-End Directory-enabled Network
Management". Installed on a managed workstation fo an administrator to
remotely manage the workstation. Required if the PC is a managed workstation |
| U |
remote master |
remote master.exe |
Required if you want your ASUS
Remote control to work at all. Available via Start -> Programs |
| X |
Remote Procedure Call |
winrpc.exe |
Added
by the RBOT-KM WORM! |
| X |
Remote Procedure Call |
winsysrpc.exe |
Added by the SDBOT-PS WORM! |
| X |
Remote Procedure Call For
Windows 32bit |
rpc.exe |
Added
by the RBOT-MD WORM! |
| X |
Remote Procedure Call Locator |
RUNDLL32.EXE reg678.dll
ondll_reg |
Added by a variant of the LOVGATE WORM! |
| X |
Remote Procedure Calls |
mswinc.exe |
Added
by the RBOT-IT WORM! |
| X |
Remote Procedure Calls |
mswinrpc.exe |
Added by the RBOT.KJ WORM! |
| X |
Remote Procedure Calls |
win.exe |
Added by the SDBOT-QI WORM! |
| Y |
Remote Update Monitor |
imonitor.exe |
Sophos Antivirus
Remote Update utility - provides an easy way for remote workers to keep up to
date with their virus protection via a website or network connection provided
by their employer |
| N |
Remote_Agent |
RemoteAgent.exe |
Cyberlink's Power VCR II 3.0
is a TV tuner recording utility. If you want to schedule recordings you'll
need this, otherwise can be disabled. Available via Start -> Programs |
| Y |
RemoteAgent |
RAUAgent.exe |
Trend
Micro's Office Scan Client, see here - "Its Web-based management console
gives administrators transparent access to desktop and mobile clients to
coordinate automatic deployment of security policies and software
updates" |
| U |
RemoteCenter |
RcMan.exe |
Remote
control for Creative MediaSource - plays back music in DVD-Audio, MP3, WMA,
WAV and other media formats |
| U |
RemoteControl |
PDVDServ.exe |
Remote
Control background application for Cyberlink's PowerDVD version 5 and above.
Enables you to use a remote control with your DVD drive if your drive came
with one. Not required if you don't have a remote control, or don't wish to
use one |
| U |
RemoteControl |
rmctrl.exe |
Remote
Control background application for Cyberlink's PowerDVD version 4 and above.
Enables you to use a remote control with your DVD drive if your drive came
with one. Not required if you don't have a remote control, or don't wish to
use one |
| X |
REMOVE ME |
windos.exe |
Added by the SDBOT.EE WORM! |
| N |
Removecpl |
Removecpl.exe |
Related to a Belkin 54Mbps
Wireless Utility Control Panel applet |
| X |
Removed.exe |
Removed.exe |
GatorCheat - adware downloader |
| ? |
RemStart |
remstart.exe |
Part of McAfee's Remote Desktop
32 Agent application. What does it do and is it required? |
| ? |
RenolB |
ib.exe |
?? |
| U |
Replay Center |
ReplayRadio.exe |
Replay Radio -
"makes it easy to automatically record your favorite radio shows, so you
can listen wherever and whenever you like" |
| U |
Replicator |
PTReplicator.exe |
Replicator
from Karen's powertools. "Automatically backup files, directories, even
entire drives!" |
| U |
RepliGo Assistant |
RepliGoMon.exe |
Cerience
RepliGo software - "any document you have on your PC can be transferred
to your mobile device" |
| U |
ReproPRD |
PrdUsb.exe |
Thrustmaster Corporation Presets
application - a game controller driver, presumably necessary for certain
functions to work |
| X |
requester |
requester.*.exe |
Added by a variant of the MUQUEST.A trojan - NOTE: the *
stands for a digit, examples: requester.5.exe, requester.10.exe |
| X |
Requester |
requester.11.exe |
Added by the MUQUEST TROJAN! |
| X |
Required Service Drivers |
micront.exe |
Added by the RBOT-ABD WORM! |
| X |
resagnt |
restun.exe |
Adware downloader,
identified by Panda antivirus as Trojan.Downloader.ALQ |
| X |
reseurce |
[path to trojan] |
Added by the LINEAGE-AI TROJAN! |
| X |
reseurce |
svchost.exe |
Added by the LINEAGE-FV TROJAN!
Note - this is not the legitimate svchost.exe process which is always located
in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is located in the Winnt or Windows
folder |
| N |
Resolution Assistant |
matcli.exe |
Dell Resolution Assistant.
"matcli.exe is a motive Assistant Command line interface that gathers
information about your system's identity like your name email address, city,
state, etc and gets written to a log file". Resolution Assistant is required
to run with the Help and Support program. If you uncheck Resolution Assistant
and and then run Help and Support it will add another Resolution Assistant in
the startup menu. If you remove the Resolution Assistant in the add/remove
program some help menus in help and support will not be available. You decide |
| N |
Resource Meter |
rsrcmtr.exe |
Windows Resource Meter.
Available via Start -> Programs. You may want this enabled if your PC is
suffering from crashes and want to know potential causes |
| ? |
Restart Watch |
Watch.exe |
Associated
with an Eicon Networks Diva ISDN or ADSL modem. What does it do and is it
required? |
| U |
Restart WSC Setting |
wscrestp.exe |
WinStart Commander - part of Ultra WinCleaner Utility Suite.
Starts Windows faster and controls hidden programs to boost performance and
prevent system slow downs and crashes |
| ? |
Restart_VS |
Viewsonic.exe |
Could be a left-over from the
installation of a Viewsonic flat panel display |
| U |
RestoreDesktop |
RestoreDesktop.exe |
Softwarium
Restore Desktop "is a Windows Context Menu addition that automatically
saves and restores the icons' positions on the Windows desktop after a
resolution change" |
| Y |
RestoreIT! |
VBPTASK.EXE |
RestoreIT!
from FarStone "allows you to recover instantly your files, system
configuration, and even your operating system, to any point in time prior to
the data loss or system failure" |
| X |
restory |
restory.exe |
Added by the RETSAM TROJAN! |
| U |
Resume Copy |
copyfstq.exe |
Part of Total Copy - an
improved version of the Windows copy function. Allows for resumption file
copies or moves in progress when computer was shut down. Not required if your
not using the program or don't care about that function |
| U |
ResumeFixClocks |
resumefix.exe |
Part of the
RadeonTweaker utility for overclocking ATI Radeon graphics cards |
| X |
retime |
retime.exe |
Added by the GIPMA TROJAN! |
| U |
RetrieverScheduler |
retrieverscheduler.exe |
80-20
Retriever from 80-20 - "80-20 Retriever is a powerful personal search
tool that encompasses email folders, archived email, and local or network
file systems, giving users one point of fast, accurate search for all
personal information". Real-time scheduler - shortcut available |
| U |
RetroExpress |
RetroExpress.exe |
EMC (was Dantz) Retrospect Express - backup software for
external hardware storage devices |
| U |
RevoTaskbarApp |
RevoTask.exe |
Control Application for M-Audio
Revolution 7.1 sound card. The sound card will function without it - but
changes to speaker setup and sound modification (Bass/Treble etc) will not be
available |
| N |
RexSyMon |
rexsymon.exe |
Intellisync
for REX sychronization software for Xircom REX MicroPDAs for sharing
information between the PDA and PC |
| X |
RF |
EC.exe |
Added by the LINEAGE-U TROJAN! |
| U |
rfagent |
rfagent.exe |
Registry
First Aid - scans the Windows registry for orphan file/folder references,
finds these files or folders on your drives that may have been moved from
their initial locations, and then corrects your registry entries to match the
located files or folders |
| X |
rforce |
EXP1ORER.EXE |
Added by the DROPPER.KN TROJAN!
Note the number "1" in the filename rather than letter
"L". It also drops another file named DEVICEMAP.SYS which is the
ROOTKIT.O TROJAN! |
| N |
RFTray |
RFTRay.exe |
Reality Fusion GameCam Video
Interaction Technology Software that comes with the Logitech QuickCam PC
video camera and other USB cameras. It's only an icon that appears on your
System Tray. Available via Start -> Programs |
| Y |
rfw |
Rfw.exe |
RAV AntiVirus |
| ? |
rfwydg |
rfwydg.exe |
?? |
| N |
RFX_auto_upgrade |
rundll32.exe npvpg005.dll |
A browser plugin
called the RichFX player. Here is a link to download RichFX's solution to
removing the auto upgrade |
| X |
Rg2catbd |
Rg2catbd.exe |
Added by a variant of the
BANLOAD family of TROJANS! |
| U |
RH |
rh32.exe |
EuroFonts - adds Euro symbols to
pre-Euro computers |
| X |
Rhino |
[random name]32.exe |
Added by the BOFRA.A WORM! |
| U |
RhinoBlocker |
RhinoBlocker.exe |
RhinoBlocker - pop-up
stopper |
| N |
RHPTray |
RHPTray.exe |
System tray access to Red
Hot Pawn - online chess |
| N |
RHSI SHS |
SHS.exe |
Rogers Hi-Speed Internet software. "Should you ever lose
access to your Rogers Hi-Speed Internet connection or e-mail, the
Self-Healing Software (SHS.exe) will automatically repair your settings to
get you up and running in a flash" |
| X |
RichMedia |
HBHelper.dll |
HenBang
adware |
| X |
RichMedia |
rundll32.exe [path] hbcast.dll,
WaitWindows |
Henbang adware variant |
| X |
richup |
richup.exe |
SafeSurfing adware |
| U |
RightFAX Print-to-Fax Driver |
FaxCtrl.exe |
Part of
RightFAX from Captaris - "the proven market leader in fax server and
document delivery software" |
| U |
Ring Central Fax |
rcenterrll.exe |
Only needed if you want a PC to
answer faxes automatically |
| X |
rIOphosIs |
rIOPHosIs.vBS |
Added by the RIOSYS MACRO! |
| N |
Riorad Manager |
riomgr.exe |
"Riorad
Explorer is hands-down the most advanced Windows software companion for your
Rio MP3 player" |
| U |
RivaTuner |
RivaTuner.exe |
RivaTuner for tweaking
nVidia graphics cards. Required if you make any changes |
| U |
RivaTunerStartupDaemon |
RivaTuner.exe |
RivaTuner for tweaking
nVidia graphics cards. Required if you make any changes |
| ? |
RjLyraInstaller |
setup.exe |
?? |
| X |
rmalt |
[random filename] |
Added by the CLICKER-CS TROJAN! Filenames spotted inlcude
Setup.exe, Keygen.exe, Keygen-Serial.exe, Photoshop.CS2.KeyGen.exe and more |
| U |
rmctrl |
rmctrl.exe |
Remote
Control background application for Cyberlink's PowerDVD version 4 and above.
Enables you to use a remote control with your DVD drive if your drive came
with one. Not required if you don't have a remote control, or don't wish to
use one |
| X |
rmdrfje.dll |
rundll32.exe [path] rmdrfje.dll |
Added by the DLOADR-ANM TROJAN! |
| N |
rmmon |
mprmmon.exe |
Resource Monitor for the now
defunct Chromatic Research MPact2 3DVD graphics card |
| ? |
RMremote |
RmRemote.exe |
Remote
control driver for REALmagic Xcard. Is it required? |
| X |
rn4d |
dirote.exe |
Added by the MAROON.A TROJAN! |
| U |
Rnaomflt |
naomf.exe |
Naomi internet filtering
software |
| X |
RNBc Test |
bvldv32.exe |
Added by the RBOT-AJF WORM! |
| X |
RNBc Test |
wf32vbs.exe |
Added by the RBOT-AGR WORM! |
| U |
RNBOStart |
sentstrt.exe |
Program used to initialise the
VxD virtual driver for Sentinel drivers associated with Rainbow H/W keys that
plug-in to the parallel port. These are usually supplied with workplace
design tools and restrict the use of the software only to the machine to which
the H/W key is connected. Required if you have such tools |
| X |
RNBz Test |
wf32vbc.exe |
Added by the RBOT-AEY WORM! |
| X |
RNDc Test |
wf32b.exe |
Added by a
variant of the SDBOT WORM! |
| ? |
rndll2 |
rndll2.exe |
May be related to the DivX
program as a *.dat file in the same directory had
"DivXPro505Bundle.exe" mentioned within? |
| X |
rngmf |
[path to trojan] |
Added by the RANKY.C TROJAN! |
| X |
Rnudll32 |
tadxtr.exe |
Added by the QQPASS-O TROJAN! |
| ? |
rnxqh |
rnxqh.exe |
?? |
| X |
Roam04 |
ActiveX.exe |
Added by the ROAMER-A TROJAN! |
| N |
RoboForm |
RoboTaskBarIcon.exe |
Roboform - password manager and
web form filler. Will work without this startup entry, as the
"active" component is an integrated Internet Explorer browser
plugin |
| N |
RoboFormWatcher |
RoboFormWatcher.exe |
Roboform from Siber Systems.
Automatically completes web forms. Available via Start -> Programs |
| U |
Rocket.Time |
RocketTime.exe |
Rocket.Time
- time synchronization software from Rocket Software |
| X |
Roflcopteur |
seman.exe |
Added by an unidentified WORM or
TROJAN! |
| ? |
roketpipe |
rpclient.exe |
?? |
| U |
Rollback |
RollbackTray.exe |
Added by
the RollBack Rx system restore program |
| X |
rollbk |
dsm.exe |
Added by the SERFLOG.B WORM! |
| X |
rollbk |
msmpatch.exe |
Added by the SERFLOG.B WORM! |
| X |
rollbk |
svosm.exe |
Added by the SERFLOG.B WORM! |
| X |
rollbk |
sysup.exe |
Added by the SERFLOG.B WORM! |
| X |
romahere |
matrixhere.exe |
SuperSpider hijacker - a
CoolWebSearch parasite variant |
| X |
romahere2 |
************.exe [* = random
char] |
SuperSpider hijacker - a
CoolWebSearch parasite variant. Also detected as the KREPPER-AE TROJAN! |
| X |
romahere3 |
************.exe [* = random
char] |
SuperSpider hijacker - a
CoolWebSearch parasite variant. Also detected as the KREPPER-AE TROJAN! |
| X |
Root_Machine |
[path to trojan] |
Added by the BANCBAN-DI TROJAN! |
| X |
ROOT_Machine |
winlogon.exe |
Added by the BANKER-FI TROJAN!
Note - this is not the legitimate winlogon.exe process, which should not
appear in Msconfig/Startup and is always located in the System32 folder. This
worm file is placed in the Windowsinf or Winntinf folder |
| ? |
ROUTD |
ROUTD.exe |
?? |
| N |
RoxAssist |
RoxAssist.exe |
Roxio Assistant is designed to
correct Engine Initialization errors. If Easy CD & DVD Creator's Engine
does not initialize, the applications in Easy CD & DVD Creator will not
recognize your recorder. After running this program you should receive the
message "Engine initialized successfully with full recorder
support". If you do not receive the message, update your Virus software
and then check and clean your system for viruses. After the removal of any
viruses, uninstall and then reinstall Easy CD & DVD Creator (use
"Add Remove Programs" in "Control Panel"). Can be run
manually |
| ? |
Roxio Engine |
MSMNGR32.EXE |
Not believed to be a valid Roxio program - more likely a
variant on the WOMANIZ.A TROJAN! |
| N |
RoxioAudioCentral |
RxMon.exe |
Part of Roxio EasyCD Creator 6.0
- places the Roxio AudioCentral icon in you system tray. "Includes a
player, media manager, ripper, tag and sound editor - integrated in a single
application". Not required for Roxio to work properly. |
| N |
RoxioDragToDisc |
DrgToDsc.exe |
Part of Roxio EasyCD Creator 6.0
- places the Roxio Drag-to-Disc icon in you system tray. "Easily drag
and drop files for burning to CD or DVD. Disc formatting and burning will
happen automatically". Not required for Roxio to work properly |
| Y |
RoxioEngineUtility |
EngUtil.exe |
Part of Roxio EasyCD Creator 6.0
- corrects any modification made to the Roxio Engine, it exits after checking |
| N |
RoxWatchTray |
RoxWatchTray.exe |
System Tray icon installed by
Roxio Easy Media Creator 8 and which allows you to configure your watched
folders or to turn the “Watched Folders” feature of Roxio ON or OFF |
| U |
RP32 |
rp32.exe |
Unicenter
Remote Control (was Remotely Possible) from Enterprise International for
remote control and access to Win9x/NT systems |
| X |
RPC |
MSschost.exe |
Added by a variant of the GAOBOT/AGOBOT WORM! |
| X |
RPC Patcher |
[path to worm] |
Added by the BOLGI WORM! |
| X |
RPC Service |
[random filename] |
Added by the AAD TROJAN! |
| X |
rpc Win32 |
shost32.exe |
Added
by the RBOT-ABL WORM! |
| X |
rpc Win32 |
spoolscv.exe |
Added by a variant of the RBOT WORM! |
| X |
rpcc |
rpcc.exe |
Added by the SPAMMIT-E TROJAN! |
| X |
rpcda Win32 |
rpcda.exe |
Added by the RBOT-AE WORM! |
| X |
RPCser32g |
services.exe |
Added by the RITDOOR-C WORM!
Note - this is not the legitimate services.exe process which is always
located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not
normally figure in Msconfig/Startup! This file is located in the Windows or
Winnt folder |
| X |
RPCserr32g |
winlogon.exe |
Added by the RITDOOR-B WORM!
Note - this is not the legitimate winlogon.exe process, which should not
appear in Msconfig/Startup and is always located in the System32 folder. This
file is placed in the Windows or Winnt folder |
| X |
RPCserv32 |
services.exe |
Added by the MYDOOM.AL WORM!
Note - this is not the legitimate services.exe process which is always
located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not
normally figure in Msconfig/Startup! This file is located in the Windows or
Winnt folder |
| X |
RPCserv32g |
CSRSS.EXE |
Added by the BOBAX.AD WORM! Note
- this is not the legitimate csrss.exe process which is always located in the
System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure
in Msconfig/Startup! This file is located in the Winnt or Windows folder |
| X |
RPCserv32g |
MSDEFR.EXE |
Added by the BOBAX.AD WORM! |
| X |
RPCserv32g |
NB32EXT2.EXE |
Added by the BOBAX.AD WORM! |
| X |
RPCserv32g |
services.exe |
Added by the BOBAX.AA WORM! Note
- this is not the legitimate services.exe process which is always located in
the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is located in the Windows or Winnt
folder |
| X |
RPCserv32g |
WINLOGON.EXE |
Added by the BOBAX.AD WORM! Note
- this is not the legitimate winlogon.exe process, which should not appear in
Msconfig/Startup and is always located in the System32 folder. This file is
placed in the Windows or Winnt folder |
| Y |
RPCSS.exe |
rpcss.exe |
Remote Procedure Call.
Required by windows for programs to communicate with each other on
networks/different machines. Originally for NT only but now installed with
Win98/98se. Under Win98/98se, a program may need it to communicate with other
components of itself. You could delete the program but if any abnormalities
occur soon after then reinstall. Under NT, deleting this critical system
component will disable the OS. For a more detailed explanation see here |
| X |
RpcxWindows Extensions |
rpcxwinex.exe |
Added by the RBOT.ACP WORM! |
| X |
Rr2 |
rundll32.exe |
Added by the LINEAG-ADI TROJAN!
Note - this is not the legitimate rundll32.exe process, which is found in the
Windows folder (98ME) or the System32 folder(NT2000XP). This file is located
in an "addins" sub-folder |
| X |
RRMedic |
rrmedic.exe |
Troubleshooting utility for
the RoadRunner cable internet service. Not required and you are advised to
completely uninstall it. Provides a lot of false alarms and gets a lot of
people panicking about there internet connection |
| U |
rscmpt |
rscmpt.exe |
Required on the GeFroce 64 meg MX card to show the full 64
meg memory and appears to be a software memory emulator running under the
Win2K - see here. High CPU useage results - hence the U status |
| X |
rsmb |
rsmb.exe |
Added
by the WAREZOV.C WORM! |
| U |
rsMenu |
rsMenu.exe |
Synchronizes a Casio PDA with MS
Outlook |
| X |
RSPC Driver |
[random filename].exe |
Added
by the RBOT-SN WORM! |
| X |
RSPC Driver D |
[random filename] |
Added by a variant of the RBOT WORM! |
| ? |
RSRCMTZ |
RSRCMTZ.exe |
?? |
| X |
RSS |
rundll32 RSSToolbar.dll,
DllRunMain |
"Related Sites"
toolbar - SearchAndClick hijacker variant |
| U |
RssReader |
RssReader.exe |
RssReader - a free RSS
reader able to display any RSS and Atom news feed (XML) |
| X |
RSync |
netsync.exe |
SafeSurfing adware |
| N |
rtasks |
rtasks.exe |
WinAntiVirus
Pro 2007 virus software - not recommended, see here |
| U |
rtcdll |
rtcdll.exe |
RTCDLL is "Real Time
Communication" and is associated with Windows Messenger (the IM
application, not messenger service). It is only necessary if you use Windows
Messenger. Most people use MSN Messenger instead, so it is not required in
those cases |
| U |
RTHDCPL |
RTHDCPL.EXE |
Realtek HD Audio Sound Effect
Manager |
| U |
RtHDVCpl |
RtHDVCpl.exe |
High definition audio codec
driver from Realtek Semiconductor |
| N |
RtlMon.exe |
RtlMon.exe |
Monitor for RealTek network card |
| Y |
RTMonitor |
RTMonitor.exe |
Cheyenne (now eTrust) antivirus |
| X |
rtos |
rtos.exe |
IRC trojan |
| ? |
RTStartMute |
N/A |
?? |
| Y |
rtvscn95 |
RTVSCN95.EXE |
Real-time virus scanner
component of Norton Anti-Virus Corporate Edition |
| U |
RtWLan |
RtWLan.exe |
Configuration utility for the Netgear WG111 54 Mbps Wireless
USB 2.0 Adapter that "provides wireless access to your desktop or
notebook PC through the computer's USB port" |
| X |
Ruby13 |
Ruby13.exe |
Added by the MEXER.E WORM! |
| X |
Ruby14 |
Ruby14.exe |
Added by the FIGHTRUB-A WORM! |
| X |
ruin |
system32.exe |
Added
by the DELF-JM TROJAN! |
| U |
RuLaunch |
RuLaunch.exe |
Instant Updater for McAfee's
VirusScan, Internet Security, Quick Clean, Uninstaller and Firewall products.
In the case of VirusScan leave it enabled unless you update manually on a
regular basis |
| X |
run |
[path] rundll32.exe rsrc.dll |
Browser hijacker of Chinese
origin, redirecting to 4199.com |
| X |
run |
Autoexec.com |
Added by the HOLCAS.A WORM! |
| X |
Run |
help.exe |
Identified as the DELF.LF by
Ewido Security Suite |
| X |
run |
inetinfo.exe |
Added by the BINGHE TROJAN! |
| X |
Run Msn Messenger |
msnmgr.exe |
Added by the AGOBOT.HA WORM! |
| X |
Run MSupdt32 |
wscript MSupdt32.vbs |
Added by the CASER WORM! |
| U |
Run Nintendo Wi-Fi USB Connector
Registration Tool |
NintendoWFCReg.exe |
Related
to Wi-Fi USB Connector from Nintendo |
| U |
Run POPFile in background |
perl.exe |
POPFile - E-mail spam
blocker |
| U |
Run POPFile in background |
wperl.exe |
POPFile - E-mail spam
blocker |
| X |
Run Services as Application |
localsvc.exe |
Added by the DLOADER-NY TROJAN! |
| X |
Run Services as Application |
netsvc.exe |
Added by the DLOADER-NY TROJAN! |
| X |
Run Services as Application |
spoolsvc.exe |
Added by the DLOADER-NY TROJAN! |
| X |
Run Services as Application |
svcadmin.exe |
Added by the DLOADER-NY TROJAN! |
| X |
Run Services as Application |
svcman.exe |
Added by the DLOADER-NY TROJAN! |
| X |
Run Services as Application |
svcrun.exe |
Added by the DLOADER-NY TROJAN! |
| X |
Run Services as Application |
tcpsvc.exe |
Added by the DLOADER-NY TROJAN! |
| X |
Run Services as Application |
websvc.exe |
Added by the DLOADER-NY TROJAN! |
| U |
Run StartupMonitor |
StartupMonitor.exe |
Mike Lin's
StartupMonitor, throws up an alert and asks your permission every time any
change is made to your start-up configuration, either in the registry or
start menu |
| X |
Run TaskMrg |
csrss.exe |
Added by the LDPINCH-W TROJAN!
Note - this is not the legitimate csrss.exe process which is always located
in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is located in the Windows folder |
| X |
run windows |
servic.bat |
Added by
the REBOOT-AP TROJAN! |
| X |
Run XP Service Pack |
xpservicepack.exe |
Added by the SDBOT.AQA WORM! |
| X |
Run[0] |
syscnfg.exe |
Added by an unidentified VIRUS,
WORM or TROJAN! "syscnfg.exe" is found in C:windowsfonts (or
C:winntfonts) directory where no *.exe files should reside |
| X |
Run_cd |
Run_cd.exe |
Added by the GHOST.23 TROJAN! |
| Y |
run_pbnext |
PBNext.exe |
PBNext is virtual phone system which offers the same
functionality as expensive PBX hardware |
| X |
run= |
Autoexec.com |
Added by the HOLCAS.A WORM! |
| X |
run= |
Celine.scr |
Added by the CELINE-A TROJAN! |
| N |
run= |
cmmpu.exe |
MIDI emulator driver for the
integrated sound chip by C-Media based on the CMI-8330 chip set normally
found in cheap motherboards. Also installed as part of the software for a
Guillemot Maxi Muse sound card (PCI) |
| X |
run= |
cyxid98.exe |
Unidentified malware |
| X |
run= |
dec25.exe |
Added by the ATAK.F WORM! |
| X |
run= |
dllreg.exe |
Added by the DUMARU-L TROJAN! |
| X |
run= |
DRDOOM.EXE |
Added
by the SEMAPI-A WORM! |
| N |
run= |
fmedia.exe |
FMedia FaxWorks related - can be
run manually |
| X |
run= |
fntldr.exe |
CoolWebSearch Tapicfg parasite variant |
| N |
run= |
hpfsched |
HPFSCHED is a small TSR that
will remind you to clean the cartridges in your DeskJet from time to time in
order to keep print quality high. It can be removed from the run line in
win.ini if you do not want that feature |
| X |
run= |
htmlsync.exe |
Searchforfree.info browser
hijacker |
| X |
run= |
info32.exe |
CoolWebSearch Tapicfg parasite variant |
| ? |
run= |
LXBTppls.exe |
Reportedly part of Lexmark
printer software - what does it do and is it required? |
| N |
run= |
lxdboxcp.exe |
Lexmark DOS-Printing Control
Program for the Lexmark 2050. Only required if you need to print from DOS |
| X |
run= |
mdm.exe |
Added by the PROXY-GG TROJAN! |
| X |
run= |
mouse_configurator.win |
Added by the GAGGLE.E WORM! |
| X |
run= |
msoffice.exe |
Added by the ADWARELOADER TROJAN! Note - do not confuse with
the legitimate Microsoft Office file, which would typically be located in the
Program FilesMicrosoft OfficeOffice folder! |
| N |
run= |
pcfix2k.exe |
pcfix2k splash screen |
| X |
run= |
ptlseq.cpl |
PhoenixNet BIOS
adware. See here |
| U |
run= |
ramsys.exe |
Advanced Startup Manager from Rays Lab |
| X |
run= |
RAVMOND.exe |
Added by a variant of the LOVGATE WORM! |
| X |
run= |
real.exe |
Added by a variant of the LOVGATE WORM! |
| X |
run= |
RegistryReminder.exe |
Added by
the APSTROJAN.OB TROJAN! |
| X |
run= |
sec5dec.exe |
Added by the ATAK.G WORM! |
| X |
run= |
services.exe |
Added by the KREPPER-N TROJAN!
Note - this is not the legitimate services.exe process which is always
located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not
normally figure in Msconfig/Startup! This file is located in a "inet10066"
subfolder of the Windows or Winnt folder |
| Y |
run= |
smsrun16.exe |
Microsoft Systems Management
Server (SMS) related - program that reads SMSRUN16.INI on clients running Win
3.1, Windows for Workgroups, Win95, or OS/2 to create program groups on the
client and then launch SMS client programs |
| X |
run= |
svcinit.exe |
CoolWebSearch
parasite variant |
| X |
run= |
svhost.exe |
Added by the ADMINCASH.B TROJAN! |
| ? |
run= |
wallflip.exe |
Desktop wallpaper changer? |
| ? |
run= |
win.ini |
?? |
| X |
run= |
wmplayer.exe |
CoolWebSearch Smartsearch parasite variant |
| Y |
run= |
wswpd.exe |
Used with some models of
Panasonic, Epson and NEC printers - required for printer to work |
| X |
Run05 |
rundll_32.exe |
Added by the BANCOS-DT TROJAN! |
| X |
run32 |
run32dll.exe |
Added by the SDBOT-CWB WORM! |
| X |
Run32dll |
ocxdll.exe |
Added by an unidentified VIRUS,
WORM or TROJAN! |
| X |
run32dll |
task32.exe |
Added by an unidentified VIRUS,
WORM or TROJAN! |
| X |
run32dll |
WINClock.exe |
Added by an unidentified VIRUS,
WORM or TROJAN! |
| U |
RunAlert |
AService.exe |
MSI
MOtherboard PC Alert III - MSI motherboard monitoring software. Only required
if you "overclock" your system |
| N |
runAP |
runAP.exe |
Not required but what is it? |
| X |
runapp |
icqchk.exe |
Added by the BOMKA TROJAN! |
| X |
Runapp32 |
Runapp32.exe |
Added by the NEODURK TROJAN! |
| Y |
RunCA |
InvokeSvc3.exe |
Wireless-G USB Wireless Network
Adapter related - would appear to be required |
| X |
Rund11 |
Rund11.EXE |
Added
by the MARIO-C WORM! |
| X |
rund1132 |
rund1132.exe |
Added
by the DOPBOT-A WORM! |
| X |
Rund1132.exe |
Rund1132.exe |
Added by the STARTPA-HS TROJAN! |
| X |
Rund1l32 |
Winfi1e32.exe |
Added by the MERTIAN WORM! |
| X |
Rundil32 |
runlli32.exe |
Added by the QQPASS-U TROJAN! |
| X |
Rundil32 |
Updadv.exe |
Added by the QQPASS-N TROJAN! |
| X |
rundl332 |
math.exe ...pluged.exe |
Added by the DOOMJUICE WORM! |
| X |
rundli32 |
rundli32.exe |
Added by the LADE WORM! |
| X |
RunDll |
RunDll.exe |
Added by the QQPASS-AH TROJAN!
Note - this is NOT the Windows system file of the same name as described here |
| X |
Rundll |
Rundll~.exe |
Added
by the DELF-KT TROJAN! |
| X |
Rundll |
rundll32.exe [random file
name].dll "taskmon" |
Added by the MYTOB.IG WORM! |
| X |
RunDLL |
rundll32.exe bridge.dll, Load |
Flingstone.com browser hijacker |
| X |
rundll*** |
die.exe [path] mdll.exe |
Added by the SUMTAX TROJAN! where *** is 134, 569, 777 or 946 |
| X |
rundll*** |
die.exe [path] secure.bat |
Added by the SUMTAX TROJAN! where *** is 134, 569, 777 or 946 |
| X |
rundll*** |
die.exe [path] secure.exe |
Added by the SUMTAX TROJAN! where *** is 134, 569, 777 or 946 |
| X |
rundll*** |
die.exe [path] ttg.exe |
Added by the SUMTAX TROJAN! where *** is 134, 569, 777 or 946 |
| X |
Rundll16 |
Rundll16.exe |
Added by a number of VIRUSES,
WORMS and TROJANS! |
| X |
rundll32 |
[path to worm] |
Added by the AUTEX WORM! |
| X |
rundll32 |
csrss.exe |
Added by the GUTTA TROJAN! Note
- this is not the legitimate csrss.exe process which is always located in the
System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure
in Msconfig/Startup! This file is located in the Windows folder |
| X |
Rundll32 |
RUNDDLL32.EXE |
Added by the STARTPAGE.AXH
TROJAN! |
| X |
RUNDLL32 |
rundl32.exe |
Added by the DEMOTRY-A WORM! |
| X |
Rundll32 |
Rundll32.exe |
Added by the DVLDR TROJAN! Note - this is not the valid
"Rundll32.exe" as it's in the WindowsFonts directory |
| X |
rundll32 |
rundll32.exe |
Added by the SANKER WORM! Note that the valid
"rundll32.exe" resides in C:WindowsSystem32 wheras this version
resides in C:Windows |
| X |
rundll32 |
rundll32.exe |
Added by the AGENT-EZ TROJAN! Note - the real rundll32.exe
resides in the System (9x/Me) or System32 (NT/2K/XP) folder whereas this file
is found in a "SHELLEXT" subfolder |
| U |
rundll32 |
RunDLL32.exe irprops.cpl,
BluetoothAuthenticationAgent |
Associated
with BlueTooth software, and registers the "Infrared Port
properties" Control Panel applet. Should you get the error message,
"Rundll irprops.cpl missing entry Bluetooth authentication agent",
click here here for more information. In case you no longer have BlueTooth
support installed, and don't need it, simply uncheck the entry in Msconfig
> Startup |
| N |
RunDLL32 |
RunDLL32.exe NvMCTray.dll,
NvTaskbarInit |
System Tray icon used to manage
settings for nVidia based graphics cards. May be required for some 3D
applications to recognize your card correctly - such as the game
"Everquest". Otherwise, settings can be changed manually via
Display Properties |
| N |
RUNDLL32 |
RUNDLL32.EXE NvQtwk, NvCplDaemon |
System
Tray icon used to change display settings, change the clock rate and memory
speed for nVidia based graphics cards. This is unnecessary since you can
easily configure these settings the way you want them in the Display
Properties and not have to mess with them again. Also disable the
"NVIDIA Driver Helper Service" if enabled as it can cause this
entry to be re-enabled on re-boot (note that this service can also cause
extreme shutdown delays if enabled - see here) |
| U |
Rundll32 |
Rundll32.exe ptipbm.dll,
SetWriteBack |
Installed with the miniport
drivers for Promise hard drive controllers in both RAID and non-RAID
installations. Tells the drivers that the connected Drives should use the
"Write Back" Caching. You can disable this if you don't want to use
"Write Back" Caching or if you have not connected any driver to
your Promise Controller |
| ? |
rundll32 |
rundll32.exe ptipbmf.dll,
SetWriteCacheMode |
Installed with the miniport
drivers for Promise hard drive controllers in both RAID and non-RAID
installations. May be necessary in order to maintain
preferences applied to the RAID array connected to the Promise controller |
| U |
rundll32 |
Rundll32.exe Wf2kcpl.dll
DllLoadDefaultSettings |
Loads default settings for
Leadtek Winfast graphics cards |
| X |
Rundll32 |
Windows.exe |
Added by the QQPASS.E TROJAN! |
| X |
RunDLL32 |
winupdate.exe |
Added by an unidentified TROJAN! - possibly a BMBOT variant |
| N |
Rundll32 cmicnfg |
Rundll32 cmicnfg.cpl, CMICtrlWnd |
System tray control panel for
C-Media based soundcards - often included on popular motherboards with
in-built audio. Available via Start -> Settings -> Control Panel |
| Y |
RunDll32 essprops |
RunDll32 essprops.cpl,
TaskbarIconWnd |
Associated with a Logitech mouse
- required for proper operation |
| U |
Rundll32 P17 |
Rundll32 P17.dll, P17Helper |
ASIO (Audio Stream In/Out) drivers for the SoundBlaster
Audigy 2 series soundcards - for recording and home project studios. Required
if you use this functionality |
| X |
Rundll32.exe |
Proyecto1.exe |
Added by the GRUEL WORM! |
| X |
Rundll32.exe |
Root.exe |
Added by the GRUEL WORM! |
| X |
Rundll32_7 |
rundll32.exe MSIEFR40.DLL,
DllRunServer |
BrowserAid/BrowserPal foistware |
| X |
Rundll32_8 |
rundll32.exe 1.dll, DllRunServer |
BrowserAid/BrowserPal foistware |
| X |
Rundll32_8 |
rundll32.exe inetp60.dll,
DllRunServer |
BrowserAid/BrowserPal foistware |
| X |
rundll64 |
[path to worm] |
Added by the AUTEX WORM! |
| X |
RundllSvr |
Rundll.exe |
Added by the HUAYU WORM! Note -
this is NOT the Windows system file of the same name as described here |
| X |
Rundllsystem32 |
Rundllsystem32.exe |
Added by the NETDEVIL.B TROJAN! |
| X |
Rundnm |
Rundnm.exe |
Added by the DELF-HA TROJAN! |
| X |
RUNGogoTools |
GoGoLaunch.exe |
GoGoTools adware |
| X |
RUNGogoTools |
LaunchAdware.exe |
GoGoTools adware |
| X |
RUNHYPER |
hyperx.exe |
PurityScan/Clickspring adware |
| X |
runing |
win.exe |
Added by the DELF-LC TROJAN! |
| X |
RUNLOAD |
l0ad.exe |
PurityScan/Clickspring adware |
| X |
RUNLOUD |
loud.exe |
PurityScan/Clickspring adware |
| U |
Runmarc8mManager |
marc8m95.exe |
MARC
Sound System Manager for the Marc 8 MIDI sound card - allows for easy
adjustment of the settings |
| X |
Runner |
csrss.exe |
Added by the ADCLICK-AG TROJAN!
Note - this is not the legitimate csrss.exe process which is always located
in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is located in the Winnt or Windows
folder |
| X |
Runner |
lsass.exe |
Added by the ADCLICK-AG TROJAN!
Note - this is not the legitimate lsass.exe process which is always located
in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is located in the Winnt or Windows
folder |
| X |
Runner |
lsass.exe [trojan filename] |
Added by the DROWSY-B TROJAN!
Note - this is not the legitimate lsass.exe process which is always located
in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is located the Winnt or Windows folder |
| X |
Runner |
svchost.exe |
Added by the ADCLICK-AG TROJAN!
Note - this is not the legitimate svchost.exe process which is always located
in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is located in the Winnt or Windows
folder |
| X |
runner1 |
updater.exe |
Added by the CRYPT.ULPM.GEN
TROJAN! |
| U |
RunOnce |
RUNONCE.EXE |
Part of MS Data Access
Components - only required if you use these |
| X |
RunOnceEx |
sms.exe |
Identified as the DELF.LF by
Ewido Security Suite |
| X |
RunProg |
Server.exe |
Added by the OPTIX.04.A TROJAN! |
| X |
RunProg |
wini.exe |
Added by the OPTIX.04.D TROJAN! |
| X |
runreper |
viewer.exe |
Added by the REPER.A VIRUS! |
| X |
runs |
run.exe |
Added by the RBOT-BWF WORM! |
| X |
RunSearvices |
tread.exe |
Identified as the DELF.LF by
Ewido Security Suite |
| X |
RunServices |
runsvc32.exe |
Added by the AGOBOT.QJ WORM! |
| X |
runSubvalues |
[path to file] |
Added by the DLOADER-QY TROJAN! |
| U |
RunSysd32 |
RunSysd32.exe |
DesktopShield2000 by Stéphane
Groleau. Locks the desktop at bootup so that users cannot bypass the Windows
screensaver password. Only essential if using the program and is an optional
setting. It can be disabled from within |
| X |
Runtime Process |
Csrss.exe |
Added by the CIADOOR-J TROJAN!
Note - this is not the legitimate csrss.exe process which is always located
in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is located in the Winnt or Windows
folder |
| X |
Runtt1 |
Internat.exe |
Added by the LINEAGE-R TROJAN! |
| X |
Runtt1 |
Internet.exe |
Added by the LINEAGE-Q TROJAN! |
| X |
RunWin |
[path to file] |
Added by the BANKER-ES TROJAN! |
| X |
runwin32 |
runwin32.exe |
Added by the ESEARCH-A TROJAN! |
| X |
RUNWIN32 |
runwin32.exe |
Added
by the VB-AET TROJAN! |
| X |
RunWindowsUpdate |
uptodate.exe |
BrowserAid/BrowserPal foistware |
| U |
Rupsw32 |
Rupsw32.exe |
MegaTec Rups, UPS monitoring
software - monitor and control DB9 UPS running on either Windows & Novell
NetWare (with RUPS 2000) or Unix (with RUPS for Unix / Plus) operating
systems |
| ? |
RUSBHOLoader |
rundll32.exe RUSBHOLoader.dll,
AutoRegister |
?? |
| X |
RVC6Player |
tskdbg.exe |
Added by the ZAPCHAS-M TROJAN! |
| X |
rvde |
N/A |
Related to li-speed**** |
| X |
RVP |
bpc.exe |
Spyware included with the latest version of Grokster. Also
see here |
| X |
rx |
explore.exe |
Added by the ZHENGTU-A TROJAN! |
| X |
rx |
rundll32.exe |
Added by the Lineage-BP TROJAN! Note - this is not the
legitimate Windows process (Which is found in the Windows folder for 9xMe and
the System32 folder for NT2KXP). This file is found in the Windows or Winnt
folder |
| N |
RxMon |
rxmon9x.exe |
Part of Dell Resolution Assistant - "a diagnostic
program that allows you to contact Dell. When factory-installed by Dell, it
allowed you to perform hardware and software diagnostics that provided alerts
to potential problems and enabled real-time communication with Dell RA techs.
You can now use RA only to contact Dell by e-mail" |
| N |
RxUser |
RxUser.exe |
Part of Dell Resolution Assistant - "a diagnostic
program that allows you to contact Dell. When factory-installed by Dell, it
allowed you to perform hardware and software diagnostics that provided alerts
to potential problems and enabled real-time communication with Dell RA techs.
You can now use RA only to contact Dell by e-mail" |
| X |
rzt |
rundll32.exe |
Added by the LINEAGE.BDP TROJAN! |
| X |
S |
svhost.exe |
Added by the AGOBOT-LN WORM! |
| X |
S0undMan |
svch0st.exe |
Added by the LOVGATE.AB WORM! Note - the filename has the
digit 0 rather then the uppercase "o" |
| ? |
S24EvMon |
S24EvMon.exe |
Event Monitor - supports driver
extensions to NIC Driver for wireless adapters. Is it
required? |
| X |
S3 Internal Chip |
s3serv.exe |
Added by the AGOBOT-DD WORM! |
| N |
S3apphk |
S3apphk.exe |
A tool installed alongside the
drivers for your S3 video output device. It is not necessary but should be
allowed to run unless it is causing problems |
| U |
S3Hotkey |
s3hotkey.exe |
Hotkey system tray icon to
enable switching between monitors. Found on laptops with an S3 Twister
integrated graphics card |
| ? |
S3Mon |
S3Mon.exe |
S3DuoVue multi-monitor taskbar
helper by S3 Graphics. What does it do and is it
required? |
| N |
S3TRAY |
S3Tray.exe |
S3 display configuration taskbar
utility for S3 chipset based graphics cards. Can be run from Start->
Settings -> Control Panel -> Display |
| ? |
s3tray2 |
s3tray2.exe |
Same as the s3tray entry in this
table? |
| ? |
S3TRAYHP |
S3trayhp.exe |
S3 Video driver related. What does it do and is it required? |
| U |
S4F |
S4F.exe |
FilterPak
from S4F, Inc - internet filtering software |
| X |
s4helper |
s4helper.exe |
Searchcentrix hijacker |
| ? |
SA |
Sa3.exe |
Logitech QuickCam driver. Is it required? |
| ? |
SA Service |
SAservice.exe |
Associated with Cyber Trio and
Warner troubleshooting software from G-Tek Technologies and pre-installed on some Packard Bell and
NEC PCs. What function does this perform and is it
required? |
| N |
Sa3dsrv |
Sa3dsrv.exe |
3D sound extension for Windows |
| X |
saap |
saap.exe |
NCase adware |
| N |
Sabreserver |
SABSERV.EXE |
Airline reservation software
from Sabre. Available via Start -> Programs |
| X |
sac |
sac.exe |
NCase adware |
| X |
SACC |
sacc.exe |
SurfAccuracy adware |
| N |
SAClient |
RegCon.exe |
AT&T or ComCast BBClient -
monitors system and network-delivered services for availability. Your current
network status is displayed on a color-coded web page in near-real time. When
problems are detected, you're immediately notified by e-mail, pager, or text
messaging |
| X |
Safe |
[path to trojan] |
Added by the BANKER-DT TROJAN! |
| X |
Safe |
SafeWin.exe |
Added by the FOCOSENHA TROJAN! |
| X |
SafeGuard Popup Blocker Updater |
regsvr32 [path] sfgupd.dll |
SafeguardProtect/Veevo hijacker |
| X |
SafeGuard Popup Blocker Updater
(required) |
regsvr32 [path] sfg****.dll [* =
ramdom char] |
SafeguardProtect/Veevo hijacker |
| X |
SafeGuard Popup Updater
(required) |
regsvr32 [path] PDF****.dll [* =
random char] |
SafeguardProtect/Veevo hijacker |
| X |
SafeGuard Popup Updater
(required) |
regsvr32 [path] sfg****.dll [* =
random char] |
SafeguardProtect/Veevo hijacker |
| U |
SafeHouseSystemTray |
SDWTRAY.EXE |
SafeHouse
"Personal Privacy" system tray icon - PP protects and hides your
private and personal photos, videos, files and folders by making them
"invisible" and encrypted |
| N |
SafeInstall.exe |
SAFEIN~1.EXE |
Monitors a download and ensures
an newer version of a file isn't replaced by an older one |
| N |
SafeOFF |
SafeOff.exe |
Provides protection that if user
accidentally presses the power switch a dialog will pop up for confirmation |
| X |
SafeSearch |
safesearch.exe |
SafeSearch.A adware |
| X |
SafeSurfingUpdate |
SSUpdate.exe |
MoneyTree parasite - ActiveX control used to download
premium-rate dialers |
| U |
SafetyNet |
ipcTray.exe |
Safety.Net
from Netveda - "offers Internet security, content security and advanced
Internet firewall protection for all your LAN computers, and trust controls
to block unwanted or harmful applications from accessing the network" |
| U |
SafetyNet_Notifier |
ipcLn.exe |
Safety.Net
from Netveda - "offers Internet security, content security and advanced
Internet firewall protection for all your LAN computers, and trust controls
to block unwanted or harmful applications from accessing the network" |
| U |
Safeworld |
Freedom.exe |
SafeWorld Internet Security -
now no longer available |
| X |
Sagate Security Firewall |
sagate.exe |
Added by the GAOBOT.BOW WORM! |
| N |
SAgent2ExePath |
SAgent2.exe |
Seiko Epson printer status
agent. Disable if printer is not used often |
| U |
SAGENTSERVICE |
Sagent.exe |
TinySpyAgent commercial keystroke logger. Uninstall this
software if you did not install it yourself |
| X |
sagnt |
sagnt.exe |
Adware web downloader |
| X |
SAHagent |
Sahagent.exe |
ShopAtHomeSelect parasite |
| X |
SAHBundle |
bundle.exe |
ShopAtHomeSelect parasite |
| X |
SAHBundle |
shop1003.exe |
ShopAtHomeSelect parasite |
| X |
saie |
saie.exe |
NCase adware |
| U |
SAIMON |
SaiMon.exe |
Saitek joystick driver |
| X |
sain |
sain.exe |
NCase adware |
| X |
sais |
sais.exe |
NCase adware |
| ? |
SaiSmart |
SaiSmart.exe |
"Smart Button Special
Sauce" - included with the latest software for Saitek game controllers.
Related to the "S", "Shift" or "Smart" button
and gives gamers extra features on the buttons. Only required if you use this
feature |
| U |
SaitekAutoConfigure |
saicnfig.exe |
Configuration for Saitek game controllers |
| X |
Sakemsneql |
simenu.exe |
Added by the SDBOT.BTO WORM! |
| X |
salm |
salm.exe |
180Search adware |
| X |
salm |
salm.exe |
NCase adware |
| U |
SAMcal |
SAMcal.exe |
SamCal
- calendar/reminder program |
| U |
Sametime Connect |
Connect.exe |
IBM Lotus Sametime - instant messaging and Web conferencing
software |
| X |
Samsong |
Samsong.exe |
Added by the SDBOT.BNE WORM! |
| X |
Samsung |
Samsungs.exe |
Added by an IRC TROJAN variant! |
| X |
Sam-sung |
Sam-sung.exe |
Added by a
variant of the SDBOT WORM! |
| U |
SandboxieControl |
Control.exe |
SandBoxie - allows data to
be read from the hard drive by an application but never written back unless
you allow it |
| N |
SandIcon |
SandIcon.exe |
SanDisk ImageMate CompactFlash
card reader SDDR-31 (USB). Very little use except to place the Sandisk icon
beside its drive designation in Windows Explorer. The reader itself will work
fine without it. The simplest thing is to just unplug the reader when you're
not using it. It may slow the startup by a few nanoseconds, but once the
software sees there's no reader, you get back the resources |
| X |
SANS Service |
sansv.exe |
Added by the VANEBOT-AH WORM! |
| X |
sapp |
sapp.exe |
NCase adware |
| U |
SaskTel Accelerated Dial-up |
sasktelgui.exe |
"Experience faster surfing, downloading and e-mail by
adding SaskTel Accelerated Dial-up Internet" |
| X |
saSyncMgr |
rundll32.exe sasync.dll,
SyncWait |
Browser hijacker - redirecting
to Searchant.com |
| U |
SATARaid |
SATARaid.exe |
RAID driver for serial ATA disks
on some motherboards such as the DFI Lanparty range. Only loaded if one is
using RAID support on SATA drives |
| X |
satmat |
satmat.exe |
VX2.Transponder parasite updater/installer related |
| X |
sau |
sau.exe |
180Solutions adware related |
| U |
SAUpdate |
SAUpdate.exe |
Big Brother from Quest Software. System and network monitor |
| U |
SAutoLaunchExe |
SAutoLaunchExe.exe |
Sharp Zaurus PDA related, needed
to synchronize information with a Desktop or Notebook |
| Y |
SAVAgent |
SAVAgent.exe |
Part of Sophos anti-virus
software. Required for centrally administered Sophos updates to work
correctly, e.g. automatically updating PCs used by dial-in home or
out-of-office users |
| X |
Save |
Save.exe |
WhenU.Save adware |
| X |
SaveDate |
SaveStartDate.Exe |
Unidentified adware |
| X |
Savenow |
SaveNow.exe |
WhenU.Save adware |
| X |
Savenow |
savenow.exe |
Added by the SPREDA.B VIRUS! |
| X |
SAW |
saw.exe |
SmartAdware adware |
| U |
Say The Time 5.0 |
SAYTIME.EXE |
This program has audio cues for
the system clock in male and female voices, customizes the appearance of the
system clock, and can synchronize it to a time server regularly |
| U |
SB |
SB.exe |
Acer Soft Button on Acer Tablet
PCs |
| N |
SB Audigy 2 Startup Menu |
/l:eng |
Related to the Dell OEM version
of the Sound Blaster Audigy 2 sound card. If this item is listed and checked
in startup, the System32 Folder will appear on every startup. A patch is
available - filename R75304.EXE - that fixes the issue. You can find that
file at support.dell.com by typing that name in the 'Search' box available
there. It addresses the root of the problem in Creative's software and
corrects it. Unfortunately there is no direct link to the file, but it's
easily available using the search function |
| X |
SB Watchdog |
SBWatchdog.exe |
Spyware utility installed by the
manufacturers of some laptops (Sony) used to monitor browsing habits and send
them back to whoever installed it - released by SoftBank |
| X |
SB13mini |
RYZO32.EXE |
Added by the SPYBOT-EJ WORM! |
| U |
SBAutoUpdate |
sbautoupdate.exe |
SpywareBlaster
auto-updater |
| U |
SBC Self Support Tool |
matcli.exe |
matcli.exe is a motive Assistant
Command line interface that gathers information about your system's identity
like your name email address, city, county, etc and gets written to a log
file. The SBC Self Support Tool is required to run with the Help and Support
program. If you uncheck SBC and and then run Help and Support it will add
another SBC entry in the startup menu. If you remove this software in
"add/remove programs" some help menus in help and support will not
be available. You decide |
| N |
SBC Yahoo! Connection Manager |
ConnectionManager.exe |
Used to create and connect your
SBC Yahoo DSL connection. This program has been reported to cause problems
for some users. If you find that it causes you pc to become slow or unstable
you should uninstall it (using Add/Remove programs) and manually connect your
DSL connection |
| U |
SBCSTray |
SBCSTray.exe |
System Tray access to CounterSpy anti-spyware from Sunbelt
Software |
| U |
SBDrvDet |
SBDrv.exe |
Detects the "Easy
Front-Panel Audio Connectivity Drive Internal Drive Bay" on the Sound
Blaster Audigy 2 Platinium eX. Can be disabled if you don't have one |
| N |
sbdrvdet |
sbdrvdet.exe |
Checks to see if Creative sound
card driver should be updated |
| X |
SBHC |
sbhc.exe |
SuperBar parasite - uninstall
available here |
| X |
SBMPOP |
SBMPop.exe |
SearchByMedia adware |
| N |
SBMX |
sbmx.exe |
SoundMAX MPU401 MIDI device
emulator for x86 VM DOS games/apps (for Win9x only) |
| X |
sbss Launcher |
sbss.exe |
SideBySide adware |
| U |
SbUsb AudCtrl |
RunDll32 sbusbdll.dll, RCMonitor |
Control for Soundblaster MP3
external (USB) sound card |
| U |
sc |
run.exe |
All-In-One_SPY stealth
monitoring software - allows monitoring and recording of all actions
performed on a computer. It records all keystrokes, remembers addresses of
Internet pages visited, and maintains a log file listing all applicationsrun
on the computer. It can create screenshots and record sounds from the
computer's microphone to a sound file |
| U |
sc |
sc.exe |
Watchdog 2.0 Software - monitoring program |
| N |
sc |
scrubxp.exe |
ScrubXP - utility that
deletes safe to remove files, cookies, browsing history, etc |
| ? |
sc23exec |
sc23exec.exe |
Possibly related to a digital
camera |
| Y |
SC3300CC |
SC3300CC.exe |
SiPix digital camera Twain
device driver |
| X |
scain |
s030109.Stub.exe |
Delfin Media Viewer adware related |
| X |
ScamDisk |
SVOHOST.exe |
Added by the LEWOR.D WORM! |
| X |
scan |
mscman.exe |
ClientMan parasite variant |
| ? |
Scan Detector |
Pmxdetect.exe |
Associated with PrimaScan
scanners. Is it required? |
| X |
Scan Register |
ssms.exe |
Added
by the RBOT-AT WORM! |
| ? |
Scan Wizard |
button.exe |
Associated with ScanWizard as
supplied with Microtek scanners - see also Scanner Detector or SDetect. What does it do and is it required? |
| X |
ScanDisc |
satan.exe |
Added by the GREGSTAR TROJAN! |
| X |
ScanDisk |
ScanDisk.exe |
Added by the GANDA.A WORM! Note - this is not the valid
"ScanDisk" Win9x/Me standard disk error checker |
| X |
scands32.exe |
scands32.exe |
Added by a variant of the ADCLICKER TROJAN! |
| X |
Scandsk2 |
scandsk2.exe |
Added by the AGOBOT-PK WORM! |
| X |
scandskx.exe |
scandskx.exe |
Added by the DLOADR-ARM TROJAN! |
| ? |
ScanFile |
?? |
?? |
| Y |
ScanInicio |
Inicio.exe |
Part
of Panda Antivirus. Responsible for scanning the boot sector of your disk and
your memory at startup to check for viruses that try and load and act before
your anti-virus is fully operational. It only adds a fraction of a second to
start-up time and is worth leaving active |
| N |
Scanner Detector |
SDetect.exe |
ScanSuite Scanner Detector -
part of ScanWizard, supplied with Microtek scanners. Waits until you press
the "GO" button and seems to serve no other purpose. Automatically
installed without prompting. Not required if you can start your scanning application
before pressing the "GO" button |
| Y |
Scanner File Utility |
NsCatCom.exe |
Kycocera Mita network
copier/printer/scanner process to dump scanned documents onto a workstation |
| ? |
ScanPanel |
ScanPanel.exe |
Trust
Easy Webscan scanner related - what does it do and is it required? |
| X |
Scanreg |
[filename] |
Added by the QQPASS.E TROJAN! |
| X |
ScanRegistry |
N/A |
Added by the DINOXI or DINOXI.B
WORMS! |
| X |
ScanRegistry |
nsrvnt.exe |
Added by the NERTE TROJAN! Not to be confused with the real
ScanRegistry - which is a vital Windows file. This version has the executable
as nsrvnt.exe not scanregw.exe |
| X |
ScanRegistry |
scanregv.exe |
Added by
the MASTERLOCK TROJAN!. Not to be confused with the real ScanRegistry - which
is a vital Windows file. This version has the executable as scanregv.exe not
scanregw.exe |
| Y |
ScanRegistry |
Scanregw.exe |
Scans the system registry and
makes back-ups at start-up. Important should the registry become corrupt. The
executable "Scanregw.exe" is located in %windir% (where %windir% is
the Windows directory - C:Windows or C:Winnt) |
| X |
ScanRegistry |
Scanregw.exe |
Added by the STATOR WORM! Not to be confused with the
legitimate ScanRegistry entry - which is a vital Windows file. The executable
"Scanregw.exe" is located in %windir%System (where %windir% is the
Windows directory - C:Windows or C:Winnt). Runs from the registry RunServices
key as opposed to the Run key |
| X |
ScanRegistry |
scanregw.exe |
Added
by the NYXEM-D WORM! Note - do not confuse this with the legitimate Windows
process scanregw.exe which is always found in the Windows folder on Win9x/ME
machines. This worm file is found in the System (9x/ME) or System32
(NT/2K/XP) folder |
| X |
ScanRegistry |
update.exe |
Added by the DWNLDR-FZY TROJAN! |
| N |
ScanSpyware v * |
Scanner.exe |
Spyware
remover (where * = the version number) - not recommended, see here |
| X |
scApp |
scApp.exe |
Added by the STANDO-E WORM! |
| N |
SCardSvr |
scardsvr.exe |
Related to SmartCard readers and
sometimes uses lots of system resources |
| X |
SCardSvr |
SCardSvr32.Exe |
Added by the MOFEI.B WORM! |
| U |
SCDEmuApp.exe |
SCDEmuApp.exe |
Related to PowerISO - CD/DVD
image file processing tool |
| X |
scheck45 |
scheck45.exe |
Related to unknown malware -
hidden installer associated with it |
| U |
schedm |
schedm.exe |
Part of Antivir PersonalEdition Classic anti-virus |
| X |
ScheduIe |
nrchk.exe |
Premium rate adult content
dialler |
| X |
ScheduIr |
msexploren.exe |
Added by a
variant of the SDBOT WORM! |
| X |
ScheduIr |
shch.exe |
Added by a
variant of the SDBOT WORM! |
| X |
ScheduIr |
svchst.exe |
Added by a
variant of the SDBOT WORM! |
| X |
ScheduIr |
winagent.exe |
Added by a
variant of the SDBOT WORM! |
| U |
Schedule |
Schedule.exe |
Scheduler for Mercury Ez View TV Tuner Card |
| N |
Scheduled Maintenance |
Scheduled_Maintenance.exe |
Scheduler for Iolo
System Mechanic tweaking utility. It can cleans your registry and deletes
temporary files at defined intervals. Available via Start -> Programs |
| X |
Scheduler |
expIorer.exe |
Added by the TACTSLAY.A TROJAN! |
| X |
Scheduler |
MSMSGS.EXE |
Added by the HOSTBANK-A TROJAN! Note - this particular
msmsgs.exe file is located in the WindowsSystem32Config or
WinntSystem32Config folder, and should not be mistaken for the MSN Messenger
file of the same name! |
| X |
Scheduler |
msnexploren.exe |
Added by the TACTSLAY.B TROJAN! |
| X |
Scheduler |
outIook.exe |
Added by the TACTSLAY.A TROJAN! |
| U |
Scheduler |
Scheduler daemon.exe |
Tenebril GhostSurf
or SpyCatcher related scheduler - you can schedule daily, weekly, monthly or
one-time only cleanings |
| X |
Scheduler |
sdhch.exe |
Added by the TACTSLAY.B TROJAN! |
| X |
Scheduler |
svchst.exe |
Added by the TACTSLAY.B TROJAN! |
| X |
Scheduler |
svcrhost.exe |
Added by the TACTSLAY.A TROJAN! |
| X |
Scheduler |
svcshost.exe |
Added by the TACTSLAY.A TROJAN! |
| X |
Scheduler |
winagent.exe |
Added by the TACTSLAY.B TROJAN! |
| X |
Scheduler Service |
wsass.exe |
Added by the LIOTEN.KX WORM! |
| X |
SchedulerMgr |
navchk.exe |
Premium rate adult content
dialer |
| X |
Scheduling Agent |
Scheduler.exe |
Added by the SUBWOOFER TROJAN! Note - this is not the real MS
Scheduling agent as the executable is incorrect |
| X |
SchedulingAgant |
MMTASK.EXE |
Added by the YAB.A TROJAN! Not the valid MusicMatch Jukebox
which has the same filename |
| U |
SchedulingAgent |
mstask.exe |
MS Scheduling Agent displayed as
a box with a stopwatch in the System Tray that is only needed if you have
regular scheduled disk defragmenting, ScanDisk, etc. Required if you have
regularily scheduled events such as weekly virus scans |
| U |
SchedulingAgent |
mstinit.exe |
MS Scheduling Agent displayed as
a box with a stopwatch in the System Tray that is only needed if you have
regular scheduled disk defragmenting, ScanDisk, etc. Required if you have
regularily scheduled events such as weekly virus scans |
| X |
SchedulingAgent |
N/A |
Added by the DINOXI or DINOXI.B
WORMS! |
| U |
Schmaili |
Schmaili.exe |
Schmaili - insert
animated smilies into your e-mail |
| X |
schost |
[path to trojan] |
Added by the TJSERV.D TROJAN! |
| N |
SchSvr |
SchSvr.exe |
WinScheduler is installed
with Home Theater or WinDVD Remote Control for WinDVD from Intervideo. If you
want to schedule recordings from your TV tuner card, you will need it.
Available via Start -> Programs |
| Y |
SCHWIZEX |
SCHWIZEX.EXE |
Part
of ConfigSafe - lets you identify changes to the registry, INI files, System
asset files, system hardware, network connections, and operating system
versions - provides a restore function. This part takes a snapshot of your
system following a healthy re-boot |
| X |
ScManager |
scman.exe |
Added by the FORBOT-CW WORM! |
| X |
scopedll |
scopedll.exe |
Added by a variant of the CRYPTER.C TROJAN! |
| N |
Scotia OnLine Recovery |
etdirrcv.exe |
Scotia OnLine Security Software
provided by Entrust for Scotiabank. Provides trusted secure access to Scotia
OnLine Secure Web sites. *.* represents the version number. Now obsolete
after Scotiabank modernised their login process |
| N |
Scotia OnLine Security v*.*
Recovery |
etdirrcv.exe |
Scotia OnLine Security Software
provided by Entrust for Scotiabank. Provides trusted secure access to Scotia
OnLine Secure Web sites. *.* represents the version number. Now obsolete
after Scotiabank modernised their login process |
| X |
Scr |
scr.scr |
Added by the OPASERV.T WORM! |
| N |
ScrapPad |
Scrappad.exe |
ScrapPad allows you to quickly
and easily record notes, thoughts, messages, and just about anything you
want. Use it like you use scrap paper |
| X |
scrbmk |
[path to trojan] |
Added by the DLOADER-VP TROJAN! |
| U |
Screen Calendar |
scrcal.exe |
Screen Calendar allows
you to create custom desktop wallpapers with built in active calendar and
scheduler |
| U |
Screen Guard |
launch.exe |
Part of Access Denied security and privacy software |
| U |
Screen Guard Message Scan |
sgms.exe |
Part of Access Denied security and privacy software |
| X |
Screen Saver |
scrnsaver.scr |
Added by the RBOT-AGP WORM! |
| N |
Screen Saver Control |
FSScrCtl.exe |
Installs as part of the Hubble
Space Telescope screen saver (and possibly others). Lets you control your
installed screensavers from a System Tray icon |
| N |
ScreenHunter 4.0 Free |
ScreenHunter.exe |
"ScreenHunter 4.0 Free is a completely free screen
capture software for you to easily take screenshots" |
| N |
ScreenPrint32 |
ScreenPrint32.exe |
ScreenPrint32
screen capture software - can be launched manually |
| ? |
screxe |
scruser2k.exe |
?? |
| ? |
script |
script.bat |
Maybe associated with DOS on a
Win9x machine |
| Y |
ScriptBlocking |
SBServ.exe |
Update to Norton
AntiVirus 2001. Detects certain types of script-based viruses without the
need for specific virus definitions - such as JavaScript and VBScript. This
will help protect you from these viruses even before virus definitions are
available. Note - some users complain of problems once the update is
installed - refer here for more information |
| Y |
ScriptSentry |
Scriptsentry.exe |
Script
Sentry from Jason's Toolbox. Blocks malicious scripts and allows safe scripts
to run. Only required if you want it to check the file associations it guards
at startup. It will function regardlessly |
| U |
Scroll-In-Mouse V2.0 |
SCROLL.EXE |
Toolkit for the
Lynx-3D Net scroll mouse from QTronix. Required if you use the special
features |
| X |
scrss |
scrss.exe |
Added by the HACDEF-R TROJAN! |
| X |
scrsvc |
scrsvc.exe |
Added by the AGENT-DS TROJAN! |
| X |
ScrSvr |
ScrSvr.exe |
Added by the OPASERV WORM! |
| X |
ScrSvrOld |
[worm filename] |
Added by the OPASERV WORM! |
| Y |
Scsi |
Scsi.exe |
SCSI Miniport driver |
| X |
sctrlmgr |
sescmgr.exe |
Added by a variant of the DWNLDR-GAH TROJAN! |
| U |
scvhost |
scvhost.exe |
Wiretap
surveillance software. Uninstall this software unless you put it there
yourself |
| X |
scvhost |
svzhost.exe |
Added by a variant of the SPYBOT WORM! |
| X |
scvhost loader |
ixplore.exe |
Added by the SDBOT-CY TROJAN! |
| X |
scvhost.exe |
scvhost.exe |
Added by the LOHAV-N TROJAN! |
| X |
sd32info |
sd32info.exe |
Added by the CRYPTER.A TROJAN! |
| U |
SDaemon |
sdaemon.exe |
PC Security from Tropical
Software. 'PC Security™ 5.1 is the ultimate in computer security, offering
multiple locking systems for the Windows environment and internet. Lock
files, monitor programs' activities, even detect intruders! PC Security™
offers flexible and complete password protection, "Drag and Drop"
support, plus many other handy features' |
| U |
SDAutoLiveupdate |
LiveUpdateSD.exe |
Spyware Detector - spyware remover. Initially not recommended
due to false positives but the later versions have since improved - see here |
| X |
SDAv |
csnss.exe |
Added by the SERFLOG.C WORM! |
| X |
SDAv |
svhost.exe |
Added by the SERFLOG.C WORM! |
| X |
sdchosts32 |
vbdd.exe |
Added by the RANKY.AG TROJAN! |
| ? |
SDClientMonitor |
sdclientmonitor.exe |
Related to LANDesk Management Suite from LANDesk Software
Ltd. What does it do and is it required? |
| N |
SDetect |
SDetect.exe |
ScanSuite Scanner Detector -
part of ScanWizard, supplied with Microtek scanners. Waits until you press
the "GO" button and seems to serve no other purpose. Automatically
installed without prompting. Not required if you can start your scanning application
before pressing the "GO" button |
| X |
sdfsdfsdf |
sp2update.exe |
Added by a variant of the SPYBOT WORM! |
| X |
SDIN Adapter |
sdin.exe |
Added by the FORBOT-AP WORM! |
| ? |
SDJobCheck |
triggusr.exe |
Part
of CA Unicenter Software Delivery - manage software across various systems,
from desktops and servers to PDAs and mobile phones, in a controlled and
standardized way - is it required at startup? |
| X |
SDK Codre Function22 |
sdkimddprovment2.exe |
Added by the SDBOT-YJ WORM! |
| X |
SDK Core Component |
sdkcore.exe |
Added by the SDBOT-WC WORM! |
| X |
SDK Core Function |
sdkimprovment.exe |
Added by the RBOT.BHL WORM! |
| X |
SDK Core Function2 |
sdkimprovment2.exe |
Added by the SPYBOT.OGX WORM! |
| X |
Sdk**.exe [* = random char] |
Sdk**.exe [* = random char] |
Sdk**.exe [* = random char] |
| X |
Sdk**.exe [* = random char] |
Sdk**.exe [* = random char] |
CoolWebSearch/HomeSearch adware
- for examples, see this log |
| X |
Sdk**32.exe [* = random char] |
Sdk**32.exe [* = random char] |
CoolWebSearch/HomeSearch adware
- for examples, see this log |
| X |
SDKcore Update Components2 |
SDKC0R3.exe |
Added
by the RBOT-ABA WORM! |
| X |
sdkupdate22 |
SDK0mCORE.exe |
Added by the FORBOT-DT WORM! |
| N |
SDPhotoBar.exe |
SDPhotoBar.exe |
SmartDraw
Photo (now FotoFinsh) - "organize, enhance, print, and share your
photos. It's also a powerful graphic editor for creating images and web
graphics" |
| N |
SDR6_Check |
udcsdr.exe |
DriveCleaner is a security assesment tool which gives
exaggerated reports of security and privacy risks on a computer. The program
then prompts the user to purchase a registered version of the software in
order to remove the reported risks |
| X |
sdrss |
sdrss.exe |
Added by the SDBOT-SQ WORM! |
| U |
sds20 |
svchost.exe |
InlookExpress logs keystrokes
and captures screenshots. If you didn't install this yourself remove it. Note
- this should not be confused with the svchost.exe system process which is
always located in the System (9x/Me) or System32 (NT/2K/XP) folder! This file
is located in a "sds20" folder |
| U |
SDTray |
sdtray.exe |
RSA Keon
Web PassPort - software that allows organizations to use digital certificates
in a Web-based environment to help ensure that their transactions are
authentic, confidential and digitally signed |
| U |
SDTray |
SDTrayApp.exe |
Spyware Doctor
spyware remover - system tray access |
| X |
sdxsys32 |
sdxsys32.exe |
Added by the BROGGER-A TROJAN! |
| U |
sealmon |
sealmon.exe |
SealedMedia
enables you to combine document protection and control with your existing
applications - such as Microsoft Word, Microsoft Excel, Microsoft PowerPoint
and Email |
| X |
Search Bar |
taskbar.exe |
Added by the OPANKI-F WORM! |
| ? |
Search Hook |
srchhook.exe |
?? |
| X |
Search Page |
http://find.naupoint.com |
Naupoint browser hijacker |
| X |
Search.vbs |
|
Hijacker |
| X |
searchbar |
vnmispoisn downloader.exe |
SearchBarCash adware variant |
| X |
SearchEnhancement |
scbar.exe |
SCBar foistware |
| X |
Search-Exe |
SE.exe |
Search-Exe hijacker |
| X |
searchnav |
searchnav.exe |
SearchNav adware -
IEFeatures/Popnav variant |
| X |
SearchNavVersion |
searchnavversion.exe |
SearchNav adware -
IEFeatures/Popnav variant |
| X |
SearchNet_Up |
ServeUp.exe |
SearchNet adware |
| X |
SearchSetter |
searchsetter[1].exe |
Browser hijacker - redirecting
to FindWhateverNow.com |
| X |
SearchSquire[number] |
SearchSquire[number].exe |
SearchSquire adware |
| X |
SearchUpgrader |
SearchUpgrader.exe |
Hijacker |
| X |
secboot |
mszx23.exe |
Added by a variant of the HAXDOOR.BC TROJAN! |
| X |
secboot |
vtd 16.exe |
Added by the HAXDOOR-AE TROJAN! |
| X |
Secboot |
w32tm.exe |
Added by the HAXDOOR.D TROJAN! |
| U |
Second Copy 2000 |
SecCopy.exe |
Related to Second Copy® - a
files/folders backup utility |
| U |
SecondChance |
sctray.exe |
Power Quest Second Chance. Sets checkpoints for saving a
backup copy of the registry to a disk so you can restore it if you have a
crash |
| X |
Secret |
Secret.exe |
Added by the DELF-LW TROJAN! |
| X |
Secret-Crush |
start.exe |
Hijacker that may reset your
browser's home page and/or search settings to point to undesired sites |
| U |
SECRETMAKER |
secretmaker.exe |
Secretmaker is a combonation
of eight privacy-defending programs, including Spam Fighter Pro, Worm Hunter,
Pop-Up Killer, Banner Blocker, Cookie Eraser, Privacy Protector, History
Cleaner, and Garbage Cleaner |
| U |
SecretSmileys |
ss.exe |
"Secret
Smileys is an add-on for AIM that provides users access to 1000's of new
Smileys that can be viewed by anyone using a current version of AIM. Secret
Smileys also adds other features such as logging of IM conversations, and it
gets rid of that annoying advertisement on your buddy list window" |
| X |
secserv.exe |
secserv.exe |
Reported by Panda as an
EasySearch Adware variant. Note - EasySearch modifies the Internet Explorer
settings and may download programs onto the infected computer |
| X |
secsvc32 |
secsvcnt.exe |
Added by the GLOBAL PATROL TROJAN! |
| U |
Secsys |
Secsys.exe |
UltraSoft Key Interceptor surveillance software - uninstall
this unless you put it there yourself! |
| X |
secure |
secure.exe |
DealHelper adware |
| X |
secure |
svshost.exe |
Added by the RBOT-AFO WORM! |
| X |
secure socket layer |
wins32a.exe |
Added by an IRCBOT TROJAN! |
| X |
Secure Socket Layer
Certification |
sslcert.exe |
Added by the VANEBOT-AN WORM! |
| X |
Secure System |
integitor.exe |
Added by the AGOBOT.ACI WORM! |
| N |
SecureClean4RegManager |
scregmanager4.exe |
WhiteCanyon SecureClean 4 disk cleaner - clean hard drive
data, MRUs, temp files and more. Can be started manually |
| N |
SecureClean4Tray |
sctray4.exe |
WhiteCanyon SecureClean 4 disk cleaner - clean hard drive
data, MRUs, temp files and more. Can be started manually |
| N |
SecureCleanIEClean |
SCIEClean.exe |
SecureClean - scans your system
for hidden temporary files, deleted email messages, Internet histories and
caches |
| U |
SecureItPro |
Secureitpro470p.exe |
SecureIt Pro - lock your computer when you're not there, to
stop malicious users from accessing your desktop |
| X |
SecureLogin |
Mslg32.exe |
Added by the REDZED WORM! |
| U |
SecureOnlineAccountNumbers |
SOAN.exe |
Related to Secure Online
Account Numbers by Discover(R) Card from Orbiscom Ltd. Secure and innovative
payment solutions |
| X |
Security |
WindowsSecurityUpdate.exe |
Added by a
variant of the SDBOT WORM! |
| X |
Security Accounts Manager SM |
samsm.exe |
Added by the SPYBOT.JE WORM! |
| X |
Security Agent |
securag.exe |
Added by the BANCBAN-F TROJAN! |
| X |
Security Agent Manager |
mssams.exe |
Added
by the RBOT-SV WORM! |
| X |
Security Center |
AppControl.exe |
Added by the SDBOT.CFT WORM! |
| N |
Security iGuard |
Security iGuard.exe |
Spyware
remover - not recommended, see here |
| U |
Security Manager |
SecurityManager.exe |
A ComCast Internet software
suite that provides a variety of features (firewall, popup blocker, parental
controls etcetera) to help ensure your computer is secure, and your
information is kept private |
| X |
Security Patch |
scmss.exe |
Added
by the RBOT-ZW WORM! |
| X |
Security Patch |
WinUpdate32.exe |
Added
by the SDBOT-BM WORM! |
| X |
Security Patches |
msnkn.exe |
Added by the RBOT.WW WORM! |
| X |
Security Patches |
WinLab32.exe |
Added
by the SDBOT-KB WORM! |
| X |
Security Service |
secsvc.exe |
Added by the RBOT-GGF WORM! |
| X |
security service |
syss.exe |
Added by an unidentified WORM or
TROJAN! |
| X |
Security Service Process |
svhost.exe |
Added by the AGOBOT-LC WORM! |
| X |
securw |
Nctrup.exe |
Added by the NOPIR.A WORM! |
| Y |
SECWIZ98 |
SECWIZ98.EXE |
Security Wizard 98 by Chris Farmer. Offers you a variety of
ways to restrict access to many of the programs and settings on your PC.
Available here |
| X |
seekmo |
seekmo.exe |
Seekmo Search, a 180Solutions
adware variant - also see here |
| X |
seeve |
seeve.exe |
Medload adware |
| X |
Select server |
slcsvr.exe |
Added by the DLOADER-WD TROJAN! |
| ? |
SelfHostUtil |
slefhost.exe |
?? |
| X |
seli |
[path to file] |
Added by the LOWZONE-AS TROJAN! |
| X |
SemanticInsight |
SemanticInsight.exe |
Added by RXToolbar ADAWARE! Software that displays
pop-up/pop-under advertisements when the primary user interface is not
visible |
| U |
SeMS |
SeMS.exe |
PCsms - tool that
enables you to send sms text messages from your PC to any UK mobile phone |
| X |
Sen |
tlii.exe |
Recognized by Kaspersky
antivirus as Win32.PurityScan.ah. This file is usually found in the Program
Filesbama folder |
| U |
Sensiva |
Sensiva.exe |
Symbol
Commander makes the use of your PC, laptop, Tablet PC, and Pocket PC much
easier and much faster. It recognizes your handwriting with unparalled
performance and executes commands in a snap. Just by using your mouse, pen,
or touchpad, simply draw symbols to execute actions instantly |
| X |
SENTRY |
SENTRY.exe |
From IP Insight. Allows website owners "to instantly
determine the precise geographic location, connection speed and detailed
demographics of every visitor to your website". Will be detected by most
firewalls and the majority of home users should disable it |
| X |
Sepate Security Firewall |
sepate.exe |
Added by a variant of the RBOT WORM! |
| X |
septpop06apsept |
septpop06apsept.exe |
MediaMotor.Popupwithcast adware |
| X |
Serials |
serials.exe |
Any one of a variety of worms
and trojans |
| X |
SernellApp.pcx |
csrss.exe |
Added by the BANCBAN-BJ TROJAN!
Note - this is not the legitimate csrss.exe process which is always located
in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is located in a "D5133"
subfolder |
| X |
serpe |
formatsys.exe |
Added by the SERFLOG.A WORM! |
| X |
serpe |
msmbw.exe |
Added by the SERFLOG.A WORM! |
| X |
serpe |
serbw.exe |
Added by the SERFLOG.A WORM! |
| Y |
serrdctl.exe |
serrdctl.exe |
"Shared Modem Service
Client Event Viewer" - used when a number of PCs have access to a number
of modems. Required to be running on each PC for access to the modems |
| X |
serrv |
serrv.exe |
Added
by the WAREZOV.DC WORM! |
| X |
SERV PacK2 |
nerx.exe |
Added by the SDBOT-ACP WORM! |
| X |
server |
server.exe |
Added by the DELTAD.A WORM! |
| X |
server |
server.exe |
Added by the SINGU-Q TROJAN! |
| X |
server |
system.exe |
Added by the METHS-A TROJAN! |
| X |
Server Backbone |
server05.exe |
Added
by the RBOT-ZM WORM! |
| X |
Server Runtime Process |
wbemstest.exe |
Added by the SDBOT-DDB WORM! |
| X |
SERVER.EXE |
SERVER.EXE |
Added by the BUSHTRO122 or
SMOKODOOR TROJANS! |
| X |
serverex |
Server.txt.vbs |
Added by the DELTAD.A WORM! |
| X |
Service |
[trojan filename] |
Added by the KAITEX.E TROJAN! |
| X |
Service |
service.exe |
Added by the ALADINZ.H TROJAN! |
| X |
Service |
Service.pif |
Added by the ASSIRAL-C WORM! |
| X |
Service |
services.exe |
Added by the NETSKY or NETSKY.B
WORMS! Note - this is not the legitimate services.exe process which is always
located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not
normally figure in Msconfig/Startup! This file is located in the Windows or
Winnt folder |
| X |
Service |
SYSNT.exe |
Added by
the CHA TROJAN! |
| X |
service |
wN2S.exe |
Added by a variant of the RBOT WORM! |
| X |
Service Cleaner |
filen.exe |
Added by the RBOT.BRH WORM! |
| N |
Service Connection |
bwtray.exe |
For Compaq PC's. Part of Backweb |
| N |
Service Connection |
sccenter.exe |
For Compaq PC's. Part of Backweb |
| X |
Service Controller |
Csrrs.exe |
Added by the GAOBOT.AO WORM! |
| X |
Service Controller |
service.exe |
Added by the PREVERT TROJAN! |
| X |
Service Drivers |
abl.exe |
Added by the SDBOT-YX WORM! |
| X |
Service Drivers |
Compt.exe |
Added
by the RBOT-ZJ WORM! |
| X |
Service Drivers |
MSNMEssenger.exe |
Added by a variant of the RBOT WORM! |
| X |
Service Drivers |
msnpg.exe |
Added by the RBOT.BMD WORM! |
| X |
Service Drivers |
PC.EXE |
Added
by the SDBOT-WK WORM! |
| X |
Service Host |
[filename].exe |
Added by the TORVEL.B WORM! |
| X |
Service Host |
spoolxx.exe |
Added by the TORVEL WORM! |
| X |
Service Host |
svchost.exe |
Added by the DAOSER-A TROJAN!
Note - this is not the legitimate svchost.exe process which is always located
in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is located in a Services{C922CCC4-CF61-4589-A0D1-828160704853}
subfolder |
| X |
Service Host |
svchost.exe |
Added by the DAOSER-C TROJAN!
Note - this is not the legitimate svchost.exe process which is always located
in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is located in a Services[random]
subfolder |
| X |
Service Host |
svchost.exe |
Added by the TORVEL WORM! Note -
this is not the legitimate svchost.exe process which is always located in the
System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure
in Msconfig/Startup! This file is found in the Winnt or Windows folder |
| X |
Service Host Driver |
svchost.exe |
Added by the HITON TROJAN! Note
- this is not the legitimate svchost.exe process which is always located in
the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is found in the Winnt or Windows folder |
| X |
Service Host Process |
spoolsvc.exe |
Added by the GAOBOT.GEN!POLY WORM! |
| X |
Service Manager |
dxsound.exe |
Added by the PROXY-GRIC TROJAN! |
| X |
service manager |
service.exe |
Added by the DONBOMB.A TROJAN! |
| X |
Service Manager |
SERVICEMGR.EXE |
Added by the PASSMAIL-D VIRUS! |
| N |
Service Manager |
sqlmangr.exe |
SQL Server Service Manager
- provides tray access to SQL server, the server agent and MSDTC.
Available via Start -> Programs |
| X |
Service Monitor |
csnss.exe |
Added by the RBOT.EEH WORM! |
| X |
Service Monitor |
filen.exe |
Added by a variant of the RBOT WORM! |
| X |
Service Monitor |
javams32.exe |
Added by the DELF-NK TROJAN! |
| X |
Service Monitor |
javams64.exe |
Added by the SDBOT-AFO WORM! |
| X |
Service Monitor |
msnfilen.exe |
Added by the RBOT-ALE WORM! |
| X |
Service Monitor |
msnserve.exe |
Added by the SPYBOT.YQW WORM! |
| X |
Service Monitor |
WinOcx.exe |
Added by the RBOT-AQJ WORM! |
| X |
Service Pack |
[various filenames] |
Added
by the LERPA-A WORM! Note - the file name will be one of the following
common.exe, common.pif, common.scr, Sexo.exe, Sexo.jpg.pif, ini_file__.pif,
load_me__.tmp, msfile.pif, system_load_.pif or zipped.rar.pif |
| X |
Service Pack DLL Runtime |
spdll32.exe |
Added by a variant of the RBOT WORM! |
| X |
Service Process |
service.exe |
Added by the DCMBOT-C TROJAN! |
| X |
Service Process |
smss.exe |
Added by the DCMBOT-E TROJAN!
Note - this is not the legitimate smss.exe process which is always located in
the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is located in a "config" subfolder |
| X |
Service Process |
smss.exe |
Added by the DCMBOT-E TROJAN!
Note - this is not the legitimate smss.exe process which is always located in
the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is located in "config" subfolder |
| X |
Service Process |
SVCHOST.EXE |
Added by the DARKER WORM! Note -
this is not the legitimate svchost.exe process which is always located in the
System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure
in Msconfig/Startup! This file is found in the Winnt or Windows folder |
| X |
Service Process |
svchost.exe |
Added by the DCMBOT-A TROJAN!
Note - this is not the legitimate svchost.exe process which is always located
in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is located in a "config"
subfolder |
| X |
Service Process |
winset.exe |
Added by a variant of the SPYBOT WORM! |
| X |
Service Registry NT Save |
jdbgmgrnt.exe |
Added by the BANCOS-CG TROJAN! |
| X |
Service Registry NT Save |
regeditnt.exe |
Added by the BANCOS-BM TROJAN! |
| X |
Service Registry NT Save |
taskmgrnt.exe |
Added by the BANCOS-BY TROJAN! |
| X |
Service Scheduler |
scheduler.exe |
Added by the AGOBOT-PH WORM! |
| X |
Service System |
kernels32.exe |
Added by the BANCOS-DA TROJAN! |
| X |
Service System |
kgbfsm344.exe |
Added by the BANCOS-FS TROJAN! |
| X |
Service System |
wernell87.exe |
Added by the BANCOS-FJ TROJAN! |
| X |
Service System |
windowsXP.exe |
Added by the BANCOS-EL TROJAN! |
| X |
service updaer |
qualityz.exe |
Added by an unidentified VIRUS, WORM or TROJAN! - probably a
SPYBOT variant |
| X |
Service.exe |
Service.exe |
"servedby.advertising"
popup generator |
| X |
service32 |
service32.exe |
Added by the AGOBOT-ST WORM! |
| U |
ServiceConfig |
ispbeg.exe |
Comcast Transition Wizard. On
June 30th, 2003 it will migrate E-mail and web pages from AT&T Broadband
Internet to Comcast High-Speed Internet. Until then it will run at startup
and then terminate - hence the U recommendation |
| X |
serviceconnect |
serviceconnect.exe |
Added by the AGOBOT.AIR WORM! |
| Y |
ServiceLayer |
ServiceLayer.exe |
Nokia Connectivity Library
support task that is needed by NCLTRAY and by the Nokia Connection Manager
for either to work properly |
| X |
servicemng |
service.exe |
Added
by the TAME-C WORM! |
| X |
Services |
[path to trojan] |
Added by the METEORSHELL TROJAN! |
| X |
Services |
[path to trojan] |
Added by the RANCK-DB TROJAN! |
| X |
Services |
back32.exe ...service.exe |
Added by an unidentified VIRUS,
WORM or TROJAN! Back32.exe is the baddie whose purpose is to HIDE the MIRC32
server in service.exe |
| X |
Services |
csrss.exe |
Added by a variant of the
RANKY.U TROJAN! Note - this is not the legitimate csrss.exe process, which
should not appear in Msconfig/Startup! |
| X |
Services |
iexploler.exe |
Added by the RANCK-LT TROJAN! |
| X |
Services |
iexplore.exe |
Added by the MOGI WORM! Note -
this is not the legitimate Internet Explorer iexplore.exe process which is
always located in the Program FilesInternet Explorer folder and should not
normally figure in Msconfig/Startup! This file is located in the System (9x/Me)
or System32 (NT/2K/XP) folder |
| X |
Services |
iexplorer.exe |
Added by an unidentified WORM or
TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe) |
| X |
Services |
iexpolere.exe |
Added by the RANCK.LU TROJAN! |
| X |
Services |
mshost.exe |
Added by the LANFILT-J TROJAN! |
| X |
Services |
prosys32.exe |
Added by an unidentified WORM or
TROJAN! |
| X |
Services |
scks32.exe |
Added
by a Proxy Trojan variant |
| X |
Services |
services.exe |
Added by a number of VIRUSES, WORMS and TROJANS! Note - this
is not the legitimate services.exe process which should NOT appear in
Msconfig/Startup! |
| X |
Services |
services.exe |
Added by the ZINCITE.A TROJAN!
Note - this is not the legitimate services.exe process which is always
located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not
normally figure in Msconfig/Startup! This file is located in the Windows or Winnt
folder |
| X |
services |
socks.exe |
Added by the WIN32.SMALL.N
TROJAN! |
| X |
Services |
sockys32.exe |
Added by the RANKY.L TROJAN! |
| X |
services |
start.bat |
Added
by the ZCREW TROJAN! |
| X |
Services |
svchost.exe |
Added by the REPER-B WORM! Note
- this is not the legitimate svchost.exe process which is always located in
the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is located in the Winnt or Windows folder |
| X |
services |
Svchosts.exe |
Added
by the SDBOT.N WORM! |
| X |
Services |
sys.exe |
Added
by a Proxy Trojan variant |
| X |
Services |
sysamp.exe |
Added by a
variant of the SDBOT WORM! |
| X |
Services |
windns.exe |
Added by a variant of the RBOT WORM! |
| X |
services |
windows32.exe |
Added
by the FLYVB-C WORM! |
| X |
Services |
winread.exe |
Added by an unidentified VIRUS,
WORM or TROJAN! |
| X |
Services Administrator |
localsvc.exe |
Added by the DLOADER-NY TROJAN! |
| X |
Services Administrator |
netsvc.exe |
Added by the DLOADER-NY TROJAN! |
| X |
Services Administrator |
spoolsvc.exe |
Added by the DLOADER-NY TROJAN! |
| X |
Services Administrator |
svcadmin.exe |
Added by the DLOADER-NY TROJAN! |
| X |
Services Administrator |
svcman.exe |
Added by the DLOADER-NY TROJAN! |
| X |
Services Administrator |
svcrun.exe |
Added by the DLOADER-NY TROJAN! |
| X |
Services Administrator |
tcpsvc.exe |
Added by the DLOADER-NY TROJAN! |
| X |
Services Administrator |
websvc.exe |
Added by the DLOADER-NY TROJAN! |
| X |
Services Controller |
lsassa.exe |
Added by the CIADOOR.122 VIRUS! |
| X |
Services Controller |
services.exe |
Added by the CIADOOR-F TROJAN!
Note - this is not the legitimate services.exe process which is always
located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not
normally figure in Msconfig/Startup! This file is located in the Windows or Winnt
folder |
| X |
Services Host |
Scchost.exe |
Added by the DONK WORM! |
| X |
Services Host |
svchost32.exe |
Added by the AGOBOT-TG WORM! |
| X |
Services Logon |
services.exe |
Added by the CROWT.A WORM! Note
- this is not the legitimate services.exe process which is always located in
the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! By default this file is located in Documents and
Settings[user name]Templates |
| X |
Services Process |
services.exe |
Spyware - recognized by
Kaspersky antivirus as Small.X TROJAN! Note - this is not the legitimate
services.exe process, which should not appear in Msconfig/Startup! |
| X |
Services Process |
smss.exe |
Added by the SMALL-EK TROJAN!
Note - this is not the legitimate smss.exe process which is always located in
the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is located in a "config" subfolder |
| X |
Services Startup |
services.exe |
Added by the CROWT.A WORM! Note
- this is not the legitimate services.exe process which is always located in
the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! By default this file is located in Documents and
Settings[user name]Templates |
| X |
Services Startup |
svhost33.exe |
Added by a variant of the RBOT WORM! |
| X |
Services.dll |
smss.exe |
Added by the SOBER-L WORM! Note
- this is not the legitimate smss.exe process which is always located in the
System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure
in Msconfig/Startup! This file is located in a msagentsystem subfolder of the
Winnt or Windows folder |
| X |
Services.EXE |
services.exe |
Added by the KAZPING WORM! Note
- this is not the legitimate services.exe process which is always located in
the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is located in the Windows or Winnt
folder |
| X |
services.exe |
Services.exe |
Added by the CIADOOR-F TROJAN!
Note - this is not the legitimate services.exe process which is always
located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not
normally figure in Msconfig/Startup! This file is located in the Windows or Winnt
folder |
| X |
Services004 |
[worm filename] |
Added by the BUGBROS WORM! |
| X |
services32 |
mc-110-12-0000079.exe |
Added by the
TrojanDownloader.Agent.rv TROJAN! |
| X |
services32 |
mc-58-12-0000120.exe |
"Shorty" adware - also detected as the AGENT.FD
TROJAN! |
| X |
services32 |
mc-58-12-0000140.exe |
"Shorty" adware - also detected as the AGENT.FD
TROJAN! |
| X |
Services32 Startup |
win32dll.exe |
Added
by the SDBOT-XO WORM! |
| X |
ServicesLoad |
lsass.exe |
Added by the DEARIS-A TROJAN!
Note - this is not the legitimate lsass.exe process which is always located
in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is located in the Winnt or Windows
folder |
| X |
ServicesLog |
ccapp32.exe |
Added by the RBOT-AMX WORM! |
| X |
Servicewin |
Hide32.exe |
Added
by the MSNVB-D WORM! |
| X |
Servicing |
hostd.exe |
Added by the SDBOT.BUI WORM! |
| X |
Servicio Local |
svhost.exe |
Added by the SPYBOT.BGX WORM! |
| X |
servics |
servics.exe |
Added by the SINGU-J TROJAN! |
| X |
SERVlCE |
SERVlCE.EXE |
Added by the AGOBOT-UB WORM! |
| N |
Serv-U |
serv-u32.exe |
FTP server |
| X |
Serv-U |
wssdsu.exe |
Added by the MANIFEST TROJAN! |
| ? |
ServUTrayIcon |
ServUTray.exe |
System Tray icon for Serv-U FTP
server. Is it required? |
| X |
SES Service |
sesvc.exe |
Added by the SDBOT-CZU WORM! |
| U |
Session Client |
sescli.exe |
SurfSpy keystroke logger/monitoring program - remove unless you
installed it yourself! |
| X |
Session Manager Subsystem |
smssa.exe |
Added by the RBOT-AGS WORM! |
| X |
SESync |
sed.exe |
DownloadWare adware |
| ? |
SetDefaultMIDI |
MIDIDef.exe |
Related to a Soundblaster Audigy
soundcards. What does it do and is it required? |
| Y |
SetDefaultPrinter |
cloaker.exe |
Used by HP and Compaq computers
to hide the windows of programs passed as arguments to it |
| N |
SetDefPrt |
BrStDvPt.exe |
Used to set a Brother MFC
printer/copier/scanner as the default printer after installation |
| N |
setdefprt |
setdefprt.exe |
Used to set a Brother MFC
printer/copier/scanner as the default printer after installation |
| U |
SetecCertUtil |
Certutil.exe |
Setec Web and Email Security.
Setec PKI smart card software. The PKI technology enables secure and reliable
user identification in services offered through Internet, mobile handsets and
digital TV |
| X |
setFTPBack |
createsw.exe |
Added by the FTP_BMAIL TROJAN! |
| N |
SetHook |
SetHook.exe |
Fellowes Neato CD label design
software. "Launch NEATO's MediaFACE II label making software directly
from the productname toolbar" |
| N |
SETI@home |
SETI@home.exe |
SETI@home is a scientific
experiment that uses Internet-connected computers in the Search for
Extraterrestrial Intelligence (SETI). You can participate by running a free
program that downloads and analyzes radio telescope data |
| N |
seticlient |
SETI@home.exe |
SETI@home is a scientific
experiment that uses Internet-connected computers in the Search for
Extraterrestrial Intelligence (SETI). You can participate by running a free
program that downloads and analyzes radio telescope data |
| N |
SetIcon |
SetIcon.exe |
Installed by a 6-in-1 (4 Media
Card slots, a floppy drive and a USB connection) device. Constantly updates
the icons for the four Media Card slots that it has and is a resource hog |
| N |
SetiQueue |
Setiqu~1.exe |
Provides work unit buffering
for Seti@Home clients - see here for more details |
| N |
SetiSpy |
SetiSpy.exe |
SETI Spy
is a little program to "spy" on the progress and performance of the
SETI@home client. Called a "spy" because it is unobtrusive as
possible |
| X |
SetPoint |
SetPoint.exe |
Added by the RBOT-BWI WORM! Note - this is not the valid
Logitech Setpoint mouse and keyboard entry that uses the same filename and is
located in the LogitechSetpoint sub-folder of Program Files. This file is
located in the System (9x/Me) or System32 (NT/2K/XP/Vista) folder |
| U |
SetPoint |
Setpoint.exe |
Logitech SetPoint Event Manager
for their range of mice and keyboards. Required if you want to use the
advanced features of these devices and is located in the LogitechSetpoint
sub-folder of Program Files |
| X |
SETPOINT Logitech Inc |
KHALMNP.exe |
Added
by the RBOT-AAX WORM! |
| ? |
SetRefresh |
SetRefresh.exe |
Found on a Compaq PC. Video refresh rate utility? Is it required? |
| X |
Setting |
sysweb.exe |
Added by the SDBOT.GEN TROJAN! |
| N |
setup |
hphprld.exe ....setup.exe |
HP DeskJet Setup - printers
function normally without it |
| X |
Setup experation |
svchost.exe |
Added by the TOFGER-AW TROJAN!
Note - this is not the legitimate svchost.exe process which is always located
in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is found in the Winnt or Windows folder |
| X |
setupa |
runt32.exe |
Added by the QQPASS-K TROJAN! |
| X |
setupdata |
rnll32.exe |
Added by the QQPASS-AC TROJAN! |
| N |
SetupICWDesktop |
icwconn1.exe |
Appears to be the "Internet
Connection Wizard" from Internet Explorer being set-up as a desktop
shortcut. Appears under the RunOnce registry key but is available under Start
-> Programs -> Accessories -> Communication (or similar) anyway |
| X |
setupuser |
regedit.exe setupuser.log |
Regfile
in disguise - another CoolWebSearch parasite variant |
| ? |
setuzp |
setuzp.exe |
?? |
| X |
SetVrc |
setvrc.exe |
Added by the HUNTOCX WORM! |
| X |
Sex Teris |
st01b.exe |
Added by the REPAD WORM! |
| X |
Sexnow |
Sexnow.exe |
Added
by the SENOW-B premium rate adult content dialler |
| X |
Sexy_Blondes |
Sexy_Blondes.exe |
Added by the Sexy DIALER!.
Related also to Hot Tarts DIALER! |
| X |
Sexy_sg |
Sexy_sg.exe |
Premium rate adult content
dialler |
| X |
sf |
sf.exe |
SurfEnhance adware
component |
| N |
SFIGUI |
SFIGUI.EXE |
Sonic
Focus - "enhances music, movie and game sound by analyzing compressed
audio streams in realtime, then restoring and enriching audio back to its
original performance qualities" |
| X |
sfita |
sfita.exe |
Added by the FAVADD-H TROJAN!
Also known as SurfEnhance adware |
| N |
SFP |
vzSFPWin.EXE |
Verizon Online Support Center -
prompts for online updates |
| U |
sfpc |
sfpc.exe |
Spy4PC
surveillance software. Uninstall this software unless you put it there
yourself |
| X |
SFtrb Service |
cftrb32.exe |
Added by the SOBIG.D WORM! |
| U |
SfWinStartInfo |
sfWinStartupInfo.exe |
SFIRM32 Online Banking software |
| U |
Sgecrypt |
Sgecrypt.exe |
SafeGuard Easy -
"provides total company-wide protection for sensitive information on
laptops and workstations. Boot protection, pre-boot user authentication and
hard disk encryption using powerful algorithms guarantee against unauthorized
access and hacker attacks" |
| U |
Sgeecview |
Ecview.exe |
SafeGuard Easy -
"provides total company-wide protection for sensitive information on
laptops and workstations. Boot protection, pre-boot user authentication and
hard disk encryption using powerful algorithms guarantee against unauthorized
access and hacker attacks" |
| U |
sginst |
sginst.exe |
eAcceleration Stop-Sign security software related. Previously
not recommended, see here |
| ? |
SGTBox |
SGTBox.exe |
Canon scanner driver. Is it required? |
| U |
sgtray |
sgtray.exe |
StorageGuard from Veritas. Free utility that integrates with
Backup MyPC (formerly Backup Exec Desktop), Simple Backup and MS Backup.
Provides system tray access and background monitoring - warning you of files
that haven't recently been backed up. Required unless you backup manually on
a regular basis or have scheduled backups |
| Y |
Shadow |
Shadow.exe |
"NTI Shadow 3 is
an award-winning easy-to-use backup application that automatically protects
your photo, music, video, and various data files. It makes data restoration
as easy as dragging and dropping files from one place to another" |
| U |
ShadowUser Pro Edition |
ShadowUser.exe |
"StorageCraft™
ShadowUser™ provides easy to use desktop security and protection for Windows
operating systems. ShadowUser is the best way to prevent unwanted changes to
PCs and laptops" |
| X |
shambl3r |
cnf.bat |
Added by the REMABL WORM! |
| X |
shambl3r* |
shambl3r.exe |
Added by the REMABL WORM! where * is 2 to 11 |
| X |
Shania |
Shania.vbs |
Added by the SHANIA VIRUS! - NOTE: this malware actually
changes the default value data of the Registry "Run" key in order
to force Windows to launch it at boot. Name field may be empty |
| U |
Shareaza |
bindata.exe |
Shareaza P2P client related |
| N |
Shareaza |
Shareaza.exe |
Shareaza P2P client |
| X |
sharedprem |
sharedprem.exe |
Added by the MAKECALL TROJAN! |
| N |
Share-to-Web Namespace Daemon |
hpgs2wnd.exe |
HP's exclusive Share-to-Web software makes it easy to share
content with others through our affiliate Internet websites. In other words
an application that allows users to upload scanned images to their personal
webpages if desired. Available via Start -> Programs |
| Y |
Sharing and Mapping Software |
DShmap.exe |
Intel
AnyPoint internet sharing software. Now discontinued |
| N |
SharkEject |
AEJCT32.exe |
Allows you to eject a disk from
the Avatar Shark drive from the system tray. When loaded, there is a desktop
icon so this isn't required |
| U |
SharpTray |
SharpTray.exe |
Part of Sharpdesk from Sharp Electronics. "A
desktop-based, personal document management application that lets users
browse, edit, search, compose, process, and forward both scanned and native
electronic documents" |
| N |
Shcenter |
chcenter.exe |
IMSI
HiJaak - "the easiest way to convert, capture, and manage all your
graphic files" |
| X |
SheduIer |
shch.exe |
Added by the EB TROJAN! |
| X |
SheduIer |
svchst.exe |
Premium rate adult content
dialler |
| X |
SheduIer |
winagent.exe |
Added by the EB TROJAN! |
| X |
Shedule Connection |
arpo412.exe |
Added by the PPDOOR-R WORM! |
| X |
Sheduler |
nerocheck.exe |
Added by the TACTSLAY.B TROJAN! |
| X |
shell |
explorer.exe |
Added by the KAKKEYS TROJAN! Note - the legitimate Windows
Explorer (explorer.exe) is located in the Windows or Winnt folder and would
not normally appear in Msconfig/Startup unless you added it manually! This
one is located in the System32 subfolder |
| X |
Shell |
Explorer.exe [path] svchost.exe |
Added by the DOYORG TROJAN! Note
- this is not the legitimate svchost.exe process which is always located in
the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is found in the Winnt or Windows folder |
| X |
Shell |
Explorer.exe sound_drive16.exe |
Added by the GP TROJAN! Note - the legitimate Windows
Explorer (explorer.exe) is located in the Windows or Winnt folder and would
not normally appear in Msconfig/Startup unless you added it manually! This
one is located in the System subfolder |
| X |
Shell |
Explorer.exe winupdate.exe |
Added by the AGENT-FD TROJAN! |
| X |
Shell |
Explorer.exe, msmsgs.exe |
Added by the ZLOB TROJAN! Note - the legitimate Windows
Explorer (explorer.exe) is located in the Windows or Winnt folder and would
not normally appear in Msconfig/Startup unless you added it manually! This
one is located in the System (9x/Me) or System32 (NT/2K/XP) folder |
| X |
Shell |
ibm[RANDOM 5 DIGIT NUMBER].exe |
Added by the ANSERIN TROJAN! |
| X |
Shell |
ibm0000*.exe [* = digit] |
Added by the TORPIG-C and
TORPIG-J TROJANS! Filenames spotted include ibm00001.exe, ibm00002.exe,
ibm00005.exe and so on |
| X |
Shell |
ibm00001.dll |
Added by the TORPIG-Q TROJAN! |
| X |
Shell |
iexplore.exe |
Added by the KIPIS-U TROJAN!
Note - this is not the legitimate Internet Explorer iexplore.exe process
which is always located in the Program FilesInternet Explorer folder and
should not normally figure in Msconfig/Startup! This file is located in a "Microsoft"
subfolder |
| X |
Shell |
Open32.exe |
Added by the SMALL-DL TROJAN! |
| X |
Shell |
ray.exe |
Homepage hijacker re-directing
browsers to adult content websites |
| X |
Shell |
Shell32.exe |
Added by
the BADSECTOR TROJAN! |
| X |
Shell |
svchost.exe |
Added by the GOLDSPY-B TROJAN!
Note - this is not the legitimate svchost.exe process which is always located
in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is located in the Winnt or Windows
folder |
| X |
Shell |
taskmrg.exe |
Added by the BANCBAN-FT TROJAN! |
| X |
Shell |
Tray.exe |
Homepage hijacker re-directing
browsers to adult content websites |
| X |
Shell |
wmedia16.exe |
Added by the GOLDUN TROJAN! |
| X |
Shell API32 |
svcnet.exe |
Added by the TIBICK.C WORM! |
| X |
Shell Extension |
spollsv.exe |
Added by a variant of the LOVGATE WORM! |
| X |
Shell Tray Window |
ShellTraywnd.exe |
Added by the STULTDOR-A TROJAN! |
| X |
shell update |
shellexec.exe |
Added by the AGOBOT-TH WORM! |
| X |
Shell32 |
iexplore.exe |
Added by the IRCBOT-AY TROJAN!
Note - this is not the legitimate Internet Explorer (iexplore.exe) process,
which is always located in the Program FilesInternet Explorer folder and
should not normally figure in Msconfig/Startup unless you add it manually!
This file is located in the System (9x/Me) or System32 (NT/2K/XP) folder |
| X |
shell32 |
ntldrt.exe |
Added
by the JLOK-A WORM! |
| X |
Shell32 |
Shell32.vbs |
Added by the SCAFENE WORM! |
| X |
ShellApi |
SHELLMSN.EXE |
Added by the NETDEV.B TROJAN! |
| X |
Shellapi32 |
mcvsrte.exe |
Added by an unidentified WORM!
Note - do not confuse with the McAfee SecurityCenter file of the same name |
| X |
Shellapi32 |
Shellapi32.exe |
Added by the NETDEVIL (or NERTE)
TROJAN! |
| X |
ShellCommand |
[path to file] |
Added by the REMCON-A TROJAN! |
| X |
Shelldaemon |
Shelldaemon.exe |
Added by a variant of the
AGENT.ALN TROJAN! |
| X |
ShellEx |
ShellEx.exe |
Added by the ANAKHA TROJAN! |
| X |
ShellN |
isca.exe |
Added by the IBILL.Z TROJAN! |
| X |
ShellOS |
A+++.exe |
Added by the AV TROJAN! |
| X |
ShellRun |
lexplore_.exe |
Added by the MSNOPT-A TROJAN! |
| X |
ShellRun32 |
iexplore.exe |
Added by the IRCBOT-AY TROJAN!
Note - this is not the legitimate Internet Explorer (iexplore.exe) process,
which is always located in the Program FilesInternet Explorer folder and
should not normally figure in Msconfig/Startup unless you add it manually!
This file is located in the System (9x/Me) or System32 (NT/2K/XP) folder |
| X |
Shellspl |
lsas.exe |
Added
by the YALER-A TROJAN! |
| X |
Shellspl |
spools.exe |
Added by the PROXAGE-A TROJAN! |
| X |
shellsystem |
shellsystem.exe |
Added by the UPCHAN TROJAN! |
| X |
shhost |
shhost.exe |
Added by the AGENT.CE TROJAN! |
| N |
shicoxp |
shicoxp.exe |
Installed with the drivers for
multi card readers of various brands. To differentiate between the various
card slots on multi slot readers the shicoxp.exe file assigns and loads
unique drive icons for the various card slots that are displayed in Windows Explorer |
| X |
Shine |
Shine.exe |
Added by the HAPPYLOW (or
NISHE-A) VIRUS! |
| ? |
SHINITV |
shinitv.exe |
?? |
| X |
Shmgrate.exe |
ibot4.exe |
Added by the GASTER TROJAN! |
| N |
ShockmachineReminder |
SmReminder.exe |
"Shockmachine is a stand-alone application that lets
users collect Macromedia Shockwave and Flash titles and play them
offline". Could be a registration reminder for the trial version |
| X |
Shockwave |
csrss.exe |
Added by the SNDOG WORM! Note -
this is not the legitimate csrss.exe process which is always located in the
System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure
in Msconfig/Startup! This file is located in the Winnt or Windows folder |
| N |
Shockwave Init |
SWINIT.EXE |
Part of Macromedia Shockwave.
Controls the Shockwave Remote Control Panel. The Remote Control can be
activated manually from the Start Menu by locating and selecting Shockwave
and then Shockwave Remote under Programs |
| X |
Shockwave Support |
FlashPlayer.exe |
Added by the DELF-DRA WORM! |
| N |
ShortKeys 99 |
SHORTKEY.EXE |
ShortKeys from Insight
Software Solutions - allows you to program keys with text strings |
| Y |
sHotKey |
sHotKey.exe |
Special function key manager for Chicony keyboards - see here |
| X |
Showbehind |
SHOWBEHIND.EXE |
Advertisement
display which can be stopped here |
| X |
ShowFF |
ShowFF.exe |
Added by the Adware.FFToolBar adware toolbar |
| ? |
ShowIcon_Justrams_USB Product
Driver v2.12r012 |
shwicon.exe |
Related to Just Rams USB
product driver. Is it required? |
| U |
ShowIcon_PNY_PNY Attaché |
shwicon.exe |
PNY Attaché USB flash memory stick System Tray icon - shows
when the device is plugged in |
| ? |
ShowIcon_SmartDisk
Corporation_USB Card Reader v1.14e051 |
shwicon.exe |
Card reader for memory cards
from digital cameras. Is it required? |
| U |
ShowLOMControl |
[strange symbol] |
Note that there is a strange
symbol in the command field. HKLMSoftwareMicrosoftWindowsCurrent
VersionRunShowLOMControl Reg_DWORD 0x00000001 (1) LOM = LAN on Motherboard.It
mean Show "LAN on Motherboard" Control.On systems where you can
install an external LAN interface, it will warn you that you already have a
built-in LAN interface. Appears to be a feature on certain Dell systems |
| X |
Showme |
Ruden.vbs |
Added by the HANDLE-A VIRUS! |
| U |
ShowWnd |
ShowWnd.exe |
Found
on Gateway computers (and maybe others) - see here. "Showwnd is included
with the Chicony keyboard software and is used by the software to stop the
keyboard driver's taskbar entry from reappearing. It is not necessary to
remove the keyboard software, however if you wish it can be removed through
Add or Remove Programs" |
| U |
SHPC32 |
SHPC32.exe |
Port monitor for Lexmark
printers on a USB connection. Ties in with the Printer Control Program.
Features like cancelling a print are unavailable if disabled |
| Y |
ShStatEXE |
SHSTAT.EXE |
From McAfee VirusScan NT 4.x.
Handles program communication among VShield components, displays VShield
icon. Can be started automatically or available via Start -> Programs |
| U |
Shutdownaware |
shutdownaware.exe |
Loaded
by the SWEEX 6-in-1 Media Card Reader to properly manage the reader while it
is connected to your system |
| U |
ShutDownPro |
ShutDownPro.exe |
ShutDownPro
- shutdown, reboot, logoff your System with one mouse click |
| N |
Si Meter |
SIMETER.EXE |
Si Meter - keep track of things like CPU activity, network
activity and speed, hard-drive activity, hard-drive space, system memory,
running processes, or just date and time |
| X |
si91e44b |
rundll32.exe [path]
si91e44b.dll, EnableRunDLL32 |
LZIO.com
adware downloader |
| U |
SIA2006 |
SIA2006.exe |
Part of
Steganos Internet Anonym privacy software |
| U |
SIAPRO6 |
sia.exe |
Steganos Internet Anonym privacy software |
| X |
Sicom |
Sicom.exe |
Added by the NETLIP WORM! |
| U |
SideACT |
SideACT.exe |
SideACT
organizer software |
| N |
SIDEBAR |
dsidebar.exe |
"Desktop Sidebar
provides you with instant access to the information you most desire by
grabbing data from your PC and the internet. The result is a dynamic visual
display you configure and control" |
| U |
Sidebar |
Sidebar.exe |
If you are running Windows Vista it is a part of the
operating system. But on other versions of Windows it can be a part of
Searchcentrix hijacker |
| U |
Sidebar |
sidebar.exe |
Windows Sidebar is a pane on the
side of the Microsoft Windows Vista desktop where you can keep your gadgets
organized and always available |
| N |
SideWinderTrayV4 |
SWTrayV4.exe |
MS SideWinder game controller
system tray icon. This is specific to version 4 of the software. Available
via Start -> Programs |
| N |
SigmaTel Audio |
setup.exe |
Sigmatel audio driver |
| N |
SigmatelSysTrayApp |
stsystra.exe |
System tray program for the
Sigmatel Audio sound card. Often found on Dell computers |
| N |
SigmatelSysTrayApp |
sttray.exe |
System tray program for the
Sigmatel Audio sound card. Often found on Dell computers |
| ? |
SigX |
sigx.exe |
?? |
| X |
SigXC |
SigX.exe |
SigX is a "dynamic signature image generated based on
whatever data your computer sends it though our SigX program. It can display
your current Mp3, current OS, Free Ram, your current time and more" |
| N |
Simcast |
SimcastAlerts.exe |
Simcast is a free
service that allows you to subscribe to information on a large variety of
topics. Alerts will appear on your desktop when a channel that you have
subscribed to has something to say |
| U |
SimpLite-MSN |
SimpLite-MSN.exe |
Required if you use the SimpLite
add-on to MSN Messenger (SimpLite adds encryption to the instant messaging
service) |
| X |
Singapore |
singapore.exe |
Adds a blue crescent to the taskbar and when double-clicked
displays an adult-content web-site. Also known to drop your internet
connection and dial an international telephone number. See here for more
information. Must be disabled in MSCONFIG before un-installing or it
re-instates itself |
| U |
SIPPS |
SIPPSSIPPS.exe |
Web.de Internet phone utility |
| X |
SiS Dns |
dnssvc.exe |
Added by the DLOADER-UE TROJAN! |
| N |
SiS KHooker |
khooker.exe |
SiS Keyboard Daemon. System Tray
utility which gets installed by the drivers of the latter day SiS VGA cards.
Can cause errors at startup and isn't required |
| X |
SiS Mpc Service |
mpcsvc.exe |
Added by an unidentified WORM or
TROJAN! |
| X |
SiS Mpc Service |
mpcsvc.exe |
Added by the CIAFOOR-CJ TROJAN! |
| U |
SiS Tray |
sistray.exe |
System Tray icon for SiS based
graphics. Note - this resides in C:WindowsSystem |
| U |
SiS Windows KeyHook |
keyhook.exe |
SIS graphics cards related:
"Super VGA Keyboard Daemon" - hooks into the keyboard processing
chain in order to enable hotkey settings |
| Y |
SiS7012Utility |
SiSAudUt.exe |
SiS Corporation sound card
driver |
| ? |
SISAM10M |
SISAM10M.exe |
?? |
| N |
SiSAudio |
MP_S3.exe |
WinME patch for an older SiS 961
chipset FERR bug. Enable if you have audio problems |
| U |
siscolor |
color.exe |
Probably on-board graphics
related based upon the SiS chipsets. Has been seen on ASUS motherboards with
SiS chipsets and known to cause conflicts if you choose another graphics card
and disable the on-board |
| U |
siService.exe |
siService.exe |
Spam Inspector - anti
email spam software |
| ? |
SiSPower |
Rundll32.exe SiSPower.dll,
ModeAgent |
Responsible for power management
for SIS chipsets - is it required? |
| U |
SiSRaid |
SRaid.exe |
Related to the SIS Raid system from Silicon Integrated
Systems |
| ? |
SiSSetCDfmt |
SiSSetCDfmt.exe |
Related to a Silicon Integrated
Systems Corp (SiS) product? |
| ? |
SISSoundman |
Soundman.exe |
Related to a Silicon Integrated
Systems Corp (SiS) product? |
| U |
SiSSWLED |
sisswled.exe |
System Tray utility for SiS 900
network cards |
| X |
sistrai.exe |
sistrai.exe |
Added by the PROVA TROJAN! |
| X |
sistray |
sistray.exe |
Added by the PROVA TROJAN! |
| U |
sistray |
sistray.exe |
System Tray icon for SiS based
graphics. Note - this resides in C:WindowsSystem |
| X |
Sistray32 |
remotehost.pif |
Added by the HOLCAS.A WORM! |
| X |
Sistray32 |
virus.exe |
Added by the TOMETA-C TROJAN! |
| X |
Sistray32 |
win.bat |
Added by the JUMPRED.A WORM! |
| X |
sistry |
sistry.exe |
Added by the CEBE WORM! |
| N |
SiSUSBRG |
SiSUSBrg.exe |
SiS USB Registry Patch File -
fixes the undetectable problem with SiS USB controller on Windows XP |
| U |
SiteAdvisor |
SiteAdv.exe |
SiteAdvisor from McAfee
warns you before you interact with a dangerous Web site |
| X |
sixtysix |
sixtypopsix.exe |
Medload adware |
| U |
SK51 |
SK51.EXE |
SaveKeys keystroke logger/monitoring program - remove unless you
installed it yourself! |
| U |
SK60 |
SK60.EXE |
SaveKeys keystroke logger/monitoring program - remove unless you
installed it yourself! |
| U |
SK9910DM |
SK9910DM.EXE |
Multi-function keyboard driver.
Allows the use of programmable keys on mulimedia keyboards. Required if you
use the additional keys |
| U |
SKDAEMON |
SKDAEMON.EXE |
Multi-function keyboard driver.
Allows the use of programmable keys on mulimedia keyboards. Required if you
use the additional keys |
| U |
skinkers |
skinkers.exe |
Selection of
desktop messaging/marketing tools with celebrity tie-ins including MTV's
"Desktop Ozzy" and Arsenal's "Desktop Wenger" - see here.
Leave enabled if you want to receive messages |
| X |
sks-32 |
SKS32P~1.EXE |
SpyKeySpy logs keystrokes and sends the stolen information to
a configurable email address |
| X |
Skunk |
Skunk.exe |
Added
by the SUNK-A WORM! Note - this file is found in the root folder (C:), (D:),
etc |
| Y |
SkyBlaster Scheduler |
SSFSch.exe |
For Gilat Communications
internet satellite systems - associated with SkyBlaster modem. Required if
you have this system |
| X |
skynetave.exe |
skynetave.exe |
Added by the SASSER.D WORM! |
| X |
SkynetRevenge |
winlogon.scr |
Added by the NETSKY.AA WORM! |
| N |
Skype |
Skype.exe |
"Skype is free and simple software that will enable you
to make free calls anywhere in the world in minutes" |
| N |
SkypeMate |
SkypeMate.exe |
SkypeMate acts as
a bridge between networks of VoIP and PSTN |
| X |
SkypeStartup |
Skype.exe |
Added
by the PYKSE-A WORM! |
| Y |
SkySurfer Management Service |
SmaServ.exe |
For Gilat Communications
internet satellite systems - associated with SkyBlaster modem. Required if
you have this system |
| U |
SkyTel |
SkyTel.exe |
Process associated with
Realtek Voice Manager for some of their audio chipsets |
| X |
sl4 rules |
rbot32.exe |
Added
by the SDBOT-QC WORM! |
| X |
slack12 |
mfcee.exe |
Added by a
variant of the SDBOT WORM! |
| X |
Slayhacker734 |
slay7383.exe |
Added by the SIKBOT-A TROJAN! |
| N |
SleepManager |
SleepMgr.exe |
This program locates free
contiguous disk spaces and allocates them for storing BASE MEMORY, EXTENDED
MEMORY, VIDEO MEMORY, and SM RAM. It helps the computer come out of hibernate
mode |
| U |
Slibe.com |
Sliber.EXE |
Sliber - freeware screen capturing & online sharing tool |
| U |
SlickRun |
sr.exe |
"SlickRun is a
floating command line utility for Windows. It gives you almost instant access
to any program or website. SlickRun allows you to create command aliases
(known as MagicWords), so C:Program FilesOutlook Expressmsimn.exe becomes
MAIL" |
| X |
slide |
Iexplore.exe |
Added by the GASLIDE TROJAN!
Note - this is not the legitimate Internet Explorer (iexplore.exe) process,
which should not appear in Msconfig/Startup unless you add it manually! |
| N |
slimp3 |
SliMP3 Server.exe |
Slimp3
Server - "presents an entirely new way of accessing and enjoying your
music collection. Instead of storing your music on CDs or memory cards, the
SliMP3 uses your home network to access the music stored on your PC" |
| N |
Slingshot |
SLINGS~1.EXE |
Atomica
Slingshot - "reference tool with access to dictionary and encyclopedia
terms, bios, technical terms, history, geography, and much more". Now
superseed by 1-Click Answers |
| Y |
slipcore |
slipcore.exe |
Core module for Slipstream - internet acceleration through
compression/decompression techniques, intelligent cacheing on the server
side, and real-time conversion of large/high-bandwidth images to less bulky
pix. Used by popular ISPs such as IceNet, Wanadoo, Terra, OnSpeed, United
Online and AOL Canada. Required if the user's account is locked in to that
proxy server |
| Y |
slipgui |
slipgui.exe |
User interface for Slipstream - internet acceleration through
compression/decompression techniques, intelligent cacheing on the server
side, and real-time conversion of large/high-bandwidth images to less bulky
pix. Used by popular ISPs such as IceNet, Wanadoo, Terra, OnSpeed, United
Online and AOL Canada. Required if the user's account is locked in to that
proxy server |
| Y |
SlipStream |
slipcore.exe |
Core module for Slipstream - internet acceleration through
compression/decompression techniques, intelligent cacheing on the server
side, and real-time conversion of large/high-bandwidth images to less bulky
pix. Used by popular ISPs such as IceNet, Wanadoo, Terra, OnSpeed, United
Online and AOL Canada. Required if the user's account is locked in to that
proxy server |
| X |
slmss |
slmss.exe |
SeekSeek search hijacker related - see here |
| X |
sload |
sload.exe |
Win SynchroAd adware, also detected as DLOADER-QG TROJAN! |
| X |
slvchost32 |
slvchost32.exe |
Added by an unidentified VIRUS,
WORM or TROJAN! |
| X |
sm |
sa_exe.exe |
Added by the OLFEB.A TROJAN! |
| X |
sm |
sf_exe.exe |
Added by the OLFEB.A TROJAN! |
| X |
sm |
sm_exe.exe |
Added by the OLFEB.A TROJAN! |
| X |
sm |
sr_exe.exe |
Added by the LUKUSPAM TROJAN! |
| N |
SM1BG |
SM1BG.EXE |
USB driver for downloading from
within Napster to portable MP3 players. Only required at startup if you use
it all the time - otherwise start it manually when required |
| N |
SM1NINT |
SM1NINT.exe |
Cypress USB Mass Storage Driver
Notification Icon Application - tray notification for Cypress base memory
sticks and external storage devices for Win98 |
| N |
SM56 Helper Win32 Utility |
sm56hlpr.exe |
Helper utility for Motorola
based SM56 software modems - resides in the System Tray |
| N |
Sm56acl |
sm56hlpr.exe |
Helper utility for Motorola
based SM56 software modems - resides in the System Tray |
| X |
sman |
app***.tmp [* = digit] |
Unidentified adware |
| N |
Smapp |
smtray.exe |
System Tray access for the
Compaq/ADI SoundMAX integrated digital audio controller |
| N |
Smart Card Service |
ScardSvr.exe |
For Smart
Card readers. Known to cause problems, especially for Windows 2000 users -
see here. Probably not required unless you use such a device regularly |
| U |
Smart Connect Monitor |
SCMon.exe |
Appears on a Sony Vaio. Smart
Connect Version 2.1 enables data transfer between Vaios via i.LINK cable.
Smart Connect supports File and Printer Sharing for MS networks. You can copy
files from your Vaio to another Vaio or print using a printer connected to a
remote Vaio |
| U |
Smart Connect Setup |
SCSetup.exe |
Appears on a Sony Vaio. Smart
Connect Version 2.1 enables data transfer between Vaios via i.LINK cable.
Smart Connect supports File and Printer Sharing for MS networks. You can copy
files from your Vaio to another Vaio or print using a printer connected to a
remote Vaio |
| U |
Smart Keyboard |
Smartkbd.exe |
Netropa Smart Keyboard driver |
| N |
Smart Label O Server |
ssloserv.exe |
Part of the printer software for
the smart-label printer made by Seiko. Can be disabled safely |
| N |
Smart Label RFViewer |
SSLFVIEW.EXE |
Part of the printer software for
the smart-label printer made by Seiko. Can be disabled safely |
| N |
Smart Start UP |
PnPDetect.exe |
Part of Presto! Mr.Photo -
"an ideal program for creating, sharing, and manag-ing digital images
and videos" |
| U |
Smart Touch |
STouch.exe |
Related
to Plustek OpticSlim scanner |
| N |
Smart Type Assistant |
sta.exe |
Smart Type
Assistant - a complex typing automation tool, intended to make your work
faster and safer |
| U |
Smartalec |
pcaccel.exe |
Smartalec
PC Accelerator - system optimization utility |
| N |
SmartBarXP |
SmartBarXP.exe |
SmartBarXP is a bar that runs down the side of your screen,
and can be configured to display interactive panels known as 'panes'. These
panes include media players, slideshow and image viewing panes, a virtual
desktop manager, and live news, weather and stock feeds to mention but a few |
| N |
sMaRTcaPs |
SMARTC~1.EXE |
sMaRTcaPs
from Phoebus LLC - enables you to configure the time needed to depress Caps
Lock, Num Lock & Insert keys |
| U |
Smarthruengine |
QS.exe |
Samsung smarthru software, used
with Lexmark Z82 or Samsung multifunction printers |
| U |
SmartPCXL |
pcaccel.exe |
Smartalec
PC Accelerator - system optimization utility |
| U |
SmartSync Pro |
SmartSync.exe |
Related to CompanionLink
Software Inc. Synchronization solutions for ACT!, GoldMine, Lotus Notes and
Microsoft Outlook |
| N |
SMax4 |
SMax4.exe |
System Tray icon for SoundMax
integrated sound. Sound properties can be accessed through the Start Menu or
Control Panel |
| U |
SMax4PNP |
SMax4PNP.exe |
SoundMax integrated sound.
Required if you have custom settings for your sound, such as effects and
environments |
| ? |
smbdpmi |
smbdpmi.exe |
IBM Netfinity Director and
Universal Management Services related. What does it do
and is it required? |
| Y |
smc |
smc.exe |
Sygate Firewall |
| Y |
smc |
spfsmc.exe |
Sygate Firewall |
| Y |
SMC Service |
smc.exe |
Sygate Firewall |
| Y |
SMC Service |
spfsmc.exe |
Sygate Firewall |
| X |
smcserv |
winsrv.exe |
Added by the AGOBOT-OU WORM! |
| Y |
SmcService |
smc.exe |
Sygate Firewall |
| Y |
SmcServices |
smc.exe |
Sygate Firewall |
| Y |
SmcServices |
spfsmc.exe |
Sygate Firewall |
| ? |
Smcsta.exe |
Smcsta.exe |
SMC Networks wireless PCI card
driver. Is it required? |
| X |
SmcSVR |
SmcSVR.exe |
Added by the LEGMIR.JU TROJAN! |
| X |
Smiley District |
plugin.exe |
Smiley
District adware |
| N |
Smith Micro try |
smiptray.exe |
Smith Micro shared files. Comes
with D-Link web cam |
| U |
smodul |
smodule.exe |
UserMonitor
from Neuber. Teachers can broadcast screen to other screens, see students
screens in a network and detect unauthorized software |
| X |
SmoothView |
SmoothView.exe |
TOSHIBA Zooming Utility - allows
"automatic" zoom feature in some appications, like IE, MS-Office,
WMPlayer, Adobe Reader and also desktop icons |
| U |
SMPAutoStart |
smpdemo.exe |
Smart Phone
Recorder demo from KenGolf.com. Answering Machine, Caller ID, Call Recording |
| X |
smres |
smres.exe |
Added by the AGOBOT-UA WORM! |
| U |
SMS Application Launcher |
LAUNCH32.EXE |
Microsoft
Systems Management Server - used to manage computers on a network remotely |
| U |
SMS Client Service |
clisvc95.exe |
When the SMS Client service
starts on a domain controller, the Client service modifies the SMSCliToknAcct
& user account group membership, user rights, and account comment. The
Client service then waits for the synchronization of the comment to verify
that the account and user rights are properly set for this account. This
account is used to obtain a token to start the SMS Client processes, such as
the Software Inventory and Software Distribution agents (MS Systems
Management Server) |
| X |
Sms System32 |
SmsSystem32.exe |
Unidentified malware |
| U |
SMS Win9x Message Agent |
?? |
This program assigns a user to a
Systems Management Server site |
| U |
SMS Win9x Message Agent |
SMSMsg.exe |
This program assigns a user to a
Systems Management Server site |
| X |
sms_msn |
sms_msn.exe |
Added by an unknown WORM or
TROJAN! |
| X |
sms_msn40 |
sms_msn40.exe |
Added by an unknown WORM or
TROJAN infection |
| N |
Smserial |
sm56hlpr.exe |
Helper utility for Motorola
based SM56 software modems - resides in the System Tray |
| N |
SMSI Loader |
SMLoader.exe |
Smith Micro HotFax - fax software |
| X |
smsm |
smsm.exe |
Added by the BANKER-CO TROJAN! |
| X |
smsrv |
smsrv.exe |
Added by the AGOBOT-SX WORM! |
| X |
smss |
[path to smss.exe] |
Added by the ALADINZ.F TROJAN!
Note - this is not the legitimate smss.exe process which should NOT appear in
Msconfig/Startup! |
| X |
SMSS |
smss.exe |
Added by the FLOOD.F TROJAN!
Note - this is not the legitimate smss.exe process which is always located in
the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is located in a "Catroot" subfolder |
| X |
smss |
smss.exe |
Added by the AGENT-TR TROJAN!
Note - this is not the legitimate smss.exe process which is always located in
the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is located in the Winnt or Windows folder |
| X |
smss |
smss.exe |
Added by the BOROBOT-J TROJAN
and variants! Note - this is not the legitimate smss.exe process which should
not normally figure in Msconfig/Startup! |
| X |
Smss |
ssms.exe |
Added by the RBOT.OP WORM! |
| X |
smss.exe |
csrss.exe |
Added by the DALBUG WORM! Note -
this is not the legitimate csrss.exe process which is always located in the
System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure
in Msconfig/Startup! This file is located in the Winnt or Windows folder |
| X |
smssLevel4 |
smss.exe |
Unidentified malware! Note - this is not the legitimate
smss.exe process which is always located in the System (9x/Me) or System32
(NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This
file is located in Program FilesWindows Media PlayerSkinsWindowsMediaSkinDataLevel4
folder |
| X |
SMSSS |
smsss.exe |
Added by the SDBOT.ZD WORM! |
| X |
SMSSS Loader |
smsss.exe |
Added by the AGOBOT.MQ WORM! |
| X |
SMSSU |
SMSSU.EXE |
Hijacker, detected by Norton antivirus as Trojan.StartPage.O |
| X |
smsys |
Explorer.exe |
Added by the CLICKER-C TROJAN! Note - the legitimate Windows
Explorer (explorer.exe) is located in the Windows or Winnt folder and would
not normally appear in Msconfig/Startup unless you added it manually! This
one is located in a "Template" subfolder |
| X |
smsys |
vi.exe |
Adult content dialler |
| U |
SMSystemAnalyzer |
SMSystemAnalyzer.exe |
Part of the Iolo
System Mechanic optimization tool |
| U |
Smt |
SMT.exe |
Win-Spy keyboard logger/monitoring software - remove unless
you installed it yourself |
| N |
SMToolbar |
SMToolbar.exe |
StartMake.com toolbar |
| X |
SMTP32 Mailing Protocol |
smtp32.exe |
Added by a variant of the RBOT WORM! |
| ? |
SmWizard |
SmWizard.exe |
SmartWizard MFC Application -
associated with C-Media who produce audio chipsets commonly used for on-board
sound on motherboards. What does it do and is it
required? |
| X |
SN Messenger |
msnmsgr.exe |
Added by the RBOT-AVP WORM! |
| X |
snapple |
snapple.exe |
Added by the FORBOT-EG WORM! |
| ? |
snbr |
snbr.exe |
?? |
| X |
snbupt |
snbupt.exe |
UpSpiralBar adware |
| X |
sncntr |
sncntr.exe |
Added by the DLUCA-I TROJAN! |
| ? |
SNCT511 |
vsnct511.exe |
Unidentified "Snapshot
Viewer"- what does it do and is it required? |
| X |
snd332 |
snd332.exe |
Added by the B1LD0
AIM WORM! |
| X |
Sndcompat |
Sndcompat.exe |
Added by the GEMA TROJAN! |
| U |
sndmi13 |
vsndmi13.exe |
Driver for DualCam cameras - that combine the best features
of a digital still camera and a webcam |
| U |
SNDMon |
SNDMon.exe |
Part of Symantec's LiveUpate
(eg, Norton). Not required if you run manual updates but probably require if
you leave them to run automatically. Also, if one runs a small office network
and SNDMon is disabled on one of the computers – then other computers disappear
from the network for this computer, including shared devices like printers
and scanners. Hence the "U" recommendation |
| X |
Sndsaver |
Sndsaver.exe |
Added by the GEMA TROJAN! |
| ? |
sndsrvc |
SNDSRVC.EXE |
Part of Norton Personal Firewall
and Norton Internet Security - what does it do and is it
required? |
| X |
SNInstall |
[various filenames] |
Spy Sheriff/SpywareNO malware, also detected as the SPYHOAX-A
TROJAN, pretends to be a spyware remover! - file names spotted sofar include
VXH8JKDQ2.EXE, NS6281400.so, CVXH8JKDQ2.EXE, down3.exe, sefe.exe,
winstall.exe, and tool2.exe |
| U |
Snippet |
SnippingTool.exe |
The Snipping Tool (part of the Experience Pack for Tablet PC)
allows you to easily "cut out" anything on screen and share it with
other people. The whole screen becomes an "inkable" surface that
you can add comments to and mark up however you like. You can then save that
annotated image to use later, or send it to someone else in an E-mail message |
| U |
SNM |
SNM.exe |
SpyNoMore anti-spyware |
| U |
SnoopFreeUI |
SnoopFreeUI.exe |
Anti-keylogging software
made by SnoopFree Software |
| X |
SNP Generic Host Process |
svchost.exe |
Added by the ZAPCHAS-O TROJAN!
Note - this is not the legitimate svchost.exe process which should NOT appear
in Msconfig/Startup! |
| N |
snp2std |
vsnp2std.exe |
Digital camera related |
| ? |
snpstd |
vsnpstd.exe |
Sonix PC Camera Monitor MFC
Application. What does it do and is it required? |
| ? |
SNPSTD2 |
vsnpstd2.exe |
CameraMonitor MFC Application.
Appears to be related to a USB connection to a digital camera -is it required? |
| Y |
snpstd3 |
vsnpstd3.exe |
Sonix Inc. Camera Monitor MFC Application |
| N |
Snsicon |
Snsicon.exe |
Launches a screensaver program
from Second Nature |
| X |
SNSS.EXE |
SNSS.EXE |
Added by the Nunci premium rate dialer |
| X |
snvc |
snvc.exe |
Added by an unidentified WORM or
TROJAN! |
| ? |
SO5 Integrator Pass One |
sointgr.exe |
StarOffice
5. See here for more details |
| ? |
SO5 Integrator Pass Two |
sointgr.exe |
StarOffice
5. See here for more details |
| X |
Soar |
Rwon.exe |
PurityScan/Clickspring adware |
| X |
Social Security Agency |
rpcxsocsa.exe |
Added by a variant of the RBOT WORM! |
| X |
Sock32 |
sock32.exe |
Added by the SDBOT TROJAN! |
| X |
Socket Utility |
socket.exe |
Added by the DAEMONI-E TROJAN! |
| X |
Socket Utility |
svchostz.exe |
Added by the DAEMONI-E TROJAN! |
| X |
Socket Utility |
svchostz.exe |
Added by the DAEMONI-E TROJAN! |
| Y |
SoDA Startup |
SodaStartup.exe |
Used by the IBM Rational SoDA project management tool. Unsure
of it's actual purpose but it's recommended you leave it enabled if you use
the software |
| N |
soffice |
SOFFICE.EXE |
Displays StarOffice quick start
applet in System tray. Right clicking on the icon allows rapid starting up of
components of the StarOffice 6.0 suite. Available via Start -> Programs.
Automatically started when any StarOffice 6.0 component is started from the
Start -> Programs. A resource hog (it eats > 16 MB of memory). |
| X |
Soft Profile Inc |
hxdef.exe... |
Added by a variant of the LOVGATE WORM! |
| X |
softIce Update 32 |
wininits.exe |
Added by the RBOT-ANB WORM! |
| U |
SoftickPPP |
PPPGate.exe |
Softick PPP is a Microsoft
Windows driver that allows to establish PPP session between Palm powered
devices and Microsoft Windows desktop computer |
| Y |
SOFTinst |
N/A |
For Gilat Communications
internet satellite systems. Gilat rescue (Satellite system restore). Required
if you have this system. Can cause a BSOD (blue screen of death) if left out |
| U |
SoftStuff Wallpaper Changer |
softstrt.exe |
AzureBay wallpaper changer |
| X |
Software |
software.exe |
Added by the CRABTON-B TROJAN! |
| U |
SoftwareStation |
station.exe |
eAcceleration Stop-Sign security software related. Previously
not recommended, see here |
| Y |
Solo Sentry |
Solosent.exe |
Solo Antivirus |
| U |
SoloSchedule |
Solocfg.exe |
Scheduler for Solo Antivirus.
Leave enabled unless you scan manually on a regular basis |
| U |
SoloSysCheck |
Syscheck.exe |
Solo antivirus System
Integrity Check - Monitors system registry, system.ini, win.ini and startup
to protect you from new Internet Worms and Backdoors |
| X |
somatic |
somatic.exe |
Searchcentrix hijacker |
| N |
Sonic A3D Control |
vrtxctrl.exe |
Sound related options |
| X |
Sonic RecordNow! |
smsc.exe |
Added by a
variant of the SDBOT WORM! |
| N |
SoniqueQuickStart |
sqstart.exe |
Quickstart for the discontinued Sonique audio player.
Available via Start -> Programs |
| ? |
SonnReg |
SonnReg.exe |
Now superseeded by
ColorWizzard - 3Deep corrected lighting, shading and color for all your 2D
and 3D games. Possibly a registration reminder? |
| X |
SonudMan |
SonudMan.exe |
Added by the STARTPAGE.Q TROJAN! |
| X |
SonudMan |
WNILOGON.exe |
Added by the QQROB-DC TROJAN!
Note - this is not the legitimate winlogon.exe process, which should not
appear in Msconfig/Startup! |
| X |
SonudMon |
SonudMon.exe |
Added by the LEWOR-J TROJAN! |
| U |
SonyPowerCfg |
SPMgr.exe |
Related to Sony VAIO Power
Management Module installed on laptops and provides additional configuration
options for these devices. This program is non-essential process to the
running of the system, but should not be terminated unless suspected to be
causing problems |
| ? |
Soot |
rcea.exe |
?? |
| ? |
sophagnt |
sophagnt.exe |
Possibly related to
Sophocles Screenwriting Software? |
| X |
SOProc_RegSoAlertWxLiteNnAj |
rundll32 shell32.dll,
ShellExec_RunDLL [path] soproc.exe |
Advertising by SoftwareOnline -
monitors your browsing habits and distributes the data back to the author's
servers for analysis |
| X |
SOS |
SOS.exe |
Added by the PHILIS VIRUS! |
| ? |
SoSyncMonitor |
SoSyncMonitor.exe |
SuperOffice related.
What does it do and is it required? |
| X |
Sound Loader |
sndloader.exe |
Added by the AGOBOT-BV WORM! |
| X |
Sound services |
SOUND32.EXE |
Added by the AGOBOT.GG WORM! |
| X |
Sound System |
WinSound1.exe |
Added by an unidentified VIRUS,
WORM or TROJAN! |
| X |
soundcontrl |
soundcontrl.exe |
Added by the GAOBOT.AFJ WORM! |
| X |
sounddrv |
sndbdrv3104.exe |
CoolWebSearch
parasite variant |
| ? |
SoundFusion |
RunDll32 cwaprops.cpl,
C25CrystalControlWnd |
Control panel item for a
Terratec soundcard (Start -> Settings -> Control Panel) based upon a
Cirrus Logic "SoundFusion" DSP. Does it need to
run at start-up every time? |
| ? |
SoundFusion |
rundll32 cwcprops.cpl |
Control panel item for the
Terratec DMX Xfire 1024 soundcard (Start -> Settings -> Control Panel)
based upon a Cirrus Logic "SoundFusion" DSP. Does
it need to run at start-up every time? |
| ? |
SoundFusion |
rundll32 hercplgs.cpl,
BootEntryPoint |
Control panel item for Hercules
Fortissimo soundcards (Start -> Settings -> Control Panel) based upon a
Cirrus Logic "SoundFusion" DSP. Does it need to
run at start-up every time? |
| X |
SoundMam |
SVOHOST.exe |
Added by the QQROB-AAL TROJAN! |
| N |
soundman |
soundman.exe |
System Tray icon for the Realtek
AC97 Audio Sound Manager for AC97 onboard audio. Available via Start ->
Settings-> Control Panel |
| X |
SOUNDMAN Microsoft Help |
soun.pif |
Added by the RBOT-AIU WORM! |
| N |
SoundMAX |
SMax4.exe |
System Tray icon for SoundMax
integrated sound. Sound properties can be accessed through the Start Menu or
Control Panel |
| X |
SoundMAX |
SoundMAX.exe |
Added
by the RIZON-A WORM! Note - this file is placed in the Startup folder itself,
and has NO relation to SoundMax sound cards! |
| X |
SoundMax Audio Drivers |
SndMAX.exe |
Added by a
variant of the SDBOT WORM! |
| U |
SoundMAXPnP |
SMax4PNP.exe |
SoundMax integrated sound.
Required if you have custom settings for your sound, such as effects and
environments |
| X |
soundmix |
soundmix.exe |
Added by the AGENT.PGV WORM! |
| X |
SoundMixer |
smvss.exe |
Added by the DEDLER-G TROJAN! |
| X |
Soundmx |
Soundmx.exe |
CoolWebSearch Tapicfg parasite variant |
| X |
soundtask |
soundtask.exe |
Added by the AGOBOT-MD WORM! |
| X |
soundtasks |
soundtasks.exe |
Added by a variant of the CRYPTER.C TROJAN! |
| X |
soundtctrls |
soundtctrls.exe |
Added by the AGOBOT-ZV WORM! |
| X |
SoundView |
msdview32.exe |
Trojan downloader |
| X |
sounofts |
sounofts.exe |
Added by the AGOBOT-ND WORM! |
| X |
sountskmanager |
sountaskmgr |
Added by an unidentified WORM or
TROJAN! |
| N |
SourcePath |
gwreg.exe |
Used to update Gateway registry
settings for System Restoration Kit and Web update programs |
| X |
sp |
regedit-s .... sp.dll |
Malicious javascript annoyance that changes the default
search engine in IE to one of many including "topsearcher". See
here for more and a fix |
| X |
sp |
rundll32 (Path to Trojan DLL),
DllInstall |
Added by the ABLANK-W and
ABLANK-Z TROJANS! |
| X |
sp |
se.dll, DllInstall |
Added by the Startpage.M hijacker |
| X |
sp |
sp.reg |
IE search hijacker - changes the
default search to http://www.gocybersearch.com/ |
| U |
SP TimeSync |
SP TimeSync.exe |
SP TimeSync lets you
synchronize your computer's clock with any Internet atomic clock (time
server) |
| X |
SP00LSV |
Sp00lsv.exe |
Added by the GRAYBIRD.E TROJAN! |
| U |
SP2 Connection Patcher |
SP2ConnPatcher.exe |
Changes limit of concurrent TCP
connections of Windows Service Pack 2 |
| X |
SP2 data |
[path] repcale.exe [path]
apc.exe |
Added by a variant of the RANDON.AN WORM! |
| X |
SP2 Firewall/Internet Updater |
crssrs.exe |
Added by the RBOT.BJO WORM! |
| X |
sp2chk.exe |
sp2chk.exe |
Added by the ALUROOT.A TROJAN! |
| X |
sp2ctr |
sp2ctr.exe |
Added by the DLUCA-M TROJAN! |
| X |
sp2fwxp |
sp2fwxp.exe |
Added by the SMALL.ABW TROJAN! |
| X |
sp2update |
sp2update.exe |
SP2Update adware! Tracks URLs visited and search terms
entered into Internet Explorer |
| X |
Spam Blocker for Outlook Express |
SBInst.exe |
HotBar related |
| X |
SPAM FIREWALL |
mfirewall.exe |
Added by the SDBOT.AOU WORM! |
| U |
Spam Sleuth |
SpamSleuth.exe |
Spam Sleuth E-mail spam
detection program |
| X |
SpamBlocker |
SbOEAddOn.exe |
Related
to Hotbar's Weather Forecast tool for your desktop |
| U |
SPAMfighter Agent |
SFAgent.exe |
SPAMfighter anti email spam
filter |
| U |
spamihilator |
spamihilator.exe |
Spamihilator - spam
filter |
| U |
SpamPal |
spampal.exe |
SpamPal - anti-spam tool |
| U |
SpamSubtract |
SpamSubtract.exe |
Intermute
SpamSubtract - junk email detection and removal program |
| U |
Spark |
Spark.exe |
Spark
instant messaging server |
| N |
spc_w |
blspc.exe |
NetZero
Search Enhancement related |
| N |
spc_w |
hcm.exe |
NetZero
Search Enhancement related |
| N |
spc_w |
nzspc.exe |
NetZero
Search Enhancement related |
| N |
Spdstart |
Spdstart.exe |
Norton Utilities Speed Start.
"This feature optimizes the start up speed of launching applications,
such as Word and Excel." |
| U |
Speaking Clock Deluxe |
SpClDlx.exe |
Speaking Clock
Deluxe - turns your computer into a speaking clock with several languages. It
can also keep track of up to 50 alarms that can be set to a time and a date,
and be repeated daily, weekly, monthly and yearly |
| X |
Special Firewall Service |
avguard.exe |
Added by the NETSKY.G WORM! |
| X |
SpecialOffers |
SpecialOffers*.exe [* = digit] |
SpecialOffers adware |
| X |
SpecialOffers |
SpecialOffers.exe |
SpecialOffers adware |
| X |
specific |
specixic.exe |
Added by a
variant of the SDBOT WORM! |
| N |
Speed racer |
CTSRReg.exe |
Software for a Creative sound
card |
| U |
Speed Tec |
speedtec.exe |
Accel
SpeedTec from Montana Software speeds up your modem. SpeedTec modifies the
Internet Protocol settings in the Windows registry to speed downloads on all
modems. If you find this improves your connectivity and download speeds leave
this enabled |
| X |
SpeedBoss |
[worm filename] |
Added by the OPASERV.AD WORM! |
| U |
SpeedItUp |
SPEEDITUP.EXE |
Speed It
Up - "all in one Speed Booster designed to significantly increase the
speed of your computer and boost your PC available memory" |
| U |
Speedkey |
SPEEDKEY.EXE |
Additional keyboard shortcuts on
MS programmable keyboard |
| U |
SpeedMeter |
SpeedMeter.exe |
Application measuring upload and
download speed |
| U |
SpeedOptimizer |
spo.exe |
SpeedOptimizer is
designed to optimize and speed-up your Internet data transmission including
browsing, streaming, downloading, uploading and e-mail communication |
| U |
SpeedswitchXP |
SpeedswitchXP.exe |
SpeedswitchXP is a
CPU frequency control for notebooks running Windows XP |
| U |
Speedtouch USB Diagnostics |
Dragdiag.exe |
For an external Alcatel ADSL
high-speed modem. A diagnostic tool and can be run from the Start menu when
required. The only reason it might be useful on startup is if you like seeing
an 'at-a-glance' status indicator on the taskbar (the icon is a different
colour depending on the status of the device/line) |
| U |
SpeedUpMyPC |
SpeedUpMyPC.exe |
SpeedUpMyPC "automatically fine-tunes all your resources
including hardware, system settings and internet usage to operate at peak
performance at all times" |
| X |
Spees1 |
speedy.scr |
Added by the OPASERV.Y WORM! |
| X |
Spees2 |
Speedy.bat |
Added by the OPASERV.AD WORM! |
| X |
Spees3 |
SPEEDY.PIF |
Added by the OPASERV.AD WORM! |
| N |
Spellex Anywhere |
sa.exe |
Spellex-Anywhere
- adds spell checking functionality to almost any Window program. Create a
shortcut and run manually before it's to be used |
| Y |
SpIDerMail |
spiderml.exe |
DrWeb antivirus Spider Mail e-mail scanner |
| N |
Spinner Plus |
spinner.exe |
"Spinner Plus lets you
listen to over 100 channels of music broadcast from Spinner.com. Spinner Plus
uses RealNetwork's G2 technology to provide high-quality online audio. The
technology adjusts the audio streaming to match your Internet connection speed,
which helps eliminate sound distortion or choppiness". Available via
Start -> Programs |
| X |
SPINX |
Wscript.exe OXNEY.B.VBS |
Added by the YENO.B and YENO.C
WORMS! |
| X |
SPnt |
SPnt.exe |
Premium rate adult content
dialler |
| U |
SpokeSysTray |
SpokeSysTray.exe |
Spoke Software client application. Spoke "uses data in
your e-mail and other enterprise information systems to discover the existing
relationships of people in your enterprise. It then builds a private, secure
relationship network for each user without any additional manual data
entry" |
| X |
spolsvr2 |
spolsvr2.exe |
Added by the EVILSOCK.10 TROJAN!
Note - this malware actually changes the default value data of the Registry
"Run" key in order to force Windows to launch it at boot. Name
field may be empty |
| X |
spoo1sv |
spoo1sv.exe |
Added by the SOULJET TROJAN! |
| X |
Spool |
[path to trojan] |
Added by the RANKY.R TROJAN! |
| X |
Spool |
wys.exe |
WhileUSurf adware |
| X |
SPOOL Configuration |
spoolsvc.exe |
Added by the SDBOT-KD WORM! |
| N |
Spool Loader |
spool.exe |
Added by a variant of the RBOT WORM! |
| X |
Spool LoadKIt |
spoolv.exe |
Added by a variant of the RBOT WORM! |
| X |
Spool lptt01 |
spool.exe |
RapidBlaster variant (in a
"spool" folder in Program Files). Recommended you use RapidBlaster
Killer to uninstall - see here |
| X |
Spool Manager |
spoolsrv.exe |
Added by the BANKER-FR TROJAN! |
| X |
Spool ml097e |
spool.exe |
RapidBlaster variant (in a
"spool" folder in Program Files). Recommended you use RapidBlaster
Killer to uninstall - see here |
| X |
Spool32 |
pool32.exe |
Added by the ASSASIN-F TROJAN! |
| X |
spoolax |
[path to trojan] |
Added by the PERDA-D TROJAN! |
| X |
Spooler Service |
Spoolsrv.exe |
Added by the JOINER.C1 TROJAN! |
| X |
Spooler Sub System Process |
SPOOL32.EXE |
Added by the YAB.A TROJAN! |
| X |
Spooler Subsystem |
spoolsub.exe |
Added by the SDBOT-ABG TROJAN! |
| X |
Spooler SubSystem App |
spooIsv.exe |
Added by the LINKBOT.M WORM! |
| X |
Spooler SubSystem App |
spoolsvc.exe |
Added
by the POEBOT-J WORM! |
| X |
Spooler SubSystem Application |
localsvc.exe |
Added by the DLOADER-NY TROJAN! |
| X |
Spooler SubSystem Application |
netsvc.exe |
Added by the DLOADER-NY TROJAN! |
| X |
Spooler SubSystem Application |
spoolsvc.exe |
Added by the DLOADER-NY TROJAN! |
| X |
Spooler SubSystem Application |
svcadmin.exe |
Added by the DLOADER-NY TROJAN! |
| X |
Spooler SubSystem Application |
svcman.exe |
Added by the DLOADER-NY TROJAN! |
| X |
Spooler SubSystem Application |
svcrun.exe |
Added by the DLOADER-NY TROJAN! |
| X |
Spooler SubSystem Application |
tcpsvc.exe |
Added by the DLOADER-NY TROJAN! |
| X |
Spooler SubSystem Application |
websvc.exe |
Added by the DLOADER-NY TROJAN! |
| X |
Spooler Subsytem App |
spoolsvc.exe |
Added by the SDBOT-MM WORM! |
| X |
SpoolerSubSystemProcess |
SpooI32.exe |
Added by the EHKS.21 keylogger! Note - the "I"
between "o" and "3" is a capital "i" not a
lower case "L" |
| X |
Spools Service Controller |
spools.exe |
Added by the KASSBOT-C WORM! |
| X |
spoolserv |
spoolserv.exe |
Added by the SDBOT-PN WORM! |
| X |
SpoolService |
spolsv.exe |
Added by the AGOBOT-CS WORM! |
| X |
spoolsv |
scvhosts.exe |
Added by the SMALL-AW TROJAN! |
| X |
spoolsv |
spoclsv.exe |
Added by the Fujacks-M WORM! |
| X |
Spoolsv |
Spoolsv.exe |
Added by the CIADOOR.121 VIRUS!
Note - "Spoolsv.exe" is located in the Windows or Winnt directory,
and not in System32, like the legitimate Spoolsv.exe system file |
| X |
spoolsv |
svchost.exe |
Added by the DLOADER-FI TROJAN!
Note - this is not the legitimate svchost.exe process which is always located
in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is located in a "HELP"
subfolder of the Winnt or Windows folder |
| X |
spoolsv manager |
SpoolMgr.exe |
Added by the ASSIRAL WORM! |
| X |
spoolsv service |
spoolsv32.exe |
Added by the RBOT-AHP WORM! |
| X |
SPOOLSV32 |
SPOOLSV32.EXE |
Added by the CWS-I or HAZIF-B
TROJANS! |
| X |
spoolsvc |
spoolsvc.exe |
Added by the DROPPER-AT TROJAN! |
| X |
spoolsvr32 |
csmss.exe |
Added by the AGENT-AU TROJAN! |
| X |
spoolsvr32 |
csmss32.exe |
Added by a variant of the AGENT-AU TROJAN! |
| X |
spoolsvs.exe |
spoolsvs.exe |
Added by the DLOADER-RK TROJAN! |
| X |
SPOOLSVU |
SPOOLSVU.EXE |
Added by the STARTPAGE.K hijacker |
| X |
spoolsvv |
spoolsvv.exe |
Searchcentrix hijacker |
| X |
Spoolvs |
spoolvs.exe |
Added by the SDBOT.AUS WORM! |
| X |
Spore |
MsNews.vbs |
Added by the SPORE.A WORM! |
| X |
Spore.b |
Scmhlpr.vbs |
Added by the SPORE.B WORM! |
| X |
spp |
regedit -s spp.reg |
IE search hijacker - changes the
default search to http://www.hotsearchbox.com/ie/ |
| ? |
SPP |
run.exe |
?? |
| ? |
sppbridge |
sppbridge.exe |
Associated with an Anycom
bluetooth wireless card on laptops - used for printing to portable printers
for example. Is it required or can it be started
manually? |
| ? |
SprintPort |
SprintPortA.exe |
Novatel wireless modem related. What does it do and is it required? |
| U |
SpriteService |
SpriteService.exe |
Sprite Backup is a
backup application for Windows Mobile Pocket PC or Smartphone |
| U |
SPSTEALT |
SmartProtectorPro.exe |
Smart
Protector Pro - internet privacy tool that erases tracks, MRU lists, etc |
| ? |
spstore |
storesp.exe |
Softprobe - program designed
to provide managers with an analysis of an individuals computer use who are
under their supervision. This program is NOT related to Winpup |
| U |
Spy Blocker |
spyblocker.exe |
SpyBlocker blocks the
communications of spyware installed on a PC so spyware runs but can't
exchange data with the server to which it should report. Ensuring spyware
can't communicate is important, as you may find after using Ad-Aware that
some applications containing spyware subsystems may not run correctly or at
all |
| U |
Spy Protector |
SpyProtector.exe |
Included in the
full version of Security Task Manager, Spy Protector prevents keyboard and
mouse monitoring, warns when the registry is changed and eliminates internet
activity and work traces |
| N |
SpyAxe |
spyaxe.exe |
Spyware remover - not
recommended, see here. For removal instructions see here |
| N |
SpyBan |
SpyBan.exe |
Spyware
remover - not recommended, see here |
| X |
SpyBlast |
SpyBlast.exe |
Spyware killer that is in effect
autoinstalled foistware, targeted by SpyBot, among others |
| U |
SpyBlocker |
spyblocker.exe |
SpyBlocker blocks the
communications of spyware installed on a PC so spyware runs but can't
exchange data with the server to which it should report. Ensuring spyware
can't communicate is important, as you may find after using Ad-Aware that
some applications containing spyware subsystems may not run correctly or at
all |
| N |
SpyBlocs |
SpyBlocs.exe |
Spyware
remover - not recommended, see here |
| N |
SpyBlocs3.0 |
SpyBlocs3.0.exe |
Spyware
remover - not recommended, see here |
| Y |
SpybotSD TeaTimer |
TeaTimer.exe |
TeaTimer is a
permanent process and registry monitor of the Spybot S&D system protector
which perpetually monitors the processes called/initiated. Detects processes
wanting to start and gives you options on how to deal with this process in
the future |
| U |
SpyBotSnD |
Spybotsd.exe |
Spybot - Search &
Destroy - free multi-spyware removal tool from Safer Networking Ltd. |
| X |
Spybott lptt01 |
spybott.exe |
RapidBlaster variant (in a
"Spybott" folder in Program Files). Recommended you use
RapidBlaster Killer to uninstall - see here |
| X |
Spybott ml097e |
spybott.exe |
RapidBlaster variant (in a
"Spybott" folder in Program Files). Recommended you use
RapidBlaster Killer to uninstall - see here |
| X |
SpyClean |
1ClickSpyClean.exe |
1 Click Spy Clean uses a
database that was stolen from SpybotS&D. Not recommended, see here |
| N |
Spy-Control |
Spy-Control.exe |
Spyware
remover - not recommended, see here |
| U |
SpyCop ScanCheck |
MAIN.EXE |
SpyCop surveillance software detection - checks to see when
your machine was last scanned and if it was more than a week asks if you want
to scan |
| U |
SpyEmergency |
SpyEmergency.exe |
SpyEmergency security software from Netgate |
| X |
SpyEx |
Winllogo.exe |
Added by the PRSKEY-A WORM! |
| N |
SpyFighterMonitor |
SpyFighter.exe |
Spyware
remover - not recommended, see here |
| N |
SpyFighterUpdate |
AutoUpdate.exe |
Spyware
remover - not recommended, see here |
| N |
SpyHealer |
SpyHealer.exe |
Spyware
remover - not recommended, see here |
| X |
SpyHeals |
SpyHeals.exe |
Smitfraud variant |
| N |
SpyHunter |
SpyHunter.exe |
Enigma SpyHunter - not recommended, see note |
| U |
Spy-Keylogger |
skl.exe |
SpyKeylogger keystroke logger/monitoring program - remove unless
you installed it yourself! |
| U |
Spykiller |
Spykiller.exe |
Spyware remover - older versions are not recommended, see
here |
| X |
SpyNuker |
Spynuker.exe |
A "spyware removal
program" by TrekBlue, which is being heavily advertised through junk
e-mail from its affiliates and misleading fake-dialogue-box web advertising.
This is the same company as E-mail marketers 'TrekData' and 'Blue Haven
Media', who distribute spyware through ActiveX drive-by-download on web pages |
| N |
SpyOnThis Monitor |
SpyOnThisMonitor.exe |
Spyware
remover - not recommended, see here |
| N |
SpyQuake2.com |
Spy-Quake2.exe |
Spyware
remover - not recommended, see here |
| X |
SpySheriff |
SpySheriff.exe |
SpySheriff
malware |
| N |
SpySpotter |
SpySpotter.exe |
Spyware
remover - not recommended, see here |
| U |
SpyStopper |
spystopper.exe |
SpyStopper -
blocks intrusive spyware, Web bugs, worms, scripts, advertisements, and
cookies. Protects you from being profiled and tracked |
| U |
SpySubtract |
SpySub.exe |
SpySubtract -
multi spyware removal tool |
| U |
SpySweeper |
SpySweeper.exe |
Spy
Sweeper - detects and removes spyware |
| U |
SpySweeperEnterprise |
SpySweeperUI.exe |
User interface for Spy Sweeper Enterprise edition - "a
centrally managed, scalable enterprise solution that provides best of breed
protection against all types of malicious spyware, adware, and other harmful
intruders" |
| X |
SpyTrooper |
SpyTrooper.exe |
SpyTrooper - malware posing as a spyware remover, see here |
| N |
Spyware |
Spyware.exe |
BPS
spyware remover - not recommended, see here |
| U |
Spyware Begone |
freescan.exe |
Spyware BeGone - spyware removal
utility. Previously not recommended, see here |
| U |
Spyware Begone |
SpywareBeGone.exe |
Spyware BeGone - spyware removal
utility. Previously not recommended, see here |
| U |
Spyware Doctor |
spydoctor.exe |
Spyware Doctor
spyware remover |
| U |
Spyware Doctor |
swdoctor.exe |
Spyware Doctor
spyware remover |
| U |
Spyware Guard Control Panel |
spywar~1.exe |
"SpywareGuard
provides a real-time protection solution against spyware" |
| U |
Spyware Nuker |
swn2.exe |
Spyware
removal program by TrekBlue. Previously not recommended but the latest
version was delisted here |
| U |
Spyware Nuker Installer |
SpywareNukerInstaller.exe |
Spyware
removal program by TrekBlue. Previously not recommended but the latest
version was delisted here |
| X |
Spyware remover |
Remove_spyware.exe |
Unidentified, but not known to
belong to any known spyware remover, and strongly suspected to be adware
related! |
| U |
Spyware Scanner |
AseScanner.exe |
Aluria Software's spyware
removal tool - we can't really recommend this product as Aluria have recently
partnered with WhenU, the well known adware company, see here and here |
| U |
SpyWare Shield |
Shield.exe |
Acronis Privacy Expert Spyware Shield prevents spyware and
other suspicious programs from being installed on PCs |
| N |
Spyware Slayer |
SpywareSlayer.Exe |
Spyware
remover - not recommended, see here |
| N |
Spyware Soft Stop |
Spyware Soft Stop.exe |
Spyware
remover - not recommended, see here |
| N |
Spyware Stormer |
SpywareStormer.Exe |
Spyware
remover - not recommended, see here |
| U |
Spyware Vanisher |
FreeScanner.exe |
Spyware Vanisher - spyware
removal utility. Previously not recommended, see here |
| U |
Spyware X-terminator |
SpywareX.exe |
Spyware
X-terminator - spyware remover |
| N |
SpywareBot |
SpywareBot.exe |
Spyware
remover - not recommended, see note |
| N |
Spyware-Cop |
Spyware-Cop.exe |
Spyware
remover - not recommended, see here |
| U |
spywarefighterguard |
spfprc.exe |
Spyware Fighter - anti spyware
program |
| X |
SpywareGuard |
deinst_qfe001.exe |
Added
by a variant of the Win32.Small TROJAN! - Do NOT confuse with the legitimate
SpywareGuard application |
| U |
SpywareGuard |
sgmain.exe |
"SpywareGuard
provides a real-time protection solution against spyware" |
| X |
SpywareGuard |
winproc32.exe |
Startpage adware Trojan |
| X |
Spywareguard lptt01 |
Spywareguard.exe |
RapidBlaster variant (in a
"Spyguard" folder in Program Files). Recommended you use
RapidBlaster Killer to uninstall - see here |
| X |
Spywareguard ml097e |
Spywareguard.exe |
RapidBlaster variant (in a
"Spyguard" folder in Program Files). Recommended you use
RapidBlaster Killer to uninstall - see here |
| X |
SpywareGuardPlus |
winmm64.exe |
StartPage.ht homepage hijacker |
| N |
SpywareKilla |
SpywareKilla.exe |
Spyware
remover - not recommended, see here |
| N |
SpywareLocked |
SpywareLocked.exe |
Spyware
remover - not recommended, see here |
| N |
SpywareLocked 3.5 |
SpywareLocked 3.5.exe |
Spyware
remover - not recommended, see here |
| N |
SpywareNo |
SpywareNo.exe |
Spyware
remover - not recommended, see here |
| N |
SpywareQuake |
SpywareQuake.exe |
Spyware
remover - not recommended, see here |
| N |
SpywareStrike |
SpywareStrike.exe |
Spyware
remover - not recommended, see here |
| N |
SPYWATCH |
SpyWatch.exe |
BPS
spyware remover - not recommended, see here |
| X |
SQConfigChecker |
cc.exe |
Xupiter SQWire toolbar related.
Use Spybot S&D, Adware or similar to detect and remove and to prevent it
re-installing in the future see here |
| X |
SQInstaller |
SQInstaller.exe |
Xupiter SQWire toolbar related.
Use Spybot S&D, Adware or similar to detect and remove and to prevent it
re-installing in the future see here |
| N |
SQL Server |
scm.exe |
SQL Server Service Control
Manager. Available via Start -> Programs |
| X |
SQL Server Service |
sql.exe |
Added by the RBOT-ADF |
| X |
sqservices |
wins32.exe |
Added by the PROGENT-B TROJAN! |
| X |
SQUpdatesChecker |
uc.exe |
Xupiter SQWire toolbar related.
Use Spybot S&D, Adware or similar to detect and remove and to prevent it
re-installing in the future see here |
| X |
sqvynikp |
sqvynikp.exe |
Free_Scratch_Cards foistware |
| Y |
SR Agent |
AGENTSVC.EXE |
Related to Secure
Resolutions - desktop virus protection |
| Y |
Sr Agent |
SrLogon.exe |
Related to Secure
Resolutions - desktop virus protection |
| ? |
sr1exe |
updtSup3.exe |
Found on a Dell computer, in a
Documents and SettingsAll UsersApplication DataDellAlert2 subfolder |
| X |
sr64 |
[path to trojan] |
Added by the AGENT.X TROJAN! |
| X |
SrchfstUpdate |
srchupdt.exe |
SearchFast adware downloader |
| X |
sre |
rundll32.exe sre.dll, Register |
CoolWebSearch parasite variant -
also detected by Kaspersky antivirus as Trojan.Downloader.Agent.Fc |
| ? |
srePostpone |
rundll32.exe [path] srescan.dll,
DoSpecialAction |
Related to ZoneAlarm. What
does it do and is it required? |
| ? |
SRFirstRun |
rundll32 srclient.dll,
CreateFirstRunRp |
Created by execution of the
Windows XP sr.inf file, which installs the Windows XP System Restore feature,
needed for example when installing System Restore into Windows Server 2003. Does this indeed need to run at every bootup? |
| U |
Srmclean |
srmclean.exe |
Srmclean helps in the
installation and execution of the SoundMax SoftPaq for Compaq/ADI SoundMax
Integrated Digital Audio. According to Compaq - "If you disable the
entry from loading into startup, then you will not be able to use the
features of the sound card" |
| X |
SRNG |
srng.exe |
ShopNavSearch.Srng search hijacker |
| U |
SRP Startup |
srrpro.exe |
System
Restore Remover Pro allows you to safely and easily remove System Restore and
various other Windows Millennium "features". This is enabled if you
tick the "Remove unnecessary System Restore information on startup"
box. Available via Start -> Settings -> Control Panel |
| Y |
SRS Applet |
SrsTray.Exe |
S3 Sonic Vibes sound card
drivers - if disabled you loose sound |
| U |
SRS Audio Sandbox |
SRSSSC.exe |
SRS Audio Sandbox "provide amazing audio immersion and
maximum thump for a personalized audio experience!" |
| X |
srshost.exe |
srshost.exe |
Added by a variant of the RBOT-ASW WORM! |
| X |
Srv RPCrom |
NClienti386.exe |
Added by the WATSOON.A TROJAN! |
| X |
Srv32 |
Srv32.exe |
Added by the OPASERV.J WORM! |
| X |
Srv32 |
Srv32.exe |
Added by the OPASERV.S WORM! |
| X |
Srv32 spool service |
[path to trojan] |
Added by the DLOADER-LB TROJAN! |
| X |
Srv32 spool service |
runsrv32.exe |
Topantispyware.com malware -
recognized by Kaspersky antivirus as Trojan-Clicker.Win32.Spyre.b |
| X |
Srv32 spool service |
spoolsrv32.exe |
Added by the SPYRE.B TROJAN! |
| X |
Srv325 |
Srv325.exe |
Added by the AGOBOT-PR WORM! |
| X |
Srv32Old |
[worm filename].PIF |
Added by the OPASERV.J WORM! |
| U |
Srv32Win |
SpyAgent4.exe |
SpyAgent -
monitoring software that creates records of everything people do on a
computer, ie, spying or monitoring depending upon how you call it |
| U |
Srv32Win |
Svchost.exe |
Realtime-Spy keystroke
logger/monitoring program - remove unless you installed it yourself! Note -
this is not the svchost.exe process that normally doesn't appear in
Msconfig/Startup! |
| U |
Srv32Win |
sysdiag.exe |
SpyAgent surveillance software. Uninstall this software
unless you put it there yourself |
| U |
srv32win |
win16dll.exe |
Screenspy captures screenshots silently. If you didn't
install this yourself remove it |
| X |
Srvce Pack Updte |
svcpack.exe |
Added by a variant of the RBOT WORM! |
| X |
srvexc.exe |
srvexc.exe |
Added by the SERVSAX TROJAN! |
| U |
srvprc |
srvprc.exe |
ActMon surveillance software. Uninstall this software unless
you put it there yourself |
| N |
srxTray |
srxTray.exe |
Titan FTP Server - FTP
server |
| ? |
SsAAD.exe |
SsAAD.exe |
Sony SonicStage software related
- "Atrac Hard Disk Monitor". What does it do
and is it required? |
| X |
ssate.exe |
irun4.exe |
Added by the BEAGLE.J WORM! |
| X |
ssate.exe |
winsys.exe |
Added by the BEAGLE.K WORM! |
| N |
SSBkgdUpdate |
SSBkgdupdate.exe |
ScanSoft OmniPage auto updater.
Can be disabled using the main program's options. Note - if you have a
Soundblaster Audigy2 ZS soundcard installed on your computer and the volume
of your soundsystem is turned on extremely high disabling this will solve the
problem |
| U |
SSC Service Utility |
ssc_serv.exe |
SSC Service Utility is
a printer utility for refilled Epson cartridges |
| Y |
SSC_UserPrompt |
UsrPrmpt.exe |
Part of Symantec's AntiVirus
suite and comes usually with a product update, if not on the system already.
Required for essential applications to work properly |
| U |
SSCFBTN.EXE |
SSCFBTN.EXE |
Samsung smarthru software,used
with Lexmark Z82 or Samsung multifunction printers |
| Y |
sscRun |
SSCRun.exe |
AOL's firewall |
| Y |
Ssd |
Std.exe |
Stealthdisk - file and
folder hiding/locking utility |
| ? |
ssdiag |
ssdiag.exe |
Equinox (now Avocent) "Configuration and DOS Diagnostic
for DOS and Windows platforms" |
| N |
SSDPSRV |
ssdpsrv.exe |
Simple Service Discovery
Protocol (SSDP) and General Event Notification Architecture (GENA) services
for network plug and play functionality. Starts up a web server on port 5000.
Used by Universal Plug and Play (for network device discovery). To remove this
program, open Add/Remove Programs, select either Communications (Me) or
Networking Services (XP), and remove the checkmark next to Universal Plug and
Play |
| X |
ssgrate.exe |
irun.exe |
Added by the MITGLIEDER.D TROJAN! |
| X |
ssgrate.exe |
irun4.exe |
Added by the MITGLIEDER.F TROJAN! |
| X |
ssgrate.exe |
sysdoor.exe |
Added by the MITGLIEDER.N TROJAN! |
| X |
ssgrate.exe |
system.exe |
Added by the MITGLIEDER.C TROJAN! |
| X |
ssgrate.exe |
winerdir.exe |
Added by the MITGLIEDER.O TROJAN! |
| X |
ssgrate.exe |
winsystems.exe |
Added by the BAGLEDL-J TROJAN! |
| X |
ssgrate.exe |
wintems.exe |
Added by the MITGLIEDER.Q TROJAN! |
| U |
SSh32 |
SSh32.exe |
2Spy keystroke logger/monitoring program - remove unless you
installed it yourself! |
| X |
SSK Service |
winssk32.exe |
Added by the SOBIG.E WORM! |
| X |
SSL |
svchost.exe |
Added by an unidentified VIRUS, WORM or TROJAN! Note - this
is not the legitimate svchost.exe process which should NOT appear in
Msconfig/Startup! |
| X |
SSL Manager |
amsnmsgs.exe |
Added by a
variant of the SDBOT WORM! |
| U |
ssmmgr |
ssmmgr.exe |
Samsung printer monitor - for
checking ink levels, etc. |
| X |
ssms.exe |
SSMS.EXE |
Added by the GISMOR WORM! |
| U |
SSPY |
SSYTEM.EXE |
SurfingSpy keystroke logger/monitoring program - remove unless
you installed it yourself! |
| X |
sssasasb32 |
msnmsgq32.exe |
Added by the TACTSLAY.F TROJAN! |
| X |
sssasasb32 |
sssasasb32.exe |
Added by the TACTSLAY.F TROJAN! |
| X |
sstata |
[path to trojan] |
Added by the RANCK-DF TROJAN! |
| X |
sstata |
dwdas.exe |
Added by the DASDA TROJAN! |
| X |
SStb.exe |
SStb.exe |
Adpowerzone.com
"ServerSide" keyword hijacker |
| N |
sstray |
sstray.exe |
nVidia nForce Taskbar Utility -
quick access to the nForce2 "Sound Storm" control panel and related
utilitys |
| X |
SSUpdate |
SSUpdate.exe |
MoneyTree parasite - ActiveX control used to download
premium-rate dialers |
| X |
ssvchost |
ssvchost.exe |
Added by the HELIOS.B TROJAN! |
| X |
SSWPlauncher |
comet.exe |
Comet Cursor adware |
| N |
Stacmon |
Stacmon.exe |
Installed with the drivers for a
SigmaTel C-Major Audio card (on a Dell Inspiron 600m PC for example). Appears
as though it can be disabled with no ill effects |
| N |
StacSysTray |
StacSysTray.exe |
System Tray control panel for
SigmaTel C-Major on-board audio - as used on some Dell and Packard Bell PCs |
| X |
staeck12 |
mfcee.exe |
Added by an unidentified WORM or
TROJAN! |
| X |
standalone.exe |
standalone.exe |
Added by the AGOBOT-ADS WORM! |
| U |
StarSkin |
starskin.exe |
StarSkin
allows you to change the view and appearance of your Windows XP box with the
use of publically available themes |
| Y |
Start |
Quick95.exe |
For a Nisis G6 USB Graphics
Tablet. Re-enables itself if disabled therefore best left alone |
| X |
start |
sdcc.exe |
Added by the AGENT.CSX TROJAN! |
| ? |
start |
start.exe |
?? |
| X |
Start |
windows.vbs |
Homepage hijacker |
| X |
Start aThx Roll |
f0mered.exe |
Added by the RBOT.AAV WORM! |
| X |
start extracting |
spoolvs.exe |
Added by the RBOT.AKC WORM! |
| X |
start extracting |
spoolvse.exe |
Added
by the RBOT-XF WORM! |
| N |
Start Getright |
getright.exe |
See Getright Tray Icon |
| X |
Start It Upping |
svchosets.exe |
Added by a variant of the RBOT WORM! |
| U |
Start Network Scanner Tool |
sdFTP.exe |
Part of Sharpdesk from Sharp Electronics. "A
desktop-based, personal document management application that lets users
browse, edit, search, compose, process, and forward both scanned and native
electronic documents" |
| X |
Start Page |
http://find.naupoint.com |
Naupoint browser hijacker |
| X |
Start Page |
svcnt32.exe |
Homepage hijacker, also detected
as Trojan-Downloader.Win32.Delf.ks |
| Y |
Start RF Wireless Keyboard |
ktrexe.exe |
Yuanxun Electronics RF wireless
keyboard driver |
| Y |
Start RF Wireless Mouse |
cm20.exe |
Yuanxun Electronics RF wireless
mouse driver |
| U |
Start Service |
upssrv.exe |
Cyber
Power PowerPanelPlus software. "During a power failure the system
automatically saves and closes open files within the battery backup time and
safely powers down your computer" |
| U |
Start Up Cop |
startcop.exe |
StartUp
Cop - startup manager |
| X |
start uploading |
smsss.exe |
Added by a variant of the SDBOT WORM! |
| X |
Start Upping |
mcrt32.exe |
Added by a variant of the SPYBOT WORM! |
| X |
Start Upping |
spoolnt.exe |
Added
by the RBOT-TM WORM! |
| X |
Start Upping |
SVCHOSTES.EXE |
Added
by the RBOT-NB WORM! |
| X |
Start Upping |
taksmgr.exe |
Added
by the RBOT-QK WORM! |
| X |
Start Upping |
taskmrg.exe |
Added
by the RBOT-MA WORM! |
| X |
Start Upping |
windupds.exe |
Added by the SDBOT.AFH WORM! |
| X |
Start Upping |
windupdts.exe |
Added by a variant of the RBOT WORM! |
| X |
Start Upping |
xdcc.exe |
Added by the SPYBOT.OY WORM! |
| X |
Start Uppings |
mssupdate.exe |
Added by a variant of the RBOT WORM! |
| X |
Start Uppings |
svcchosts.exe |
Added by the SDBOT.VY WORM! |
| N |
Start Wingman Profiler |
lwemon.exe |
Logitech Wingman software
required to operate Logitech joysticks and gamepads. Unless you're a
hard-core gamer, it's best to leave it unchecked |
| N |
Start Wingman Profiler |
lwtest.exe |
Logitech Wingman software
required to operate Logitech joysticks and gamepads. Unless you're a
hard-core gamer, it's best to leave it unchecked |
| U |
Startacc |
startacc.exe |
Launches Webroot's Accelerate
2000 software that "speeds up your Internet connection by up to
300%". Leave enabled if you find it improves internet connection |
| N |
StartCCC |
CLIStart.exe |
Puts the ATI Catalyst™ Control
Center Icon/Shortcut on the System Tray - available via Start -> Programs |
| Y |
StartEAK |
StartEAK.exe |
Easy Access Button Support for Compaq PCs. Required if you
use these |
| X |
startemdoit |
[path to trojan] |
Added by the DLOADR-AVP TROJAN! |
| X |
starter |
iexplore.exe |
Added by the FORBOT-DU WORM!
Note - this is not the legitimate Internet Explorer (iexplore.exe) process,
which is always located in the Program FilesInternet Explorer folder and
should not normally figure in Msconfig/Startup unless you add it manually! This
file is located in the System (9x/Me) or System32 (NT/2K/XP) folder |
| X |
Starter |
scvhosting.exe |
Added by the SDBOT.RU WORM! |
| X |
starter |
scvhostingg.exe |
Added by the FORBOT-FB WORM! |
| U |
StartFoxie |
StartFoxie.exe |
Foxie Suite from Softonic International. "This suite of
free tools comes in the form of an Internet Explorer add-on and includes a
mix of powerful security enhancements" |
| X |
startkey |
antivir.exe |
Added by the BIFROSE-TO TROJAN! |
| X |
startkey |
CKOTS.exe |
Added by the BIFROSE-HM TROJAN! |
| X |
startkey |
explore32.exe |
Added by the MT TROJAN! |
| X |
startkey |
explorer.exe |
Added by the MLD TROJAN! Note - the legitimate Windows
Explorer (explorer.exe) is located in the Windows or Winnt folder and would
not normally appear in Msconfig/Startup unless you added it manually! This
one is located in the System subfolder |
| X |
startkey |
furzi.exe |
Added by the BIFROSE-OK TROJAN! |
| X |
startkey |
krnl.exe |
Added by the BIFROSE-S TROJAN! |
| X |
startkey |
Mysia.exe |
Added by the CEP TROJAN! |
| X |
StartKey |
pligde.exe |
Added by the BIFROSE.E TROJAN! |
| X |
startkey |
royale.exe |
Added by a
variant of the SDBOT WORM! |
| X |
startkey |
rtfmsv.exe |
Added by the EDEPOL-C TROJAN! |
| X |
startkey |
RunWinRaR.exe |
Added by a variant of the
BIFROSE-LV TROJAN! |
| X |
startkey |
scvhost.exe |
Added by the BIFROSE-PM TROJAN! |
| X |
startkey |
server.exe |
Added by the BIFROSE-DB TROJAN! |
| X |
startkey |
svchost32.exe |
Added by a
variant of the SDBOT WORM! |
| X |
startkey |
svcmgr.exe |
Added by the HIPPER-B TROJAN! |
| X |
startkey |
update.exe |
Added by the BIFROSE-DG TROJAN! |
| X |
startkey |
win32i.exe |
Added by the BIFROSE-R TROJAN! |
| X |
startkey |
winampXP.exe |
Added by the BIFROSE-OY TROJAN! |
| X |
startkey |
winlogin.exe |
Added by the BIFROSE-PM TROJAN! |
| X |
startkey |
winlogin.exe |
Added by the BIFROSE-PM TROJAN! |
| X |
startkey |
XMCHAI.EXE |
Added by the BIFROSE-AO TROJAN! |
| N |
startl.exe |
startl.exe |
Lingocom LingoWare -
translates any application into your language |
| X |
StartMenu |
browse.exe |
Added by the DROWSY-C TROJAN! |
| X |
StartMenu |
deamon.exe |
Added by the TACTSLAY.C TROJAN! |
| X |
StartMenu |
msgaol.exe |
Added by the TACTSLAY.C TROJAN! |
| X |
StartMenu |
s_menu.exe |
Added by the TACTSLAY.C TROJAN! |
| U |
STARTPAGE |
start1.exe |
NoSpy.org - prevents spyware from changing your startpage and
other browser properties. The start1.exe file is located in a NOSPY.ORG
folder |
| X |
startpage |
startpage.exe |
Browser hijacker - redirecting
to pages2start.com |
| U |
StartStop |
STARTSTOP.EXE |
StartStop
from TFI Technology - startup manager |
| U |
StartSurfing |
STARTS.exe |
Start Surfing allows you
to protect your privacy while surfing and searching the Internet by acting as
a "filter" between you and the website you are visiting.
Startsurfing acts as your shield from Pop Up Windows, Mouse Traps, Window
Resizing, and scripts that attempt to record your personal information.
Available via Start -> Programs |
| N |
Startup |
?? |
Related to an Iomega drive |
| X |
Startup |
mirc.exe |
Added by the FLOOD-EU TROJAN! An uninstall option for
mirc.exe can be accessed via the Add or Remove Programs dialog in the Windows
Control Panel. The software is listed as mIRC. This one puts 10 files in the
Windows or Winnt folder |
| X |
Startup |
WinlogonStartup |
Unidentified malware |
| X |
Startup Configuration |
[six character filename] |
Added by the RBOT-ARV WORM! |
| X |
Startup Configuration |
wztoid.exe |
Added by the RBOT-ASD WORM! |
| ? |
Startup Launcher GUI |
GUI.exe |
Startup manager? |
| U |
Startup Manager Scanner |
StartupMonitor.exe |
Startup-Mechanic
Startup monitor - offers boot protection of your PC from harmful trojans,
adult-dialers, and other scumware |
| Y |
Startup Scan |
Sensor.EXE |
AntiVirus Quick Heal -
scheduling agent |
| X |
Startup Update |
Cvshost.exe |
Added by the GAOBOT.AO WORM! |
| X |
StartupBin |
iwnujdss.exe |
Added
by the SDBOT-XZ WORM! |
| U |
StartupMonitor |
StartupMonitor.exe |
Mike Lin's
StartupMonitor, throws up an alert and asks your permission every time any
change is made to your start-up configuration, either in the registry or
start menu |
| X |
startwin |
startwin.exe |
Added by the ANTIMAN.A WORM! |
| X |
startwindowskeyuser |
rundle2.exe |
Added by the JAVAKILLER TROJAN! |
| N |
Stat 'n' Perf |
StatnPerf.exe |
Stat 'n' Perf
monitors your internet connection and displays information about sent and
received bytes |
| X |
StatBar |
STATBAR.exe |
StatBar (system status bar) allows you to quickly get an
overview of your system's condition (memory, CPU, uptime, and much more). Due
to the sheer number of resources (over 60%) consumed by this program, it is
unsuitable for Windows 95/98/SE/Me |
| X |
State Service |
csrss.exe |
Added by the DADOBRA-CP TROJAN!
Note - this is not the legitimate csrss.exe process which is always located
in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is located in the Winnt or Windows
folder |
| U |
StationPlaylistStudio |
SPLStudio.exe |
StationPlaylist
Studio - "simple to use on-air broadcast playback software for the
studio and/or DJ" for small to medium sized radio broadcasters, and
internet webcasters |
| X |
Statistics |
statslist.exe |
Added by the OPANKI-S WORM! |
| N |
Status Monitor |
BrMfcWnd.exe |
Brother scanner status monitor -
can be started manually |
| N |
Status Monitor XE |
ENGSS.EXE |
The Xerox Document WorkCentre XE
Series Status Monitor displays information about your printer and currently
active or waiting print jobs. You can use it to control your printing
environment and manage your printing operations. Available via Start -> Programs |
| ? |
StatusClient |
StatusClient.exe |
Part of Hewlett Packard network
printer drivers |
| ? |
StatusClient 2.6 |
StatusClient.exe |
Part of Hewlett Packard network
printer drivers |
| N |
StatusView |
StatusView.exe |
Status View
intra-office messaging |
| N |
Stay Connected! |
StayCon.exe |
More than just a pinger,
actually simulates online activity. Supports AOL, NetZero, MSN, ATT WorldNet,
CompuServe and many other ISPs as well. Available via Start -> Programs |
| U |
StayAlive |
sa.exe |
StayAlive
from TFI Technology. "This top-notch tool intercepts crashes when
they happen, keeping your programs running so you can save your work." |
| U |
StayAlive |
StayAlive.Exe |
Part of RealSPEED -
tweaking utility to speed-up your internet connection. Stay connected even
after a period of inactivity on the net |
| ? |
STBVision |
STBVisn.exe |
Related to the STB Velocity
graphics card. What does it do and is it required? |
| N |
STBWEBTV |
STBWEBTV.EXE |
Used to display TV on your PC |
| X |
stcinstaller |
id53.exe |
Added by the SCTHOUGHT.L TROJAN! |
| X |
STCLOA~1 |
STCLOA~1.exe |
Popup adware by 2ndThought
software |
| X |
STCLOA~1 |
stcloader.exe |
Popup adware by 2ndThought
software |
| X |
stcloader |
STCLOA~1.exe |
Popup adware by 2ndThought
software |
| X |
stcloader |
stcloader.exe |
Popup adware by 2ndThought
software |
| Y |
STCPO |
STCPO.exe |
Sophos Sweep antivirus software |
| X |
StdAFX |
stdafx.exe |
Added by the DELBOT-AF WORM! |
| X |
stdlib |
[filename] |
Added by the PERDA-E TROJAN! |
| Y |
STDSB |
STDSB.exe |
Scrollbar driver for notebooks.
If taken out of the Startup, it will not provide scrolling |
| U |
Stealth Anonymizer 2.5 |
stealth25.exe |
Now named Stealther - proxy server agent that lets you travel
the Internet with maximum possible privacy |
| X |
stealth.dcom.exe |
stealth.dcom.exe |
Added by the THEALS.A WORM! |
| X |
stealth.ddos.exe |
stealth.ddos.exe |
Added by the THEALS.A WORM! |
| X |
stealth.exe |
stealth.exe |
Added by the THEALS.A WORM! |
| X |
stealth.injector.exe |
stealth.injector.exe |
Added by the THEALS.A WORM! |
| X |
stealth.stat.exe |
stealth.stat.exe |
Added by the THEALS.A WORM! |
| X |
stealth.wm.exe |
stealth.wm.exe |
Added by the THEALS.A WORM! |
| X |
stealth.worm.exe |
stealth.worm.exe |
Added by the THEALS.A WORM! |
| N |
Steam |
steam.exe |
Valve Software's STEAM
broadband game client. Steam is Valve's new way of getting games into your
hands ASAP. Games like Half-Life, Counter-Strike, and Counter-Strike:
Condition Zero are all being made available through Steam. Steam games are
automatically kept up-to-date with the latest content and revisions. Steam
also includes an instant-message client which even works while you're in-game |
| X |
steam |
steam.exe |
Added by the RBOT-AJT WORM! Note - the file steam.exe will be
found in the WindowsSystem folder and is not associated with Valve Software's
game client |
| X |
SteFanie |
SteFanie.vbs |
Added by the STEFAN WORM! Note - make sure you check the
hyperlink as this one copies it's self to numerous dirves and folders |
| ? |
stgclean |
w32main2.exe |
Related to IBM Standard Software
Installer. What does it do and is it required? |
| N |
Stickies |
STICKIES.EXE |
Stickies -
utility that allows you to put yellow "Post-It" type messages on
your desktop and can be used to set reminders. Available via Start ->
Programs |
| N |
Sticky Notes |
stikynot.exe |
Microsoft Sticky Notes - virtual
sticky notes tool |
| U |
Sticky Pad |
StickyPad.exe |
Sticky Pad from
Green Eclipse. Place sticky notes on your desktop |
| N |
StickyNote |
StickyNote.exe |
Utility that allows you to put
yellow "Post-It" type messages on your desktop. Available via Start
-> Programs |
| U |
StillImageMonitor |
Stimon.exe |
Stimon.exe enables a USB
still-image device (such as a scanner) to initiate data transfer to a
program. For example, if your scanning device has a scan button, it may start
a program and begin scanning when you press it. Create a shortcut and start
it manually when needed if your scanner otherwise fails to scan. May be
required for your USB scanner to work - including all HP scanners and some of
their SCSI scanners |
| X |
stisrv |
stisrv.exe |
Added by the RBOT.BQF WORM! |
| X |
stlbdist |
rundll32exe stlbdist.DLL,
DllRunMain |
Hijacker pointing to
www.searchandclick.com |
| X |
stlbupdt |
rundll32.exe stlbupdt.DLL,
DllRunMain |
BrowserAid/BrowserPal foistware |
| N |
STManager |
drst.exe |
Dr.
SpeedTouch is some sort of diagnostics software which sends out information
to a server which then relays the information back to the program to test the
network to see if the SpeedTouch ADSL modem connection is working properly.
Not required if connected via Ethernet (and probably USB). Can cause a slow
down in Win2K - see here |
| X |
stmha |
wkfxi.js |
Added by the SPETH WORM! |
| X |
stonedrv |
stonedrv.exe |
Added by the COSIMA-K TROJAN! |
| U |
StopSignSsTsMon |
sstsmon.dll, VerifyStatus |
eAcceleration Stop-Sign security software related. Previously
not recommended, see here |
| U |
StopSignStatus |
stopsinfo.dll |
eAcceleration Stop-Sign security software related. Previously
not recommended, see here |
| U |
STOPzilla |
Stopzilla.exe |
StopZilla! - pop-up killer |
| U |
STOPzilla Service |
SZNTSVC.EXE |
StopZilla! - pop-up killer |
| U |
StorageGuard |
sgtray.exe |
StorageGuard from Veritas. Free utility that integrates with
Backup MyPC (formerly Backup Exec Desktop), Simple Backup and MS Backup.
Provides system tray access and background monitoring - warning you of files
that haven't recently been backed up. Required unless you backup manually on
a regular basis or have scheduled backups |
| ? |
STPMGR |
STPMGR.EXE |
Part of SafeTP which is
transparent FTP security software. Does it need to be running permanently or
can it be started manually via Start -> Programs |
| X |
Stratas |
ggfig.exe |
Added by the OPANKI.W WORM! |
| X |
stratas |
lockx.exe |
Added by the SDBOT-ADD WORM! |
| X |
stratas |
xmconfig.exe |
Added by the RBOT-AHR WORM! |
| X |
StreamAppliance |
wuauclt14.exe |
Added
by the RBOT-GMB WORM! |
| X |
StreamAppliance |
wuauclt16.exe |
Added by the RBOT-GME WORM! |
| N |
Streamload Downloader |
SlDB.exe |
Downloader for MediaMax (was
Streamload) - "gives you a private and secure place to upload, store,
access, and share your personal videos, photos, movies, music, and
files" |
| N |
Streamload Uploader |
StreamMgr.exe |
Uploader for MediaMax (was
Streamload) - "gives you a private and secure place to upload, store,
access, and share your personal videos, photos, movies, music, and
files" |
| U |
StreamZap Remote |
zremote.exe |
StreamZap PC Remote -
control Windows Media Player, iTunes, RealPlayer, Winamp, PowerPoint,
MusicMatch Jukebox, and many other multimedia applications |
| U |
StrgSync.exe |
StrgSync.exe |
SimpleTech Inc's StorageSync
backup software - backs up an entire PC, or selected files and folders |
| X |
strmsnmgrs |
msnxmsgrsc.exe |
Added by the SDBOT.JDR WORM! |
| X |
strmsnmsgr |
msnmsgrs.exe |
Added
by the RBOT-ACQ WORM! |
| X |
strmsnmsgrs |
msnmsgrsc.exe |
Added by a variant of the RBOT WORM! |
| X |
strmsnnms |
msnmegrs.exe |
Added by the SDBOT-YU TROJAN! |
| X |
strmsnnrs |
msnmcgrs.exe |
Added by the RBOT-ACT TROJAN! |
| X |
strmsoums |
msnmegrse.exe |
Added by the SDBOT-ZK TROJAN! |
| X |
Strng32 |
strngbox.exe |
Added by the STRANO WORM! |
| U |
StrokeIt |
strokeit.exe |
StrokeIt is an
"advanced mouse gesture recognition engine and command processor" |
| X |
strtas |
l074.exe |
Added by the AGENT-II TROJAN! |
| X |
strtas |
loc1.exe |
Added by the RBOT-AZU TROJAN! |
| X |
strtas |
lock1.exe |
Added by the SDBOT-ADQ WORM! |
| X |
strtas |
lockx.exe |
Added by the SDBOT-AEB WORM! |
| X |
strto |
[path to trojan] |
Added by the KILLAV-AP TROJAN! |
| X |
strto |
strto.exe |
Added by the KILLPROC-F TROJAN! |
| X |
Sts |
iwnujdss2.exe |
Added by the SDBOT-YI WORM! |
| X |
Stubbish |
Stubbish.exe |
Added by the STUBBOT-A WORM! |
| X |
StubPath |
Sservice.exe |
Added by the PRORAT TROJAN! |
| X |
stup |
138762763.exe |
Added by the FIRESPY-A TROJAN! It will attempt to register
the dropped component as a Firefox plugin and begin monitoring the user's
browsing habits, stealing information including monitoring and logging
information from Web forms |
| N |
StupAssist |
StupAssist.exe |
Associated with Nikon digital
cameras |
| X |
stxrmsgms |
mstats.exe |
Added by the IRCBOT-AE TROJAN! |
| U |
StyleXP |
StyleXP.exe |
StyleXP allows you
customize the way WinXP looks. If disabled via msconfig it re-instates itself
at reboot, therefore uninstall it if you don't want it |
| X |
SubAH |
SubAH.exe |
Added by the SUBAH TROJAN! |
| U |
Subliminal Power |
Subliminal.exe |
Subliminal Power
- displays subliminal messages of your choice on your computer screen |
| N |
Subtract the Ads |
AdSub.exe |
Removes adverts from web pages.
Although useful - not required |
| X |
suck |
l0ad.exe |
PurityScan/Clickspring adware |
| U |
Suitcase Startup |
Suitcase.exe |
Suitcase - system font manager start up utility. Used for
dynamic managment of fonts on your system |
| X |
Suite |
SuiteOffices.exe |
Added by the LAZAR TROJAN! |
| X |
SULFNBJ.EXE |
SULFNBJ.EXE |
Added by the PE_MAGISTR.DAM VIRUS! |
| X |
Sun Java Console for Windows NT
& XP |
jconsole.exe |
Added by the VANEBOT-C WORM! |
| U |
Sunasdtserv |
Sunasdtserv.exe |
CounterSpy
by Sunbelt Software - adware/spyware protection |
| U |
sunasServ |
sunasServ.exe |
CounterSpy
by Sunbelt Software - adware/spyware protection |
| X |
SunJavaSched |
ccEvtMngr.exe |
Added by the SDBOT-YP WORM! |
| X |
SunJavaSched Updater |
avamx.exe |
Added
by the RBOT-ABJ WORM! |
| X |
SunJavaUpdate |
smvss.exe |
Added by the DEDLER-G TROJAN! |
| X |
SunJavaUpdateSched |
javamx.exe |
Added
by the SDBOT-WI WORM! |
| N |
SunJavaUpdateSched |
jusched.exe |
Checks with Sun's Java updates site to see if newer Java
versions are available. Visit http://java.sun.com or just run the Java
Plug-In Control Panel |
| X |
SunJavaUpdateSched |
scvhost.exe |
Added by the SDBOT-AVX WORM! |
| U |
Sunkist |
shwicon98.exe |
Card reader for memory cards
from digital cameras, etc |
| U |
Sunkist2k |
shwicon2k.exe |
Card reader for memory cards
from digital cameras, etc |
| U |
SunKistEM |
shwiconem.exe |
Used
by your computer to communicate with your Alcor Micro Multimedia Card Reader
- necessary if you're using this software |
| U |
SuNotification |
suatshut.exe |
ShadowSurfer
- "provides a safe computing environment by creating a virtual twin of
your PC. Restore the pre-ShadowMode system state no matter what changes have
occurred to your PC" |
| U |
SunProtectionServer |
SunProtectionServer.exe |
CounterSpy
antispyware software |
| U |
SunServer |
SunServer.exe |
CounterSpy
antispyware software |
| ? |
SupaDial |
SupaDial.exe |
SupaNet.com modem driver related
- is it required? |
| N |
Supastatus |
status.exe |
Supanet ISP software |
| X |
supdate2.dll |
rundll32.exe [path] supdate2.dll |
Added by the ZLOB-VL TROJAN! |
| X |
super |
fuckbx.exe |
Added by the LINEAGE-H TROJAN! |
| X |
super |
super.exe |
Added by the AGOBOT-QT WORM! |
| U |
Super Popup Blocker |
popkill.exe |
Saga Super Popup Blocker - pop-up stopper |
| U |
Super X Desktop Version 3.4 |
SXDesk.exe |
Super X
Desktop - virtual desktop manager |
| U |
SuperAdBlocker |
SAdBlock.exe |
SuperAdBlocker |
| U |
SUPERAntiSpyware |
SUPERAntiSpyware.exe |
"SUPERAntiSpyware
is the most thorough scanner on the market. Our Multi-Dimensional Scanning
and Process Interrogation Technology will detect spyware that other products
miss! SUPERAntiSpyware will remove ALL the Spyware, NOT just the easy ones!" |
| X |
SuperBar.Component |
[path to services.exe] |
Added by the SMALL-AQ TROJAN!
Note - this is not the legitimate services.exe process which is always
located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not
normally figure in Msconfig/Startup! This file is located in an "Inetsrv"
subfolder |
| X |
SuperBar.Component |
services.exe |
FakeMessage/AdRotator adware.
Note - this is not the legitimate services.exe process which is always
located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not
normally figure in Msconfig/Startup! This file is located in an "Inetsrv"
subfolder |
| U |
Supercleaner |
Supercleaner.exe |
Supercleaner - all in one disk cleaner for your computer |
| U |
SuperCool Compress Backup |
Main.exe |
"SuperCool Zip Backup
software is a data backup,restore and file synchronization program" |
| X |
SuperHeissSex |
SuperHeissSex.exe |
Added by the HeissSex premium rate adult content dialer! |
| X |
supernews12 |
newsd32.exe |
Adware, also detected as the DLOADER-JN TROJAN! |
| X |
Supernova |
[worm filename] |
Added by the SURNOVA (or SUPOVA)
WORM! |
| X |
superproxy |
superproxy.exe |
Added by the DELBACK-B TROJAN! |
| U |
SuperRam |
SuperRam.exe |
SuperRam memory manager. MS MVPs
(Most Valued Professional) recommend not using memory managers with
Win98/SE/ME. See SuperRam article and make up your own mind |
| X |
superslut |
msslut32.exe |
Added by the SLUTER-A WORM! |
| U |
SuperSpamKiller Pro |
Ssk.exe |
SuperSpamKiller Pro
email spam blocker |
| X |
Supervisor.exe |
Supervisor.exe |
Has been reported to be
associated with various antitrojan software like ATS and PC Doorguard. If so
it's required in Startup - any further information is welcome |
| X |
supporter5 |
supporter5.exe |
Part of eScorcher anti-virus
software- responsible for updates of new virus bases each time you logon to
the web. Used to collect information about the user and therefore treated as
spyware - now the web-site is dead |
| X |
support-reverse-smileys |
[trojan filename] |
Added by the LITEBOT TROJAN! |
| U |
SureCleanProfessional |
SRClean.exe |
SureClean
PC and Internet tracks cleaner |
| U |
Sureshotpopupkiller |
pusak.exe |
Stop-the-Pop-Up
popup blocker |
| U |
Sureshotpopupkiller |
Stopthepop.exe |
Stop-the-Pop-Up
popup blocker |
| X |
SurfAccuracy |
sacc.exe |
SurfAccuracy adware |
| X |
SurfBuddy |
rundll32 [path] sbuddy.dll |
SurfBuddy
adware - not to be confused with the legitimate SurfBuddy application by
SurfApps! |
| U |
SurfChoice |
SCMan.exe |
SCMan is a utility that can
control services on WinNT from the command line. This utility can create,
start, pause, stop, delete services. Furthermore it can retrieve a service's
current state, get the displayname for a service and vice versa |
| X |
Surfer lptt01 |
surfer.exe |
RapidBlaster variant (in a
"mssurfer" folder in Program Files). Recommended you use
RapidBlaster Killer to uninstall - see here |
| X |
Surfer ml097e |
surfer.exe |
RapidBlaster variant (in a
"mssurfer" folder in Program Files). Recommended you use
RapidBlaster Killer to uninstall - see here |
| U |
SurfHelper |
SurfHelp.exe |
Related
to SurfHelper - a free tool to remove popup windows, clear history, control
window properties of IE, and more |
| U |
SurfinGuard Pro |
winsfcm.exe |
SurfinGuard Pro from Finjan - internet protection software,
protects against all malicious code delivered through executables, scripting
files, ActiveX and Java |
| U |
SurfSecret |
ss2-full.exe |
"House-cleaning utility
that enables you to keep your computer usage to yourself. Runs quietly from
the system tray, eliminating tell-tale files at a regular interval of your
choosing. You can set it to clear your Internet cache files, cookies, history,
temp folder, etc. It can also clear the history of your Run and Find menus,
in addition to the AOL cache" |
| X |
SurfSideKick 2 |
Ssk.exe |
SurfSideKick
adware |
| X |
SurfSideKick 3 |
Ssk.exe |
SurfSideKick adware |
| U |
SurfStream |
SurfStream.exe |
Conceiva "SurfStream lets
you surf the Web faster. It contains a fully featured proxy server that lets
you surf the Web significantly faster. It also blocks all pop-up windows and
banner ads from Web pages. An intelligent tune-up tool automatically analyzes
and optimizes your computer's Internet connection and TCP/IP settings" |
| X |
Surs |
awab.exe |
PurityScan/Clickspring adware |
| N |
Surveysa |
surveysa.exe |
Found on Sony laptops, it brings
up a prompt to take a survey. It goes away if you fill out the survey or you
choose "never prompt me again" but keeps popping if you either exit
out of it or select "take survey later" |
| U |
suScheduler |
UCLauncher.exe |
Related to Lenovo ThinkVantage
Technologies. ThinkVantage Technologies help make ThinkPad/ThinkCentre PCs
less dependent on IT staff |
| X |
Susp |
Susp.exe |
VX2.Transponder parasite updater/installer related |
| X |
susse |
hpsw.exe |
LinkMaker
adware |
| X |
Sustem |
explorer.exe |
Added by an unidentified VIRUS,
WORM or TROJAN! Note - this is not the legitimate Windows Explorer
(explorer.exe) which would not normally appear in Msconfig/Startup unless you
added it manually! |
| X |
SustemUpdate |
explorer.exe |
Added by an unidentified VIRUS,
WORM or TROJAN! Note - this is not the legitimate Windows Explorer
(explorer.exe) which would not normally appear in Msconfig/Startup unless you
added it manually! |
| X |
SV00LSV |
SV00LSV.EXE |
Added by the GRAYBIRD-C TROJAN! |
| X |
SVA Player |
SVAplayer.exe |
ClientMan parasite
variant |
| U |
SVC |
svchost.exe |
ElfSpy keystroke
logger/monitoring program - remove unless you installed it yourself! Note -
this is not the svchost.exe process that normally doesn't appear in
Msconfig/Startup! |
| X |
SVC Service |
svc32.pif |
Added by the RBOT-ASC WORM! |
| X |
SVC Service |
svcinit.exe |
Added by the SINIT TROJAN! |
| X |
SVC Service |
svcinit.exe |
CoolWebSearch
parasite variant |
| X |
SVC Service |
svcpack.exe |
CoolWebSearch Svcinit parasite variant |
| X |
SVC Socks |
mstaskm.exe |
CoolWebSearch
parasite variant |
| X |
Svced |
Svced.exe |
Added by the DELF.F TROJAN! |
| X |
SvcH0st |
msexploren.exe |
Added
by the BACKDOOR-CGZ TROJAN! |
| X |
SvcH0st |
msnexploren.exe |
Added by the TACTSLAY.B TROJAN! |
| X |
SvcH0st |
sdhch.exe |
Added by the TACTSLAY.B TROJAN! |
| X |
SvcH0st |
SHCH.EXE |
Added by the EB TROJAN! |
| X |
SVCH0ST |
spoo1sv.exe |
Added
by the HF TROJAN! |
| X |
SVCH0ST |
SVCH0ST.EXE |
Added
by the IK TROJAN! Note - the filename has the digit 0 rather then the
uppercase "o" |
| X |
SvcH0st |
SVCHST.EXE |
Added by the EB TROJAN! |
| X |
SvcH0st |
WINAGENT.EXE |
Added by the EB TROJAN! |
| X |
SVCH0TS |
sp00lvs.exe |
Added by the LINEAGE-AZ TROJAN! |
| X |
svchast |
svchast.exe |
Added by the LINEAGE-AV TROJAN! |
| X |
svchctrl |
svchctrl.exe |
Added by the COBFINN TROJAN! |
| X |
svchos |
svchos.exe |
Added by the EZIBOT-B TROJAN! |
| X |
svchost |
[path to explorer.exe] |
Added by the UNREAL-A TROJAN! |
| X |
svchost |
[path to trojan] |
Added by the HAZZER TROJAN! Note
- this is not the legitimate svchost.exe process which should NOT appear in
Msconfig/Startup! |
| X |
svchost |
[path] SETUP.EXE |
Added by the SETCLO WORM! |
| X |
svchost |
ADMAGIC.EXE |
Added by the SMIBAG WORM! Note -
this is not the legitimate svchost.exe process which should NOT appear in
Msconfig/Startup! |
| X |
SVCHOST |
MDM.EXE |
Added by the LCJUMP-A WORM! Note - this is not the valid
Machine Debug Manager which shares the same filename |
| X |
SVCHOST |
mrowyekdc.exe |
Added by the GOTORM WORM! |
| X |
svchost |
olehelp.exe |
Added by the BOOKMARKER.G TROJAN! |
| X |
svchost |
rundll16.exe |
Added by the STARTPA-PB TROJAN! |
| X |
SVCHOST |
scvhost.exe |
Added by the MYTOB.E or MYTOB.G
WORMS! |
| X |
SVCHOST |
SPOOLSV.EXE |
Added by the BAITAP-A WORM! Note - "Spoolsv.exe" is
located in the Windows or Winnt directory, and not in System32, like the
legitimate Spoolsv.exe system file |
| X |
svchost |
Svch0st.exe |
Added by the GRAYBIRD and
GRAYBIRD.B TROJANS! Note - the filename has the digit 0 rather then the
uppercase "o" |
| X |
Svchost |
svchosl.pif |
Added by the INZAE.A or INZAE.B
WORMS! |
| X |
SVCHOST |
svchost.exe |
System1060 homepage hi-jacker. Note - this is not the
legitimate svchost.exe process which is always located in the System (9x/Me)
or System32 (NT/2K/XP) folder and should not normally figure in
Msconfig/Startup! This file is located in a "System1060" subfolder
of the Winnt or Windows folder |
| X |
svchost |
svchost.exe |
Added by many TROJANS amd WORMS,
such as MORB or TARNO. Note - this is not the legitimate svchost.exe process
which should not normally figure in Msconfig/Startup! |
| X |
Svchost |
svchost.exe |
Added by the MOZE-A WORM! Note -
this is not the legitimate svchost.exe process which is always located in the
System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure
in Msconfig/Startup! This file is found in the Winnt or Windows folder |
| X |
svchost |
svchost.exe |
Added by the BANCBAN-HL TROJAN!
Note - this is not the legitimate svchost.exe process which is always located
in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is located in a "config"
subfolder of the Winnt or Windows folder |
| X |
Svchost |
svchost.exe |
Added by the ADCLICK-AX TROJAN!
Note - this is not the legitimate svchost.exe process which is always located
in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is located in the Program FilesInternet
Explorer folder |
| X |
svchost |
svchost.exe |
Added by the ES TROJAN! Note -
this is not the legitimate svchost.exe process which is always located in the
System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure
in Msconfig/Startup! This file is located in a "Microsoft" subfolder |
| X |
svchost |
svchost.exe |
Added by the DLOADER-EV TROJAN!
Note - this is not the legitimate svchost.exe process which is always located
in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is located in a "Arquivos de
programas" folder |
| X |
SvcHost |
svchost32.exe |
Added by the AGOBOT-TM WORM! |
| X |
Svchost |
svchots.exe |
Added by the RBOT.ADK WORM! |
| X |
SVCHOST |
taskgmr.exe |
Added by the MYTOB.F or MYTOB.H
WORMS! |
| X |
SVCHOST |
updater32.exe |
Added by the RANTS.A WORM! |
| X |
SVCHOST |
var.txt.exe |
Added by the LDPINCH.C TROJAN! |
| X |
svchost |
winhelp.exe |
Added by the GAOBOT.GEN!POLY WORM! |
| X |
Svchost |
winhost.exe |
Added by the LOLAWEB.A TROJAN!
Note - this is not the legitimate svchost.exe process which should NOT appear
in Msconfig/Startup! |
| X |
svchost |
ying.exe |
Added
by Constructor VC2000 MALWARE! |
| X |
SVCHOST Generic application |
svchost.exe |
Added by the DAEMONI-K TROJAN!
Note - this is not the legitimate svchost.exe process which is always located
in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is found in the Winnt or Windows folder |
| X |
svchost Netware Manager |
svchost.exe |
Added by the EXVID.A WORM! Note
- this is not the legitimate svchost.exe process which is always located in
the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is located in the Winnt or Windows folder |
| X |
Svchost Windows Remote Services |
svhost.exe |
Added by the IRCBOT-IV WORM! |
| X |
svchost.exe |
[path to executeable] |
Added by the BANKER-MO TROJAN! |
| X |
SVCHOST.EXE |
SVCHOST.EXE |
Added by the WRMSCAN-A TROJAN!
Note - this is not the legitimate svchost.exe process which is always located
in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is found in the Winnt or Windows folder |
| X |
svchost.exe |
svchost.exe |
Added by the ZAPCHAS-V TROJAN!
Note - this is not the legitimate svchost.exe process which is always located
in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is located in a "drivers"
subfolder |
| X |
svchost.exe |
svchost32.exe |
CoolWebSearch Svchost32 parasite variant |
| X |
svchost.exe |
swchost.exe |
Added by the SADELPHI-A TROJAN! |
| X |
svchost1 |
svchost1.exe |
Added by the AGOBOT.ZZ WORM! |
| X |
SvcHost32 |
svchost32.exe |
Added by the MIMAIL.I or
MIMAIL.J WORMS! |
| X |
svchost64 |
svchost64.exe |
Added by the SDBOTER.G VIRUS! |
| X |
svchosta |
svchosta.exe |
Added by the SNIFFER-I TROJAN! |
| X |
svchostb |
svchostb.exe |
Added by the SNIFFER-J TROJAN! |
| X |
svchostdll.scr |
svchostdll.scr |
Added by the BANCBAN-FM TROJAN! |
| X |
SvcHosto |
v1rg1n.exe |
Added by the AGOBOT-TK WORM! |
| X |
svchostr |
svchostr.exe |
Added by an unidentified WORM or
TROJAN! |
| X |
svchosts |
svchosts.exe |
Added by the BANCBAN-DC or
BANKER-ED TROJANS! |
| X |
svchosts.exe |
svchosts.exe |
Added by the AGOBOT-JN WORM! |
| X |
svchosts.scr |
svchosts.scr |
Added by the BANCBAN-DQ TROJAN and variants! |
| X |
SVCHOT |
SVCHOT.exe |
Added by the QQROB-U TROJAN! |
| X |
svchst |
svchst.exe |
Added
by the KBROY-C TROJAN! |
| X |
svcinfo |
svcinfo.exe |
Added by the CRYPTER.A TROJAN! |
| X |
Svclhost |
svcchost.exe |
Added by an unidentified WORM or
TROJAN! |
| X |
SvcManager |
restore3.exe |
Added by the AGENT-DSS TROJAN! |
| U |
svcmon |
svcmon.exe |
PersonInspect surveillance software. Uninstall this software
unless you put it there yourself |
| X |
svcroot |
svcroot.exe |
Added by the KEYLOG-AC TROJAN! |
| X |
svcshare |
spoclsv.exe |
Added by the FUJACKS-A VIRUS! |
| X |
svcshare |
winampXP.exe |
Added by the FUJACKS-J VIRUS! |
| X |
SvcSys |
[path to file] |
Added by the BANCOS.Z TROJAN! |
| X |
Svcsys Registry Manager |
svcsysreg.exe |
Recognized by Kaspersky
antivirus as Trojan-Clicker.Agent.cv |
| X |
svcsys32 |
svcsys32.exe |
Added by the AGOBOT-LL WORM! |
| X |
svctask |
svctask.exe |
Added by the CHUCKYB-A TROJAN! |
| X |
svcwinprocess32 |
[path to worm] |
Added by the UPERING WORM! |
| X |
svhoost |
checksys.exe |
Added by a downloader TROJAN of
Chinese origin! |
| X |
SVHOST |
svhost.exe |
Added by the MYDOOM.I WORM! |
| X |
SVHOST |
SVHOST.EXE |
Added by the ZORI.A VIRUS! |
| X |
Svhost Loader |
svshost.exe |
Added by the AGOBOT.G WORM! |
| X |
svhost updates |
Svhost.exe |
Added by a variant of the RBOT WORM! |
| X |
svhost windows services |
svhost8.exe |
Added
by the RBOT-WQ WORM! |
| ? |
SVIDC32M |
SVIDC32M.exe |
?? |
| X |
sVideo2 |
vxdrun6.exe |
"Switch" premium rate adult content dialler |
| X |
sviload32 |
sviload32.exe |
Added by the RBOT-AAS WORM! |
| ? |
SVM Pop |
svmpop.exe |
?? |
| X |
svnlitup32 |
svnlitup32.exe |
Added by the RBOT.CBJ WORM! |
| X |
svnloader |
svnload32.exe |
Added by the RBOT-ACU WORM! |
| X |
svphost.exe |
svphost.exe |
Added by the AGENT.CS TROJAN! |
| U |
SVPWUTIL |
SVPWUTIL.exe SVPwUTIL |
Part of Toshiba Hardware Setup |
| X |
svrrun |
svrrun.exe |
Adware hailing from Deskwizz.com |
| X |
svsekin |
svsekt.exe |
Added by the QQPASS.G TROJAN! |
| X |
svshost |
messenger.exe |
Added by the LOONY-G TROJAN! |
| X |
svshost |
svshost.exe |
Added
by the CHODE-H WORM! |
| X |
Svshost Update Service |
svcbind.exe |
Added by the MYTOB.LH WORM! |
| X |
svshost32 |
msgrsv32.exe |
Added by the RANKY.AJ TROJAN! |
| X |
svshost32 |
svshost32.exe |
Added by a
variant of the SDBOT WORM! |
| X |
svshostdriver |
svshost.exe |
Added by the SDBOT-HN TROJAN! |
| X |
svtcin |
n20050308.a.Stub.EXE |
Added
by the N20050308 TROJAN! |
| X |
svwin32 |
unninst32.exe |
Added by the AGOBOT-NF WORM! |
| X |
SVX Control Service |
svxhost.exe |
Added by the FORBOT-K WORM! |
| U |
SW20 |
sw20.exe |
Related
to MSI's Dynamic Overclocking Technology |
| U |
SW24 |
sw24.exe |
Related
to MSI's Dynamic Overclocking Technology |
| N |
Swap Nut |
javaw.exe |
javaw.exe can be loaded by other
programs at startup but in this instance it's SwapNut, a peer-to-peer file
sharing and searching utility developed and marketed by File Metrics, Inc.
Users can search for and find almost any type of digital file (audio, video,
photos etc.) through a secure peer-to-peer network |
| X |
SWCaller |
SWcaller.exe |
Swporta homepage hijacker |
| X |
SWCaller |
Swcaller2.exe |
Swporta homepage hijacker |
| X |
Swchost |
Swhost.exe |
Added by the MP TROJAN! |
| U |
SWClient |
swsys.exe |
ActivMonAgent keyboard logger/monitoring program - remove
unless you installed it yourself |
| X |
swcroot |
swcroot.exe |
Added by the SOLENO-A TROJAN! |
| N |
SWd |
winwd.exe |
PC
Security from Tropical Software - lock files, password protect, etc |
| Y |
Sweep95 |
ICLOAD95.EXE |
Part of
Sophos ant-virus sofware |
| N |
SweetIM |
SweetIM.exe |
vSweetIM - send fancier smiley-faces and IM graphics to
friends who are using MSN Messenger. They are only able to see these advanced
smiley-faces if they also have SweetIM installed |
| X |
Swf32 |
_backup.exe |
Added by the SYMTEN WORM! |
| X |
Swf32 |
AVupdate.exe |
Added by the MERKUR.E WORM! |
| U |
swg |
GoogleToolbarNotifier.exe |
Companion to the Google Toolbar
that lets you keep Google as your default search engine and prevents this
setting from being changed without your consent. Shouldn't remain in memory
after the feature is disabled as it's a bug - see here |
| X |
SwimSuitNetwork |
SwimSuitNetwork.exe |
Advertising spyware |
| X |
swingsys |
SWINGSYS.EXE |
Added by the BANCOS-CX TROJAN! |
| U |
Switch Off |
swoff.exe |
Switch Off - tray-based system utility that can automatically
perform various frequently used operations like shutdown or restart your
computer, disconnect your current dialup connection, lock workstation, etc |
| N |
Switchboard.com Toolbar |
AtHoc.exe |
Toolbar for the on-line
version of Yellow Pages in the US - Switchboard.com |
| U |
Switcher |
Switcher.exe |
"On a Sony laptop with
built in wireless it allows the user to select which wireless services they
want to run (i.e. Wireless LAN, Bluetooth, both) when turning the wireless
switch on if disabled)" |
| X |
switp |
switpa.exe |
OfferAgent adware component |
| U |
SWL |
rundll32.exe [path] SWL.dll rdl |
StealthWeblog surveillance software. Uninstall this software
unless you put it there yourself |
| U |
SWN2 |
swnxt.exe |
Spyware
removal program by TrekBlue. Previously not recommended but the latest
version was delisted here |
| X |
sws.exe |
[random filename] |
Haldex type adult content dialler |
| X |
sws.exe |
gd-dial.exe |
Globaldialer adult content premium rate dialer |
| N |
SwTray |
SWTRAY.EXE |
MS SideWinder game controller
system tray icon. Available via Start -> Programs. May have the version
number after it |
| N |
SWTrayV4 |
SWTrayV4.exe |
MS SideWinder game controller
system tray icon. This is specific to version 4 of the software. Available
via Start -> Programs |
| ? |
SXGDSENU |
sxgdsenu.exe |
Yamaha SXG soundcard driver |
| N |
SxgTkBar |
sxgtkbar.exe |
Yamaha SXG soundcard utility -
gives quick and easy access via the system tray bar to diagnostics and
configuration |
| ? |
Sxplog |
sxpstub.exe |
Part
of CA Unicenter Software Delivery - manage software across various systems,
from desktops and servers to PDAs and mobile phones, in a controlled and
standardized way - is it required at startup? |
| X |
sxrrv |
sxrrv.pif |
Added
by the VAX-A TROJAN! |
| X |
SyBot v2.1 By Sky-Dancer |
HPSV.exe |
Added by the ZOTOB.I WORM! |
| X |
SYDNEY |
[file path] |
Added by the SYNEY WORM! |
| X |
syelimS-esreveR-troppuS |
[filename] |
Added by the LITBOT.C TROJAN! |
| X |
Syga432te Pe432rsonal Firewall |
MrNo4236.exe |
Added by the RBOT-AQY WORM! |
| X |
Sygaete Personal Firewall |
SyGate.exe |
Added by the RBOT-GLX WORM! |
| X |
Sygate Peral Firewall |
Syga.exe |
Added by the RBOT-AQK WORM! |
| X |
Sygate Personal 3 |
svrv.exe |
Added
by the RBOT-XD WORM! |
| X |
Sygate Personal Block |
Studio.exe |
Added
by the RBOT-TW WORM! |
| X |
Sygate Personal Firewall |
host32.exe |
Added by the RBOT.ALD WORM! |
| X |
Sygate Personal Firewall |
hostserv.exe |
Added by the RBOT.BKO WORM! |
| X |
Sygate Personal Firewall |
Mcafeeupdate.exe |
Added by the RBOT.YN WORM! |
| X |
Sygate Personal Firewall |
msnmsgrs.exe |
Added by the RBOT.XN WORM! |
| X |
Sygate Personal Firewall |
MSNSRV32.exe |
Added by a variant of the RBOT WORM! |
| X |
Sygate Personal Firewall |
service.exe |
Added by a variant of the RBOT WORM! |
| X |
Sygate Personal Firewall |
sexy.exe |
Added
by the RBOT-XY WORM! |
| X |
Sygate Personal Firewall |
svchots.exe |
Added by the RBOT.ABT WORM! |
| X |
Sygate Personal Firewall |
Syga.exe |
Added by the RBOT-AQD WORM! |
| X |
Sygate Personal Firewall |
Sygat.exe |
Added by a variant of the RBOT WORM! |
| X |
Sygate Personal Firewall |
Sygate.exe |
Added
by the RBOT-PN WORM! |
| X |
Sygate Personal Firewall |
Sygate32.exe |
Added by the RBOT.ATW WORM! |
| X |
Sygate Personal Firewall |
sys.exe |
Added
by the RBOT-ZC WORM! |
| X |
Sygate Personal Firewall |
syserror.exe |
Added by the RBOT.UC WORM! |
| X |
Sygate Personal Firewall |
sysgut.exe |
Added by the SDBOT.WM WORM! |
| X |
Sygate Personal Firewall |
system32.exe |
Added by the RBOT.VI WORM! |
| X |
Sygate Personal Firewall |
t1ktik.exe |
Added
by the RBOT-VP WORM! |
| X |
Sygate Personal Firewall |
Win32x.exe |
Added
by the RBOT-KZ WORM! |
| X |
Sygate Personal Firewall |
wins.exe |
Added by the RBOT.AOB WORM! |
| X |
Sygate Personal Firewall |
winxpstat.exe |
Added by a variant of the RBOT WORM! |
| X |
Sygate Personal Firewall Start |
servic.exe |
Added
by the RBOT-RY WORM! |
| X |
Sygate Personal Firewall Start |
services32.exe |
Added
by the RBOT-MB WORM! |
| X |
Sygate Personal Port |
crss.exe |
Added
by the RBOT-PX WORM! |
| X |
Sygate Personal Port Blocker |
volume.exe |
Added by a variant of the RBOT WORM! |
| X |
Sygate Personal Port Blocker |
winupdate.exe |
Added by a variant of the RBOT WORM! |
| X |
Sygate Personals Firewalls |
ccsrn.exe |
Added by a variant of the RBOT WORM! |
| U |
SyGateService |
sgserv95.exe |
SyGate is a useful little program that lets you share an
internet connection over an intranet. Is it needed - it saves a lot of
headache to just let SyGate load at startup. Available via Start ->
Programs |
| X |
Symantec |
ccapp.exe |
Added by the REATLE WORM! Note - this is not a Symantec file |
| X |
Symantec Anti Virus |
symantec32.exe |
Added by a variant of the WOOTBOT WORM! |
| X |
Symantec Antivirus professional |
dfrgfrat.exe |
Added by a variant of the RBOT WORM! |
| X |
Symantec Autoscan |
[random filename] |
Added by the RBOT-AJO WORM! |
| X |
Symantec Configuration Loader |
ccApp32.exe |
Added by a variant of the GAOBOT WORM! |
| Y |
Symantec Core LC |
symlcsvc.exe |
Part of Norton AntiVirus 2004. What does it do? |
| N |
Symantec Fax Starter Edition
Port |
OLFSNT40.EXE |
Offers a virtual printer as a
fax machine. Can be run via a desktop shortcut |
| U |
Symantec NetDriver Monitor |
SNDMon.exe |
Part of Symantec's LiveUpate
(eg, Norton). Not required if you run manual updates but probably require if
you leave them to run automatically. Also, if one runs a small office network
and SNDMon is disabled on one of the computers – then other computers disappear
from the network for this computer, including shared devices like printers
and scanners. Hence the "U" recommendation |
| U |
Symantec NetDriver Warning |
SNDWarn.exe |
Part of Symantec Live Update -
displays the warning when you need to update the firewall database |
| X |
Symantec Secure Server |
svrhost.exe |
Added by the IRCBOT-UB TROJAN! |
| X |
Symantec Security |
symantec32.exe |
Added by the RANDEX.PR or
RANDEX.YR WORMS! |
| X |
Symantec Security Addon |
nvsvc.exe |
Added by a variant of the
AGOBOT/GAOBOT WORM! Note - do NOT confuse with the legitimate NVIDIA Driver
Helper Service file of the same name as described here |
| X |
Symantec Security Routine Addon
for Microsoft Windows |
navpxaw32.exe |
Added by the AGOBOT-GJ TROJAN! |
| X |
Symantec Service |
ccApp.exe |
Added by the AKHER.D WORM! Note - this is also not the valid
Norton AV file with the same filename |
| X |
SymantecFilterCheck |
svhost.exe |
Added by the BANKER-EEO TROJAN! |
| X |
SymAV |
SymAV.exe |
Added by the NETSKY.U WORM! |
| U |
SymKeepAlive |
CKA.exe |
Part of
Norton SystemWorks 2003 - keeps a dial-up modem connection alive |
| X |
Symlcs |
[path to file] |
Added by the YASPY-A TROJAN! |
| X |
Symmetrical Network |
symmec.exe |
Added by the DELBOT-N WORM! |
| X |
SymRun |
ccApps.exe |
Added by the KAGEN-A TROJAN! |
| X |
SymRun |
N/A |
Added by the KANGAROO-A TROJAN! |
| N |
SymTray - Norton SystemWorks |
SYMTRAY.EXE |
Keeps all System Tray icons for
Norton SystemWorks together to reduce clutter. SystemWorks includes Norton
Anti-Virus, Norton Utilities and Norton CleanSweep - mentioned elsewhere
here. Personally I only have Norton eMail Protect running which doesn't need
SymTray |
| U |
Synaptics Pointing Device Driver |
SynTPEnh.exe |
Synaptics touchpad tray icon.
Displays status and provides quick launch to touchpad features such as
scrolling and tap zones. Required on IBM Thinkpads with UnltraNav (pointstick
and touchpad combo) if you don't want to loose the advanced pointstick features
such as scroll |
| U |
Sync Data |
Hndsync.exe |
Pocket
Real Estate - mobile synchronization manager |
| X |
Sync Server |
drwatsoon.exe |
Added by the WATSOON.A TROJAN! |
| U |
SyncAgent |
syncagent.exe |
Ghost Keylogger keystroke
logger/monitoring program - remove unless you installed it yourself! |
| X |
Synchronization Manage |
rservers.exe |
Added by the FORBOT-FM WORM! |
| N |
Synchronization Manager |
mobsync.exe |
Find more information about its use here |
| U |
Sync-It |
Syncit.exe |
Sync-It - synchronizes
the system clock with time servers on the internet |
| X |
syncman |
winsync.exe |
Added by the MANCSYN-A TROJAN! |
| X |
SyncManager |
msorunner.exe |
Added by a variant of the TACTSLAY TROJAN! |
| X |
SyncMon |
adslcomdos.exe |
Added by the CLUNKY-A TROJAN! |
| X |
SyncMon |
fixcomdos.exe |
Added by the CLUNKY-B TROJAN! |
| ? |
SynSetup |
SynTP.tmp RunOnce.exe |
Probably associated Synaptics
touchpads on laptops as for the SynTPEnh and SynTPLpr entries but what does
it do and is it required? |
| X |
Syntax |
windows32.exe |
Added by the SDBOT.CQ WORM! |
| X |
Syntax Script |
systacq.exe |
Added by the SDBOT.AI WORM! |
| U |
SynTPEnh |
syntpenh.exe |
Synaptics touchpad tray icon.
Displays status and provides quick launch to touchpad features such as
scrolling and tap zones. Required on IBM Thinkpads with UnltraNav (pointstick
and touchpad combo) if you don't want to loose the advanced pointstick features
such as scroll |
| Y |
SynTPLpr |
syntplpr.exe |
Synaptics touchpad driver
helper. Required for touchpad features to work |
| X |
sys |
regedit /s sys.reg |
Hijacker |
| X |
sys |
regedit sysdllwm.reg |
CoolWebSearch parasite variant -
also detected as the FEMAD-L TROJAN! |
| X |
Sys Ren |
SysRen.exe |
Part of FlashEnhancer adware |
| X |
sys************* [* = random
digit] |
sys*************.exe [* = random
digit] |
WINBO adware |
| X |
Sys**.exe [* = random char] |
Sys**.exe [* = random char] |
CoolWebSearch/HomeSearch adware
- for examples, see this log |
| X |
Sys**32.exe [* = random char] |
Sys**32.exe [* = random char] |
CoolWebSearch/HomeSearch adware
- for examples, see this log |
| X |
SYS_CLEAN |
Service.exe |
Added by the FLOPCOPY WORM! |
| X |
Sys_Run |
ghost.exe |
Added by the LINEAGE-N TROJAN! |
| X |
sys_Runtt1 |
explorer.exe |
Added by the LINEAGE-M TROJAN! Note - the legitimate Windows
Explorer (explorer.exe) is located in the Windows or Winnt folder and would
not normally appear in Msconfig/Startup unless you added it manually! This
one is located in the Program Files folder |
| X |
sys008 |
sys008.exe |
Hijacker, also detected as the STARTPA-GK TROJAN! |
| X |
sys009 |
sys009.exe |
Added by the STARTPA-ZB TROJAN! |
| X |
sys201 |
sys209.exe |
Added by the STARTPA-ZY TROJAN! |
| X |
Sys29 |
win***32.exe [* = random char] |
EliteBar adware |
| X |
sys32 |
sys32.exe |
Added by the FLUX.E TROJAN! |
| X |
sys32 |
sysx32.exe |
Added
by the KVEX-A VIRUS! |
| U |
sys32cmd |
sys32win.exe |
Active Keylogger keystroke logger/monitoring program - remove
unless you installed it yourself! |
| X |
sys32dll |
sys32dll.exe |
Added by the AIMDES.B WORM! |
| U |
sys32sql |
sys32win.exe |
Active Keylogger keystroke logger/monitoring program - remove
unless you installed it yourself! |
| X |
sys33 |
sys33.exe |
Added by the AGOBOT-WJ WORM! |
| X |
SysA |
win***32.exe [* = random char] |
EliteBar adware |
| U |
SysAgent |
SysAgent.exe |
SYSagent - small utility for
retrieving all the hardware and software information required by anyone
administering a machine and/or the network it's a part of |
| X |
SysAI |
SysAI.exe |
AproposMedia adware |
| X |
SysATW |
sysatw.exe |
Added by the VANEBOT-AM WORM! |
| U |
SysBkup |
[path to file] |
Keyspy keystroke logger/monitoring program - remove unless you
installed it yourself! |
| U |
Sysbot |
sysbot.exe |
Spector - spying (or monitoring) software to record internet
activity |
| X |
syscfg |
syscfg32.exe |
Added by the KWBOT.S WORM! |
| X |
syscfg34.exe |
syscfg34.exe |
Added by the ELECTRON WORM! |
| X |
syscheck |
iexplorer.exe |
Added by the AGENT.DM TROJAN! |
| X |
Syscheck |
win.hta |
Browser hijacker |
| X |
sysclx |
ntldrt.exe |
Added
by the JLOK-A WORM! |
| X |
syscm |
Syscm.exe |
Vanish
adware |
| ? |
SysComp |
mssdnl.com |
Unknown but suspect as *.com are
not usually run at start up and the name isn't recognized |
| X |
syscon |
syscon.exe |
Added by the APRILCONE.A WORM! |
| X |
syscon lptt01 |
syscon.exe |
RapidBlaster variant (in a
"Syscon" folder in Program Files). Recommended you use RapidBlaster
Killer to uninstall - see here |
| X |
syscon ml097e |
syscon.exe |
RapidBlaster variant (in a
"Syscon" folder in Program Files). Recommended you use RapidBlaster
Killer to uninstall - see here |
| X |
sysconfig |
iexplorer.exe |
Added by the CULT.C WORM! |
| X |
sysconfig |
iexplorer.exe |
Added by the CULT.H WORM! |
| U |
Sysconfig |
Stealth KeySpy.exe |
StealthKeySpy - keystroke logger/monitoring program - remove
unless you installed it yourself! |
| X |
SysConfig |
syscfg35.exe |
Added by the KAZMOR.C WORM! |
| X |
SysConfig |
wincfg32.exe |
Added by the SDBOT.ZD WORM! |
| X |
Syscpy |
Syscpy.exe |
Firewall-bypassing, proxied spam relayer. Detected by
Symantec as the HOGLE TROJAN! |
| X |
SysCtl |
sysctl.exe |
Added by
the AOK TROJAN! |
| X |
Sysctrls |
procdll.exe |
Added by the WEEDBOTZ.14 TROJAN! |
| X |
Sysctrls |
winupdate.exe |
Added by an unidentified WORM or
TROJAN! |
| X |
sysdat.dll |
sysdat.dll.exe |
Added by the NISHICA 1.1 TROJAN! |
| X |
SysData |
[path to file] |
Added by the RANCK-BA TROJAN! |
| X |
SysDeskqqfx |
qqfx.exe |
Added by the QQPASS.H TROJAN! |
| X |
SysDeskqqfx |
Runddll32.exe |
Added by the CHANGGAME TROJAN! |
| X |
SysDesktop |
fswanQQ.exe |
Added by the QQSEND-A TROJAN! |
| X |
sysdir |
winrun.exe |
Added by the WINBUR.B WORM! |
| X |
sysdll |
[trojan filename] |
Added by the HUGESOT TROJAN! |
| X |
Sysdpt |
sysdpt.exe |
CRYPT trojan downloader |
| X |
sysdxvid |
sysdxvid.exe |
Added by the DLUCA-S TROJAN! |
| X |
sysemls |
sysem.exe |
Added by a
variant of the SDBOT WORM! |
| X |
SysEQ |
svclgx32.exe |
Added by the IRCBOT-AC TROJAN! |
| X |
sysfiler |
sysfiler.exe |
Added by the RETSAM TROJAN! |
| X |
SYSfit |
SYSfit.exe |
AdShooter adware variant |
| X |
sysflg32 |
sysflg32.exe |
Added by a variant of the CRYPTER.C TROJAN! |
| X |
sysformat |
sysformat.exe |
Added by the BAGLE-BK WORM! |
| X |
sysfrcx |
sysfrcx.exe |
Added by
the KEYLOG-SCLOG TROJAN! |
| X |
syshelp |
syshelp.exe |
Added by a variant of the LOVGATE WORM! |
| X |
sysin |
[path to file] |
Added
by the DSRC-A TROJAN! |
| X |
sysinfo |
sysinfo.exe |
Added by the BEDRILL TROJAN! |
| X |
sysinfo.exe |
sysinfo.exe |
Added by the BEAGLE.V WORM! |
| X |
sysinit |
services.exe |
Added by the NEWLFRM-A TROJAN!
Note - this is not the legitimate services.exe process which is always
located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not
normally figure in Msconfig/Startup! This file is located in an "golumm"
subfolder |
| X |
SysInit |
wininit32.exe |
Added by the XABOT WORM! |
| X |
Sysino |
lsess.exe |
Added by the FORBOT-BF WORM! |
| X |
sysint16 |
sysint16.exe |
Added by the CRYPTER.A TROJAN! |
| X |
Syskey |
sysinit.exe |
Added by the BEAGLE.AX WORM! |
| X |
Syslib |
Syslib.exe |
Adult content related downloader
trojan |
| X |
Syslog lptt01 |
Syslog.exe |
RapidBlaster variant (in a
"Syslog" folder in Program Files). Recommended you use RapidBlaster
Killer to uninstall - see here |
| X |
Syslog ml097e |
Syslog.exe |
RapidBlaster variant (in a
"Syslog" folder in Program Files). Recommended you use RapidBlaster
Killer to uninstall - see here |
| X |
syslogin.exe |
syslogin.exe |
Added
by the BAGZ-B WORM! |
| U |
Sysman |
Sysman.exe |
KeyTrap is a surveillance software program that records all
keyboard activities. Uninstall this software unless you put it there yourself |
| X |
sysme |
sysme.exe |
Added by the PSW_STEALER_C TROJAN! |
| X |
sysmem |
mmsete.exe |
Added by the NOPIR.C WORM! |
| X |
sysmem |
outlookrem.exe |
Added
by the NOPIR-C WORM! |
| X |
SysMemory manager |
mdms.exe |
Added by the CIMUZ-D TROJAN! |
| U |
SysMetrix |
SysMetrix.exe |
SysMetrix -
skinnable clock and metering application. It monitors and reports on a great
number of statistics |
| X |
sysMett1 |
explorer.exe |
Added by the LEGMIR-Y TROJAN! Note - the legitimate Windows
Explorer (explorer.exe) is located in the Windows or Winnt folder and would
not normally appear in Msconfig/Startup unless you added it manually! This
one is located in the Program Files folder |
| X |
sysmini |
sysmini.exe |
Added by the ADLOAD.DD TROJAN! |
| X |
sysmngr32 |
sys64mnger.exe |
Added by a variant of the RBOT WORM! |
| X |
sysmntrc |
sysmntrc.exe |
Added by the BANCOS-FX TROJAN! |
| X |
sysmod |
sysmod.exe |
Added by the SPYBOT-DU WORM! |
| X |
Sysmon |
rpcmon.exe |
Added by the RANDEX.ATX WORM! |
| X |
sysmon |
sysmon.exe |
Added by the BIZEX WORM! |
| X |
sysmon |
sysmon44.exe |
Added by a
variant of the BACKDOOR-CBA TROJAN! |
| X |
Sysmon |
SystemMonitor.exe |
Added by the NUJAMA-A WORM! |
| X |
SysMon |
wowexece.exe |
Added by the MULAN-A TROJAN! |
| X |
sysmon12 |
[various filenames] |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
SysmonLog |
mslog.exe |
Added by the AGENT.AOV TROJAN! |
| X |
sysmonnt |
sysmonnt.exe |
SearchPounder sends keywords typed into HTML forms and
popular Internet search engines to a remote server |
| X |
SysMonXP |
SysMonXP.exe |
Added by the NETSKY.Q WORM! |
| X |
sysnate |
sysnate.exe |
Added by the MEDIAS TROJAN! |
| X |
Sysnet |
snuninst.exe |
Unidentified adware |
| X |
sysnet |
sysnet.exe |
CasClient adware - also detected as the CMAPP TROJAN! |
| X |
sysobj.exe |
sysobj.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| X |
SysOps |
SysOps |
Added by the MSNCORRUPT TROJAN! |
| X |
syspare |
syspare.exe |
Added by the BIFROSE-AN TROJAN! |
| X |
syspath |
drv.exe |
Added by the SOBER WORM! |
| X |
sysPersonalFirewall |
msnmssgr.exe |
Added by a variant of the RBOT WORM! |
| X |
sysPersonalFirewall |
system.exe |
Added by the WOOTBOT.FH WORM! |
| X |
sysPersonalFirewall |
tskm0nitor.exe |
Added by a variant of the RBOT WORM! |
| U |
SysPilot |
fdxxl.exe |
G Data "PC Spion". PC monitoring and surveilling
software, captures all users activity on the PC, see here. Disable/remove if
you didn't install it yourself! |
| X |
sysPnP |
bootconf.exe |
Homepage
hijacker, redirecting to coolwwwsearch.com; see for example here |
| X |
SysPnP |
rundll32 setupapi,
InstallHinfSection.... oemsyspnp.inf |
Search hijacker - see here |
| X |
syspol |
syspol.exe |
Added by the DREMN-B TROJAN! Note - this malware actually
changes the default value data of the Registry "Run" key in order
to force Windows to launch it at boot. Name field may be empty |
| Y |
SysPool |
Mssvc.exe |
StealthDisk - hides
folders, files and applications. Will also encrypt them for better protection |
| X |
SysPool |
MSSVC32.EXE |
Added by the BANCBAN-IO TROJAN! |
| X |
SysProtect |
syp.exe |
SysProtect
is detected as a "potentially unwanted program". It purports to be
an system repair/maintenance application, but requires paid registration
before any issues found can be fixed. Many of the "invalid" items
found appear suspect. This has been reported to be distributed in wild via
trojan Vundo. Other incarnations of this software exist with the same model
and similar web presences (for example WinFixer). For more information see
here |
| X |
SysProtect |
System.exe |
Added by the NETSPY TROJAN! |
| X |
syspw32.exe |
syspw32.exe |
Added by the APPFLET.A WORM! |
| X |
Sysqq |
LSESS.exe |
Added by the FORBOT-BF WORM! |
| X |
SysR |
sysmd.exe |
Ulubione adult content dialer |
| X |
SysReg |
SysReg.exe |
Added by the CHEKIN TROJAN! |
| X |
SysReg |
SysReg.exe |
SearchSeekFind textual
marketing foistware |
| X |
SysRes |
IExpIore .exe |
Added by the ELITPER.E WORM! |
| X |
Sysres |
Sysres.exe |
Added
by the LOGMOD.A TROJAN! |
| X |
SysRes |
TASKMANAGER.exe |
Added by the ELIPTER.A or
ELIPTER.B WORMS! |
| X |
SysRes |
WWE DIVAS.exe |
Added by the ELIPTER.D WORM! |
| X |
Syss |
ehuupdate.exe |
EHU
adware |
| X |
SysScan |
bvt.exe |
Added by the AUTOUPDER TROJAN! |
| X |
SysSearch |
Regedit.exe -s [path]
pcsearch.reg |
Added by
the StartPage-FN browser hijacker |
| X |
SysSearch |
REGEDIT.EXE -s [path] sysreg.reg |
Added by the STARTPA-ME TROJAN! |
| U |
SysSense |
SysSense.exe |
"SysSense
is your personal desktop Google AdSense monitor. It keeps your current Google
AdSense information in the Windows system tray". Google AdSense account
required |
| X |
sysser |
[path to file] |
Added by the RAHACK WORM! |
| U |
SysService |
SERVICES.EXE |
NSKeyLogger keystroke logger/monitoring program - remove unless
you installed it yourself! |
| X |
SysService |
SysService.exe |
Added by the DELF family of TROJANS! |
| X |
SysService32 |
ln32k.dll |
Added by
the KINDAL VIRUS! |
| X |
SysService32 |
SysService32.exe |
Added by
the KINDAL VIRUS! |
| X |
SysService32l |
systask32l.exe |
Added by the THEUG WORM! |
| X |
SYSsfitb |
SYSsfitb.exe |
Searchforit browser hijacker |
| X |
SySSL |
sysl.exe |
Added by the RBOT-CKH WORM! |
| X |
SysStart |
***sysi6.exe [* = random char] |
ZenoSearch adware. Note - the most frequent filenames appear
to be jdisysi6.exe, hjisysi6.exe, ffgsysi6.exe but there are others |
| X |
SysStart |
[adware filename] |
ZenoSearch adware |
| X |
SysStart |
1.exe |
ZenoSearch adware |
| X |
Sys-Stat |
wuapdxe.exe |
Added by the SDBOT.HK WORM! |
| X |
SysStrt |
systemc.exe |
Added by the AGOBOT-QA TROJAN! |
| X |
syst |
syst.exe |
Added by the DUMB.A "Joke" virus |
| X |
System |
abcdefg.exe |
Added by the HARWIG-B WORM! |
| X |
System |
Atira.exe |
Added by the KOTIRA VIRUS! |
| X |
System |
cber.exe |
Added by an unidentified TROJAN! |
| X |
System |
csrss.exe |
Added by the LDPINCH.E TROJAN!
Note - this is not the legitimate csrss.exe process which is always located
in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is located in the Winnt or Windows
folder |
| X |
SYSTEM |
d.exe |
Added by the MYTOB.LP WORM! |
| X |
System |
dcomx.exe |
Added by the CIREBOT TROJAN! |
| X |
system |
Explorer.exe |
Added by the GRAYBIRD TROJAN! Note - the legitimate Windows
Explorer (explorer.exe) is located in the Windows or Winnt folder and would
not normally appear in Msconfig/Startup unless you added it manually! This
one is located in the System (9x/Me) or System32 (NT/2K/XP) folder |
| X |
System |
inetinfo.exe |
Added by the PARDROP-A TROJAN! |
| X |
System |
kernels1118.exe |
Added by a
variant of the SDBOT WORM! |
| X |
System |
kernels32.exe |
Added by the DLOADER-FC TROJAN! |
| X |
System |
kernels64.exe |
Added by the VIXUP-S TROJAN! |
| X |
System |
kernels8.exe |
Added by the TIBS.AI TROJAN! |
| X |
System |
kernels88.exe |
Added by the TIBS-PP TROJAN! |
| X |
SYSTEM |
lsas.exe |
Added by the SPYBOT.CJ WORM! |
| X |
system |
lsass.exe |
Added by the SATILOLER.B TROJAN!
Note - this is not the legitimate lsass.exe process which is always located
in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is located in the Program FilesCommon
Filessystem folder |
| X |
system |
lsasse.exe |
Added
by the RBOT-YL WORM! |
| X |
system |
messenger.exe |
Added by an unidentified WORM or
TROJAN! |
| X |
System |
OeApi.vbs |
Added by
the AGUI WORM! |
| X |
system |
outlook.exe |
Added by the MIMAIL.Q WORM! Note that the valid MS Outlook
executeable is located in the Program FilesMicrosoft OfficeOffice directory
wheras this one is found in the Windows or Winnt directory |
| X |
system |
regedit -s system.dll |
Homepage hijacker |
| X |
System |
run322.exe |
Added by the LANFILT TROJAN! |
| X |
system |
services.exe |
Added by the DELF-LQ TROJAN!
Note - this is not the legitimate services.exe process which is always
located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not
normally figure in Msconfig/Startup! This file is located in a
"HELP" subfolder of the Windows or Winnt folder |
| X |
System |
serwin.exe |
Added by the LDPINCH-BN TROJAN! |
| X |
System |
smss.exe |
Added by the AGENT.AEP TROJAN! Note - this is not the
legitimate smss.exe process which is always located in the System (9x/Me) or
System32 (NT/2K/XP) folder and should not normally figure in
Msconfig/Startup! |
| X |
System |
SPOOLSU.EXE |
Added by the BANKER-FC TROJAN! |
| X |
System |
svchîst.exe |
Added by the LDPINCH-BF TROJAN! |
| X |
System |
svchost.exe |
Added by the LDPINCH-AU TROJAN!
Note - this is not the legitimate svchost.exe process which is always located
in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is found in the Winnt or Windows folder |
| X |
system |
svcr.exe |
Added by the SPYONE TROJAN! |
| U |
System |
sysctrl.exe |
Added by WinGuardian. Note -
this commercial keylogger is no longer made or sold by Webroot but older
copies may still be in existance, those copies will be identified as spyware |
| X |
System |
system.exe |
Added by various WORMS and
TROJANS! |
| X |
System |
system.exe (74295303) |
Added
by the IU WORM! |
| X |
System |
system23.exe |
Added by the LEBREAT-D WORM! |
| X |
system |
systemsearch.hta |
Jetseeker.com hijacker |
| X |
System |
systray.exe |
Added by the PISABOY-A TROJAN!
Note - this is not the legitimate systray.exe process |
| X |
System |
Updaterun.exe |
Added by the QQHELP-DX TROJAN! |
| X |
SYSTEM |
VSSMON.exe |
Added by the RBOT-AWW TROJAN! |
| X |
SYSTEM |
wiinlogon.exe |
Added by the RBOT-AVG WORM! |
| X |
SYSTEM |
windmupdr.exe |
Added by a variant of the RBOT WORM! |
| X |
System |
windowsps.exe |
Added by a variant of the RBOT WORM! |
| X |
System |
WINL0G0N.EXE |
Added by the BANCOS-DB TROJAN! |
| X |
System |
winupd.exe |
Added by a
variant of the SDBOT WORM! |
| X |
System |
wsscntfy.exe |
Added by a
variant of the SDBOT WORM! |
| X |
System |
wumgrd32.exe |
Added by a variant of the RBOT WORM! |
| X |
System |
YPager.exe |
Added by the JUNTADOR.K TROJAN! Note - this is not Yahoo!
Messenger |
| X |
System |
Zap.exe |
Added
by the MSNVB-D WORM! |
| X |
System 64 Driver for Games |
sys64dvr.exe |
Added by the SDBOT TROJAN! |
| X |
System Applications Profile |
sap.exe |
Added by the RBOT-QF WORM! |
| X |
System backup |
[random filename] |
Added by the ADMINCASH.B TROJAN! Note - multiple different
file names have been spotted, examples: web.exe, soft.exe, msxmidi.exe,
wmplayer.exe, as well as completely random ones such as 9a2de006.exe,
36c75e3c.exe and so on |
| X |
System Backup |
msystem.exe |
Adult content dialler |
| X |
System Backup Services |
backups32.exe |
Added by a variant of the RBOT WORM! |
| X |
System Boot Check |
sysload3.exe |
Added by the FUBALCA WORM! |
| X |
System Buffer Application |
buffer32.exe |
Added by the SDBOT-UD WORM! |
| X |
System Cache |
SysCache.exe |
Added by an unidentified VIRUS,
WORM or TROJAN! |
| U |
System Check |
Rundll32.exe SysDll32.dll,
SystemCheck |
XPCSpy Pro keystroke
logger/monitoring program - remove unless you installed it yourself! |
| X |
system check |
updater.exe |
Unidentified adware downloader |
| X |
System Check |
win_klr32.exe |
Added by the DELF-DRA WORM! |
| X |
System Checking |
wasul.exe |
Added by the RBOT.BHM WORM! |
| X |
System Config |
BF3.EXE |
Added by the SPYBOT-DT WORM! |
| X |
System Config Manager |
crss.exe |
Added by the AGOBOT.GH WORM! |
| X |
System Config Manager |
smssl.exe |
Added by the AGOBOT-ZJ WORM! |
| X |
System Configuration |
iexplore.exe |
Added by the RANDEX.AD WORM!
Note - this is not the legitimate Internet Explorer iexplore.exe process
which is always located in the Program FilesInternet Explorer folder and
should not normally figure in Msconfig/Startup! This file is located in the
System (9x/Me) or System32 (NT/2K/XP) folder |
| X |
System Configuration |
syscfg32.exe |
Added by the MYTOB.EA WORM! |
| X |
system configure |
svchost.exe |
Added by the LINEAGE-C TROJAN!
Note - this is not the legitimate svchost.exe process which should not
normally figure in Msconfig/Startup! |
| X |
System CPL manager |
[random filename] |
Added
by the RBOT-SR WORM! |
| X |
System CSRSS Patch |
scrtkfg.exe |
Added by the RBOT-ADA WORM! |
| X |
System Database administration |
systemDA.exe |
Added by the DERDERO.B WORM! |
| X |
System Database Administration
Support Process |
sysdasp.exe |
Added by the DERDERO.C WORM! |
| X |
System Diagnostics |
sysdiag32.exe |
Added by the SDBOT.GEN TROJAN! |
| N |
System DLF |
cpqdiaga.exe |
Compaq Diagnostic record system
utility which allow you to view information about your computer's hardware
and software configuration. Available via Start -> Programs |
| U |
System DLL Resources |
sysdll.exe |
SnapKey is a surveillance software program that records all
keyboard activities. Uninstall this software unless you put it there yourself |
| X |
System Document Application |
msdocument.exe |
Added by the RANDEX.COX WORM! |
| X |
System Document Application |
nmod.exe |
Added by the SDBOT-ABB WORM! |
| X |
System Document Application |
wins.exe |
Added by the SDBOT.AUB WORM! |
| X |
System Download Manager |
SysMgr.exe |
Added by the RBOT.CIG WORM! |
| X |
System driver |
Messenger.exe |
Added by the WOOTBOT.GI WORM! |
| X |
System Drivers |
cpsq32.exe |
Added by the SDBOT.AXH WORM! |
| X |
System Drivers |
wingmt.exe |
Added by the SDBOT-MG WORM! |
| X |
System Efficiency Monitor |
mscedit32.exe |
Added by the SDBOT.P TROJAN! |
| X |
System Efficiency Monitor |
mscommand.exe |
Added by the KWBOT.P WORM! |
| X |
System Efficiency Monitor |
msedit32.exe |
Added
by the STEPH-B WORM! |
| X |
System Event Manager |
secsvc.exe |
Added by the RBOT.BMY WORM! |
| X |
System Executable DLL Library |
EXECDLL32.exe |
Added by the RANDEX.AZ WORM! |
| X |
System Failure Statistic |
cnstat.exe |
Added
by the RBOT-LF WORM! |
| X |
System File Drivers |
nvsysvc32.exe |
Added by the AGOBOT.WJ WORM! |
| X |
system firewall |
makeini32.exe |
Added by the AGOBOT-PS WORM! |
| X |
System Firewalls |
commandprompt32.exe |
Added by the RBOT.BJT WORM! |
| X |
System Guard |
mhguard.exe |
Added by the RBOT-AGU WORM! |
| X |
System Handler |
LSASS.EXE |
Added by the NIMOS WORM! Note -
this is not the legitimate lsass.exe process which is always located in the
System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure
in Msconfig/Startup! This file is located in the System folder |
| X |
system handler |
srvhandle.exe |
Added by the REDPLUT VIRUS! |
| X |
System Host Manager |
syshost.exe |
Added by the BANWORM-C WORM! |
| X |
System Host Service |
svchost.exe |
Added by the CONE.F WORM! Note -
this is not the legitimate svchost.exe process which is always located in the
System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure
in Msconfig/Startup! This file is located in a "tasks" subfolder of
the Winnt or Windows folder |
| X |
System Information Manager |
Msbb.exe |
Added by a variant of the BACKDOOR.IRC.BOT TROJAN! |
| X |
System Information Manager |
Navcpe.exe |
Added by the SDBOT-QB WORM! |
| X |
System Initialization |
msmsgri32.exe |
Added by the RANDEX.D WORM or
ROXY or ROXY.B TROJANS! |
| X |
System Initialization |
payload.dat |
Added by the RANDEX.D WORM or
ROXY or ROXY.B TROJANS! |
| X |
System Kernal Support |
system.exe |
Added by the SDBOT.BWV WORM! |
| X |
System Kernel |
lsass.exe |
Added by the VBBOT-G TROJAN!
Note - this is not the legitimate lsass.exe process which is always located
in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is located in the Winnt or Windows folder |
| U |
System LifeGuard Scheduler |
Slsched.exe |
System LifeGuard scheduler |
| X |
System Log Event |
csrss32.exe |
Added by the AGOBOT-JI WORM! |
| X |
System Management Service |
smsc.exe |
Added by the RBOT-ANN WORM! |
| X |
System Manager |
svchost.exe |
Added by the BANKER-AE TROJAN!
Note - this is not the legitimate svchost.exe process which is always located
in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is found in the Winnt or Windows folder |
| X |
System Manager |
sysmng.exe |
Added
by the TAME-C WORM! |
| X |
system manager |
System.exe |
Added by the FORBOT-BO WORM! |
| X |
System Manager |
winsrv32.exe |
Added by an unidentified WORM or
TROJAN! |
| X |
System Manager Updates |
winsvc.exe |
Added by the AGOBOT.AEM WORM! |
| U |
System Mechanic Popup Blocker |
PopupBlocker.exe |
Popup blocker part of
Iolo System Mechanic utility suite |
| U |
System Mechanic Popup Stopper |
Popupstopper.exe |
Popup stopper part of
Iolo System Mechanic utility suite |
| N |
System Mechanic Professional
Update [Incinerator.dll] |
SysMech4.exe /REREG: [path]
Incinerator.dll |
Iolo System
Mechanic "Incinerator" feature securely deletes files and folders
from your PC so they can never be recovered again |
| X |
SYSTEM MESSAGER |
wmisg.exe |
Added by the MYTOB.ES WORM! |
| X |
System Messaging Queue |
SMCSS.EXE |
Added by a variant of the RBOT WORM! |
| X |
System Messenger |
SYSMSG32.EXE |
Added by the SPYBOT-DK WORM! |
| U |
System Monitor |
SYSMON.EXE |
Comes with some Aopen
motherboards. Monitors CPU temp, voltage and fan speed. Warns if any become
abnormal |
| X |
System Monitor |
Sysmon16.exe |
Added by the SDBOT TROJAN! |
| X |
System MScvb |
mscvb32.exe |
Added by the SOBIG.C WORM! |
| X |
System Net |
sys32.exe |
Added by the FORBOT-FX WORM! |
| X |
System Net Database |
sysnd.exe |
Added
by the RBOT-AAW WORM! |
| X |
System Networking |
sysnet.exe |
Added by the RBOT.API WORM! |
| X |
System Power Managment |
svcnost.exe |
Added
by the DREF-I WORM! |
| X |
System Process |
CSRSR.exe |
Added by the AGOBOT-SQ WORM! |
| X |
System Process |
csrss.exe |
Added by the ADCLICK-AG TROJAN!
Note - this is not the legitimate csrss.exe process which is always located
in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is located in the Winnt or Windows
folder |
| X |
System Process |
lsass.exe |
Added by the ADCLICK-AG TROJAN!
Note - this is not the legitimate lsass.exe process which is always located
in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is located in the Winnt or Windows
folder |
| X |
System Process |
svchost.exe |
Added by the ADCLICK-AG TROJAN!
Note - this is not the legitimate svchost.exe process which is always located
in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is found in the Winnt or Windows folder |
| X |
System Profile |
Regsrv.exe |
Added by a variant of the OPTIX TROJAN! |
| X |
System Reboot |
rebootsys.exe |
Added
by the RBOT-WU WORM! |
| X |
System Redirect |
sysbho.exe |
Downloader trojan,
"Melkosoft" adware related |
| X |
System Restore |
svcnet.exe |
Added by the TIBICK WORM! |
| X |
System Restore Data |
[path] repcale.exe [path]
beird.exe |
Added by the RANDON.AN WORM! |
| X |
System Service |
backup.exe |
Added by the PACKBOT.AA WORM! |
| X |
System Service |
coderxt.exe |
Added by the RBOT-ALD WORM! |
| X |
System Service |
exp0lrer.exe |
Added by a variant of the RBOT WORM! |
| X |
System Service |
msnwindows.exe |
Added by the SPYBOT.YCL WORM! |
| X |
System Service |
msnxpexe.exe |
Added by the RBOT-AUA WORM! |
| X |
System Service |
MSREXE.EXE |
Added by
the AML TROJAN! |
| X |
System Service |
serious.exe |
Added by the RBOT-FMV WORM! Note - deactivates the Microsoft
Internet Connection Firewall (ICF) |
| X |
System Service |
servicent.exe |
Added by the RBOT-AJI WORM! |
| X |
System Service |
servicez.exe |
Added by the RBOT-AOY WORM! |
| X |
system service |
spoolcrv.cpl |
Added by the INSPIR.11 TROJAN! |
| X |
System service |
system.exe |
Added by the BANCOS.AA TROJAN! |
| X |
System Service |
systems.exe |
Added by the AGOBOT.VZ WORM! |
| X |
System Service |
teskmangr.exe |
Added by the RBOT-AUV WORM! |
| X |
SYSTEM service helper |
svchelper.exe |
Added by the MONKBD-A WORM! |
| X |
SYSTEM service helper |
syshelp.exe |
Added by a variant of the MONKBD-A WORM! |
| X |
System service** |
pokapoka**.exe |
EliteBar adware - where ** represents the numbers 61 to 79 |
| X |
System service62 |
System service62 |
pokapoka62.exe |
| X |
System service78 |
[path to file] |
Added by the ELITEBAR-T and
ELITEBAR-U TROJANS! |
| X |
System service79 |
[path to file] |
Added by the ELITEBAR-V TROJAN! |
| X |
System Services |
[random file name] |
Added by a variant of the RBOT WORM! |
| X |
System Services |
connection.exe |
Added by an unidentified WORM or
TROJAN! |
| X |
System Services |
ssms.exe |
Added by a variant of the RBOT WORM! |
| X |
System Services |
svcsenes.exe |
Added by a variant of the RBOT WORM! |
| X |
System Services |
svcsenes32a.exe |
Added by the RBOT-AFG WORM! |
| X |
System Session Manager |
smss.exe |
Added by the KALEL-E WORM! Note
- this is not the legitimate smss.exe process which should NOT appear in
Msconfig/Startup! |
| X |
System settings |
burndl32.exe |
Added by the SDBOT-ZO WORM! |
| X |
System Setup |
rpcxcmod.exe |
Added by an unidentified WORM or
TROJAN! |
| X |
System Soap Pro |
soap.exe |
System Soap Pro internet
cleaning software. Bundles foistware like Httper and Zipclix - best avoided |
| X |
system spool |
syspools.exe |
Added
by the DREF-T WORM/VIRUS! |
| U |
System startup |
charmapx.exe |
Only required if using an
oriental language |
| X |
System Startup |
kimochi.exe |
Added by a variant of the RBOT WORM! |
| X |
System Startup |
Voltio.exe |
Added by the RBOT.NJ WORM! |
| X |
System Startup Manager |
smcss.exe |
Added by the RBOT.AMD WORM! |
| X |
System Stats |
SystemStats.exe |
Added by a variant of the WOOTBOT WORM! |
| X |
System Support |
syscfg.exe |
Added by the RBOT-AGQ WORM! |
| X |
System Support |
syssql.exe |
Added by the RBOT-AUH WORM! |
| X |
System Support |
system32.exe |
Added by the RBOT-AHA WORM! |
| X |
System Support |
torrent.exe |
Added by a variant of the RBOT WORM! |
| X |
System Terminal |
SYSTEM2.EXE |
Added by the SPYBOT-BZ TROJAN! |
| X |
System time updator |
CSysTime.exe |
Added by the RANDEX.S WORM! |
| X |
System Toolkit |
Systools.exe |
Added by the RONOPER-G WORM! |
| X |
System Tray |
msccn32.exe |
Added by the SOBIG.B WORM!
Warning - spreading via infected E-mail attachments with the sender address
faked as support@microsoft.com! Note - this is not the legitimate systray.exe
process |
| X |
System Tray |
systray.exe |
Added
by the FAN-A WORM! |
| X |
System Tray Services |
spooles32.exe |
Added by the AGOBOT.ZH WORM! |
| X |
System Tray32 |
SysTray32.exe |
Added by the REPAD WORM! |
| X |
System Unix |
syscfg32.exe |
Added
by the RBOT-ZD WORM! |
| X |
system updata |
updata.exe |
Added by the LINEAGE-C TROJAN! |
| X |
System Update |
[filename].exe |
CoolWebSearch
parasite variant |
| X |
System Update |
[path to trojan] |
Added by the AUTOTROJ-D TROJAN! |
| X |
System Update |
[random filename] |
Added by the KORGO.W or KORGO.X
WORMS! |
| X |
System Update |
[random filename] |
Added by the SOROMO-A TROJAN! |
| X |
System Update |
mssetupconf.exe |
Added by the RBOT.DLC WORM! |
| X |
System Update |
wauluclt.exe |
Added by the SDBOT.EF WORM! |
| X |
System Update |
wupdmgr.exe |
Added by the SOROMO-A TROJAN! |
| Y |
System Update Application |
msbuffer.exe |
Added by the SDBOT.AFF WORM! |
| X |
System Update Service |
system.pif |
Added by the RBOT-ALL WORM! |
| X |
System Update Service |
update.pif |
Added by the SPYBOT.WOE WORM! |
| X |
System Update Service |
winupd32.exe |
Added by the ADTODA-A TROJAN! |
| X |
System Update Service |
wmiprvsa.exe |
Added by the AGOBOT-RG TROJAN! |
| X |
System Update2 |
explorer.exe |
Added by the AUTOTROJ-C TROJAN! Note - the legitimate Windows
Explorer (explorer.exe) is located in the Windows or Winnt folder and would
not normally appear in Msconfig/Startup unless you added it manually! This
one is located in the System (9x/Me) or System32 (NT/2K/XP) folder |
| X |
System Update2 |
services.exe |
Added by the AUTOTROJ-C
TROJAN!Note - this is not the legitimate services.exe process which is always
located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not
normally figure in Msconfig/Startup! |
| X |
System Update2 |
svchost.exe |
Added by the AUTOTROJ-C TROJAN!
Note - this is not the legitimate svchost.exe process which should NOT appear
in Msconfig/Startup! |
| X |
System Update2 |
system.exe |
Added by the AUTOTROJ-C TROJAN! |
| X |
System Update2 |
taskman.exe |
Added by the AUTOTROJ-C TROJAN! |
| X |
System Update2 |
taskmon.exe |
Added by the AUTOTROJ-C TROJAN! |
| X |
System Update2 |
update.exe |
Added by the AUTOTROJ-C TROJAN! |
| X |
System Update2 |
webcheck.exe |
Added by the AUTOTROJ-C TROJAN! |
| X |
System Update2 |
wininet.exe |
Added by the AUTOTROJ-C TROJAN! |
| X |
System Update2 |
winlogon.exe |
Added by the AUTOTROJ-C TROJAN!
Note - this is not the legitimate winlogon.exe process, which should not
appear in Msconfig/Startup! |
| X |
System Update2 |
winspool.exe |
Added by the AUTOTROJ-C TROJAN! |
| X |
System Update2 |
wupdmgr.exe |
Added by the AUTOTROJ-C TROJAN! |
| X |
System Updater Service |
wmiprvsw.exe |
Added by the GAOBOT.AFC WORM! |
| X |
System Updates |
szwi.exe |
Added by the RBOT-AXE WORM! |
| U |
System Updates |
unve.exe |
Added by the RBOT-AWG TROJAN! |
| X |
System Updates |
winsci.exe |
Added by a variant of the RBOT WORM! |
| X |
System Updates |
wmkl.exe |
Added by the RBOT-AYJ WORM! |
| X |
System Updates 4 |
mssysfix.exe |
Added by the RBOT-ADU WORM! |
| X |
System Updates Manager |
winserv32.exe |
Added by the AGOBOT-AGA WORM! |
| X |
System Updates Service |
updates.pif |
Added by the RBOT-AMA WORM! |
| X |
System Uptime Server |
SYSENTRY.EXE |
Added by the RBOT.LK WORM! |
| X |
System Uptime Server |
SYSENTRY32.EXE |
Added by the RBOT.LK WORM! |
| X |
system xp |
acdsee demo.exe |
Added by the SALGA.A WORM! |
| X |
system. |
system..exe |
Added by the OPTIXPRO.13.C TROJAN! |
| X |
system... |
system...exe |
Added by the OPTIXPRO.13.C TROJAN! |
| X |
System.exe |
System.exe |
Added by various WORMS and
TROJANS! |
| U |
System_Messages |
pprsen.exe |
TerminatorX - "offers
an easy and effective method of stopping users running predetermined file
sharing programs like KaZaA, messenger programs, chat rooms and the
like" |
| X |
System132 |
Csrtss.exe |
Added by the LANFILT-I TROJAN! |
| X |
system23 |
notPad.exe |
Added by the ESTEEMS.D TROJAN! |
| X |
System32 |
[worm filename] |
Added by the NAUTICAL-A TROJAN! |
| X |
System32 |
crsvvc.exe |
Added by the RBOT.BLY WORM! |
| X |
System32 |
lsasss.exe |
Added
by the RBOT-XW WORM! |
| X |
system32 |
NeT-BoT.exe |
Added by the AGOBOT-LJ WORM! |
| X |
system32 |
QQGame.exe |
Added by the QQPASS-AC TROJAN! |
| U |
System32 |
sysdiag.exe |
SpyAgent surveillance software. Uninstall this software
unless you put it there yourself |
| X |
System32 |
system.exe |
Added by the BUSHTRO122 TROJAN! |
| X |
System32 |
system32,1.exe |
Added by an unidentified VIRUS,
WORM or TROJAN! |
| X |
System32 |
System32.exe |
Added by any number of WORMS or
TROJANS! |
| X |
System32 PCI Manager |
syspci32.exe |
Added by the RBOT-AFR WORM! |
| X |
System32 PCI Manager |
syspci32.exe |
Added by the RBOT-AFR WORM! |
| X |
System32 TCP Manager |
systcpm.exe |
Added by a variant of the RBOT WORM! |
| X |
System32 TCP Manager |
systerm.exe |
Added by the RBOT.AFD WORM! |
| X |
System32 Temp Service |
systmp.exe |
Added by the RBOT-AET WORM! |
| X |
system32.dll |
sysdll32.exe |
CoolWebSearch
parasite variant. Redirecting to wholeworldmarket.com, most likely other
domains as well |
| X |
system32.dll |
systeminit.exe |
CoolWebSearch
parasite variant - re-directing to your-search.info |
| X |
system32.exe |
services32.exe |
Added by a variant of the BACKDOOR.IRC.BOT TROJAN! |
| X |
system32.exe |
system32.exe |
Added by the GRAYBIRD.P TROJAN! |
| X |
System32Check |
[random].exe |
Added by the CHAST-A TROJAN! |
| X |
System32Dll |
DLL32SYS.EXE |
Added by the SPYBOT-CZ WORM! |
| X |
System32Ex |
System32Ex.exe |
Added by the IRCCONTACT TROJAN! |
| U |
System32kfvwÆ |
sysdiag.exe |
SpyAgent surveillance software. Uninstall this software
unless you put it there yourself |
| X |
System33 |
FB_PNU.EXE |
Added by the NICHELLO-A WORM! |
| X |
system34.exe |
system34.exe |
Added by the DWNLDR-FXY TROJAN! |
| X |
System4224411 |
Systemdll.exe |
Added by the YUSUFALI-B WORM! |
| X |
System4224411 |
Virus |
Added by the CAGER.A WORM! |
| X |
system43.exe |
system43.exe |
Added by a
variant of the SDBOT WORM! |
| X |
System64 |
inet.exe |
Added by the DENGLE-A TROJAN! |
| X |
SystemAdministration |
Wincmp32.exe |
Added by the ASYLUM TROJAN! |
| U |
SystemAgent |
Sage.exe |
"Microsoft Plus! System
Agent automatically tunes your system, performing tasks such as disk
optimization and error correction. It can also run any application at
prescheduled times" |
| X |
SystemB |
MessengerStopper.exe |
MessStopper adware |
| X |
SystemBackup |
MicroLog.exe |
Added by the MICROLOG.A TROJAN! |
| X |
SystemBackup |
mtx.exe |
Added by the MTX VIRUS/WORM! |
| ? |
SystemBoot |
ladies.htm |
Unknown but sounds very
suspicious?? |
| X |
SystemBoot |
Mshta.exe ...filename.hta |
Adult content dialler |
| X |
Systemboot |
msnsngr.exe |
Added by a variant of the RBOT WORM! |
| X |
SystemBoot |
services.exe |
Added by the SOBER-Q TROJAN!
Note - this is not the legitimate services.exe process which is always
located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not
normally figure in Msconfig/Startup! This file is located in a HelpHelp
subfolder of the Windows or Winnt folder |
| X |
SystemCheck |
services.exe |
Added by the SOBER-M WORM! Note
- this is not the legitimate services.exe process which is always located in
the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is located in a Configsystem subfolder
of the Windows or Winnt folder |
| X |
SystemCheck |
svchost.exe |
Added by the DELF-KR TROJAN!
Note - this is not the legitimate svchost.exe process which is always located
in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is located in a C:DriverLoad folder |
| X |
SystemCheck |
SysCheckBop32.exe |
WINBO adware |
| X |
SystemCheck |
Systemcheck.exe |
Added by the LAVITS WORM! |
| X |
SystemChecker |
Syschk.exe |
Added by the GALIL.F WORM! |
| X |
SystemCONF98i |
SystemCONF98i.exe |
Added by the GLITCH TROJAN! |
| X |
System-Config |
msptmf32.com |
Added by the LIOTEN.FA WORM! |
| X |
SystemDebug |
Sysdeb32.exe |
Added by the SYSBUG TROJAN! |
| X |
SystemDll |
SystemDll.exe |
Added by the LOXOSCAM TROJAN! |
| X |
systemdll32.exe |
systemdll32.exe |
Added by the FEUTEL-F TROJAN! |
| N |
SystemDoctor 2006 Free |
sd2006.exe |
SystemDoctor is a Security Risk that may give exaggerated
reports of threats on the computer. The program then prompts the user to
purchase a registered version of the software in order to remove the reported
threats |
| X |
SystemDriver |
csrss.exe |
Added by the ASCETIC.B TROJAN!
Note - this is not the legitimate csrss.exe process which is always located
in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is located in a addinsexplorer subfolder
of the Winnt or Windows folder |
| X |
SystemDriverCheck |
svchost.exe |
Added by the DELF-KR TROJAN!
Note - this is not the legitimate svchost.exe process which is always located
in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is located in a C:DriverLoad folder |
| X |
SystemDriverLoad |
svchost.exe |
Added by the DELF-KR TROJAN!
Note - this is not the legitimate svchost.exe process which is always located
in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is located in a C:DriverLoad folder |
| X |
systemdrv |
ms32sys.exe |
Added by an unidentified WORM or TROJAN - most likely GAOBOT
variant |
| X |
SystemEmergency |
[various filenames] |
CoolWebSearch Smartsearch parasite variant |
| X |
SystemExplorer |
explore.exe |
Homepage hijacker - file located
in the "Services" folder in Common Files |
| X |
SystemFile |
SystemFile.exe |
Added by the DULLDOOR-A TROJAN! |
| X |
SystemFTP |
VSENMB.exe |
Malware (ie, malicious software). Also changes the system.ini Shell line to read
Shell=Explorer.exe VSENMB.exe, and it hacks the Winstart.bat as well |
| X |
SystemGent |
CVT.exe |
Added by the BRONTOK-H WORM! |
| ? |
SystemGuardAlerter |
SystemGuardAlerter.exe |
Part of the Iolo
System Mechanic maintenance software. What does it do? |
| X |
SystemInit |
iservc.exe |
Added by the FIZZER WORM! |
| X |
Systemiom Updater |
Systemiom.exe |
Added by the SPYBOT.TY WORM! |
| U |
SystemKey |
rundll32.exe [path]
SystemKey.dll rdl |
Stealth Keylogger keystroke logger/monitoring program -
remove unless you installed it yourself! |
| X |
SystemLoad32 |
sysload32.exe |
Added by the MIMAIL.E WORM! |
| X |
SystemManager |
Sysman32.exe |
Added by
the DOWNLOADER-BW.B TROJAN! |
| X |
SystemMap32 |
Netisp32.vbs |
Added by the REDIST.C WORM! |
| X |
SystemMD |
md.exe |
Homepage hijacker |
| X |
SystemMgr |
Ir32_a.exe |
Added by the MAGANIA-OU TROJAN! |
| X |
SystemMonitor |
Sysmon32.exe |
Added by the AIDID.A WORM! |
| X |
SystemNetwork |
NETSERV.EXE |
Added by the NETCONTROL VIRUS! |
| X |
SystemNetwork |
sysnet.exe |
Added by a variant of the RBOT WORM! |
| X |
SystemNT |
SystemNT.exe |
Added by the PWSVB-EG TROJAN! |
| X |
SystemProcEvent |
csrwnd.exe |
Added by the IRCBOT.I TROJAN! |
| X |
systemr |
d11host.exe |
Added
by the GX TROJAN! |
| X |
systemr |
gedit.exe |
Added by the ADCLICK-AQ TROJAN! |
| ? |
SystemReg |
PROCES.EXE |
?? |
| X |
SystemReg |
svchost.exe |
Added by the DEWIN.E TROJAN!
Note - this is not the legitimate svchost.exe process which is always located
in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is found in the Winnt or Windows folder |
| X |
SystemReg |
WINREG.EXE |
Added by the DEWIN.A TROJAN! |
| X |
Systems |
itDDD.exe |
Added by the DLOADER-PP TROJAN! |
| X |
Systems |
scchost.exe |
Added by the DAEMOZ.A TROJAN! |
| X |
Systems |
sescmgr.exe |
Added by the DWNLDR-GAH TROJAN! |
| X |
Systems |
spoolsvc.exe |
Added by the DLOADR-SW TROJAN! |
| X |
Systems |
svch0st.exe |
Added by the MYDOOM.BI WORM! |
| X |
Systems |
sysmon.exe |
Added by the VIXUP-BI WORM! |
| X |
Systems |
Systems.exe |
Added by the BANKBOA-A TROJAN! |
| X |
Systems Backups |
windrives.exe |
Added by the AGOBOT-RB WORM! |
| X |
Systems Restart |
Rundll32.exe beem.dll,
DllRegisterServer |
Browser hijacker - the file
serves to register a dll implemented as a browser plugin |
| X |
Systems Restart |
Rundll32.exe snim.dll,
DllRegisterServer |
Added by the Startpage.I hijacker |
| X |
Systems Restart |
Rundll32.exe zolk.dll,
DllRegisterServer |
Added by a variant of the STARTPAGE.J TROJAN! |
| X |
Systems Restart |
slchost.exe |
Added by the MULTIDROP.C TROJAN! |
| X |
Systems Restart |
spchost.exe |
Added by an unidentified WORM or
TROJAN! |
| U |
Systems.exe |
Systems.exe |
Keyboard Spectator -
monitoring software that creates records of everything people do on a
computer, ie, spying or monitoring depending upon how you call it |
| U |
systems.exe |
systems.exe |
KGBSpy
is a commercial surveillance software program. It logs keystrokes, Web sites
visited, and clipboard activity. It also has a screen capture logger and can
be run automatically in a silent, undetectable mode |
| U |
SystemSafe |
Syssafe.exe |
System
Safety Monitor - system monitoring tool with additional application
firewalling |
| X |
SYSTEMSars32 |
csrss.exe |
Added by the AHLEM.A WORM! Note
- this is not the legitimate csrss.exe process which is always located in the
System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure
in Msconfig/Startup! This file is located in the Winnt or Windows folder |
| X |
SystemSAS |
System32.exe |
Added by the KWBOT.C WORM! |
| X |
systemscroot |
systembin.exe |
Added by a variant of the RBOT WORM! |
| X |
SystemSearch |
regedit.exe -s c:ie.reg |
Installs a Seachxl.com browser
page hijack |
| X |
SystemSearch |
regedit.exe -s c:sys.reg |
Installs a i--search.com browser
page hijack |
| X |
SystemService |
msocfg.exe |
Premium rate adult content
dialler |
| X |
SystemService |
navchk.exe |
Premium rate adult content
dialler |
| U |
SystemService |
nsserver.exe |
NiceSpy keystroke logger/monitoring program - remove unless you
installed it yourself! |
| X |
SystemService |
qservice.exe |
Premium rate adult content
dialler |
| X |
SystemService |
shman.exe |
Premium rate adult content
dialler |
| X |
System-Service |
EXPLORER.SCR |
Added by the BENJAMIN.A WORM! KaZaA file-sharing users
beware! |
| X |
SystemSettingf |
TRUG.vbs |
Added by the TRUG.B MACRO! |
| X |
System-Stat |
systats.exe |
Added by the SDBOT.RA WORM! |
| U |
SystemSuite Task Manager |
MXTASK.EXE |
vcom (nee
Ontrack) SystemSuite - PC maintenance and security. Use the program's
configuration options to enable only the parts you want running all the time
- such as Virusscanner Pro |
| X |
SystemTasks |
filez.exe |
Adult content dialler |
| X |
SystemTasks |
loaded.exe |
Adult content dialler |
| X |
SystemTasks |
sexypicz.exe |
Adult content dialler |
| X |
SystemTools |
kernels1118.exe |
Added
by the SMALL.DGK TROJAN! |
| X |
SystemTools |
kernels32.exe |
Added by the DLOADER-FC TROJAN! |
| X |
SystemTools |
kernels8.exe |
Added by the FNG TROJAN! |
| X |
SystemTools |
kernels88.exe |
Added by the TIBS-PP TROJAN! |
| X |
SystemTra |
CDPlay.EXE |
Added by a variant of the LOVGATE WORM! |
| X |
Systemtra |
Systra.exe |
Added by the LOVGATE-W WORM! |
| X |
SystemTray |
SystemTray.exe |
Added by the BIGFOOT TROJAN!
Note - this is not the legitimate systray.exe process |
| U |
SystemTray |
SysTray.Exe |
SYSTRAY.EXE - System Tray Services. Provides the Volume
Control, PC Card Status, Power Management and other icons that reside in the
System Tray (see here). SYSTRAY.EXE may be disabled if none of these services
are required. It will launch as and when required if you later enable the
icons. If you need these items they're available via Start -> Settings
-> Control Panel |
| X |
SystemTray |
SysTray.exe |
Added by the ALADINZ.P TROJAN!
Note - this is not the legitimate systray.exe process. If you right-click on
the real systray.exe the "Properties" reveal it to be a Microsoft
file |
| U |
SystemTraySD |
SDSystemTray.exe |
Spyware Detector - spyware remover. Initially not recommended
due to false positives but the later versions have since improved - see here |
| U |
SystemTraySR |
SRSystemTray.exe |
Spyware Detector - spyware remover. Initially not recommended
due to false positives but the later versions have since improved - see here |
| N |
SystemUpd |
SystemUpd.exe |
Updater for Swapoo.com, a kind
of Napster for games |
| X |
SystemWideHook for Windows NT |
%WinHook32.exe |
Added by the MYDOOM.AC WORM! |
| U |
SystemWizard Sniffer |
Sniffer.exe |
SystemWizard for Win98/ME from SystemSoft - diagnoses and
solves hardware and software problems on a PC |
| X |
systemyom Updater |
systemyom.exe |
Added by a variant of the BACKDOOR.IRC.BOT TROJAN! |
| X |
SYSTEMZ Patch |
SYSZ.exe |
Added by the ALADINZ.P TROJAN! |
| X |
systen32.exe |
systen32.exe |
Added by the AQP TROJAN! |
| X |
Systes |
jrdtifkkxbbsa.exe |
Added by the RBOT-ADC WORM! |
| X |
Systesms.exe |
systesms.exe |
Added
by the RBOT-HI WORM! |
| U |
Systest |
Systest.exe |
Clean Space
internet evidence eliminator |
| X |
systhread |
winkernal.exe |
Added by the LIAMED WORM! |
| X |
SysTime |
systime.exe |
CoolWebSearch parasite variant -
also detected as the STARTPA-FL TROJAN! |
| X |
Systmesy |
Systmesy.exe |
Added
by the RBOT-KQ WORM! |
| X |
Systoan32 |
systoan.exe |
Added by an unidentified VIRUS,
WORM or TROJAN! |
| X |
systr |
SYSERVER.exe |
Added
by the VB-DQY WORM! |
| X |
systr2 |
SERVICE.exe |
Added
by the VB-DQY WORM! |
| ? |
systr32 |
systr32.exe |
?? |
| X |
systrans |
[path to trojan] |
Added by the STARTPA-GZ TROJAN! |
| ? |
systrax |
systrax.exe |
?? |
| X |
Systray |
[filename.exe] |
Winfavorites adware |
| X |
Systray |
KAT.vbs |
Added
by the SOAD-D WORM! |
| X |
SysTray |
Snnpapi.exe |
Added by an unidentified TROJAN! |
| X |
Systray |
SteFanie.vbs |
Added by the STEFAN WORM! Note - make sure you check the
hyperlink as this one copies it's self to numerous dirves and folders |
| X |
SysTray |
svhost.exe |
Added by the RAJILO-A WORM! |
| U |
SysTray |
SysTray.Exe |
SYSTRAY.EXE - System Tray Services. Provides the Volume
Control, PC Card Status, Power Management and other icons that reside in the
System Tray (see here). SYSTRAY.EXE may be disabled if none of these services
are required. It will launch as and when required if you later enable the
icons. If you need these items they're available via Start -> Settings
-> Control Panel |
| X |
Systray |
Systray_.Exe |
Added by the KERGEZ.A WORM! |
| X |
SYSTRAY |
UNMT.EXE |
Added by the DLOADER-LQ TROJAN! |
| X |
Systray |
w32explorer.exe |
Added by the RBOT-AJY WORM! |
| X |
Systray driver |
systray.exe |
Added by the MUTEBOT TROJAN!
Note - this is not the legitimate systray.exe process |
| X |
SystrayServices |
Msxpw.exe |
Added by the CITOR WORM! |
| X |
systree |
systree |
Added by the BANCOS.L TROJAN! |
| X |
Systrsy |
Systrsy.exe |
Added by the CDTRAY TROJAN! Note - this malware actually
changes the default value data of the Registry "Run" key in order
to force Windows to launch it at boot. Name field may be empty |
| X |
Systry |
[path to worm] |
Added by the AUTEX WORM! |
| X |
SYStry |
spoolsvr.exe |
Added by the SDBOT.GN WORM! |
| X |
Systryt |
[path to worm] |
Added by the AUTEX WORM! |
| X |
SystUphes |
algesetp.exe |
Added by the QQPASS-AM TROJAN! |
| U |
Systweak Ad and Popup Blocker |
adblock.exe |
Ad and popup blocker
part of Advanced System Optimizer from Systweak |
| U |
Systweak Memory Optimizer |
memtuneup.exe |
Part of SysTweak
Advanced System Optimizer |
| X |
sysu |
sysu.exe |
Dynamic Desktop Media adware - see here |
| X |
sysug32.exe |
sysug32.exe |
Added by an unidentified TROJAN
or WORM! |
| X |
SysUpd |
Sysupd.exe |
VirtuMonde adware |
| X |
sysupdate |
cmman32.exe |
Added by a
variant of the SDBOT WORM! |
| X |
Sysvupex |
Sysvupex.exe |
Added by the MEDIAS TROJAN! |
| X |
sysvx |
sysvx_.exe |
Added by the LOOSKY-BX TROJAN! |
| U |
SysW8 |
csta.exe |
Clean Space
internet evidence eliminator |
| U |
SYSWB6 |
SYSWB6.exe |
Part of We-Blocker - gives
parents the opportunity to monitor their children's Internet access and
provide them with age-appropriate content, while filtering out sites that
contain adult content. Works in conjunction with Winkb6 and both files are
needed to run We-Blocker |
| X |
SysWin |
SysWin.exe |
Added by the IRCCONTACT TROJAN! |
| X |
syswin |
v6.exe |
Added by the AGENT-ECM TROJAN! |
| X |
syswin32 |
syswin32.exe |
Added by a variant of the SPYBOT WORM! |
| X |
Syswindow |
Syswindow.exe |
Added by the COW TROJAN! |
| X |
SysWy |
rundll32.exe |
Added by the LINEAGE-JH TROJAN!
Note - this file is found in the C:WindowsSystem folder, and is not to be
confused with the legitimate rundll32.exe file, always located in the Windows
folder on Win98/ME systems, and in the WinntSystem32 or WindowsSystem32
folder in WinXP/NT/2K! |
| X |
sysX3 |
sys22.exe |
Added by the RANTS.C WORM! |
| X |
sysygm32 |
syscxd32.exe |
Added by the IRCBOT-PC TROJAN! |
| X |
sysygm64 |
winrxd64.exe |
Added by the IRCBOT-RK TROJAN! |
| X |
SyztMy |
expiorer.exe |
Added by the LINEAG-AIN TROJAN! |
| U |
SZMsgSvc.exe |
SZMsgSvc.exe |
StopZilla! - pop-up killer |
| X |
t |
xclean.exe |
FlashEnhancer adware |
| U |
T3Console |
T3Console.exe |
Related to T3 Security Suite
- prevents unauthorized or inappropriate access to your PC and data |
| U |
Taakcontrole |
taskmon.exe |
Task Monitor (on Dutch language
versions of Windows) - checks the disk-access patterns of programs when they
are started and stores this information in log files in the Applog folder.
Task Monitor also records the number of times you use a program. The Disk
Defragmenter tool uses this information to optimize your hard disk so that
programs that you use frequently are loaded faster. Not required - but can be
useful. Note: for Norton Anti-Virus 2002 users, loading TaskMonitor will
typically solve many, if not most, of those annoying IE scripting errors (per
Symantec's Knowledgebase) |
| X |
Taba |
stte.exe |
PurityScan/Clickspring adware |
| N |
Tablet |
Tablet.exe |
Loads the tablet drivers for the
Wacom Graphics Tablet. This can be unchecked in msconfig without problems if
you don't need the tablet functional all the time. Create your own shortcut
if you need to run it ad hoc. If you forget to run it before running Paint
Shop Pro & Adobe Photo Shop) you may find the following: (1) Paint Shop
Pro (version 7.04) - (a) Browse function will NOT work (program freezes) (b)
On program exit, PSP does not terminate (you have to CTRL+ALT+DEL to close
it) (2) Photo Shop (version 6.01) - (a) Program functions slowdown (d) On
program exit it takes noticeably longer to shut down (like 30-45 seconds) |
| Y |
tablet s |
tablet s |
Starts the Wacom Penabled driver
on Acer Tablet PCs (tablet icon with a green check appears during startup if
successful) |
| X |
Tablet Task |
tabletsk32.exe |
Added by the RBOT-AJB WORM! |
| U |
TabletTip |
tabtip.exe |
The Microsoft Tablet PC Input
Panel converts handwriting to text dynamically, and you can make corrections
quickly and easily before inserting text |
| U |
TabletWizard |
SPLSHWRP.EXE |
Microsoft Tablet PC Component |
| Y |
TabUserW |
TabUserW.exe |
Wacom pen tablet driver |
| ? |
TAcelMgr |
TAcelMgr.exe |
TOSHIBA Acceleration Utilities
related. What does it do and is it required? |
| N |
Tad |
tad.exe |
From Turtle Beach's Santa Cruz
on a Dell WinME system. Not required - works fine without it including
keyboard hot controls for volume and mute |
| X |
Taesk managers |
tase.pif |
Added by the RBOT-AYK TROJAN! |
| ? |
TAG |
tag.exe |
?? |
| N |
Tahni Deskmate |
Tahni.exe |
Tahni Deskmate - "Interactive cartoon character that
lives on your Windows desktop" |
| X |
TakeMP3 |
rundll32.exe MSA64CHK.dll,
DllMostrar |
MatrixDialer related |
| X |
TAKSMGN |
taskmr.exe |
Added by the RBOT-AHS WORM! |
| X |
talk |
talk.bat |
Added by the TIOTUA-G WORM! |
| N |
TalkingReminder |
TALKINGREMINDER.EXE |
Talking
Reminder from Software River Solutions - talking calendar reminder |
| ? |
talknow |
talknow.exe |
Could it
be related to this or something similar? |
| X |
TANG_INA_MO |
AutoRun.bat |
Added by the FILUKIN.A WORM! |
| ? |
Tango |
Setup.exe |
Tango Broadband access software.
Is it required? |
| ? |
TangoManager |
TangoManager.exe |
Tango Broadband access software.
Is it required? |
| X |
Tapicfg |
Tapicfg.exe |
CoolWebSearch Tapicfg parasite variant |
| X |
Tapisys |
tss.exe |
Added by the SMALL TROJAN! |
| U |
TapiTNA |
TapiTNA.exe |
Telephony Location Selector allowing mobile users to change
dialling locations - part of the Win95 Power Toys |
| U |
Tardis |
Tardis.exe |
Tardis - time
synchronization software |
| X |
Task |
tasker.exe |
Added by the MYDOOM.R WORM! |
| X |
Task Bar |
TASKBAR.EXE |
Added by the FRETHEM.J WORM! |
| ? |
Task BarClient |
TaskBarClient.exe |
Responsible for creating the
System Tray icon and associated display system for the Starband satellite
always on internet service |
| ? |
Task BarSvr |
TaskBarSvr.exe |
Part of the Starband
satellite always on internet service. Not included on the current system.
What does it do and is it needed? |
| U |
Task Catcher |
tasktrap.exe |
Task Catcher - utility
that will block unwanted programs from running |
| U |
Task Catcher Real-Time Detector |
tasktrap.exe |
Task Catcher - utility
that will block unwanted programs from running |
| X |
Task Commander |
regsvc32.exe |
Added by the AGOBOT-RX WORM! |
| X |
Task Debugger |
sysdll.exe |
Added
by the RBOT-CQ WORM! |
| X |
Task Help |
wualcts.exe |
Added by a variant of the RBOT WORM! |
| X |
Task Manager |
prcview.exe |
Added by the AGOBOT-RT WORM! |
| X |
Task Manager |
svchost.exe |
Added by the SOHANA-P WORM! Note
- this is not the legitimate svchost.exe process which should not normally
figure in Msconfig/Startup! |
| X |
Task manager |
taskemngr.exe |
Added by the RBOT-AGA WORM! |
| X |
Task Manager |
taskman.exe |
Added by the FORBOT-T WORM! |
| X |
Task Manager |
taskmng.exe |
Added by the TIOTUA-E WORM! |
| X |
Task Manager |
taskmngr.exe |
Added by the RBOT.Y WORM! |
| X |
Task manager |
taskmngr.exe |
Added by the RBOT-AYZ WORM! |
| X |
Task manager |
TikTo.exe |
Added by the RBOT.LV WORM! |
| X |
Task Monitoring Service |
svchost.exe |
Added by the CONE.D WORM! Note -
this is not the legitimate svchost.exe process which is always located in the
System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure
in Msconfig/Startup! This file is located in a "tasks" subfolder of
the Winnt or Windows folder |
| X |
Task Scheduler Engine |
schedsvc32.exe |
Added by the RBOT-ASJ WORM! |
| X |
Task service |
taskmgs.exe |
Added by a variant of the RBOT WORM! |
| X |
task service |
taskservices.exe |
Added by a variant of the RBOT WORM! |
| X |
TASK SETUP |
tasksetup.exe |
Added
by the RBOT-YR WORM! |
| N |
TaskBar |
CTLTask.exe |
Creative
SoundBlaster Audigy Taskbar - used to choose between different types of EAX
Effects, not required in startup. NOTE: if you get a ctltask.exe error
message while installing the Audigy drivers, see this Microsoft Knowledge
Base article |
| N |
Taskbar |
Taskbar.exe |
Taskbar icon for the Redline
RegTweak overclocking program as supplied with Sapphire ATI graphics cards |
| N |
Taskbar Display Controls |
RunDLL deskcp16.dll,
QUICKRES_RUNDLLENTRY |
Only appears in MSCONFIG if you
have a Display Settings icon in the System Tray allowing resolution changes
on the fly. Can also be disabled under Control Panel -> Display ->
Settings -> Advanced -> General. Also appears if you have Win95 with
the QuickRes "Powertoy" installed |
| X |
Taskbar Service |
taskbar.svc |
Unidentified adware |
| X |
Taskbar System |
tasksys.exe |
Added by a
variant of the SDBOT WORM! |
| N |
Taskbar++ |
TaskbarPP.exe |
Taskbar++
is a software that allows you to sort (move) the buttons of the Windows
taskbar by Drag & Drop |
| X |
Taskbell.exe |
Rund1.exe |
Added by the YIPID TROJAN! |
| X |
taskdir |
taskdir.exe |
Added
by the LAGER.AQ TROJAN! |
| X |
TaskList |
tasklist32.exe |
Added by the BANCOS-DX TROJAN! |
| X |
TaskMan |
rundll32.exe |
Added by the DVLDR TROJAN! Note - this is not the valid
"rundll32.exe" as it's in the WindowsFonts directory |
| X |
TaskManager |
[path to trojan] |
Added by the LDPINCH-CF TROJAN! |
| X |
taskmanager |
taskmanager.exe |
Added by the AGOBOT-TF WORM! |
| X |
taskmanager |
taskmgr.com |
Added by the BEREB WORM! |
| X |
taskmanger |
taskmanger.exe |
Added by a variant of the RBOT WORM! |
| X |
Taskmgo |
[path to file] |
Added by the BANCBAN-T TROJAN! |
| X |
taskmgr |
[path to trojan] |
Added by the AGENT-ENV TROJAN! |
| X |
taskmgr |
explorer.exe |
Added by the ZAPCHAS-AC TROJAN! Note - the legitimate Windows
Explorer (explorer.exe) is located in the Windows or Winnt folder and would
not normally appear in Msconfig/Startup unless you added it manually! This
one is located in the System folder |
| X |
Taskmgr |
system.exe |
Added by the PAKES.G TROJAN! |
| X |
taskmgr |
taskmanager.exe |
Added by the BCKDR-QHT TROJAN! |
| X |
Taskmgr |
Taskmgr.exe |
System1060 homepage hi-jacker.
Note - this is not a Windows file and is found in a WindowsSystem1060
directory |
| X |
taskmgr |
taskmgr.exe |
Added by the Startpage.G hijacker. Note - this is NOT the
Windows Task Manager file! |
| X |
Taskmgr |
tskmgr32.exe |
Homepage hi-jacker |
| X |
taskmgr.exe |
mirc.exe |
Added by a variant of the
AGENT.AH TROJAN! |
| X |
taskmgr.exe |
paint.exe |
Added by a variant of the
AGENT.AH downloader TROJAN! |
| X |
taskmgr.exe |
paintms.exe |
Added by a variant of the
AGENT.AH TROJAN! |
| N |
taskmgr.exe |
taskmgr.exe |
Windows Task Manager in Windows
XP. If run from the Startup folder, the tray icon will be put to the system
tray after boot. Useful to check if XP has finished running the delayed
services after boot. Available via a desktop shortcut |
| X |
TASKMGRU |
TASKMGRU.EXE |
Added
by the CWS-M TROJAN! |
| X |
taskmngr |
[path] msnve.exe [path] task.exe |
Added by the FLOOD-EK TROJAN! |
| X |
taskmngr lptt01 |
taskmngr.exe |
RapidBlaster variant (in a
"Taskmngr" folder in Program Files). Recommended you use
RapidBlaster Killer to uninstall - see here |
| X |
taskmngr ml097e |
taskmngr.exe |
RapidBlaster variant (in a
"Taskmngr" folder in Program Files). Recommended you use
RapidBlaster Killer to uninstall - see here |
| X |
TaskMon |
taskmon.exe |
Added by the MYDOOM.A or
MYDOOM.J WORMS! Note - this is not the legitimate Win9x/Me file of the same
name which resides in C:Windows as this version resides in C:WindowsSystem
(Win9x/Me), C:WinntSystem32 (WinNT/2K), or C:WindowsSystem32 (WinXP). It is
not normally on a WinXP system |
| X |
Taskmon driver |
winampa.exe |
Added by the LOONY-I TROJAN!
Note - this is NOT associated with the popular Winamp media player. The valid
file for the Winamp Agent resides in a "Winamp" subdirectory of the
Program Files directory whereas this file is located in the System (9x/Me) or
System32 (NT/2K/XP) folder |
| X |
taskmone |
taskmone.exe |
Added by the SINGU-S TROJAN! |
| U |
TaskMonitor |
taskmon.exe |
The Task Monitor checks the
disk-access patterns of programs when they are started and stores this
information in log files in the Applog folder. Task Monitor also records the
number of times you use a program. The Disk Defragmenter tool uses this
information to optimize your hard disk so that programs that you use
frequently are loaded faster. Not required - but can be useful. Note: for
Norton Anti-Virus 2002 users, loading TaskMonitor will typically solve many,
if not most, of those annoying IE scripting errors (per Symantec's
Knowledgebase) |
| X |
TaskMrg |
csrss.exe |
Added by the LDPINCH-W TROJAN!
Note - this is not the legitimate csrss.exe process which is always located
in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is located in the Winnt or Windows
folder |
| X |
taskmrg.exe |
taskimg.exe |
Added by the DLOADER-QZ TROJAN! |
| X |
taskopen.exe |
taskopen.exe |
Added by the HIDD.C TROJAN! |
| N |
TaskPlus |
TASKPL~1.EXE |
Task and calendar management
software available as freeware or as a "Professional" version for
sharing over a LAN |
| N |
TaskPlus |
TASKPLUS0.EXE |
Task and calendar management
software available as freeware or as a "Professional" version for
sharing over a LAN |
| X |
TaskReg |
[random filename] |
Added by the CBLAD WORM! |
| X |
TaskS manager |
taskmgrs.exe |
Added by the AGOBOT.QU WORM! |
| X |
Taskschd |
TRAYWND.EXE |
Added by the LITMUS.002 TROJAN! |
| U |
TaskScheduler |
TaskSch.exe |
ProSeries accounting
software related |
| N |
taskswitch |
taskswitch.exe |
ALT+TAB replacement Powertoy for
Windows XP - enhances the graphics displayed when you want to switch between
programs running full-screen |
| U |
TaskSwitchXP |
TaskSwitchXP.exe |
"TaskSwitchXP
from NTWind Software. Advanced task management utility that picks up where
the standard Windows Alt Tab switcher leaves off. It provides the same
functionality, and adds visual styles to the dialog and also enhances it by
displaying thumbnail preview of the application that will be switched
to" |
| X |
tasksys |
tasksys.vbs |
Added by the BYRON WORM! |
| N |
Tasktray |
CTLTray.exe |
Installed with the Sound Blaster
Audigy range of soundcards. Allows you to set EAX effects or equalizer
settings for the Sound Blaster Audigy from a systray icon. Also
allows you to launch the Taskbar via right-click -> Show Taskbar. The tasktray
can be accessed via Start -> Programs -> Creative -> Sound Blaster
Audigy -> Taskbar |
| X |
Tasmgr |
Taskmgr.bat |
Added by the YPSAN.G WORM! |
| X |
tat |
tatss.exe |
Delfin Promulgate adware variant |
| Y |
Tau monitor |
Taumon.exe |
"Tauscan
is a powerful Trojan Horse detection and removal engine capable of catching
every known type of backdoor that can threaten your system" |
| ? |
TAudEffect |
TAudEff.exe |
TOSHIBA Notebook related. What does it do and is it required? |
| ? |
TB_setup |
TB_ANI~1.EXE |
?? |
| X |
TB_setup |
tb_setup.exe |
HuntBar hijacker, toolbar installer |
| U |
TB2PROEXE |
tb2start.exe |
Timbuktu
Pro - remote desktop access software |
| U |
TBC Pro |
tbcpro.exe |
TitleBarClock
Pro - displays Day, Time, Date, Month, Year, FreeMem, and FreeDriveSpace on
the right side of the title bar in any main window that has the mouse or
keyboard focus |
| U |
TBC.exe |
TBC.exe |
TitleBarClock
software |
| N |
tbctray |
tbctray.exe |
Provides quick access via a
System Tray icon to the control panel for Turtle Beach's Santa Cruz or
VideoLogic's SonicFury soundcards. Available via Start -> Settings ->
Control Panel |
| Y |
TBLFUNC |
tblmouse.exe |
Aiptek HyperPen graphics tablet driver |
| X |
tbon |
tbon.exe |
BestOffers
adware |
| U |
TBPanel |
TBPanel.exe |
Configuration utility for
Gainward graphics cards. Not required unless you use non-default settings.
Available via Start -> Settings -> Control Panel |
| X |
TBPS |
TBPS.exe |
WebSearch Toolbar - HuntBar hijacker, toolbar installer
variant |
| N |
TBTray |
tbtray.exe |
VLSI/QSound ThunderBird PCI
Control Panel. System Tray access to the settings for this and related
soundcards. Available via Start -> Settings -> Control Panel |
| Y |
tcactive |
tca.exe |
Part of The Cleaner
from MooSoft - stops virus trojans before they can do any damage |
| N |
TCASUTIEXE |
TCASUTI.exe |
Associated with the 3COM
diagnostic module (3COM NIC Doctor). No further information is available |
| N |
TCASUTIEXE |
tcaudiag.exe |
3Com NIC Installation/Diagnostic
MFC application. Diagnostics may be run from the Start -> Programs |
| N |
TCAUDIAG -off |
tcaudiag.exe |
3Com NIC Installation/Diagnostic
MFC application. Diagnostics may be run from the Start -> Programs |
| ? |
TCDPbtn |
TCDPbtn.exe |
Found on a Toshiba laptop |
| ? |
TCDPlay |
TCDPlay.drv |
Found on a Toshiba laptop -
sounds like the driver for the CD-ROM but why doesn't it use the standard
Windows drivers - any comments? |
| U |
TClock |
TCLOCK.EXE |
Kazubon TClock. Utility that
amongst other things synchronizes your system clock with Internet time
servers. Available via Start -> Programs |
| X |
TClock.exe |
tclock_install.exe |
TClock - distributed and installed without user permission by
other rogue software or malware. TClock contains no uninstall facility
through Windows. As TClock is of dubious origin and usefulness, it should be
terminated and removed if detected |
| U |
TClockEx |
TCLOCKEX.EXE |
Puts a
configurable time/date display in the tray (and other features). Freeware by
Dale Nurden and is popular on cover disks |
| U |
tcmonitor |
tcm.exe |
Part of The Cleaner
from MooSoft - warns of changes to the registry |
| U |
TCOYFReminder |
tcoyftray.exe |
My ParenTime Fertility Planner Reminder. The calendar
provides a quick overview of the status of your fertility |
| X |
Tcp Application Manager |
localsvc.exe |
Added by the DLOADER-NY TROJAN! |
| X |
Tcp Application Manager |
netsvc.exe |
Added by the DLOADER-NY TROJAN! |
| X |
Tcp Application Manager |
spoolsvc.exe |
Added by the DLOADER-NY TROJAN! |
| X |
Tcp Application Manager |
svcadmin.exe |
Added by the DLOADER-NY TROJAN! |
| X |
Tcp Application Manager |
svcman.exe |
Added by the DLOADER-NY TROJAN! |
| X |
Tcp Application Manager |
svcrun.exe |
Added by the DLOADER-NY TROJAN! |
| X |
Tcp Application Manager |
tcpsvc.exe |
Added by the DLOADER-NY TROJAN! |
| X |
Tcp Application Manager |
websvc.exe |
Added by the DLOADER-NY TROJAN! |
| X |
tcp checker |
tcpcheck.exe |
Added by the VBBOT-A TROJAN! |
| X |
TCP Internet Services |
TCPSVC32.EXE |
Added by the SPYBOT.X TROJAN! |
| X |
TCP Monitoring |
LanNSvc.exe |
Added by the RANDEX.AAS WORM! |
| X |
tcpipmon |
tcpipmon.exe |
Added by the CLICKER-EF TROJAN! |
| X |
tcpippui |
tcpippui.exe |
Added by the RBOT-APS WORM! |
| X |
tcpippui32 |
tcpippui32.exe |
Added by the RBOT-ART WORM! |
| X |
TCPServer |
TCPServer.exe |
Added by a
variant of the SDBOT WORM! |
| X |
TCPXP Update |
tcpxp.exe |
Added
by the RBOT-UL WORM! |
| ? |
TCtryIOHook |
TCtrlIOHook.exe |
Toshiba laptop related. What does it do and is it required? |
| X |
tcupdater |
tcupdater.exe |
Topconverting.com/180Search
adware updater |
| U |
TDispVol |
TDispVol.exe |
Used on Toshiba computers to
make the Fn key have control over the volume on/off |
| U |
TDKSTART |
TDKSTART.EXE |
Sets the spindown timeout and
access speeds at startup and displays a splash screen for CD-RW. |
| N |
TDKTASK |
TDKTASK.EXE |
Taskbar utility for a
"control panel" for a CD-RW |
| ? |
TDockNUndock |
N/A |
Found on a Toshiba laptop - for
use with a docking station? |
| U |
TDS3 |
TDS-3.exe |
DiamondCS TDS-3
antitrojan. Can be used to scan on demand, but required in startup if you
prefer real time protection |
| N |
T-DSL SpeedMgr |
speedmgr.exe |
T-Online ISP SpeedManager -
shows upload and download speed. Also checks for updates automatically |
| ? |
TDspOff |
Tdspoff.exe |
Found on a Toshiba laptop |
| N |
Teach In Box |
teachbox.exe |
Tutoring program that comes with
a SystemAX Computer |
| Y |
Tech-In-A-Box |
techbox.exe |
Tech-in-a-Box
"provides easy-to-use tools for various system maintenance tasks. From
backup and restore to diagnostics and repairs, Tech-in-a-Box is your tool to
stay up and running" |
| U |
Telechips,Mass |
patch.exe |
Removable disk driver
for the Muro MP3 player |
| N |
Telemeter 3.0 |
telemeter3.exe |
Internet connection bandwidth
meter from a user ISP |
| Y |
Telepath |
telepath.exe |
Drivers for the
WinModem versions of the US Robotics "Telepath" series - as
supplied to Gateway for instance. WinModems use software rather than hardware
- hence putting a load on the CPU. Needed if you have it for loading the
drivers. See here for more WinModem information |
| X |
Telnet |
Telnet.exe |
Added by the VOUMIT-A WORM! Note - this is not the legitimate
telnet.exe application which is always located in the System (9x/Me) or
System32 (NT/2K/XP) folder and should not normally figure in
Msconfig/Startup! This file is located in a "mirc32" folder |
| X |
Telnet24 |
[random filename] |
Added by the RBOT-ARD WORM! |
| Y |
TELUS Security service |
freedom.exe |
Freedom Internet Security & Privacy - anti-virus,
personal firewall and parental control. It also blocks ads, safeguards your
personal information, encrypts your passwords, and much more. No longer
available for sale |
| X |
TempCom |
[randomname].com |
Added by the TRAXG WORM! |
| X |
tempx |
tempx.exe |
Added by the TEMPEX.A TROJAN! |
| X |
Tencent QQ |
Rund1132.exe qq.dll, Rundll32 |
Added by the QQPASS.F TROJAN! |
| X |
Terminal Services |
mstscc.exe |
Added by the SDBOT-CZW WORM! |
| X |
Terminal Update |
biosefui.exe |
Added by the PPDOOR-O TROJAN! |
| X |
Terminate Popup |
FPUK.exe |
Free Popup Killer - foistware
proven to install the Regsvc32 homepage hijacker. Also see here |
| X |
Terminate Popup |
ZPU.exe |
Free Popup Killer - foistware
proven to install the Regsvc32 homepage hijacker. Also see here |
| U |
TEscKey |
TEscKey.exe |
Toshiba Escape Key handler.
Enables you to program and use the <FN><Esc> key combination to
perform a specific function |
| N |
Tesco.net |
rundll32 [path] RyDial.dll,
QuickStart |
Tesco.net dial-up
ISP software - not required |
| ? |
Tesla |
TESLA.EXE |
?? |
| X |
test |
i love you.exe |
Added by the SINGU-T TROJAN! |
| X |
Testing 123 |
msdata.dat |
Added by the NITS.A WORM! |
| X |
testit.exe |
testit.exe |
ISTBar adware |
| ? |
TExBUtil Registry |
TExBUtil.exe |
?? |
| N |
TextAloud |
TextAloudMP3.exe |
TextAloud
MP3 - convert text into spoken words and MP3s |
| N |
Textbridge Instant Access OCR |
telepath.exe |
TextBridge from
Nuance (was Scansoft). OCR (optical character recognition) software for
scanning documents into popular editing applications. Available via Start
-> Programs |
| X |
TEXTCONV |
services.exe |
Added by the NEVEG.B or NEVEG.C
WORMS! Note - this is not the legitimate services.exe process, which should
not appear in Msconfig/Startup! |
| X |
TEXTCONV |
winlogon.exe |
Added by the NEVEG.A WORM! Note
- this is not the legitimate winlogon.exe process, which should not appear in
Msconfig/Startup! |
| U |
TFncKy |
TFncky.exe |
Deals with the <Fn> -
<Function> key combinations on a Toshiba laptop |
| U |
TFNF5 |
TFNF5.exe |
Toshiba Hotkey Utility for
Display Devices. By pressing <FN> + <F5>, a window appears
showing the displays that can be chosen – LCD, LCD + CRT, CRT, TV |
| Y |
tfswctrl |
tfswctrl.exe |
Drive letter access to a UDF
packet writer for CD-RW - from HP, Veritas an others. Similar to Roxio's
DirectCD and does the same thing. From HP - "This is a needed file as it
controles the readability of the Combo drives. Without this file loading the
end user will be able to burn CD's but wont be able to read them. The drive
itself will be able to read store bought master Cd's without the file but not
burnt ones" |
| X |
TFTP*** |
tftp*** |
Added by a variant of the SPYBOT WORM! where *** can be any
number |
| U |
TFunckey |
TFuncKey.exe |
Deals with the <Fn> -
<Function> key combinations on a Toshiba laptop |
| N |
TgAddServer |
tgfix.exe |
Software from SupportSoft (aka
Support.com) provided to manufacturers (such as Sony (Vaio Support Agent) and
Toshiba (Virtual Tech)) and ISPs (such as Comcast, Cox and Charter (Pipeline
Support Agent)) that allows them to offer on-line support - to update
drivers, fix faults, etc. Can cause a deterioration in a PC's peformance (see
here). This part does the protection and "self-healing".
Uninstallation is recommended by most people - especially for System Restore
users (WinME/XP). If not available via Add/Remove try here |
| X |
tgbcde |
module32.exe |
Added by the REIGN.R TROJAN! |
| U |
Tgcmd |
tgcmd.exe |
See also TgAddServer. This part
ensures the software is installed correctly (similar to an installation
wizard) as reported by Cox Regarded as spyware by some as it has the ability
to retrieve user information. Whether it does so depends upon the provider.
One Toshiba user reports problems with hibernate on his laptop if disabled -
hence the "U" recommendation |
| U |
tgcmdprovidersbc |
tgcmd.exe |
See also TgAddServer. This part
ensures the software is installed correctly (similar to an installation
wizard) as reported by Cox Regarded as spyware by some as it has the ability
to retrieve user information. Whether it does so depends upon the provider.
One Toshiba user reports problems with hibernate on his laptop if disabled -
hence the "U" recommendation |
| N |
TGCMG |
?? |
Related to Rogers@Home, causes
errors in WinSock32.dll. Not required for connection to work |
| X |
TGDC IE Plugin |
tgdc.exe |
ShopForGood
spyware - see here |
| X |
tgkill |
tgkill.exe |
Comcast (the cable folks who are
replacing @home in some parts of the USA) have struck a deal with Tioga to
provide an "enhanced" support and self-repairing tool. This is
"beta" at present and was made available to download by mistake at
present. Remove via Start -> Settings -> Add/Remove Programs |
| U |
Tgsetsite |
tgfix.exe |
See also TgAddServer. This part
ensures the software is installed correctly (similar to an installation
wizard) as reported by Cox Regarded as spyware by some as it has the ability
to retrieve user information. Whether it does so depends upon the provider.
One Toshiba user reports problems with hibernate on his laptop if disabled -
hence the "U" recommendation |
| N |
Thdetrf |
thdetr32.exe |
Appears to be related to Lycos
advertising |
| X |
ThE |
wind0s.exe |
Added by an unidentified WORM or
TROJAN! |
| U |
The Easy Bee's Hive |
ATCEgSvr.exe |
The Easy Bee is a software that
allows you to record Internet navigation sequences, which can include form
filling and button clicking and to attach a replay schedule to each sequence |
| X |
The Ethernet |
ethernet.exe |
Added by a
variant of the SDBOT WORM! |
| X |
The Intranet |
intranet.exe |
Added by a
variant of the SDBOT WORM! |
| ? |
TheMainStart |
N/A |
?? |
| X |
TheMonitor |
[path to trojan] |
Added by the DLOADR-LO TROJAN! |
| X |
TheMonitor |
Duce6.exe |
YourEnhancement downloader |
| U |
THGuard |
TH_Guard.exe |
Resident
memory scanning for TrojanHunter |
| U |
THGuard |
THGuard.exe |
Resident
memory scanning for TrojanHunter |
| X |
Think-Adz |
[random filename].exe |
ZenoSearch adware |
| X |
This is a virus, please delete
it |
bigbadvirus.exe |
Added by the RANDEX.F WORM! |
| U |
THOTKEY |
THotkey.exe |
Associated with the Fn+ keys on
Toshiba laptops. When disabled some keys still worked, like the one that
regulates the volume of the system beep, but others didn't, like the one that
immediately blackens your screen |
| Y |
ThpSrv |
thpsrv.exe |
Toshiba Hard Drive Protection
Utility - moves the Hard Drive head to a safe position in case of shock or
vibration to reduce the risk of damage that could be caused by head-to-disk
contact |
| X |
Threaded |
intcp32.exe |
Added by the RANDEX.UG WORM! |
| U |
ThrustTSR |
TMTMTSR.exe |
Thrustmaster
Thrustmapper - "t-mapper - icon sits on your taskbar and automatically
detects when the joystick is plugged in and configures it accordingly" |
| X |
Thumbs Plus *.* |
thmbplus**.exe |
Added by the AGOBOT-AAF WORM! ** is a combination of a random
digits and characters |
| U |
TI WLAN |
TIWLANCu.exe |
Texas Instruments TI wireless LAN products |
| X |
tibs3 |
tibs3.exe |
Premium rate adult content dialler - see here |
| X |
tibs5 |
tibs5.exe |
Premium rate adult content dialer - see here |
| X |
Tiger |
Shine.exe |
Added by the HAPPYLOW (or
NISHE-A) VIRUS! |
| U |
TiKL |
tikl.exe |
TinyKeylogger keystroke logger/monitoring program - remove
unless you installed it yourself! |
| X |
Tilerun |
Tilecom32.com |
Added by a
variant of the SDBOT WORM! |
| X |
Time Manager |
TimeManager.exe |
Added by the MYTOB-BV WORM! |
| X |
Time Zone Synchronization |
wscript zshell.js |
Added by the NETDEX-A TROJAN! |
| U |
TimeCalendar |
tc.exe |
TimeCalendar digital
planner |
| N |
Timed Backups Manager Startup |
BACKTIME.EXE |
Backup Plus - backup
software |
| U |
TimeLeft |
TimeLeft.exe |
TimeLeft
is a countdown, reminder, clock, alarm clock, stopwatch, timer, sticker and
time synchronization utility which uses Winamp skins to show digits and text |
| U |
Timemanager.exe |
Timemanager.exe |
Time
Manager will let you track billable and non-billable time by customer, by
category and by associate and then integrate directly to our custom billing
package |
| N |
TimeOnline |
TIMEONLINE.EXE |
Lightman Groups's TimeOnline
monitor. For dial-up users to monitor time spent on the net. Available via
Start -> Programs |
| X |
Timer |
comm.exe |
Added by the IP TROJAN! |
| X |
Timer |
msncomm.exe |
Added by the WEBDOR.AK TROJAN! |
| X |
Timer |
timed.exe |
Added by the LV TROJAN! |
| X |
TIMER |
TIMER.EXE |
Added by the TIMESE.AG WORM! |
| X |
TimeService |
trun.exe |
TlfLic-A premium rate adult content dialler |
| X |
TimeSink Add Client |
TSADBOT.EXE |
Advertising spyware |
| X |
timessquare |
timessquare.exe |
Reported as
Trojan.Win32.StartPage.aw by Kaspersky Anti-Virus |
| X |
timestamp |
timeapr32.exe |
Added by the AGENT-DRU TROJAN! |
| X |
TimeSyncApp |
TimeSynchronize.exe |
DealHelper adware |
| N |
TimeUp |
Timeup.exe |
TimeUp
- internet online timer |
| U |
Timezone |
TimeZone.exe |
Microsoft Daylight Saving Time Update Utility - see here |
| U |
TimounterMonitor |
TimounterMonitor.exe |
Part of Acronis True Image backup software. Monitor for the
backup archive explorer for moving and viewing files within an archive |
| N |
TINTSETP |
TINTSETP.EXE |
Part of Microsoft's Input
Message Editor (IME) for translating Japanese/Chinese text in IE, Outlook and
Word |
| X |
Tiny AV |
fooding.exe |
Added by the NETSKY.I WORM! |
| Y |
Tiny Personal Firewall |
persfw.exe |
Tiny
Personal Firewall |
| U |
tinySpell |
tinyspell.exe |
Tinyspell
- "allows you to easily and quickly check the spelling of words in any
Windows application. Monitors your typing on the fly, alerts you whenever it
detects a misspelled word, and checks the spelling of every word you copy to
the clipboard" |
| U |
TiomanExe |
Tioman.Exe |
Agate Tioman - warm and hot swap
removable bay device manager for IBM laptops |
| N |
Tips |
mousetips.exe |
Suggests tips on using your
mouse |
| U |
TiTleBarClock |
TiTleBarClock.exe |
TitleBarClock
displays the day/month/time and free physical RAM on the right hand side of
an open window, replacing the system tray clock at startup |
| U |
TitleTime |
TiTime.exe |
"TitleTime
adds the current date and/or time to the Caption of the currently active
application window. Additional options are a second clock (with a different
time), week number, GMT/UTC time, Swatch Internet Time and Sounds at each
full, half or quarter hour" |
| N |
Tivoli |
LCFEP.EXE |
Tivoli 'TME' System Tray icon -
"'lcfep' is the program that displays statistics about the Endpoint.
Apparently stopping/removing this process has no impact on the Endpoint
itself which will continue to function normally" |
| X |
TivoNotify |
TiVoNotify.exe |
Part of Tivo
Desktop. What does it do and is it required? |
| U |
TivoServer |
TiVoServer.exe |
Tivo Server - installed with the TiVo Home Media Option. It
streams audio files to your television/home theater from your PC |
| U |
TivoTransfer |
TivoTransfer.exe |
Tivo Transfer Service. TiVo Desktop is an easy-to-use
application that lets you publish and share digital music, photos and TiVo
recordings between your networked TiVo Series2 DVR and your computer |
| U |
TIxDSL |
tidslmon.exe |
Actiontec DSL modem. Associated
with High Speed AOL DSL. Used to get line sync with the Actiontec DSL USB
Modem. Available via Start -> Programs |
| N |
TizzleTalk |
TizzleTalk.exe |
TizzeTalk is a dialect
translator for Yahoo, MSN, AOL Instant Messengers. Bundles adware, hence not
recommended. From their EULA : "As a result of installing the Company's
Software, you will see occasional banner ads, pop-up or pop-under ads, or other
types of ads selected based on your online activities .../... Occasionally,
we may automatically or through other remote means, update, upgrade, patch or
uninstall the Company's Software, including the Company's
advertising-supported software, without further notice to you. These upgrades
also may include installation of additional applications from the Company as
well as third party applications" |
| X |
tjstartup |
[path to file] |
Added by the TJSERV.C TROJAN! |
| N |
TkBell.Exe |
evntsvc.exe |
Application Scheduler installed
along with RealOne Player. Once installed, it runs independently of RealOne
Player. See here for more information, including how to disable it. Also see
evntsvc and Realsched. Note that eventsvc.exe no longer appears to be in a
newer version. To disable "tkbell.exe" in the new version (1) Start
RealOne Player (2) Tools -> Preferences (3) Automatic services in the
Categories pane (4) Uncheck all options and then OK |
| N |
TkBell.Exe |
realsched.exe |
Application Scheduler installed
along with RealOne Player. Once installed, it runs independently of RealOne
Player. See here for more information, including how to disable it. Also see
evntsvc and Realsched. Note that eventsvc.exe no longer appears to be in a
newer version. To disable "tkbell.exe" in the new version (1) Start
RealOne Player (2) Tools -> Preferences (3) Automatic services in the
Categories pane (4) Uncheck all options and then OK |
| N |
TkBell.Exe |
tkbell.exe |
Application Scheduler installed
along with RealOne Player. Once installed, it runs independently of RealOne
Player. See here for more information, including how to disable it. Also see
evntsvc and Realsched. Note that eventsvc.exe no longer appears to be in a
newer version. To disable "tkbell.exe" in the new version (1) Start
RealOne Player (2) Tools -> Preferences (3) Automatic services in the
Categories pane (4) Uncheck all options and then OK |
| N |
TkBellExe |
evntsvc.exe |
Application Scheduler installed
along with RealOne Player. Once installed, it runs independently of RealOne
Player. See here for more information, including how to disable it. Also see
evntsvc and Realsched. Note that eventsvc.exe no longer appears to be in a
newer version. To disable "tkbell.exe" in the new version (1) Start
RealOne Player (2) Tools -> Preferences (3) Automatic services in the
Categories pane (4) Uncheck all options and then OK |
| N |
TkBellExe |
realsched.exe |
Application Scheduler installed
along with RealOne Player. Once installed, it runs independently of RealOne
Player. See here for more information, including how to disable it. Also see
evntsvc and Realsched. Note that eventsvc.exe no longer appears to be in a
newer version. To disable "tkbell.exe" in the new version (1) Start
RealOne Player (2) Tools -> Preferences (3) Automatic services in the
Categories pane (4) Uncheck all options and then OK |
| N |
TkBellExe |
tkbell.exe |
Application Scheduler installed
along with RealOne Player. Once installed, it runs independently of RealOne
Player. See here for more information, including how to disable it. Also see
evntsvc and Realsched. Note that eventsvc.exe no longer appears to be in a
newer version. To disable "tkbell.exe" in the new version (1) Start
RealOne Player (2) Tools -> Preferences (3) Automatic services in the
Categories pane (4) Uncheck all options and then OK |
| X |
TkNetDriver Monitor |
lexbce.exe |
Added by the SDBOT-ADF WORM! |
| N |
tkonnect |
TKONNECT.EXE |
Dialer for the Tiscali
internet service provider. Available as a desktop shortcut |
| X |
tlc |
update911.js |
Hijacker installer |
| ? |
TlcR |
avp.exe |
?? |
| U |
tlntsvr |
tlntsvr.exe |
Microsoft
program associated with Telnet |
| U |
TLogonPath |
tb2logon.exe |
Timbuktu
Pro - remote desktop access software |
| U |
TM Outbreak Agent |
TMOAgent.exe |
Trend Micro Internet Security
anti-virus software virus outbreak warnings. Notifies users of virus
outbreaks and offers to update the scanner |
| U |
TMA distribution |
cfinst.exe |
Part of Intel's LANDesk
Management Suite 6 and the Common Base Agent (CBA) - used for communicating
between the core server and managed clients |
| X |
tmax |
pupdate.exe |
Adware pop-up generator |
| X |
tmchook |
tmchook.exe |
Detected by Kaspersky as the
TrojanDownloader.Win32.VB.aa VIRUS! |
| ? |
TMEEJME |
TMEEJME.EXE |
Found in a ToshibaTME3
directory. Toshiba Mobile Extension related? |
| ? |
TMERzCtl |
TMERzCtl.EXE |
Found in a ToshibaTME3
directory. Toshiba Mobile Extension related? |
| U |
TMESBS |
TMESBS21.exe |
Toshiba Mobile Extension
Selectable Bay Service for WinXP - support for docking stations. Not required
if you don't use a docking station |
| ? |
TMESBS32 |
TMESBS32.EXE |
Found in a ToshibaTME3
directory. Toshiba Mobile Extension related? |
| U |
TMESRV31 |
TMESRV31.EXE |
Toshiba utility related to
inserting and removing a laptop from a docking station. Not required if you
don't use a docking station |
| U |
TMExLogon |
TMESRV.EXE |
Toshiba utility related to
inserting and removing a laptop from a docking station. Not required if you
don't use a docking station |
| ? |
Tmmkb |
Tmmkysvr.exe |
Toshiba multi-media keyboard
software - possibly including creating keyboard shortcuts? |
| X |
TmNetDriver Monitor |
exbce.exe |
Added by the SDBOT-ABR WORM! |
| X |
Tmntsrv32 |
Tmntsrv32.exe |
Hijacker, detected by Norton antivirus as Trojan.StartPage.O |
| U |
TMOUSE |
tmouse.exe |
Component of the Toshiba Mouse
Control that allows users with an AccuPoint mouse to scroll
MS-scroll-compatible documents by holding CTRL + ALT and moving the AccuPoint
up or down. It also allows zooming by holding CTRL + SHIFT and moving the
AccuPoint up or down. Disabling this item has no adverse effects, except
disabling the scroll/zoom features of the AccuPoint |
| Y |
tmproxy |
tmproxy.exe |
Trend
Micro PC-cillin 2003 antivirus software |
| U |
TMTMTSR |
TMTMTSR.exe |
Thrustmaster
Thrustmapper - "t-mapper - icon sits on your taskbar and automatically
detects when the joystick is plugged in and configures it accordingly" |
| U |
TNTClk |
TNTCLK.exe |
Overclocking program
for TNT, TNT2, and other graphics cards. This program can overclock the
graphics card manually after startup when needed, especially before starting
a gaming session. However, for simplicity, it can be left checked to let
it run once at startup to automatically overclock the graphics card. In
this case, it doesn't even run in the background after doing its job |
| U |
ToADiMon.exe |
ToADiMon.exe |
T-Online ISP software connection
assistant |
| U |
Toggler |
toggler.exe |
"Toggler
allows you to gain control over your Caps Lock, Num Lock, and Insert keys. It
prevents you from writing in ALL CAPS when your finger has slipped to
accidentally hit the Caps Lock key" |
| X |
Tok-Cirrhatus |
[path to file] |
Added by the BRONTOK-F WORM! |
| X |
Tok-Cirrhatus |
IDTemplate.exe |
Added by the RONTOKBRO.A WORM! |
| X |
Tok-Cirrhatus |
smss.exe |
Added by the BRONTOK-A WORM and
variants! Note - this is not the legitimate smss.exe process which is always
located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not
normally figure in Msconfig/Startup! This file is located in the "Documents
and Settings[User]Local SettingsApplication Data" folder |
| X |
Tok-Cirrhatus-[4 random digits] |
br[4 random digits]on.exe |
Added by the BRONTOK-M WORM! |
| X |
Tok-Cirrhatus-1959 |
br4941on.exe |
Added by the BRONTOK-J WORM! |
| X |
Tok-Cirrhatus-1959sarc |
sv711224030r.exe |
Added by the BRONTOK-R WORM! |
| X |
Tok-Cirrhatus-2784 |
br6591on.exe |
Added by the BRONTOK-L WORM! |
| X |
Tok-Cirrhatus-2784 |
smss.exe |
Added by the BRONTOK-S WORM!
Note - this is not the legitimate smss.exe process which is always located in
the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is located in the "Documents and
Settings[User]Local SettingsApplication Data" folder |
| ? |
TomcatStartup |
hpbpsttp.exe |
Apache Tomcat web server, part
of HP LaserJet "Printer Tools" software. What
does it do and is it required? |
| ? |
TomcatStartup 2.5 |
hpbpsttp.exe |
Apache Tomcat web server, part
of HP LaserJet "Printer Tools" software. What
does it do and is it required? |
| ? |
Tommorrow |
tomorrow.exe |
?? |
| ? |
ToolBoxFX |
HPTLBXFX.exe |
HP ToolBoxFX - "provides desktop configuration, status
and support for every feature". Supplied with some HP multifunction
printers |
| X |
ToP |
LSASS.exe |
Added by the WOWCRAFT.C TROJAN!
Note - this is not the legitimate lsass.exe process which is always located
in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is located in the Winnt or Windows
folder |
| X |
Top Tilecom |
Tilecomtop.com |
Added by the WORM_RBOT.BXD WORM! |
| ? |
ToPassSrv |
Pktopass.exe |
Related to Caere Pagekeeper
scanning software (now taken over by Scansoft), Disabling is known to cause
problems |
| U |
TopDesk |
TopDesk.exe |
TopDesk - puts an icon in your
system tray that when clicked upon, opens a pop-up menu that gives instant
access to all of your desktop programs without having to minimize, resize,
move or close other programs or files |
| X |
Topic lnternet |
lnternet32.exe |
Added by the RBOT-GLZ WORM! |
| X |
ToPicks Starter |
Idhost.exe |
TOPicks adware |
| X |
topmoxie |
JavaRun.exe |
TopMoxie adware |
| X |
TopSearch |
TopSearch.exe |
TopSearch adware variant |
| N |
Tor |
tor.exe |
Tor anonymous internet communication system. Shortcut available
via Start -> Programs |
| X |
tor anonymous proxy |
tor32.exe |
Added by the SDBOT-ADR WORM! |
| X |
Torjan Program |
[path to trojan] |
Added by the LEGMIR-BO TROJAN! |
| X |
Torjan Program |
smss.exe |
Added by the WOWCRAFT.B TROJAN!
Note - this is not the legitimate smss.exe process which is always located in
the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is located in the Winnt or Windows
folder |
| X |
Torjan Program |
WINLOGON.EXE |
Added by the WOWCRAFT.D TROJAN!
Note - this is not the legitimate winlogon.exe process, which should not
appear in Msconfig/Startup! This trojan file is found in the Windows or Winnt
folder |
| N |
TOSCDSPD |
toscdspd.exe |
Related to Toshiba laptop CD/DVD drivers. This is a
non-essential process. Disabling or enabling this is down to user preference |
| U |
TOSHIBA Accessibility |
FnKeyHook.exe |
"Allows you to use the Fn
key to create a hot key combination with one of the function keys without
pressing the two keys simultaneously as is usually required. Using
Accessibility lets you make the Fn key a sticky key, meaning you can press it
once, release it, and then press a function key to activate the hot key
function" |
| Y |
Toshiba Fan |
fan.exe |
Toshiba untilty to keep the fan
on a laptop running if they fail to detect there is too much heat |
| U |
Toshiba Key State |
KEYSTATE.EXE |
Displays an icon in the System
Tray indicating the state of the CAPS LOCK key. Can be handy on (e.g.,
Toshiba) laptops which do not have a Caps Lock indicator light. Available via
Start -> Programs |
| N |
ToshibaPinger |
pinger.exe |
Pinger is the resident program for Toshiba Upgrades.
Periodically checks to see if there are any software/driver upgrades for your
particular computer model. If it finds any, it posts a notification.
Disabling instructions here |
| U |
TOSHIBSU |
Toshibsu.exe |
Reduces the power consumption
when the laptop isn't being used to preserve battery power. Hibernate
function doesn't work if this is disabled. Similar programs on other laptops
reduce the processor clock rate, etc. Required if you run off battery regularly |
| U |
TosHKCW |
TosHKCW.exe |
Toshiba Hot Key Change/Control
Wireless. Permits you to use a hot key to activate/deactivate built-in
802.11b wireless transmission on a laptop (if installed) |
| Y |
TosMem |
tosmem.exe |
Toshiba laptop related. Win98/Me
ACPI system can not hibernate or go on standby if all of the physical memory
lower than 640KB is locked. This utility allocates and locks three pages on
boot and then releases them on standby/hibernation for ACPI.SYS in order to
solve the above problem |
| U |
TosRotation |
TRot.exe |
TOSHIBA Rotation Utility -
allows users to rotate a notebook's screen image 180 degrees in order to
share information on the screen with others seated across a table or desk |
| U |
TotRecSched |
TotRecSched.exe |
Scheduler for
Total Recorder - allows automatic recording of a show at a given time for
later playback or you can use the scheduler as an alarm |
| Y |
ToUcamVProperty |
VProperty.exe |
Philips Web Camera model name
pcvc740k, ToUcam driver configuration tray icon |
| U |
Touch Manager |
WinLED.exe |
Dell keyboard utility. Disabling
can result in loss of screen saver and power saver functionality |
| U |
TouchED |
TouchED.exe |
TouchPad On/Off Utility on a
Toshiba laptop |
| N |
tour |
regedit ..tour.reg |
Edits registry values to keep
the WinMe tour in Task Scheduler |
| N |
Tour |
wincool.exe |
Component of WinME that's
annoying as hell. Pop's up a prompt to play the C:WINDOWSApplication
DataMicrosoftINTROCONTENT.HTA that plays a full screen version of the WinME
product preview Windows Media video file that cannot be stopped to my
knowledge until it finishes. That prompt will keep popping up after an
install/reinstall of WinME until you give in and watch the thing. It also
puts a task scheduler entry to run that annoying thing every 30 minutes, and
don't bother deleting that entry, Windows puts it right back. Not only should
you disable it from running, you should delete the thing altogether, as it,
somehow can re-enable itself. Apparently you can try setting the file to read
only |
| N |
tourpath |
regedit /s [path] tour.reg |
Edits registry values to keep
the Win 2000 "tour" in Task Scheduler |
| U |
TP4EX |
tp4ex.exe |
Adds accessibility options for
an IBM TrackPoint |
| U |
tp4mon |
tp4mon.exe |
Supports the "pointer
stick" in lieu of a mouse on an IBM ThinkPad laptop. Necessary for the
"scroll" button to work |
| U |
tp4serv |
tp4serv.exe |
Supports the "pointer
stick" on Thinkpads in lieu of a mouse on an IBM ThinkPad laptop.
Necessary for the "scroll" button to work |
| ? |
TP98TRAY |
TP98TRAY.EXE |
IBM Thinkpad related utility. What does it do and is it required? |
| N |
TP98UTIL |
TP98.EXE |
IBM Thinkpad feature setup &
configuration utility |
| X |
tpcupdater |
updatetc.exe |
180Solutions adware related |
| U |
TpHotKey |
TPHKMGR.EXE |
Activates "ThinkPad
Help" when the "Thinkpad key" is pressed on an IBM ThinkPad
laptop. Also activates the audio buttons (volume up/down, mute) on models
such as the Thinkpad T30 |
| U |
TPKBDLED |
TpScrLk.exe |
IBM Thinkpad utility for
displaying the Scroll Lock status on the System Tray - for Thinkpad's that
don't have a Scroll Lock LED |
| U |
TPKMAPHELPER |
TpKmapAp.exe |
IBM Thinkpad - Keyboard
Customizer Utility. Allows the user to set keyboard shortcuts, emulate such
features as Windows key on laptop, can be disabled from within program, is
available from Programs > Access IBM. Not required |
| U |
TpKmapMn |
TpKmapMn.exe |
Create Keyboard combinations for
special Thinkpad buttons when using an external keyboard, e.g.
"Ctrl-arrow up" for "volume up". Only required when using
an external keyboard. Available via Start -> Programs |
| U |
tpopservice |
tpopservice.exe |
DirecWay two-way satellite
internet service enhanced POP proxy server for email |
| U |
TPP Auto Loader |
Tppaldr.exe |
Installed with DataStor's
(and some other manufacturers) USB 2.0 based external DVD, CD-ROM and CD-RW
drives. System tray icon allowing the user to disconnect the external
drive without an error message being displayed |
| U |
Tprtray |
Tprtray.exe |
Displays the Power icon in the
System Tray on a Toshiba laptop |
| U |
TpScrLk |
TpScrLk.exe |
IBM Thinkpad utility for
displaying the Scroll Lock status on the System Tray - for Thinkpad's that
don't have a Scroll Lock LED |
| Y |
TpShocks |
TpShocks.exe |
Responsible for controlling the
IBM Hard Drive Active Protection system found on newer models of IBM
Thinkpads, including T41, T42, X40, R50, and R51. The Hard Drive Active
Protection system is based on a technology similar to that used in
automobiles to deploy airbags on contact: An accelorometer on the motherboard
detects physical acceleration--such as when the notebook falls--and in
response the system temporarily parks the hard drive's read/write head until
stability returns |
| U |
TPSmain |
TPSMain.exe |
Toshiba Power Saver - associated
with Toshiba laptops/desktops. Manages the power save function to make sure
that the system goes to a power saver mode when not used |
| Y |
TPSODDCtl |
TPSODDCtl.exe |
Power saving software on Toshiba
laptops |
| ? |
TPTRAY |
TP98TRAY.EXE |
IBM Thinkpad related utility. What does it do and is it required? |
| N |
TPTray |
TPTray.exe |
Touchpad configuration tray icon
for Toshiba laptops. Available via Start -> Settings -> Control Panel |
| Y |
TPwrMain |
TPwrMain.EXE |
Power management software for
Toshiba laptops |
| ? |
TPwrMgr |
TPwrMgr.exe |
Found on a Toshiba laptop. Related to power management? |
| Y |
TPWRTRAY |
Tpwrtray.exe |
Toshiba laptop's own Advanced
Power Management system which disables Windows APM (greyed-out in Control
Panel). You can't choose which of the 2 systems to use |
| U |
tqrecv |
tqrecv.exe |
Tellique satellite broadcast
reception software |
| N |
Traceless |
launch.exe |
Traceless 2003 - clear your cookies, temp directories and
browser history with a click of a button. It also clears the recent documents
and the IE drop down auto complete box |
| U |
Track4WinMonitor |
STMonitor.exe |
Track4Win is a surveillance software program that takes
screenshots and logs user activity such as URLs and currently running
processes. It uploads the logs and screenshots to a preconfigured server.
Uninstall this software unless you put it there yourself |
| ? |
Tracker |
Tracker.exe |
Possibly associated with My
Deluxe Invoices program |
| U |
TrackpointSrv |
daemon.exe |
Supports the "pointer
stick" in lieu of a mouse on an IBM ThinkPad laptop. Necessary for the
"scroll" button to work |
| U |
TrackPointSrv |
tp4mon.exe |
Supports the "pointer
stick" in lieu of a mouse on an IBM ThinkPad laptop. Necessary for the
"scroll" button to work |
| U |
TrackpointSrv |
tp4serv.exe |
Supports the "pointer
stick" in lieu of a mouse on an IBM ThinkPad laptop. Necessary for the
"scroll" button to work |
| U |
Tracks Eraser |
te.exe |
Tracks Eraser from Acesoft - "Erases all tracks of your
internet activity" |
| U |
Tracks Eraser Pro |
te.exe |
Tracks Eraser Pro from Acesoft - "Erases all tracks of
your internet activity" |
| U |
tranicon |
tranicon.exe |
A
Tweak-XP component (only in the registered version), makes Desktop icons
transparent. Can be enabled/disabled via Tweak-XP -> System + File Tweaks
-> Windows Tweaks -> Desktop Tweaks -> Make Desktop Icons
Transparent |
| N |
Transcode360 |
Transcode360Tray.exe |
Designed
for WinXP Media Center Edition 2005 and the Xbox 360, Transcode360 aims to
broaden the support for a wide range of video media including DivX and XviD |
| U |
Transparent |
TransparentB.exe |
Utility to turn desktop icon text backgrounds transparent.
The last letter defines the icon text color: D= as desktop, W=white, B=black.
Available from here |
| U |
Transparent |
TransparentD.exe |
Utility to turn desktop icon text backgrounds transparent.
The last letter defines the icon text color: D= as desktop, W=white, B=black.
Available from here |
| U |
Transparent |
TransparentW.exe |
Utility to turn desktop icon text backgrounds transparent.
The last letter defines the icon text color: D= as desktop, W=white, B=black.
Available from here |
| U |
TransparentIcons |
tranicon.exe |
A
Tweak-XP component (only in the registered version), makes Desktop icons
transparent. Can be enabled/disabled via Tweak-XP -> System + File Tweaks
-> Windows Tweaks -> Desktop Tweaks -> Make Desktop Icons
Transparent |
| U |
transtask |
transtask.exe |
A
Tweak-XP component, makes the taskbar icons transparent |
| U |
Trashgrd |
TRASHGRD.EXE |
Part of McAfee Nuts & Bolts.
Protects all the files you delete, even files deleted in DOS or in 16-bit
Windows applications, by sending them to the Recycle Bin |
| X |
Tray |
rundll32.exe |
Added by the LINEAG-ADR TROJAN!
Note - this is not the legitimate rundll32.exe process, which is found in the
Windows folder (98ME) or the System32 folder(NT2000XP). This file is located
in an "command" sub-folder |
| U |
Tray Pilot Lite |
TrayPlt.exe |
Tray Pilot allows you to hide the System Tray window. No
longer supported by the authors |
| N |
Tray Temperature |
Weatherbug.exe |
Weatherbug provides current
outdoor temperature in the System Tray, also weather alerts. Available via
Start -> Programs |
| N |
tray_helper |
tray_helper.exe |
Tray
Helper is an Email checker with additional tools, including a popup window
killer, pinger module to monitor hosts and an event reminder |
| X |
Traybar |
lsass.exe |
Added by the MYDOOM.L WORM! Note
- this is not the legitimate lsass.exe process which is always located in the
System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure
in Msconfig/Startup! This file is located in the Winnt or Windows folder |
| U |
traydate.exe |
TRAYDATE.EXE |
Displays the date as well as the time in the System Tray.
Available from TUCOWS |
| U |
TrayManager |
Trayman.exe |
TrayManager hides system tray
icons (FreeCell won't work when TrayMan is loaded) |
| U |
Traymin900 |
Tray900.exe |
Related to the Philips SPC
webcam - System Tray manager for Personal 900 series camera |
| U |
Traymon |
traymon.exe |
Netropa Internet Receiver
traymonitor. Will only launch the bar if you are connected to the internet
and there's new news |
| N |
TraySantaCruz |
tbctray.exe |
Provides quick access via a
System Tray icon to the control panel for Turtle Beach's Santa Cruz or
VideoLogic's SonicFury soundcards. Available via Start -> Settings ->
Control Panel |
| N |
TrayServer |
TrayServer.exe |
For monitoring tray icons |
| X |
TrayX |
winppr32.exe |
Added by the SOBIG.F WORM! |
| U |
Trend Micro Anti-Spyware |
Tmas.exe |
Trend Micro Anti-Spyware - required when using real time
monitoring |
| Y |
Trend Micro AntiVirus 2007 |
tavui.exe |
Trend Micro AntiVirus |
| Y |
TrendMicro Antivirus |
Aveagent.exe |
Virus scanner |
| Y |
TrendMicro OfficeScan NT |
TMLISTEN.EXE |
Virus scanner |
| X |
Trickler |
[path to file] |
GAIN adware. Please note that
Claria Corporation no longer support GAIN-Supported software - see here |
| Y |
TridentTVIcon |
tvicon.exe |
Trident Microsystems, Inc
Display driver |
| ? |
TridTray |
TridTray.exe |
System Tray access to Trident
4DWave soundcards? |
| ? |
TridTray |
TridTray.exe |
System Tray access to Trident
4DWave soundcards? |
| U |
Trillian |
trillian.exe |
Part of Trillian IRC client |
| Y |
trirot |
trirot.exe |
Trident Microsystems 3D video
driver |
| U |
TRIXX |
TRIXX.exe |
Sapphire TRIXX
overclocking tool for the X800 GTO graphics card (and possiby others) -
"push default clock speeds to 560MHz or better" |
| N |
Trojan Guarder Gold Version |
Trojan Guarder.exe |
TrojanGuarder is a security risk that may give exaggerated
reports of threats on the computer. The program then prompts the user to
purchase a registered version of the software in order to remove the reported
threats |
| U |
Trojancheck 6 Guard |
tcguard.exe |
TrojanCheck anti-trojan
software |
| U |
TrojanScanner |
Trjscan.exe |
Trojan
Remover from Simply Super Software. Scans for an removes trojan viruses where
anti-virus software may have not detected or removed |
| U |
TrojanShield |
Init.exe |
TrojanShield |
| U |
TrojanShield Protector |
Port.exe |
TrojanShield
anti-hacker/anti-trojan software |
| U |
True Internet Color Icon |
internetcolor.exe |
Now superseeded by
ColorWizzard. Was part of 3Deep. "With True Internet Color PCs can
display the best color possible over the web. Enabled web sites will know how
connected monitors display color and will send them color corrected
images" |
| U |
TrueCrypt |
TrueCrypt.exe |
TrueCrypt is a free
open-source disk encryption software for Windows XP/2K/2003 and Linux. This
the Truecrypt background task that enables some background function of
truetyp: Hot-keys, autodismount, etc |
| X |
TrueFonts |
fonts.hta |
Browser hijacker - redirecting
to Hugesearch.net |
| N |
TrueImageMonitor.exe |
TrueImageMonitor.exe |
Part of Acronis True Image - backup software. Can be disabled
without affecting TrueImage |
| N |
TrueSync Launcher |
tstool.exe |
Starfish TrueSync - for
synchronization between Windows platforms and popular devices, applications
and services. Stafish became Intellisync which was acquired by Nokia and is
now no longer supported |
| X |
truetype |
truetype.exe |
Added by the COSIAM-I TROJAN! |
| Y |
TrueVector |
VSMON.EXE |
Even if you don't have ZoneAlarm
or ZoneAlarm Pro run at start-up you do need this |
| X |
Trust Cleaner |
TrustCleaner.exe |
Smitfraud variant |
| X |
TrustIn Popups |
TrustInPopups.exe |
TrustInPopups adware |
| ? |
trustras.exe |
trustras.exe |
Trust ADSL modem related. Is it required? |
| X |
TrustyHound-TS |
TrustyHound-TS.exe |
TrustyHound spyware |
| X |
tsa |
tsm.exe |
TargetSaver adware |
| X |
Tsa2 |
tsm2.exe |
TargetSaver adware |
| X |
TsAdbot |
TSADBOT.EXE |
TimeSink Add Client -
advertising spyware |
| ? |
TSBxLogon |
TMESBS2.EXE |
Found on
a Toshiba laptop. May be related to TMESBS? |
| U |
TSE_PLUtil |
PLBkMon.exe |
Prolific
USB Flash Disk Log On Application |
| X |
Tsk Mng Hlp |
wins32.exe |
Added by the AGOBOT-JB WORM! |
| X |
tskdbg |
tskdbg.exe |
Added by the FLOOD.E TROJAN! |
| X |
Tsklist |
tsklist32.exe |
Added by the BANCOS.SP
TROJAN as reported by Kaspersky |
| U |
TSkrMain |
TSkrMain.exe |
TOSHIBA Accelerometer Utilities
- hardware utilities that work with the motion sensors built into their
Tablet PCs. Detect the way you are holding it at any given moment, you can
set the machine to perform a specific function when the unit is quickly tilted
to the left or right, or to the front or back and you can also take control
of the cursor in some applications and make it move by leaning the PC in a
certain direction |
| X |
Tsl |
tsl.exe |
Uploader-R
adware |
| X |
Tsl2 |
tsl2.exe |
TargetSaver adware |
| N |
TSMsger |
TSMsger.exe |
Epson scannner software -
required for "one-touch" operation. Can be launched manually |
| N |
tsnp2std |
tsnp2std.exe |
Digital camera related |
| ? |
TSPower |
spower.drv |
Found on a Toshiba laptop. Related to power management? |
| X |
tsrv |
t2serv.exe |
Added
by the WAREZOV.AT WORM! |
| X |
tsrv |
tsrv.exe |
Added
by the WAREZOV.W WORM! |
| ? |
TSService |
NSSERVICE.EXE |
?? |
| X |
tsvcin |
n20050308.exe |
Delfin Media Viewer adware related |
| ? |
tsyssmon |
tsyssmon.exe |
Found in a Toshibasysstability
directory |
| X |
TSystem |
[trojan filename] |
Added
by the NSYS-A TROJAN! |
| X |
ttaa |
tata.exe |
Added by the LINEAGE-T TROJAN! |
| ? |
ttasq |
ttasq.exe |
?? |
| X |
ttool |
scvc.exe |
Added by the OWM TROJAN! |
| N |
TTrayp |
VTtrayp.exe |
Part of S3 Graphics Controllers
- S3 Screentoys Helper |
| X |
TTS Sync |
testtts.exe |
Added by the SDBOT.BVA WORM! |
| X |
Ttt |
Ttt.exe |
Added by a
variant of the SDBOT WORM! |
| X |
ttupt |
ttupt.exe |
eZula TopText adware |
| ? |
Tukati |
TukatiRedistributor.exe |
Tukati Digital Content Distribution. Is it required? |
| N |
tunebite |
tunebite.exe |
"Tunebite
lets you make unprotected copies of copy-protected music files by recording
them while they are being played". Can be launched from it's Start Menu
shortcut |
| U |
TuneUp MemOptimizer |
memoptimizer.exe |
Part of "TuneUp
Utilities", specifically 2003 version. "Monitors and optimizes free
memory in the background." Basically, it cleans RAM and also allows you
to clear the clipboard |
| X |
TurBo |
System.Trubo.vbs |
Added
by the AUTOM-C WORM! |
| U |
TurboExplorer |
TE.exe |
Web
accelerator - "TurboExplorer 2.x is a real-time web surfing accelerator
specifically designed for Internet Explorer 4/5 to achieve a faster and more
effective approach to the internet". Only needed if you find it improves
web browsing |
| U |
TurboLaunch |
Tlaunch.exe |
TurboLaunch
is a tool-bar style application that can be set up to run many programs and
perform certain pre-programmed actions |
| U |
TurboMemoryCharger |
turbomemorycharger.exe |
Turbo Memory Charger - memory
optimizer. MS MVPs (Most Valued Professional) recommend not using memory
managers with Win98/SE/ME. See this article and make up your own mind |
| N |
TurboNote |
tbnote.exe |
Post-It's on your desktop.
Available via Start -> Programs |
| U |
TurboTop |
TurboTop.exe |
TurboTop -
make any window "Always on top" |
| X |
TURXP Protocol |
sps32.exe |
Added by a
variant of the SDBOT WORM! |
| X |
tutcdchk2 |
tutcdchk2.exe |
Added by the VXGAME TROJAN! |
| X |
TV Media |
Tvm.exe |
CleverIEHooker hijacker variant |
| U |
TV Scheduler |
TVSCHL.EXE |
ProLink PlayTVpro TV tuner software scheduler |
| U |
TV878 Remote Control |
C7XRCtl.exe |
Related to Kworld TV878 Tuner |
| X |
TVMD |
tvmd.exe |
Total Velocity -
"Secure commerce company that enables the 'checkout' process for our
customers in order to safely and securely purchase our award winning
software". Autointsalling spyware |
| U |
TvNow |
TvNow.exe |
Application supplied with HP
notebooks. It activates the S-Video port and is said to improve the quality
of the output signal (resolution/timeouts) |
| U |
TvrRemote |
Remote.exe |
Remote
Control driver for LifeView internal and external TV products |
| U |
TvrSchedule |
Schedule.exe |
Scheduler for Mercury Ez View TV Tuner Card |
| N |
Tvs |
TvsTray.exe |
Toshiba Virtual Sound on a
notebook. Allows you to change sound settings on the fly - default setting is
"build-in speaker". You can also select external speaker, open type
headphone, or closed type headphone. Each setting has presets for Bass,
Stereo, and Clarity - which can also be changed by user if desired. Can also
be launched from Start -> Programs -> Toshiba -> Utilities |
| X |
tvs_b |
tvs_b.exe |
BroadcastPC adware variant |
| X |
tvs_b |
tvs_ln.exe |
BroadcastPC adware variant |
| X |
tvs_re |
tvs_re_inst.exe |
BroadcastPC adware variant |
| X |
TVTMD |
TVTMD.EXE |
Total Velocity variant -
autoinstalling spyware |
| U |
TVTunerLib |
TVTLInstTool.exe |
Related to Sony installer tool
for Sony TV tuner library |
| N |
TVWakeup |
tvwakeup.exe |
MS WebTV for Windows. Used to
display TV on your PC via a compatible video card with in-built tuner (such
as ATI All-In-Wonder). If you don't use it - uninstall it |
| ? |
Tvwatch |
tvwatch.exe |
Associated with the TV-oOut
option on Asus AGP or Intel graphics cards. Is it
required? |
| X |
Twain image |
mmp32.exe |
DailyWinner adware |
| ? |
TWarmBay |
N/A |
Found on a Toshiba laptop. Related to hotswap bay management? |
| U |
TWarnMsg |
twarnmsg.exe |
Toshiba System Warning Function
for Windows 98, Me, 2000 - provides notification dialog when the cooling fan
stops |
| ? |
TWBbtn |
N/A |
Found on a Toshiba laptop |
| ? |
TWBrowse |
TWBrowse.drv |
Found on a
Toshiba laptop. Possibly related to TWAIN drivers (ie, scanners, etc) - see
this? |
| ? |
Tweak Manager |
WinManager.Exe |
WinGuides Tweak
Manager. Is this required for the live updates feature and/or if settings are
changed? |
| X |
Tweak UI |
RunDLL32 tweakUI.DLL, TWEAKUI
/tweakmeup |
Added by the SUBWOOFER TROJAN! Note - the real Tweak UI entry
for this is "rundll32.exe tweakui.cpl, tweakmeup" |
| U |
Tweak UI |
rundll32.exe tweakui.cpl,
tweaklogon |
Automatically logs you on if you
have Microsoft's Tweak UI "powertoy" installed |
| U |
Tweak UI |
rundll32.exe tweakui.cpl,
tweakmeup |
Restores settings that can't be
retained if you have Microsoft's Tweak UI "powertoy" installed |
| U |
Tweak UI 1.33 deutsch |
RUNDLL32.EXE TWEAKUI.CPL,
TweakMeUp |
Restores settings that can't be
retained if you have Microsoft's Tweak UI "powertoy" installed -
German version |
| U |
TweakDUN |
tweakdun.exe |
Utility to optimize your
Internet Browser Software. TweakDUN promotes faster Internet data transfer
rates and faster downloads by eliminating fragmentation of data packets |
| U |
Tweaki4PU |
twksup.exe |
"Tweaki puts
several Windows utilities into one easy to use program while adding hundreds
of additional tweaks not found in other system tweakers" |
| ? |
tweakico |
tweakico.exe |
May be a HP program to control
their icons? |
| U |
TweakMASTER |
TMTray.exe |
TweakMASTER Internet
Optimizer |
| U |
Tweak-Me |
TWEAK-ME.exe |
3rd party version of Miscrosoft'sTweak UI
"powertoy" with many more options and controls (plus full support),
designed specifically to take advantage of features in WinMe/2K and above,
available from here |
| U |
Tweak-xp |
Tweak-xp.exe |
Main
program for Tweak-XP - a WinXP tweaking utility |
| ? |
TweakYC |
TweakYC.exe |
VideoMate TV
tuner and capture card related - what does it do and is it required? |
| U |
twister |
twister.exe |
Twister
"AntiTrojanVirus" |
| N |
TwkSCardSrv |
SCardS32.Exe |
Used with Towitoko SmartCard
Readers for card recognition |
| X |
twunk service |
twunk16.exe |
Added by the RBOT.BAT WORM! |
| X |
twunk_32 |
twunk_32.exe |
Added by the BLACKMAL.C WORM! Note - this malware actually
changes the default value data of the Registry "Run" key in order
to force Windows to launch it at boot. Name field may be empty |
| X |
Twunk_64 |
twunk_64.exe |
System1060 homepage hi-jacker.
Note - this is not a Windows file and is found in a WindowsSystem1060
directory |
| X |
tyack drive |
tyack.pif |
Added by the RBOT-AMT WORM! |
| N |
type32 |
type32.exe |
For MS programmable keyboards.
If you disable Intellitype in Startup, any "Hot Keys" that are
changed by the user to perform functions other than default settings, defer
back to their default settings. Not required unless you have changed them |
| N |
TypingSatellite |
KBOOST.exe |
Typing Master 2002
background utility that collects typing errors and builds up customised
typing lessons for your needs. Available via Start -> Programs |
| U |
U.S.Robotics WLAN Adapter
Configuration Utility |
USRWLAN.exe |
U.S.Robotics LAN Adapter - wireless LAN (WLAN) configuration
utility |
| X |
Uate |
oocs.exe |
PurityScan/Clickspring adware |
| U |
UBSShell |
UBSShell.exe |
UBS (United Bank of Switzerland)
banking software |
| N |
UC_SMB |
ucstart.exe |
Part of IBM Update connector on
IBM PCs for updating drivers on a new installation. Once you manually run the
IBM Update connector program (shortcut) this entry is removed |
| N |
uc_start |
ucstartup.exe |
Auto updater feature for IBM
machines that tries to connect to IBM to see if there are any new drivers,
patches and etc |
| X |
UCmd |
fallfour.exe |
Added by the SDBOT-AZA WORM! |
| U |
UCmore XP - The Search
Accelerator |
rundll32.exe UCMTSAIE.dll,
DllShowTB |
UCmore toolbar - search accelerator |
| U |
UD Agent |
UD.EXE |
The United Devices Agent can
recycle your PC's unused resources and use them to perform valuable
scientific and medical research without disturbing your usual computer use -
similar to SETI@home but for medical research. Available via Start >
Programs |
| N |
UDC6cw |
UDC6cw.exe |
DriveCleaner is a security assesment tool which gives
exaggerated reports of security and privacy risks on a computer. The program
then prompts the user to purchase a registered version of the software in
order to remove the reported risks |
| X |
udzok |
udzou.exe |
Added by the SDBOT-CUS WORM! |
| U |
Ueproc32 |
UEPROC32.exe |
Part of Norton Utilities - most
likely associated with the Unerase Wizard in older versions |
| X |
UFD Monitor9382 |
ufdlmon.exe |
Part of USB Flashdisk software -
what does it do and is it required? |
| ? |
UFD Utility9382 |
UFDTool.exe |
Part of USB Flashdisk software -
what does it do and is it required? |
| ? |
ugon |
aockstrs.exe |
?? |
| X |
uhvjsul.dll |
[path] rundll32.exe [path]
uhvjsul.dll, mrpmvyf |
Added by the BUSKY-G TROJAN! |
| N |
Uidler |
Uidler.exe |
Uniloc Titlewave Browser used
with some shareware |
| N |
UIWatcher |
UIWatcher.exe |
Ashampoo's Uninstaller Suite - installation watcher.
Available via Start -> Programs |
| U |
ujm |
nm32.exe |
Stranget keystroke logger/monitoring program - remove unless you
installed it yourself! Found in an "fyt" subfolder of the Windows
or Winnt folder |
| X |
UKVideo2 |
ukvideo2.exe |
Adult content dialler |
| ? |
Ulead AutoDetector v2 |
monitor.exe |
Related to Ulead Systems Inc.. What does it do and is it
required? |
| N |
Ulead Photo Express x.0 Calendar |
calcheck.exe |
Ulead Calendar
Checker - part of Ulead Photo Express, where "x" represents the
version number. Automatically replaces your calendar desktop wallpaper on a
weekly/monthly/yearly basis if you've created them. Not required - change
them manually |
| N |
Ultimate Cleaner |
App.exe |
Ultimate
Cleaner spyware remover - not recommended, see here |
| X |
UltimateBuddy |
UltimateBuddy.exe |
UltimateBuddy - installs malware, or is bundled with malware |
| N |
UltimateZip Quick Start |
uzqkst.exe |
UltimateZip - file
compression utility |
| N |
Ultra Hal Assistant 4.5 Startup |
HalAsst.exe |
Zabaware Ultra Hal
Assistant - artificial intelligence conversation simulator. It is capable of
being your digital secretary and companion |
| ? |
UltraDVDMon |
DVDMon.exe |
UltraDVD DVD player
software - is it required? |
| X |
Ulubione |
sys****.exe |
Ulubione adware |
| N |
UMAX VistaAccess |
vsaccess.exe |
VistaAccess gives you quick and
easy access to scanning functions right from your desktop |
| U |
UMonit |
umonit.exe |
Alerts when USB device is
plugged in |
| Y |
umxagent |
umxagent.exe |
Tiny
Personal Firewall V4 - main engine |
| Y |
umxldra |
umxldra.exe |
User mode
executive module DLL loader - part of Tiny Personal Firewall V4 |
| Y |
UMXLDRW |
UMXLDRW.exe |
Tiny
Personal Firewall (pre V4) |
| X |
un32info |
un32info.Exe |
Added by the CRYPTER.A TROJAN! |
| X |
UNERI |
yujixit.exe |
Added by the SDBOT.BOO WORM! |
| U |
UnHackMe Monitor |
hackmon.exe |
UnHackMe allows you to
detect and remove a new generation of 'invisible' Trojan programs called
"rootkits" |
| U |
Uniblue Quick Access |
qaccess.exe |
Quick
Access application from UniBlue Systems Ltd - "helps you account for all
processes on your computer by providing an additional plug-in for the Windows
task manager" |
| U |
Uniblue Registry Booster |
RegistryBooster.exe |
Uniblue
"Registry Booster is the safest and most trusted solution to clean and
optimise your system, free it from registry errors and fragmented
entries" |
| U |
Uniblue SpyEraser |
spyeraser.exe |
SpyEraser
from Uniblue. Spyware detection program |
| X |
uninstal |
regsvr32 image.dll |
CoolWebSearch
parasite variant |
| X |
Uninstall**** |
upd.exe |
Adult content based screen saver
where **** can be any number |
| X |
Uninstall_TBPS |
TBuninst.exe |
WebSearch Toolbar - HuntBar hijacker, toolbar installer
variant |
| N |
UninstallAbility |
uability.exe |
UninstallAbility
free uninstaller |
| X |
UninstallHL |
PreUninstallHL.exe |
LinkReplacer/FFinder
adware |
| X |
UninstallQL |
PreUninstallQL.exe |
LinkReplacer/FFinder
adware |
| U |
UniPrint |
SetDfltSettings.exe |
Drivers for Uniprint, a printing
help for Terminal Services and Citrix which recieves downloaded files from a
Uniprint enabled server and prints them locally allowing for truly universal
printing through Terminal Services or Citrix |
| U |
UniSc |
Unisc.exe |
McAfee UnInstaller |
| ? |
uniucu |
uniucu.exe |
?? |
| X |
Universal USB Service |
svchost32.exe |
Added by the KELVIR.R WORM! |
| X |
Unix File Support |
init3.exe |
Added
by the RBOT-ZN WORM! |
| X |
unldr16 |
unldr16.exe |
Added by a variant of the CRYPTER.C TROJAN! |
| X |
unldr32 |
unldr32.exe |
Added by a variant of the CRYPTER.C TROJAN! |
| U |
UnlockerAssistant |
UnlockerAssistant.exe |
Related to Unlocker
utility to unlock files when the OS reports the file is being used by an
other person or program |
| N |
UnSpyPC |
UnSpyPC.exe |
Spyware
remover - not recommended, see here |
| Y |
untray |
untray.exe |
Command Antivirus
related |
| N |
uoltray |
exec.exe |
Netzero free ISP software - not
required |
| X |
Up Service |
up32.pif |
Added by the RBOT-ARI WORM! |
| N |
UpConfgVer |
UpgConf.exe |
Panda Antivirus Platinum.
Purpose unclear, but according to Panda Software not required for the AV to
function |
| X |
Updade Windows |
winlogom.exe |
Added
by the LYNDEGG WORM! |
| X |
Update |
CDUpdater.exe |
"Carpe Diem" adult
premium rate dialler related |
| X |
Update |
csrss.exe |
Added by the ADCLICK-AG TROJAN!
Note - this is not the legitimate csrss.exe process which is always located
in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is located in the Winnt or Windows
folder |
| X |
Update |
csrss.exe |
Added by the MEHEERWAR TROJAN!
Note - this is not the legitimate csrss.exe process which is always located
in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is found in a "winupdate"
subfolder |
| X |
Update |
hanz.exe |
Added by a variant of the RBOT-GLJ WORM! |
| X |
Update |
lsass.exe |
Added by the ADCLICK-AG TROJAN!
Note - this is not the legitimate lsass.exe process which is always located
in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is located in the Winnt or Windows
folder |
| X |
Update |
mshtm.exe |
Browser hijacker - redirecting
to buldog-search.com |
| X |
update |
r00t.exe |
Added
by the RBOT-ACO WORM! |
| X |
UpDate |
RAuth.exe |
Added by the DLOADER-UL TROJAN! |
| X |
Update |
svchost.exe |
Added by the ADCLICK-AG TROJAN!
Note - this is not the legitimate svchost.exe process which is always located
in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is located in the Winnt or Windows
folder |
| X |
Update |
Sysupd.exe |
Added by the SLACKBOT VIRUS! |
| X |
Update |
Update.exe |
QuickButton adware |
| X |
Update |
UPDATE-28062004.exe[25 blank
spaces].vbs |
Added by the MIDFIN WORM! |
| X |
update |
winis.exe |
Added
by the RBOT-VD WORM! |
| X |
UPDATE |
WinUpdater5.0.vbs |
Added by the GORMLEZ-A WORM! |
| X |
Update |
Zupdate.exe |
Associated with B3d Projector
foistware - see here |
| X |
Update Checker |
scvhost.exe |
Added by the AGENT-DSF TROJAN! |
| X |
Update Checker |
winlog.exe |
Added by the IRCBOT-TJ TROJAN! |
| X |
Update for Windows |
[various filenames] |
Added
by the LERPA-A WORM! Note - the file name will be one of the following
common.exe, common.pif, common.scr, Sexo.exe, Sexo.jpg.pif, ini_file__.pif,
load_me__.tmp, msfile.pif, system_load_.pif or zipped.rar.pif |
| ? |
Update for Works |
MSWkstz.exe |
Maybe related to later versions
of MS Works? |
| N |
Update Grokster |
WiseUpdt.exe |
Automatically updates the
Grokster file sharing software. Beware of adware and spyware when using this
type of program, for instance, Grokster contains CyDoor |
| X |
Update Install |
Schost.exe |
Added by the GAOBOT.AO WORM! |
| ? |
Update local |
SetCPQLC.exe |
Running on a Compaq desktop. Any
ideas? |
| N |
Update Manager |
UpdateManager.exe |
Searches
for updates for the Rogers Yahoo! Browser - can be run manually |
| X |
update run dos |
logon.exe |
Added by a
variant of the SDBOT WORM! |
| X |
Update Run MSword |
LOGON.EXE |
Added by the RBOT.TY WORM! |
| X |
update service |
svxhost.exe |
Added
by the RBOT-MG WORM! |
| Y |
Update Service |
Update.exe |
Loaded by
Handybits programs such as EasyCrypto. Re-instates itself every time the
program is run so best to leave it enabled. Prevent it dialling out via a
firewall |
| X |
Update Service |
winu32.exe |
Added
by the RBOT-MG WORM! |
| X |
update service |
winx.exe |
Added by a variant of the RBOT WORM! |
| ? |
Update TUT |
WiseUpdt.exe |
?? |
| X |
Update ver 1.0 |
Swap.exe |
Added
by the SWAP-C WORM! |
| X |
Update Windows |
EXPLORE.EXE |
Added by a
variant of the SDBOT WORM! |
| X |
Update Windows |
EXPLORE.EXE |
Added by a
variant of the SDBOT WORM! |
| X |
Update.exe |
ravseuper.exe |
Added by the QQPASS-P TROJAN! |
| N |
UPDATE~1 |
updatemgr.exe |
Once a month, your EarthLink 5.0
Update Manager contacts EarthLink's servers to check for software updates. If
an update is available for your EarthLink software, Update Manager will
inform you and, with your permission, download and install the update. Can go
to http://www.earthlink.net and download the updates manually |
| X |
Update32 |
configs.exe |
Hijacker,
also detected as the QURL-2 TROJAN! |
| X |
UpdateCheck |
winstall.exe |
Added by the SPYBOT-CY WORM! |
| X |
UpdateComponent |
CNF UPD.EXE |
Added by the SPYBOT.GEN VIRUS! |
| ? |
UpdateFW |
fwdload.exe |
Appears to be firmware update
software for a Network Associates ATMbook OC-3 SMF Interface Module? |
| ? |
UPDATEHOOK |
Rundll32.exe |
?? |
| X |
updatelavasoft |
updatelavasoft.exe |
CoolWebSearch
parasite variant - redirecting to lalasearch.com |
| U |
UpdateManager |
sgtray.exe |
StorageGuard from Veritas (this
version by Sonic). Free utility that integrates with Backup MyPC (formerly
Backup Exec Desktop), Simple Backup and MS Backup. Provides system tray
access and background monitoring - warning you of files that haven't recently
been backed up. Required unless you backup manually on a regular basis or
have scheduled backups |
| X |
UpdateMedia |
UpdateMedia.exe |
MediaUpdate foistware |
| N |
updateMgr |
AdobeUpdateManager.exe |
Automatic updates for the Adobe
Reader file viewer |
| X |
UpdateMgr |
updmgr.exe |
Added by the SouthBeachTel premium rate adult content dialer |
| N |
updatemgr.exe |
updatemgr.exe |
Once a month, your EarthLink 5.0
Update Manager contacts EarthLink's servers to check for software updates. If
an update is available for your EarthLink software, Update Manager will
inform you and, with your permission, download and install the update. Can go
to http://www.earthlink.net and download the updates manually |
| X |
UPDATEMSN |
svhost.exe |
Added by an unidentified WORM or
TROJAN! |
| X |
Updater |
adservernow.exe |
AdServerNow adware |
| ? |
updater |
updater.exe |
?? |
| X |
updater |
wisvc.exe |
Added
by the ORSE-A TROJAN! |
| X |
updater |
wupdater.exe |
eUniverse/KeenValue adware |
| X |
Updater Service Process |
svhost32.exe |
Added by the AGOBOT.TY WORM! |
| X |
updater32 |
winload32.exe |
Added by the CULT.M WORM! |
| X |
updatereal |
realupdate.exe |
Chinese originated adware |
| X |
Updates |
msupdate.exe |
CoolWebSearch
parasite variant |
| N |
Updates from HP |
backweb*****.exe |
See here - "messaging service that automatically sends
you support information, tips, ideas, and special offers from HP and our
partners, especially designed for HP and Compaq desktop computer
owners". * can be any digit |
| N |
Updates from HP |
Updates from HP.exe |
Automatically detects an
internet connection and downloads any available updates |
| X |
UpdateService |
wservice.exe |
Added
by the DREF-K WORM! |
| X |
Updatestats |
Updatestats.exe |
Statblaster adware |
| X |
UpdateStats |
UpdateStats.exe |
SeekSeek search hijacker related - see here |
| N |
updatev01 |
updatev01.exe |
Ultra-networks.com software
updater/downloader |
| X |
updatewin |
update.exe |
Added by a
variant of the SDBOT WORM! |
| ? |
Updatewiz |
updatewiz.exe |
?? |
| X |
upddateit |
winit.exe |
Added
by the RBOT-MS WORM! |
| X |
updmgr |
rvupdmgr.exe |
eUniverse/KeenValue adware |
| X |
Updmgr |
updmgr.exe |
eUniverse/KeenValue adware |
| X |
upDpacketo |
services.exe |
Added by the NAFBOT-A TROJAN!
Note - this is not the legitimate services.exe process which is always
located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not
normally figure in Msconfig/Startup! This file is located in a "TEMPER"
subfolder of the Windows or Winnt folder |
| N |
UpdReg |
Updreg.exe |
Reminder to register Creative
Labs SoundBlaster Live! cards |
| X |
UpdSys |
[random filename] |
Added by the BJ TROJAN! |
| X |
Updt Service |
updt.pif |
Added by the RBOT-AYU WORM! |
| X |
updwebmin |
updwebmin.exe |
Added by the BACKDOOR.GEN TROJAN! |
| ? |
UPERVGAS |
UPERVGAS.exe |
?? |
| X |
Upgrade Sarvice |
sxchost.exe |
Added by a variant of the TOFGER-I TROJAN! |
| X |
Upgrade Service |
sxchost.exe |
Added by the TOFGER-I TROJAN! |
| X |
Upgrade Service |
winupd.exe |
Added by the TOFGER-U TROJAN! |
| X |
upme |
[filename] |
Added by the MUGLY.F WORM! |
| X |
Upme |
DLLMAN.EXE |
Added by the MUGLY.I WORM! |
| X |
upnp |
upnp.exe |
Added by the DLOADR-YT WORM! |
| X |
UPnP Manager |
upnpman.exe |
Added by a variant of the AGOBOT WORM! |
| X |
UPNPService |
WinSVCservice.exe |
Added by the AGOBOT.UN WORM! |
| U |
Upromise0 |
Upromise0.exe |
Upromise college
savings program |
| U |
UpromiseRemindU |
wjview ...Code |
Part of the Upromise saving
scheme but associated with Ebates MoneyMaker adware so the choice is yours |
| Y |
UPS |
ups.exe |
PowerChute v5.02 - UPS
Monitoring Module (which loads iconclnt - the tray icon) |
| X |
UPS |
UPS32.exe |
Added by the FEMOT.O WORM! |
| Y |
UPSentry 2000 |
upsd.exe |
Used with Belkin UPS
(Uninterruptable Power Supply) for support in the event of a power-loss |
| Y |
UPSlim |
upsd.exe |
Used with Belkin UPS
(Uninterruptable Power Supply) for support in the event of a power-loss |
| U |
UPSMON |
UPSMON.exe |
UPSMON Power Management software |
| X |
UPSUtl |
web.exe |
CoolWebSearch
parasite variant |
| U |
Uptimer4 |
Uptimer4.exe |
Uptimer4 is an appbar which
displays time, date, uptime, free ram, free pagefile, cpu usage, disk free
space, battery power, IP addresses, TCP throughput, list of running
processes, netstat and several more things |
| X |
UpTimes service |
WinUp.exe |
Added by the RBOT-AKB WORM! |
| X |
UpToDate |
uptodate.exe |
BrowserAid/BrowserPal foistware |
| X |
upxdn |
upxdn.exe |
Added by the AGENT.NCC TROJAN! |
| X |
upxdnd |
upxdnd.exe |
Added
by the JD-A TROJAN! |
| X |
upyxo |
yujixit.exe |
Added by the SDBOT.BIX WORM! |
| Y |
UrlLstCk |
UrlLstCk.exe |
Part of Norton Internet
Security. From Symantec - "UrlLstCk.exe is a necessary file that will be
present in C:Program FilesNorton Internet Security. It is a URL Checklist. It
should not be disabled" |
| N |
URLMAP |
Urlmap.exe |
Installed by MS Money, and runs
whenever you start IE. All it does is bring up an annoying sidebar (kind of
like the search window) with 'financial links' when the web page supports it |
| Y |
UrtSvcExe |
Urt95Svc.exe |
"Cisco Secure URT is a
virtual LAN (VLAN) assignment service that enhances LAN security by actively
identifying and authenticating users and then associating them only to their
specific network services and resources" |
| X |
usb |
SASS.EXE |
Added by the FUNSTA-A TROJAN! |
| ? |
Usb |
Usb.exe |
HP related - not sure whether
it's required |
| X |
USB 2.0 Driver |
updateXP.exe |
Added by the AGOBOT-QP WORM! |
| X |
USB 2.0 Driver |
updateXPSPC.exe |
Added by the AGOBOT-RJ WORM! |
| X |
USB 2.0 Driver |
Winsys32.exe |
Added by the AGOBOT-QM WORM! |
| X |
USB 2.0 Driver |
winsystem.exe |
Added by the AGOBOT-QS WORM! |
| X |
USB 2.1 Driver |
winupdate1.exe |
Added by a variant of the RBOT WORM! |
| X |
USB controller |
Svcmm32.exe |
SvcMM backdoor parasite
downloader |
| X |
USB Device |
servicelog.exe |
Added by the WOOTBOT.CB WORM! |
| X |
USB Device |
win32usb.exe |
Added by the FORBOT-BQ WORM! |
| X |
USB Driver4 |
UpdateXP*.exe [* = random digit] |
Added by a
variant of the SDBOT WORM! |
| X |
USB Drivers1 |
msupdate.exe |
Added by a variant of the RBOT WORM! |
| X |
USB Driverz2 |
msnplus1.exe |
Added
by the SDBOT-XQ WORM! |
| X |
USB Fix 1.1 |
wuservices.exe |
Added by a
variant of the SDBOT WORM! |
| X |
USB Fixes |
wuafix.exe |
Added
by the RBOT-ABV TROJAN! |
| X |
USB Hardware Monitoring |
USBhardware.exe |
Added
by the RBOT-NN WORM! |
| Y |
USB Hardware326 Monitoring |
USBhardware326.exe |
Added by a variant of the SPYBOT WORM! |
| X |
USB Hardware32c Monitoring |
USBHARDWARE32C.EXE |
Added
by the RBOT-UU WORM! |
| X |
USB Host Service |
usbsvc.exe |
Added
by the RBOT-GG WORM! |
| ? |
USB Hub Keyboard Patch |
SKBPATCH.EXE |
USB HUB Update |
| Y |
USB SECURITY DEVICE CoInstaller |
JupitCo.exe |
ButterflyMedia USB Flash drive related - required for the
password security feature to work |
| X |
USB Updates |
mservices.exe |
Added by a
variant of the SDBOT WORM! |
| X |
USB Updates |
msfirewalls.exe |
Added by a variant of the RBOT WORM! |
| X |
USB Updates 2 |
wugfixx.exe |
Added by a variant of the RBOT WORM! |
| N |
USB2Check |
PCLECoInst.dll |
Related to Pinnacle
Systems Inc. CoInstaller - you can execute the USB2.0 interface check program
(Usb2Check.exe file) to check if your system is a USB2.0 enabled system |
| X |
USBConfigration2 |
wmmndir.exe |
Added by the AGOBOT-SV WORM! |
| X |
UsbD |
[path to trojan] |
Added by the CIDRA-F TROJAN! |
| X |
UsbD |
smss32.exe |
Adware downloader -
recognized by Kaspersky antivirus as Trojan-Proxy.Win32.Agent.cj |
| X |
UsbD |
svhost32.exe |
Added by the AGENT.IB TROJAN! |
| X |
Usbd |
usb_d.exe |
Added by the CIDRA-A TROJAN! |
| U |
USBDetector |
UDetect.exe |
USB tray icon/detection for
external Belkin (and maybe other makes) under Win98 |
| U |
USBDetector |
USBDetector.exe |
USBDetector sets up an icon in
the System Tray for a USB card which is intended to be used to eject or
unplug hardware |
| X |
USBDrives |
msfirewalI.exe |
Added
by the RBOT-ABP WORM! |
| X |
usbdrv |
servicetask.exe |
Added by a variant of the SDBOT WORM! |
| X |
USBHWDRV |
gam.exe |
Added by a variant of the LOWZONE-I TROJAN! |
| X |
USBHWDRV |
msdc.exe |
Added by a variant of the LOWZONE-I TROJAN! |
| X |
USBHWDRV |
sst4.exe |
Added by a variant of the LOWZONE-I TROJAN! |
| X |
USBHWINFO |
[path to trojan] |
Added by the LOWZONE-I TROJAN! |
| X |
USBHWINFO |
mac.exe |
Added by the LOWZONE-I TROJAN! |
| X |
USBHWINFO |
sst6.exe |
Added by the LOWZONE-I TROJAN! |
| U |
USBMMKBD |
usbmmkbd.exe |
USB multimedia keyboard for HP
systems. Allows the use of special function keys on USB keyboards. The latest
version no longer pings a server when on-line wheras the older version did
but did not transmit any user information |
| U |
USBMonit.exe |
USBMonit.exe |
Monitors USB ports for insertion
of Sandisk USB flashdrives |
| X |
usbn |
[path to trojan] |
Added by the HOGIL-C TROJAN! |
| X |
usbn |
usbn.exe |
Adult content dialer -
recognized by Kaspersky antivirus as Trojan-Downloader.Win32.Small.afa |
| Y |
USBPNP |
USBPNP.exe |
SiPix digital camera Twain USB
driver |
| N |
USBTA |
usbtapnp.exe |
System Tray access for the BeWAN Gazel 128 USB ISDN adapter |
| ? |
USBToolTip |
USBTip.exe |
Related to Pinnacle
Systems Inc. What does it do and is it required? |
| X |
useful-soft |
svchst.exe |
Added by the STARTPA-HH TROJAN! |
| X |
user |
user32.exe |
Added by the BINGHE TROJAN! |
| U |
User Logger |
UsrLog.exe |
UserLogger is a commercial surveillance software program. It
logs keystrokes, programs used and computer ID information. It also captures
screenshots, can hide its presence on the computer and can be disguised in
the Windows Task list |
| X |
User Manager |
fcllls.exe |
Added by the ZAGABAN-B TROJAN! |
| X |
User Services |
usersvc.exe |
Added by the REVCUSS.A TROJAN! |
| X |
User23.exe |
DIAL.exe |
This is a trojan trying to
disguise itself as User32.dll |
| X |
User32 |
[filename] |
Added by the NETTRASH TROJAN! |
| N |
UserFaultCheck |
dumprep 0 -u |
Used in connection with memory
dumps - you can disable these by - right clicking on My Computer, selecting
Properties and then the Advanced tab. Click on the Settings button in
'Startup and Recovery'. In the bottom pane - under 'Write debugging information'
- click on the down arrow and then select 'None' - OK your way out |
| X |
userinit |
choo_003956f4 |
Added by the PEED.16896 TROJAN! |
| X |
Userinit |
lsass.exe |
Added by a variant of the
DLOADER-TP TROJAN! Note - this is not the legitimate lsass.exe process which
is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and
should not normally figure in Msconfig/Startup! This file is located in the Program
FilesCommon Files folder |
| X |
Userinit |
lsass.exe |
Added by a variant of the
VIRAN-A TROJAN! Note - this is not the legitimate lsass.exe process which is
always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should
not normally figure in Msconfig/Startup! This file is located in the Program
FilesCommon FilesSystem folder |
| X |
userinit |
ntos.exe |
Added by the AGENT-ECU TROJAN! |
| X |
userinit |
smss.exe |
Added by the DLOADR-B TROJAN!
Note - this is not the legitimate smss.exe process which is always located in
the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This trojan file is found in the Windows or Winnt
folder |
| X |
userinit |
winlogon.exe |
Added by the DLOADER-TP TROJAN!
Note - this is not the legitimate winlogon.exe process, which should not
appear in Msconfig/Startup and is always located in the System32 folder. This
file is placed in the Windows or Winnt folder |
| X |
UserInit StartUp |
rpcxuisu.exe |
Added by a
variant of the SDBOT WORM! |
| X |
userint32 |
userint32.exe |
Added by an unidentified TROJAN
via an Instant Message that says, "This was cool, check it out
here." Also contains Aurora popups |
| X |
USERINTERFACE REPORT3R |
M0USE.exe |
Added by the MYTOB.HS WORM! |
| X |
Userinterface Reporter |
fuuuucktttttt.exe |
Added by the MYTOB-DK WORM! |
| X |
Userinterface Reporter |
srv32.exe |
ISTBar adware |
| X |
UserSystem |
[filename] |
CoolWebSearch Smartsearch
parasite variant. Also detected as the SEARCH-A TROJAN! |
| X |
ushli |
sscbltqu.exe |
Obtained from an MP3 search list
site. Also generates random processes on reboot |
| X |
usrgtway.exe |
syswrun4x.exe |
Added by the MITGLIEDER.E TROJAN! |
| N |
USRobotics 802.11g Wireless
Network Utility |
USRWLANG.exe |
USRobotics Wireless Network
Utility - used to configure security settings for connecting to WEP encrypted
Access Point through the USR Wireless adapter. You must uncheck "Use
Windows to configure my wireless settings" for the program to work properly.
Has Site Survey capabilities, and reports link quality and signal strength.
Not required for proper operation of the device as the features given are
accessible in the network connection properties |
| N |
Usrobotics Online Registration |
?? |
Pop-up reminding customers to
register their products online at US Robotics |
| Y |
USRpdA |
USRmlnkA.exe |
Modem driver files from US
Robotics |
| X |
Usrr |
rncr.exe |
PurityScan/Clickspring adware |
| X |
Usrr |
rpen.exe |
PurityScan/Clickspring adware |
| ? |
USRSTA |
USRSTA.exe |
Wireless Card controller. What does it do and is it required? |
| ? |
USRSTA.EXE |
USRSTA.EXE |
Wireless Card controller. What does it do and is it required? |
| N |
USSShReg |
USSSHREG.EXE |
Registration reminder for Ulead
SmartSaver Pro - compacts large graphics for web designers |
| U |
UStorag |
ustorage.exe |
U-Storage is application software running under Microsoft
Windows, it provides functions and utility to manage STF flash drive (USB
drive) for security, partition, boot-ability and recovery. See note |
| N |
Ustorage |
Ustorage.exe |
Maintenance tool (enable security functions) for a USB drive
from Pretec |
| ? |
Utility Ping |
UTILIT~1.EXE |
?? |
| N |
UtilityPro |
UtilityPro.exe |
IE search toolbars
as supplied by people such as Yellow Internet and SearchBoss and written by
Rawhide Search Solutions |
| Y |
UTILsInst |
N/A |
For Gilat Communications
internet satellite systems. Gilat rescue (Satellite system restore). Required
if you have this system. Can cause a BSOD (blue screen of death) if left out |
| N |
Utopia Angel |
Angel.exe |
Calculator for the
online Utopia game |
| X |
uvnx |
uvcx.exe |
Added by the DLOADR-AWF TROJAN! |
| X |
uvnx |
uvnx.exe |
Added by the SMALL.CUL TROJAN! |
| U |
UVS10 Preload |
uvPL.exe |
Related to Ulead VideoStudio
video editing and DVD authoring software |
| N |
uwa7pcw |
uwa7pcw.exe |
WinAntiVirus
Pro 2007 virus software - not recommended, see here |
| X |
uwyrl |
uwyrl.exe |
Added by the PHEL.A TROJAN! |
| X |
uwyw.exe |
yujixit.exe |
Added by the SDBOT.BGB WORM! |
| ? |
v |
WMPVer.EXE |
Dritek System Inc. 3D Mouse
related. Is it required? |
| U |
V.92 Modem On Hold |
Ltmoh.exe |
Modem On Hold utility - manages
incoming/outgoing voice calls on a single phone line while being connected to
the internet |
| Y |
V0250Mon.exe |
V0250Mon.exe |
Part of Creative Webcam Launcher |
| Y |
V128IID |
Rundll32.exe v128iitw.dll,
STB_InitTweak |
Loads drivers for some STB
graphics cards such as the STB nVIDIA TNT 16MB. Required if you don't want to
experience lock-ups or error messages |
| ? |
V128IITV |
?? |
Loads drivers for some STB
graphics cards. May be related to such a card with a TV
out option? |
| ? |
V66SHELL |
V66SHELL.EXE |
It looks to be part of the
display driver set for ASUS V3800, V6600 and V6800 display adapters. Probably
a system tray quick access control? |
| U |
va10key |
va10key.exe |
Only required if you use the 10
kay bay unit with a Sony Vaio laptop |
| X |
VaCtrls |
v7 |
Added by an unidentified WORM or
TROJAN! |
| X |
Vaganza-XPloit-[User Name]" |
[user name].exe |
Added by the GAVGENT.A WORM! |
| Y |
VAGCtrl |
VAGCTRL.EXE |
Vexira
Antivirus - virus scanner from Central Command |
| Y |
VAGuard |
VAGNT.exe |
Vexira
Antivirus - virus scanner from Central Command |
| U |
VAIO Action Setup (Server) |
VAServ.exe |
Sony Vaio utility that
auto-launches selected applications when you plug in a digital video camera,
digital still camera, etc. via iLink (FireWire) or USB |
| U |
VAIO Recovery |
PartSeal.exe |
System backup for Sony Vaio PCs.
Adds a recovery mechanism for users over and above any System Restore
features - allowing users to revert a drive back to the state it was when
bought form the factory by hitting F10. The user obviously loses any data stored
if not backed-up elsewhere |
| U |
VAIO Update 2 |
VAIOUpdt.exe |
Related to Sony Vaio Update
service. This program is non-essential process to the running of the program,
but should not be terminated unless suspected to be causing problems |
| X |
ValidData |
[path to trojan] |
Added by the RANKY.H TROJAN! |
| X |
valuename |
svchosts.exe |
Added by a
variant of the SDBOT WORM! |
| X |
VB_run |
comctl_32.exe |
Dubious downloader from
densmail.com |
| X |
vb6 |
vb6.exe |
Added by the MUGLY.D WORM! |
| X |
VBouncer |
VirtualBouncer.exe |
Virtual Bouncer - malware from
Spyware Labs. It is distributed by the same bundling and drive-by download
techniques as the parasites it claims to remove, so definitely qualifies as
unsolicited commercial software in itself. It also has an update feature that
can download and execute arbitrary code. Warning - choose "custom"
uninstall as "automatic" may remove other programs - see here |
| X |
VbouncerDL |
VbouncerInner****.exe [* =
random char] |
Virtual Bouncer - malware from
Spyware Labs. It is distributed by the same bundling and drive-by download
techniques as the parasites it claims to remove, so definitely qualifies as
unsolicited commercial software in itself. It also has an update feature that
can download and execute arbitrary code. Warning - choose "custom"
uninstall as "automatic" may remove other programs - see here |
| X |
VbouncerDL |
VBouncerInner.exe |
Virtual Bouncer - malware from
Spyware Labs. It is distributed by the same bundling and drive-by download
techniques as the parasites it claims to remove, so definitely qualifies as
unsolicited commercial software in itself. It also has an update feature that
can download and execute arbitrary code. Warning - choose "custom"
uninstall as "automatic" may remove other programs - see here |
| X |
VBS.Ipnuker@mm |
[worm filename].vbs |
Added by the NUKIP WORM! |
| X |
VBS_AUTO_UPDATE |
0548656X.vbs |
Added by the GORMLEZ-A WORM! |
| X |
VBundleOuterDL |
BundleOuter.EXE |
Virtual Bouncer - malware from
Spyware Labs. It is distributed by the same bundling and drive-by download
techniques as the parasites it claims to remove, so definitely qualifies as
unsolicited commercial software in itself. It also has an update feature that
can download and execute arbitrary code. Warning - choose "custom"
uninstall as "automatic" may remove other programs - see here |
| U |
VC_Log |
keylog.exe |
PaqKeylog is a surveillance software program that logs
keystrokes and can run in stealth mode. Uninstall this software unless you
put it there yourself |
| X |
VC5MediaPlayer |
csmss.exe |
Added by the DEDLER-B WORM! |
| N |
VC5Play |
VC5Play.exe |
Virtual CD drive
emulator - version 5. Available via Start -> Programs |
| N |
VC6play |
VC6Play.exe |
Virtual CD drive
emulator - version 6. Available via Start -> Programs |
| N |
VC7Play |
VC7Play.exe |
Virtual CD drive
emulator - version 7. Available via Start -> Programs |
| N |
VC7Player |
VC7Play.exe |
Virtual CD drive
emulator - version 7. Available via Start -> Programs |
| X |
VCatch |
Vcatch.exe |
CommonSearch Vcatch -
"antivirus" software which actually bundles spy/adware itself! |
| X |
VCatch Premium |
VCatchpre.exe |
VCatch antivirus. Considered spyware itself - see here |
| N |
VCDPlayer |
VCDPlayer.exe |
Virtual CD drive
emulator. Available via Start -> Programs |
| N |
vcdplayx |
vcdplayx.exe |
CD emulation part of GameDrive
& VirtualDrive from Farstone. Not required as starting these programs
load this automatically |
| U |
VCDTower |
VCDTower.exe |
Goldensoft CD Ghost related -
turns a computer into a 200X-speed CD-ROM tower. Working from the hard drive,
users can simultaneously access as many as 23 virtual CD-ROM drives at a
speed of 200X for true multitasking |
| ? |
VCDWATCH |
VCDWATCH.EXE |
Confirmed as Voyetra CD Watcher
as it was found in a Compaq/Voyetra/AS2 directory but what does it do? |
| X |
VCMnet11 |
VCMnet11.exe |
Windows
AFA Internet Enhancement - a browser hijacker, redirecting to
adsourcecorp.com. See here |
| X |
VCS Host |
vcshost.exe |
Added by the RBOT-FKT WORM! |
| N |
VCSPlayer |
vcsplay.exe |
Virtual CD drive
emulator. Available via Start -> Programs |
| X |
VCXD Settings |
phqg.EXE |
Added by the RBOT.BRF WORM! |
| X |
Vdat Update |
lalaa.exe |
Added by a variant of the RBOT WORM! |
| ? |
VDI Manager (HP) |
HPO0VDX05.exe |
HP (Hewlett-Packard) related.
Now - what does it do? |
| N |
vdtask |
vdtask.exe |
Program part of GameDrive &
VirtualDrive from Farstone. Not required as starting these programs load this
automatically |
| N |
Vegas Palms - Launcher |
Launcher.exe |
Vegas Palms on-line cassino |
| X |
veja_fotos.exe |
veja_fotos.exe |
Added by the MDROP-F TROJAN! |
| U |
VERBATIM STORE 'N' G |
verbatim store 'n' go.exe |
Loads the driver for the
Verbatim Store'n'Go PRO USB Flash Drive - reportedly required only on systems
running Windows 98 and Millennium |
| X |
Verif |
vxst.exe |
Added by the NOPIR.B WORM! |
| N |
Verizon Control Pad |
cpad.exe |
Control Pad - installed with Verizon DSL accounts. Tool
designed to streamline the online experience |
| U |
Verizon Online Support Center |
matcli.exe |
"matcli.exe is a motive
Assistant Command line interface that gathers information about your system's
identity like your name email address, city, state, etc and gets written to a
log file". Verizon Online Support Center is required to run with the
Help and Support program. If you uncheck Verizon Online Support Center and
and then run help and Support it will add another Verizon Online Support
Center in the startup menu. If you remove the Verizon Online Support Center
in the add/remove program some help menus in help and support will not be
available. You decide |
| U |
VerizonServicepoint.exe |
VerizonServicepoint.exe |
Part of Verizon Online
Support Manager |
| X |
vern16.dll |
regsvr32.exe [path] vernn16.dll |
DailyWinner adware |
| U |
versato |
versato.exe |
"Hot"
button (such as volume and browser control) management and a CD player as
supplied with QTronix (as possibly Micro Innovations) keyboards |
| X |
version |
adl_dh.exe |
DealHelper adware related |
| X |
Version |
manage.exe |
JRAUN adware variant |
| X |
Version |
Version.exe |
JRAUN adware variant |
| Y |
Vet Alert |
VETMSG.EXE |
Computer Associates Vet Anti-Virus software |
| Y |
Vet Alert |
vetmsg9x.exe |
Computer Associates "InnoculateIT" and Vet
Anti-Virus virus software |
| Y |
Vet Start Up |
vet32.exe |
Computer Associates "InnoculateIT" and Vet
Anti-Virus virus software. This option will slow down your system, if set too
aggressively. There is no need to scan every file when opened, closed, etc.
Check in InoculateIT PE options |
| Y |
Vet Start Up |
vet98.exe |
Computer Associates "InnoculateIT" and Vet
Anti-Virus virus software. This option will slow down your system, if set too
aggressively. There is no need to scan every file when opened, closed, etc.
Check in InoculateIT PE options |
| U |
VetTray |
vettray.exe |
Computer Associates "InnoculateIT" and Vet
Anti-Virus virus software. System Tray quicklaunch access, not really
necessary but only occupies 36k resources |
| X |
VFW Encoder/Decoder Settings |
RUNDLL32.exe MSSIGN30.DLL
ondll_reg |
Added by the LOVGATE-W WORM! |
| X |
VGA Startup |
vgacard.exe |
Added by a variant of the RBOT WORM! |
| X |
VgaDriver |
RsrVga32.exe |
Added by the KEYLOG-AH TROJAN! |
| X |
VGATune |
VGATune.exe |
Added by the RBOT-AWM WORM! |
| U |
VGAUtil |
G-VGA.exe |
Gigabyte VGA Utility - access
card options (application needs to be run at startup, but is not system
critical) |
| X |
vid32cntl |
vid32cntl.Exe |
Added by the CRYPTER.A TROJAN! |
| X |
vidcntl |
vidcntl.Exe |
Added by the CRYPTER.A TROJAN! |
| X |
Vidcompat |
Vidcompat.exe |
Added by the GEMA TROJAN! |
| X |
vidctrl |
vidctrl.exe |
Delfin Promulgate adware variant |
| X |
Video |
explored.exe |
Added by the GAOBOT.RF WORM! |
| X |
Video |
winamp32.exe |
Added by the AGOBOT-NG WORM! |
| X |
Video Card Driver (do not
remove) |
tsasi.exe |
Added by the SPYBOT-EF WORM! |
| X |
Video Lan Player |
VideoLanPlayer.exe |
Added
by the RBOT-MY WORM! |
| X |
Video Manager |
videomgr.exe |
Added by the PANDEM.C WORM! |
| X |
Video Multimedia Driver |
ndrives32.exe |
Added
by the RBOT-DK WORM! |
| X |
Video Proces |
winaps.exe |
Added by the AGOBOT.HD WORM! |
| X |
Video Process |
[random filename] |
Added
by the RBOT-LM WORM! |
| X |
Video Process |
MS32x16.exe |
Added by the RBOT.RH WORM! |
| X |
Video Process |
MSlti64.exe |
Added by the AGOBOT.UE WORM! |
| X |
Video Process |
msn5.exe |
Added by the AGOBOT-TW WORM! |
| X |
Video Process |
MStli32s.exe |
Added by the RBOT-GAD WORM! |
| X |
Video Process |
netsvcs.exe |
Added by the AGOBOT.LH WORM! |
| X |
Video Process |
sysconf.exe |
Added by the GAOBOT.GEN!POLY or
GAOBOT.UM or GAOBOT.ADX WORMS! |
| X |
Video Process |
winasp.exe |
Added by the AGOBOT-IS WORM! |
| X |
Video Services |
explore.exe |
Added by the GAOBOT.GL WORM! |
| X |
Video Services |
sys32.exe |
Added by the AGOBOT.PS WORM! |
| X |
Video Services |
videol_32.exe |
Added by the AGOBOT-DM WORM! |
| X |
Videocntl |
Videocntl.exe |
Added by a variant of the GEMA.D TROJAN! |
| X |
VideoDriver |
[filename] |
Added by the GSPOT20.A TROJAN! |
| X |
VideoDriver |
gspotbot.exe |
Added by the SPIGOT.C TROJAN! |
| X |
VideoDriver |
videodrv.exe |
Added by the MIMAIL.A WORM! |
| X |
Videool32 |
VIDEOL32.EXE |
Added by the AGOBOT.EC WORM! |
| X |
videoporno.exe |
videoporno.exe |
Premium rate adult content
dialer |
| Y |
Videora |
Videora.exe |
Video Holding personal video downloading program |
| X |
vidmon |
VIDMON.EXE |
Delfin Media Viewer adware related |
| N |
VidSvr |
vidsvr.exe |
MS WebTV for Windows Channel
Guide. Used to display TV on your PC via a compatible video card with
in-built tuner (such as ATI All-In-Wonder). If you don't use it - uninstall
it |
| X |
vietato.exe |
vietato.exe |
Adult content dialler |
| X |
VIEW POINT DRIVERS |
phqghum.exe |
Added by the RBOT.BRX WORM! |
| X |
VIEW POINT DRIVERS FOR WIN32 |
phqghu.exe |
Added by a variant of the RBOT WORM! |
| N |
ViewMgr |
ViewMgr.exe |
Viewpoint Manager - automatic
updates for ViewPoint products such as ViewPoint Media Player (as bundled
with AOL, AOL Instant Messenger, Compuserve, etc). Can be run manually via
Start -> Settings -> Control Panel by enabling auto-updates temporarily,
re-booting and then disabling again. Not recommended as Viewpoint Manager is
considered as foistware instead of malware since it is installed without
users approval but doesn't spy or do anything "bad". This may
change in 2006 - read this article |
| U |
ViewpointPhotosDeviceConnect |
FotomatDeviceConnect.exe |
Related
to Viewpoint which is considered as foistware instead of malware since it is
installed without users approval but doesn't spy or do anything
"bad". This will change from what we know in 2006 according to this
article. You can remove it via Start -> Settings -> Control Panel ->
Add/Remove Programs list... |
| ? |
Vinny |
?? |
?? |
| X |
Virt.exe |
Virt.exe |
Added by the REMADM-C TROJAN! |
| U |
VirtuaGirl |
Vg.exe |
VirtuaGirl is a shareware
program featuring scantily dressed girls on your desktop. They say hi in the
morning, remind you of your appointments and dance for you on request... |
| U |
VirtuaGirl2 |
VirtuaGirl2 |
VirtuaGirl is a shareware
program featuring scantily dressed girls on your desktop. They say hi in the
morning, remind you of your appointments and dance for you on request... |
| X |
virtual |
wini.exe |
Added
by the RBOT-YX WORM! |
| X |
virtual |
winit.exe |
Added by the MUGLY.A or MUGLY.B
WORMS! |
| X |
virtual |
winprotect.exe |
Added by the MUGLY.C WORM! |
| U |
Virtual Access Scheduler |
VASCHD32.EXE |
The scheduler for mail and
usenet tool |
| X |
Virtual Bouncer |
VirtualBouncer.exe |
Virtual Bouncer - malware from
Spyware Labs. It is distributed by the same bundling and drive-by download
techniques as the parasites it claims to remove, so definitely qualifies as
unsolicited commercial software in itself. It also has an update feature that
can download and execute arbitrary code. Warning - choose "custom"
uninstall as "automatic" may remove other programs - see here |
| X |
Virtual CD v6 |
[random].exe |
Added by the RBOT-AZV WORM! |
| X |
Virtual CD v6 |
grplscd.exe |
Added by the RBOT-AXV WORM! |
| X |
Virtual CDROM |
deamon.exe |
Added by the RBOT.VP WORM! |
| X |
Virtual Protocol |
vr32.exe |
Added by a
variant of the SDBOT WORM! |
| N |
VirtualCloneDrive |
VCDDaemon.exe |
Virtual Clone
Drive, part of CloneCD CD/DVD copying sofware. Discontinued |
| N |
VirtualDrive |
VDTask.exe |
VirtualDrive
from Farstone - virtual CD drive emulator. Available via Start -> Programs |
| X |
virtual-ie |
winlogi.exe |
Malware - recognized by
Kaspersky antivirus as Trojan-Dropper.Win32.WinAD.h |
| X |
virtual-machine |
svchosts.exe |
Added
by the RBOT-US WORM! |
| X |
virtual-machine |
wini.exe |
Added
by the RBOT-WR WORM! |
| X |
virtual-machine |
winlogin.exe |
Added
by the RBOT-VU WORM! |
| U |
VirtuaReminder |
VirtuaReminder.exe |
VirtuaReminder is a tool allowing the user to create
reminders for such things as important appointments, birthdays, etc |
| U |
Virtuele Katja |
VKatja.exe |
Virtuele Katja - have an
attractive moviestar parade on your Desktop and help you search the Dutch
"Gouden Gids" business directory too... |
| X |
Virus |
Anti.exe |
Added by the SEENBOT.O WORM! |
| X |
Virus Protect |
vrsprtc.exe |
Added by the RBOT-APR WORM! |
| X |
Virus Removal Tool |
[path to trojan] |
Added by the TOMETA-B TROJAN! |
| X |
Virus Scan |
virscana.exe |
Added by an unidentified VIRUS,
WORM or TROJAN! |
| X |
Virus_Scanner |
Virus_Cleaner.exe |
Added by the PANOL WORM! |
| N |
VirusBurst |
VirusBurst.exe |
Spyware
remover - not recommended, see here |
| N |
Virus-Burst |
Virus-Burst.exe |
Spyware
remover - not recommended, see here |
| X |
VirusCheckII |
AVIRCHK.EXE |
Added by the DASMIN TROJAN! |
| U |
VirusKeeper |
VirusKeeper.exe |
VirusKeeper uses a
powerful real-time threat detection engine |
| N |
VirusRescue |
VirusRescue.exe |
Virus
program - not recommended, see here |
| Y |
VirusScan Online |
mcvsshld.exe |
McAfee VirusScan On-line. See
also the McAgentExe entry |
| ? |
VirusScanMSC |
VsStat.exe |
Part of McAfee VirusScan. System Tray application as with previous versions (were also
VsStat.exe), McAfee SecurityCenter integration or something else? Is it
required? |
| X |
VirusScanner |
mnsys.exe |
Added by the SDBOT-AFQ WORM! |
| N |
visionGS |
VISIONGS.EXE |
visionGS webcam software |
| N |
Vistascan |
vistascan.exe |
Included in VistaScan are
VistaAccess and VistaShuttle. VistaAccess gives you quick and easy access to
scanning functions right from your desktop. For Windows users, you'll see a
scanner icon in the Windows Tray of the Taskbar. Click this icon and a menu
opens |
| X |
Visual Element FX5 |
[various filenames] |
ClearStream Accelerator adware |
| X |
VisualStudio |
msorunner.exe |
Added by a variant of the TACTSLAY TROJAN! |
| U |
VisualTaskTips |
VisualTaskTips.exe |
"Visual Task Tips
is a lightweight shell enhancement utility. It provides thumbnail preview
image for each task in the Windows Taskbar" |
| U |
VisualTooltip |
VisualToolTip.exe |
Related to VisualTooltip. Shows a thumbnail of a window by
placing the mouse cursor over a button on the taskbar |
| X |
VITAL BOOT PROCESS |
taskmngr.exe |
Added by a variant of the RBOT WORM! |
| X |
VITAL BOOT PROCESS |
taskmnsgr.exe |
Added
by the Rbot-VY WORM! |
| X |
Vital Load Process |
Spoolsvr.exe |
Added by the RBOT.AIF WORM! |
| X |
VividGalut |
VividGalut.exe |
Adult content related web
downloader |
| X |
vmcleaner |
gxlib.exe |
Added by the SMALL-HS TROJAN! |
| ? |
VMConsole.exe |
VMConsole.exe |
Sony VAIO Media Console -
installed on the VAIO Media Integrated Server PCs. What
does it do and is it required? |
| Y |
VMDFW |
vmdfw.exe |
VirusMD Personal Firewall.
Vendor's Note: "VirusMD Personal Firewall is a micro-firewall and should
not be use as your primary virus scanner or as your primary firewall. It does
not pan-block incoming or outgoing data. Rather, is a diagnostic and therapeutic
utility designed to help professionals save time and effort in eradicating
Trojan horses" |
| X |
vmlib |
vmlib.exe |
Added by the LOWZONE-AQ TROJAN! |
| X |
Vmmon32 |
vmmon32.exe |
Browser hijacker |
| X |
vmnetdhcp |
vmnetdhcp.exe |
Added by the DWNLDR-GTC TROJAN! |
| X |
vmsnGraber |
VMSNGRABER.EXE |
Added by the ENVID.B WORM! |
| X |
vmss |
vmss.exe |
Delfin
Media Viewer or "Promulgate" adware variant |
| X |
vmtuner |
gclib.exe |
Hijacker - recognized by
Kaspersky antivirus as Trojan-Clicker.Win32.Small.fh |
| X |
vmtuner |
gglib.exe |
Added by the QLOWZON-D TROJAN! |
| X |
VnCplUpdate |
msdm.exe |
Masssend - spam relayer. Listens on a port for the spammers
to feed it a list of addresses and what to send out. More information in this
advisory |
| X |
vnmispoisn downloader |
vnmispoisn downloader.exe |
SearchBarCash adware variant |
| U |
VOBID |
InstantDrive.exe |
Pinnacle Systems (ex VOB)
InstantDrive - creates a virtual CD-ROM drive on the computer's hard drive.
Part of InstantCD/DVD burning software |
| Y |
VOBRegCheck |
VOBRegCheck.exe |
Part of Pinnacle Systems
InstantCD/DVD and InstantCopy CD/DVD copying software that verifies drive
settings. Once loaded it doesn't use any resources so you can leave it
enabled |
| U |
VoiceCenter |
AndreaVC.exe |
Related to Andrea's
Superbeam microphone utility |
| U |
voip phone |
voip phone.exe |
Related
to Acer Bluetooth VoIP phone - as optionally supplied with some of their
notebooks such as the TravelMate 8200 |
| N |
VoipBuster |
VoipBuster.exe |
VoipBuster -
voice over the internet service. If you are calling a land line in one of
their free destinations listed, the call will be placed at no costs at all.
For all other calls, you will be asked to buy credits first |
| U |
VolPanel |
VolPanel.exe |
Related to Creative Sound
Blaster X-Fi |
| X |
Voltage Manager |
[random filename] |
Added by the DREFFORT WORM! |
| X |
Volume Controller |
VolumeControl.exe |
Added by the SDBOT.AYI WORM! |
| U |
Vonage |
click2call.exe |
Vonage Voice over IP
Internet phone service |
| U |
VoodooBanshee |
rundll32.exe 3DBBps.dll,
BansheeLoadSettings |
Loads the configuration settings
for a 3dfx Voodoo Banshee chipset based graphics card. If you change some of
the settings from default you probably need this - otherwise maybe not |
| ? |
voowsmcr |
huhdir.exe |
?? |
| N |
Vortex Tray |
asp4setp.exe |
System Tray application for
Aureal Vortex based soundcards. Can be run manually via Start -> Settings
-> Control Panel |
| N |
VortexTray |
asp4setp.exe |
System Tray application for
Aureal Vortex based soundcards. Can be run manually via Start -> Settings
-> Control Panel |
| N |
VortexTray |
asp4tray.exe |
System Tray application for
Aureal Vortex based soundcards. Can be run manually via Start -> Settings
-> Control Panel |
| N |
VortexTray |
au30setp.exe |
System Tray application for
Aureal Vortex based soundcards. Can be run manually via Start -> Settings
-> Control Panel |
| N |
VoyetraTray |
vtray.exe |
This provides an abbreviated
Control Group for the Turtle Beach Montego II sound functions/associated with
AudioStation 3 and 32 |
| U |
VPCUserServices |
VMUSrvc.exe |
Part of "DOS Virtual
Machine Additions" for Microsoft Virtual PC, software virtualization
software that allows you to run multiple PC-based operating systems
simultaneously on one workstation. This process provides additional
functionalities such as Shared Folders |
| U |
Vpop3 Mail Server |
vpop3.exe |
Mail server from Paul Smith Computer Services. Runs in system
tray to collect mail. Can be run from a shortcut and if it isn't running then
it won't get your email! |
| U |
vptray |
vptray.exe |
System Tray icon for Norton Anti-Virus Corporate Edition.
Gives access to the options available and may not be required. Some users may
have problems - refer here |
| Y |
Vrmon |
vrmonnt.exe |
HAURI Anti-Virus |
| Y |
VrSchedule |
Vrres.exe |
HAURI Anti-Virus |
| Y |
VS.VSN |
|
Part of
eSafe antivirus "SmartScan" - alerts the user if files have been
changed/added |
| X |
vsadmin |
smrs.exe |
Added by the AGOBOT-RC WORM! |
| X |
Vsample |
winxpsock.exe |
Added by the SDBOT.BLK WORM! |
| X |
vscanner |
spooll32.exe |
Added by the OPTIXPRO.10 TROJAN! |
| X |
vschost |
vschosts.exe |
Added by the VIPSY-A TROJAN! |
| N |
VsEcomrEXE |
VSECOMR.EXE |
From McAfee VirusScan up to
version 4.x. This executable is responsible for the periodic
"update" prompts |
| Y |
Vshwin32EXE |
VSHWIN32.EXE |
From McAfee VirusScan up to
version 4.x and Dr Solomon's VirusScan. Communicates between VSSTAT.EXE and
the VShield System Scan module. Can be started automatically or available via
Start -> Programs |
| N |
VSN |
VSN.exe |
Software to share photographs
across the internet |
| Y |
vsnpstd3 |
vsnpstd3.exe |
Sonix Inc. Camera Monitor MFC Application |
| Y |
VSOCheckTask |
MCMNHDLR.EXE |
Part
of McAfee's SecurityCenter and Virusscan Online. Must be enabled for scanning
to work |
| X |
VSP32 Controls |
vsp32.exe |
Added
by the RBOT-VA WORM! |
| N |
vspdfprsrv.exe |
vspdfprsrv.exe |
Visage PDF
Printer |
| Y |
VsStatEXE |
VSSTAT.EXE |
From McAfee VirusScan up to
version 4.x and Dr Solomon's VirusScan. Communicates between VSSTAT.EXE and
the VShield System Scan module. Can be started automatically or available via
Start -> Programs |
| X |
vst |
vstkmgr.exe |
Added by the AGOBOT.SK WORM! |
| N |
vTPass |
vtpassld.exe |
Part of vTrails - a
live media delivery solution. vTPass is the driver enabling the system to
work. If unavailable via Start -> Programs, create your own shortcut for
the "vtpass.exe" file |
| U |
VTPreset |
VTPreset.exe |
Savage Pro S3 graphics software |
| U |
VTTimer |
VTTimer.exe |
Driver file for the on-board
VIA/S3G KM400/KN400 graphics which enables TV in/out communication |
| N |
vTunerStartUp |
vTuner.exe |
vTuner - "an easy way to find and listen to radio and TV
broadcasts over the Internet" |
| X |
vuaaa |
reg.exe |
Added by a variant of the RBOT WORM! |
| X |
VVSN |
VVSN.exe |
WhenU.Save adware |
| X |
VX Audio |
vxaudio.exe |
Added by the VANEBOT-AI WORM! |
| ? |
VX1000 |
vVX1000.exe |
Associated with Microsoft's VX-1000 LifeCam webcams. What
does it do and is it required? |
| ? |
VX3000 |
vVX3000.exe |
Associated with Microsoft's VX-1000 LifeCam webcams. What
does it do and is it required? |
| ? |
VX6000 |
vVX6000.exe |
Associated with Microsoft's VX-1000 LifeCam webcams. What
does it do and is it required? |
| U |
VZAccess Manager |
VZAccess Manager.exe |
Verizon Access manager for
enterprises |
| U |
VZRemoteCommander |
AvRmtCtr.exe |
Related to Sony's VAIO Zone
Remote Commander. A non-essential process to the running of the system, but
should not be terminated unless suspected to be causing problems |
| X |
W1N32.DLL |
WINLOGON .exe |
Added by the DROPPERFL.A TROJAN! |
| X |
w32 |
w32.exe |
Added by the SOKEVEN TROJAN! |
| X |
W32.Scran |
Scran.exe |
Added by the NARCS WORM! |
| X |
w32alanis |
mope.scr |
Added by the SINALA WORM! |
| X |
W32data |
eworo.exe |
Added by a variant of the RBOT WORM! |
| X |
W32Load |
[random filename].scr |
Added by the CASPID WORM! |
| X |
W32PluginsDownloaderXMLHTTPSelfClearing7520 |
wiper.exe |
Added by the PROXYSER-M TROJAN! |
| X |
w32sup |
w32sup.exe |
Adult content dialler |
| X |
W32SYS |
w32sys.exe |
Added
by the JAMBU-A WORM! |
| X |
W32Tc |
WTC32.scr |
Added by the VOTE.D or VOTE.K
WORMS! |
| X |
W3KNetwork |
rundll32.exe w3knet.dll,
dllinitrun |
Advertising
spyware. Check here for more info on this particular one |
| Y |
W75P2PSERVER |
W75P2PS.EXE |
Printer utility which is
required in order to make the printer work correctly |
| U |
W815DM |
W815DM.exe |
Enuff Parental Control
Software by Akrontech |
| U |
w98Eject |
w98Eject.exe |
Related
to USB support for Sigmatel MP3 audio palyer (and others such as SanDisk).
It's intent is to "put away" the "disk" before you unplug
it from the USB port, ostensibly to avoid "losing" data |
| U |
wait4IP |
wait4IP.exe |
Packard Bell net2Plug allows you to network PCs anywhere in
your house |
| U |
wallchgr.exe wstart |
Wallchgr.exe |
WallChanger
- wallpaper changer from Blue Tree Software |
| X |
WallPaper |
taskimgr.exe |
Added by the BANKER-GX TROJAN! |
| U |
WallPaper |
WALLPA~1.EXE |
Wallpaper Changer -
wallpaper manager that can change your background images on every startup |
| U |
WallpaperChanger |
Wallpaper.exe |
A wallpaper changer and manager
utility. There is the Freeware version and the Pro version. The freeware
version is completely free. The Pro version is 30-day trialware, and after
the 30 days some of the more advanced features will be disabled unless you
register it |
| N |
Wanadoo Messenger.exe |
Wanadoo Messenger.exe |
Wanadoo ISP instant messenger
client |
| Y |
WanMPSvc |
WanMPSvc.exe |
An AOL component, the Wan
miniport (ATW) service. If you delete this and logon, AOL reports a problem
with your internet connection, and reinstalling AOL doesn't help |
| X |
WAPI |
wts**.exe [* = random char] |
PurityScan/Clickspring adware |
| N |
War FTPD Tray Icon |
wartray.exe |
War-ftpd - FTP server |
| X |
Wardo |
syslaunch.exe |
Added by the ADCLICKER.G TROJAN! |
| X |
WareOut |
WareOut.exe |
Wareout - malware masquerading as a spyware and dialer
remover |
| N |
warez |
warez.exe |
Warez P2P client |
| N |
war-ftpd.exe |
WAR-FTPD.EXE |
War FTP Daemon
from JGAA's Internet - FTP client |
| U |
Warner |
warner.exe |
Also known as
"CyberWarner". From G-Tek Technologies and pre-installed on some
Packard Bell PCs. Protects critical files |
| U |
Warnet |
warnet.exe |
Warnet - system cleanup software |
| U |
Warning: do not remove it! |
fpplock.exe |
Part of Folder Password Expert
by ZQS Software Team - "a software program to restrict access to the
folders that contain your sensitive data" |
| Y |
Warning: do not remove it!
(system) |
cfpsys.exe |
Folder Password
Protect - a program that lets you set a password on folders of your choice |
| N |
WarReg_PopUp |
WarReg_PopUp.exe |
Acer warranty registration popup |
| N |
WARSVR |
war-ftpd.exe |
"War FTP Daemon - the original free FTP server for
windows" |
| U |
WashAndGo - Cleanup of old
Backupfiles |
checker.exe |
WashAndGo -
temp file cleaner |
| U |
Washer |
washer.exe |
Window
Washer from Webroot Software. Useful utility that deletes safe to remove
files, cookies, browsing history, etc. Available via from Start ->
Programs. Disable within the program options - otherwise it is re-enabled in
MSCONFIG |
| N |
Washerie.exe |
washerie.exe |
Cookie Washer for Internet
Explorer from Webroot Software. Light version of Windows Washer, specific for
cleaning the IE cache and cookies. Available via Start -> Programs |
| U |
washindex |
washidx.exe |
Window
Washer from Webroot Software. Useful utility that deletes safe to remove
files, cookies, browsing history, etc. Available via from Start ->
Programs. Disable within the program options - otherwise it is re-enabled in
MSCONFIG |
| X |
Wast |
wast.exe |
Grokster ads updater |
| U |
Watch |
1200UBWATCH.EXE |
Button press monitor for the
Mustek 1200 UB Scanner |
| N |
Watch |
watch.exe |
Found to be used by a Trust USB
scanner for auto starting the scanning software when the lid is lifted |
| N |
Watch Dog Program |
watchdog.exe |
For Compaq PC's. Associated with
Compaq's internet services. Not required if you don't use services provided
by them and may not be required even if you do |
| ? |
WatchDog |
DVDCheck.exe |
Related to an
Intervideo program. What does it do and is it required in startup? |
| N |
Watchdog |
Watchdog.exe |
Definitely part of the Mustek
scanner drivers and software (for 600 III EP Plus and maybe others), launches
from the Startup folder in the Start Menu, but not required as they give
instructions on removing it on their webpage |
| ? |
WatchDog |
watchdog.exe |
Part of Motorola "Mobile
Phone Tools" v3 - in a "Mobiile Phone Tools" sub-directory of
Program Files |
| N |
WaveTop Launcher |
WaveTop.exe |
WaveTop
- "Get push content from TV without an Internet connection" - now
possibly a defunct system in the US included as an optional part of WebTV in
Win98 |
| N |
WaveTop Receiver 1 |
N/A |
WaveTop
- "Get push content from TV without an Internet connection" - now
possibly a defunct system in the US included as an optional part of WebTV in
Win98 |
| N |
WaveTop Receiver 2 |
N/A |
WaveTop
- "Get push content from TV without an Internet connection" - now
possibly a defunct system in the US included as an optional part of WebTV in
Win98 |
| N |
WaveTop Upload Manager |
N/A |
WaveTop
- "Get push content from TV without an Internet connection" - now
possibly a defunct system in the US included as an optional part of WebTV in
Win98 |
| N |
Wbiff |
Wbiff.exe |
Wbiff!
E-mail checker - automatically checks your e-mail and notifies you if any new
e-mail has been received |
| U |
Wbutton |
Wbutton.exe |
Turns on and off the integrated
WiFi on Acer (and other laptops) |
| N |
WCESCOMM |
WCESCOMM.EXE |
Active sync for use with Windows
CE based palm PC |
| X |
WCESMngr |
spoolsb.exe |
Added by the AGOBOT-QZ WORM! |
| X |
WCESMngr |
WCEMNGR.EXE |
Added by the AGOBOT-QX WORM! |
| U |
wcmdmgr |
wcmdmgrl.exe |
Web Driver delivery system for
WildTangent on-line games. Periodically checks for updates - can be disabled
within the programs control panel. Note that WildTanget's privacy policy used
to state that they also collect and share individuals information but this is
no longer the case |
| N |
wcmdmgr.exe |
wcmdmgr.exe |
Web Driver delivery system for
WildTangent on-line games. Periodically checks for updates - can be disabled
within the programs control panel. Note that WildTanget's privacy policy used
to state that they also collect and share individuals information but this is
no longer the case |
| U |
wcmdmgrl |
wcmdmgrl.exe |
Web Driver delivery system for
WildTangent on-line games. Periodically checks for updates - can be disabled
within the programs control panel. Note that WildTanget's privacy policy used
to state that they also collect and share individuals information but this is
no longer the case |
| U |
WCOLOREAL |
coloreal.exe |
Makes colours sharper and
brighter, but will only work with coloreal capable monitors |
| ? |
WCPC |
wintsvcc.exe |
?? |
| X |
WCPI |
wintsvit.exe |
PurityScan/Clickspring adware |
| X |
WCPS |
Wint**.exe [* = random char] |
PurityScan/Clickspring adware |
| X |
WCPT |
wintsvtr.exe |
PurityScan/Clickspring adware |
| X |
wcsys |
wcsys.exe |
Added by the KEYLOG-AP TROJAN! |
| U |
WD Button Manager |
WDBtnMgr.exe |
Button manager installed with a
western digital external disk drive. Allows you to back up your system with
one click |
| X |
wdfmgr32.exe |
wdfmgr32.exe |
Added by the DWNLDR-FVL TROJAN! |
| X |
WDInfo |
wdinfo.exe |
Added by the DLUCA.B TROJAN! |
| X |
WDNS SYSTEM |
nibie.exe |
Added by the MYTOB-BY WORM! |
| X |
WDNS SYSTEM |
skybotx.exe |
Added by the MYTOB-BY WORM! |
| X |
WDNS SYSTEM |
wdns33.exe |
Added by the MYTOB-BY WORM! |
| X |
wdskctl |
wdskctl.exe |
IEPlugin spyware |
| X |
wdwctrl |
wdwctrl.exe |
Added by the DLUCA.E TROJAN! |
| N |
WEATHER |
WEATHER.EXE |
Weatherbug provides current
outdoor temperature in the System Tray, also weather alerts. Available via
Start -> Programs |
| N |
WeatherCast |
Weather.exe |
Weather reporting in the System
Tray. Available via Start -> Programs. Installed via Radlight |
| X |
WeatherOnTray |
SbWeatherOnTray.exe |
Related
to Hotbar's Weather Forecast tool for your desktop |
| X |
WeatherOnTray |
WeatherOnTray.exe |
Hotbar's
Weather Forecast tool for your desktop - adware |
| N |
Weatherscope |
Weatherscope.exe |
WeatherScope - "displays
your current local temperature in the system tray of your computer (near the
clock) whenever you are online!" Not recommended as it bundles GAIN
adware. You can get the adware free version for a whopping $30. Please note
that Claria Corporation no longer support GAIN-Supported software - see here |
| N |
WeatherWatcher |
ww.exe |
WeatherWatcher - weather reporting in the System Tray |
| X |
web |
******.exe [* = random char] |
Added by a variant of the EASTO.A TROJAN! |
| X |
WEB DRIVERS FOR WIN32 |
phqgh.exe |
Added by a variant of the RBOT WORM! |
| X |
Web Offer |
ezPopStub.exe |
eZula TopText adware |
| X |
Web Offer |
ezStub.exe |
eZula TopText adware |
| X |
Web Offer |
EZSTUB22.EXE |
eZula TopText adware |
| X |
Web Offer |
vl_ezstub.exe |
eZula TopText adware |
| ? |
Web Search |
?? |
?? |
| X |
Web Service |
[random filename].exe |
Added by the ADMINCASH TROJAN! |
| X |
Web Service |
MSXMIDI.EXE |
CoolWebSearch parasite variant,
identified by Kaspersky as TrojanDropper.Win32.Small.cw |
| X |
Web Service |
sm.exe |
Added
by the BUBE-F VIRUS! |
| U |
Web2Pop |
Web2Pop.exe |
Web2Pop allows you to retrieve your web-based accounts
messages to read them in your favorite e-mail client |
| Y |
web3trap |
web3trap.exe |
PC-Cillin 2000 anti-virus
software -> ActiveX filter. Guards against malicious ActiveX programs,
etc |
| X |
webalize |
webalize.exe |
Searchcentrix hijacker |
| N |
WebArmyKnife |
WAK.exe |
Web Army Knife -
a suite of web site developer's tools |
| X |
webassist |
webassist.exe |
Adware popup generator |
| X |
webcam |
webcam.exe |
Added by the MONAD-A TROJAN! Note - this malware actually
changes the default value data of the Registry Run and RunServices keys in
order to force Windows to launch it at boot. Name field may be empty |
| ? |
Webcam Go Sti Service
Application |
wbcgosvc.exe |
Control software for the portable Creative Webcam Go digital
camera/PC web cam. What does it do and is it required? |
| N |
WebcamRT.exe |
WEBCAMRT.exe |
For Logitech Web Cams. Not
required - camera works fine without it |
| X |
Webcelerator |
webcel.exe |
Webcelerator from eAcceleration speeds your Web browsing by
both remembering where you have been and anticipating where you will go. Only
needed if you find it improves web browsing. Now no longer available and
supported and when available was classed as spyware - see here |
| X |
WebCheck |
WebCheck.pif |
Added by the CONE.C or CONE.F
WORMS! |
| X |
WebCpr0 |
WebCpr0.exe |
WebRebates adware |
| X |
Webdav.exe |
webdav.exe |
IRC DDoS bot which gives the
hacker full control over your system |
| U |
WebExRemoteAccessAgent |
raagtapp.exe |
Related to Web Meetings from WebEx Communications, Inc. Share
and present online with anyone, anywhere |
| X |
WebHancer Agent |
whagent.exe |
System Tray application
that starts up Webhancer software. Software that optimizes your web browser
and is also advertising spyware that you can find out about here |
| X |
webHancer Survey Companion |
whSurvey.exe |
WebHancertrackware - traffic measurement service that uses a
client agent that is stealth installed on user machines, gathering detailed
data about sites visited, their performance and, most important, what the
user actually does while there |
| X |
WebInstall |
WebInstall.exe |
ClipGenie adware downloader |
| X |
WebInstall2 |
WebInstall.exe |
ClipGenie adware downloader |
| N |
WebKey |
WebKey.exe |
WebKey from
JB Utilities. Utility to keep track of login data required when browsing the
internet |
| N |
WebLink |
WebLink.exe |
Softex is a "cost-effective
way to provide software updates, technical support or new product information
to specific end-users - it can silently provide end-users with software
updates, technical support and new product information customized to their
specific needs through a persistent link" |
| N |
WebOutfitterTray |
sttray.exe |
Intel WebOutfitter service
System Tray icon |
| N |
Webposition Gold 2 |
wpsche~1.exe |
Scheduler for Web
Position Gold - utility to help optimize the position of web-sites in search
engines |
| X |
WebRebates0 |
WebRebates0.exe |
WebRebates adware |
| X |
WebRun |
[random filename] |
Added by the ADWARELOADER TROJAN! |
| U |
websaverlive |
websaverlive.exe |
WebSaver Live!
is a companion program to Websaver that retrieves information from the
Internet on a schedule and displays it on your screen when your computer is
idle |
| X |
WebSavingsfromEbates |
WebSavingsfromEbatesrun.exe |
Web Savings From Ebates
Software, a shopping tool that opens pop-up windows |
| X |
WebSavingsFromEbates0 |
WebSavingsFromEbates0.exe |
Web Savings From Ebates
Software, a shopping tool that opens pop-up windows |
| U |
WebScan |
DEFSCANGUI.EXE |
eAcceleration Stop-Sign security software related. Previously
not recommended, see here |
| U |
webscan |
stopsignav.exe |
eAcceleration Stop-Sign security software related. Previously
not recommended, see here |
| Y |
WebScanX |
WebScanX.exe |
From McAfee VirusScan up to
version 4.x. Provides functionality for VShield Download Scan and Internet
Filter modules. Enables internet scanning. Guards against malicious ActiveX
programs, etc |
| X |
websearch |
wjview ...websearch.exe |
"Web Savings" From
Ebates Software, a shopping tool that opens pop-up windows |
| N |
WebSecureAlert |
WebSecureAlert.exe |
WebSecureAlert - "helps to
protect your browser security by monitoring for unauthorized tampering with
Internet Explorer's security settings, and can help to protect your privacy
by deleting your web surfing history on a regular basis". Not recommended
as it bundles GAIN adware. You can get the adware free version for a whopping
$30. Please note that Claria Corporation no longer support GAIN-Supported
software - see here |
| ? |
WebServer |
VBI_SE~1.EXE |
Related to a Pinnacle sound
card. What does it do and is it needed? |
| U |
Webshots |
Launcher.exe |
Webshots - software
that displays photos as your screensaver and wallpaper, and provides tools
for sharing your personal photos on the web |
| U |
Webshots |
websho~1.exe |
Webshots - software
that displays photos as your screensaver and wallpaper, and provides tools
for sharing your personal photos on the web |
| U |
Webshots |
Webshots Tray.exe |
Webshots - software
that displays photos as your screensaver and wallpaper, and provides tools
for sharing your personal photos on the web |
| U |
Webshots |
WebshotsTray.exe |
Webshots - software
that displays photos as your screensaver and wallpaper, and provides tools
for sharing your personal photos on the web |
| X |
Website Administrator Info |
webadmin.exe |
Added by the FORBOT-FY WORM! |
| X |
WebSpecials |
rundll32 [path] webspec.dll |
WebSpecials spyware |
| X |
Websx |
Int*****.exe |
Adult content dialler - where
***** are random |
| Y |
Webtrap |
webtrap.exe |
Part of PC-Cillin anti-virus
software. Checks web-sites for malicious Java and ActiveX elements in a
similar way to McAfee WebScanX. A few users find it infuriating |
| Y |
WebTrapNT.exe |
WebTrapNT.exe |
Part of PC-Cillin Anti-Virus
software. Checks visited web-sites for malicious Java and ActiveX elements |
| U |
WebWasher |
wwasher.exe |
Free Pop-up/ad/javascript
filter program from Siemens. If not running then browsers will not be
protected but will still work. Available via Start -> Programs |
| X |
WeirdOnTheWeb |
WeirdOnTheWeb.exe |
Added by the WeirdOnTheWeb adware |
| N |
Welcome |
Welcome.exe |
Launches the Welcome to Windows
tutorial on boot up |
| ? |
WEPstat |
Wepstat.exe |
Cisco Aironet 340 Series PC Card
driver. If it can be started manually it shouldn't be required if you don't
use the PC card facility regularily - hence the status could be
"U". Can anybody confirm this? |
| X |
wersds |
doriot.exe |
Added by the JECT.C TROJAN! |
| X |
wersds.exe |
doriot.exe |
Added by the BAGLEDI-A TROJAN! |
| X |
wesumu |
wiustv.exe |
Added by the QQPASS-L TROJAN! |
| N |
WetSock |
wetsock.exe |
RoboMagic Wetsock
- weather reporting in the System Tray |
| N |
wextract_cleanup0 |
advpack.dll, DelNodeRunDLL32
[path] [filename].TMP |
Wextract Cleanup0 is valid and
legal software included or sold to help clean up temporary or cab files
created by the installer software for a wide variety of software. It should
disapear after a restart of the system. If not fix it |
| N |
WFGStartup |
WFGStartup.exe |
World Weather. "This midlet displays the current weather
conditions for major cities around the world. This version is for memory
limited mobile phones" |
| U |
wfips |
iphider.exe |
ICQ (messaging/chat program)
anti-bomb software. "WFIPS is anti-bomb software for safeguarding ICQ
Bomb before the bombing. 'ICQ Defoolder' is a tool for removing ICQ bomb
after being exposed." For more information about ICQ bombs see here |
| N |
WFXCTL32.EXE |
WFXCTL32.EXE |
From WinFax 10.0 and possibly
earlier versions. Appears if you chose to have WinFax appear in the taskbar
(System Tray) during installation and displays a yellow fax/telephone icon.
Available via Start -> Programs |
| Y |
wfxsnt40 |
wfxsnt40.exe |
WinFax 10.0 and maybe earlier
versions. The program that opens the port for WinFax and not normally in the
start menu. Needed if you want to run WinFax |
| ? |
WFXSwtch |
WFXSWTCH.exe |
Related to WinFax. What does it do and is it required? |
| U |
WG111v2 Smart Wizard Wireless
Setting |
RtlWake.exe |
Configuration utility for the Netgear WG111 54 Mbps Wireless
USB 2.0 Adapter that "provides wireless access to your desktop or
notebook PC through the computer's USB port" |
| Y |
WG511WLU |
WG511WLU.exe |
Netgear configuration programme
for the 54g wireless lan card - required to monitor and manage the lan card |
| X |
wgeax |
wgeax.exe |
Added by the IRCBOT-TM WORM! |
| X |
wgs3 |
wgs3.exe |
Added by the LEGMIR-AQH TROJAN! |
| X |
WGV |
WGV.exe |
Added by the ZIPPIE TROJAN! |
| U |
WGWLocalManager |
WGWLocalManager.exe |
Part of Flash-Networks
NettGain2000 product. NettGain 2000 is a combined hardware/software
networking solution, which is designed to improve performance of satellite
networks by increasing data transmission speeds and maximizing the existing
bandwidth for complete utilization when sending TCP/IP applications over a
satellite. It is needed when connecting to the internet via satellite to
provide speed faster than 60k or so. It could be started by creating a
shortcut, running it only when connecting to the internet. If internet is
used often, it's recommended to leave it in startup so it starts with the
system |
| Y |
WgwMngr |
WgwMngr.exe |
Part of Flash-Networks
NettGain2000 product. NettGain 2000 is a combined hardware/software
networking solution, which is designed to improve performance of satellite
networks by increasing data transmission speeds and maximizing the existing
bandwidth for complete utilization when sending TCP/IP applications over a
satellite. It is needed when connecting to the internet via satellite to
provide speed faster than 60k or so |
| X |
whagent |
whagent.exe |
System Tray application
that starts up Webhancer software. Software that optimizes your web browser
and is also advertising spyware that you can find out about here |
| U |
WhatPulse |
WHATPU~1.EXE |
WhatPulse keeps track of your keystrokes, allowing you to
find out just how much you type a day |
| U |
WheelMouse |
4DMAIN.EXE |
Mouse software for
"Fellowes" Wheelman mouse. Has caused some users problems but
shouldn't be needed if you don't use any enhanced features it may provide |
| U |
WheelMouse |
AMOUMAIN.EXE |
A4Tech
wireless mouse driver and utility - required if you use non-standard Windows
driver features |
| X |
WheelsMouse |
[path to trojan] |
Added by the SOCKSPR-D TROJAN! |
| X |
WhenUSave |
Save.exe |
WhenU.Save adware |
| X |
WhenUSearch |
Search.exe |
WhenU.Save adware |
| X |
WhenUSearchWHSE |
whse.exe |
WhenU.Save adware |
| X |
Whistler |
whismng.exe |
Added by the WHISTLER-F TROJAN! |
| X |
Whitechix |
brightx.exe |
Added by a
variant of the SDBOT WORM! |
| X |
Whvlxd |
Whvlxd.exe |
Added by the ZAPCHAS-CS TROJAN! |
| X |
whxpin service |
ssvsol.exe |
Added by a
variant of the SDBOT WORM! |
| N |
WIAWizardMenu |
RUNDLL32.EXE sti_ci.dll,
WiaCreateWizardMenu |
Still Image Class Installer -
installed with a webcam |
| X |
Widnows Xp Web scan |
xpscan.exe |
Added by a
variant of the SDBOT WORM! |
| X |
wifeman |
wifeman.exe |
Unidentified malware |
| X |
WiFix service |
[random filename] |
Added by a
variant of the SDBOT WORM! |
| X |
WildFlics |
WildFlics.exe |
Added by the Direct-B premium rate adult content dialler |
| ? |
WildTangent CDA |
RUNDLL32.exe cdaEngine0400.dll,
cdaEngineMain |
Part of the
WildTangent on-line games system. What does it do and is it required? |
| U |
WildTangent Web Driver updater |
wcmdmgrl.exe |
Web Driver delivery system for
WildTangent on-line games. Periodically checks for updates - can be disabled
within the programs control panel. Note that WildTanget's privacy policy used
to state that they also collect and share individuals information but this is
no longer the case |
| N |
Wildwire Monitor |
WWMon.exe |
This places a status icon on the
taskbar for the DSL WildWire Tiger Modem. This is also a shortcut to the
diagnostics utility for the DSL modem |
| N |
Willow Road |
WillowRoad.exe |
Willow Road Screen Saver |
| X |
WIN |
ehshell.exe |
Added by the MYTOB-CQ WORM! |
| X |
win |
regedit -s ..win.dll |
Added by the SEEKER.K TROJAN! |
| X |
WIN |
windows.exe |
Added by the REATLE.C WORM! |
| X |
win |
xwinxrpc.exe |
Added by the AGOBOT-MV WORM! |
| X |
win |
xwinxrpc32.exe |
Added by the AGOBOT-MV WORM! |
| U |
Win Chimes |
winchi~1.exe |
WinChimes - enhancement software for the system clock that
runs in the system tray |
| X |
Win Comm |
WinComm.exe |
Added by the WINCOM TROJAN! |
| X |
Win Command |
command32.exe |
Added by the AGOBOT.XQ WORM! |
| X |
Win CPU |
sysin.pif |
Added by the RBOT-AXL WORM! |
| X |
win ctl app |
wuctl.exe |
Added by a
variant of the SDBOT WORM! |
| X |
Win Drivers SSL |
hpws.exe |
Added by the IRCBOT.67098 WORM! |
| X |
Win Drivers SSL |
hpws.exe |
Added by the IRCBOT.67098 WORM! |
| X |
Win Drivers SSL |
TASKMAN4.exe |
Added by a variant of the RBOT WORM! |
| X |
Win Drivers SSL32 |
hpwsnnsbc.exe |
Added by the SPYBOT.MAR WORM! |
| X |
WIN HOST PROCESS |
WIN HOST PROCESS.EXE |
Added by the KEYLOGGER.CLONE TROJAN! |
| X |
Win INI 32 |
msrp32.exe |
Added by the RBOT-FZC WORM! |
| X |
Win l5oahder |
winampa.exe |
Added by a variant of the RBOT
WORM! Note - this is NOT associated with the popular Winamp media player. The
valid file for the Winamp Agent resides in a "Winamp" subdirectory
of the Program Files directory |
| X |
Win Login |
winlogin.exe |
Added by the RBOT-AWE WORM! Note - this trojan file is found
in the System (95/98/ME) or System32 (NT/2000/XP) folder |
| X |
Win Microsoft 98 |
win14.exe |
Added by the RBOT-AKX WORM! |
| ? |
win name |
stat.exe |
?? |
| X |
Win Patch |
ntldr.exe |
Added by the SDBOT-GS WORM! |
| X |
Win Process Updates |
winupdates.exe |
Added by a
variant of the SDBOT WORM! |
| X |
Win Prosess0r |
[random filename] |
Added by the RBOT-BIT WORM! |
| X |
WIN prosessor16 |
[random filename].exe |
Added by a
variant of the SDBOT WORM! |
| X |
Win Proxy32 Protocol |
bsvtem.exe |
Added by a
variant of the SDBOT WORM! |
| X |
Win Secure Update |
[random filename] |
Added by the RBOT-AGI WORM! |
| X |
Win Security |
msw32.pif |
Added by the RBOT-AQT WORM! |
| X |
Win Server |
winserv.exe |
Added by the IMISERV.A TROJAN! |
| X |
Win Server Updt |
pxckdla.exe |
IEPlugin adware |
| X |
Win Server Updt |
winserver.exe |
Added by a variant of the IMISERV TROJAN! |
| X |
Win Server Updt |
wupdt.exe |
Added by the IMISERV.A TROJAN! |
| X |
Win TaskLoader |
msgmr.exe |
Added by the MYTOB.L WORM! |
| X |
Win Update |
msnmger.exe |
Added by the RBOT-GDP WORM! |
| X |
Win Update |
oleupdate.exe |
Added by the AGENT-UY TROJAN! |
| X |
Win Update |
SysUpdate.exe |
Added by the AGOBOT-TN WORM! |
| X |
win update |
wapdate.exe |
Added by a variant of the RBOT WORM! |
| X |
win update |
wupda32.exe |
Added by the SDBOT.J WORM! |
| X |
Win Updater |
WINUPDATER.EXE |
Added by the RBOT.IP WORM! |
| X |
Win Updator Services |
ctfnom.exe |
Added by a variant of the WOOTBOT WORM! |
| X |
WIN USB 2.0 |
usbsystem.exe |
Added by an unidentified WORM of
TROJAN! |
| X |
WIN USB 2.0 |
winusb.exe |
Added by a variant of the RBOT WORM! |
| X |
Win USB 2.0 USB Driver |
HPPrint.exe |
Added by the SPYBOT.DNB WORM! |
| X |
WIN USB SUPPORT |
grxsrv.exe |
Added by a variant of the RBOT WORM! |
| X |
Win Validation Application |
DBExecCom.exe |
Added by the VBSILLY-A WORM! |
| X |
Win WinAmp |
winamp.exe |
Added by the RBOT.AGF WORM! Note
- this is NOT the popular Winamp media player which resides in a
"Winamp" subdirectory of the Program Files directory. This file is
located in the System (9x/Me) or System32 (NT/2K/XP) folder |
| X |
win************* [* = random
digit] |
win*************.exe [* = random
digit] |
WINBO adware |
| X |
win.exe |
win.exe |
Added by the PODROP-C TROJAN! |
| X |
Win_api_driver |
system.exe |
Added by the REVIRD TROJAN! |
| X |
Win_BooT |
[path to file] |
Added by the BANKER-GI TROJAN! |
| X |
WIN_DRIVR32 |
shchostv.exe |
Added
by a TROJAN - see here |
| X |
Win_Library |
INISvc.exe |
Added by the ANARCH WORM! |
| X |
win_spool2 |
win_spool2.exe |
Added by the SCKEYLOG.B TROJAN! |
| X |
win_supp00.exe |
Win Const.exe |
Added by the ASSASIN-H TROJAN! |
| X |
win_upd.exe |
WINdirect.exe |
Added by the MITGLIEDER.M TROJAN! |
| X |
win_upd2.exe |
WINdirect.exe |
Added by the BEAGLE.AO WORM! |
| X |
Win_vader |
Win_vader.vbs |
Added by the INVASION.A VIRUS! |
| U |
win16.dll |
win16dll.exe |
Screenspy captures screenshots silently. If you didn't
install this yourself, remove it |
| X |
Win2Drv |
[worm filename] |
Added by the WINTOO WORM! |
| X |
Win32 |
arsetup.exe |
Added by the SPAZBOX.A TROJAN! |
| X |
Win32 |
Game.exe.vbs |
Added by the SCAFENE WORM! |
| X |
Win32 |
msnsrv.exe |
Added by a
variant of the SDBOT WORM! |
| X |
win32 |
Setup_32.exe |
Added by the EVILBOT.B TROJAN! |
| X |
win32 |
Shakira_1997_Part_1_.Mpeg_.scr |
Added by the MYLIFE.N WORM! |
| X |
Win32 |
sysmon.exe |
Added by the MYTOB-HQ TROJAN! |
| X |
Win32 |
system32.vbs |
Added by the SWERUN VIRUS! |
| X |
WIN32 |
WIN32.EXE |
Added by the RATEGA TROJAN! |
| X |
Win32 |
Win32.exe |
Added by the ISRAZ.A WORM! |
| X |
win32 |
winhost.exe |
Added by the BROPIA.J WORM! |
| X |
Win32 |
winnnit.exe |
Added by a
variant of the SDBOT WORM! |
| X |
win32 |
WinSetup.exe |
Added by the EVILBOT.B TROJAN! |
| X |
win32 |
winsrv32.exe |
Added by the ADUENT TROJAN! Acts as a hi-jacker redirecting
to Surferbar.com and adult content sites |
| X |
Win32 |
zaq.exe |
Added by the RBOT-GCE WORM! |
| X |
Win32 Bios |
Winbios.exe |
Added
by the SEMAPI-A WORM! |
| X |
Win32 Configuration |
dllhelp.exe |
Added by the SDBOT.UL WORM! |
| X |
Win32 Configuration |
mplayer.exe |
Added by the FORBOT-BZ WORM! |
| X |
Win32 Configuration |
videosd32.exe |
Added by the SDBOT.TT WORM! |
| X |
WIN32 DDOSSER |
dos.exe |
Added by the KELVIR.F WORM! |
| X |
Win32 Debug Manager |
microsoftupd.exe |
Added by a variant of the WOOTBOT WORM! |
| X |
Win32 Debug Manager |
Win32Debug.exe |
Added by a variant of the WOOTBOT WORM! |
| X |
Win32 Device Loader |
Win32ldr.exe |
Added by a variant of the AGOBOT/GAOBOT WORM! |
| X |
Win32 Driver |
svchosts.exe |
Added by the FORBOT-FD WORM! |
| X |
Win32 Drivers |
winlogons.exe |
Added by the FORBOT-FG WORM! |
| X |
Win32 DRK Driver |
wdrk32.exe |
Added by the WOOTBOT.CY WORM! |
| X |
Win32 exe file |
winstr32.exe |
Added by a variant of the SPYBOT WORM! |
| X |
Win32 Explorer |
Explorer32.exe |
StartPa-MN homepage hijacker |
| X |
Win32 Firewall Driver |
winfw.exe |
Added by a variant of the RBOT WORM! |
| X |
Win32 FireWire Driver |
CTHELPER32.EXE |
Added by the WOOTBOT TROJAN! |
| X |
Win32 FRT Driver |
msfr32.exe |
Added by a variant of the FORBOT WORM! |
| X |
Win32 Help32 Service |
win32help.exe |
Added by the DELBOT-U WORM! |
| X |
Win32 Information Service |
crsrs.exe |
Added by the RINBOT.Y WORM! |
| X |
Win32 Information Service |
crsss.exe |
Added by the DELBOT-O WORM! |
| X |
win32 internet server |
winserver.exe |
Added by the DERMON-D TROJAN! |
| X |
Win32 Kernel core component |
Kernel32.pif |
Added by the MOKS VIRUS! |
| X |
Win32 LSA Driver |
lsa.exe |
Added by the FORBOT-FJ WORM! |
| X |
Win32 Ms Auto Updater |
AutomsUPD.exe |
Added by a variant of the RBOT WORM! |
| X |
Win32 NDIS Driver |
xpndis.exe |
Added by a variant of the RBOT WORM! |
| X |
Win32 Network Driver |
crss.exe |
Added by a variant of the AGOBOT/GAOBOT WORM! |
| X |
Win32 NT Adv Services |
taskmngr.exe |
Added by the RBOT-ADE WORM! |
| X |
Win32 nvc |
nvcva.exe |
Added
by the RBOT-ABF WORM! |
| X |
Win32 NVIDIA Driver |
MSPMSPSU.EXE |
Added by a variant of the WOOTBOT.Y WORM! |
| X |
win32 regedit |
msn32.exe |
Added by an unidentified WORM or
TROJAN! |
| X |
Win32 Rundll Loader |
Rundll32.exe |
Added by the SDBOT.A TROJAN!
Note - this is not to be confused with the legitimate rundll32.exe file! |
| X |
Win32 Secure |
msconfigsvc.exe |
Added by a
variant of the SDBOT WORM! |
| X |
Win32 Security Protocol |
secure32.exe |
Added by the RBOT-ETI WORM! |
| X |
Win32 Security Service |
crsrs.exe |
Added by the DELBOT-S WORM! |
| X |
Win32 Service |
bazzi.exe |
Added by the AHKER.E WORM! |
| X |
Win32 Services |
odbc32.exe |
Added by the SPYBOT-EK WORM! |
| X |
Win32 Services Config |
winwkys.exe |
Added by the RBOT.BKY WORM! |
| X |
Win32 Services1 |
wuamngr1.exe |
Added by the SDBOT-PV WORM! |
| X |
Win32 Src Service |
win32src.exe |
Added
by the RBOT-SX WORM! |
| X |
Win32 SSL Driver |
winssv.exe |
Added by the FORBOT-BH WORM! |
| X |
Win32 Svchosts Driver |
svchosts.exe |
Added by the FORBOT-FO WORM! |
| X |
win32 system server |
winserver.exe |
Added by the DERMON-A TROJAN! |
| X |
Win32 System Spool |
spoolsvc.exe |
Added by the SDBOT.UK WORM! |
| X |
Win32 Test |
bleatest.exe |
Added by a variant of the RBOT WORM! |
| X |
Win32 Update |
dl32.exe |
Added by an unidentified WORM or
TROJAN! |
| X |
Win32 Update |
svchosts.exe |
Added by a
variant of the SDBOT WORM! |
| X |
win32 update service |
svchostt.exe |
Added by a
variant of the SDBOT WORM! |
| X |
Win32 Usb Driver |
AvpG.exe |
Added by the FORBOT-BX WORM! |
| X |
Win32 USB Driver |
mvsecn.exe |
Added by the FORBOT-BK WORM! |
| X |
Win32 Usb Driver |
svhosint32.exe |
Added by the FORBOT-BE or
FORBOT-J WORMS! |
| X |
Win32 Usb Driver |
usb32.exe |
Added by the SDBOT-OV WORM! |
| X |
Win32 USB Driver |
winxpinit.exe |
Added by the SDBOT.AA TROJAN! |
| X |
Win32 USB2 |
wins32.exe |
Added by a variant of the RBOT WORM! |
| X |
Win32 USB2 Driver |
msn.exe |
Added by the FORBOT-EX WORM! |
| X |
Win32 USB2 Driver |
smsc.exe |
Added by the SDBOT.FO WORM! |
| X |
Win32 USB2 Driver |
svchosting.exe |
Added by the FORBOT.J or SDBOT.HU WORM! |
| X |
Win32 USB2 Driver |
sys32.exe |
Added by the WOOTBOT.X WORM! |
| X |
Win32 USB2 Driver |
sys32snd.exe |
Added by the FORBOT-AN WORM! |
| X |
Win32 USB2 Driver |
syscfg32.exe |
Added by the FORBOT-R WORM! |
| X |
Win32 USB2 Driver |
updatemgr.exe |
Added by a variant of the FORBOT WORM! |
| X |
Win32 USB2 Driver |
win32usb.exe |
Added by the SPYBOT.DHV WORM! |
| X |
Win32 USB2 Driver |
wind32.exe |
Added by the FORBOT-AH WORM! |
| X |
Win32 USB2 Driver |
winsnd32.exe |
Added by a variant of the SDBOT WORM! |
| X |
Win32 USB2 Driver |
winupdate.exe |
Added by the AGOBOT.YE WORM! |
| X |
Win32 USB2.0 Driver |
386.exe |
Added
by the IRCBOT.D WORM! |
| X |
Win32 USB2.0 Driver |
rundll16.exe |
Added by the WOOTBOT.H WORM! |
| X |
Win32 USB2.0 Driver |
service.exe |
Added by the SDBOT-QF WORM! |
| X |
Win32 USB2.0 Driver |
w32usb2.exe |
Added by the SPYBOT.DN WORM! |
| X |
Win32 USB3 Driver |
win32tool.exe |
Added by a variant of the RBOT WORM! |
| X |
Win32 Wmls Driver |
winitr32.exe |
Added by the WOOTBOT.B WORM! |
| X |
Win32 Word Services |
msword32.exe |
Added by a variant of the RBOT WORM! |
| X |
win32.exe |
win32.exe |
Added by the STARTPAGE TROJAN! |
| X |
Win32.exe |
Win32.exe |
Added by the AWQ.A TROJAN! |
| X |
Win32.Exploit.mzH |
mzrun.exe |
Added by the PAINTER TROJAN! |
| X |
Win32.Trojan.Downloader |
netstat2.exe |
Added by the PAINTER TROJAN! |
| X |
win32_i lptt01 |
win32_i.exe |
RapidBlaster variant (in a
"win32_i" folder in Program Files). Recommended you use
RapidBlaster Killer to uninstall - see here |
| X |
win32_i ml097e |
win32_i.exe |
RapidBlaster variant (in a
"win32_i" folder in Program Files). Recommended you use
RapidBlaster Killer to uninstall - see here |
| X |
Win32BaseServiceMOD |
Wintask.exe |
Added by the NAVIDAD WORM! |
| X |
win32beta |
win32sys4.exe |
Added by the BANKER-DA TROJAN! |
| X |
win32clf |
win32clf.exe |
Added by an unidentified VIRUS,
WORM or TROJAN! |
| X |
win32debug |
win32debug.exe |
Added by the GUDEB WORM! |
| X |
Win32dll |
Win32dll.exe |
Added by the BANPAES TROJAN! |
| X |
Win32DLL |
Win32DLL.vbs |
Added by the LOVELETTER (I LOVE YOU) VIRUS! |
| X |
WIN32DS |
clienttimer.exe |
Added by Eziin adware |
| X |
Win32G |
Kernel32.com |
Added by the ESTRELLA TROJAN! |
| X |
Win32G |
Scandisk.com |
Added by the ESTRELLA TROJAN! |
| X |
win32gb |
win32gb.exe |
All-In-One-Telcom (adult content
dialler) variant |
| X |
Win32Host Process |
webemir.exe |
Added by the TURGEN -A TROJAN! |
| X |
win32info |
win32info.exe |
Adult content dialler |
| X |
win32ini |
systroy.exe |
Added by the IRC.ALADINZ.C TROJAN! |
| X |
WIN32io |
clienttimer.exe |
Added by Eziin adware |
| X |
Win32R |
Server.com |
Added by the ESTRELLA TROJAN! |
| X |
WIn32S Java DLL |
kavsvx.exe |
Added by the AGOBOT-RZ WORM! |
| X |
win32servv |
load.exe |
iSearch
adware |
| X |
win32servv |
ms1.exe |
iSearch
adware |
| Y |
WIN32SL |
Win32sl.exe |
Part of Dell OpenManage Client Instrumentation - software
that allows remote management application programs to access information
about, monitor the status of or change the state of the client computer, such
as shutting it down remotely. Uses the DMI and/or common information model
(CIM) protocols, which are systems management protocols defined by industry
standards. The specific function of this is to load MIF's in order for Dell
OpenManage Client to work |
| X |
WIN32SNDS |
banc.exe |
Added by an unidentified WORM or
TROJAN! |
| X |
Win32system |
[random filename] |
Added by the DDV.B WORM! |
| X |
Win32System |
win32s.exe |
Added by the MYDOOM.V WORM! |
| X |
Win32SystemMonitor |
***.exe [* = random char] |
Browser hijacker |
| X |
Win32SysV |
xin.exe |
Added by the FORBOT-EO WORM! |
| X |
win32us |
win32us.exe |
All-In-One-Telcom (adult content
dialler) variant |
| X |
win32usbd |
ssrs.exe |
Added
by the RBOT-RA WORM! |
| X |
WIN32WN |
system_wc.exe |
Added by Eziin adware |
| X |
Win386 |
sp32.dll |
Homepage hijacker. Not a dll but
a regfile in disguise |
| X |
Win386 |
Win386.exe |
Added by the GOSUSUB VIRUS! |
| X |
WIN3S2SNDS |
winabsmod.exe |
Added by the
AGENT.DN TROJAN - known to BOClean as "CWS/INDEX", "shuts down
anything that wants to open and is used as a spam proxy as well" |
| X |
WIN3S2SNDS |
winiprtx.exe |
Added by the
AGENT.DN TROJAN - known to BOClean as "CWS/INDEX", "shuts down
anything that wants to open and is used as a spam proxy as well" |
| X |
Win64 Compatibility Check |
load win64.drv |
CoolWebSearch
parasite variant |
| X |
WIN95DEFVIEW |
[path to file] |
Added by the DEDLER-D TROJAN! |
| X |
WIN95DEFVIEW |
csmss.exe |
Added by the DEDLER-D TROJAN! |
| X |
win98 DNS |
wingrd.exe |
Added by a variant of the RBOT WORM! |
| X |
winabc |
rundll32.exe
[Temp][ORIGFILENAME].DLL, InstallLaunchEv |
Added by the LINEAGE-PN TROJAN! |
| X |
WinAC v4 |
klsuicbn.exe |
Added by the FORBOT-CS WORM! |
| U |
Winacsr |
Winacsr.exe |
AceScreenSpy keystroke logger/monitoring program - remove unless
you installed it yourself! |
| X |
winactive |
WINACTIVE.EXE |
WinActive of the LOP.com hijacker |
| X |
WinActiveJ |
WinActiveJ.exe |
Added by the ROTARRAN VIRUS! |
| X |
Winad Client |
Winad.exe |
WinAd adware by eXact
Advertising |
| X |
WinAdCnt.exe |
WinAdCnt.exe |
Added by the BANKER-BU TROJAN! |
| X |
winadm |
winadm.exe |
Browser hijacker - redirecting to Search-World.net. Related
to the SMALL.AEX TROJAN! |
| ? |
WinAgent |
WinAgent.exe |
Standard Life Insurance program.
Is it required at startup? |
| X |
Winahlp.exe |
Winahlp.exe |
Added by a variant of the VAGRNOCKER TROJAN! |
| X |
winallap |
winallap.exe |
Added by the DELF.E TROJAN! |
| X |
winallapu |
winallapu.exe |
Added by the DELF.E TROJAN! |
| X |
Winamp |
winamp.exe |
Added by the AGOBOT.XI WORM!
Note - this is NOT the popular Winamp media player |
| N |
Winamp |
winamp.exe |
Winamp media player. Resides in a "Winamp"
subdirectory of the Program Files directory |
| X |
Winamp |
winamp.hta |
Hijacker - re-directing to adult
content sites. Note - this isn't the real Winamp |
| X |
WinAMP |
winamp62.exe |
Added
by the SDBOT-WN WORM! |
| X |
Winamp Agent |
winamp.exe |
Added by a variant of the RBOT
WORM! Note - this is NOT the popular Winamp media player. The valid filename
for the Winamp Agent is "winampa.exe" - see here |
| X |
Winamp Media |
qmedia.exe |
Added by the DIAZMON-A TROJAN! |
| X |
Winamp media player |
winapa.exe |
Added by an unidentified VIRUS,
WORM or TROJAN! |
| X |
WinAmp Player |
winampp.exe |
Added by the RBOT-AQI WORM! Note
- this is NOT the popular Winamp media player which has a different filename |
| U |
Winamp to Google Talk |
winamptogoogletalk.exe |
Winamp to Google Talk, available
here shows your current Winamp track in your Google Talk status |
| X |
Winamp Update |
yhn.exe |
Added by the SDBOT-ACR WORM! |
| U |
Winampa |
WINAMPa.exe |
Loads the System Tray icon for
the popular Winamp media player - see here. Can be used to mantain file
associations so programs like QuickTime and RealPlayer don't take over as
default player for various media types. Available via Start -> Programs. Resides
in a "Winamp" subdirectory of the Program Files directory |
| X |
Winampa |
winampa.exe |
Added by the AGOBOT-GS TROJAN! !
Note - this is NOT associated with the popular Winamp media player. The valid
file for the Winamp Agent resides in a "Winamp" subdirectory of the
Program Files directory whereas this file is located in the System (9x/Me) or
System32 (NT/2K/XP) folder |
| X |
Winampa Agent |
WINAMPA.EXE |
Added by a variant of the RBOT
WORM! Note - this is NOT the popular Winamp media player. The valid filename
for the Winamp Agent is "winampa.exe" - see here |
| X |
WinAmpAgent |
Msexploren.exe |
Added by the EB TROJAN! Note -
this is NOT the popular Winamp media player which has a different filename |
| X |
WinAmpAgent |
msnexploren.exe |
Added by the TACTSLAY.B TROJAN! |
| X |
WinAmpAgent |
sdhch.exe |
Added by the TACTSLAY.B TROJAN! |
| X |
WinAmpAgent |
Shch.exe |
Added by the EB TROJAN! Note -
this is NOT the popular Winamp media player which has a different filename |
| X |
WinAmpAgent |
svchst.exe |
Added by the EB TROJAN! Note -
this is NOT the popular Winamp media player which has a different filename |
| X |
WinAmpAgent |
Winagent.exe |
Added by the EB TROJAN! Note -
this is NOT the popular Winamp media player which has a different filename |
| U |
WinampAgent |
WINAMPa.exe |
Loads the System Tray icon for
the popular Winamp media player - see here. Can be used to mantain file
associations so programs like QuickTime and RealPlayer don't take over as
default player for various media types. Available via Start -> Programs. Resides
in a "Winamp" subdirectory of the Program Files directory |
| N |
WinAntiSpyware 2005 |
was5.exe |
Spyware
remover - not recommended, see here |
| N |
WinAntiVirus Pro 2007 |
WinAV.exe |
WinAntiVirus
Pro 2007 virus software - not recommended, see here |
| X |
WinApi |
winapix.exe |
Added by a variant of the
TIBSER.A downloader TROJAN! |
| X |
WINAPLOGUPD |
WINAPLOGUPD.EXE |
Added by the CAPSIDE-C WORM! |
| X |
Winapp |
winpup32.exe |
Produces popup ads to adult
content sites |
| X |
WinApp32 |
msapp.exe |
Added by the RSBOT TROJAN! |
| U |
WinAppLog |
svchost.exe |
StingKeyLogger keystroke
logger/monitoring program - remove unless you installed it yourself! Note -
this is not the svchost.exe process that normally doesn't appear in
Msconfig/Startup! |
| X |
WinAuth |
winlogon.exe |
Hijacker, also indentified as
the STRTPAGE.BE TROJAN! Note - this is not the legitimate winlogon.exe
process, which should not appear in Msconfig/Startup and is always located in
the System32 folder. This file is placed in the Windows or Winnt folder |
| X |
WinAwk |
WinAwk.exe |
Added by the SDBOT-AYF WORM! |
| U |
WinBackup Scheduler |
Wbsched.exe |
LIUtilities
WinBackup scheduler - backup software |
| U |
WinBar |
WinBar.exe |
"WinBar is a free and compact program that lets you
monitor your system and provides easy access to frequently used
controls" |
| X |
winbar.pif |
packe.pif |
Added by the RBOT-AVI WORM! |
| X |
winbas12 |
winbas12.exe |
Adware, CoolWebSearch
parasite related - recognized by Kaspersky antivirus as
TrojanDownloader.Win32.VB.du - Note - this malware actually changes the
default value data of the Registry "Run" key in order to force
Windows to launch it at boot. Name field may be empty |
| X |
Winbed |
winbed.exe |
Hijacker |
| X |
Winbin |
swchost.exe |
Added by the RBOT.CLS WORM! |
| X |
winbin32 |
win32exe.exe |
Added
by the RBOT-ZL WORM! |
| X |
winbot |
winbot.exe |
Added by the MIDRUG-A TROJAN! |
| X |
WIN-BUGSFIX |
WIN-BUGSFIX.EXE |
Added by the LOVELETTER (I LOVE YOU) VIRUS! |
| X |
WinCheck |
check.exe |
Added by the DELBOT-Y WORM! |
| X |
WinCheck |
services.exe |
Added by the SOBER-S WORM! Note
- this is not the legitimate services.exe process which is always located in
the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is located in a "ConnectionStatusMicrosoft"
subfolder of the Windows or Winnt folder |
| X |
WinCheck |
services.exe |
Added by the SOBER.S WORM! Note
- this is not the legitimate services.exe process which is always located in
the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is located in a "ConnectionStatusMicrosoft"
subfolder of the Windows or Winnt folder |
| X |
WinCheck |
WinCheck.exe |
Added by
the PWS-CY TROJAN! |
| X |
winchost |
winchost.exe |
Added by the DLOADER-PO TROJAN! |
| N |
WINCINEMAMGR |
WINCIN~1.EXE |
WinCinema_Manager is needed when using the WinDVD Remote
Control for WinDVD from Intervideo. Available via Start -> Programs |
| N |
WinCinemaMgr |
WinCinemaMgr.exe |
WinCinema_Manager is needed when using the WinDVD Remote
Control for WinDVD from Intervideo. Available via Start -> Programs |
| X |
winclean |
winclean.exe |
Added by the AGENT.GXR TROJAN! |
| X |
wincmap |
wincmapp.exe |
CasClient adware variant - also detected as the CMAPP TROJAN! |
| X |
wincms |
wincms.exe |
Added by the RBOT.CBR WORM! Note - this malware actually
changes the default value data of the Registry "Run" key in order
to force Windows to launch it at boot. Name field may be empty |
| X |
WinCRT32 |
wincrt32.exe |
Added by the DOGBOT-D WORM! |
| X |
WinCSRSS |
MSGRT32.EXE |
Added by the REWINDO-A TROJAN! |
| X |
WINCX |
wincore332.exe |
Added by the AGOBOT-MG WORM! |
| X |
Wind Logd File |
servicelogd.exe |
Added by a variant of the RBOT WORM! |
| X |
Wind Security |
mswi32.pif |
Added by the RBOT-ARH WORM! |
| X |
wind.exe |
wind.exe |
Added by the MITGLIEDER.BD TROJAN! |
| X |
WIND0WS |
mella.bat |
Added by the ALLEM WORM! |
| X |
WIND0WS |
WIND0WS.exe |
Added by the SPYBOT.DQ WORM! |
| X |
Wind0ws |
wordpad.exe |
Added by the AGOBOT-TL WORM! Note - this is not the
legitimate Windows application wordpad.exe (which is found in the Program
FilesAccessories folder) which should not normally be seen in Msconfig or as
a Startup item. This file is loacted in the System (9x/Me) or System32
(NT/2K/XP) folder |
| X |
Wind0ws Sharing |
ssprotecter.exe |
Added by the RBOT-AHW WORM! |
| X |
WinData |
services.exe |
Added by the SOBER.AA WORM! Note
- this is not the legitimate services.exe process which is always located in
the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is located in a "PoolData"
subfolder of the Windows or Winnt folder |
| N |
WinDates |
windates.exe |
WinDates is a calendar, date
organizer and event reminder program from Rockin' Software |
| X |
windbs |
winxtc.exe |
Added by the AGOBOT-WD WORM! |
| X |
Winde |
winde.exe |
Added by the DLUCA TROJAN! |
| X |
windef |
Win32sp.vbs |
Added by the ANPES WORM! |
| X |
windef |
windef.exe |
Added by the WURMARK-O WORM! |
| X |
Windeows NetStart Service2 |
tesakrmger.exe |
Added by the RBOT-AMY WORM! |
| X |
windhost.exe |
osrwin32.exe |
Added by the BANKER-CB TROJAN! |
| X |
windhost.exe |
windhost.exe |
Added by the BANKER-BV TROJAN! |
| X |
windhost.exe |
winos.exe |
Added by the PWSAGENT-A WORM! |
| X |
windir |
winrun.exe |
Added by the WINBUR.B WORM! |
| X |
Windll |
Windll.exe |
Added by the TRYNOMA TROJAN! |
| X |
windll |
windll32.exe |
Added by the ASTEF or RESPAN
WORMS! |
| U |
WINDLL |
WSYS.EXE |
STARR key logger. "It logs
almost everything that goes through the box. It logs all key strokes, all
passwords transacted even if they weren't keyed in, all web sites visited,
every program launched including the path to that program, and more" |
| X |
WinDLL (csmss.exe) |
rundll32.exe [path] CSMSS.EXE |
Added by the AKBOT.U WORM! |
| X |
WinDLL (wchshield.exe) |
wchshield.exe |
Added by the IRCBOT GEN WORM! |
| X |
Windll.exe |
Windll.exe |
Added by the STEALER TROJAN! |
| X |
WinDll32 |
_WIN32.EXE |
Added by the LEGMIR.AQ TROJAN! |
| X |
Windll32 |
Windll32.exe |
Added by the MSNPWS TROJAN! |
| X |
windllsys32.exe |
windllsys32.exe |
Added by a variant of the MITGLIE-A TROJAN! |
| X |
WinDNS |
windns32.exe |
Added by the GAOBOT.WX WORM! |
| X |
Windoes Kernel |
kernel32.exe |
Added by the KICKIN.A (or
CYDOG.C) WORM! |
| X |
Window |
explore.exe |
Added by the GAOBOT.ADW WORM! |
| X |
Window Loader |
Dos32.exe |
Added by the GAOBOT.AO WORM! |
| X |
Window Monitor |
winmon32.exe |
Added by the SDBOT.RT WORM! |
| X |
Window service |
[random filename] |
Added
by the RBOT-ACH WORM! |
| U |
Window Washer |
wwDisp.exe |
Window
Washer from Webroot Software. Useful utility that deletes safe to remove
files, cookies, browsing history, etc. Available via from Start ->
Programs. Disable within the program options - otherwise it is re-enabled in
MSCONFIG |
| X |
window.exe |
window.exe |
Added by the MITGLIEDER.H or
MITGLIEDER.J TROJANS! |
| X |
window2 |
ssvchost.exe |
Added by the IRCBOT.H TROJAN! |
| U |
WindowBlinds |
wbload.exe |
WindowBlinds from
Stardock. Skin application to change the appearence on Windows desktops.
Available as an individual download or as part of Object Desktop. Required to
restore settings if you use it. Available via right-click on the Desktop
-> Properties -> Skins |
| X |
WindowEnhancer |
Winex.exe |
SCBar foistware variant |
| X |
Windowfdgfds DasdLL Verifiew |
[path to worm] |
Added by the RBOT-GGX WORM! |
| X |
Windowfdgfds DLL fgfdg Verifier |
winsecure.exe |
Added by the RBOT.CSP WORM! |
| X |
Windowfdgfds DLL fgfdg Verifier |
winsecure.exe |
Added by the RBOT.CSP WORM! |
| U |
WindowFX |
wfxload.exe |
Stardock
WindowFX - "Allows you to add an unprecedented number of special effects
to windows" |
| X |
windown |
wiusyt.exe |
Added by the QQPASS-M TROJAN! |
| X |
WindowRegKey update |
wins.exe |
Added by the SPYBOT.I WORM! |
| X |
windows |
[path to trojan] |
Added by the AIMWIN TROJAN! |
| X |
Windows |
explorer.exe |
Added by the POEBOT-J WORM! Note - the legitimate Windows
Explorer (explorer.exe) is located in the Windows or Winnt folder and would
not normally appear in Msconfig/Startup unless you added it manually! This
one is located in the System (9x/Me) or System32 (NT/2K/XP) folder |
| X |
Windows |
gearsec.exe |
Added by the STUBBOT-B TROJAN! |
| X |
windows |
hkey.exe |
Added by the GAOBOT.AFW WORM! |
| X |
windows |
iexplore.exe |
Added by the RBOT-UM WORM! Note
- this is not the legitimate Internet Explorer (iexplore.exe) process, which
is always located in the Program FilesInternet Explorer folder and should not
normally figure in Msconfig/Startup unless you add it manually! This file is
located in the System (9x/Me) or System32 (NT/2K/XP) folder |
| X |
WINDOWS |
jif.exe |
Added by the MYTOB.MK WORM! |
| X |
Windows |
Kernel32.exe |
Added by the TENDOOLF.A WORM! |
| X |
Windows |
msdos98.exe |
Added by the PWSTEAL TROJAN! |
| X |
Windows |
run.exe |
Added by the SPYBOT.OFN WORM! |
| X |
Windows |
services.exe |
Added by the SOBER.X WORM! Note
- this is not the legitimate services.exe process which is always located in
the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is located in a "WinSecurity"
subfolder of the Windows or Winnt folder |
| X |
Windows |
services.exe |
Added by the SOBER-Z WORM! Note
- this is not the legitimate services.exe process which is always located in
the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! ! This file is located in a "WinSecurity"
subfolder of the Windows or Winnt folder |
| X |
Windows |
services.exe |
Added by the DLOADR-GW TROJAN!
Note - this is not the legitimate services.exe process which is always
located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not
normally figure in Msconfig/Startup! This file is located in a "Windows"
subfolder |
| X |
Windows |
smss.exe |
Added by the BANCBAN-QF TROJAN!
Note - this is not the legitimate smss.exe process which is always located in
the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is located in the Winnt or Windows
folder |
| X |
windows |
svchost.exe |
Added by the SLOMIRC-A WORM!
Note - this is not the legitimate svchost.exe process which is always located
in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is located in the Winnt or Windows
folder |
| X |
windows |
system copy.exe |
Added by the SALGA.A WORM! |
| X |
Windows |
system.exe |
Added by the SPYBOT.OBB WORM! |
| X |
Windows |
taskmngr.exe |
Added by a
variant of the SDBOT WORM! |
| X |
Windows |
Windows.exe |
Added by the KAZMOR.A, BOBBINS
& ALADINZ.D TROJANS! |
| X |
WINDOWS |
windows.exe |
Added by the MONBOT-A TROJAN! |
| X |
WINDOWS |
ymssgr.exe |
Added by the PS TROJAN! Note - deactivates the
MicrosoftInternet Connection Firewall (ICF) |
| X |
Windows (ICS) Spooler |
crtss.exe |
Added by a variant of the RBOT WORM! |
| X |
Windows (random character) |
diskcheck.exe |
Added by the SINGU.B TROJAN! |
| X |
Windows .Net Manager |
localsvc.exe |
Added by the DLOADER-NY TROJAN! |
| X |
Windows .Net Manager |
netsvc.exe |
Added by the DLOADER-NY TROJAN! |
| X |
Windows .Net Manager |
spoolsvc.exe |
Added by the DLOADER-NY TROJAN! |
| X |
Windows .Net Manager |
svcadmin.exe |
Added by the DLOADER-NY TROJAN! |
| X |
Windows .Net Manager |
svcman.exe |
Added by the DLOADER-NY TROJAN! |
| X |
Windows .Net Manager |
svcrun.exe |
Added by the DLOADER-NY TROJAN! |
| X |
Windows .Net Manager |
tcpsvc.exe |
Added by the DLOADER-NY TROJAN! |
| X |
Windows .Net Manager |
websvc.exe |
Added by the DLOADER-NY TROJAN! |
| X |
Windows 128 Module |
win128.exe |
Added by the FORBOT-ES WORM! |
| X |
Windows 2004 |
csrss.exe |
Added by the BANKER-DY TROJAN!
Note - this is not the legitimate csrss.exe process which is always located
in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is located in a "Arquivos de
programasWindows 2004Tools" folder |
| X |
Windows 32 Editor |
Win32edit.exe |
Added by the WOOTBOT.GQ WORM! |
| X |
Windows 32 Rescue |
win32resc.exe |
Added by the FORBOT-EU WORM! |
| X |
Windows 32 Update |
Windows-Update.exe |
Added by a variant of the RBOT WORM! |
| U |
Windows Accelerators |
setup.exe |
KeySpy keystroke logger/monitoring program - remove unless you
installed it yourself! |
| X |
Windows AdControl |
WinAdCtl.exe |
Windupdates adware variant |
| X |
Windows AdService |
WinAdServ.exe |
Windupdates adware variant |
| X |
Windows AdStatus |
WinStat.exe |
Added by the BLESHARE!DR VIRUS! |
| X |
Windows AdTools |
WinAdTools.exe |
Windupdates adware variant |
| X |
Windows Anti Verifier |
Windows-Anti.exe |
Added by the RBOT.ETT WORM! |
| X |
Windows Anti-Virus Built 32 |
AntiVirus32.exe |
Added by the SDBOT-BG WORM! |
| X |
Windows APCI Verifier |
dhcpserv.exe |
Added by the RBOT-FON WORM! Note - Disables the automatic
startup of other software and deactivates the Microsoft Internet Connection
Firewall (ICF) |
| X |
Windows API Control Task |
apitsk32.exe |
Added by the MYTOB.HI WORM! |
| X |
Windows Application Layer |
walg32.exe |
Added by the AGOBOT.ATN WORM! |
| X |
Windows Application Layer
Gateway |
walg32.exe |
Added by the AGOBOT-AAZ WORM! |
| X |
Windows ASN Service |
[random filename] |
Added by the AGOBOT-TC WORM! |
| X |
Windows ASN Service |
rge.exe |
Added by the RBOT-AOK WORM! |
| X |
Windows Authority Service |
lsass.exe |
Added by the KALEL-E WORM! Note
- this is not the legitimate lsass.exe process which should not normally
figure in Msconfig/Startup! |
| X |
Windows auto update |
bazzi.exe |
Added by the AHKER.E WORM! |
| X |
Windows auto update |
LSASS.exe |
Added by the AHKER.G WORM! Note
- this is not the legitimate lsass.exe process, which should not appear in
Msconfig/Startup! |
| X |
windows auto update |
msblast.exe |
Added by the BLASTER.B WORM! |
| X |
windows auto update |
penis32.exe |
Added by the BLASTER (or
MSBLAST.A) WORM! |
| X |
Windows Auto Update |
winupdater.exe |
Added by the SDBOT.TF WORM! |
| X |
Windows Automatic Update |
wuamgrder.exe |
Added by a variant of the RBOT WORM! |
| X |
Windows Automatic Updater |
windrg.exe |
Added by a variant of the RBOT WORM! |
| X |
Windows Automatic Updates |
dvldr.exe |
Added by the RBOT.MF WORM! |
| X |
Windows Automatical Updater |
dcz.exe |
Added by the RBOT.CXS WORM! |
| X |
Windows AutomaticUpdater |
runddls.exe |
Added by a variant of the RBOT WORM! |
| X |
Windows Automation |
msdspr.exe |
Added by the SOLAME.A WORM! |
| X |
windows automation |
mslaugh.exe |
Added by the BLASTER.E WORM! |
| X |
Windows Autostart Loader |
notepad32.exe |
Added by a variant of the RBOT WORM! |
| X |
Windows backup |
systemss.exe |
Added by a variant of the SPYBOT WORM! |
| X |
Windows Backup Configuration |
IEXPLORER.exe |
Added by the GAOBOT.AZ WORM! |
| X |
Windows Baþlangýç Dosyasý |
sistem.exe |
Added by the MUZK WORM! |
| X |
Windows Bootup |
ms-wks32.exe |
Added by the RBOT-AFM WORM! |
| X |
Windows Bootup |
Systemwks32.exe |
Added by a variant of the RBOT WORM! |
| X |
Windows Bootup |
task-mngr.exe |
Added by the RBOT-AWP WORM! |
| N |
Windows Clean-Up Pro |
WINDOWS CLEAN-UP PRO.Exe |
Spyware
remover - not recommended, see note |
| X |
Windows Client Service 32 |
csrss.exe |
Added by the RBOT-ALB WORM! Note
- this is not the legitimate csrss.exe process which is always located in the
System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure
in Msconfig/Startup! This file is located a driverswinsdriver subfolder |
| X |
Windows Client/Server Runtime
Server |
csrs.exe |
Added by the RBOT.KD WORM! |
| X |
Windows Command |
wincmd.exe |
Added by the RBOT.ANV WORM! |
| X |
Windows Communicator |
wincomm.exe |
Added by the AGOBOT-BH WORM! |
| X |
Windows Communicator for NT/XP |
osndyrn.exe |
Added by the SDBOT-CPK WORM! Note - can terminate AV related
processes |
| X |
Windows Compliant |
[random filename] |
Added
by the RBOT-IR WORM! |
| X |
Windows Config |
RUNDLL.EXE |
Added by the SPYBOT-DX WORM!
Note - this is not the Windows system file of the same name as described here |
| X |
Windows Config |
SSYS.EXE |
Added by the SPYBOT-DA WORM! |
| X |
Windows Config |
wins.exe |
Added by the SPYBOT.JR WORM! |
| X |
Windows Config Connection |
msicll.exe |
Added by the RBOT-EXQ WORM! |
| X |
Windows Config Loader |
Wincfg32.exe |
Added by the SILVERFTP TROJAN! |
| X |
Windows Config Manager |
winconf.exe |
Added by the RBOT-AIT WORM! |
| X |
Windows Config System |
config.exe |
Added by a
variant of the SDBOT WORM! |
| X |
Windows Configuration |
wincfg32.exe |
Added by the MYTOB.ED WORM! |
| X |
Windows Configuration |
wsys32.exe |
Added by the GAOBOT.FB WORM! |
| X |
Windows Configuration Loader |
asclt.exe |
Added by the SDBOT-OA WORM! |
| X |
Windows connection manager |
Internet.exe |
Added by the RBOT-APN WORM! Note - file is found in the
Windows or Winnt folder. Make sure you check the link on this one, it copies
it's self under three other file names and folder locations |
| X |
Windows Console Monitor |
[path to worm] |
Added by KEDEBE WORM! |
| X |
Windows Console Monitor |
gcasAV32.exe |
Added
by the KEDEBE-A WORM! |
| X |
Windows Control |
Control.exe |
Browser hijacker. NOTE - On
Win9x systems it will overwrite the Windows file of the same name in the
Windows directory, so therefore it will be necessary to extract a fresh copy
of the file from the Windows setup cabs! |
| X |
Windows ControlAd |
WinCtlAd.exe |
Windupdates adware variant |
| X |
Windows Core Kernel Update |
win32bootcfg.exe |
Added by the RANCK-EL TROJAN! |
| X |
Windows CPU host |
winbog32.exe |
Added by a variant of the RBOT WORM! |
| X |
Windows Critical Alert |
wincrt.exe |
Added by the ALEDO-A TROJAN! |
| X |
Windows Custom Services |
CSRCS.EXE |
Added by the SPYBOT-EI WORM! |
| X |
Windows Data Server |
[random name].exe |
Added by the SPYBOT-DS WORM! |
| X |
Windows Data Server |
autodisc.exe |
Added by the SPYBOT-CB WORM! |
| X |
Windows Database |
wiinsvc.exe |
Added by the AGOBOT-RU WORM! |
| X |
Windows Database |
WinDat.exe |
Added by an unidentified WORM or
TROJAN! |
| X |
Windows Dcom2 Fix |
mscom32.exe |
Added
by the RBOT-QT WORM! |
| X |
Windows DDE Loader |
windde32.exe |
Added
by the SDBOT-UZ WORM! |
| X |
Windows debug logging |
winlogg.exe |
Added
by the RBOT-OY WORM! |
| X |
Windows debug logging |
winloggs.exe |
Added
by the RBOT-QN WORM! |
| X |
Windows Debugger |
msdbg32.exe |
Added by a variant of the RBOT WORM! |
| X |
Windows Debugger |
windbg.exe |
Added by an unidentified VIRUS,
WORM or TROJAN! |
| X |
Windows Debugger |
windbg32.exe |
Added by the ZOTOB.L WORM! |
| X |
Windows Debugging Tools |
updatecfg.exe |
Added by the RBOT-AXU WORM! |
| X |
Windows Default Configuration |
svchost.exe |
Added by the DLOADER-U TROJAN!
Note - this is not the legitimate svchost.exe process which should not
normally figure in Msconfig/Startup! |
| Y |
Windows Defender |
MSASCui.exe |
Related to Windows Defender Microsoft (anti-spyware) tool |
| X |
WINDOWS DENEME |
deneme.exe |
Added by the MYTOB-CR WORM! |
| X |
Windows Desktop Controler |
windesktop.exe |
Added
by the SDBOT-XH WORM! |
| X |
Windows Desktop Daemon |
winpadg.exe |
Added by a variant of the SPYBOT WORM! |
| U |
Windows Desktop Search |
WindowsSearch.exe |
Windows Desktop Search from
Microsoft |
| X |
Windows Dialup Service |
dialup.exe |
Added by the AGOBOT.AAH WORM! |
| X |
Windows DLL Host |
dllhost32.exe |
Added by an unidentified WORM or
TROJAN! |
| X |
Windows DLL host |
winupd32.exe |
Added by a variant of the SPYBOT WORM! |
| X |
Windows DLL Loader |
defragfat32.exe |
Added
by the SDBOT-SS WORM! |
| X |
Windows DLL Loader |
defragfat32abc.exe |
Added
by the RBOT-RG WORM! |
| X |
Windows DLL Loader |
defragfat32pi.exe |
Added
by the RBOT-QQ WORM! |
| X |
Windows DLL Loader |
defragfat32z.exe |
Added by the LINKBOT.A WORM! |
| X |
Windows DLL Loader |
defragfat39.exe |
Added by the POEBOT-C WORM! |
| X |
Windows DLL Loader |
defragfatz.exe |
Added by the LINKBOT.H WORM! |
| X |
Windows DLL Loader |
RUNDLL16.EXE |
Added by the DOMWIS TROJAN! |
| X |
Windows DLL Loader |
rundll32.exe |
Added by the WHIPSER-B WORM!
Note - rundll32.exe file is placed in the WindowsSystem folder, wheras the
legitimate rundll32.exe is located in the C:WindowsSystem (Win9x/Me),
C:WinntSystem32 (WinNT/2K) or C:WindowsSystem32 (WinXP) |
| X |
Windows DLL Loader |
SYSCFG16.EXE |
Added by the DOMWIS-N WORM! |
| X |
Windows DLL Loader |
wdevice.exe |
Added by a
variant of the SDBOT WORM! |
| X |
Windows DLL Loader |
WINCFG32.EXE |
Added by the AGOBOT-TE WORM! |
| X |
Windows DLL Services |
svchost.exe |
Added by the AGENT.H spyware!
Note - this is not the legitimate svchost.exe process which should NOT appear
in Msconfig/Startup! |
| X |
Windows DLL Services |
system.exe |
Added by the AGENT.H spyware |
| X |
Windows DLL Services |
winsvc32.exe |
Added
by the RBOT-ZF WORM! |
| X |
Windows DLL Tracker |
spoolsrv.exe |
Added by a variant of the WOOTBOT WORM! |
| X |
Windows DLL Verifier |
windlls.exe |
Added by the RBOT-AZQ WORM! |
| X |
Windows DLL Verifier |
xptl.exe |
Added by a variant of the RBOT WORM! |
| X |
Windows DNS |
windns.exe |
Added
by the SDBOT-XU WORM! |
| X |
Windows DNS Daemon |
windnsd.exe |
Added by the WOOTBOT.AS WORM! |
| X |
Windows Domain Name Drivers |
windns.exe |
Added by the FORBOT-EP WORM! |
| X |
Windows DOS |
dosw.exe |
Added
by the SALAY-A WORM! |
| X |
Windows Download Manager |
windlmngr.exe |
Added by an unidentified TROJAN! |
| X |
Windows Drive Compatibility |
System32Driver32.exe |
Added by the SUPOVA.Z WORM! |
| X |
Windows Driver |
winxpdriver.exe |
Added by the WOOTBOT.EE WORM! |
| X |
Windows Driver Adapter |
svchost.exe |
Added by the ANTINNY-K WORM!
Note - this is not the legitimate svchost.exe process which is always located
in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is found in a "drivers"
subfolder |
| X |
Windows Driver Foundation |
MTVSCMXT.EXE |
Added by a variant of the RBOT WORM! |
| X |
Windows Driver Services |
msdrvs32.exe |
Added by the WOOTBOT.L WORM! |
| X |
Windows drivers update |
windowsupdate.exe |
Added
by the RBOT-ACE WORM! |
| X |
Windows Dynamic Loading Header |
winDLL32.exe |
Added by a
variant of the SDBOT WORM! |
| X |
Windows Executable |
winmys.exe |
Added
by the RBOT-ABO WORM! |
| X |
Windows ExpIorer |
[random filename] |
Added by the RBOT-AKO WORM! |
| X |
Windows Explorer |
[filename].exe |
Added by the SDBOT TROJAN! Note - this is not the legitimate
Windows Explorer (explorer.exe) which would not normally appear in
Msconfig/Startup unless you added it manually! |
| X |
Windows Explorer |
EEXPLORER.EXE |
Added by a variant of the SPYBOT WORM! |
| X |
Windows Explorer |
explorer.exe |
Added by the POEBOT-J WORM! Note - the legitimate Windows
Explorer (explorer.exe) is located in the Windows or Winnt folder and would
not normally appear in Msconfig/Startup unless you added it manually! This
one is located in the System (9x/Me) or System32 (NT/2K/XP) folder |
| X |
Windows Explorer |
explorer.pif |
Added by the RBOT-AID WORM! |
| X |
Windows Explorer |
explorer32.exe |
Added by a
variant of the SDBOT WORM! |
| X |
Windows Explorer |
Lsas.exe |
Added by the GAOBOT.AO WORM! |
| X |
Windows Explorer |
olecom32.exe |
Added by an unidentified WORM or
TROJAN! |
| X |
Windows Explorer |
system32.exe |
Added by the RBOT-AJH WORM! |
| X |
Windows Explorer Shell |
Winexec32.exe |
Added by the REDIST.B WORM! |
| X |
Windows Explorer SP2 |
csrss.exe |
Added by the BANKER-DM TROJAN!
Note - this is not the legitimate csrss.exe process which is always located
in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is located a JavaBeans subfolder |
| X |
Windows Explorer Update Build
1142 |
EXPLORER32.EXE |
Added by the KaZaA based KWBOT
or KWBOT.Y WORMS! |
| X |
Windows Explorer-3212 |
WINRE16.EXE |
Added by the HARDOC WORM! |
| X |
Windows Extensions for Win32 |
winprgs32.exe |
Added by the SDBOT.AFA WORM! |
| N |
Windows Eyes |
?? |
For blind people, gives a voice
description of items on the screen. Windows application which gives you total
control over what you hear, when you hear it, and how you hear it. Available
via Start -> Programs |
| X |
Windows FAT 32 |
WINFAT32B.exe |
Added by the SPYBOT-AGT WORM! |
| X |
Windows File Protection |
winprotect.exe |
Added by the AGOBOT.JB WORM! |
| X |
Windows File System Frame |
ntframe.exe |
Added by an unidentified WORM or
TROJAN! |
| X |
Windows Firewal |
Lsess.exe |
Added by a variant of the RBOT WORM! |
| X |
Windows Firewall |
WindowsFirewall.exe |
Added by the MYTOB.AO WORM! |
| X |
Windows Firewall Log |
winlog.exe |
Added by an unidentified WORM or
TROJAN! |
| X |
Windows firewall manager |
chh.exe |
Added by a variant of the RANDEX.GEL WORM! |
| X |
Windows Firewall Manager |
msfw.exe |
Added by the RBOT.WR WORM! |
| X |
Windows firewall manager |
msguard.exe |
Added by a variant of the RANDEX.GEL WORM! |
| X |
Windows Firewall Updater |
cronos.exe |
Added by the RBOT-GBY WORM! |
| X |
Windows Firewall Updater |
ctfcom.exe |
Added by the RBOT-GCB WORM! |
| X |
Windows Firewall Updater |
updatees.exe |
Added
by the RBOT-GX WORM! |
| X |
Windows Firewalll |
scvhost.exe |
Added
by the RBOT-EK WORM! |
| X |
Windows Firewalll |
sphost.exe |
Added by a variant of the RBOT WORM! |
| X |
Windows Firewalll |
svvhost.exe |
Added by a variant of the RBOT WORM! |
| X |
Windows Firewalll |
winmu.exe |
Added by a variant of the RBOT WORM! |
| X |
Windows Fix |
integator.exe |
Added by the SDBOT.ZAB WORM! |
| X |
Windows Fixes Systems |
elite.exe |
Added by the MYTOB.EG WORM! |
| X |
Windows FormatAd |
WinForm.exe |
Windupdates adware variant |
| X |
Windows Frame Works |
frmwrks32.exe |
Added by a variant of the RBOT WORM! |
| X |
WINDOWS FUCK BY CLASIC |
fuck.exe |
Added by the ZOTOB.H or ZOTOB.J
WORMS! |
| X |
Windows Generic Proc |
procmsg.exe |
Added by the ALLIM.B WORM! |
| X |
Windows GMT32 |
wingmt32.exe |
Added by the MYTOB.KM WORM! |
| X |
Windows Graphics Loaders |
wingraphics.exe |
Added by the SPYBOT.JG WORM! |
| X |
Windows Guard |
WAUMGRD.EXE |
Added
by the RBOT-GY WORM! |
| U |
Windows Guardian |
Fawgrd32.exe |
Part of First Aid by Cybermedia
who were subsequently bought by McAfee (Network Associates). Protects your
Windows system from application failure and crashes |
| U |
Windows Guardian |
thehel1iawgrd32.exe |
Part of First Aid by Cybermedia
who were subsequently bought by McAfee (Network Associates). Protects your
Windows system from application failure and crashes |
| X |
Windows Help |
mailinfo.exe |
Added by the MYTOB.JX WORM! |
| X |
Windows Help File |
winhelper32.exe |
Added by the SDBOT-QK TROJAN! |
| X |
Windows Help Manager |
svchost32.exe |
Added
by the RBOT-OZ WORM! |
| X |
Windows Help Service |
winhelpsv.exe |
Added
by the RBOT-LP WORM! |
| X |
Windows Help Service |
winhlp.pif |
Added by the RBOT-AKW WORM! |
| ? |
Windows Help System |
Help.pif |
?? |
| X |
Windows Host |
hosts.exe |
Added by the KELVIR.U WORM! |
| X |
Windows Host |
winhost.exe |
Added by the PRYSAT TROJAN! |
| X |
Windows Host Device |
hostsvc.exe |
Added
by the ZOOTY-A WORM! |
| X |
Windows Host Name |
lmass.exe |
Added by the GAOBOT.O WORM! |
| X |
Windows Host Service |
host.exe |
Added by KELVIR.AN WORM! |
| X |
Windows Host Service |
scvhosts.exe |
Added by the SPYBOT.NLI WORM! |
| X |
Windows Host Service |
svchoste.exe |
Added by the KELVIR.BF WORM! |
| X |
Windows Host Service |
svchosts32.exe |
Added by the KELVIR.AW WORM! |
| X |
Windows Host32 Starter |
hostserv.exe |
Added by the SDBOT-WU WORM! |
| X |
Windows Hosts |
hosts.exe |
Added by the KELVIR-O TROJAN! |
| X |
Windows HP Drivers |
hpdmws.exe |
Added by the SDBOT.AQU WORM! |
| X |
Windows HTML file reader |
Sysconf32.exe |
Added by the NOOMY.A WORM! |
| X |
Windows HTTP services |
winhttps.exe |
Added by a variant of the SDBOT
WORM! See here |
| X |
Windows Icons Manager |
wicomgr.exe |
Added by the RBOT-AIF WORM! |
| X |
WINDOWS ID SYSTEM |
wID32.exe |
Added by the MYTOB.LN WORM! |
| X |
Windows iMessenger Messenger |
winimsg.exe |
Added by the ALLIM.A WORM! |
| X |
Windows Incontext |
InSearch.exe |
PacerD_Media/Pacimedia.com/Z-Quest
adware installer |
| X |
Windows Insecure |
[path to worm] |
Added by the RBOT-FSM WORM! |
| X |
Windows Installer |
ntdll.exe |
Added by an unidentified WORM or
TROJAN! |
| X |
Windows installer |
winstall.exe |
SpySheriff malware. For more
information on registry key changes see SPYWAD-E |
| X |
Windows Internet Protocol |
deinst_qfe001.exe |
Added by a variant of the
Win32.Small TROJAN! |
| X |
Windows Internet Protocol |
winproc32.exe |
CoolWebSearch Winproc32 parasite
variant - also detected as the STARTPA-BF TROJAN! |
| X |
Windows Internet Service |
wininet.exe |
Added by the RBOT-AUX WORM! |
| U |
Windows IP Security |
ipsec.exe |
Related to the VPN IPSec utility - used to create Security
Policy (SP) entries and Security Association (SA) entries in the kernel |
| X |
Windows IP Security Service |
ipsecs.exe |
Added by the RBOT.BPW WORM! |
| X |
Windows IPv6 Drivers |
wipv6.exe |
Added by the SDBOT-VJ WORM! |
| X |
Windows Java Update |
weatherBug32.exe |
Added by a variant of the RBOT WORM! |
| X |
Windows JavaScript Daemon |
Winjsd.exe |
Added by the WOOTBOT.AF WORM! |
| X |
Windows Kernel 64 |
kernal64.exe |
Added
by the YIMP-B WORM! |
| X |
Windows Kernel System Service |
wkssvr.exe |
Added by a variant of the RANDEX.GEL WORM! |
| X |
Windows kev Messenger |
mskev.exe |
Added
by the SDBOT-XV WORM! |
| X |
Windows live Support |
wlmsngr.exe |
Added by the RBOT-BKL WORM! |
| ? |
Windows Load |
windows.com |
?? |
| X |
Windows Loader |
SysUpdate.exe |
Added by a
variant of the SDBOT WORM! |
| X |
Windows Loader |
winServices.pif |
Reported by Kaspersky Anti-Virus
as the CARDSPY.D TROJAN! |
| X |
Windows Loader |
wstart32.exe |
Added by the GAOBOT.CA WORM! |
| X |
Windows Loader Service |
civsc.exe |
Added by a variant of the RBOT WORM! |
| X |
windows Loadxm |
Win_.exe |
Added by the FODDER-A TROJAN! |
| X |
Windows Local Services |
localsvc.exe |
Added by the DLOADER-NY TROJAN! |
| X |
Windows Local Services |
netsvc.exe |
Added by the DLOADER-NY TROJAN! |
| X |
Windows Local Services |
spoolsvc.exe |
Added by the DLOADER-NY TROJAN! |
| X |
Windows Local Services |
svcadmin.exe |
Added by the DLOADER-NY TROJAN! |
| X |
Windows Local Services |
svcman.exe |
Added by the DLOADER-NY TROJAN! |
| X |
Windows Local Services |
svcrun.exe |
Added by the DLOADER-NY TROJAN! |
| X |
Windows Local Services |
tcpsvc.exe |
Added by the DLOADER-NY TROJAN! |
| X |
Windows Local Services |
websvc.exe |
Added by the DLOADER-NY TROJAN! |
| X |
Windows Locator |
wsass.exe |
Added by the IRCBOT.N TROJAN! |
| X |
Windows Logger |
winlog.exe |
Added by the NSHADOW-B TROJAN! |
| X |
Windows logging |
winlogd.exe |
Added
by the RBOT-ON WORM! |
| X |
Windows Login |
explored.exe |
Added by the GAOBOT.SY WORM! |
| X |
Windows Login |
lmss.exe |
Added by the AGOBOT-JA WORM! |
| X |
Windows Login |
lmss.exe |
Added by the AGOBOT-JA WORM! |
| X |
Windows Login |
winlog.exe |
Added by the AGOBOT.MG WORM! |
| X |
Windows Login Folder |
winzep.exe |
Added by the AGOBOT-TZ WORM! |
| X |
Windows Login Manager |
winlogin.exe |
Added by a
variant of the SDBOT WORM! |
| X |
Windows Login Security |
winlogin.pif |
Added by an unidentified WORM or
TROJAN! |
| X |
Windows Login Service |
winlog.exe |
Added by the RBOT-AFN WORM! |
| X |
Windows Login Service |
winlogin.pif |
Added by the SDBOT-ACU WORM! |
| X |
Windows Logon |
winlogin.exe |
Added by the SPYBOT-C TROJAN! |
| X |
Windows Logon Application |
logon.exe |
Added
by the POEBOT-J WORM! |
| X |
Windows Logon Application |
services.exe |
Added by the CIADOOR-L TROJAN!
Note - this is not the legitimate services.exe process which is always
located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not
normally figure in Msconfig/Startup! This file is located in the Windows or Winnt
folder |
| X |
Windows Logon Application |
win32help.exe |
Added by the DELBOT-X WORM! |
| X |
Windows Logon Application |
WinIogon.exe |
Added by the LINKBOT.M WORM! |
| X |
Windows Logon Application |
winlogon.exe |
Added by the POEBOT-KW WORM!
Note - this is not the legitimate winlogon.exe process, which should not
appear in Msconfig/Startup! |
| X |
Windows Logon Manager |
logon.exe |
Added by a variant of the RBOT WORM! |
| X |
Windows Logon Procedure |
Svchosta.exe |
Added by a variant of the SPYBOT WORM! |
| X |
Windows Logon Procedure |
Svchoste.exe |
Added by a variant of the SPYBOT WORM! |
| X |
windows logon procedure |
winlogonpc.exe |
Added by the WINLOGON TROJAN! |
| X |
Windows Logon Service |
napi32.exe |
Added by the SPYBOT.ANDM WORM! |
| X |
Windows Logon Service |
winlogon.pif |
Added by the RBOT-AOU WORM! |
| X |
Windows LoL Layer |
[random filename].exe |
Added by the RBOT-GMD WORM! |
| X |
Windows LoL Layer |
gqwdcr.exe |
Added by the AGOBOT-AHS WORM! |
| X |
Windows LoL Layer |
pyvnpt.exe |
Added by the RBOT-GKV WORM! |
| X |
Windows LoL Layer |
win.exe |
Added by the RBOT-FTO WORM! |
| X |
Windows LoL Layer |
winlolx.exe |
Added by the RBOT-FOR WORM! |
| X |
Windows Management
Instrumentation |
[path to file] |
Added
by the QEDS-A VIRUS! |
| X |
Windows Management
Instrumentation |
mwd.exe |
Added by
the GRAPS WORM! |
| X |
WINDOWS MANAGEMENT SYSTEM |
wm1exe.exe |
Added
by the RBOT-VT WORM! |
| X |
Windows Manager |
winmants.exe |
Added by the MANTAS WORM! |
| X |
Windows Manager |
winsrv.exe |
Added by a variant of the AGOBOT/GAOBOT WORM! |
| X |
Windows Manager Update Inc |
tgb.exe |
Added by the SDBOT-ACM WORM! |
| X |
Windows mangement |
winlogonn.exe |
Added by the RANDEX.FC WORM! |
| X |
Windows Media AP |
winmapp.exe |
Added by an unidentified WORM or
TROJAN! |
| X |
Windows Media APP |
wmapp.exe |
Added by an unidentified WORM or
TROJAN! |
| N |
Windows Media Center |
RunDLL32.exe [path] ehuihlp.dll,
BootMediaCenter |
Starts Windows Media Center
every time Windows Vista (Home Premium or Ultimate) boots. Disable by
unchecking the "Start Windows Media Center when Windows Starts"
option via Windows Media Center -> Tasks -> Settings -> General
-> Startup and Window Behaviour |
| N |
Windows Media Connect 2 |
WMCCFG.exe |
Windows Media Connect from Microsoft - stream digital media
files on your computer to digital media receivers (DMRs) that are connected
to your home network |
| X |
Windows Media Driver |
msnger.exe |
Added by a variant of the RBOT WORM! |
| X |
Windows Media Loader |
wmloader.exe |
Added by a variant of the GAOBOT WORM! |
| X |
Windows Media Player |
[random filename] |
Added by a variant of the RBOT WORM! |
| X |
Windows Media Player |
50cent.exe |
Added by a variant of the RBOT WORM! |
| X |
Windows Media Player |
mcafe32.exe |
Added
by the RBOT-YO WORM! |
| X |
Windows Media Player |
MediaPIayer.exe |
Added by the SDBOT-QO TROJAN! - note, the executable is
called 'MediapIayer', with an 'i' !) |
| X |
Windows Media Player |
mpwe.exe |
Added
by the RBOT-TT WORM! |
| X |
Windows Media Player |
msa.exe |
Added
by the RBOT-SI WORM! |
| X |
Windows Media Player |
msams.exe |
Added by the RBOT.AHR WORM! |
| X |
Windows Media Player |
wmediaplayer.exe |
Added by the AGOBOT-NQ WORM! |
| X |
Windows Media Player |
wmplayer.exe |
Added by the KELVIR.G WORM or variants! Note - this is not
the valid Windows Media Player as the executeable resides is C:WindowsSystem
(Win9x/Me), C:WinntSystem32 (WinNT/2K) or C:WindowsSystem32 (WinXP) rather
than C:Program FilesWindows Media Player |
| X |
Windows Media Player 3.6 |
wmpa36.exe |
Added by a variant of the RBOT WORM! |
| X |
Windows Media Player 3.6b |
WMPA36B.EXE |
Added
by the RBOT-VV WORM! |
| X |
Windows Media Player 3.6d |
wmpa36d.exe |
Added
by the RBOT-YA WORM! |
| X |
Windows Media Player 3.9 |
wmpa36.exe |
Added by a variant of the RBOT WORM! |
| X |
Windows Media Player Service |
wmedia.exe |
Added by the RBOT.213504 WORM! |
| X |
Windows Media Player Update |
[random filename] |
Added
by the RBOT-ET WORM! |
| N |
Windows Media Powerpoint Helper |
NSPPTHLP.EXE |
German software (comes with some
Toshiba CD writers) that helps convert Powerpoint files to ASF (Streaming
Media) files. Available via Start -> Programs |
| X |
Windows media service |
crsss.exe |
Added by the RBOT.ACY WORM! |
| X |
Windows media service |
crvss.exe |
Added by the SDBOT.VP WORM! |
| X |
Windows media service |
Sygate32.exe |
Added by the RBOT.ADE WORM! |
| X |
Windows media services |
cvrsss.exe |
Added
by the RBOT-MW WORM! |
| X |
Windows Media SP.2.37 |
[random filename] |
Added by the LEMIR.C TROJAN! |
| X |
Windows Media Updater |
crease.exe |
Added by the RBOT-ATI WORM! |
| X |
Windows Media Upgrade |
NeUpgrade.exe |
Added by the RBOT.BMF TROJAN! |
| X |
Windows Media Utility |
wmediautil.exe |
Added by a variant of the SPYBOT WORM! |
| X |
Windows messenger |
messengers.exe |
Added by the MYTOB.EI WORM! |
| X |
Windows Messenger |
msnsmgs.exe |
Added by the RBOT-ANJ WORM! |
| X |
Windows Messenger Messenger |
winmsg.exe |
Added by VELKBOT.A WORM! |
| X |
Windows Messenger Service |
kaspersky.exe |
Added by the MYTOB.HY WORM! |
| X |
Windows Messenger Service |
winsmsgr.exe |
Added
by the RBOT-VW WORM! |
| X |
Windows MeTaLRoCk service |
metalrock.exe |
Added by the TASTYRED TROJAN! |
| X |
Windows Micro Drivers |
wupdates32.exe |
Added by the RBOT-AEH WORM! |
| X |
Windows Microsoft Update |
wintask32.exe |
Added by a
variant of the SDBOT WORM! |
| X |
Windows mod Verifier |
Windows-mod.exe |
Added by the RBOT.DSU WORM! |
| X |
Windows modez Verifier |
taskmngr.exe |
Added by a variant of the RBOT WORM! |
| X |
Windows modez Verifier |
w1nz0zz0.exe |
Added by a
variant of the SDBOT WORM! |
| X |
Windows modez Verifier |
Window2.exe |
Added by a variant of the RBOT WORM! |
| X |
Windows modez Verifier |
Windows-.exe |
Added by the RBOT-DIO WORM! |
| X |
Windows modez Verifier |
WindowsLogon.exe |
Added by a
variant of the SDBOT WORM! |
| X |
Windows modez Verifier |
winl0g0z.exe |
Added by the RBOT-FNB WORM! |
| X |
Windows modez Verifier |
winlogom.exe |
Added by a variant of the RBOT WORM! |
| X |
Windows modez Verifier |
Wwuamguard.exe |
Added by the RBOT.EZJ WORM! |
| X |
Windows Monitor |
arsetup.exe |
Added by the SPAZBOX.A TROJAN! |
| X |
Windows Monitor |
winmon.exe |
Added by the SDBOT.VB WORM! |
| X |
Windows Monitor Services |
winmonitor.exe |
Added
by the RBOT-XX WORM! |
| X |
Windows Monitoring Service |
winmon.exe |
Added by a
variant of the SDBOT WORM! |
| X |
Windows More Choice |
TopContext.exe |
ZQuest adware |
| X |
Windows Mouse Utilities |
mouseutils.exe |
Added
by the RBOT-ABU WORM! |
| X |
Windows ms Drivers |
msnup32.exe |
Added by the SDBOT-AAL WORM! |
| X |
Windows MS Update 32 |
fhm.exe |
Added by the IRCBOT.GEN WORM! |
| X |
Windows MS Update 32 |
sucker.exe |
Added by the FORBOT-GJ WORM! |
| X |
Windows MSConfig Startup Logger |
winlog.exe |
Added by the RBOT.BCU WORM! |
| X |
Windows Msn Live Messanger |
msnmsgsman.exe |
Added by a
variant of the SDBOT WORM! |
| X |
Windows MSX drivers |
winmsx.exe |
Added by the RBOT-AYG TROJAN! |
| X |
Windows Net Cfg |
service.exe |
Added by a variant of the RBOT WORM! |
| X |
Windows NetDDe |
wrmana32.exe |
Added by the MYTOB.IM WORM! |
| X |
Windows Nets |
WinNET.exe |
Added
by the RBOT-MO WORM! |
| X |
Windows NetStart Service |
winsN2S.exe |
Added
by the RBOT-ZX WORM! |
| X |
Windows NetStart Service2 |
winsN2S.exe |
Added
by the RBOT-ABN WORM! |
| X |
Windows NetStart Service2 |
winsN2SD.exe |
Added by a variant of the RBOT WORM! |
| X |
Windows Network Controller |
Mqguard.exe |
Added by the FORBOT-CL WORM! |
| X |
Windows Network Controller |
Win9x.exe |
Added by the WOOTBOT.I WORM! |
| X |
Windows Network Controller |
wingmt.exe |
Added by a
variant of the SDBOT WORM! |
| X |
Windows Network Controller |
winmms32.exe |
Added by the FORBOT-ED WORM! |
| X |
Windows Network Controller |
WinxPupd.exe |
Added by the FORBOT-DK WORM! |
| X |
Windows Network Firewall |
firewall.exe |
Added
by the POEBOT-J WORM! |
| X |
Windows Network Service |
winvc32.exe |
Added by the RBOT.RY WORM! |
| X |
Windows Networking |
winsys32.exe |
Added by the GAOBOT.FL WORM! |
| X |
Windows Networks |
netcog.exe |
Added by the MYTOB.FH WORM! |
| X |
Windows Nivedia Driver |
sysMGT.exe |
Added by a variant of the RBOT WORM! |
| X |
Windows NNT |
[path to trojan] |
Added by the RANKY.E TROJAN! |
| X |
Windows NT 32 |
ntlogin32.exe |
Added by the RANDEX.BRD WORM! |
| X |
Windows NT Login |
ntlogin32.exe |
Added by the SDBOT.WG WORM! |
| X |
Windows NT Login Session Manager |
WNSM.EXE |
Added by the RBOT.BIV WORM! |
| X |
Windows NT Logon Application |
winlogon.scr |
Added by the RBOT-ALP WORM! |
| X |
Windows NT Service Name |
winshock.exe |
Added
by the RBOT-PK WORM! |
| X |
Windows NT Update Manager |
WINL0G0N.exe |
Added by the AGOBOT-NU WORM! Note that those are zeroes in
the filename and not capital "o" |
| X |
Windows OEM Tools |
winres32.exe |
Added by the SPYBOT.FD WORM! |
| X |
Windows OLE Automation Server |
ole32aut.vbe |
CoolWebSearch
parasite variant |
| X |
Windows Online Updater |
dllman.exe |
Added
by the RBOT-TE WORM! |
| X |
Windows Pc |
winmgr.exe |
Added
by the BIBOT-A WORM! |
| X |
Windows PDG |
winpdg.exe |
Added by the RBOT-ADW WORM! |
| X |
Windows Performance Monitor |
wmscupd.exe |
Added by the IRCBOT_GEN WORM! |
| X |
Windows PNP |
winpnp.exe |
Added by the RBOT-AKN WORM! |
| X |
Windows PNP Server |
pnpsrv.exe |
Added by
this variant of the SDBOT WORM! |
| X |
Windows Portable Device Drivers |
MSKSVRVS.EXE |
Added by a TROJAN - see here |
| X |
Windows Portable Devices |
MSKSVRTSS.EXE |
Added by the SPYBOT.APEO WORM! |
| X |
Windows Print Monitor Daemon |
[random filename].exe |
Added by a
variant of the SDBOT WORM! |
| X |
Windows Print Spooler |
NavAgent32.exe |
Added by an unidentified VIRUS,
WORM or TROJAN! |
| ? |
Windows Print Spooler |
SCVHOSTS.EXE |
Suspicious due to the similarity
to the valid "svchost.exe" file |
| X |
Windows Print Spooler |
SVEHOST.EXE |
Added by the SPYBOT.H WORM! |
| X |
Windows Process |
win_update.exe |
Added by the
LASTWORD WORM! |
| X |
Windows Process Manager |
winproc.exe |
Added by an unidentified WORM or
TROJAN! |
| X |
Windows Processe Manager |
mspn32.exe |
Added by a variant of the RBOT WORM! |
| X |
Windows Proffesional Security |
WinSecure32.exe |
Added by the AGOBOT.VA WORM |
| X |
Windows Protectot |
boxide.exe |
Added by a variant of the WOOTBOT WORM! |
| X |
Windows Recylinder Check |
zwdomsgemw.exe |
Added by the RBOT-EGJ WORM! |
| X |
Windows Reg Services |
dservice.exe |
Added by the PRORAT-D TROJAN! |
| X |
Windows Reg Services |
ffservice.exe |
Added by the DLOADER-PL or
DLOADER-XM TROJANS! |
| X |
Windows Reg Services |
fservice.exe |
Added by the PRORAT-D TROJAN! |
| X |
Windows Reg Services |
lncom.exe |
Added by the PRORAT-O TROJAN! |
| X |
Windows Reg Services |
lservice.exe |
Added by the PRORAT-O TROJAN! |
| X |
Windows Reg Services |
ssservice.exe |
Added by the PRORAT-D TROJAN! |
| X |
Windows Reg Services |
wservice.exe |
Added by the PRORAT-O TROJAN! |
| X |
WINDOWS REGISTER EDIT |
registr32.exe |
Added by an unidentified WORM or
TROJAN! |
| X |
Windows Register Settings |
svmhost.exe |
Added by a variant of the FORBOT WORM! |
| X |
Windows Registers |
winservicess.exe |
Added by a
variant of the SDBOT WORM! |
| X |
Windows Registry |
msnmsg.exe |
Added by a variant of the RBOT WORM! |
| X |
Windows Registry |
winhost.exe |
Added by a variant of the RBOT WORM! |
| X |
Windows Registry Cleaner |
winclean.exe |
Added by a variant of the SPYBOT WORM! |
| X |
Windows Registry Express Loader |
regexpress.exe |
Added by the FORBOT-CJ WORM! |
| X |
Windows Registry Manager |
tasksmanagers.exe |
Added by the MYTOB.ER WORM! |
| X |
Windows Registry Name |
[random filename] |
Added by the RBOT-AEB WORM! |
| X |
Windows Registry Name |
winses.exe |
Added by the RBOT-ADB WORM! |
| U |
Windows Registry Repair Pro |
RegistryRepairPro.exe |
Registry
Repair Pro. "Scans the Windows Registry for invalid or obsolete
information in the registry" |
| X |
Windows Registry Scan |
regscan23.exe |
Added by a variant of the RBOT WORM! |
| X |
Windows Registry Scan |
regscan32.exe |
Added by the RBOT.KE WORM! |
| X |
Windows Registry Scan |
svcdll.exe |
Added
by the RBOT-TP WORM! |
| X |
Windows Registry Scan |
timeupdate.exe |
Added by the SPYBOT.JE WORM! |
| X |
Windows Registry Security |
crss.exe |
Added by a variant of the IRC.BOT TROJAN! |
| X |
Windows Registry Startup |
wind32.exe |
Added by the AGOBOT-BZ WORM! |
| X |
Windows Repair |
toxikx.exe |
Added by the SDBOT-ADL WORM! |
| X |
Windows report |
swchost.exe |
Added by the SMALL-BD TROJAN! |
| X |
windows run |
system.exe |
Added
by the ICPASS-A WORM! |
| X |
Windows Run-Time 64bit |
win64rt.exe |
Added by a variant of the RBOT WORM! |
| X |
Windows Runtime Help |
win32hlp.exe |
Added by a variant of the AIMVISION TROJAN! |
| X |
Windows Runtime Help |
WinRunHelp.wrh |
Added by a variant of the AIMVISION TROJAN! |
| X |
Windows Runtime Proccess |
32RUNdll.exe |
Added by the SDBOT.QW WORM! |
| X |
Windows SA |
omniscient.exe |
BLAZEFIND adware |
| X |
Windows Screensaver |
Service.exe |
Added by the KELVIR.P WORM! |
| X |
WINDOWS SCREENSAVER |
ssaver.scr |
Added by the SDBOT-YZ WORM! |
| X |
Windows secure |
setver32.exe |
Added by the SPYBOT.EP WORM! |
| X |
Windows Secure Connection |
winsc.exe |
Added by a variant of the RBOT WORM! |
| X |
Windows Secure Layer |
[random filename] |
Added by a
variant of the SDBOT WORM! |
| X |
Windows Secure Messaging System |
msnmsgrsrvc.exe |
Added
by the RBOT-RE WORM! |
| X |
Windows Secure Services |
ssms.exe |
Added by the RBOT-GAR WORM! |
| X |
Windows Secure Update |
WinSecUp.exe |
Added by the RBOT-GCD WORM! |
| X |
Windows Secure Update |
winupser.exe |
Added by the RBOT-GCG WORM! |
| X |
Windows Security |
ms32.pif |
Added by the RBOT-ARN WORM! |
| X |
Windows Security |
win.pif |
Added by the RBOT-APT WORM! |
| X |
WINDOWS SECURITY |
wingrd.exe |
Added by a variant of the RBOT WORM! |
| X |
Windows Security |
winscure.exe |
Added by the RBOT-BAF WORM! |
| X |
Windows Security Assistant |
rundll32.vbe |
CoolWebSearch Alfasearch
parasite variant - also detected as the STARTPA-U TROJAN! |
| X |
Windows Security Assistant |
winsec.exe |
CoolWebSearch
parasite variant |
| X |
Windows Security Authority
Service |
lsass.exe |
Added by the KALEL-A WORM! Note
- this is not the legitimate lsass.exe process, which should not appear in
Msconfig/Startup! |
| X |
Windows Security Center
Notification Appls |
sxe.exe |
Added by the RBOT-GKX WORM! |
| X |
Windows Security Center
Notification Applse |
sxes.exe |
Added by the RBOT-GLR WORM! |
| X |
Windows Security Manager |
svchost.exe |
Added by the ANTINNY.AX WORM!!
Note - this is not the legitimate svchost.exe process which is always located
in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is located in a "Microsoft"
subfolder |
| X |
Windows Security Manager |
winsecure.exe |
Affilred adware |
| X |
Windows Security Manager |
winsecurity.exe |
Added by the AGOBOT-KI WORM! |
| X |
Windows Security Module |
module.exe |
Added by a variant of the RBOT WORM! |
| X |
Windows Security Service |
[random file name] |
Added by the RBOT-ALV WORM! |
| X |
Windows Security Service |
arrdt.exe |
Added by a variant of the RBOT WORM! |
| X |
Windows Security Service |
windows.pif |
Added by the RBOT-AMG WORM! |
| X |
Windows Security Update |
security32.exe |
Affilred adware |
| X |
Windows Serv Patch |
Mcaffe2005.exe |
Added by a variant of the RBOT WORM! |
| X |
Windows ServeAd |
WinServAd.exe |
Windupdates adware variant |
| X |
Windows Server Information |
servinfo.exe |
Added by the FORBOT-EN WORM! |
| X |
Windows Servic2 |
winsy.exe |
Added by the RBOT-AIA WORM! |
| X |
Windows Service |
dddd.exe |
Identified by Kaspersky Labs as Dialer.Salc, also known to
come with the Bube family trojans |
| X |
Windows Service |
dstart4.exe |
Added by an unidentified TROJAN! |
| X |
Windows Service |
pd14.exe |
Adware, detected by
DiamondCS TDS-3 anti-trojan as "TrojanDownloader.Win32.Delf.dg" |
| X |
Windows Service |
pd7.exe |
Added by the SMALL.VZ TROJAN! |
| X |
Windows Service |
private-zone.exe |
Added
by an unidentified TROJAN.CLICKER! |
| X |
Windows Service |
prvdi.exe |
Malware - recognized by
Kaspersky antivirus as Trojan-Dropper.Win32.Small.rd |
| X |
Windows Service |
r.exe |
Added by a variant of the SMALL.VZ TROJAN! |
| X |
Windows Service |
services.exe |
Added by the KALEL-A WORM! Note
- this is not the legitimate services.exe process, which should not appear in
Msconfig/Startup! |
| X |
Windows Service |
svvhost.exe |
Added by the AGOBOT-HL WORM! |
| X |
Windows Service |
video.exe |
Added by an unidentified TROJAN! |
| X |
Windows Service |
video2.exe |
Added by the DOWNLOADER.SMALL.MY
TROJAN! |
| X |
Windows Service |
windowz.exe |
Added by the SDBOT-AYI WORM! Note - dissables the automatic
startup of other software and deactivates the Microsoft Internet Connection
Firewall (ICF) |
| X |
Windows Service |
WINSVC.EXE |
Added by the SPYBOT-DH TROJAN! |
| X |
Windows service |
wuamgrd.exe |
Added
by the RBOT-QW WORM! |
| X |
Windows Service Agent |
czf.exe |
Added by the RBOT-GAJ WORM! |
| X |
Windows Service Controller |
services.exe |
Added by the KALEL-B WORM! Note
- this is not the legitimate services.exe process, which should not appear in
Msconfig/Startup! |
| X |
Windows Service DC |
uhpnjcjl.exe |
Added by the RBOT-GLY WORM! |
| X |
Windows Service Host |
schost.exe |
Added by the GAOBOT.AO WORM! |
| X |
Windows Service Host |
scvhost.exe |
Added by the SDBOT.N TROJAN! |
| X |
Windows Service Host |
svchost.exe |
Added by the CONE.B WORM! Note -
this is not the legitimate svchost.exe process which is always located in the
System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure
in Msconfig/Startup! This file is found in the Winnt or Windows folder |
| X |
Windows Service Host |
svchost.exe |
Added by the KALEL-C WORM! Note
- this is not the legitimate svchost.exe process which should NOT appear in
Msconfig/Startup! |
| X |
Windows Service Host Process |
[path to file] |
Added
by the EZIO-A WORM! |
| X |
Windows Service Hosting |
USERINIT.exe |
Added by the GOMMER-A WORM! |
| X |
Windows Service Loader |
Window.exe |
Added
by the RBOT-XO WORM! |
| X |
Windows Service Manager |
localsvc.exe |
Added by the DLOADER-NY TROJAN! |
| X |
Windows Service Manager |
msgs.exe |
Added by the OSCABOT-E WORM! |
| X |
Windows Service Manager |
msnmrg.exe |
Added by the OSCABOT-G WORM! |
| X |
Windows Service Manager |
netsvc.exe |
Added by the DLOADER-NY TROJAN! |
| X |
Windows Service Manager |
spoolsvc.exe |
Added by the DLOADER-NY TROJAN! |
| X |
Windows Service Manager |
svcadmin.exe |
Added by the DLOADER-NY TROJAN! |
| X |
Windows Service Manager |
svcman.exe |
Added by the DLOADER-NY TROJAN! |
| X |
Windows Service Manager |
svcmgr32.exe |
Added by the OSCABOT-D WORM! |
| X |
Windows Service Manager |
svcrun.exe |
Added by the DLOADER-NY TROJAN! |
| X |
Windows Service Manager |
taskmgr.exe |
Detected as
Trojan-Spy.Win32.IamBigBrother.91 by Kaspersky, possibly a commercial
keylogger |
| X |
Windows Service Manager |
tcpsvc.exe |
Added by the DLOADER-NY TROJAN! |
| X |
Windows Service Manager |
userint32.exe |
Added by the OSCABOT-C WORM! |
| X |
Windows Service Manager |
websvc.exe |
Added by the DLOADER-NY TROJAN! |
| X |
Windows Service Pack Auto Update |
ballin.exe |
Added by an unidentified WORM or
TROJAN! |
| X |
Windows Service Pack Auto Update |
del-me.exe |
Adware, also detected as the
LOWZONES.BH TROJAN! |
| X |
Windows Service Pack Auto Update |
figgaz.exe |
Added
by a TROJAN.CLICKER - identified by Kaspersky antivirus as
Trojan-Clicker.Agent.bt |
| X |
Windows Service Pack Auto Update |
winworks.exe |
Adware
downloader, identified by eScan antivirus as Trojan-Clicker.Agent.bt |
| X |
Windows Service Pack2 |
svchhost.exe |
Added by a variant of the RBOT WORM! |
| X |
Windows Service Pack2 |
WIN43.EXE |
Added by the GAOBOT.G WORM! |
| X |
Windows Service Support Call |
SVSS32.EXE |
Added
by the RBOT-XQ WORM! |
| X |
Windows Service Utitity |
winsrvc.exe |
Added by the RBOT-ASI WORM! |
| X |
Windows Service XP |
XpFirewall.exe |
Added by the MYTOB.AM WORM! |
| X |
Windows Services |
Explorer.exe |
Added by the SDBOT-WT WORM! Note - the legitimate Windows
Explorer (explorer.exe) is located in the Windows or Winnt folder and would
not normally appear in Msconfig/Startup unless you added it manually! This
one is located in the System32 subfolder |
| X |
Windows Services |
iexplore.exe |
Added by the RBOT-WE WORM! Note
- this is not the legitimate Internet Explorer (iexplore.exe) process, which
is always located in the Program FilesInternet Explorer folder and should not
normally figure in Msconfig/Startup unless you add it manually! This file is
located in the System (9x/Me) or System32 (NT/2K/XP) folder |
| X |
Windows Services |
NetworkDriver32.exe |
Added by the RBOT-ACR WORM! |
| X |
Windows Services |
NetworkDrivers.exe |
Added by the SDBOT-YO WORM! |
| X |
Windows Services |
scmsg.exe |
Added by a
variant of the SDBOT WORM! |
| X |
Windows Services |
scvhoste.exe |
Added by SPYBOT.OBZ WORM! |
| X |
Windows Services |
service.exe |
Added by the RANDEX.R WORM! |
| X |
Windows Services |
smsc.exe |
Added by a
variant of the SDBOT WORM! |
| X |
Windows Services |
spoolsvc.exe |
Added by the SDBOT.CPZ WORM! |
| X |
Windows Services |
svchosts.exe |
Added by the AGOBOT-KL TROJAN! |
| X |
Windows Services |
winsvc32.exe |
Added
by the MYTOB-CB WORM! |
| X |
Windows Services Host |
svchost.exe |
Added by the CONE or CONE.E
WORMS! Note - this is not the legitimate svchost.exe process which should NOT
appear in Msconfig/Startup! |
| X |
Windows Services Hosts |
svhosts.exe |
Added by the SDBOT-YH TROJAN! |
| X |
Windows Services Ink Platform
Tablet Input Subsystem |
wsiptis.exe |
Added by the RBOT.APC WORM! |
| X |
Windows Services Layer |
sslms.exe |
Added by the RBOT-GAH WORM! |
| X |
Windows Services Layer |
winl0g0.exe |
Added by the RBOT-FZQ WORM! |
| X |
Windows Services Layer |
winlogz2.exe |
Added by the RBOT-FZE WORM! |
| X |
Windows Services Update |
svch0st.exe |
Added by a variant of the RBOT WORM! Note - the filename has
the digit 0 rather then the uppercase "o" |
| X |
Windows Session Manager |
smss32.exe |
Added by a variant of the RBOT WORM! |
| X |
Windows Session Manager
Subsystem |
smss.exe |
Added by the KALEL-B WORM! Note
- this is not the legitimate smss.exe process which should NOT appear in
Msconfig/Startup! |
| X |
Windows Shell |
shell.exe |
Added
by the MYTOB-CA WORM! |
| X |
Windows Shell |
taskgmr.exe |
Added by the
MYTOB.BV WORM! |
| ? |
Windows shell |
win70.exe |
?? |
| X |
Windows Shell Library Loader |
load shell.dll |
CoolWebSearch
parasite variant |
| X |
windows shellext.32 |
mschost.exe |
Added by the BLASTER.K WORM! |
| X |
WINDOWS SKY |
sky.exe |
Added by the MYTOB.CH WORM! |
| X |
Windows Smart Manager |
smart.exe |
Added
by the RBOT-SL WORM! |
| X |
Windows Socket Procedure |
WinSock32.exe |
Added by the RBOT-FMX WORM! |
| X |
Windows Software |
hbsppe.exe |
Added by the RBOT-GLL WORM! |
| X |
Windows Sound Driver |
SndMon32.exe |
Added by a variant of the SPYBOT WORM! |
| X |
Windows Sound Manager |
SndMon16.exe |
Added by a variant of the FORBOT WORM! |
| X |
Windows Sound Manager |
SndMon32.exe |
Added by the FORBOT-BU WORM! |
| X |
Windows Sound Verifier |
WinIp32.exe |
Added by the RBOT-FMO WORM! |
| X |
Windows SP2 Firewall |
wfirewall7.exe |
Added by a variant of the RBOT WORM! |
| X |
Windows SP2 Update |
Sp2update.exe |
Added by the WOOTBOT.BS WORM! |
| X |
Windows SP2 Version Load |
wuauclt32.exe |
Added by the GAOBOT.CX WORM! |
| X |
Windows SP4 |
directCC.exe |
Added by the RBOT-ACX WORM! |
| X |
Windows Spool Server |
spoolsrv.exe |
Added by the SDBOT-ACT WORM! |
| X |
Windows SpoolaPrint Service |
spoolasrv.exe |
Added by the SDBOT-AYD WORM! |
| X |
Windows Spooler |
SPOOLSRV.EXE |
Added by the SPYBOT.P WORM! |
| X |
Windows Spooler |
spoolsv32.exe |
Added by an unidentified WORM or
TROJAN! |
| X |
Windows Spooler Services |
spool.exe |
Added by the AGOBOT-AMO WORM! |
| X |
Windows SpoolPrint Service |
spoolersrv.exe |
Added by the SDBOT-ZT WORM! |
| X |
Windows Spools SV |
winsv.exe |
Added by the RBOT-AUQ WORM! |
| X |
Windows spoolservr Service |
spoolservr.exe |
Added by the SDBOT-AAN WORM! |
| X |
Windows Spoolsre Service |
spoolsre.exe |
Added by the SDBOT-AAE WORM! |
| X |
Windows Spoolsrv Service |
spoolmsv.exe |
Added by the SDBOT-ZS WORM! |
| X |
windows spoolsrv service |
spoolssv.exe |
Added by the SDBOT-AWV WORM! |
| X |
Windows Spoolsurf Service |
spoolsurf.exe |
Added by the SDBOT-ZZ WORM! |
| X |
Windows SpooltPrint Service |
spooltsrv.exe |
Added by the SDBOT-AYE WORM! |
| X |
Windows Spoolvvv Service |
spoolvvv.exe |
Added by the SDBOT-AAW WORM! |
| X |
Windows spyware remover |
Windows-spyware.exe |
Added by the SystemPoser TROJAN! |
| X |
Windows sq Drivers |
winmsn32.exe |
Added by the RBOT-ADI WORM! |
| X |
Windows Sql Service For Windows
32 Bit |
winsql32.exe |
Added by the FORBOT-FC WORM! |
| X |
Windows SSH Client |
winssh.exe |
Added by the RBOT-AXC WORM! |
| X |
Windows SSL File |
winssv.exe |
Added by the WOOTBOT.CA WORM! |
| X |
Windows SSL Secondary Drivers |
SSL32Dr.exe |
Added by the SDBOT.ASQ WORM! |
| X |
Windows Stand Sound Drivers |
Sounddrv.exe |
Added by the SDBOT-XF WORM! |
| X |
Windows Standard Securty |
[random 3-letter filename] |
Added by the RBOT-ALF WORM! |
| X |
Windows Start Server 2000 |
traficy.exe |
Added by the RBOT-AHM WORM! |
| X |
Windows Startup |
services21.exe |
Added by the AGOBOT-MX WORM! |
| X |
Windows Startup |
Wdrun32.exe |
Added by the GAOBOT.AO WORM! |
| X |
Windows Startup |
winsta~1.exe |
GoHip
foistware |
| X |
Windows Startup |
winstartup.exe |
GoHip
foistware |
| X |
Windows Startup 32 Bits |
sysrun32.exe |
Added by a variant of the
DARKSUN TROJAN! |
| X |
Windows Stortup |
svchost.exe |
Added by the TOGER-V TROJAN!
Note - this is not the legitimate svchost.exe process which is always located
in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is located in the Winnt or Windows
folder |
| X |
Windows Streams Server |
localsrv.exe |
Added by the SDBOT.LN WORM! |
| X |
Windows Subsys |
winload.exe |
Added by the NETSPREE.C WORM! |
| X |
WINDOWS SVC |
winsvc.exe |
Added by the MYTOB-EY WORM! |
| X |
Windows Svshost Service Update
32 |
svcsshost32.exe |
Added by the FORBOT-GD WORM! |
| X |
Windows SyncroAd |
SyncroAd.exe |
Windupdates adware variant |
| X |
WINDOWS SYSTEM |
beta.exe |
Added by the MYTOB.DF WORM! |
| X |
WINDOWS SYSTEM |
botzor.exe |
Added by
the ZOTOB WORM! |
| X |
WINDOWS SYSTEM |
dcomuser.exe |
Added by the MYTOB.EO WORM! |
| X |
WINDOWS SYSTEM |
expI0rer.exe |
Added by the MYTOB-FI WORM! Note the upper case "i"
and number "0" in the filename |
| X |
WINDOWS SYSTEM |
gothica.exe |
Added by the MYTOB.HU WORM! |
| X |
WINDOWS SYSTEM |
lf66prc.exe |
Added by the MYTOB.GC WORM! |
| X |
WINDOWS SYSTEM |
logic.exe |
Added by the MYTOB.IC WORM! |
| X |
WINDOWS SYSTEM |
msdev32.exe |
Added by the MYTOB.EH WORM! |
| X |
WINDOWS SYSTEM |
msn32.exe |
Added by the MYTOB-FX WORM! |
| X |
WINDOWS SYSTEM |
msnl.exe |
Added by the MYTOB.IK WORM! |
| X |
WINDOWS SYSTEM |
mswins.exe |
Added by the MYTOB.DP WORM! |
| X |
WINDOWS SYSTEM |
mtrnqs.exe |
Added by the MYTOB.IG WORM! |
| X |
WINDOWS SYSTEM |
nec.exe |
Added
by the MYTOB-L WORM or variants! |
| X |
WINDOWS SYSTEM |
nibie.exe |
Added by the MYTOB-BY WORM! |
| X |
WINDOWS SYSTEM |
ninfoie.exe |
Added by the MYTOB-EP WORM! |
| X |
WINDOWS SYSTEM |
per.exe |
Added by
the ZOTOB.C WORM! |
| X |
WINDOWS SYSTEM |
servce.exe |
Added by the MYTOB-EI WORM! |
| X |
WINDOWS SYSTEM |
servises.exe |
Added
by the ZOTOB-I WORM! |
| X |
WINDOWS SYSTEM |
sky.exe |
Added by the MYTOB.LB WORM! |
| X |
WINDOWS SYSTEM |
skybot.exe |
Added by the MYTOB-CX WORM! |
| X |
WINDOWS SYSTEM |
skybot.exe |
Added by the MYTOB.JU WORM! |
| X |
WINDOWS SYSTEM |
skybotx.exe |
Added by the MYTOB-BY WORM! |
| X |
WINDOWS SYSTEM |
smoc.exe |
Added by the MYTOB.FU WORM! |
| X |
WINDOWS SYSTEM |
smsc.exe |
Added by the MYTOB-BR WORM! |
| X |
WINDOWS SYSTEM |
test.exe |
Added by the MYTOB.DJ WORM! |
| U |
WINDOWS SYSTEM |
test2.exe |
Added by the MYTOB.DJ WORM! |
| X |
WINDOWS SYSTEM |
test3.exe |
Added by the MYTOB.DV WORM! |
| X |
WINDOWS SYSTEM |
twunk_65.exe |
Added by the MYTOB-EG WORM! |
| X |
WINDOWS SYSTEM |
wdns33.exe |
Added by the MYTOB-BY WORM! |
| X |
WINDOWS SYSTEM |
win.exe.exe |
Added by the MYTOB.FA WORM! |
| X |
WINDOWS SYSTEM |
Win32IMAPSVR.exe |
Added by the MYTOB-FQ or
MYTOB-FU WORMS! |
| X |
WINDOWS SYSTEM |
winaup.exe |
Added by the MYTOB-DN WORM! |
| X |
WINDOWS SYSTEM |
winligon.exe |
Added by the MYTOB.EP WORM! |
| X |
WINDOWS SYSTEM |
winmon.exe |
Added by the MYTOB.GB WORM! |
| X |
WINDOWS SYSTEM |
winNTsys32.exe |
Added by the MYTOB-DM WORM! |
| X |
WINDOWS SYSTEM |
winsvc.exe |
Added by the MYTOB.LM WORM! |
| X |
WINDOWS SYSTEM |
winsvc32.exe |
Added by the MYTOB.HH WORM! |
| X |
Windows System |
WINSYS.exe |
Added by the RBOT-AEF WORM! |
| X |
Windows System |
winsys32.exe |
Added by the MYTOB-IS WORM! |
| X |
WINDOWS SYSTEM |
winsys33.exe |
Added by the MYTOB.EK WORM! |
| X |
WINDOWS SYSTEM |
winvnc.exe |
Added by the MYTOB.EU WORM! |
| X |
WINDOWS SYSTEM |
winxpserv.exe |
Added by the MYTOB-BQ WORM! |
| X |
WINDOWS SYSTEM |
xpupdate.exe |
Added
by the ZOTOB-G WORM! |
| X |
WINDOWS SYSTEM |
xxx.exe |
Added by the MYTOB.CZ WORM! |
| X |
Windows System 32 |
winsys_32.exe |
Added by the RBOT-FTR WORM! |
| X |
Windows System 32-Bat Service |
win32bat.exe |
Added by the MYTOB.FI WORM! |
| X |
Windows System Backup |
SysBackup.exe |
Unidentified malware |
| X |
WINDOWS SYSTEM By FEnR |
windasz-updote.exe |
Added by the MYTOB.LR WORM! |
| X |
WINDOWS SYSTEM Cleaner |
h3.exe |
Added by the MYTOB.EQ WORM! |
| X |
WINDOWS SYSTEM CLEANER |
iexplore.exe |
Added by the MYTOB.ET WORM! Note
- this is not the legitimate Internet Explorer iexplore.exe process which is
always located in the Program FilesInternet Explorer folder and should not
normally figure in Msconfig/Startup! This file is located in the System
(9x/Me) or System32 (NT/2K/XP) |
| X |
Windows System Configuration |
nether.exe |
Added by the Opanki-AB WORM! |
| X |
Windows System Configuration |
Passcfg16.exe |
Added by the DOMWIS-E TROJAN! |
| X |
Windows System Configuration |
SYSCFG16.EXE |
Added by the WISDOOR.Z TROJAN! |
| X |
Windows System Configuration |
wincfg.exe |
Added by the AGOBOT.OP WORM! |
| X |
Windows System Configuration |
WINCFG32.EXE |
Added by the AGOBOT-TE WORM! |
| X |
Windows System Configuration |
Winfrw.exe |
Added by the SOLUFINA TROJAN or
the DOMWIS-J WORM! |
| X |
Windows System Configuration |
WinNeth.exe |
Added
by the RETHE-A WORM! |
| X |
WINDOWS SYSTEM Dns |
windsns.exe |
Added by the MYTOB.EY WORM! |
| X |
WINDOWS SYSTEM DNSPOOL |
hbmail.exe |
Added by the MYTOB.FW WORM! |
| X |
Windows System File |
cmxp.exe |
Added by the SPYBOT.KHO WORM! |
| X |
WINDOWS SYSTEM FILE |
winload.exe |
Added by the MYTOB.DK WORM! |
| X |
Windows System Gateway |
SPOOLER.EXE |
Added by a variant of the RBOT WORM! |
| X |
Windows System Init |
winit32.exe |
Added by a variant of the RBOT WORM! |
| X |
Windows System Manager |
CRSL.EXE |
Added by the SDBOT.MG WORM! |
| X |
Windows System Manager |
crssm.exe |
Added by the RBOT-AFH WORM! |
| X |
Windows System Manager |
smsc.exe |
Added by a variant of the RBOT WORM! |
| X |
WINDOWS SYSTEM MANAGER |
spoolsvc.exe |
Added by the MYTOB-LY WORM! |
| X |
Windows System Manager |
sysconf.exe |
Added by the MYTOB.AL WORM! |
| X |
Windows System Manager |
winsystem.exe |
Added
by the RBOT-AN WORM! |
| X |
Windows System Manager Loader |
smsls.exe |
Added by the AGOBOT.TF WORM! |
| X |
Windows System Manager Proc |
winsmc.exe |
Added by the RBOT.JH WORM! |
| X |
WINDOWS SYSTEM MEMORY LOADER |
memloader.exe |
Added by the MYTOB-IN WORM! |
| X |
WINDOWS SYSTEM mscdvvs |
mscdvvs.exe |
Added by the MYTOB.MD WORM! |
| X |
windows system notepad |
wnpsm.exe |
Added by a variant of the RBOT WORM! |
| X |
Windows System Restore
Configuration |
Sblhost.exe |
Added by a variant of the SPYBOT WORM! |
| X |
Windows System Restorer |
SystemRestorer.exe |
Added by the DULOAD.C WORM! |
| X |
WINDOWS SYSTEM SCALPE |
scalpe91.exe |
Added by the MYTOB_HI WORM! |
| X |
Windows System Security |
sys32.pif |
Added by the RBOT-AOL WORM! |
| X |
Windows System Security |
winmp.exe |
Added by the RBOT.IV WORM! |
| X |
Windows System Security Monitor |
[4 random letters].exe |
Added by the PINKTON.A WORM! |
| X |
Windows System Serivce |
winserv.exe |
Added by a variant of the RBOT WORM! |
| X |
windows system service |
winsock.exe |
Added
by the RBOT-MR WORM! |
| X |
Windows System Service |
wnuserv.exe |
Added by the SPYBOT.ANDM WORM! |
| U |
Windows System Tray |
msni.exe |
Iambigbrother monitoring
software |
| X |
Windows System Tray |
swhost.exe |
Added by an unidentified VIRUS,
WORM or TROJAN! |
| X |
WINDOWS SYSTEM UPDATE |
xDcc.exe |
Added by the MYOTB-EH WORM! |
| X |
Windows System32 |
clsas32.exe |
Added by the RBOT-AZO WORM! |
| X |
Windows System32 |
explorer.exe |
Added by the OPANKI-V WORM! Note - the legitimate Windows
Explorer (explorer.exe) is located in the Windows or Winnt folder and would
not normally appear in Msconfig/Startup unless you added it manually! |
| X |
Windows SYSTEM32 |
Realplayer.exe |
Added by the SPYBOT.ZH WORM! |
| X |
Windows System32 |
System32.exe |
Added by the SDBOT-ALI WORM! |
| X |
Windows System32 |
windowsp.exe |
Added by the MYTOB.GD WORM! |
| X |
Windows System32 |
wingrd32.exe |
Added by a variant of the RBOT WORM! |
| X |
Windows System32 |
winsys32.exe |
Added by the SDBOT-AHS WORM! |
| X |
Windows System32 Kernel |
system32.exe |
Added by the SDBOT-AAT WORM! |
| X |
WINDOWS SYSTEMn |
servicces.exe |
Added by the MYTOB-EL WORM! |
| X |
Windows Systemnmg |
stagmr.exe |
Added by the MYTOB.S WORM! |
| X |
Windows Systems16 |
winjews16.exe |
Added by a
variant of the SDBOT WORM! |
| X |
Windows Sz Host |
winshvc.exe |
Added by a
variant of the SDBOT WORM! |
| X |
Windows Task Manager |
ACCOUNT_DETAILS.DOC.exe |
Added by the QUATERS.A WORM! |
| X |
Windows Task Manager |
taskgmr.exe |
Added by the MYTOB.BJ WORM! |
| X |
Windows Task Manager |
taskmg.exe |
Browser hijacker - identified by DrWeb antivirus as
"Trojan.StartPage.601" |
| X |
Windows Task Manager |
taskmgn.exe |
Unidentified malware, either a variant of the WIN32.RBOT
WORM, or part of a Casino Palazzo foistware install |
| X |
Windows Task Manager |
taskmngr.exe |
Added by the RBOT-ANM WORM! |
| X |
Windows Task Manager |
taskmrg.exe |
Added by the MYTOB.AV WORM! |
| X |
Windows Task Manager Emulator |
kennewr.exe |
Added by the SPYBOT-FA WORM! |
| X |
Windows Task Scheduler |
asijdie.exe |
Added by an unidentified WORM or
TROJAN! |
| X |
Windows Task Service (32-bits) |
tasksys.exe |
Added by the DREFIR.D WORM! |
| X |
Windows TaskAd |
Wintaskad.exe |
Windupdates adware variant |
| X |
Windows Taskbar Manager |
[path to file] |
Added by the PROTORIDE.B WORM! |
| X |
Windows Taskbar Manager |
internat.exe |
Added by the PROTORIDE-H WORM! |
| X |
Windows Taskbar System |
tasksys.exe |
Added by a variant of the SDBOT WORM! |
| X |
Windows Taskmanager |
lsassx.exe |
Added by the KELVIR.E WORM! |
| X |
Windows TCP/IP |
wintcp.exe |
Added by the AGOBOT-ZH WORM! |
| X |
Windows Telnet Server |
wintel.exe |
Added by the AGOBOT-MW WORM! |
| X |
Windows Time |
tmservice.exe |
Added
by a variant of the RBOT-YK WORM! |
| X |
Windows Time |
winmgr.exe |
Added
by the RBOT-XC WORM! |
| X |
Windows Time Server |
TimeSRV.exe |
Added by the SPYBOT.DNC WORM! |
| X |
Windows TM |
rundlI32.exe |
Added by a variant of the RBOT WORM! |
| X |
Windows TM |
SVPHOST.exe |
Added by a variant of the RBOT WORM! |
| X |
Windows TM |
windowssys32.exe |
Added by a variant of the RBOT WORM! |
| X |
Windows TM |
WinxSys.exe |
Added by a variant of the RBOT WORM! |
| X |
Windows Upate |
rundll.exe |
Added by the HAKO TROJAN! Note -
this is NOT the Windows system file of the same name as described here |
| X |
Windows Update |
[filename] |
Added by the NORIO TROJAN! Acts as a hi-jacker redirecting to
adult content sites |
| X |
Windows Update |
avkir.exe |
Added by the RBOT-GJP WORM! |
| X |
Windows Update |
csrss.exe |
Added by the BANKER-HM TROJAN!
Note - this is not the legitimate csrss.exe process which is always located
in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is located in the Windows or Winnt
folder |
| X |
Windows Update |
ebay.exe |
Added by the GAOBOT.BUU WORM! |
| X |
Windows Update |
host32.exe |
Added
by the RBOT-GU WORM! |
| X |
Windows Update |
iexplorere.exe |
Added by the GAOBOT.AP WORM! |
| X |
Windows Update |
inetinf.exe |
Added by a variant of the AGOBOT/GAOBOT WORM! |
| X |
Windows Update |
install.exe |
Added by the BANKER-IB TROJAN! |
| X |
windows update |
logonuit.exe |
Added by the LEGMIR-AO TROJAN! |
| X |
windows update |
Microsoft.exe |
Added by the LMIR.A TROJAN! |
| X |
Windows Update |
mplupdate.exe |
Added by the MOEGA WORM! |
| X |
Windows Update |
msi.exe |
Added by the BANKER-XB TROJAN! |
| X |
windows update |
msnsever.exe |
Added by the RBOT-AHN WORM! |
| X |
Windows Update |
msnsupdate.exe |
Added by the RBOT-AXS WORM! |
| X |
Windows Update |
msnupdates.exe |
Added by the RBOT-ALK WORM! Note - this file has nothing to
do with Windows updates or MSN |
| X |
Windows Update |
msnwinsb.exe |
Added by the RBOT-AAH WORM! |
| X |
Windows Update |
qtask.exe |
Added by the RBOT-AKU WORM! Note
- do not confuse with the Quicken file of the same name as described here |
| X |
windows update |
real.exe |
Added by the LEGMIR-AU WORM! |
| X |
Windows Update |
scvhost.exe |
Added
by the SDBOT-XT WORM! |
| X |
Windows Update |
Sqltob.exe |
Added by the DASHER.A WORM! |
| X |
Windows Update |
svchosts.exe |
Added by the FRUCTA TROJAN! |
| X |
windows update |
sychost.exe |
Added by the LEOX.B WORM! |
| X |
Windows Update |
taskmr.exe |
Added by the MYTOB-GZ WORM! |
| X |
windows update |
uddater.exe |
Added by the LEOX TROJAN! |
| X |
Windows Update |
Update.exe |
Added by the DELF-FN TROJAN! |
| X |
Windows Update |
update32.exe |
Added by a variant of the RBOT WORM! |
| X |
Windows Update |
windows.exe |
Added
by the RBOT-RB WORM! |
| X |
Windows Update |
WindowsUpdate.exe |
Added by the BAYROB-A TROJAN! |
| X |
Windows Update |
windowsx.exe |
Added by the BANCD-A TROJAN! |
| X |
Windows Update |
wininfo.exe |
Added by the MYTOB.GA WORM! |
| X |
Windows Update |
winlogin.exe |
Added by the BANKER-DV TROJAN! |
| X |
Windows Update |
winmguard.exe |
Added
by the RBOT-EM WORM! |
| X |
Windows Update |
winupdate.exe |
Added by the SDBOT-WS WORM! |
| X |
Windows Update |
Wuamgrd.exe |
Added by a variant of the SPYBOT WORM! |
| X |
Windows Update |
wuampd.exe |
Added by the RBOT.UM WORM! |
| X |
windows update |
Wuanclt.exe |
Added by the RBOT.XZ WORM! |
| X |
windows update |
wuarclt.exe |
Added
by the RBOT-OF WORM! |
| X |
windows update |
wuaurlt.exe |
Added by the RBOT.ADG WORM! |
| X |
Windows Update |
wudate.exe |
Added by the AGOBOT.ML WORM! |
| X |
Windows update |
wudupdate.exe |
Adware
downloader - Istbar related |
| X |
Windows Update |
wupdate.exe |
Wengs adware |
| X |
Windows Update |
wupdmgr.exe |
Added by the BANCBAN-FC TROJAN and variants! |
| X |
windows update |
wuraclt.exe |
Added
by the RBOT-PO WORM! |
| X |
Windows Update |
XPLoogNT.exe |
Added by the BANCD-B TROJAN! |
| X |
Windows Update 32 |
rempss.exe |
Added by the FORBOT-FW WORM! |
| X |
Windows Update 32 |
slsys.exe |
Added by a variant of the FORBOT WORM! |
| X |
Windows Update 32 |
winlogons.exe |
Added by the FORBOT-FI WORM! |
| X |
Windows Update 63 |
shupd64.exe |
Added by the FORBOT-GA WORM! |
| X |
Windows Update 64 |
nbupd64.exe |
Added by a variant of the FORBOT WORM! |
| X |
Windows Update 64 |
WinV.exe |
Added by the FORBOT-FP WORM! |
| X |
Windows Update Auto Update |
wuaumgr.exe |
Added by a variant of the SPYBOT WORM! |
| X |
Windows Update AutoUpdate Client |
waucult.exe |
Added by a variant of the RBOT WORM! |
| X |
Windows Update AutoUpdate Client |
wuauclt.exe |
Added by the LAZAR.B TROJAN!
Note - this is not the legitimate wuauclt.exe process, which should not
appear in Msconfig/Startup! |
| X |
Windows Update AutoUpdate Client
Product |
wuauct.exe |
Added by the AGOBOT.ACL WORM! |
| X |
Windows Update Center |
svthx.exe |
Added by the STUBBOT.A WORM! |
| X |
Windows Update Center |
W32RSA.exe |
Added by an unidentified WORM or
TROJAN! |
| X |
Windows Update Checker |
[random filename] |
Adware downloader trojan |
| X |
Windows Update Checker |
deinst_qfe001.exe |
Added by a variant of the
Win32.Small TROJAN! |
| X |
Windows Update Checker |
deinst_qfe002.exe |
Added by a variant of the
Win32.Small TROJAN! |
| X |
Windows Update Checker |
msupdte32.exe |
Added by the SDBOT-AEF WORM! |
| X |
Windows Update Client |
wuclient.exe |
Added by the SMALL-RN TROJAN! |
| X |
Windows Update Client Service |
windrvl32.exe |
Added by the AGOBOT-MM TROJAN! |
| X |
Windows update config |
svhost.exe |
Added by the SDBOT-PF WORM! |
| X |
windows update configurator |
svghost.exe |
Added by a variant of the SPYBOT WORM! |
| X |
Windows Update Controller |
mwoffice.exe |
Added by the BATTRY-A TROJAN! |
| X |
Windows Update Drive |
updrvs.exe |
Added by a
variant of the SDBOT WORM! |
| X |
Windows Update Files |
dnetc.exe |
Added by an unidentified VIRUS,
WORM or TROJAN! Note - wupdmgr.exe is the real Windows Update |
| X |
Windows Update Firewall System |
ctfmoom.exe |
Added by the RBOT-GAN WORM! |
| X |
Windows Update GUI Executable
x32x |
wupdategux32.exe |
Added by the RBOT.CXY WORM! |
| X |
Windows Update GUI Executable
x32x |
wupdategux32.exe |
Added by the RBOT.CXY WORM! |
| X |
Windows Update Host |
winupsvc.exe |
Added by a
variant of the SDBOT WORM! |
| X |
Windows Update IPv6 Layer |
WIN32IPV6.EXE |
Added by the RBOT.DUD WORM! |
| X |
Windows update loader |
xpupdate.exe |
Added by the BRAVE-A TROJAN! |
| X |
Windows Update Manager |
bootwiz.exe |
Added by the MYBOT WORM! |
| X |
Windows Update Manager |
Winlog0n.exe |
Added by the AGENT-BO TROJAN! |
| X |
Windows Update Manager |
wupdate.exe |
Added by a variant of the RBOT WORM! |
| X |
Windows Update Manager |
wupdmngr.exe |
Added by the RANDEX.BTB WORM! |
| X |
Windows Update Manager for NT |
wupdmgr32.exe |
Added by the SDBOT.AH WORM! |
| X |
Windows Update Monitoring
Service |
winupdt.exe |
Added
by the RBOT-PL WORM! |
| X |
Windows Update Process |
wmiprvsc.exe |
Added by the SDBOT-CB WORM! |
| X |
Windows Update Service |
csrs.exe |
Added by the AGOBOT-NI WORM! |
| X |
Windows Update Service |
smcg.exe |
Added by the SDBOT.QY WORM! |
| X |
Windows Update Service |
SP00ISS.exe |
Added by the SDBOT-ZH WORM! |
| X |
Windows Update Service |
update32.pif |
Added by the RBOT-ALC WORM! |
| X |
Windows Update Service 2004/2005 |
systemupdate.exe |
Added
by the RBOT-JE WORM! |
| X |
Windows Update services |
wins32svcs.exe |
Added by a variant of the RBOT WORM! |
| X |
Windows Update Software |
system.exe |
Added by the TOFGER.BX TROJAN! |
| X |
Windows Update System |
mswins.exe |
Added by the IRCBOT.DN WORM! |
| X |
Windows Update System Shell |
svhostcs32.exe |
Added
by the RBOT-AAZ WORM! |
| X |
Windows Update V6 |
[random filename] |
Added
by the RBOT-KT WORM! |
| X |
Windows Update.exe |
N/A |
Homepage hijacker |
| X |
Windows Updated |
spoolsae.exe |
Added by the RBOT-APM WORM! |
| X |
Windows Updated |
updatr.exe |
Added by the RBOT-AYB WORM! |
| X |
Windows Updater |
iexplorerrs.exe |
Added
by the RBOT-TN WORM! |
| X |
Windows Updater |
sdsys.exe |
Added by the FORBOT-JG WORM! |
| X |
Windows Updater |
svigost.exe |
Added
by the RBOT-VS WORM! |
| X |
Windows Updater |
wupdate.exe |
Added by the WOOTBOT.AJ WORM! |
| X |
Windows Updater |
wupdmgr32.exe |
Added by a variant of the DOS.AUTOCAT TROJAN! |
| X |
Windows Updater Online |
winupdatexx.exe |
Added by a variant of the RBOT WORM! |
| X |
Windows Updates |
lsassx.exe |
Added by a
variant of the SDBOT WORM! |
| X |
Windows Updates |
w32dns.exe |
Added by the SDBOT-BFW WORM! |
| X |
Windows Updates |
winupd32.exe |
Added by the MYTOB.CE WORM! |
| X |
Windows Updating Service |
updating.pif |
Added by the RBOT-ALW WORM! |
| X |
Windows Updtee Mgnr |
W1NT45K.exe |
Added by the MYTOB.DC WORM! |
| X |
Windows USB 2.0 Driver |
usb2ctrl.exe |
Added by the RBOT-BIW WORM! |
| X |
Windows USB 2.0 Driver |
usbtskmgr.exe |
Added by the RBOT-BKG WORM! |
| X |
Windows USB controler |
winusb.exe |
Added
by the RBOT-HR WORM! |
| X |
Windows USB Driver Support |
Windowsusb.exe |
Added by a variant of the SPYBOT WORM! |
| X |
Windows USB Service |
666.exe |
Added by the MYTOB.AR WORM! |
| X |
Windows USBD |
msifirewall.exe |
Added by an unidentified WORM or
TROJAN! |
| X |
Windows User Mode Driver Manager |
wdfmrg.exe |
Added by SDBOT-ZN WORM! |
| X |
Windows User Starter |
winuser32.exe |
Added by the RBOT.SN WORM! |
| N |
Windows Version Check |
ver_chk.exe |
Version checker for
CyberAudioLibrary - "a new way to exchange information through the
Internet" |
| X |
Windows video |
vide_32.exe |
Added by a variant of the AGOBOT/GAOBOT WORM! |
| X |
Windows Video Acquisition (WVA) |
wvsvc.exe |
Added by the AGOBOT.YM WORM! |
| X |
Windows Video Drivers |
videons32.exe |
Added by the GAOBOT.AZT WORM! |
| X |
Windows Virus Control |
plou.exe |
Added by the SDBOT-ACZ WORM! |
| X |
Windows Web Services |
localsvc.exe |
Added by the DLOADER-NY TROJAN! |
| X |
Windows Web Services |
netsvc.exe |
Added by the DLOADER-NY TROJAN! |
| X |
Windows Web Services |
spoolsvc.exe |
Added by the DLOADER-NY TROJAN! |
| X |
Windows Web Services |
svcadmin.exe |
Added by the DLOADER-NY TROJAN! |
| X |
Windows Web Services |
svcman.exe |
Added by the DLOADER-NY TROJAN! |
| X |
Windows Web Services |
svcrun.exe |
Added by the DLOADER-NY TROJAN! |
| X |
Windows Web Services |
tcpsvc.exe |
Added by the DLOADER-NY TROJAN! |
| X |
Windows Web Services |
websvc.exe |
Added by the DLOADER-NY TROJAN! |
| X |
Windows Winhlp32 Stub Service |
winhlp32.pif |
Added by the AIMBOT.AH TROJAN! |
| X |
Windows WKS |
wsass.exe |
Added by the SDBOT-DK WORM! |
| X |
Windows WMF Fix |
winfix.exe |
Added by the RBOT-FTQ WORM! |
| X |
Windows Workstation |
mpci.exe |
Added by a variant of the RBOT WORM! |
| X |
Windows Workstation |
msup32a.exe |
Added by a
variant of the SDBOT WORM! |
| X |
Windows Workstation Service |
explore.exe |
Added by unknown malware |
| X |
Windows Workstation Service
(32-bits) |
wkssvc32.exe |
Added by a
variant of the SDBOT WORM! |
| X |
Windows Workstation Start
Service |
mslanmgr.exe |
Added by a variant of the RBOT WORM! |
| X |
Windows Xp |
nortonguard.exe |
Added by the MYTOB-DZ WORM! |
| X |
Windows XP Automatic Update |
wXPupdate.exe |
Added by the RBOT-AFC WORM! |
| X |
Windows Xp Service Pack 2 |
svchost.exe |
Added by the XPLOS-A TROJAN!
Note - this is not the legitimate svchost.exe process which should NOT appear
in Msconfig/Startup! |
| X |
Windows XP SP2 KeyGen |
Windows XP SP2 KeyGen.exe |
Added by the TIBICK-C WORM! |
| X |
Windows_LowLevel_Security_Core |
lsass.exe |
Added by the PADMIN-A TROJAN!
Note - this is not the legitimate lsass.exe process which is always located
in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is located in a "Repair"
subfolder of the Winnt or Windows folder |
| X |
Windows_Protect |
lsas.exe |
Added by the RBOT.ARO WORM! |
| X |
Windows_Protect |
wincontrol32.exe |
Added by the RBOT-ADK WORM! |
| X |
Windows_Protect |
winregal.exe |
Added by a variant of the RBOT WORM! |
| X |
Windows_Protect |
winsystem.exe |
Added by a variant of the RBOT WORM! |
| X |
Windows_Serivce |
SERVICE.exe |
Added by the WOOTBOT.AH WORM! |
| X |
Windows_Updates |
svthost.exe |
Added by a variant of the SPYBOT WORM! |
| X |
Windows_VXD |
user32.exe |
Added by the PPORT TROJAN! |
| X |
windows16 |
windows16.exe |
Added
by the XU TROJAN! |
| X |
Windows32 |
rundll.exe |
Added by the AGOBOT-LK or
AGOBOT-ND WORMS! Note - this is NOT the Windows system file of the same name
as described here |
| X |
windows32 |
windows32.exe |
Added
by the XU TROJAN! |
| X |
Windows32 |
wuuaclt.exe |
Added by the BRATLE.B WORM! |
| X |
Windows32 Configuration Loader |
msrf32.exe |
Added by the SDBOT-ABX WORM! |
| X |
Windows32 Messenger Service |
msmsgv.exe |
Added by the RBOT.ANS WORM! |
| X |
Windows32 Net Database |
msnd32.exe |
Added by the RBOT-AAL WORM! |
| X |
Windows32 Serivces |
winser32.exe |
Added by the SPYBOT.AAF WORM! |
| X |
WindowsAgent |
sysexhook.exe |
Added
by the GOP keyboard logger/TROJAN! |
| X |
WindowsAgent |
WindowsAgent.exe |
Added by the GOP.G WORM! |
| X |
WindowsAPI.DLL |
Server5.exe |
Added by the "Fear and Hope" TROJAN! |
| X |
WindowsAudio |
systemupd.exe |
Added by the AGENT-TH WORM! |
| X |
WindowsBackup |
WINDOWSBACKUP.EXE |
Added by the STANG WORM! |
| X |
WindowsBool |
aimplg.exe |
Added by the SDBOT-CNG WORM! |
| X |
WindowsCRC |
wscrc.exe |
Added
by the SDBOT-VU WORM! |
| X |
WindowsCriticalUpdate |
windows_critical_update.exe |
Added by the ASTEF or RESPAN
WORMS! |
| X |
WindowsDiskEvt |
svcsvh32.exe |
Added by the NANINF.D TROJAN! |
| X |
WindowsDiskLog |
cstsm.exe |
Added by the STINX-C or STINX-D
TROJANS! |
| X |
WindowsFileSystem |
winsfs32.exe |
Added by the RBOT-FMQ WORM! |
| X |
WindowsFirewallSvc |
winsvcup.exe |
Added by a
variant of the SDBOT WORM! |
| X |
WINDOWSflashbrg |
sqldata1.exe |
Added by a variant of the AGENT-IC TROJAN! |
| X |
WindowsFY |
[path to trojan] |
Added by the FAKEALE-E TROJAN! |
| X |
WindowsFY |
bsw.exe |
Added by a variant of the
DESKTOPHIJACK TROJAN! For removal see here |
| X |
WindowsFY |
wp.exe |
Part of a "Security IGuard" parasite infestation -
also detected as DESKTOPHIJACK |
| X |
WindowsFZ |
[path to file] |
Added by the DESKTOPHIJACK
VIRUS! Also see DESKTOPHIJACK.B TROJAN! |
| X |
WindowsFZ |
A5281300.so |
Variant of the SmitFraud alias FAKEALE-C TROJAN! |
| X |
WindowsFZ |
zloader3.exe |
Variant of the SmitFraud alias FAKEALE-C TROJAN! |
| X |
WindowsKeyUpdate |
master.exe |
Added by the JOSAM WORM! |
| X |
WindowsMGM |
Winmgm32.exe |
Added by the SOBIG.A WORM and
LALA.C TROJAN! |
| X |
WindowsProtocolLog |
lsadst.exe |
Added by the NANINF.C TROJAN! |
| X |
WindowsReg% update |
[random filename].exe |
Added
by the RBOT-HH WORM! |
| X |
WindowsRegistration |
[random filename] |
Added
by the RBOT-NO WORM! |
| X |
WindowsRegKey Autoupdate |
[random filename] |
Added by a variant of the RBOT WORM! |
| X |
WindowsRegKey upd4te2d4te |
*********.exe [* = random char] |
Added by the RBOT.XQ WORM! |
| X |
WindowsRegKey update |
[random filename] |
Added by the RBOT.QT WORM! |
| X |
WindowsRegKey update |
rkbuouoxfl.exe |
Added
by the RBOT-OO WORM! |
| X |
WindowsRegKey update |
svchoosts.exe |
Added by the RBOT.ADB WORM! |
| X |
WindowsRegKey update |
svchostc.exe |
Added by the RBOT.IF WORM! |
| X |
WindowsRegKey update |
wdnupdate.exe |
Added by the SDBOT.QX WORM! |
| X |
WindowsRegKey update |
windns.exe |
Added by the RBOT.IE WORM! |
| X |
WindowsRegKey update |
Windowsup.exe |
Added by the SDBOT.PU WORM! |
| X |
WindowsRegKey update |
winsys.exe |
Added
by the RBOT-JY WORM! |
| X |
WindowsRegKey update |
winupdat32.exe |
Added by the RBOT-AGW WORM! |
| X |
WindowsRegKey update |
winupdate.exe |
Added
by the RBOT-QJ WORM! |
| X |
WindowsRegKey update |
WinUpdate32.exe |
Added by the RBOT-AGW WORM! |
| X |
WindowsRegKey update |
WINUPDATES.EXE |
Added
by the RBOT-MM WORM! |
| X |
WindowsRegKey update |
winupdatexx.exe |
Added by the RBOT.LW WORM! |
| X |
WindowsRegKey update XP |
windexv1.exe |
Added
by the RBOT-ABM WORM! |
| X |
WindowsRegKey%$ update |
msi332.exe |
Added
by the RBOT-IX WORM! |
| X |
WindowsRegKey%update |
ethernet32m.exe |
Added
by the RBOT-EN WORM! |
| X |
WindowsRegKeys update |
winsysi.exe |
Added by the SDBOT.WE WORM! |
| X |
WindowsSetup |
[path to trojan] |
Added by the EZBOT TROJAN! |
| X |
Windows-System |
System32.exe |
Added by the LOGPOLE.C WORM! |
| X |
WindowsSystem32 |
asper.exe |
Added by the AGENT-EFP TROJAN! |
| X |
WindowsSystem32 |
svchosts.exe |
Added by the AGENT-EDA TROJAN! |
| X |
Windows-TCP-IP |
rfkampig.exe |
Added by the GIPMA TROJAN! |
| X |
windowstime.exe |
windowstime.exe |
Added by the AQV TROJAN! |
| X |
WindowsUpd |
WindowsUpd4.exe |
VirtuMonde adware |
| X |
WindowsUpd1 |
WindowsUpd1.exe |
VirtuMonde adware |
| X |
WindowsUpd2 |
WindowsUpd2.exe |
VirtuMonde adware |
| X |
WindowsUpdate |
[path to file] |
Added
by the DUPA-B TROJAN! |
| X |
WindowsUpdate |
dupadupam2.exe |
Added
by the DUPA-B TROJAN! |
| X |
windowsupdate |
RPCX1sQ3.exe |
Added by the IRCBOT.B TROJAN! |
| X |
WindowsUpdate |
svchost.exe |
Added by the ASTEF or RESPAN
WORMS or AGENT-V TROJAN! Note - this is not the legitimate svchost.exe
process which should NOT appear in Msconfig/Startup! |
| X |
WindowsUpdate |
svchost.exe |
Added by the IK TROJAN! Note -
this is not the legitimate svchost.exe process which should NOT appear in
Msconfig/Startup! |
| X |
WindowsUpdate |
svchostw.exe |
Added by the COBFINN_B TROJAN! |
| X |
WindowsUpdate |
USRINIT.EXE |
Added by the MADDIS.B WORM! |
| X |
WindowsUpdate |
windows_update.exe |
Added by the LOFNI WORM! |
| X |
WindowsUpdate |
winnnint.exe |
Added by an unidentified WORM or
TROJAN! |
| X |
windowsupdate |
winupdate.exe |
Added by
the WARPI WORM! |
| X |
WindowsUpdate renew |
iexplore.exe |
Added by the AGENT.QG TROJAN! Note - this is not the
legitimate Internet Explorer iexplore.exe process which is always located in
the Program FilesInternet Explorer folder and should not normally figure in
Msconfig/Startup! This file is located in the Winnt or Windows folder |
| X |
Windowsupdate Service |
csrss.exe |
Added by the BABA-B WORM! Note -
this is not the legitimate csrss.exe process which is always located in the
System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure
in Msconfig/Startup! This file is located in the root folder (ie, C:) |
| X |
WindowsUpdate Service |
wuautlc.exe |
Added
by the RBOT-NR WORM! |
| X |
WindowsUpdateDirect |
dupadirect.exe |
Added
by the DUPA-C TROJAN! |
| X |
WindowsUpdatem1 |
[path to file] |
Added by the AGENT-AAJ TROJAN! |
| X |
WindowsUpdatem2 |
svchost.exe |
Added by an unidentified WORM or TROJAN! Note - this is not
the legitimate svchost.exe process which is always located in the System
(9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in
Msconfig/Startup! |
| X |
WindowsUpdateNT |
svwhost.exe |
Added by the SHELLOT-B TROJAN! |
| X |
WindowsUpdateR |
regserv.exe |
Added by the COBFINN_B TROJAN! |
| X |
WindowsXP Module |
DirectX3D.exe |
Malware,
reportedly a keylogger - see here |
| X |
WindowsXP Update |
windowsxpupdate.exe |
Added
by the RBOT-PB WORM! |
| X |
WindowsXPserv |
svcnxp32.exe |
Addee by the NANINF-A TROJAN! |
| X |
Windows-XP-Service-Pack |
xpspz.exe |
Added by the SDBOT-AAC WORM! |
| X |
Windowz |
[original worm filename].vbs |
Added by the NUKIP WORM! |
| X |
Windowz Update V2.0 |
Explorer.exe |
Added by the YODO WORM! Note - the legitimate Windows
Explorer (explorer.exe) is located in the Windows or Winnt folder and would
not normally appear in Msconfig/Startup unless you added it manually! This
one is located in the System32 subfolder |
| X |
Windoxs Update Center |
W32RfSA.exe |
Added by a
variant of the SDBOT WORM! |
| X |
WinDrg32 |
windrg32.exe |
Added by the DRUDGEBOT.A WORM! |
| X |
WinDriv32 |
WinDriv32.exe |
Added by the SMALL-BA TROJAN! |
| X |
WinDriver Configuration |
windrvconf.exe |
Added by the AGOBOT-LX TROJAN! |
| X |
WinDrives |
WinDrives.EXE |
Added by the SMALL.DIG WORM! |
| X |
WINDRUN |
taskgmrs.exe |
Added
by the MYTOB-BT WORM! |
| X |
windrv |
windrv32.exe |
Added by an unidentified VIRUS,
WORM or TROJAN! - possibly a strain of OBLIVION or BIONET |
| X |
WinDrv |
windrvx.exe |
Added by a variant of the
TIBSER.A downloader TROJAN! |
| U |
WinDSL MTU-Adjust |
WinDSL_MTU.exe |
Adjusts the registry setting of
the DUN-Adapters (MTU) and the TCP/IP-Protocol (RWIN) by ENGEL
Technologieberatung |
| ? |
WinDSL_MTU |
WinDSL_MTU.exe |
May be realted to Tiscali
broadband, if so is it required? |
| X |
WinDSNX |
Win????.exe |
Added by the DSNX TROJAN! |
| X |
WindUpdates |
[path to trojan] |
Added by the AGENT.BF TROJAN! |
| X |
WindUpdates |
WinUpdt.exe |
Windupdates adware variant |
| U |
WINDVDpatch |
CTHELPER.EXE |
CTHELPER is a background task
that is a plug-in manager for Creative drivers. The theory is that 3rd party
manufacturers can use the CTHELPER plug-in interface to produce drivers,
add-on features, and fixes that will integrate with a tighter fit with Creative's
sound drivers and utilities. Given its purpose CTHELPER would normally be
classified as a "leave alone" background task. It also allows
Creative speaker setup to be synchronized with Windows Control Panel speaker
setting. Without it running that check box in Creative speaker setting is not
functional (settings are not in sync). Unfortunately there are often problems
with CTHELPER, most notably that it can use 100% of CPU time so it's best
left disabled unless you need it |
| N |
WinDVR SchSvr |
SchSvr.exe |
WinScheduler is installed
with WinDVD Remote Control for WinDVD from Intervideo. If you want to
schedule recordings from your TV tuner card, you will need it. Available via
Start -> Programs |
| N |
WinDVRCtrl |
WinDVRCtrl.exe |
Control center software for an
AOpen VA1000 TV tuner card |
| X |
Windws Configuration Loader |
LEXPLORE.exe |
Added by the SODABOT WORM! |
| X |
WinEssential |
Keyhost.exe |
Hijacker - hailing from
jraun.com |
| X |
WinEssential |
keyword.exe |
Jraun adware |
| X |
WinEx |
lexplore_.exe |
Added by the MSNOPT-A TROJAN! |
| X |
WinExec |
Lsass.exe |
Added by the CRUTLE-B WORM! Note
- this is not the legitimate lsass.exe process which is always located in the
System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure
in Msconfig/Startup! This file is located in the Winnt or Windows folder |
| X |
WinExec |
WinExec.exe |
Added
by the FALUS-A WORM! |
| X |
WinExec |
Winexec.exe.vbs |
Added by the AINESEY.A WORM! |
| X |
WinExec32 |
WinExec32.exe |
Added by the KAZWIN WORM! |
| U |
WinFast Schedule |
Wfwiz.exe |
Leadtek WinFast TV tuner
scheduler and remote control driver - required if you use the latter |
| U |
Winfast_2K |
WF2k.exe |
System Tray application that
starts up the Winfox utility for a Leadtek Winfast grpahics card to restore
settings. Can be started manually from Start -> Settings -> Control
Panel Display. Only needed if you wish to run things like the hardware monitor
or overclock your card |
| U |
WinFast_Gamma |
Rundll32.exe wfcpl.dll,
DllLoadGammaRampSettings |
Loads if you change the gamma
settings on Leadtek WinFast graphics cards |
| U |
WinFast_Taskbar |
rundll32.exe wftask.dll,
WFDllLoadDefaultSettings |
Loads default settings for
Leadtek WinFast graphics cards |
| U |
Winfast2KLoadDefault |
Rundll32.exe Wf2kcpl.dll,
DllLoadDefaultSettings |
Loads default settings for
Leadtek Winfast graphics cards |
| U |
WinFastDTV |
DTVSchdl.exe |
Scheduler for WinFast DTV digital TV cards from Leadtek
Research Inc |
| X |
WinFavorites |
WinFavorites.exe1 |
Loudmarketing.com adware
downloader |
| N |
WinFax PRO |
FAXMNG32.EXE |
WinFax PRO from Symantec - fax management software |
| N |
WinFax PRO Controller |
WFXCTL32.EXE |
From WinFax 10.0 and possibly
earlier versions. Appears if you chose to have WinFax appear in the taskbar
(System Tray) during installation and displays a yellow fax/telephone icon.
Available via Start -> Programs |
| Y |
WinFaxAppPortStarter |
wfxsnt40.exe |
WinFax 10.0 and maybe earlier
versions. Used to initiate the WinFax port to enable printing to the WinFax
printer (send a fax) from any application. |
| X |
WinFire |
WF.exe |
Added by the DELF-SY TROJAN! |
| X |
WinFix service |
rsswjzgp.exe |
Added by the RBOT-FAE WORM! |
| X |
WinFixer 2005 |
wfx5.exe |
WinFixer web installer. Winfixer
is "Foistware", pretending to be system optimization, protection
and recovery software - stealth installed, see here |
| X |
WinFixer helper |
wfxcwr.exe |
WinAntiSpyware 2005 by Winfixer
is "Foistware", pretending to be system optimization, protection
and recovery software - stealth installed, see here |
| X |
WinFixer service |
[random filename].exe |
Added by a
variant of the SDBOT WORM! |
| X |
WinFixer2006 |
uwfx6.exe |
WinFixer web installer. Winfixer is "Foistware",
pretending to be system optimization, protection and recovery software -
stealth installed, see here |
| X |
WinFlyer32.dll |
WinFlyer32.dll |
Added by the WINFLYER TROJAN! |
| X |
winfont |
winfont.exe |
Added by the DEATH TROJAN! |
| X |
winform |
winform.exe |
Added by the PWS-ALB TROJAN! |
| U |
WinFoxV2 |
WF2k.exe |
System Tray application that
starts up the Winfox utility for a Leadtek Winfast grpahics card to restore
settings. Can be started manually from Start -> Settings -> Control
Panel Display. Only needed if you wish to run things like the hardware monitor
or overclock your card |
| X |
WinFX |
cssrs.exe |
Added by the AGOBOT.FX WORM! |
| X |
WinGate |
WinGate.exe |
Added by a variant of the LOVGATE WORM! |
| U |
WinGate Engine Monitor |
wgengmon.exe |
WinGate Internet Client Dialup
Monitor - component of WinGate proxy server software. Displays the status of
the WinGate engine, and appears in the system tray of each workstation on the
network reassuring clients that their workstations have connectivity with the
WinGate Server |
| X |
WinGate initialize |
WinGate.exe |
Added by a variant of the LOVGATE WORM! |
| X |
wingerver2.0.exe |
wingerver2.0.exe |
Added by the GRAYBRD-AE TROJAN! |
| X |
wingo |
[various filenames] |
Added by the BAGLE-AU WORM! |
| X |
wingo |
wingo.exe |
Added by the BEAGLE.AW or
BEAGLE.AV WORMS! |
| N |
WinGuage Pro |
WGPRO32.EXE |
Part of McAfee Nuts & Bolts.
"WinGauge is a dynamic reporting tool that constantly monitors your use
of Windows and your applications, to alert you to potential problems before
they become serious". Resource hog. Available via Start -> Programs |
| Y |
Winguard |
WGFE95.EXE |
Dr Solomon's Virex antivirus |
| Y |
winguard |
wingrd32.exe |
Added by a variant of the RBOT WORM! |
| U |
WinGuard Pro |
wgp.exe |
Winguard Pro |
| N |
WinHacker |
rundll32.exe wh95.dll, HackMe |
WinHacker
tweaking utility by Wedge Software. There are far better tweakers and, unlike
WinHacker, most are free |
| X |
winhelp |
dns32.exe |
Added by a variant of the RBOT WORM! |
| X |
WinHelp |
realsched.exe |
Added by a variant of the LOVGATE WORM! Note - this is not
the legitimate RealOne Player (realsched.exe) application of the same name |
| X |
Winhelp |
TkBellExe.exe... |
Added by a variant of the LOVGATE WORM! |
| X |
winhelp |
Updadv.exe |
Added by the QQPASS-N TROJAN! |
| X |
Winhelp |
winhe1p.exe |
Added by the QQPASS.E TROJAN! |
| X |
WinHelp |
WinHelp.exe |
Added by a variant of the LOVGATE WORM! Note -
"winhelp.exe" resides in C:WindowsSystem (Win9x/Me),
C:WinntSystem32 (WinNT/2K), or C:WindowsSystem32 (WinXP) whereas the valid
"winhelp.exe" resides in C:Windows or C:Winnt |
| X |
winhelp |
winhelp.exe |
Added by the BLACKMAL.C WORM! Note - this malware actually
changes the default value data of the Registry "Run" key in order
to force Windows to launch it at boot. Name field may be empty |
| X |
winhlp.exe |
winhlp.exe |
Added by the FORMGLIEDER TROJAN! |
| X |
winhlp3.exe |
winhlp3.exe |
Added by a variant of the EASTO.A TROJAN! |
| X |
Winhlp32 |
Wscript.exe ..Msexec32.vbs |
Added by the GANT.B WORM! |
| X |
winhlp32.exe |
winhlp32.exe |
Added by the EASTO.A TROJAN! |
| X |
winhlpp32.exe |
winhlpp32.exe |
Added by the GAOBOT.SY WORM! |
| X |
Winhost |
win.exe |
Added by the DLOADER-AP TROJAN! |
| X |
Winhost |
winhost.exe |
Added by the REATLE.F WORM! |
| X |
Winhost |
wintt.exe |
Added by the LOLAWEB.B TROJAN! |
| X |
Winhost |
yahoo.exe |
Added
by the DELF-KM TROJAN! |
| X |
winhost.exe |
winhost.exe |
Added
by the LOHAV-R TROJAN! |
| X |
winhost32.exe |
winhost32.exe |
Added by the TABDIM TROJAN! |
| N |
WinHound |
WinHound.exe |
Spyware
remover - not recommended, see here |
| X |
WinIeRun |
winierun.exe |
Added by the RNWATCH-A WORM! |
| X |
winimage |
wvsvc.exe |
Added by the RBOT.TX WORM! |
| X |
WinINet |
services.exe |
Added by the SOBER-P WORM! Note
- this is not the legitimate services.exe process which is always located in
the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is located in a "ConnectionStatus"
subfolder of the Windows or Winnt folder |
| X |
wininet |
wininet.exe |
Added by the STUBBOT-C WORM! |
| X |
wininet32 |
wininet32.exe |
Added by the RAZNEW-A TROJAN! |
| X |
wininetd |
wininetd.exe |
Added by the WINET TROJAN! |
| X |
WinInit |
Win86.exe |
Added by the SMALL-PB TROJAN! |
| X |
wininit |
wininit.exe |
Added by the WOLLF.16 TROJAN! |
| X |
winint |
winint.exe |
Added by the SDBOT-ADA WORM! |
| X |
winipsec |
winipsec.exe |
Unidentified malware |
| U |
WinIRXHelper |
WinIRXHelper.exe |
MSI Media Center Deluxe software - see here |
| X |
winis |
winis.exe |
Added
by the RBOT-WI WORM! |
| X |
Wink*.exe |
Wink*.exe [* = random char] |
Added by a variant of the KLEZ WORM! |
| U |
Winkb6 |
winkb6.exe |
Part of We-Blocker - gives
parents the opportunity to monitor their children's Internet access and
provide them with age-appropriate content, while filtering out sites that
contain adult content. Works in conjunction with Winkb6 and both files are
needed to run We-Blocker |
| X |
WinKernel |
[path to worm] |
Added by the PLEA VIRUS! |
| X |
WinKernel |
WinKer.exe |
Added by the MIRAB or SERVIDOR
TROJANS! |
| X |
winkernel32 |
wWin32.com |
Added by the BANSAP TROJAN! |
| U |
WinKey |
winkey.exe |
Loads Copernic's
WinKey. Used to map out Windows key hotkey combinations. Not required for the
system, but is necessary for this to be running if you use these hotkey
combos |
| X |
winla |
winla.exe |
Added by the DLOADR-AQL TROJAN! |
| X |
winldr |
[path to file] |
Added by the VIDLO-P TROJAN! |
| X |
winldr |
Rechnung.pdf.exe |
Added by
the ACS TROJAN! |
| X |
winlgz2 |
winlgz2.exe |
Added by the KILLFIL-Q TROJAN! |
| X |
winlibs.exe |
winlibs.exe |
Added by the EVAMAN.C WORM! |
| X |
WinLibUpdate |
libupdate.exe |
Added by the BIONET series of
TROJANS such as BIONET.31 or BIONET.310 |
| X |
WinLibUpdate32 |
libupdate32.exe |
Added by the BIONET.405 TROJAN! |
| X |
WinLibUpdte |
libupdte.exe |
Added by the BIONET.318 TROJAN! |
| X |
winligom |
winligom.exe |
Added by the RBOT-GAI WORM! Note - this malware actually
changes the default value data of the registry "Run" key in order
to force Windows to launch it at boot. Name field may be empty |
| X |
Winlink |
winlink32.exe |
Added by the GAOBOT.AAY WORM! |
| X |
Winlme |
windll.exe |
Added by the GOP.F WORM! |
| U |
WinLoad |
Winload.exe |
PCTattletale is a surveillance software program that monitors
user activity, logs keystrokes, and takes screenshots. Uninstall this
software unless you put it there yourself |
| X |
WinLoader |
[random filename] |
Added by variants of the SUBSEVEN TROJAN! |
| X |
winlocatorupdate |
updatewinlocator.exe |
Locator adult content toolbar
related |
| X |
winlog |
winlog.exe |
Unidentified adware. Note - this
malware actually changes the default value data of the Registry Run and
RunServices keys in order to force Windows to launch it at boot. Name field
may be empty |
| X |
winlog |
winlog.exe |
Added by the GAOBOT_DF WORM! |
| X |
winlog manager |
winlog.exe |
Added by the DONBOMB.A TROJAN! |
| X |
WINLOG0N |
WINLOG0N.EXE |
Added by the MYDOOM.BI WORM! |
| X |
winlogin |
win32x.exe |
Browser hijacker, also detetected as the STARTPA-DF TROJAN! |
| X |
WinLogin |
winlogin.exe |
Added by the AGOBOT-IX WORM! |
| X |
Winlogin.exe |
log.exe |
Added by a variant of the
AGENT.AH downloader TROJAN! |
| X |
winlogin.exe |
logfile.exe |
Added by the AGENT.AH TROJAN! |
| X |
winlogin.exe |
mspaint.exe |
Added by a variant of the
AGENT.AH TROJAN! |
| X |
Winlogin.exe |
steam.exe |
Added by a variant of the
AGENT.AH TROJAN! |
| X |
winlogoff |
winlogoff.exe |
Added by the AGOBOT-TR WORM! |
| X |
Winlogon |
lsass.exe |
Added by the VB-EJ TROJAN! Note
- this is not the legitimate lsass.exe process which is always located in the
System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure
in Msconfig/Startup! This file is located in the Winnt or Windows folder |
| X |
Winlogon |
lsass.exe |
Added by the FLOPPY-B VIRUS!
Note - this is not the legitimate lsass.exe process which is always located
in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is located in the Winnt or Windows folder |
| X |
winlogon |
msreg32.exe |
Added by the SDBOT.EO WORM! |
| X |
winlogon |
nvchost.exe |
Added by an unidentified WORM or
TROJAN! |
| X |
winlogon |
winlogin.exe |
Added by the RANDEX.E WORM! |
| X |
winlogon |
winlogon.exe |
Hijacker or adult content dialler! Note - this is not the
legitimate winlogon.exe process, which should not appear in Msconfig/Startup
and is always located in the System32 folder. This file is placed in the
Windows or Winnt folder |
| X |
winlogon |
winlogon.exe |
Added by the TRODAL TROJAN! Note
- this is not the legitimate winlogon.exe process, which should not appear in
Msconfig/Startup and is always located in the System32 folder. This file is
placed in the Windows or Winnt folder |
| X |
winlogon |
winlogon32.exe |
Added
by the MASLAN.C WORM! |
| X |
winlogon |
wpwlogon.exe |
Added by an unidentified WORM or
TROJAN! |
| X |
WINLOGON |
wscript.exe [System or
System32]WINLOGON.vbs |
Added by the YPSAN.F WORM! |
| X |
winlogon service |
urx.exe |
Added by the SPYBOT.EN WORM! |
| X |
Winlogon Shell |
Explorer.exe [path] svchost.exe |
Added by the KIPIS.M WORM! Note - the legitimate Windows
Explorer (explorer.exe) is located in the Windows or Winnt folder and would
not normally appear in Msconfig/Startup unless you added it manually! This
one is located in System1032 or System321032 subfolders |
| X |
winlogon.exe |
helper.exe |
Added by the FAKESPY-A TROJAN! |
| X |
winlogon.exe |
msole32.exe |
Adware, also detected as the FAKESPY-B TROJAN! |
| X |
Winlogon.exe |
N/A |
CoolWebSearch
parasite variant - resets home page to an adult content site |
| X |
winlogon32_ |
[path to file] |
Added by the RULAND.A WORM! |
| X |
Winlogun |
winlogin.exe |
Added by the P2LOAD-C WORM! |
| X |
WinLsass |
[path to trojan] |
Added by the SCANE WORM! |
| X |
WinLsass |
servicec.exe |
Added by the SCANE WORM! |
| X |
winltmpv |
winln.exe |
Added by the TCXMEDI-C TROJAN! |
| X |
winltmpv |
wutop.exe |
Added by the TCXMEDI-C TROJAN! |
| X |
Winmain |
winmain.exe |
One of the first
of a new breed of malware. When run it immediately loads MSHTA.EXE from the
Windows folder, placing it on "hot standby", ready to accept HTA
scripting within a web page and then EXECUTE what is embedded IN the page as
a program! In other words, it's possible for a "rogue" website to
actually embed trojans, worms and/or viruses directly into a web page.
NSClean's HTA Stop offers an easy way to toggle this capabiltity, or rather
vulnerability, on and off. I suggest you leave it disabled! |
| ? |
WinManager |
schost.exe |
?? |
| U |
winmatrix.exe |
WinMatrixXP.exe |
WinMatrix XP - wallpaper replacement that shows different
matrix effects (including flowing matrix codes from 'The Matrix' movie) on
your desktop |
| X |
WinMedia |
[path to trojan] |
Added by the ZEROBE-A TROJAN! |
| X |
WinMedia |
msupd******.exe [*= random
digit] |
Added by the INJECT.163 TROJAN! |
| U |
WinMem |
WinMem.exe |
WinMem Cleaner - part of Ultra WinCleaner Utility Suite.
Makes more memory available for your programs and the Operating System. It
also defragments your system |
| X |
WinMenssage |
winmax.exe |
Added by the BANCOS.B TROJAN! |
| X |
WinMessenger |
syshost.exe |
Added by the OPANKI-E WORM! |
| N |
WinMgmt |
WinMgmt.exe |
Used for Enterprise Management. If you are not an IT
Administrator you don't need it to be running. Also runs from the PCHealth
"scheduler" - refer here |
| X |
WINMGR |
taskgmgr.exe |
Added by the MYTOB.AN WORM! |
| X |
Winmgr.exe |
scvhost.exe |
Added by the AGOBOT.AFG WORM! |
| X |
WinMgr32 |
winmgr32.exe |
Added by the MIMAIL.P WORM! |
| X |
WinMine |
D4NG3.vbs |
Added by the BISCUIT.A WORM! |
| Y |
winmodem |
wmexe.exe |
Software for
software based modems. Required if you have one of these. WinModems use
software rather than hardware - hence putting a load on the CPU. Needed if
you have it for loading the drivers. See here for more WinModem information |
| X |
WinMoviePlugIn |
WinMoviePlugIn.exe |
Sfonditalia adult content premium rate dialer |
| X |
WinMsg |
winmsgr.exe |
Added by the DLOADR-AS TROJAN! |
| X |
Winmsg |
winwork.exe |
Added by the GAOBOT.GEN!POLY WORM! |
| X |
WinMsrv32 |
WinMsrv32.exe |
Added by the GAOBOT.AFJ WORM! |
| N |
WinMX |
WinMX.exe |
WinMX file sharing application |
| N |
winmysqladmin |
winmysqladmin.exe |
Starts the MySQL database admin
tool |
| N |
WinMySQLadmin Tool |
winmysqladmin.exe |
Starts the MySQL database admin
tool |
| X |
winnet |
winnet.exe |
CommonName Toolbar spyware. To
uninstall see here |
| X |
WinNetDDE |
[random characters].exe |
Added by the NETDEPIX.B TROJAN! |
| X |
WinNite |
niteaim.exe |
Added by the OPANKI.B WORM! |
| ? |
Winnov Menu |
WnvMenu.Exe |
Winnov Video Capture Card related. What does it do and is it
required? |
| ? |
Winnov Remote |
WnvRsvr.Exe |
Winnov Video Capture Card related. What does it do and is it
required? |
| ? |
Winnov Status |
WvStatus.Exe |
Winnov Video Capture Card related. What does it do and is it
required? |
| X |
winnt |
winnt.exe |
Added
by the MONA-E WORM! |
| X |
winnt DNS ident |
iexplorer.exe |
Added by a variant of the RBOT WORM! |
| X |
winnt DNS ident |
pidchk32.exe |
Added by the RBOT-ACY WORM! |
| X |
Winnt DNS ident |
windowsp.exe |
Added by the RBOT.BAL WORM! |
| X |
winnt DNS ident |
windowxp.exe |
Added by a variant of the RBOT WORM! |
| X |
winnt DNS ident |
Winupd32.exe |
Added by the RBOT.AVU WORM! |
| X |
winnt DNS ident |
winupdate32.exe |
Added by a variant of the RBOT WORM! |
| X |
winnt DNS ident |
wuamgrd32.exe |
Added by the RBOT-BAU WORM! |
| X |
winnt DNS ident |
wuamgrd33.exe |
Added by a variant of the RBOT WORM! |
| X |
winNT updatc |
wupgrd.exe |
Added by a variant of the RBOT WORM! |
| X |
WinNtBB |
WinntBB.exe |
Added by the DULOAD.C WORM! |
| X |
Winnup |
win32nls.exe |
Added by a variant of the SPYBOT WORM! |
| X |
winocx32 |
winocx32.exe |
Added by the PROTORIDE.I WORM! |
| X |
WINOWS SYSTEM |
winnt.exe |
Added by the MYTOB.ID WORM! |
| X |
WINP |
winmic.exe |
Added by the SPYBOT-EB WORM! |
| X |
Winpack |
winpack.exe |
Adware downloader -
recognized by Kaspersky antivirus as Trojan-Downloader.Win32.Agent.gg |
| U |
WinPatrol |
WinPatrol.exe |
WinPatrol - "Manage
Startup programs, tasks, cookies; will sniff out Worms, Trojan horses,
Cookies, Adware, Spyware, Klez, Assumption and other malicious programs" |
| Y |
WinPatrol Explorer |
WinPatrolEx.exe |
Part of WinPatrol |
| X |
winphonics7536 |
vbsystem35.exe setups.exe vb.vb |
Added by a variant of the MUTIN-C TROJAN! |
| X |
winpipe |
winpipe.exe |
Browser hijacker redirecting to
wow-access.com |
| U |
WinPLOSION |
WinPlosion.exe |
"WinPLOSION
allows you to immediately view and select from all the windows running on
your computer, just those of the active application, or to minimise all
windows and display a clear desktop" |
| Y |
WinPoet |
WinPPPoverEthernet.exe |
WinPoET is the
industry's first Windows-based PPP over Ethernet client. Developed by
iVasion, WinPoET is attractive to equipment providers, modem suppliers, RBOCs
and ISPs. For more info read here. It uses dial-up networking for new
high-speed internet customers who are more familiar with analogue modems. If
unchecked in MSCONFIG it reports Error 360 - Hardware Error in dial-up
networking |
| X |
winpol |
winpol.exe |
Added by the AGENT.IWD TROJAN! |
| N |
WinPopup |
WINPOPUP.EXE |
Intranet chat software provided
by windows for chat on small networks. Handy little LAN messaging utility.
Has been included in Windows since 95, and maybe in WFWG 3.11. Normally it
won't set itself up to run unless the user specifically adds it to startup |
| X |
winpopup |
winupie.exe |
Adware by Tradeexit.com |
| N |
Winpower |
Winpower.exe |
Part of InstallAnywhere from Zero G Software, now owned by
Macrovision |
| X |
Winprocer32 Update |
winprocer32.exe |
Added by the RBOT.GW WORM! |
| X |
winprocessor Update |
winprocessor.exe |
Added by the RBOT.IO WORM! |
| X |
WinProfile |
Command.exe |
Added by the BUDDY TROJAN! |
| X |
winprofile |
iexpiore.exe |
Added by a variant of the
MONCHER WORM! |
| X |
WinProfile |
iexpIore.exe |
Added
by CHUM-C TROJAN! |
| X |
WinProfile |
sndcfg16.exe |
Added by the SNDC.A WORM! |
| X |
WinProt |
server.exe |
Added by the
CHUPACABRA TROJAN! |
| X |
WinProt |
Winprot.exe |
Added by the
CHUPACABRA TROJAN! |
| X |
winprotect |
win32.exe |
Added by the MUGLY.E WORM! |
| X |
winprotect |
winprotect.exe |
Added
by the SDBOT-SB WORM! |
| U |
WinProxy |
WinProxy.EXE |
"WinProxy is the
world-first proxy server and a firewall with integrated mail server for
Windows 95/98/ME/NT/2000/XP" |
| X |
Winproxy Personal |
WINPROXY.EXE |
Added by the SDBOT.BMF WORM! |
| X |
winpsd |
winpsd.exe |
Added by the MYDOOM.Q WORM! |
| X |
WinPWD Manager |
wpwdmgr.exe |
Added by the RBOT-AUT WORM! |
| X |
winrapid |
winrapid.exe |
Added by a variant of the RBOT WORM! |
| X |
winrar |
winrar.exe |
CoolWebSearch Therealsearch
parasite variant. Note - this is not the file zipping utility also known as
WinRAR! |
| X |
winrarshell |
winrarshell32.exe |
Added by the SALIRA TROJAN! |
| X |
WinReader |
read.exe |
Added by the DELBOT-V WORM! |
| X |
winReg |
winReg.exe |
Added by the YAHA.H or YAHA.J
WORMS! |
| X |
winreg_32 |
[path to trojan] |
Added by the BANKER-DB TROJAN! |
| X |
winreg_32 |
svchosst.exe |
Added by the BANCOS-CE TROJAN! |
| X |
winreg_32 |
sysdll.exe |
Added by the DLOADER-IJ TROJAN! |
| X |
winreg_32 |
Vc030405.exe |
Added by the BANCOS-CT TROJAN! |
| X |
WinReg32 service |
holqdnoxpmeu.exe |
Added by a
variant of the SDBOT WORM! |
| X |
winregsrv |
winregsrv.exe |
Added by the SYNRG TROJAN! |
| U |
WINREMOTE |
WinRemote.exe |
InterVideo
WinCinema Manager - needed for the use of WinDVD Remote Control |
| X |
Winres32vis |
[path to worm] |
Added by the THRAX.A WORM! |
| X |
winrestore1 |
winrestore.exe |
Added by the KILLFIL-Q TROJAN! |
| X |
winreups |
winreups.exe |
Added by a variant of the RBOT WORM! |
| N |
winroute |
winroute.exe |
Win-Route 4.27. WinRoute Tray
Icon for starting and stopping the WrCtrl.exe process, also to log in to the
console to view logs and change settings. Can be unchecked and the engine
still runs and functions normally. Can then use provided shortcuts for administration
of the program. Loaded in SERVICES on Windows 2k |
| X |
WinRPC |
winrpcmx.exe |
Added by the BANKER-EEI TROJAN! |
| X |
winrun |
msconfig.exe |
Added by the WINUR WORM! Note - this is not the real
msconfig.exe as it's located in C:winrun |
| X |
WINRUN |
svchost32.exe |
Added
by the MYTOB-AI WORM! |
| X |
WINRUN |
taskgmr.exe |
Added by the MYTOB-BX WORM! |
| X |
WINRUN |
taskgmr32.exe |
Added by the MYTOB.AP WORM! |
| X |
winrun |
winrun.exe |
Added by the WINBUR.B WORM! |
| X |
WINRUN z |
W1NT45K.exe |
Added by the MYTOB.BL WORM! |
| X |
WinRunners |
WinDrivers.exe |
Added by the DULOAD.C WORM! |
| X |
Wins Service Driver |
winet.exe |
Added by the RBOT-APV WORM! |
| X |
Wins Update 32 |
services32.exe |
Added by the FORBOT-FN WORM! |
| X |
Wins32 Online |
cfgpwnz.exe |
Added by the BROPIA.R WORM! |
| X |
WinScMngr |
winsmc.exe |
Added by the SDBOT-BPZ WORM! |
| X |
WinSec |
winsec16.exe |
Added by the AGOBOT.ZF WORM! |
| X |
WinSecure |
[random].exe |
Added by the AGENT-LR TROJAN! |
| X |
winsecure |
winsecure.exe |
Browser hijacker, redirecting to
specificsearches.com |
| X |
Winsecure Antivirus |
Secureantivirus.exe |
Added by a variant of the SPYBOT WORM! |
| X |
WinSecured32 |
ssmr.exe |
Added by a variant of the FORBOT WORM! |
| X |
Winserv |
Winserv.ila |
Added by the NODMIN WORM! |
| X |
winserver |
Server.txt.vbs |
Added by the DELTAD.A WORM! |
| X |
WinService |
hosth.exe |
Added by the DWNLDR-FUX TROJAN! |
| X |
winservice |
svchost.exe |
Added by the CVK TROJAN! Note -
this is not the legitimate svchost.exe process which is always located in the
System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure
in Msconfig/Startup! This file is located in the Winnt or Windows folder |
| X |
WinService |
Ttt.exe |
Added
by the MSNVB-D WORM! |
| X |
Winservice |
winmain.exe |
Adult content related malware |
| U |
WinService32 |
ssmgr.exe |
007 Spy Software -
"stealthy monitoring program which allows you to secretly track all
activities of computer users and automatically deliver logs to you via Email
or FTP" |
| U |
WinService32 |
svchost.exe |
007 Spy Software keystroke
logger/monitoring program - remove unless you installed it yourself! Note -
this is not the svchost.exe process that normally doesn't appear in
Msconfig/Startup! |
| X |
winservices |
bootvfy.exe |
Added by an unidentified WORM or
TROJAN! |
| X |
WinServices |
WinServices.exe |
Added by the YAHA.K or YAHA.M
WORMS! |
| X |
winservit |
cassl.exe |
Added by the RBOT.ASG WORM! |
| X |
winservn |
winservn.exe |
PurityScan/Clickspring adware |
| X |
winservs |
winservs.exe |
PurityScan/Clickspring adware |
| X |
WinSetBrowse |
BasicUpdate.dll.vbs |
Added by the BISCUIT.A WORM! |
| X |
winsfc |
winsfc.exe |
Added by the WISFC VIRUS! |
| X |
Winshell |
remote.exe |
Added by the MYTOB.LJ WORM! |
| ? |
Winshoe |
wuadfdqr.exe |
Probably an unidentified VIRUS!
Adds itself to 3 registry "Run" keys and prevents Task Manager
being displayed. This is not the Winshoe IRC Client as the visitor did not
have it installed |
| X |
winshost.exe |
winshost.exe |
Added by the TOOSO WORM and variants! |
| X |
WinShowUpdate |
copy C:WINDOWSwinshow.new
C:WINDOWSwinshow.dll |
Winshow
parasiate related - from the "RunOnce" keys it replaces
"winshow.dll" with a new version |
| X |
WinSig |
NetXP.exe |
Added by the BANKER-FN TROJAN! |
| X |
winskype |
winskype.exe |
Added by the BROGGER-C TROJAN! |
| X |
winsock |
svch0st.exe |
Added
by the SAGE-A WORM! Note - the filename has the digit 0 rather then the
uppercase "o" |
| X |
Winsock driver |
winnt update.exe |
Added by the SPYBOT-DM TROJAN! |
| X |
Winsock driver |
winnt64.exe |
Added by the SPYBOT-DR WORM! |
| X |
Winsock Startup |
Main2.exe |
Added by a
variant of the SDBOT WORM! |
| X |
winsock2 |
netsvr.exe |
Added by the AGOBOT.LY WORM! |
| X |
Winsock2 driver |
AMSNMGR.EXE |
Added by a variant of the SPYBOT WORM! |
| X |
Winsock2 driver |
dllcfg32.exe |
Added by the SPYBOT.AG WORM! |
| X |
Winsock2 driver |
kgzgjkpcw.exe |
Added by the SDBOT.T TROJAN! |
| X |
Winsock2 driver |
MIRC32.exe |
Added by the SPYBUZZ TROJAN! |
| X |
Winsock2 driver |
ntsys32.exe |
Added by the SPYBOT-DD WORM! |
| X |
Winsock2 driver |
SDJOIJE.EXE |
Added by the SPYBOT.DR TROJAN! |
| X |
Winsock2 driver |
SPOLSV.EXE |
Added by the SPYBOT-CM WORM! |
| X |
Winsock2 driver |
svchorsst.exe |
Added by the SPYBOT-EE WORM! |
| X |
Winsock2 driver |
sysreq.exe |
Added by the SPYBOT-CC WORM! |
| X |
Winsock2 driver |
SYSTEM32.EXE |
Added by the SPYBOT-EG WORM! |
| X |
Winsock2 driver |
wincfg.exe |
Added by the SPYBOT.CO WORM! |
| X |
Winsock2 driver |
WINCFG.SCR |
Added by a variant of the SPYBOT WORM! |
| X |
Winsock2 driver |
winupdate.exe |
Added by the SPYBOT-BX WORM! |
| X |
Winsock2 driver |
WUAUMQR.EXE |
Added by the SPYBOT-DP WORM! |
| X |
Winsock2 driver |
ZONEALARM.EXE |
Added by the SDBOT.T TROJAN! Note - ZONEALARM.EXE is not the
valid Zone Labs firewall program |
| X |
Winsock2 driver |
Zonealarmupdate.exe |
Added by a variant of the SPYBOT WORM! |
| X |
Winsock2.dll |
WINLODR.SCR |
Added by an unidentified VIRUS,
WORM or TROJAN! |
| X |
Winsock32 driver |
lcd.exe |
Added by the SPYBOT.B WORM! |
| X |
Winsock32 driver |
Sdjoije.exe |
Added by the SPYBOT.B WORM! |
| X |
Winsock32 driver |
Testing.exe |
Added by the SPYBOT.B WORM! |
| X |
Winsock32driver |
sp2XPupdate.exe |
Added by the HACKARMY.S TROJAN! |
| X |
Winsock32driver |
svchhost.exe |
Added by the HACKARMY.I TROJAN! |
| X |
Winsock32driver |
win32server.exe |
Added by
the BACKDOOR-AZV TROJAN! |
| X |
Winsock32driver |
win32server.exe |
Added by the HACARMY.F TROJAN! |
| X |
Winsock32driver |
win32server.scr |
Added by the HACARMY TROJAN! |
| X |
Winsock32driver |
winXPupdate.exe |
Added by the HACKARMY.9728 TROJAN! |
| X |
Winsock32driver |
ZoneAlarmPr0.exe |
Added by the HACKARMY-B TROJAN! |
| X |
Winsock32driver |
ZoneLockup.exe |
Added by the HACARMY.D TROJAN! |
| X |
winsockdriver |
bot.exe |
Added by the WARPIGS-D TROJAN! |
| X |
winsockdriver |
iexplor.exe |
Added by the BLATIC.A WORM! |
| X |
winsockdriver |
tskmg.exe |
Added by the SDBOT.GEN TROJAN or
WARPIGS.C WORM! |
| X |
winsockdriver |
winsock2.2.exe |
Added by a variant of the SPYBOT WORM! |
| X |
winsockdriver |
winsock3.exe |
Added by the SPYBOT-DO WORM! |
| X |
WinSocketComponent |
nthost.exe |
Added by an unidentified VIRUS,
WORM or TROJAN! |
| X |
Winsocks2 driver |
mznmgr.exe |
Added by a
variant of the SDBOT WORM! |
| U |
WINSOS VERIFY |
WINSOS.EXE |
WinSOS -
"deletes spyware, optimizes your computer - backs up selected data" |
| X |
WinSP |
[path] REGEDIT.EXE -s [path]
sysreg.reg |
Added by the STARTPA-ME TROJAN! |
| X |
winspd32dll |
winspd32.exe |
Added by a variant of the AGOBOT/GAOBOT WORM! |
| X |
WinSPF |
windrv32.exe |
Added by the MYDOOM.T WORM! |
| X |
WinSPF |
winspf32.exe |
Added by the MYDOOM.S WORM! |
| X |
Winspl |
winsplx.exe |
Added by a variant of the TROLL-A TROJAN! |
| X |
Winspool |
spoolsvr.exe |
Added by a variant of the SDBOT WORM! |
| X |
WinSrv |
kn0x.exe |
Added by the HOBBIT.F WORM! |
| X |
WinSrv |
SHIZZLE.EXE |
Added by the HOBBIT.C WORM! |
| X |
Winsrv |
winsrv.exe |
Added by the OPASERV.T WORM! |
| X |
winsrv |
winsrv.exe |
Added by the NETSNAK-B TROJAN! |
| X |
winsrv3 |
services.exe |
Added by the NAFBOT-A TROJAN!
Note - this is not the legitimate services.exe process which is always
located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not
normally figure in Msconfig/Startup! This file is located in the Windows or
Winnt folder |
| X |
WinsSystem |
syssmss.exe |
Added by the DELF.IG TROJAN! |
| X |
Winsta~1 |
winsta~1.exe |
GoHip
foistware |
| X |
WinStabilizer |
WinStabilizer.exe |
Added by the AGOBOT-SW WORM! |
| X |
WinStart |
services.exe |
Added by the SOBER.O WORM! Note
- this is not the legitimate services.exe process which is always located in
the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is located in a Connection WizardStatus
subfolder of the Windows or Winnt folder |
| X |
WinStart |
WinStart.exe |
From IGetNet -
turns the IE address bar into a keyword engine piped into IGetNet. In other
words, with this installed, typing "car" in the IE address bar will
point the browser to the Lexus web site. Foistware - installs components
without your knowledge |
| X |
winstart |
winstart.exe |
Added by the SCKEYLO-AB TROJAN! |
| X |
WinStart |
WinStart.pif |
Added by the CONE.E WORM! |
| X |
WinStart |
winstart32.exe |
Added by the PUROL WORM! |
| X |
WinStart |
Wscript.exe WinStart.vbs |
Added by the CIAN.C WORM! |
| X |
WinStart001 |
WinStart001.exe |
From IGetNet -
turns the IE address bar into a keyword engine piped into IGetNet. In other
words, with this installed, typing "car" in the IE address bar will
point the browser to the Lexus web site. Foistware - installs components
without your knowledge |
| X |
WinStart001.EXE |
WinStart001.exe |
From IGetNet -
turns the IE address bar into a keyword engine piped into IGetNet. In other
words, with this installed, typing "car" in the IE address bar will
point the browser to the Lexus web site. Foistware - installs components
without your knowledge |
| X |
winstats |
winstats.exe |
Added by the GARGAFX TROJAN! |
| X |
WinSth16 |
WinSth16.exe |
Added by the CAKE WORM! |
| X |
winstro |
RUN32DLL.exe |
Added by the FTP_ANA TROJAN! |
| X |
winsupdatesysmngr64 |
winsys64mnger.exe |
Added by the RBOT-BAG WORM! |
| X |
WinSvc16.exe |
WinSvc16.exe |
Added by the SDBOT.FQ TROJAN! |
| X |
Winsvc32 |
Winsvc32.exe |
Homepage hijacker |
| X |
winsvc32.exe |
winsvc32.exe |
Added by the GREPAGE TROJAN! |
| X |
Winsvr |
msupd******.exe [*= random
digit] |
Added by the INJECT.163 TROJAN! |
| X |
Winsvr manager |
DDEsvr.exe |
Added by the TIRBOT-C WORM! |
| X |
winsy32.exe |
winsy32.exe |
CoolWebSearch
parasite variant |
| X |
winsync |
******.exe reg_run [* = random
char] |
Added by a variant of the QOOLOGIC TROJAN! |
| X |
WINSYS |
[path to trojan] |
Added by the GOLDPLAY TROJAN! |
| X |
winsys |
syschost.exe |
Added by an unidentified TROJAN! |
| U |
Winsys |
Winsys.exe |
Win-Spy keyboard logger/monitoring software - remove unless
you installed it yourself |
| X |
WinSys32 |
Winsys32.exe |
Added by the CIGIVIP TROJAN or
RECKUS WORM! |
| X |
winsys32 Driver |
winsys32.exe |
Added by the LOONY-O TROJAN! |
| U |
WinSysAppMon |
WinSysRM.exe |
Home & Family Content Filter related. See here |
| X |
winsysban |
[path to trojan] |
Added by the CLICKER-CD TROJAN! |
| X |
winsyslog lptt01 |
winsyslog.exe |
RapidBlaster variant (in a
"Winsyslog" folder in Program Files). Recommended you use
RapidBlaster Killer to uninstall - see here |
| X |
WinSysModule |
[path to trojan] |
Added by the AGENT-DIQ TROJAN! |
| X |
WinSysStartUpWKbLw |
TaskSystemDll.Exe |
Added by the BACKZAT.G WORM! |
| X |
WinSyst32 |
winsyst32.exe |
Added by the MORB WORM! |
| X |
WinSystem |
winsystem.exe |
Added by the WHITEBAIT WORM! |
| U |
WinSystem |
WinSystems.exe |
CMKeyLogger keystroke logger/monitoring program - remove unless
you installed it yourself! |
| X |
winsystem.sys |
smss.exe |
Added by the SOBER.K TROJAN!
Note - this is not the legitimate smss.exe process which is always located in
the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is located in a msagentwin32 subfolder
of the Winnt or Windows folder |
| X |
WinSystems |
winsystems16.exe |
Added by the SDBOT-CZT WORM! |
| X |
winsystems25 |
winsystems.exe |
Added by the RBOT-CNZ WORM! |
| X |
winsysupd |
[path to trojan] |
Added by the STARTPA-NI TROJAN! |
| X |
WINT |
wcp****.exe [* = random char] |
PurityScan/Clickspring adware |
| X |
WINT |
wcpcc.exe |
PurityScan/Clickspring adware |
| X |
WINT |
wcpsvit.exe |
PurityScan/Clickspring adware |
| X |
WINTASK |
iexplorer.exe |
Added
by the MYTOB-CH WORM! |
| X |
WINTASK |
msmgrxp.exe |
Added by the MYTOB.AQ WORM! |
| X |
WINTASK |
msvhost.exe |
Added by the MYTOB-AR WORM! |
| X |
WINTASK |
sys32.exe |
Added by the MYTOB.K WORM! |
| X |
WINTASK |
t4skmgr.exe |
Added by the MYTOB-AK WORM! |
| X |
WINTASK |
taskfile.exe |
Added by the MYTOB.EF WORM! |
| X |
WINTASK |
taskgamr.exe |
Added by the MYTOB.AU WORM! |
| X |
WINTASK |
taskgm.exe |
Added by the MYTOB-AO WORM! |
| X |
WINTASK |
taskgmr.exe |
Added by the MYTOB.I WORM and variants! |
| X |
WINTASK |
taskgmr32.exe |
Added by the MYTOB.BU WORM! |
| X |
WINTASK |
taskgmrs.exe |
Added by the MYTOB.DH WORM! |
| X |
WinTask |
Wintask.exe |
Added by the HIPO or LEMIR.F
TROJANS! |
| X |
WINTASK |
yahooicons.exe |
Added by the MYTOB-HM WORM! |
| X |
WINTASK DLL |
jusched32.exe |
Added by the MYTOB.AI WORM! |
| X |
WINTASK DLL32 |
smsrss.exe |
Added by the MYTOB.BS WORM! |
| X |
WinTask driver |
wintask.exe |
Added by the DLOADER-NA TROJAN! |
| X |
wintask32 |
Jwintask.com |
Added by the NAFBOT-A WORM! |
| X |
WINTASK32 |
taskgmr32.exe |
Added by the MYTOB.BN WORM! |
| X |
WINTASK32 |
taskgmrr.exe |
Added by the MYTOB.FX WORM! |
| X |
WINTASKMANAGER |
taskgmr.exe |
Added
by the MYTOB-AF WORM! |
| X |
WINTASKMGR |
ccsrs.exe |
Added by the MYTOB.Q WORM! |
| X |
WINTASKS |
taskgmr.exe |
Added by the MYTOB.BO WORM! |
| X |
WINTASKS |
winxpro.exe |
Added by the MYTOB.EZ WORM! |
| X |
WinTasks DLL Library (32-bits) |
winkll.exe |
Added by the RBOT-AJZ WORM! |
| U |
WinTasks Traybar |
wintasks.exe |
WinTasks
- "Efficient Resource and Task Management is absolutely critical if you
want to achieve the highest system performance levels possible. WinTasks 4
will not only help you achieve this task, but will actually make your system
run faster and more smoothly than ever before" |
| X |
wintasks.exe |
wintasks.exe |
Added by the EVAMAN WORM! |
| X |
Wintbp.exe |
wintbp.exe |
Added by the ZOTOB.E WORM! |
| X |
Wintbpx.exe |
wintbpx.exe |
Added by the ZOTOB.F WORM! |
| U |
wintective |
wintective.exe |
Wintective logs keystrokes, captures screenshots, and
monitors Internet activity. The gathered information can be sent to a
predetermined email address. If you didn't install this yourself remove it |
| X |
winter |
happy.exe |
Added
by the SDBOT-YF WORM! |
| N |
Wintercooler Pro |
WINCOOL.EXE |
Wintercooler
Pro - utility that monitors CPU usage, RAM consumption and Internet
connection speed |
| N |
WinTidy |
WinTidy.exe |
Desktop
icon manager from PC Magazine (Ziff-Davis). Available via Start ->
Programs |
| X |
Wintime |
Wintime.exe |
Added by the HARNIG TROJAN! |
| U |
WinTime |
wintime.exe |
Added by
WinTime - change desktop icons' color and font |
| N |
Wintime Wtxpload |
Wxpload.exe Wintime |
Part of the software to support
a Dexxa USB graphics tablet. From a visitor - "This gets started anyway
when you plug in the USB connector for the graphics tablet, if it's not
already running. It then starts an application which manages the tablet messages.
Since I leave the tablet unplugged unless I need to use it, I don't need this
running at startup. I suspect that this program monitors a number of windows
messages, so that when it's loaded, my regular mouse slows down - it acts
like it 'sticks' entering and leaving windows. Certainly my performance
returned to what I expected when I removed this item using MSCONFIG" |
| X |
WinTimer |
msupdate.cmd |
Hijacker - recognized by
Kaspersky antivirus as Trojan.Win32.StartPage.tj |
| X |
wintnask32.exe |
wintnask32.exe |
Added by the RBOT-AFP WORM! |
| X |
wintnl.exe |
wintnl.exe |
Added by a variant of the ZOTOB.K WORM! |
| X |
wintnpx.exe |
wintnpx.exe |
Added by the ZOTOB.H WORM! |
| X |
WinTools |
WToolsA.exe |
Wintools
adware |
| N |
WinTOTAL Scheduler |
guru.exe |
WinTOTAL Real estate appraisal
software related |
| X |
WinTray |
wintray.exe |
Added by the LEGUARDIEN.B TROJAN! |
| X |
wintsk32dll |
wintsk32dll.exe |
Added by the RBOT-AAJ WORM! |
| X |
winudll.exe |
winudll.exe |
Added by the MITGLIE-CE TROJAN! |
| X |
winui |
z.exe |
Added by the KONDELI TROJAN! |
| X |
winupated.exe |
winupated.exe |
Added by a variant of the SDBOT WORM! |
| X |
winupd |
RUNDLL32.EXE [random value].dll,
_mainRD |
Added by the MOTA.A WORM! |
| X |
winupd |
winupd.exe |
SearchNew adware |
| X |
winupd.exe |
winupd.exe |
Added by the BEAGLE.M or
BEAGLE.N WORMS! |
| X |
WinUPD32 |
explorer.exe |
Added by an unidentified VIRUS,
WORM or TROJAN! Note - this is not the legitimate Windows Explorer
(explorer.exe) which would not normally appear in Msconfig/Startup unless you
added it manually! |
| X |
winupdat |
winupdat.exe |
Added by the CANBOT.A WORM! |
| X |
WinUpdate |
RBSKQQBO.EXE |
Added by the VBSWG2B.A WORM! |
| X |
WinUpdate |
svhost.exe |
Added by a
variant of the SDBOT WORM! |
| X |
WinUpdate |
updsys.exe |
Added by a variant of the RBOT WORM! |
| X |
winupdate |
winupdate.exe |
Added by the ALCAN.B WORM! |
| X |
WinUpdate |
wmbem.exe |
Added by the REVCUSS.B TROJAN! |
| X |
WinUpdate Loader |
msnnm.exe |
Added by the REVCUSS.C TROJAN! |
| X |
winupdate.exe |
winupdate.exe |
Added by the RADO TROJAN! |
| X |
winupdate.reg |
winupdate.exe |
Added by the SPYBOT.EAS WORM! |
| X |
winupdate_ |
[path to file] |
Added by the COMDOR.A WORM! |
| X |
winupdate2846 |
vbsystem35.exe msvbrun.exe |
Added by a variant of the MUTIN-C TROJAN! |
| X |
WinUpdateB |
breatle.exe |
Added by the BRATLE.AWORM! |
| X |
winupdateconn |
[path to file] |
Added by the COMBRA-A WORM! |
| X |
winupdateconn_ |
Explorer.EXE |
Added by the COMBRA-B WORM! Note - the legitimate Windows
Explorer (explorer.exe) is located in the Windows or Winnt folder and would
not normally appear in Msconfig/Startup unless you added it manually! This
one is located in the System (9x/Me) or System32 (NT/2K/XP) folder |
| X |
winupdatefiv_ |
[path to file] |
Added by the COMBRA.C WORM! |
| U |
WinUpdateProtection |
csrss.exe |
EmployeeWatch is a commercial surveillance software program
designed to monitor user activity on a computer |
| X |
winupdates |
winupdates.exe |
Added
by the ALCRA-B WORM! |
| X |
WinUPDbc |
winupdbc.exe |
Added by the BANKER-DSN TROJAN! |
| X |
WinUpdsv |
winupdsv.exe |
Added by the DROPO MACRO! |
| X |
winupdt |
RUNDLL32.EXE [random.dll] |
Added by the MABUT.A WORM! |
| X |
winupdtl |
winupdtl.exe |
SecondThought adware variant |
| X |
WinUpgrader |
[path to trojan] |
Added by the AGENT-DZ TROJAN! |
| X |
winur |
winrun.exe |
Added by the WINUR.B WORM! |
| X |
winusb.dll |
winguard.exe |
Added by the FORBOT-CN WORM! |
| X |
WinUser32K |
usr32wink.exe |
Added by the HK TROJAN! |
| X |
WinUsr |
WinUsr.exe K1S2 |
Added by the CLUNK.A WORM! |
| X |
Winux Piriax Service |
PH32.EXE |
Added by the RANDEX.G WORM! |
| X |
winversion |
winversion.exe |
Browser hijacker, redirecting to
specificsearches.com |
| X |
WinVNC |
iexplorer.exe |
Added by the EVIVINC VIRUS! |
| U |
WinVNC |
WinVNC.exe |
WinVNC is an application that allows you to remote control
your PC from another PC somewhere on the internet. Now superseeded by RealVNC |
| X |
winvxd32 |
winvxd32.exe |
Added by the GABLOLIZ.A WORM! |
| X |
winwan lptt01 |
winwan.exe |
RapidBlaster variant (in a
"Winwan" folder in Program Files). Recommended you use RapidBlaster
Killer to uninstall - see here |
| X |
winwan ml097e |
winwan.exe |
RapidBlaster variant (in a
"Winwan" folder in Program Files). Recommended you use RapidBlaster
Killer to uninstall - see here |
| X |
winword |
winword.exe |
Added by the TORPID-C TROJAN! |
| X |
WINWORD.exe |
WINWORD.exe |
Added by the DRIVUS TROJAN! Note - this is not the legitimate
MS Word process of the same name, which is always located in the Program
Files folder. This one is found in System (9x/Me) or System32 (NT/2K/XP)
folder and should not normally figure in Msconfig/Startup! |
| X |
WinWorks |
vstmgr.exe |
Added by the AGOBOT.ACJ WORM! |
| X |
winwsl.exe |
winwsl.exe |
Added
by the ZOTOB-J WORM! |
| X |
winXP |
33.exe |
Added by the ANPES WORM! |
| X |
WinXP |
csrss.exe |
Added by the BANCOS-AG TROJAN!
Note - this is not the legitimate csrss.exe process which is always located
in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is located in a "Arquivos de
programasWinXPTools" folder |
| X |
WinXP |
plugin1.exe |
Added by the Downloader-JW
TROJAN! |
| X |
win-xp |
nvsc32.exe |
Added by the BROPIA.N WORM! |
| X |
win-xp |
winis.exe |
Added by the BROPIA.N WORM! |
| X |
win-xp |
winis.exe |
Added by the BROPIA.N WORM! |
| X |
WinXP fix |
[path to file] |
Added by the RANKY.P TROJAN! |
| X |
WinXP Processor Generator v1.2 |
intspnsr32.exe |
Added by the SDBOT.LP WORM! |
| X |
WinXp Updater |
winxp32.exe |
Added
by the RBOT-HG WORM! |
| X |
WinXP-98 |
CSRSS.exe |
Added by the BANKER-DS TROJAN!
Note - this is not the legitimate csrss.exe process which is always located
in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is located a C:Arquivos de programasWinXP-98Tools
folder |
| X |
winxpdll32.exe |
winxpdll32.exe |
Added by a variant of the SMALL
downloader TROJAN! |
| X |
WinXPHome |
plugin2.exe |
Added by the malicious INOR.T script! |
| U |
WinXPLoad |
Rundll32 LoadDll, LoadExe
WinXPLoad.exe |
Compaq hotkey related - required
if you use the hotkeys |
| X |
winxpusbd |
winxp64.exe |
Added by a variant of the RBOT WORM! |
| X |
winystems25 |
winystems.exe |
Added by a
variant of the SDBOT WORM! |
| X |
Winz Firewall |
[random filename].exe |
Added by a
variant of the SDBOT WORM! |
| X |
WinZap Check |
winzbp.exe |
Added by the RBOT-AWZ WORM! |
| X |
winzip |
[path to trojan] |
Added by the BANCOS.G or
BANCOS.K TROJANS! Note - this is not part of the popular WinZip file
compression utility |
| X |
Winzip |
[various filenames] |
Added
by the LERPA-A WORM! Note - the file name will be one of the following
common.exe, common.pif, common.scr, Sexo.exe, Sexo.jpg.pif, ini_file__.pif,
load_me__.tmp, msfile.pif, system_load_.pif or zipped.rar.pif |
| X |
Winzip Application |
winzip81.exe |
Added by the RBOT-BKZ WORM! |
| N |
WinZip Quick Pick |
WZQKPICK.EXE |
Added with WinZip version 8.1.
"The new WinZip Quick Pick taskbar tray icon gives you instant access to
WinZip and your Zip files. Just left click the icon to open WinZip, or right
click it to instantly reopen recently used Zip files, access your Favorite
Zip Folders, open WinZip Help, or start WinZip itself.". You can
right-click and close it - choosing to not re-load it at start-up |
| X |
WinZip Update |
WinZip.exe |
Added by a variant of the RBOT WORM! Note - this is not part
of the popular WinZip file compression utility |
| X |
WIP Config GUI |
Winipcfgs.exe |
Added
by the RBOT-CN WORM! |
| N |
Wireless Console |
wcourier.exe |
ASUS Wireless Console - installed alongside ASUS wireless
components and provides additional configuration options for these devices |
| U |
Wireless PCI Card Configuration
Utility |
WMP11Cfg.exe |
Utility used by the LINKSYS
wireless PCI card (WMP11) and indicates when a wireless access connection is
made by a screen colour change. Also used for configuration |
| X |
Wireless Provider Server |
wpsvr.exe |
Added by the FORBOT-AD WORM! |
| U |
Wireless Switching Setting
Utility |
Switcher.exe |
On a Sony laptop with built in
wireless it allows the user to select which wireless services they want to
run (i.e. Wireless LAN, Bluetooth, both) when turning the wireless switch on
if disabled) |
| Y |
Wireless-G Notebook Adapter |
Gcc.exe |
LinkSys Wireless-G Notebook
Adapter driver |
| U |
Wireless-G Notebook Adapter
Utility |
WPC54CFG.EXE |
Utility used by the LINKSYS
Wireless-G Notebook Adapter (WPC54G) |
| U |
WireLessKeyboard |
PS2USBKbdDrv.exe |
Related to WireLess Keyboard Multimedia Combo Set by SANSUN
Industries |
| U |
WireLessMouse |
MouseDrv.exe |
Related to WireLess Mouse Multimedia Combo Set by SANSUN
Industries. Located in C:Program FilesMultimedia Combo Set |
| X |
wise |
clockwise.exe |
Added by the LAZAR-A TROJAN! |
| X |
WIZZ |
dazzler.exe |
Reported by Kaspersky Anti-Virus
as DIALER.IS TROJAN! |
| N |
wjview |
wjview.exe |
MS tool used to view
window-based Java applications from the command line |
| N |
wkcalrem |
wkcalrem.exe |
Produces a pop-up reminder of
events scheduled using the MS Works Calendar |
| N |
WkDetect |
WkDetect.exe |
Checks for updates to MS Works |
| N |
wkfud |
wkfud.exe |
A marketing program for MS Works |
| N |
WksSb |
WksSb.exe |
The Works Portfolio tool lets
you collect and organize text and pictures from the Web or your favorite
program. The Works Portfolio provides a location where you can store items
you want to later put into a document or other file |
| X |
WksSVC |
EXPLORER.exe |
Added by the MYTOB-BW WORM! Note - the legitimate Windows
Explorer (explorer.exe) is located in the Windows or Winnt folder and would
not normally appear in Msconfig/Startup unless you added it manually! This
one is located in the System (9x/Me) or System32 (NT/2K/XP) folder |
| N |
WkUFind |
WkUFind.exe |
MS Works Update Detection. MS
Picture It! (versions 7 to current) use this automatic update feature during
the log on process. It can also cause your system to automatically dial into
your ISP as it tries to access the internet, if you have your system set to
automatically dial when the internet is invoked. To manually update, go to
Microsoft's Office/Works update site. You can also turn of the automatic
update feature within Picture It! - see here |
| X |
Wkyo86 |
[path to worm] |
Added
by the PITIN-A WORM! |
| X |
Wlan Drier |
Winusb2.exe |
Added by the WOOTBOT.DC WORM! |
| X |
Wlan Driver |
avscan.exe |
Added by the WOOTBOT.DH WORM! |
| N |
WLAN Status Tray Applet |
WLANSTA.EXE |
System Tray icon for checking
the status of a Wireless LAN |
| Y |
WLAN_Cfg.exe |
WLAN_Cfg.exe |
Linksys Instant Wireless USB
Network Adapter driver |
| U |
wlancfg |
wlancfg.exe |
Inventel wireless router related
- required in order to automatically connect to the Net at bootup |
| Y |
wlancfg5 |
wlancfg5.exe |
NetGear WG311v3 wireless PCI
adapter driver - required in order to automatically connect to the wireless
router/gateway at bootup. Note - may not install correctly on Windows9x/ME
computers which have Slipstream accelerator installed. Uninstall Slipstream
first, disabling slipcore and slipgui are insufficient |
| N |
WLANSTA.EXE |
WLANSTA.EXE |
System Tray icon for checking
the status of a Wireless LAN |
| X |
wlsass |
wlsass.exe |
Added by the RANKY.CY TROJAN! |
| N |
WLTRAY |
wltray.exe |
Installed alongside Dell
Wireless WLAN Card and provides additional configuration options for these
devices |
| N |
wltray |
wltray.exe |
System tray access to wireless
LAN card configuration options |
| N |
WM VCR |
WMVCR.exe |
WM Recorder allows you to
record Windows Media(tm) streaming Video or Audio content. Can be accessed
via Start Menu -> Programs |
| ? |
WM_LOGIN |
MSGLOGIN.EXE |
Part of McAfee Firewall. What is
it for and is it needed? |
| Y |
Wm24Pan |
Wm24Pan.Exe |
ESI external sound card driver |
| X |
wm41a398 |
rundll32.exe [path]
wm41a398.dll, EnableRunDLL32 |
LZIO.com
adware downloader |
| X |
WMAudio |
services.exe |
Added by the NEVEG.B or NEVEG.C
WORMS! Note - this is not the legitimate services.exe process, which should
not appear in Msconfig/Startup! |
| X |
WMAudio |
winlogon.exe |
Added by the NEVEG.A WORM! Note
- this is not the legitimate winlogon.exe process, which should not appear in
Msconfig/Startup! |
| N |
WMBoot |
N/A |
Associated with Logitech Wingman
game controllers. Not required but what does it do? |
| N |
WMC_RebootCheck |
unregmp2.exe |
Corrects problems with
installations of Windows Media Player from version 9 onwards - see here and
search for "unregmp2.exe" |
| X |
wmcbaaca |
rundll32.exe [path]
wmcbaaca.dll, EnableRunDLL32 |
LZIO.com
adware downloader |
| X |
WMI Application Interface |
wmiapi.exe |
Added
by the SPYBOT.RBY WORM! |
| U |
WMIEXE.exe |
wmiexe.exe |
NT component, used by Windows
Millennium to detect Plug and Play-compliant IEEE 1394 devices during the
startup process. Since this is important for the computer to work properly if
you have these, Windows Millennium protects wmiexe.exe and will restore the
file even if it's deleted or renamed |
| X |
Wminf |
Wminf.exe |
Added by the GEMA TROJAN! |
| X |
Wminfo |
Wminfo.exe |
Added by the GEMA TROJAN! |
| X |
wmiprv |
wmiprv.exe |
Added
by the RBOT-WM WORM! |
| X |
wmon |
jusched.exe |
Added by the AGOBOT-OW WORM! |
| Y |
WMP54Gv4 |
WMP54Gv4.exe |
Linksys WMP54Gv4 wireless PCI
adapter driver - required in order to automatically connect to the wireless
router/gateway at bootup. Note - may not install correctly on Windows9x/ME
computers which have Slipstream accelerator installed. Uninstall Slipstream
first, disabling slipcore and slipgui are insufficient |
| X |
wmplayer.exe |
wmplayer.exe |
Added by the BANCBAN-CZ TROJAN! |
| U |
wmpnscfg |
wmpnscfg.exe |
"Microsoft Windows uses wmpnscfg.exe to alert users when
media rendering devices are found on the network. Wmpnscfg starts the Windows
Media Player Network Sharing Service (NSS) and then waits for notifications
from the service. When wmpnscfg is notified that a new media device is
available on the network, it displays a popup in the system tray that informs
the user about the availability of the new device. If the user clicks the
popup, wmpnscfg launches Windows Media Player, which displays a dialog box
that asks the user to either allow or deny sharing with the new device."
- see here |
| X |
wms3 |
wms3.exe |
Added by the LEGMIR-AQG TROJAN! |
| X |
wmsys32 |
wmsys32.exe |
Added by the BANPAES.B TROJAN! |
| X |
wmv |
winmonv.exe |
Added by the AGENT-DG TROJAN! |
| X |
WN Services |
wnsvc.exe |
Added
by the KBBOT-A TROJAN! |
| X |
WNAD |
WNAD.EXE |
Spyware added as a
result of running a program called "Yo Mama Osama" (osama.exe). See
here for more and how to get rid of it. There are other ways this can show up
on your system, and it will manifest itself by periodically opening a new
browser window with advertising for copy DVD software and the like |
| X |
wnddrv |
svchost.exe |
Added by an unidentified TROJAN! Note - this is not the
legitimate svchost.exe process which is always located in the System (9x/Me)
or System32 (NT/2K/XP) folder and should not normally figure in
Msconfig/Startup! This file is found in the Winnt or Windows folder |
| X |
WNILOGON |
WNILOGON.exe |
Added
by the LEWOR-M TROJAN! |
| X |
WNSC |
wns*****.exe [* = random char] |
PurityScan/Clickspring adware |
| X |
Wnsck2 driver |
wlogf.exe |
Added by the SPYBOT-AF WORM! |
| X |
WNSI |
wnscp**.exe [* = random char] |
PurityScan/Clickspring adware |
| X |
WNSO |
WNSO.exe |
Baidu.SoBar adware |
| X |
WNST |
wns*****.exe [* = random char] |
PurityScan/Clickspring adware |
| X |
wntlgns |
wntlgns.exe |
CoolWebSearch
parasite variant |
| X |
wnxpupdate |
spvspool.exe |
Added by the DABORA.B WORM! |
| X |
wnxupdate |
updatexp.exe |
Added by the COMBRA-G WORM! |
| X |
won update |
WAPDATE.EXE |
Added by the RBOT.N WORM! |
| U |
WonderFrog |
WonderFrog.exe |
Wonder Frog typing
monitor |
| N |
WooCnxMon |
CnxMon.exe |
Wanadoo
ISP software related - not required - here's how to bypass it |
| X |
Woods Inc |
wcmd.exe |
Added by the KILLFIL-O TROJAN! |
| X |
woopie |
winamp.exe |
Added by the AGOBOT.XV WORM!
Note - this is NOT the popular Winamp media player |
| N |
WOOTASKBARICON |
TaskbarIcon.exe |
Wanadoo ISP taskbar icon - not
required |
| N |
Woowatch |
Watch.exe |
Wanadoo ISP software, not
required |
| X |
word pair |
bopotsvr.exe |
Added
by the SHED-A TROJAN! |
| Y |
WordQ carat flag |
WordQcrs.exe |
Related to WordQ Writing Aid Software |
| N |
WordWeb |
wweb32.exe |
WordWeb - free theasaurus
and dictionary. Start manually |
| ? |
Workflo |
workflow.exe |
Related to BroadJump Client
Foundation - broadband troubleshooting software installed by various
companies. Is it required? |
| X |
Working System Analyzer |
syswork.exe |
Added by the FORBOT-FZ WORM! |
| X |
worknote1 |
[filename] |
Added
by the MEETOT WORM! |
| U |
WorkPace 3.0 |
workpace.exe |
WorkPace - stress injury
prevention software |
| N |
Works Calendar Reminder |
wkcalrem.exe |
Produces a pop-up reminder of
events scheduled using the MS Works Calendar |
| N |
WorksFUD |
wkfud.exe |
A marketing program for MS Works |
| U |
Workstation Scheduler |
wm95.exe |
Desktop
Management Scheduler. Part of Novell's Netware Client. Schedueles NDS events.
If events have been schedueled, it is required, otherwise, it is useless and
a memory hog |
| X |
Workstation Services |
wrkstn.exe |
Added
by the RBOT-OJ WORM! |
| X |
Workstation Ver 5.0 |
vmware.exe |
Added by the RBOT-AHB WORM! |
| X |
WorldAntiSpy |
worldantispy.exe |
WorldAntiSpy, "rogue" spyware remover, installed as
part of this scam |
| U |
Worm Detector |
wd.exe |
Worm Detector -
antivirus add-on for Outlook 2K or XP for handling worms and spam |
| X |
wormexe |
winstart.exe |
Added by the EARLYBIRD WORM! |
| X |
wovax |
wovax.exe |
Added by the DAQA.A TROJAN! |
| X |
wow |
bar.exe |
PurityScan/Clickspring adware |
| X |
wow |
Launcher.exe |
Added by the DELF-DOR TROJAN! |
| X |
wow |
wwf.exe |
Added by the LINEAGE-Y TROJAN! |
| N |
Wpctrl |
wpctrl95.exe |
WinPortrait plug-in for
PivotPro from Portrait Studios - allows a screen to be rotated to match
rotated LCD screens, for example). Shortcut available via Display Properties |
| N |
Wpctrl |
wpctrlnt.exe |
WinPortrait plug-in for
PivotPro from Portrait Studios - allows a screen to be rotated to match
rotated LCD screens, for example). Shortcut available via Display Properties |
| N |
wpctrl95 |
wpctrl95.exe |
WinPortrait plug-in for
PivotPro from Portrait Studios - allows a screen to be rotated to match
rotated LCD screens, for example). Shortcut available via Display Properties |
| N |
wpctrl95 |
wpctrlnt.exe |
WinPortrait plug-in for
PivotPro from Portrait Studios - allows a screen to be rotated to match
rotated LCD screens, for example). Shortcut available via Display Properties |
| Y |
WPCUMI |
WpcUmi.exe |
Windows Vista Parental Control Notifications from Microsoft
Corporation |
| Y |
WPCycle.exe |
WpCycleWin.exe |
Added when selecting Mplayer2 to
open media files. Forces other codes to Wait for Previous instructions to
end, preventing instability of your CPU (freezing) |
| X |
wpds.exe |
doriot.exe |
Added by the SMALL-KY TROJAN! |
| X |
wpds.exe |
wwnrot.exe |
Added by the BAGLEDI-D TROJAN! |
| X |
wpwmgrs |
wpwmgrs.exe |
Added by the MYTOB-DH WORM! |
| X |
WQK |
WQK.exe |
Added by the KLEZ.H WORM! |
| ? |
wr |
WR.EXE |
?? |
| ? |
WR Command |
wr.exe |
?? |
| N |
WrCtrl |
WrCtrl.exe |
Win-Route 4.27 NAT engine on
Win2k Pro for connection sharing and security using Win-Route by Tiny
Software. A connection sharing/Firewall Application. If service is disabled
the program does not work, but you can manually start/stop the service with a
shortcut the program installs at any time |
| X |
WRDialer |
WrDialer.exe |
WinPoet DSL dialler |
| ? |
WRECK GUARD |
?? |
?? |
| ? |
WregBios |
wregbios.exe |
Desktop Management BIOS (DMI
BIOS) related. Apparently invokes the DosBios.exe file. Is
it required? |
| U |
wrexec |
wrexec.exe |
Watch
Right - monitoring program, part of the PowerTools add-on for AOL. Records
instant messages, E-mail, chat. Watch Right appears to be, and functions as
an online clock updater which connects with the U.S. National Institute of
Standards and Technology. It was designed for parents who wish to keep an eye
on what their children are doing online |
| ? |
wriste |
wriste.exe |
?? |
| U |
Write DVD-R! |
saimon.exe |
Saimon's WriteDVD! "gives
total support for DVD-RAM drives. It provides many functions such as setting
partitions on DVD-RAM disks and FixDVD! can diagnose and repair UDF formatted
disks" |
| X |
ws_d |
ws32.exe |
Added by the LEGMIR-RL TROJAN! |
| X |
ws2 32 |
svchst.exe |
Added
by the VOKEN-A TROJAN! |
| X |
ws2help |
ws2help.exe |
Added by a variant of the SMALL.AN TROJAN! |
| X |
WSAConfiguration |
csrsvcs.exe |
Added by the AGOBOT.VI WORM! |
| X |
WSAConfiguration |
drrss.exe |
Added by a variant of the AGOBOT/GAOBOT WORM! |
| X |
WSAConfiguration |
ntguard32.exe |
Added by a variant of the AGOBOT/GAOBOT WORM! |
| X |
WSAConfiguration |
rpcxmn32.exe |
Added by the AGOBOT.ABG WORM! |
| X |
WSAConfiguration |
svchostt.exe |
Added by the AGOBOT.ZT WORM! |
| X |
WSAConfiguration |
win32upd.exe |
Added by a variant of the RBOT WORM! |
| X |
WSAConfiguration |
winlogon32.exe |
Added by the AGOBOT-WC WORM! |
| X |
WSAConfiguration |
wmon32.exe |
Added by the GAOBOT.BAJ WORM! |
| X |
WSAConfiguration1 |
csass.exe |
Added by the AGOBOT.WH WORM! |
| X |
wsass32 |
wsass32.exe |
Added by the BANKEM-V TROJAN! |
| ? |
wsbklite |
wsbklite.exe |
Related to the Acer Soft Button
on Acer Tablet PCs. Appears to do nothing so is it
required? |
| U |
WScheduler |
WScheduler.exe |
Windows
Scheduler - "schedule unattended running of applications, batch files,
scripts and much more. Also, you can schedule popup reminders so you'll never
forget reminders, tasks and other events." |
| X |
wscntfys |
wsscntfy.exe |
Added by the SDBOT-TN WORM! |
| X |
wscript.exe |
vabian.vbs |
Added by the VABI VIRUS! |
| X |
wscsvc.exe |
wscsvc.exe |
Added by a
password stealing BANKER TROJAN! |
| X |
Wsdata service |
WSconf.exe |
Added by the SDBOT.ZU WORM! |
| X |
wserv |
wserv.exe |
Added by a
variant of the SDBOT WORM! |
| X |
wserver |
wserver.exe |
Added by the NETSKY.AC or
SASSER.G WORMS! |
| U |
WService |
WService.exe |
Tablet client Driver for
UC-Logic Pen/Graphics Tablet |
| U |
wsg32 |
wsg32.exe |
GoldenKeylog keystroke logger/monitoring program - remove
unless you installed it yourself! |
| U |
wskrnl |
wskrnl.exe |
ActMon surveillance software. Uninstall this software unless
you put it there yourself |
| X |
wsock32 |
svchost.exe |
Added by the HORST-A WORM! Note
- this is not the legitimate svchost.exe process which is always located in
the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is found in the Winnt or Windows folder |
| X |
wsrv32 |
wsrv32.exe |
Added by a CLICKER TROJAN!
Identified by Kaspersky antivirus as Win32.Agent.ep |
| X |
WSSAConfiguration |
wmmon32.exe |
Added by the AGOBOT-KC WORM! |
| U |
wssys |
wssys.exe |
WebPI
logs keystrokes and captures screenshots. If you didn't install this yourself
remove it |
| X |
Wstat32 driver |
Wstat32.exe |
Added by the LOONBOT TROJAN! |
| Y |
wstimeb |
wstimeb.exe |
Used with NEC printers. You can
disable it before printing but it re-loads itself when printing so you may as
well leave it |
| X |
wsttrs |
wsttrs.exe |
Added by the LDPINCH-QS TROJAN! |
| X |
wsvbs |
wsvbs.exe |
Added by the PWS-AEB TROJAN! |
| U |
WSVCS |
SERVICES.EXE |
WSLogger keystroke logger/monitoring program - remove unless
you installed it yourself! |
| Y |
wswpd |
wswpd.exe |
Used with some models of
Panasonic, Epson and NEC printers. Some older drivers known to have a
"memory leak". Needed for printing to work |
| U |
wsys.exe |
wsys.exe |
SpyloPCMonitor is a surviellance software program that
monitors user activity, logs keystrokes, and takes screenshots. It ends the
processes of anti-spyware programs. If you didn't install this yourself
remove it |
| N |
WT Game Channel |
GameChannel.exe |
WildTangent GameChannel -
notification of new games, quick access to games and fast and easy game
downloads. Note that WildTanget's privacy policy used to state that they also
collect and share individuals information but this is no longer the case |
| N |
WT Game Channel |
wtgamechannel.exe |
WildTangent GameChannel -
notification of new games, quick access to games and fast and easy game
downloads. Note that WildTanget's privacy policy used to state that they also
collect and share individuals information but this is no longer the case |
| N |
WT GameChannel |
GameChannel.exe |
WildTangent GameChannel -
notification of new games, quick access to games and fast and easy game
downloads. Note that WildTanget's privacy policy used to state that they also
collect and share individuals information but this is no longer the case |
| N |
WT GameChannel |
wtgamechannel.exe |
WildTangent GameChannel -
notification of new games, quick access to games and fast and easy game
downloads. Note that WildTanget's privacy policy used to state that they also
collect and share individuals information but this is no longer the case |
| X |
WTF Test |
wtftest.exe |
Added
by the RBOT-ACM WORM! |
| U |
WTIndicator |
SchedInd.exe |
WinTask - software that automates a variety of routine tasks
quickly and simply |
| X |
WTSI |
wapisvit.exe |
PurityScan/Clickspring adware |
| X |
WTSS |
wap***.exe [* = random char] |
PurityScan/Clickspring adware |
| X |
WTST |
wapisvtr.exe |
PurityScan/Clickspring adware |
| Y |
WU713STA.EXE |
WU713STA.EXE |
Blitzz Technology wireless NIC
adapter driver |
| X |
wuanguard |
wuanguard32.exe |
Added by the RBOT-AAF WORM! |
| Y |
WUOLService |
WUOLService9x.exe |
Remote wakeup
status agent. Part of Novell's ZenWorks. Processes Wake-up on LAN requests
(turn on a computer remotely on LAN) |
| X |
wuosdial |
wuosdial.exe |
Added by a variant of the RBOT WORM! |
| X |
WUPD |
iglmtray.exe |
Added by the TZET WORM! |
| X |
wupd |
symcsvc.exe |
Added by the ABWIZ.C TROJAN! |
| X |
wupd |
win32.exe |
Added
by the ORSE-C TROJAN! |
| X |
WUpdate |
1037v.exe |
Added by the CLAGGER-AR TROJAN! |
| X |
wupdate |
wi32.exe |
Downloader
trojan, detected by Panda antivirus as Adware/Trustbid |
| X |
wupdate |
wisvccz.exe |
Added
by the ORSE-B TROJAN! |
| X |
Wupdate driver |
[various filenames] |
Added by a variant of the SPYBOT WORM! |
| X |
WUpdates |
WUpdates.exe |
Added by the SWEPDAT TROJAN! |
| X |
Wupdm32 |
Wupdm32.exe |
Added by the MIDLAK WORM! |
| X |
wupdmgr32.exe |
wupdmgr32.exe |
Added by the CERTIF-I TROJAN! |
| X |
wupdt |
wupdt.exe |
Added by the IMISERV.A TROJAN! |
| Y |
WUSB11B.exe |
WUSB11B.exe |
Linksys WUSB11 WLAN USB adapter |
| Y |
WUSB54Gv2 |
InvokeSvc3.exe |
Wireless-G USB Wireless Network
Adapter related - would appear to be required |
| Y |
WUSB54Gv4 |
WUSB54Gv4.exe |
Wireless-G USB Wireless Network
Adapter related - would appear to be required |
| X |
wuviewer |
wuviewer.exe |
Added
by a Proxy Trojan variant |
| ? |
WUx_RegSvr |
RegSvr32.exe |
x is any number?? |
| X |
WWKS |
wsass.exe |
Added
by the SDBOT-BT WORM! |
| X |
www.hidro.4t.com |
enbiei.exe |
Added by the BLASTER.F WORM! |
| X |
www.symantec.com |
oz11111.exe |
Added by the MYDOOM.W WORM |
| X |
WXcmeinst |
[path to file] |
Added by the RANCK-CD TROJAN! |
| X |
Wxp4 |
Norton Update.exe |
Added by the ERKEZ.D WORM! |
| N |
WXProcMgr Module |
WXprocMgr.exe |
TVTonic from Wavexpress - "enjoy 3 full-screen,
DVD-quality video channels for FREE". Allows data content to be
downloaded and synchronized on your system |
| U |
WZCBDLService |
WZCBDL9X.exe |
WZCBDLService Launcher from
D-Link - configuration/drivers |
| X |
wzdmg |
wzdmg.exe |
Added
by a generic downloader TROJAN - see here |
| X |
wzhelper |
wzhelper.exe |
Searchcentrix hijacker |
| X |
wzservice |
hess.exe |
Added by the HACKARMY.W TROJAN! |
| U |
X Server |
X.exe |
"XoftWare for Windows"
enables you to run network-based UNIX programs ("X programs" or
"clients") side-by-side with Windows applications on your personal
computer. You can also share programs and computing resources with host
computers connected to your PC over a network |
| X |
x[Number from 1 to 7] |
x[Number from 1 to 7].exe |
Added by the DADOBRA-A TROJAN! |
| U |
X1 |
X1.exe |
Part of X1's Enterprise Desktop Search Resource Center. An
enterprise desktop search engine |
| U |
X1 System Tray |
X1Systray.exe |
Part of X1's Enterprise Desktop Search Resource Center. An
enterprise desktop search engine |
| U |
X10 Device Network Service |
x10nets.exe |
Belongs to X10 video streaming
device(s) |
| X |
X10Weax |
WTHRTRAY.EXE |
WeatherCheck - "bring the latest local weather to your
desktop". Not recommended as it reportedly pops ads, and contains no
uninstaller |
| U |
X1FileMonitor.exe |
X1FileMonitor.exe |
Part of X1's Enterprise Desktop Search Resource Center. An
enterprise desktop search engine |
| U |
x3watch |
x3watch.exe |
"program helping with
online integrity. Whenever you browse the internet and accesses a site which
may contain questionable material, the program will save the site name on
your computer. Approximately every 30 days, a person of your choice (an accountabiltiy
partner) will receive an e-mail containing all possible questionable sites
you may have visited within the month. This information is meant to encourage
an open and honest conversation between friends and help us all be more
accountable" |
| X |
x3yy |
[path to trojan] |
Added by the TANNICK TROJAN! |
| N |
Xanadu |
Xanadu.exe |
Xanadu -
free language and translation wizard from Foreignword |
| ? |
xBrotherMeCom |
BrMeCom.exe |
Related to Brother MFC-9200c
printer. What does it do and is it required? |
| U |
xbtl |
bootldr.exe |
Active Keylogger keystroke logger/monitoring program - remove
unless you installed it yourself! |
| U |
X-Cleaner Deluxe |
xcleaner.exe |
X-Cleaner Deluxe -
privacy and anti-spy application |
| U |
X-Cleaner Freeware |
XCLEAN~1.EXE |
X-Cleaner
Freeware - "cookie cleaning, Internet cache cleaning, scans for many
popular spy software packages and performs permanent file shredding" |
| X |
Xcpy1 |
Xcpy1.exe |
BroadcastPC adware variant |
| X |
xdxqa |
dewa.exe |
Added
by the SDBOT-YB WORM! |
| U |
XE 8x LM Status |
lmsxxe.exe |
Xerox XE8 series laser printer
status monitor |
| X |
Xecuter.bat |
psexec.bat |
Added by the BOOHOO WORM! |
| U |
XemiCo |
ADC.EXE |
XemiComputers
Active Desktop Calendar |
| U |
XeroxScannerDaemon |
XrxFTPLt.exe |
Xerox Scanner Daemon - driver for Xerox Scanner model fu621d |
| Y |
XFILTER |
xfilter.exe |
Filseclab
Personal Firewall Professional Edition |
| N |
Xfire |
Xfire.exe |
Terratec DMXFire 1024 soundcard
control panel |
| X |
xflash |
xflash.exe |
Added by the BANCJ-A TROJAN! |
| X |
xftpGraber |
Xftpgraber.exe |
Added by the ENVID.C WORM! |
| ? |
XGIWatchDog |
XWatDog.exe |
Related to XGI Technology's Volari graphics cards - what does
it do and is it required? |
| N |
X-Grabber |
sswizard.exe |
ScreenShot
Wizard |
| X |
xhi |
xhi.exe |
Added by the SCLOG-A TROJAN! |
| X |
xhrmy |
Xhrmy.exe |
HyperLinker adware |
| ? |
xicon |
xicon.exe |
Part of the IBM/XPoint Rapid
Restore utility. What does it do and is it required? |
| X |
XiD |
mmx.exe |
Added by the ANALOGX TROJAN! |
| Y |
XircWinModem4 |
ltcm000c.exe |
WinModem
drivers. WinModems use software rather than hardware - hence putting a load
on the CPU. Needed if you have it for loading the drivers. See here for more
WinModem information |
| U |
xitami |
Xiwin32.exe |
Xitami Multiplatform Open Source web server |
| ? |
xkstartup |
RunDll32 InstZ82.dll,
SetUsbPrinterPort |
On a system with a Lexmark
printer |
| X |
xload32 |
netdd.exe |
Added by the NETSPY TROJAN! |
| X |
xloadnet |
xloadnet.exe |
Added by the VB.NCK TROJAN! |
| X |
XML Service |
msxml.exe |
Added
by the RBOT-HD WORM! |
| X |
XNSearchAssistant |
SrchAsst.exe |
iWon Search Assistant - spyware |
| U |
XoftSpy |
XoftSpy.exe |
XoftSpy antispyware software |
| X |
xor |
svchost.exe |
Added by the XORDOOR TROJAN!
Note - this is not the legitimate svchost.exe process which is always located
in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is found in a "xor" subfolder |
| X |
xor |
svshost.exe |
Added by the AGENT.DC TROJAN! |
| X |
Xordate |
wuauclt10.exe |
Added by the RBOT-GKN WORM! |
| X |
Xordate |
wuauclt11.exe |
Added by the RBOT-GLI WORM! |
| X |
Xordate |
wuauclt12.exe |
Added by the RBOT-GLQ WORM! |
| X |
Xordate |
wuauclt13.exe |
Added by the RBOT-GLM WORM! |
| X |
Xp |
p2pnetworking.exe |
Added by the SDBOT.XA WORM! |
| X |
xp |
winis.exe |
Added
by the RBOT-WO WORM! |
| X |
xp service pack 2 |
xpsp2.exe |
Added
by the RBOT-KW WORM! |
| U |
XP Tools |
xptools.exe |
XPTools - "integrated suite of powerful PC Utilities to
fix, speed up, maintain and protect your computer" |
| X |
xp_system |
[filename] |
Added by the BOOKMARKER.J TROJAN! This file is located in a
Windowsinet20004 or Winntinet20004 folder |
| X |
xp_system |
services.exe |
Added by the KREPPER-N TROJAN
and variants! Note - this is not the legitimate services.exe process which is
always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should
not normally figure in Msconfig/Startup! The file is located in a "inet*****"
subfolder of the Windows or Winnt folder - where ***** varies dependent upon
the variant, examples are 20088, 20001, 10066 |
| X |
xp_system |
winlogon.exe |
Added by the KREPPER-G TROJAN! -
a CoolWebSearch parasite variant. Note - this is not the legitimate
winlogon.exe, which should not figure in Msconfig/Startup! |
| X |
xp32win |
xpupdater02.exe |
Added by the MOSUCK-A TROJAN! |
| ? |
Xpagent |
xpagent.exe |
Part of the IBM/XPoint Rapid
Restore utility. What does it do and is it required? |
| X |
XPAgent |
XPAgent.exe |
Reported as the CLICKER.LE
TROJAN by Panda Anti-Virus. Do not confuse this with the IBM/XPoint Rapid
Restore file which is generally located in the PROGRAM FILESXPOINTAGENT
folder |
| ? |
xpcfg |
xpcfg.exe |
?? |
| ? |
Xpclient |
xpclient.exe |
Part of the IBM/XPoint Rapid
Restore utility. What does it do and is it required? |
| X |
XPCPHOST Settings |
xpcphost.exe |
Added by a variant of the RBOT WORM! |
| X |
xpiupdate |
xpiupdate.exe |
Added by the RBOT-AAB WORM! |
| U |
xPlanetControl |
xPlanetControl.exe |
Tool that displays a globe
with current day/night zones and clouds on users desktop. |
| X |
XPSoft |
CVDAsDW.exe |
Added by the SDBOT-SY WORM! |
| X |
XPSP2 Firewall |
xpsp2fw.exe |
Added by the SMALL-RN TROJAN! |
| X |
xpstart |
wini.exe |
Added by the PICRATE.A WORM! |
| X |
xpstat |
winlogins.exe |
Added by the RBOT-AAR WORM! |
| X |
XPsys |
XPsys.exe |
Added by the DELF-KQ TROJAN! |
| X |
xpsystem |
MSXMIDI.EXE |
CoolWebSearch parasite variant,
identified by Kaspersky antivirus as TrojanDropper.Win32.Small.cw |
| X |
Xpsystem |
SERVICES.EXE |
Added by the DAEMOZ.A TROJAN!
Note - this is not the legitimate services.exe process which is always
located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not
normally figure in Msconfig/Startup! This file is located in an
"SERVICES" subfolder |
| X |
xpsystem |
services.exe |
CoolWebSearch parasite variant.
Note - this is not the legitimate services.exe process, which should not
appear in Msconfig/Startup! |
| X |
xpsystem |
y.exe |
CoolWebSearch
parasite variant |
| X |
xpupdate |
updates.exe |
Added by the BROPIA.L WORM! |
| U |
XSC SIP Client |
X-Lite.exe |
"CounterPath's X-Lite
3.0 is the market's leading free SIP based softphone available for
download". For VOIP and broadband users |
| X |
xserv |
[path to trojan] |
Added by the STUMPY-A TROJAN! |
| U |
XStop95 |
XStop95.exe |
XStop - internet filter |
| N |
xswin |
xswin.exe |
Installed with a Xerox Work
Centre Pro 555. Unchecking it removes an "out of system memory"
error |
| ? |
XTCsgloader |
XTCsgloader.exe |
Another Xupiter toolbar
variant?? |
| X |
XTN Service Drivers |
winxtn.exe |
Added by the SDBOT-YK WORM! |
| U |
XTNDConnect PC - 3CmPlm |
Autodet.exe |
Component
of EasySync Pro. Synchronisation between Palm PDAs and Microsoft
Outlook |
| U |
XTNDConnect PC - ErPhn2 |
ErPhn2.exe |
Component
of EasySync Pro. Synchronisation between SonyEricsson mobile phones and
Microsoft Outlook |
| U |
XTNDConnect PC - ErTray |
ErTray.exe |
Component
of EasySync Pro. Synchronisation between SonyEricsson mobile phones and
Microsoft Outlook |
| U |
XTNDConnect PC - LtNts4 |
NtsAgnt.exe |
Component
of EasySync Pro |
| X |
Xtray |
xtray_link.exe |
Added by the VB.JL TROJAN! |
| U |
XtreamLok License Manager |
xl.exe |
License manager for xLok (XtreamLok) -
prevents software being reverse engineered |
| U |
Xtrem parental control |
pcx.exe |
ParentXtreme is a surviellance
software program that monitors user activity, logs keystrokes, and takes
screenshots. It ends the processes of anti-spyware programs. If you didn't
install this yourself remove it |
| X |
XTServiceUpdate |
XTServiceUpdate.exe |
hahame.net adware downloader |
| X |
XtTb.exe |
XtTb.exe |
Top-banners.com adware |
| ? |
xuio.exe |
xuio.exe |
?? |
| X |
Xupiter Startup |
XupiterStartup.exe |
Xupiter - adware and homepage
hijacker. Use Spybot S&D, Adware or similar to detect and remove and to
prevent it re-installing in the future see here |
| X |
XupiterCfgLoader |
BWCfgLoader.exe |
Xupiter - adware and homepage
hijacker. Use Spybot S&D, Adware or similar to detect and remove and to
prevent it re-installing in the future see here |
| X |
XupiterCfgLoader |
XTCfgLoader.exe |
Xupiter - adware and homepage
hijacker. Use Spybot S&D, Adware or similar to detect and remove and to
prevent it re-installing in the future see here |
| X |
xupiterstartup2003 |
xupiterstartup2003.exe |
Xupiter - adware and homepage
hijacker. Use Spybot S&D, Adware or similar to detect and remove and to
prevent it re-installing in the future see here |
| X |
XupiterToolbarLoader |
XupiterToolbarLoader.exe |
Xupiter - adware and homepage
hijacker. Use Spybot S&D, Adware or similar to detect and remove and to
prevent it re-installing in the future see here |
| U |
xv_ctrl |
v_ctrl.exe |
3dfx Underground Tools -
"Gives direct hardware control to your video graphics adapter" |
| X |
xware |
cskware.exe |
Malware downloader from
xxsware.com, produces adult content popups |
| X |
xware |
xware.exe |
Malware downloader from
xxsware.com, causes adult content popups |
| ? |
XWMSUSBAPI |
XWMSAPI.EXE |
Part of the installation of a
Xerox WorkCentre printer/scanner. Is it required? |
| X |
xxcm |
sys.exe |
Added by the KRISWORM-A WORM! |
| X |
xxsrSrv32 |
xxsrsrv.exe |
Added by the BANCSDE-E TROJAN! |
| X |
XXXmpeg |
XXXmpeg.exe |
Adult content dialler |
| X |
xxxvideo |
xxxvideo.exe |
AccessPlugin premium rate adult content dialler |
| X |
xy |
svhost32.exe |
Added by the DELF.FAI TROJAN! |
| U |
Y!TunnelBasic |
YTBasic.exe |
Y!TunnelBasic software provides additional features to Yahoo!
Messenger |
| U |
Y!TunnelPro |
YTPro.exe |
Spam, bot and ad blocker for
Yahoo! Messenger from Digital Asphyxia |
| U |
Y!TunnelPro |
YTunnelPro.exe |
Spam, bot and ad blocker for
Yahoo! Messenger from Digital Asphyxia |
| X |
Ya Salam |
NancyAjram.exe |
Added by the JALABED WORM! |
| X |
yaemu.exe |
yaemu.exe |
Added by the WIN32.DNSCHANGER.S
TROJAN! |
| X |
yahoo groups |
upgrdmgr.exe |
Added by a variant of the RBOT WORM! |
| ? |
Yahoo HP Reminder 1.1 |
yr.exe |
?? |
| X |
Yahoo Instant Messengar |
YahooMsgr.exe |
Added by the SDBOT.GEN TROJAN! |
| X |
Yahoo Messenger |
svchost32.exe |
Added by the SOHANA-P WORM! |
| X |
Yahoo Messenger |
Yahoomsg.exe |
Added by an unidentified WORM or
TROJAN! |
| X |
Yahoo Messenger |
YPager.exe |
Added
by the RBOT-QO WORM! |
| X |
Yahoo Messengger |
RVHOST.exe |
Added by the SILLYFDC-G WORM! |
| X |
Yahoo Messengger |
SSVICHOSST.exe |
Added by the SOHANA-R WORM! |
| X |
Yahoo Messengger |
SVICHHOST.exe |
Added by the TIOTUA-C TROJAN! |
| X |
Yahoo Update |
Yahoo!.exe |
Added by the YAHOO! TROJAN! |
| X |
Yahoo Updater |
Messenger.exe |
Added by the FORBOT-FE WORM! |
| N |
Yahoo! Pager |
YAHOOM~1.EXE |
Yahoo! Messenger allows you to
send instant messages. Available via Start -> Programs |
| N |
Yahoo! Pager |
ypager.exe |
Yahoo! Messenger allows you to
send instant messages. Available via Start -> Programs |
| X |
yahoo_toolbar lptt01 |
yahoo_toolbar.exe |
RapidBlaster variant (in a
"yahoo_toolbar" folder in Program Files). Recommended you use
RapidBlaster Killer to uninstall - see here |
| X |
yahoo_toolbar ml097e |
yahoo_toolbar.exe |
RapidBlaster variant (in a
"yahoo_toolbar" folder in Program Files). Recommended you use
RapidBlaster Killer to uninstall - see here |
| X |
Yahoo2000 |
Anti.exe |
Added by the RBOT.ATK WORM! |
| X |
Yahoo2000 |
Anti.exe |
Added by an unknown Malware, possibly a variant of the
RBOT-RAM WORM! |
| X |
YahooStock |
Prmvr.exe |
Adtomi
adware |
| X |
YahooStock |
ystckAO32.exe |
Adtomi
adware |
| ? |
YAMAHA AC-XG Power Utility |
yacpower.exe |
YAMAHA AC-XG Power Utility. What does it do and is it required? |
| N |
YAMAHA DS-XG Launcher |
dslaunch.exe |
System Tray access for the
features of the Yamaha DS-XG soundcard unless you regularly change set-ups |
| N |
Yankee Clipper III |
YankClip.exe |
Yankee Clipper
III - 'A super powerful Windows clipboard extender/memory - now in its third
generation. Handles Pictures, Richtext, URLS, etc - any size. Features
printing, drag and drop, optional permanent storage of clippings. Familiar
"Outlook" interface'. Freeware |
| N |
YBrowser |
ybrwicon.exe |
SBC Yahoo! Browser system tray
icon |
| U |
YCentral |
YahooCentral.exe |
Yahoo! Central - "alerts you if your default home page,
search, or email is changed or if updates are available for your Yahoo!
software. You can manage your default Internet settings and get updates to
your software from Yahoo!" |
| X |
yeahdude.exe |
hallowelt.exe |
Added by the GAOBOT.RS or
GAOBOT.SA WORMS! |
| X |
yemarvd |
sysmon.exe |
Added by the AGENT-CH TROJAN! |
| N |
YeppStudioAgent |
SamsungMediaStudioAgent.exe |
Samsung Media Studio MP3 player file management software -
see here for an example |
| X |
YhooUapdates |
ymssmsgs.exe |
Added by a variant of the SMALL_K TROJAN! |
| X |
YhooUpdates |
ymsmsgs.exe |
Added by the SMALL_K TROJAN! |
| X |
ying |
ying.exe |
Constructor
VC2000 malware |
| N |
ymetray |
ymetray.exe |
Yahoo! Music system tray icon |
| N |
YOP |
yop.exe |
Dashboard
Module for SBC Yahoo! Online Protection |
| U |
You've Got Pictures Screensaver |
ygpsstra.exe |
AOL You've Got Pictures
Screensaver |
| ? |
YOW tuner |
WatchPNM.exe |
?? |
| N |
ypager |
ypager.exe |
Yahoo! Messenger allows you to
send instant messages. Available via Start -> Programs |
| U |
YPC |
ypc.exe |
Yahoo Parental controls -
"Let you decide what type of sites and Yahoo! services your kids can
access" |
| U |
YPOPs |
YPOPs.exe |
YPOPs! - an application
that provides POP3 access to Yahoo! Mail. Yahoo! Mail disabled free access to
its POP3 service in 2002. This application emulates a POP3 server and enables
popular email clients like Outlook, Netscape, Eudora, Mozilla, etc., to download
email from Yahoo! account |
| Y |
YTrayMagic Lite 1 |
YTRAYMAGIC.EXE |
YTrayMagic from YoconSoft automatically restores your tray
icons after an Explorer(the windows shell) crash. Leave to run at startup
since only those icons that are in the taskbar after YTrayMagic has
initialized will be restored |
| U |
Yumgo's Homepage Protector V1 |
YumgoHomepageProtector.exe |
Yumgo's Homepage
Protector |
| X |
ywwvc.exe |
ywwvc.exe |
Added by the STARTPA-HR TROJAN! |
| X |
ywzizdon |
ywzizdon.exe |
Free_Scratch_Cards foistware |
| X |
yx |
uu.exe |
Added by the AGOBOT-YX WORM! |
| X |
yyyyyyyy |
[path to trojan] |
Added by the MUMUBOY.B TROJAN! |
| U |
Y'z Shadow |
YzShadow.exe |
Y'z Shadow 'adds a shadow effect to the windows in pursuit of
the "beauty of a shadow". It also allows the user the option of
making menus transparent' |
| U |
Y'z Toolbar |
YzToolBar.exe |
Y'z Toolbar "allows the user to change the toolbar icons
in Explorer and Internet Explorer. The user can also create and add their own
themes" |
| X |
yz.exe |
yz.exe |
Added by the VARDO TROJAN! |
| X |
YZH |
YZH.exe |
Added by the LEGMIR-BM VIRUS! |
| X |
YZH.SYS |
YZH.exe |
Added by the PHILIS.C VIRUS! |
| X |
Z |
zmon.exe |
Added by the DELBOT-AO WORM! |
| X |
Z_Start |
********.exe [* = 8 random
chars] |
ZenoSearch adware. Note - the most frequent filenames appear
to be dwdsregt.exe, rkdsregm.exe, psdsregm.exe and ZIFI002.exe but there are
others |
| X |
ZaCker |
[filename].PIF |
Added by the HOLAR.A WORM! |
| X |
Zacker |
Zacker.exe |
Added by the GEMEL WORM! |
| X |
zango |
zango.exe |
NCase adware |
| X |
Zango SiteFinder |
ZangoSiteFinder.exe |
180Solutions ZangoSearch adware variant |
| X |
Zango TvTimes |
ZANGOT~1.EXE |
ZangoSearch adware |
| X |
zanu |
zanu.exe |
NCase adware |
| Y |
Zapro |
Zapro.exe |
Firewall
program from Zonelabs - paid for version |
| U |
zBrowser Launcher |
Commandr.exe |
For a Logitech internet keyboard
- loads the software for the shortcut keys on the keyboard. Also used to
display your keyboard LEDs on-screen to indicate Caps Lock, etc if it doesn't
have them |
| U |
zBrowser Launcher |
iTouch.exe |
For a Logitech internet keyboard
- loads the software for the shortcut keys on the keyboard. Also used to
display your keyboard LEDs on-screen to indicate Caps Lock, etc if it doesn't
have them |
| ? |
zcb |
zcb.exe |
?? |
| U |
Zcfgsvc |
ZCfgSvc.exe |
Zero Config MFC Application,
part of Intel's ProSET utilities and installed by the drivers for many of
Intel wireless network cards - essential to the proper functioning of many of
the Intel ProSET utilities (but not all) and these System Tray ProSET utilities
are a must if you are using your wireless connection, if only so you know
when the signal is fading or dropping. The problem is that, in some PCs,
ZCFGSVC can be incredibly badly behaved : taking up to 100% of CPU time and
therefore resulting in an extremely slow PC, preventing the installation of
software or Windows updates, or causing "Not Responding" or
"End this Program" shutdown problems. If you experience this, try
first the very latest drivers from Intel or your laptop manufacturer. If that
still does not solve the problem and you have WinXP/2003, try setting the
"Wireless Zero Configuration" service to disabled |
| X |
zcproo |
qssstiej.exe |
Possible homepage hijacker
installing a toolbar: http://tdko.com/ ,Lop.com in disguise |
| ? |
ZDConfig |
ZDConfig.exe |
Related to various brands of
Wireless USB LAN Adapter - what does it do and is it
required? |
| N |
zdnet |
kontiki.exe |
Kontiki Delivery Manager - Windows-based client software that
enables secure delivery of content to users' desktops |
| N |
Zebus |
msdc32.exe |
Runs a HTML tutorial on the
Zebus web-site |
| X |
Zekio Startups |
znksvc32.exe |
Added by the AGOBOT-AGI WORM! |
| X |
Zen.A |
[path to trojan] |
Added by the ZOOMEN-A TROJAN! |
| X |
Zenet |
rundll32 CNBabe.dll, DllStartup |
CommonName Toolbar spyware. To
uninstall see here |
| X |
Zeno |
*sys****.exe [* = random
char/digit] |
ZenoSearch adware. Note - the most frequent filenames appear
to be rsyssx2d.exe, rsyssx2d.exe, rsystu2d.exe and ysysyz2d.exe but there are
others |
| X |
Zeno |
*winspez.exe [* = rand letter] |
ZenoSearch adware |
| X |
Zeno |
nwinrqez.exe |
Added by the QEXREZ family of TROJANS! |
| Y |
ZENRC |
zenrc32.exe |
The main
component of Novell's ZenWorks - "Complete End-to-End Directory-enabled
Network Management". Leave well alone |
| Y |
ZENRC Tray Icon |
zentray.exe |
Part of
Novell's ZenWorks - "Complete End-to-End Directory-enabled Network
Management". Best left alone |
| Y |
ZENworks Imaging Service |
ZISWin.exe |
Imaging
Agent. Part of Novell's ZenWorks - "Complete End-to-End
Directory-enabled Network Management" |
| U |
Zero PoPup Killer XP |
zpk_xp.exe |
Intelligent anti-pop-up software product by Ax-Soft |
| U |
ZeroAds |
0 |
ZeroAds - culls ads, cookies and pop-ups. Tells ZeroAds not
to run at startup - needed to start it manually |
| U |
ZeroAds |
LAS0Ads.exe |
ZeroAds - culls ads, cookies and pop-ups. Required for the
cookie interception to work |
| U |
ZeroAds |
Zeroads.exe |
ZeroAds - a popular Internet accelerator and anti-adware
application |
| U |
ZeroSpyware |
ZeroSpyware.exe |
FBM Software ZeroSpyware 2004
spyware detector and remover |
| X |
zervpack2 |
update2.exe |
Added by the SDBOT.WD WORM! |
| ? |
ZGNUBI |
ZGNUBI.exe |
?? |
| X |
Zi5 |
AntiVirus Update.exe |
Added by the ERKEZ.G WORM! |
| U |
ZIBMACC |
rundll.exe ZIBMACC.INF |
ZIBMACC.INF is an IBM file that
is only loaded and installed under a recovery operation. The file is a
support file for IBM access to the system if needed. You may delete this
file. This is as from IBM Technical Support (USA - 800-887-7435) |
| X |
ZincgrubInc |
Lsass.exe |
Added by the VOUMIT-A WORM! Note
- this is not the legitimate lsass.exe process which is always located in the
System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure
in Msconfig/Startup! This file is located in a "mirc32" folder |
| U |
ZingSpooler |
ZingSpooler.exe |
Was used for a drag and drop
program to upload pictures to www.zing.com but Zing has gone out of business.
Now used for Sony ImageStation's upload photos to online albums |
| N |
Zinio DLM |
ZDLM.EXE |
Zinio - used to read
magazines in digital rather than paper format |
| N |
Zinio DLM |
ZinioDeliveryManager.exe |
Related to Zinio used to read magazines in digital rather
than paper format |
| X |
Zip Driver Loader |
msload32.exe |
Added by the OBLIVION TROJAN! This executable is one of the
most common but there are more |
| X |
Zip Driver Loader |
ZipLoader32.exe |
Added by the OBLIVION TROJAN! This executable is one of the
most common but there are more |
| U |
ZipDisk Icons |
IMGICON.EXE |
Displays Iomega icons in
Explorer/My Computer, ejects Zip disks on shutdown and displays a special
delete confirmation box when deleting files on an Iomega drive. Available via
Start -> Programs. If you disable it remember to eject disks first before powering
the drive down - hence the "U" recommendation. Note - FreeCell may
not run with ImgIcon running |
| N |
ZipGenius Clean |
zg.exe |
ZipGenius file
compression utility |
| X |
ziphelp |
ziphelp.exe |
CoolWebSearch
parasite variant |
| N |
ZipMagic |
zm32.exe |
Zip utility by Ontrack. Preloading ZipMagic allows you to
access files within a zip archive without unzipping them first |
| Y |
zlclient |
zlclient.exe |
Firewall
program from Zonelabs. Pro version inlcudes other online security options |
| U |
ZLH |
ZLH.EXE |
System Tray icon for Norman Antivirus |
| X |
ZNN |
znnsvc.exe |
Added by the SDBOT-DAA WORM! |
| X |
Zolero Translator |
ZoleroTranslator.exe |
Zolero Translator - added by Clickspring, the makers of
Purityscan, products and are bundled with the Outer Info Network Client, or
OIN client |
| X |
Zonavirus |
0 |
Added by the KITRO.D (or
ARGEN.A) WORM! |
| X |
Zone Alarm |
vsmon.exe |
Added by the RBOT.BO WORM! If this was the ZoneAlarm firewall
the name column would be TrueVector |
| X |
zone alarm security |
zlclint.exe |
Added by
the NIRBOT WORM! |
| Y |
Zone Labs Client |
zlclient.exe |
Firewall
program from Zonelabs. Pro version inlcudes other online security options |
| X |
Zone Labs Client Ex |
svchost.exe |
Added by the NETSKY.F WORM! Note
- this is not the legitimate svchost.exe process which is always located in
the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is found in the Winnt or Windows folder |
| X |
Zone system |
szchost.exe |
Added by the MULTIDR-AC TROJAN! |
| X |
zonealarm |
[random filename] |
Added by an unidentified VIRUS,
WORM or TROJAN! The only exception is if you have an older version of the
ZoneAlarm firewall running |
| X |
Zonealarm |
iexplore.exe |
Added by the FORBOT-CP WORM!
Note - this is not the legitimate Internet Explorer (iexplore.exe) process,
which is always located in the Program FilesInternet Explorer folder and
should not normally figure in Msconfig/Startup unless you add it manually! This
file is located in the System (9x/Me) or System32 (NT/2K/XP) folder |
| X |
Zonealarm |
Removeme.exe |
Added by the FORBOT-BG WORM! |
| Y |
ZoneAlarm |
zonealarm.exe |
Firewall
program from Zonelabs - free version |
| Y |
ZoneAlarm Plus |
zaplus.exe |
Firewall
program from Zonelabs - paid for version |
| Y |
ZoneAlarm Pro |
Zapro.exe |
Firewall
program from Zonelabs - paid for version |
| X |
Zonesoft Cleaner |
rnsys.exe |
Added by a
variant of the SDBOT WORM! |
| U |
Zoom |
zoom.exe |
Zoom
- speeds up Windows startup and manages startup applications |
| U |
Zooming |
ZoomingHook.exe |
Toshiba Zooming Utility - found
on Toshiba laptops and Tablet PCs. It allows users to zoom in (or magnify)
text |
| U |
ZoomingHook |
ZoomingHook.exe |
Toshiba Zooming Utility - found
on Toshiba laptops. It allows users to zoom in (or magnify) text |
| X |
ZPoint |
winmuse.exe |
Added by the VJ TROJAN! |
| Y |
ZPOINT32 |
ZPOINT32.exe |
USB graphics/writing tablet
driver |
| X |
zSearch |
Zstb.exe |
TotalVelocity
zSearch parasite |
| X |
zSecurity Service |
szsvc.exe |
Added by the SDBOT-DAB WORM! |
| X |
zsms |
smss.exe |
Added by the BANCOS-CK TROJAN!
Note - this is not the legitimate smss.exe process which is always located in
the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is located in the Winnt or Windows
folder |
| X |
zsmsgs |
iservice.exe |
Added by the BANCOS-BU TROJAN! |
| X |
zsmss |
smss.exe |
Added by the BANCOS-DD TROJAN!
Note - this is not the legitimate smss.exe process which is always located in
the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is located in the Winnt or Windows
folder |
| U |
zSPGuard |
Spguard.exe |
"StartPage
Guard (SPG) protects your PC from cyberscam, by detecting and preventing any
unauthorized changes to your internet browser's Start and Search pages. It is
also capable of removing automatically most of known 'invaders'." |
| U |
ZSScheduler |
zsscheduler.dll |
ZeroSpyware
from FBM Software |
| X |
ZStart |
[various filenames] |
VX2.Transponder parasite updater/installer related |
| X |
Zstart |
cxdxregt.exe |
ZenoSearch adware |
| X |
ZtgServerSwitch |
server.vbs |
ZTGServerswitch is part of
Sony's Vaio support agent - designed by Support.com. Not required if the user
does not wish to use the Vaio support agent and regarded as spyware |
| U |
Zune Launcher |
ZuneLauncher.exe |
Only needed if running
Microsoft's new Zune software for use with their new Zune music player.
Similar to iTunes for the iPod |
| X |
Zupdate |
Zupdate.exe |
Associated with B3d Projector
foistware - see here |
| U |
z-WrDialer |
WrDialer.exe |
WinPoet DSL dialer |
| X |
zzb |
zzb.exe |
IAGold
adware downloader |
| X |
zzb |
zzb.exe |
IAGold
adware downloader |
| X |
zzgshp |
gshp.vbs |
Homepage hi-jacker that
re-defines your IE or Netscape start page |
| X |
zztp |
svchost.exe |
Added by the TANNICK.B TROJAN!
Note - this is not the legitimate svchost.exe process which should NOT appear
in Msconfig/Startup! |
| ? |
zzzCamlnSuitelll |
setup.exe 46*** |
?? |
| ? |
zzz-hpi-boot |
hpi-boot.exe |
Associated with HP Photosmart
printers |
| ? |
zzzhpsetup |
setup.exe |
?? |
| X |
|
dllvirtual.dll |
Added by the DADOBRA-IW TROJAN! Note - has a blank entry
under the Startup Item/Name field |
| X |
|
dllvirtual.exe |
Added by the DADOBRA-IW TROJAN! Note - has a blank entry
under the Startup Item/Name field |
| X |
|
dllvirtual.js |
Added by the DADOBRA-IW TROJAN! Note - has a blank entry
under the Startup Item/Name field |
| X |
|
MSPF.EXE |
Added by a
variant of the SDBOT WORM! This file is located in the Winnt or Windows
folder. Note - has a blank entry under the Startup Item/Name field |
| X |
|
pathex.exe |
Added by the MKMOOSE-A WORM! Note - has a blank entry under
the Startup Item/Name field |
| X |
|
svchost.exe |
Added by the DELF-UX TROJAN!
Note - this is not the legitimate svchost.exe process which is always located
in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally
figure in Msconfig/Startup! This file is located in the Winnt or Windows
folder. Note - has a blank entry under the Startup Item/Name field |
| X |
|
system32.exe |
Added by the AGOBOT-KU WORM! Note - has a blank entry under
the Startup Item/Name field |
|
|
|
|