| Name | Status | Filename | Description |
| WinCheck | X | services.exe | Added by the W32.Sober.V
WORM!
Note: This worm file is found in the Windows\ConnectionStatus\Microsoft or Winnt\ConnectionStatus\Microsoft folder. |
| Windows | X | services.exe | Added by the W32.Sober.X
WORM!
Note: This is not the legitimate Windows process services.exe (Which is always found in the System32 folder.) This worm file is found in the Windows\WinSecurity or Winnt\WinSecurity folder.
|
| !1_pgaccount | Y | pgaccount.exe | DiamondCS ProcessGuard security software - stops malicious worms and trojans from being executed silently in the background, as well as a variety of other attacks. You will see one instant of pgaccount.exe for every active account on your system, and this is essential for PG to work properly |
| !1_ProcessGuard_Startup | Y | procguard.exe | DiamondCS ProcessGuard security software - stops malicious worms and trojans from being executed silently in the background, as well as a variety of other attacks. |
| !NoLoad | U | winrecon.exe | WinRecon - surveillance software that creates records of everything people do on a computer, ie, spying or monitoring depending upon how you call it |
| $EnterNet | U | Enternet.exe | Connection manager for the EnterNet ISP. You can also use RASPPOE |
| $sys$cmp | X | $sys$xp.exe | Added by the Backdoor.Ryknos.B
TROJAN!
Note: This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder. Attempts to utilize the Sony Rootkit A.K.A. SecurityRisk.First4DRM security risk to hide itself on the compromised computer.
|
| $sys$drv | X | $sys$drv.exe | Added by the Backdoor.Ryknos
TROJAN!
Attempts to utilize the Sony Rootkit A.K.A. SecurityRisk.First4DRM security risk to hide itself on the compromised computer. |
| $WindowsRegKey%update | X | IEXPLORE.EXE | Added by a W32/Rbot-EZ WORM! Note - this is not the legitimate Internet Explorer iexplorer.exe process, it should not appear in Msconfig/Startup unless you add it manually! |
| %cmpmixtitle% | ? | %cmpmixstr% | Possibly related to C-Media Mixer Control panel? |
| %FP%012-L2TP fts.exe | ? | fts.exe | 012.Net ISP software - what does it do and is it required? |
| %FP%012-L2TP FWPortal.exe | ? | FWPortal.exe | 012.Net ISP software - what does it do and is it required? |
| %FP%1776 Internet fts.exe | ? | fts.exe | 1776 Internet ISP software - what does it do and is it required? |
| %FP%1776 Internet FWPortal.exe | ? | FWPortal.exe | 1776 Internet ISP software - what does it do and is it required? |
| %FP%Barak013 fts.exe | ? | fts.exe | Barak013 ISP software - what does it do and is it required? |
| %FP%Barak013 FWPortal.exe | ? | FWPortal.exe | Barak013 ISP software - what does it do and is it required? |
| %FP%Friendly fts.exe | ? | fts.exe | Friendly ISP software - what does it do and is it required?
|
| (*)API Machine | X | winSOCKS.exe | Homepage hijacker, see here (* = any digit) |
| (*)Run | X | win32API.exe | Homepage hijacker, see here (* = any digit) |
| (default) | X | (random filename).exe | Added by the BLACKMAL VIRUS! |
| (Default) | X | Systrsy.exe
| Added by the Trojan.Cdtray
TROJAN!
Note: This trojan file is found in the Internet Explorer folder. |
| (default) | X | llsass.exe | Added by the TROJ/PROXY-GG TROJAN! |
| (Default) | X | webcam.exe | Added by the Troj/Monad-A
TROJAN!
Note: This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
|
| (Entry name) | X | System.exe | Added by the Troj/Nethief-N
Trojan!
|
| (L4r1$$4) (4nt1) (V1ruz) | X | SP00Lsv32.pif | Added by the ASSIRAL.B WORM! |
| (no name) | X | pathex.exe | Added by the TROJ/MKMOOSE-A WORM! |
| (Original file name) | X | svchost.scr | Added by Troj/Bancban-CX
and Troj/Bancban-DA
TROJANS!
|
| (Original filename) | X | xphost.scr | Added by the Troj/Bancban-HM
TROJAN!
Note: This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
|
| (Original Trojan filename) | X | Install.exe | Added by the Troj/Bancban-FS
TROJAN!
Note: This trojan file is found in the Windows or Winnt folder. |
| (random 12 digit number) | X | actxprxy.exe | Adsrv.com/IeDriver adware variant |
| (random 12 digit number) | X | avicap32.exe | Adsrv.com/IeDriver adware variant |
| (random 12 digit number) | X | browser8.exe | Adsrv.com/IeDriver adware variant |
| (random 12 digit number) | X | avifile5.exe | Adsrv.com/IeDriver adware variant |
| (random 12 digit number) | X | bootvid4.exe | Adsrv.com/IeDriver adware variant |
| (random 12 digit number) | X | cdmodem4.exe | Adsrv.com/IeDriver adware variant |
| (random 12 digit number) | X | acctres8.exe | Adsrv.com/IeDriver adware variant |
| (random 12 digit number) | X | autodisc.exe | Adsrv.com/IeDriver adware variant |
| (random 12 digit number) | X | cabview1.exe | Adsrv.com/IeDriver adware variant |
| (random 12 digit number) | X | atitvo32.exe | Adsrv.com/IeDriver adware variant |
| (random 12 digit number) | X | advpack1.exe | Adsrv.com/IeDriver adware variant |
| (random 12 digit number) | X | batmeter.exe | Adsrv.com/IeDriver adware variant
|
| (random 12 digit number) | X | bidispl2.exe | Adsrv.com/IeDriver adware variant
|
| (random 12 digit number) | X | asferror.exe | Adsrv.com/IeDriver adware variant |
| (random 12 digit number) | X | catsrvps.exe | Adsrv.com/IeDriver adware variant |
| (random 12 digit number) | X | audiosrv.exe | Adsrv.com/IeDriver adware variant |
| (random 12 digit number) | X | admparse.exe | Adsrv.com/IeDriver adware variant
|
| (random 12 digit number) | X | bootvid2.exe | Adsrv.com/IeDriver adware variant
|
| (random 12 digit number) | X | cmpbk321.exe | Adsrv.com/IeDriver adware variant
|
| (Random characters) | X | securewinload32x.exe | Added by the Troj/OptixP-N
TROJAN!
Note: This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder. The file system32dir2a.exe will also be found in the same folder and should be deleted.
|
| (random name) | X | (random filename) | Added by the Troj/StartPa-GL
Trojan!
Found in the WINDOWS or Winnt directory.
|
| (Random number) | X | explorer.exe | Added by the Troj/Keylog-AN
TROJAN!
Note: This trojan file is found in the Windows\service or Winnt\service folder, be sure to check the link for this one, It copies it's self under 9 additional file names, all in the Windows\service or Winnt\service folder. |
| (random) | X | lsass.scr | Added by Troj/Bancban-CW
Trojan! |
| (random) | X | svchost.scr | Added by Troj/Bancban-CY
Trojan!
|
| (Random) | X | svshost.exe | Added by the W32/Kelvir-AX
WORM!
Note: This worm\trojan file is found in the System\(random folder name) (95/98/ME) or System32\(random folder name) (NT/2000/XP) folder. |
| (Randomly chosen existing folder name) | X | _cfg.exe | Added by the W32/Antinny-L
WORM!
|
| (Randomly chosen existing folder name) | X | _login.exe | Added by the W32/Antinny-L
WORM!
|
| (Randomly chosen existing folder name) | X | _start.exe | Added by the W32/Antinny-L
WORM!
|
| (Randomly chosen existing folder name) | X | _config.exe | Added by the W32/Antinny-L
WORM!
|
| (Randomly chosen existing folder name) | X | _autorun.exe | Added by the W32/Antinny-L
WORM!
|
| (Randomly chosen existing folder name) | X | _loader.exe | Added by the W32/Antinny-L
WORM!
|
| (Randomly chosen existing folder name) | X | _env.exe | Added by the W32/Antinny-L
WORM!
|
| (Randomly chosen existing folder name) | X | _setup.exe | Added by the W32/Antinny-L
WORM!
|
| (Registry Value Name) | X | roses.exe | Added by the W32/Rbot-AFT
Worm!
|
| (Unknown) | X | charmapnt.exe | Added by the Troj/Bancos-DR
TROJAN!
|
| (User name) config | X | (Path to Trojan exe) | Added by the Troj/Mosuck-H
TROJAN!
|
| (various file names) | X | mediaplayer32.exe | Added by a variant of the WIN32.RBOT WORM!
|
| (various file names) | X | bling.exe | Added by the W32/RBOT-NI WORM! |
| (various names) | X | win32snd.exe | Added by the W32/RBOT-DQ WORM! |
| (various names) | X | svchostss.exe | Added by a variant of the WIN32.RBOT WORM!
|
| (various names) | X | PasswdMon.exe | TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here |
| (various names) | X | runload32.exe | TROJAN! - part of Wareout, malware masquerading as a spyware and dialer remover, see here |
| *JanisRuckenbrodII | X | janis.com | Added by the POPS VIRUS! |
| *Microsoft Update | X | wucxt.exe | Added by the W32.HLLW.STMU TROJAN! |
| *Microsoft Update | X | wuytc.exe | Added by the W32.HLLW.STMU TROJAN! |
| *Microsoft Update | X | ctxma.exe | Added by the W32.HLLW.STMU TROJAN! |
| *Microsoft Update | X | wstcl.exe | Added by the W32.HLLW.STMU TROJAN! |
| *Microsoft Update | X | cxma.exe | Added by the W32.HLLW.STMU TROJAN! |
| *microsoft update | X | cxma.exe | Added by the W32.HLLW.STMU TROJAN |
| *MS Setup | X | [random file name] | Virtumondo adware, also known as the VUNDO TROJAN! |
| *Security Center | X | secctr.exe | Added by the SDBOT.BRO WORM! |
| *StateMgr | Y | statemgr.exe | Windows ME default for System Restore. Do NOT disable! |
| *windows update | X | wurauclt.exe | Added by the W32/RBOT-SY WORM! |
| *windows update | X | wsctl.exe | Added by the SPYBOT.PR WORM! |
| *windows update | X | wscxt.exe | Added by the RBOT.AOS WORM! |
| *windows update | X | wkmst.exe | Added by the SDBOT.AVD WORM! |
| *windows update | X | wuaucrlt.exe | Added by the SPYBOT.HUR WORM! |
| *windows update | X | waurclt.exe | Added by a variant of the WIN32.RBOT WORM! |
| *WinLogon | X | [trojan path] ren time:[random number] | Added by the VUNDO TROJAN!
|
| *winstats | X | winstats.exe | Added by the Trojan.Gargafx
TROJAN! Note: This trojan file (winstats.exe) is found in the Windows or Winnt folder. |
| *wuauclt.exe | X | w****.exe (* = random char) | Added by a variant of the W32/RBOT-UG WORM! - NOTE: * in the file name represents a random char; variants spotted: wxmct.exe, wtmsv.exe, wxmst.exe, wmsvc.exe and so on... |
| *wuauclt.exe | X | wmsvc.exe | Added by the W32/RBOT-UG WORM! |
| ,main drive Loader | X | wininfo.exe | Suspected malware as it appears in 3 different registry locations - see here |
| .mscdr | X | lassa.exe | Added by the WEBUS.C TROJAN! |
| .mscdr | X | lsvchost.exe | Added by the WEBUS.D TROJAN! |
| .mscdsr | X | lsvchost.exe | Added by the Troj/Bdoor-CR
Trojan!
|
| .mscsbl | X | svhost.exe | Added by the BACKDOOR-CMQ TROJAN! |
| .msfupdate | X | msveup.exe | Added by the W32.ALLOCUP.A WORM! |
| .mssecure | X | mssecure.exe | Added by the DDOS_BOXED.X TROJAN! |
| .mssecure | X | mssecure.exe | Added by the Troj/Borobot-B
Trojan!
|
| .NET config | ? | sysmon32.exe | ?? |
| .norton | X | rchost.exe | Added by a variant of the BOXED-A
TROJAN! |
| .Prog | X | services.exe | Added by the NEVEG.B or NEVEG.C WORMS! Note - this is not the valid Windows Service Controller (services.exe ) process |
| .Prog | X | winlogon.exe | Added by NEVEG.A WORM! Note - this is not the valid Windows Logon winlogon.exe process |
| .svchost | X | CSRSS.EXE | Added by the WEBUS.F TROJAN! - NOTE - this file is placed in the Winnt\System or Windows\System folder, and should NOT be confused with the legitimate Windows Client Server Runtime Subsystem csrss.exe process, which provides text window support, shutdown, and hard-error handling, always located in the Winnt\System32 or Windows\System32 folder, and which moreover should NOT figure in Msconfig/Startup!
|
| .TEXTCONV | X | csrss.exe | Added by the WEBUS TROJAN! Note - this is not the valid Client Server Runtime Subsystem csrss.exe process, which provides text window support, shutdown, and hard-error handling |
| .WMAudio | X | csrss.exe | Added by the WEBUS TROJAN! Note - this is not the valid Client Server Runtime Subsystem csrss.exe process" which provides text window support, shutdown, and hard-error handling |
| .WMAudio | X | lsass.exe | Added by a Webus.B trojan infection. Note - this is not the legitimate Lsass.exe system file, which should normally NOT figure in Msconfig/Startup |
| /l:eng | N | N/A | Related to the Dell OEM version of the Sound Blaster Audigy 2 sound card. If this item is listed and checked in startup, the System32 Folder will appear on every startup |
| 000 | U | pit.exe | Added by the PrivateEye SPYWARE! **Note - If you did not intentionally install this remove it. |
| 000hpdllhos | X | hpdllhost.exe | LZIO.com adware downloader |
| 000StTHK | U | 000StTHK.exe | Toshiba Hot key functionality for the function keys (Fn-Esc, Fn-F1 (lock), Fn-F2, Fn-F3, Fn-F4, Fn-F5 (switching between laptop and CRT display output), etc...) |
| 0050726-007-i32-1 | X | 0050726-007-i32-1.exe | Added by the Troj/Bancban-EC
TROJAN!
|
| 00DSKSVR00 | N | desksaver.exe | Related to Advanced_Desktop_Shield |
| 00DSKSVR01 | N | desksaver.exe | Related to Advanced_Desktop_Shield |
| 00THotkey | U | 00THotKey.exe | For Toshiba Satellite notebook series to use the front buttons, play, stop, next, prev. |
| 0190 Warner | U | WARN0190.EXE | Anti-dialer program (Germany) |
| 0900 Warner | U | WARN0900.EXE | Anti-dialer program (Germany) |
| 0utlook Express | X | *****.exe (where * = random char) | Added by the W32/RBOT-CC WORM! |
| 1 | X | 1.exe | Added by the ESTEEMS TROJAN! |
| 1 | X | svchost.scr | Added by PWSteal.Bancos.X Trojan.
|
| 1 | X | lsass.scr | Added by the PWSteal.Bancos.V TROJAN! |
| 11 | X | faxcomdos.exe | Added by the Tuimer TROJAN! |
| 1111swapmgr.exe | X | 1111swapmgr.exe | Added by the BDOOR-IC TROJAN! |
| 123456 | X | rundll32.exe shell32.dll, Control_RunDLL ...123456.cpl | Added by the KITRO.C (or DANDI.A) VIRUS! 123456 can be any random 3 to 6 digit number |
| 12Ghosts Popup-Killer | U | 12popup.exe | 12Ghosts Popup-Killer |
| 17779Proj2002 | ? | N/A | ?? |
| 180adsolution | X | 180adsolution.exe | 180Solutions/N-Case adware variant
|
| 180ax | X | 180ax.exe | 180Solutions/N-Case adware variant
|
| 180ClientStubInstall | X | stubinstaller****.exe (* = digit) | 180Solutions adware related |
| 180ClientStubInstall | X | ******.exe (* = random digit/character) | 180Solutions adware related |
| 180ClientStubInstall | X | ******.tmp (* = random digit/character) | 180Solutions adware related |
| 1: | N | hpdrv.exe | HP utility for monitoring when and how many recoveries have been done |
| 1A:MacVisionTrayMonitor | N | TrayMonitor.exe | Comes with the MacVision program for monitoring tray icons (Note : program is by Stardock) |
| 1A:Stardock MCP | Y | mcpserver.exe | Master Control Program for Stardock apps, in development. People should leave it running if they're using any of the Stardock applications |
| 1A:Stardock TrayMonitor | Y | TrayServer.exe | For monitoring tray icons - if disabled icons will not be displayed in ObjectBar or DesktopX |
| 1CmailS | ? | NETMAIL.EXE | ?? |
| 1on1 | X | 1on1.exe | Adult content dialler |
| 1Srv32 | U | SpyAgent4.exe | SpyTech SpyAgent monitoring software. "Spy software that allows you to monitor EVERYTHING users do on your PC." |
| 1Win32Cfg | U | SpyBuddy.exe | SpyBuddy monitoring software |
| 1Win32Cfg | U | Keyloggerpro.exe | KeyloggerPro - monitoring software |
| 1WinCfg32 | X | "\WebMailSpy.exe | Added by WebMailSpy SPYWARE! |
| 2020Downloader | X | mssvr.exe | 2020Search Toolbar related. Reported to be auto-installed |
| 252 | X | winmgr.exe | Added by the Troj/LegMir-AT
TROJAN!
|
| 27 | X | slsorve.exe | Added by the SLSORVE-A TROJAN! |
| 27 | X | csrss32.exe | Added by the TROJ/SLSORVE-D TROJAN! |
| 27 | X | msm32.exe | Added by the TROJ/SLSORVE-E TROJAN! |
| 2kadiras | Y | 2kadiras.exe | Allied_Telesyn AT series router/modem related - apparently required
|
| 2thousandbuck | X | (path to file) | Added by the RANKY.L TROJAN!
|
| 2wSysTray | U | 2portalmon.exe | 2Wire Homeportal user interface |
| 32-bit Thunking service | X | thunk32.exe | Added by the W32.Derdero.A WORM! |
| 357AA41A-B7A8-4632-A27D-5B980B25CF43 | X | [path to svchost.exe] | Added by the SMALL-AQ TROJAN! |
| 357AA41A-B7A8-4632-A27D-5B980B25CF43 | X | services.exe | Added by FakeMessage/AdRotator adware - NOTE - this file is placed in a Winnt\System32\Inetserv or Windows\System32\Inetsrv folder, and should NOT be confused with the legitimate Windows services.exe process, always located in the Winnt\System32 or Windows\System32 folder, and which moreover should NOT figure in Msconfig/Startup!
|
| 3c1807pd | Y | 3cmlink.exe 3cpipe-3c1807pd | 3Com WinModem driver. See here for more WinModem information |
| 3capplnk | Y | 3capplnk.exe | US Robotics Modem driver |
| 3cdminic | N | 3CDMINIC.EXE | 3Com DMI (DynamicAccess Desktop Management Interface) Agent associated with 3Com network cards |
| 3CM Link | Y | 3cmcnkw.exe | Required for a US Robotics WinModem as it provides the link to Windows - won't work without it. |
| 3Cmlink | Y | 3CmlinkW.exe | For a US Robotics WinModem. Provides the link to Windows as the CPU does the processing on WinModems - won't work without it. See here for more WinModem information |
| 3ComDMIAgent | N | 3CDMINIC.EXE | 3Com DMI (DynamicAccess Desktop Management Interface) Agent associated with 3Com network cards |
| 3D Text | N | 3D Text.scr | Added by the JERMY.A VIRUS! |
| 3Deep Control Panel | U | 3DeepCTL.EXE | From LightSurf Technologies (nee E-Color) - 3Deep corrects lighting, shading and color for all your 2D and 3D games |
| 3Dfx Acc | X | GFXACC.EXE | Added by the GIBE VIRUS! |
| 3dfx Task Manager | N | 3dfxMan.exe | System Tray application for 3dfx Voodoo 3/4/5 functions. Available via Start -> Programs |
| 3dfx Tools | Y | 3dfxCmn.dll | Updates the registry with information that can't be held for Voodoo 3/4/5 series graphics cards. Important for owners of these cards |
| 3dfxv2ps.dll | Y | 3dfxv2ps.dll | Updates the registry with info that can't be held for 3dfx Voodoo 2 video cards. Important for owners of these cards |
| 3Dlabs Taskbar Display Manager | ? | 3DLman.exe | 3DLabs graphics driver related. System Tray access to display settings? |
| 3DLabsHelperDemon | U | 3dldemon.exe | Directly from the programs author "It is a tiny program that is installed by the Permedia2/3 and probably other Oxygen-series cards. Normally it sits in the background doing nothing at all (sleeping on a semaphore), so it should take zero CPU time and virtually zero memory, since it will all be paged out to the hard drive." In most cases it can be safely disabled |
| 3DMouse.EXE | Y | 3DMouse.EXE | Dritek System Inc. 3D Mouse driver |
| 3d_sound | X | 3d_sound.exe | Added by the Troj/Riados-A
TROJAN!
Note: This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
|
| 3qdctl.exe | U | 3qdctl.exe | Provided with Terratec 128i PCI and similar sound cards. Loads a sound profile at bootup, restoring volume and other audio settings to a pre-determined default. Similar to Creative Lab's AudioHQ |
| 3ware 3DM | Y | 3dm.exe | Monitors status of the disk array on 3ware IDE RAID controllers |
| 4wd!!! | X | Natal!.pif | Added by the OPASERV.AI VIRUS! |
| 5-1-61-96 | X | members-area.exe | Adult content dialler |
| 5-2-46-112 | X | 5-2-46-112.exe | Adult content pop-up dialler. Removal instructions here |
| 55278 | X | grepclient1.exe | Added by the Troj/Lineage-S
Trojan! |
| 5p4m | X | (Path to Trojan) | Added by the Troj/Litebot-C
TROJAN!
|
| 666 | X | Ska.exe | Added by the Troj/Pipes TROJAN! |
| 678 | X | lsas32.exe | Added by the Troj/Slsorve-C
TROJAN!
|
| 98D0CE0C16B1 | X | rundll32.exe D0CE0C16B1,D0CE0C16B1 | BrowserAid/Startium parasite related |
| 9xadiras | Y | 9xadiras.exe | Allied_Telesyn AT series router/modem related - apparently required
|
| 9xHtProtect | X | AVprotect9x.exe | Added by the W32.NETSKY.M WORM! |
| ;Rundll | X | (random filename) | Added by the PWSLEGMIR.E VIRUS! |
| X | Regsrv32.com | Added by the SOUTHGHOST VIRUS! |
| X | App.exe | Added by the WAXPOW VIRUS! where <filename> is the executed filename |
| X | wincpu.exe | Added by an unidentified VIRUS! |
| X | elf.exe | Elf is a hacker program, tied to a trojan server |
| ?ekio Startups | X | ?nksvc32.exe | Added by the W32/AGOBOT-OV WORM! |
| @ | X | regedit -s ..win.dll | Added by the SEEKER.K VIRUS! |
| @Hoc Toolbar | N | AtHoc.exe | One-click activated browsing toolbar used by various web-sites. See here for more info |
| @loha | N | reminder.exe | Registration reminder for @loha@home E-mail utility |
| @tour_ww | X | @tour_ww[1].exe | Adult content dialler |
| a | X | a.exe | Commercials file that registers itself in the system registry and redirects IE to a certain commercial website |
| a | X | jesse.exe | Added by the W32/Melo-A
WORM!
Note: This worm file is found in the system32\drivers\etc folder.
|
| A New Windows Updater | X | w32NTupdt.exe | Added by W32.Mytob.BM WORM! |
| a-squared | U | a2guard.exe | a-Squared antitrojan - can be run on demand, but necessary in Startup, if you prefer the a˛ 'Background Guard' real time protection feature |
| a-winpoet-service | Y | winpppoverethernet.exe | WinPoET is the industry's first Windows-based PPP over Ethernet client. Developed by iVasion, WinPoET is attractive to equipment providers, modem suppliers, RBOCs and ISPs. For more info read here. It uses dial-up networking for new high-speed internet customers who are more familiar with analogue modems. If unchecked in MSCONFIG it reports Error 360 - Hardware Error in dial-up networking |
| A1000 Settings Utility | U | cpqa1000.exe | Compaq A1000 Print Fax All-in-One copy scan printer software. Required in the Startup in order to scan, print, copy and fax. Only required if you use these features |
| A4Proxy | U | A4Proxy.exe | Anonymity 4 Proxy - local proxy server that makes you anonymous when visiting web sites |
| A70F6A1D-0195-42a2-934C-D8AC0F7C08EB | X | rundll32.exe E6F1873B.DLL,D9EBC318C | BrowserAid/Startium parasite related |
| AAACLEAN | ? | AAACLEAN.INF | ?? |
| AAAKeyboard | ? | ?? | ?? |
| AAATraySaver | N | TraySaver.exe | System Tray management utility from Mike Lin which allows you to hide, show, restore icons that are lost in an Explorer crash, remove dead tray icons, minimize any window to the System Tray |
| AAK | U | aak.exe | Advanced Anti-Keylogger - "Anti-spy software to prohibit operation of any keyloggers currently in use or presently being developed anywhere" |
| Aaou | X | amee.exe | PurityScan/Clickspring adware |
| Aapp | X | adprot | AdBlaster adware |
| aauclient | ? | ACNUpdater.exe | Appears to be related to software from Accenture.com - what does it do and is it required? |
| ab EazyScheduler | ? | ezsched.exe | ?? |
| ABBYY Community Agent | N | CAGENT.EXE | Installed with the Optical Character Recognition (OCR) software that comes bundled with a Compaq A3000 all-in-one printer/scanner. Its function appears to be to link you to the internet in an attempt to buy the 5.0 version of the software |
| ABC | X | keylogger.exe | Monitors keystrokes so you can check if someone has typed anything while your away from your PC. Reported as spyware by SpyCop in their FAQ |
| abcdefgh | X | abcdefgh.exe | Malware - detected by Panda antivirus as the DOWNLOADER.EPJ TROJAN!
|
| ABITEQ | N | abiteq.exe | Monitoring utility for ABIT Motherboards. Displays system voltages, temperatures and fan speeds. |
| Absolute Shield | U | dseraser.exe | Absolute Shield/Evidence Eliminator - iternet history eraser |
| Absolute StartUp monitor | U | ASMon.exe | Absolute Startup - startup monitor from F-Group Software |
| ABsr | X | absr.exe | Added by the AUTOUPDER VIRUS! |
| absr | X | mwsvm.exe | SeekSeek search hijacker related - as seen here |
| abtu | X | mp3serch.exe | Loads the executable for Lop.com. mp3serch.exe is the final version whilst lopsearch.exe is the beta version |
| abtu | X | lopsearch.exe | Loads the executable for LOP adware - mp3serch.exe is the final version whilst lopsearch.exe is the beta version |
| AbyssWebServer | U | abyssws.exe | Abyss web server |
| AcBtnMgr_Xxx | Y | AcBtnMgr_Xxx.exe | Associated with the Lexmark Xxx (where "xx" is the model) all-in-one printer/scanner/copier. Required for correct operation |
| acc | U | acc.exe | Advanced Call Center - "full-featured yet easy-to-use answering machine software for your voice modem" |
| ACCDEFRAGINFO | X | (path to file) | Added by the W32/Darby-O WORM! |
| Accelerate | U | accelerate.exe | Webroot Accelerate - allows you to optimize Windows network registry settings in order to boost surfing speeds. Leave this enabled if you find it improves your connection |
| Access Ramp Monitor | N | armon32.exe | Monitors your progress on the internet; hang-ups, connection speeds, internet congestion and traffic flow. It prevents some games from running also. To disable the Access Ramp Monitor (1) Open Windows Explorer (2) Open the Program Files folder (3) Open the MindSpring folder (4) Open the AccessRamp folder (5) Double-click on the ARMCfg32.exe file (6) Uncheck Enable Dialup Monitor and click OK (7) Restart the computer and try again |
| Access WebControl | X | [path to file] | Added by the TROJ/PPDOOR-M TROJAN!
|
| AccessManager | U | AccessMgr.exe | Part of SmartPipes SecureSite software - "SecureSite enables rapid turnup and enhanced administration of VPNs. It automates and simplifies tasks for VPN design and policy management, access control management, and key management"
|
| AccessMedia P2P Loader | X | amp2pl.exe | My AccessMedia toolbar related, stealth installed! |
| AccessoriesPlus | U | clockplus.exe | "Clock Plus", part of Accessories_Plus allows you to select from dozens of alternatives for the Windows clock. |
| AccessRamp Monitor01 | N | ARMon32a.exe | From a visitor "Just wanted to provide you with some info on Access Ramp software installed with Verizon DSL accounts in those areas that use the Winpoet PPPoE software. The Access Ramp TSRs are installed as part of IP Insight software (can't remember the software maker). You can decline to install IP Insight during Winpoet setup, or go into Add/Remove programs uninstall IP Insight by hand if it's already installed. It really doesn't do a darn thing for you. It was intended to help DSL techs monitor QoS, but the backend part was never implemented (at least as of earlier this year). This will not affect the user's ability or inability to access their DSL service." |
| AccessRampLAN01 | N | ARUpld32.exe | Version of the above for LAN connections - a history uploader. The key in turning it off is a file named ARUCfg32.exe. This file (ARUCfg32.exe) does not show up in the startup process. If you have this file, you can execute it and remove all the monitoring activities it does. Removing all the checks in all the boxes (both tabs) still calls ARUpld32.exe to start when you start the dial up. You can block it from sending info if you have Zone Alarm installed. Renaming the extension of ARUCfg32.exe to ARUCfg32.exe1 works. The ARUpld32.exe is not loaded when launching the dial up client. Written by IP Insight and also included with Earthlink Total Access 2003 |
| AcctMgr | U | AcctMgr.exe | Norton™ Password Manager - part of Norton SystemWorks 2004 - stores passwords and other personal information, and retrieves the data needed for email logins, shopping orders, banking, and other online activities—all from the safety of your own PC |
| AccuWeather.com® Desktop | N | ?? | Desktop weather from AccuWeather.com |
| accwizz.exe | X | accwizz.exe | Added by the W32.Ruland.A
WORM!
|
| accwizzz.exe | X | accwizzz.exe | Added by the W32.Ruland.A
WORM!
|
| Acecad.Wtxpload | Y | Wtxpload.exe Acecad | driver for an AceCad USB Graphics Tablet |
| AceGain LiveUpdate | N | LiveUpdate.exe | AceGain_LiveUpdate . "AceGain LiveUpdate provides a fully managed and customizable LiveUpdate platform that seamlessly integrates with a game. As soon as an update is made available, AceGain manages the alert, download and installation as well as version control and user network preferences." |
| AcerGoto | U | AcerGoto.exe | Acer Computer "Goto Drive" Cold Swap Driver - a swappable second disk drive provides convenient backup of large files, or easy importation of data from user's previous computer. |
| AcerNotebookManager | U | almxptray.exe | System Tray access on some Acer Notebooks to give faster access to system settings |
| AcerPowerkey | U | Powerkey.exe | PowerKey utility for Acer TravelMate notebook PCs. Allows the user to quickly switch between different power schemes by pressing Fn F3 |
| Aceu | X | [random file name] | PurityScan/Clickspring adware |
| AceUtils | N | au.exe | Related to Ace Utilities from Acelogix_Software
Note: this is NOT to be confused with the au.exe used by the BEAGLE.B worm! |
| AClntUsr | U | AClntUsr.exe | Altiris AClient Service Windows Tray Icon |
| Acme.PCHButton | N | pchbutton.exe | Used by HP Instant Support |
| ACMonitor_Xxx | Y | ACMonitor_Xxx.exe | Associated with the Lexmark Xxx (where "xx" is the model) all-in-one printer/scanner/copier. Required for correct operation |
| acocash | X | fastdown.exe, fastfown.exe | Adult content dialler |
| Acombo3dmouse | U | Acombo3d.exe | Mouse driver - required if you use non-standard Windows driver features |
| Aconti | X | aconti.exe | Adult content dialler |
| acoustic | U | acoustic.exe | Control panel program for Philips Acoustic Edge soundcard. Not required unless changed settings aren't retained |
| acpart | N | agpart11.exe | Program for finding trucks on-line |
| Acrobat Assistant | U | ACROTRAY.EXE | Used to create PDF files with Acrobat Distiller. For Win9x/Me systems you can run this file manually beforehand. For WinXP systems this file must run at startup. Hence the "U" recommendation |
| Acronis Scheduler2 Service | U | schedhlp.exe | Part of Acronis True Image - backup software. Co-operates with the "schedul2.exe" servuce to perform backup/restore tasks correctly. Required if you want to use TrueImage to do some real backup/restore tasks - not if you only want to explore/mount images |
| Acronis True Image Monitor | N | TrueImageMonitor.exe | Part of Acronis_True_Image - backup software. Can be disabled without affecting TrueImage |
| Acronis TrueImage Monitor | N | TrueImageMonitor.exe | Part of Acronis True Image - backup software. Can be disabled without affecting TrueImage |
| AcronisTrueImage Monitor | N | TrueImageMonitor.exe | Part of Acronis_True_Image - backup software. Can be disabled without affecting TrueImage |
| Action Manager 32 | N | am32.exe | Associated with a Plustech scanner. Small utility that runs in the background for doing fax/copy/etc. Available via Start -> Programs |
| ActionAgent | ? | actionagent.exe | "A COM server that runs on the client as part of the Dell OpenManage Client Instrumentation 6.x package; provides a simple method for a remote administrator to perform actions on the instrumented client". Is it required? |
| Activation | N | Activation.exe | Part of Microsoft Money |
| Activboard | U | MMKeybd.exe | Packard Bell ActiveBoard keyboard - multimedia keyboard manager. Required if you use the additional keys and want to see the status of the Num Lock, Caps Lock, Scroll Lock keys |
| Active Bit Station | X | abs.exe | Added by the W32.MYTOB.BZ WORM! |
| Active Email Monitor | U | aem25.exe | Active_Email_Monitor checks multiple accounts for email, serves as a SPAM filter and can also protect you from harmful items that can be sent via email.
|
| Active shield | U | Activeshield.exe | Active_Shield is "an heuristic screen that actively protects your computer from trojans, spyware, adware, trackware, dialers, keyloggers, and even some special kinds of viruses["
|
| ActiveDesktop | X | systray32.exe | Added by the DABOOM VIRUS! |
| ACTIVEDS | X | ACTIVEDS.EXE | Added by the OPASERV.T VIRUS! |
| ActiveEyes | N | ActiveEyes.exe | ActiveEyes from TFI Technology |
| ActiveMenu | U | ActiveMenu.exe | Wild Tangent demo games that come with some HP computers. Unchecking it can prevent the games from running occasionally. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case |
| ActivePlus | U | activeplus.exe | Interactive Agents Plugin for Messenger Plus! (MSN Messenger add-on) |
| ActiveShield | Y | MCVSSHLD.EXE | McAfee VirusScan On-line. See also McAgentExe entry. |
| ActiveSpeed | U | AS.exe | Ascentive ActiveSpeed Internet Optimizer |
| ActiveX Streamer | X | msgfix.exe | Added by the SDBOT.NQ WORM! |
| ActiveXUpdate | X | svcss.exe | Added by a variant of the DEDLER.C TROJAN! |
| Activity | U | actik.exe | ActivityKey Keystroke logger/monitoring program - remove unless you installed it yourself! |
| ActivSurf | N | backweb*****.exe | Packard Bell ActivSurf - automatically detects an internet connection and downloads any available updates |
| ActMaker | U | ActMak25.exe | The ActMaker mouse and keyboard toolkit can record the daily operation of your computer and reduce your workload. You don't need to do any coding, nor are you required to know a lot about the computer.
|
| ACU | U | ACU.exe | Atheros wireless Client Utility For HP Compaq |
| ACU_QSB | U | ACU.exe | Atheros wireless Client Utility For HP Compaq |
| Ad Blocker | U | blocker.exe | Ad Blocker - blocks popups, and also removes banners, image ads and flash ads |
| Ad Blocker Pro | U | Ad Blocker Pro.exe | "Ad Away" popup and banner remover |
| Ad Muncher | U | AdMunch.exe | Ad Muncher removes adverts, pop-ups and general annoyances in your browser, file-sharing and
messenger programs. Causes conflicts with Outlook, game sites and web-building applications |
| Ad Online Guide | ? | adonlineguide.exe | ?? |
| Ad-aware | N | Ad-aware.exe | Ad-aware from Lavasoft. Checks your PC for "Spyware" which reports back your internet activities to "base". Available via Start -> Programs |
| Ad-Aware | X | Ad-Aware.exe | Added by the W32/Rbot-ADJ
Worm!
|
| Ad-Aware-6 | X | WINDOWSUPDATER.EXE | Added by an unidentified WORM or TROJAN! |
| Ad-Muncher | U | ADMUNCH.EXE | Ad Muncher removes adverts, pop-ups and general annoyances in your browser, file-sharing and messenger programs. Causes conflicts with Outlook, game sites and web-building applications |
| Ad-watch | U | Ad-watch.exe | Part of Lavasoft Ad-aware Plus - realtime spyware-monitor watching your memory and registry for spyware that tries to install or change your system |
| AD2KClient | U | AD2KClient.exe | Executable for Active Disk from Iomega disk - allows software applications to be run directly from an Iomega Zip® disk. Required if you wish the applications to launch on insertion of a disk |
| Adaptec DirectCD | N | Directcd.exe | DirectCD primarily allows you to drag and drop files onto a suitably formatted CD-RW disc. Unless you use this on a frequent basis it isn't required and is available via Start -> Programs. Start the program before inserting a DirectCD formatted CD-RW in the drive. A re-boot is recommended if you close Adaptec DirectCD before re-opening it again later |
| AdaptecDirectCD | N | Directcd.exe | DirectCD primarily allows you to drag and drop files onto a suitably formatted CD-RW disc. Unless you use this on a frequent basis it isn't required and is available via Start -> Programs. Start the program before inserting a DirectCD formatted CD-RW in the drive. A re-boot is recommended if you close Adaptec DirectCD before re-opening it again later |
| AdAware | X | wini.exe | Added by the W32/RBOT-XN WORM! |
| Adaware Bootup | N | ad-aware.exe | Ad-aware from Lavasoft. Checks your PC for "Spyware" which reports back your internet activities to "base". Available via Start -> Programs |
| Adaware lptt01 or Adaware ml097e | X | adaware.exe | Variant of the RapidBlaster parasite (in a "Adaware" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here. Note - this is not the valid Lavasoft Adaware |
| Add**.exe (* = random char) | X | Add**.exe (* = random char) | CoolWebSearch/HomeSearch adware component - for examples, see this log
|
| Add**32.exe (* = random char) | X | Add**32.exe (* = random char) | CoolWebSearch/HomeSearch adware component - for examples, see this log.
|
| AddClass | X | (Path to Trojan) | Added by the Troj/SecDl-A
TROJAN!
|
| AdDelete | U | AdDelete.exe | Banner advertisment blocker |
| AdDestroyer | X | AdDestroyer.exe | Like VirtualBouncer, malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the malware it claims to remove/prevent, so definitely qualifies as unsolicited commercial software in itself. It also has an update feature that can download and execute arbitrary code |
| ADG | ? | ADG.exe | SoundBlaster Audigy related? |
| ADGJdet | N | ADGJDet.exe | Added with SoundBlaster Live! or Audigy soundcards for headphone autodetection |
| Adiras | Y | Adiras.exe | ADSL USB modem related |
| ADM Library Loader | X | admlib32.exe | Added by a variant of the SDBOT WORM! |
| Admanager Controller | X | AdManCtl.exe | WindUpdates ADW_WINAD.M adware |
| Admilli Service | X | AdmilliServ.exe | WindUpdates AdmilliServ adware |
| Administrator | X | svchost.scr | Added by the Backdoor.Novacal
TROJAN!
Note: This trojan file is found in the Windows\Fonts or Winnt\Fonts folder. |
| AdminSoft | X | sysfile.vbs | Added by the VBS/STARGRUB-A WORM! |
| Adobe | X | Adobe.exe | Added by an unidentified VIRUS! |
| Adobe | X | sysconfig.exe | Added by an unidentified WORM or TROJAN! |
| Adobe | X | sysbat32.exe | Added by the TROJ_LOWZONES.T TROJAN! |
| adobe | X | gam.exe | Added by an unidentified WORM or TROJAN! |
| Adobe | X | zteam.exe | Added by an unidentified TROJAN! |
| Adobe Acrobat Distiller Application | X | acrotray.exe | Added by the W32.RANDEX.DFJ WORM! |
| Adobe Acrobat Reader CFG | X | [random file name] | Added by a variant of the |
