F0, F1, F2, F3 HijackThis Entries

Bleeping Computer

Welcome Guide Blogs Chat Help Search RSS

Welcome Guest (Log In | Create Account)

New Member? Join for free.

Have a problem and would like to ask us for help? To learn how to ask your question Click Here!

Do you have popups or other malware infecting your computer? If so, Start Here!

Are you having trouble using this site? Then you should visit the New User Orientation Center!

BleepingComputer.com -> Startup Programs Database -> F0, F1, F2, F3 HijackThis Entries

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z Other

HJT: F0, F1, F2, F3 · O4 · O20 · O21 · O22 · O23

Rootkit List

· Submit a Startup

· Top Submitters

Startup Index · Newest Entries · Mozilla Search Tools · WebMaster Site Tools · Status Key
Startup Database Forum · Computer Help Forums · How to use the Startup Database

Enter the filename or keyword you would like to search for:

Advanced Search

Pages: (3) 1 [2] 3

Name	Filename	Status	Description
<not used>	dllvirtual.exe	X	Added by the Troj/Dadobra-IW information stealing Trojan for online banks.
<not used>	mouser.exe	X	Added by the Troj/Agent-ETC Trojan.
<not used>	aExplorer.exe	X	Added by the W32/VB-CTQ virus.
<not used>	XPV6I4O.exe	X	Added by the W32/Bobandy-F mass-mailing worm.
<not used>	svichosst.exe	X	Added by the W32/Sohana-J worm. W32/Sohana-J may attempt to spread via instant messaging clients.
<not used>	wuaucll.exe	X	Added by the W32/SillyFDC-M worm.
<not used>	M5VBVM60.EXE	X	Added by the W32/Brontok-CJ worm. It is important to note that there may be a legitimate C:\Autoexec.bat. This file uses the number zero instead of the letter O.
<not used>	MVH.exe	X	Added by the W32.Falgna worm. W32.Falgna is a worm that steals system information and opens a back door on the compromised computer allowing a remote attacker to have unauthorized access.
<not used>	MVS.exe	X	Added by the W32.Falgna worm. W32.Falgna is a worm that steals system information and opens a back door on the compromised computer allowing a remote attacker to have unauthorized access.
<not used>	eventsry.exe	X	Added by the Troj/Bckdr-PVP backdoor Trojan.
<not used>	macromedialan.exe	X	Added by the Troj/Small-DNX Trojan.
<not used>	taliban.exe	X	Added by the W32.Jhad worm. W32.Jhad is a worm that spreads through mapped network drives.
<not used>	msn.com	X	Added by the Troj/Agent-DIH downloader Trojan.
<not used>	msvce.exe	X	Added by the Troj/Bckdr-PQP backdoor Trojan.
<not used>	exploer.exe	X	Added by the Troj/Agent-DQT Trojan. This infection should not be confused with the legitimate C:\Windows\explorer.exe file.
<not used>	msvce32.exe	X	Added by the Troj/Bckdr-PNP backdoor Trojan.
<not used>	lhtefx.exe	X	Added by the Troj/QQRob-AAU backdoor Trojan.
<not used>	ciscoutility.exe	X	Added by the Troj/Small-DIV Trojan.
<not used>	Ble'e.exe	X	Added by the W32/Todnab-A worm. This infection should not be confused with the legitimate C:\Windows\System32\lsass.exe file.
<not used>	Blaut.exe	X	Added by the W32/Todnab-A worm. This infection should not be confused with the legitimate C:\Windows\System32\lsass.exe file.
<not used>	lodctr32.exe	X	Added by the Troj/VB-CRJ Trojan.
<not used>	adodbc.exe	X	Added by the Troj/Agent-DLX Trojan.
<not used>	jjakarta.exe	X	Added by the Troj/VB-CRT Trojan.
<not used>	MSGSRV16.COM	X	Added by the W32/Burmec-A worm.
<not used>	jfeee.exe	X	Added by the DoDoor adware.
<not used>	myqq_.exe	X	Added by the Troj/QQPass-AIS Trojan rootkit.
<not used>	hejoice.exe	X	Added by the Troj/Prosti-DE Trojan.
<not used>	fuckkb.exe	X	Added by the Troj/Lineag-AAY password-stealing Trojan for the online game Lineage.
<not used>	ExeRun.exe	X	Added by the W32.Floopy.A virus. W32.Floopy.A is a virus that deletes system files.
<not used>	winhe1p.exe	X	Added by the Troj/Agent-DFT Trojan.
<not used>	spooll.exe	X	Added by the Troj/Banker-DIO Internet banking Trojan. When selected banking websites are accessed, the Trojan will monitor user activity and send the stolen details to remote email addresses.
<not used>	vmmdiag32.exe	X	Added by the Troj/Goldun-DS Trojan. Troj/Goldun-DS monitors browser activity in an attempt to steal passwords when users browse to certain websites, including www.e-gold.com. The Trojan may attempt to modify browser settings in order to force users to re-type passwords.
<not used>	DisMgnt.exe	X	Added by the Troj/Enfal-A Trojan.
[not used]	winvsp.exe	X	Added by the Troj/Paproxy-C Trojan.
[not used]	CulaterLoader.exe	X	Added by the Spyware.Mom spyware.
[not used]	nmst.exe	U	Added by the Spyware.NetMama surveillance software. This program should be uninstalled if it was not installed by yourself.
[not used]	dllhst2d.exe	X	Added by the Troj/Sharp-R backdoor Trojan.
[not used]	clicnt40.exe	X	Added by the Troj/PPdoor-AT backdoor Trojan.
[not used]	dmadoin.exe	X	Added by the Troj/Prosti-BU backdoor Trojan.
[not used]	rundl132.exe	X	Added by the W32/Looked-A EXE virus.
[not used]	o4321427.exe	X	Added by the W32/Brontok-AK mass-mailing worm.
[not used]	ntndis.exe	X	Added by the W32/Rbot-DPG worm and IRC backdoor.
[not used]	rsmss.exe	X	Added by the Troj/Prosti-BL backdoor Trojan. Explorer.exe is not part of this infection and should not be removed.
[not used]	wmiadapt.exe	X	Added by the Troj/Small-BNQ backdoor Trojan.
[not used]	Cable.exe	X	Added by the W32/Cablenet-A worm.
[not used]	mshttcpl.exe	X	Added by the Troj/PPdoor-AR backdoor Trojan.
[not used]	spdr.exe	X	Added by the Troj/Zagaban-E Trojan.
[not used]	dcompcss.exe	X	Added by the Troj/PPdoor-AQ Trojan.
[not used]	System Idle Procese.exe	X	Added by the Troj/DDoS-E Trojan.
[not used]	cinderawasih-4321427.exe	X	Added by the W32/Brontok-R mass-mailing worm.
[not used]	Latent.com	X	Added by the Troj/Agent-ADU password-stealing Trojan.
[not used]	RECYCLER.exe	X	Added by the Troj/Agent-AET password-stealing Trojan.
[not used]	sfcrt20.exe	X	Added by the Troj/PPdoor-AP backdoor Trojan.
[not used]	Kerne0110.exe	X	Added by the Troj/Lineage-FU password-stealing Trojan for the online game Lineage.
nwisse	nwisse.exe	X	Added by the Troj/Fusion-B keylogging backdoor Trojan.
[not used]	winspols.scr	X	Added by the Troj/Fusion-B keylogging backdoor Trojan.
[not used]	sembako-cfzjmmg.exe	X	Added by the W32/Brontok-N worm.
[not used]	sembako-cfzjkmg.exe	X	Added by the W32/Brontok-M worm.
[not used]	KesenjanganSosial.exe	X	Added by the W32/Brontok-K mass-mailing worm.
[not used]	kane.exe	X	Added by the Backdoor.Dckane backdoor. This infection also installs the file c:\windows\system32\kane.dll.
[not used]	Kerne1211.exe	X	Added by the Troj/Lineage-CA password-stealing Trojan for the online game Lineage.
[not used]	syscom32.exe	X	Added by the W32/Spybot-EM worm and IRC backdoor.
[not used]	dpnetmsg.exe	X	Added by the Troj/PPdoor-Q backdoor Trojan. This infection may also make the files C:\Windows\System32\dpnetmsg.exe, C:\Windows\System32\iueninet.dll, C:\Windows\System32\fsmgntfs.dll, C:\Windows\System32\ntmapast.dll, C:\Windows\System32\ir50psrv.exe, C:\Windows\System32\kbd1uery.dll, C:\Windows\System32\lfyockaa.dll, C:\Windows\System32\a15svcs.exe, C:\Windows\System32\dpnmdlib.exe, C:\Windows\System32\c_28usic.dll, C:\Windows\System32\atiysnpn.dll, C:\Windows\System32\treemqoa.dll, C:\Windows\System32\arptutdn.dll, C:\Windows\System32\eulapart.dll, C:\Windows\System32\smlo8thk.exe, C:\Windows\System32\odbcfwci.ime, C:\Windows\System32\hgakheg.dll, C:\Windows\System32\jkwbhew.dll, and C:\Windows\System32\testtest.exe.
[not used]	syscom832.exe	X	Added by the W32/Spybot-EN worm.
[not used]	b0ff.exe	X	Added by the W32/Protorid-AF worm and IRC backdoor.
[not used]	Kerne121.exe	X	Added by the Troj/Lineage-BW password-stealing Trojan for the online game Lineage.
[not used]	svchostl.exe	X	Added by the W32/Blaster-M worm.
[not used]	rejoice.exe	X	Added by the Troj/Prosti-Q Trojan.
[not used]	assistseex.exe	X	Added by the Troj/LegMir-BW Trojan.
[not used]	assistse.exe	X	Added by the Troj/Bravo-C Trojan.
[not used]	msbnc.exe	X	Added by the Troj/Agent-PL backdoor Trojan.
[not used]	stealth.worm.exe	X	Added by the PE_THEALS.A file infector. This infection also utilizes rootkit technology.
[not used]	kiamarsi.exe	X	Added by the Troj/Detest-A Trojan.
[not used]	winupdate.exe	X	Added by the Troj/Agent-FD Trojan. This infection also creates the files c:\windows\system32\Filesys.ini and c:\windows\system32\ntfilesys.ini.
[not used]	Kerne1412.exe	X	Added by the Troj/Lineage-OJ password-stealing Trojan.
[not used]	systcom32.exe	X	Added by the W32/Spybot-ED worm. When started, this infection connects to a remote IRC server where it waits for commands to execute
[not used]	BIDBFn.exe	X	Added by the Troj/DBdoor-A backdoor Trojan. This infection also creates the files c:\windows\inf\3EQ2_w.inf c:\windows\system32\drivers\d6iXjEe.sys c:\windows\system32\libeay32.dll c:\windows\system32\ssleay32.dll c:\windows\system32\Systen.dll
[not used]	gld.exe	X	Added by the Backdoor.Zagaban backdoor Trojan.
[not used]	System.com	X	Added by the Troj/LegMir-BG keylogger Trojan. It also creates the file CQQ_Fileqq_dll.dll.
[not used]	rundll64.exe	X	Added by the Troj/Legmir-BD informations stealing Trojan for the online game Legend of Mir.
[not used]	Kerne14.exe	X	Added by the Troj/Lineage-BA password-stealing Trojan for the online game Lineage.
[not used]	eksplorasi.pif	X	Added by the W32/Korbo-A worm and backdoor Trojan.
[not used]	Phantom.exe	X	Added by the W32/Mytob-FT mass-mailing worm and IRC backdoor.
[not used]	winldr.exe	X	Added by the W32/Bagle-AK worm.
[not used]	Kerne12.exe	X	Added by the Troj/Lineage-AS Trojan.
[not used]	winlog.exe	X	Added by the Troj/Sharp-J Trojan.
[not used]	svchsto.exe	X	Added by the Troj/GWGhost-R information stealing Trojan.
[not used]	inetinfo.exe	X	Added by the Troj/Proxy-GG proxy Trojan.
[not used]	mdm.exe	X	Added by the Troj/Proxy-GG proxy Trojan.
[not used]	svcroot.exe	X	Added by the Troj/Heles-B keylogger Trojan.
[not used]	winmgd.win	X	Added by the VBS_GEDZA.A worm.
[not used]	_Kerne1.exe	X	Added by the Troj/Lineage-AN password-stealing Trojan for the online game Lineage.
[not used]	realone.exe	X	Added by the Troj/LegMir-AU Trojan.
[not used]	msscript.exe	X	Added by the Troj/StartPa-HC Trojan.
[not used]	STFU.exe	X	Added by the W32/Rirc-E worm and IRC backdoor.
[not used]	svchsot.exe	X	Added by the Troj/GWGhost-N Trojan.
[not used]	Winroad.exe	X	Added by the Backdoor.Augudor backdoor.
[not used]	dllcnfg.exe	X	Added by the Backdoor.Samkams backdoor Trojan.
[not used]	iexplore.com	X	Added by the Troj/Pcik-A trojan.
[not used]	Celine.scr	X	Added by the Troj/Celine-A backdoor trojan.

Pages: (3) 1 [2] 3

Disclaimer

It is assumed that users are familiar with the operating system they are using and comfortable with making the suggested changes. BleepingComputer.com will not be held responsible if changes you make cause a system failure.

This is NOT a list of tasks/processes taken from Task Manager or the Close Program window (CTRL+ALT+DEL) but a list of startup applications, although you will find some of them listed via this method. Pressing CTRL+ALT+DEL identifies programs that are currently running - not necessarily at startup. Therefore, before ending a task/process via CTRL+ALT+DEL just because it has an "X" recommendation, please check whether it's in MSCONFIG or the registry first. An example would be "svchost.exe" - which doesn't appear in either under normal conditions but does via CTRL+ALT+DEL. If in doubt, don't do anything.