| Name |
Filename |
Status |
Description |
|
[not used]
|
mssvcnes.exe
|
X
|
Added by the W32/Rbot-BSG worm. When started, this infections connects to a remote IRC server where it waits for commands to execute.
|
|
[not used]
|
zlibc.exe
|
X
|
Added by the Troj/Chorus-A browser hijacker.
|
|
[not used]
|
htmlsync.exe
|
X
|
Added by the Troj/Chorus-A browser hijacker.
|
|
[not used]
|
msreged32.exe
|
X
|
Added by the W32/Rbot-BAA worm.
|
|
[not used]
|
gr33n.exe
|
X
|
Added by the W32/Sdbot-ZP worm. When started, this infections connects to a remote IRC server where it waits for commands to execute.
|
|
[not used]
|
setup32.exe
|
X
|
Added by the W32/Rbot-AFJ worm. When started, this infection connects to a remote IRC server and waits for commands to execute.
|
|
[not used]
|
_huytam_.exe
|
X
|
Added by the Ssearch.biz and a-search.biz hijackers.
|
|
[not used]
|
msdrv.exe
|
X
|
Added by the Troj/CmjSpy-U keylogger.
|
|
[not used]
|
AUserInit.exe
|
Y
|
Added by Curtains for Windows. Removing this file WILL cause your computer to have problems starting. You should contact Authentium for the proper removal procedure. Unknown as to what function it plays in this program.
|
|
[not used]
|
svcmgr32.exe.exe
|
X
|
Added by the W32/Oscabot-D worm. When started, this infection connects to an IRC where it waits for remote commands to execute.
|
|
[not used]
|
hidedown.exe
|
X
|
Added by the Troj/Leodon-B trojan downloader.
|
|
[not used]
|
FF.EXE
|
X
|
Added by the W32/Rirc-D worm.
|
|
[not used]
|
Bdsf32.scr
|
X
|
Added by Backdoor.RemoteSOB.
|
|
[not used]
|
primary.exe
|
X
|
Added by the Troj/Sharp-G backdoor trojan.
|
|
[not used]
|
mlg1.exe
|
X
|
Added by the W32/Kelvir-I instant messaging worm.
|
|
[not used]
|
Navw32.exe
|
X
|
Added by the Troj/Agent-CG backdoor.
|
|
[not used]
|
mpdat.exe
|
X
|
Added by the W32/Rbot-WG worm. When started this infection connects to a remote IRC server where it waits for commands to execute. These infections also log keystrokes, so if you are infected you should change all your passwords.
|
|
Internet Agent
|
[random CLSID]
|
X
|
Added by the Troj/PPdoor-F. It also uses a name Client Agent when changing the registry run key to enable auto-starting at logon.
|
|
[not used]
|
msapi.exe
|
X
|
Added by the Troj/LegMir-W infection.
|
|
[not used]
|
sound_drive16.exe
|
X
|
Added by the Troj/Bdoor-GP backdoor trojan.
|
|
[not used]
|
MSMSGS.EXE
|
X
|
Added by the Troj/Bancban-BW password stealing trojan. This trojan affects users of Brazillian banks.
|
|
[not used]
|
init32m.exe
|
X
|
Added by the Troj/Dloader-JT or Troj/Dlsw-B trojan downloaders.
|
|
[not used]
|
userinit32.exe
|
X
|
Added by the W32/Rbot-YE irc backdoor trojan.
|
|
[not used]
|
xpjava.exe
|
X
|
Added by the W32/Rbot-YC network worm/backdoor.
|
|
[not used]
|
svchost.exe
|
X
|
Added by the W32/Tex-A mass-mailing worm.
|
|
[not used]
|
Nail.exe
|
X
|
This infection is a Abetterinternet adware variant. It is notoriously difficult to remove and is usually bundled with other malware that are hard to remove as well. One method that we have found that is able to remove this infection and the other malware that are bundled with it is the ewido security suite which you can download and try for free.
|
|
[not used]
|
Notify.exe
|
X
|
Added by Backdoor.Armageddon.B
|
|
[not used]
|
mcafee32.exe
|
X
|
w32rbotxe drops a TROJAN, creating several files in %Program Files%, %Windir%, and %system% in addition to this file.
|
|
[not used]
|
penis.exe
|
X
|
Added by the W32/Cissi-F WORM, the system .ini field {boot} will be modiified and remote access made available to an attacker(s) using an IRC channel(s).
|
|
[not used]
|
vxd32v.exe
|
X
|
Added by the W32.Dumaru.Y@mm Worm! It is a mass-mailing worm with backdoor and keylogging capabilities.
|
|
[not used]
|
svohost.exe
|
X
|
This dumaru variant attempts to terminate antivirus programs so that it remains undetected. It is a mass-mailing worm with backdoor and keylogging capabilities.
|
|
[not used]
|
svchost.exe
|
X
|
A WORM/backdoor, W32/Kipis-J, opens notepad.exe and copies itself to the Windows folder as regedit.com and installs to it's newly created folder. A variety of anti-virus and security related processes may be terminated and backdoor opened on port TCP/9413.
|
|
[not used]
|
inject.exe
|
X
|
Added by Troj/Small-EH it also installs RSHELL32.DLL, both are hidden in the Windows system folder. Once run, .DLL may modify a system component to penetrate a firewall and provide a new remote shell which can be exploited.
|
|
<not used>
|
RAVMOND.exe
|
X
|
Added by a variant of the LOVGATE WORM!
|
|
[not used]
|
a1g.exe
|
X
|
Added by the W32.Atak.B@mm mass-mailing worm that uses its own SMTP engine to send its messages to the email addresses it gathers from certain files on a compromised computer.
|
|
[not used]
|
wpshrc.exe
|
Y
|
Required to prevent configuration errors on a Compaq LBP-660 parallel port laser printer (and maybe others)
|
· 
· 
Disclaimer
Have a problem and would like to ask us for help? To learn how to ask your question Click Here!
Do you have popups or other malware infecting your computer? If so, Start Here!
Are you having trouble using this site? Then you should visit the New User Orientation Center!