F0, F1, F2, F3 HijackThis Entries

bleepingcomputer.com

Welcome Guest (Log In | Create Account)

New Member? Join for free.

BleepingComputer.com -> Startup Programs Database -> F0, F1, F2, F3 HijackThis Entries

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z Other

HJT: F0, F1, F2, F3 · O4 · O20 · O21 · O22 · O23

Rootkit List · Submit a Startup · Top Submitters

Startup Index · Newest Entries · Mozilla Search Tools · WebMaster Site Tools · Status Key
Startup Database Forum · How to use the Startup Database

Enter the filename or keyword you would like to search for:

Advanced Search

Pages: (4) [1] 2 3 ... Last »

Name	Filename	Status	Description
<not used>	dwme.exe	X	Part of the family of the Rogue.WinAVPro family of rogues.
<not used>	rnpkol.exe	X	Added by the Troj/Bckdr-RJE backdoor Trojan.
<not used>	22CC6C32.exe	X	Added by the Troj/Ransom-BO Trojan. This Trojan makes it so you cannot access your computer unless you pay a ransom.
<not used>	cisvc.exe	X	Added by the Trojan.Downbot Trojan.
<not used>	syssetup.exe	X	Added by the W32/Autorun-BOF removable media worm.
<not used>	RUNDLL.BAT	X	Added by the Troj/Agent-QCX Trojan.
<not used>	Desktop Defender 2010.exe	X	Added by the Desktop Defender 2010 rogue security program.
<not used>	Desktop Security 2010.exe	X	Added by the Desktop Security 2010 rogue security program.
<not used>	iqmanager.exe	X	Added by the I-Q Manager rogue security program.
<not used>	pc.exe	X	Added by the Privacy Components rogue security program.
<not used>	cc.exe	X	Added by the Control Center rogue anti-spyware program.
<not used>	ccmain.exe	X	Added by the Control Components rogue anti-spyware program.
<not used>	sysguard.exe	X	Added by the Privacy Commander rogue anti-spyware program.
<not used>	sysutil.exe	X	Added by the XLG Security Center rogue anti-spyware program.
<not used>	SE2010.exe	X	Added by the Security Essentials 2011 rogue anti-spyware program.
<not used>	apmanager.exe	X	Added by the AP Manager rogue anti-spyware program.
<not used>	hdddoctor.exe	X	Added by the HDD Doctor rogue anti-spyware program.
<not used>	protect.exe	X	Added by the PrivacyCorrector rogue anti-spyware program.
<not used>	appconf32.exe	X	Added by the Trojan.Verprud Trojan.
<not used>	msnix32.exe	X	Added by the Troj/VB-FAP Trojan.
<not used>	watermark.exe	X	Added by the Troj/Zbot-ADH Trojan.
<not used>	desktoplayer.exe	X	Added by the W32.Ramnit!inf worm and file infector.
<not used>	hotfix.exe	X	Added by the Troj/DwnLdr-IMG Trojan.
<not used>	antispy.exe	X	Added by the Fake Microsoft Security Essentials Alert Trojan.
<not used>	ntload.exe	X	Added by the Advanced Security Tool 2010 rogue anti-spyware program.
<not used>	mspdbc32.exe	X	Added by the Troj/Zbot-TK Trojan.
<not used>	Spenser.exe	X	Added by the W32/SillyFDC-EV removable media worm.
<not used>	volume.exe	X	Added by the Troj/VB-ETG Trojan.
<not used>	msxslt2.exe	X	Added by the Mal/GBInj-A malware.
<not used>	mntsys.exe	X	Added by the Troj/Rootkit-IM rootkit.
<not used>	winlogons.EXE	X	Added by the W32.SillyFDC.BDN worm.
<not used>	sdra73.exe	X	Added by the Troj/Zbot-PD Trojan.
<not used>	ieremove.exe	X	Added by the W32/Autoit-JK removable media worm.
<not used>	64dlls.exe	X	Added by the Troj/Zbot-OK Trojan.
<not used>	conme.exe	X	Added by the Trojan.Heloag Trojan.
<not used>	ThunderUpdate.exe	X	Added by the Trojan.Heloag Trojan.
<not used>	csrssm.exe	X	Added by the Troj/VB-EOU Trojan.
<not used>	copy.pif	X	Added by the W32/Rufis-A worm.
<not used>	msapdm32.exe	X	Identified by Kaspersky as a variant of the Trojan.Win32.Sasfis.akhy malware.
<not used>	nologon32.exe	X	Added by the Troj/Zbot-ND Trojan.
<not used>	nnfj.tqo	X	Added by the Bredolab.gen.o password-stealing Trojan. Please note C:\Windows\System32\rundll32.exe is a legitimate program and should not be removed.
<not used>	Explorer.exe	Y	Explorer.exe is the user shell of Windows. This program loads the desktop, Start Menu, taskbar and user interface for Windows.
<not used>	Antispyware.exe	X	Added by the PC Defender rogue anti-spyware program.
<not used>	hivie.vbe	X	Added by the VBS/Autorun-AYI worm that spreads via USB keys. Please C:\Windows\System32\wscript.exe is a legitimate program and should not be deleted.
<not used>	ntsvc32.exe	X	Added by the Troj/Stealth-S Trojan.
<not used>	winlogon32.exe	X	Fake AV Trojan. When fixing this entry, please be careful. If you do not change the userinit key to point back to userinit.exe, then your computer will not boot up properly.
<not used>	winlogon86.exe	X	Identified by BitDefender as a variant of the Gen:Trojan.Heur.PT.cqW@bCL2Eje malware.
<not used>	vshost32.exe	X	Added by the W32.Fnumbot worm. W32.Fnumbot is a worm that spreads through removable drives and opens a back door on the compromised computer.
<not used>	kbdsys.exe	X	Added by the W32/AutoRun-AMW removable media worm.
<not used>	TXPlatform.exe	X	Identified by Kaspersky as a variant of the Trojan.Win32.KillAV.avc malware.
<not used>	Rundllw32.exe	X	Added by the W32/Gift-B mass-mailing worm.
<not used>	KHATRA.exe	X	Added by the W32/Autoit-C removable media worm.
<not used>	asd.exe	X	Added by the Advanced Spyware Detct rogue anti-spyware program.
<not used>	svchostw.exe	X	Identified by Kaspersky as a variant of the Heur.Trojan.Generic malware.
<not used>	sdra64.exe	X	Identified by Sophos as a variant of the Mal/Zbot-I malware.
<not used>	updmngr.exe	X	Added by the Troj/Agent-JBX. Trojan.
<not used>	iph.exe	X	Added by the W32/Autorun-ZI removable media worm.
<not used>	twex.exe	X	Added by the TSPY_ZBOT.AEY spyware.
< notused>	atiptax.exe	X	Added by the W32/AutoRun-SQ removable media worm.
<not used>	shmedia.exe	X	Added by the BKDR_AGENT.VBI backdoor.
<not used>	synceng.exe	X	Added by the BKDR_AGENT.VBI backdoor.
<not used>	n.vbe	X	Added by the W32/AutoRun-SH removable media worm.
<not used>	userinit.exe	Y	The userinit.exe is a program that is launched directly after a user logs into Windows. This program restores your profile, fonts, colors, etc for your username. This startup is a required and important system file for Windows.
<not used>	LOVERAHULSAS.VBS	X	Added by the VBS/Autorun-QO removable media worm.
<not used>	vmmon.exe	X	Added by the W32/AutoRun-NZ removable media worm.
<not used>	msupdt.exe	X	Identified as a variant of the TR/Downloader.Gen Trojan.
<not used>	Servicess.exe	X	Identified as a variant of the Worm.IM.Sohanad worm.
<not used>	sertail.exe	X	Added by the Troj/Inject-DD Trojan.
<not used>	twext.exe	X	Identified as a variant of the PWS-Zbot malware.
<not used>	AVG.vbs	X	Added by the VBS/AutoRun-KG removable media worm. Please note that Wscript.exe is a legitimate file and should not be removed.
<not used>	SecureGuard.vbs	X	Added by the VBS/Autorun-JP removable media worm. Do not delete C:\Windows\System32\wscript.exe as it is a legitimate program.
<not used>	Rstd.exe	X	Added by the W32/Autorun-HS removable media worm.
<not used>	hello.vbs	X	Added by the VBS/AutoRun-HD removable media worm.
<not used>	mrcmgr.exe	X	Identified as a variant of the Trojan-Banker.Win32.Banker.rqk malware.
<not used>	ibm00003.exe	X	Identified as a variant of the Trojan Torpig-G malware.
<not used>	soundmgr.exe	X	Identified as a variant of the TR/Proxy.Gen malware.
<not used>	Removal.vbs	X	Added by the VBS/Small-ELQ worm.
<not used>	sys.vbs	X	Added by the W32/Autorun-EL removable media worm. Please note that C:\Wndows\System32\wscript.exe is a legitimate file and should not be deleted.
<not used>	xwusuhzh.exe	X	Identified as a variant of the Troj/FakeAle-BI malware.
<not used>	csmm.exe	X	Added by the Troj/VB-DZN Trojan.
<not used>	gaqy.exe	X	Identified as a variant of the Backdoor:Win32/Tofsee.F malware.
<not used>	systemio.exe	X	Added by the W32/Autorun-DH removable media worm.
<not used>	OfficeExt.exe	X	Added by the W32/Autorun-CY removable media worm.
<not used>	boot.vbs	X	Added by the W32/Isetspy-C worm. C:\Windows\System32\wscript.exe should not be deleted as it is a legitimate file.
<not used>	%%%.exe	X	A variant of the Troj/Nymod-A malware.
<not used>	^^^^^.exe	X	A variant of the IRCBot family of worms and IRC backdoor Trojans.
<not used>	wsnpoema.exe	X	Identified as a variant of the Troj/SpyAgent-H malware.
<not used>	sbwltbxa.exe	X	Identified as a variant of the Troj/Agent-GRP variant malware.
<not used>	mtssc.exe	X	Added by the Trojan-Spy.Webmoner.FQ password-stealing and keylogging Trojan.
start	sbmntr.exe	X	Identified as a variant of the Adware/Netproject malware.
some	scit.exe	X	Identified as a variant of the Adware/Netproject malware.
<not used>	brxdoy.exe	X	A variant of the IRCBot family of worms and IRC backdoor Trojans.
<not used>	ddabc.exe	X	Added by the PE_TRATS.E-O virus.
<not used>	ok1.exe	X	Added by the Troj/Mdrop-BQM Trojan.
<not used>	msnmgnr.exe	X	A variant of the IRCBot family of worms and IRC backdoor Trojans.
<not used>	killVBS.vbs	X	Added by the VBS.Autill worm. Do not delete C:\Windows\System32\wscript.exe as it is a legitimate file.
stem%	regwiz.exe	X	Added by the Trojan-Dropper.Win32.Small.azk Trojan.
<not used>	mgmrwmrv.exe	X	Identified as a variant of the Trojan.FakeAlert malware. This malware will issue fake alerts on your computer stating you have security problems and advertising rogue programs that can supposedly fix them.
<not used>	rascal32.exe	X	Added by the W32/Otakbokep-A worm.
<not used>	rxjddnvj.exe	X	Identified as part of the Adware/UltimateCleaner rogue anti-spyware program.

Pages: (4) [1] 2 3 ... Last »

Disclaimer

It is assumed that users are familiar with the operating system they are using and comfortable with making the suggested changes. BleepingComputer.com will not be held responsible if changes you make cause a system failure.

This is NOT a list of tasks/processes taken from Task Manager or the Close Program window (CTRL+ALT+DEL) but a list of startup applications, although you will find some of them listed via this method. Pressing CTRL+ALT+DEL identifies programs that are currently running - not necessarily at startup. Therefore, before ending a task/process via CTRL+ALT+DEL just because it has an "X" recommendation, please check whether it's in MSCONFIG or the registry first. An example would be "svchost.exe" - which doesn't appear in either under normal conditions but does via CTRL+ALT+DEL. If in doubt, don't do anything.